Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science
Outline Introduction Cloud diagram Types of Clouds Benefits of Clouds Security Issues of the Cloud Cloud data center Security Cloud security control Can cloud computing be secure?
Introduction Cloud Computing is an extreme form of outsourcing delivering hosted services via the internet. The Cloud acts as a virtual server that users can access via the internet on an as needed basis. Cloud Computing includes any subscription-based or pay-per-use service extending IT capabilities and allowing users to access stored information remotely.
Cloud diagram
Types of Clouds Public cloud Sells services to anyone on the internet o Currently Amazon Web Services is the largest public cloud provider Private cloud A proprietary network or a data center that supplies hosted services to a limited number of people
Public Cloud VS Private Cloud
Benefits of Cloud Computing Reduced costs Provider saves money due to economies of scale Resources are contracted and the cost is predictable, simplifies budgeting Safer data High level of physical protection Cloud providers use redundancy Anytime/Anywhere data access Give the customers contract access requirements Increased storage capacity Easy to upgrade when needed Worry-free maintenance Always have the latest and most security technology
Security Issues of Cloud Computing Location Where the data is actually stored Data segregation How vendors keep a certain degree of separation between one customers data and another's Recoverability How quickly and effectively can information be recovered after a large disaster Hacking This is the most daunting issue for most users, what if someone hacks into my information and shares it with the world?
Security in Cloud Data Centers The data center you choose should offer some protection measures: Physical Security Logical Security
Physical Security Redundant power supplies Backup power supplies needed Redundant Internet connections Several internet connections should run in the same time Redundant hardware Multiple hard drives should be prepared Fire and flood Data should be replicated in multiple locations Theft Servers should not be easily accessible
Logical Security Logical Security covers the software side of the data center o Firewalls Act as an electronic barrier between the data center & internet o Anti-virus detection software Detect and remove any viruses o Data encryption software Encrypts data as travels between firm and data center o Administrative controls Govern access to application and data o Security audits Conduct regular third party intrusion detection audit
Cloud security controls Deterrent controls Honeypot/net used to attract and monitor hackers. Tracking users Preventative controls Implement Best practices: Install OS and Application updates regularly Physical security, CCTV, logging, automated alerts, etc Firewalls, encryption, multi-level authentication
Cloud security controls Corrective controls Disabling compromised open ports IP and MAC filtering Detective controls Snort Tripwire Logging and alert systems
Can cloud computing be secure? Summary: ways to reduce risk and protect data Logging all network and system activity Automated alerts when baseline parameters are outside the accepted range Deploy IDS tools like Tripwire & Snort Implement and maintain an effective network firewall Implement a sophisticated access control model like RBAC (Role Based Access Controls) Implement best practices for updates to the OS and all other applications
Can cloud computing be secure? Summary: ways to reduce risk and protect data Disable/decommission outdated, unused software and hardware Security awareness Training for employees: helpdesk staff, SAs, management, support staff, contractors, consultants, etc. Require an AUP for all system users before granting access Provide an SLA to all customers describing security expectations. Backup & Restore capability
Question?