[Cloud Computing] Cloud computing security issues and responsibility sharing

[Overall View of Cloud Computing Security]

 

1.  security of data at rest

2. security of data in transit

3. authentication of users/  applications/processes

4.  robust separation of data  belonging to different customers

5. legal and regulatory issues

6. incident response

 

[For securing data at rest]

• Cryptography tools should be applied
  • For the confidentiality and integrity of data.
• Redundancy of data could be guaranteed.
  • For preserving availability.
• Responsibility on users
  • IaaS
• CSP has roles in this area
  • PaaS and SaaS

 

[For of the data in transit]

• Cryptography technology is essential
  • to prevent eavesdropping and manipulating.
• Transition among the virtual machines within a cloud  (relatively safe)
  
  • Not easy to guarantee the traffic won’t go through public Internet. (ex. Multi-cloud deployment model)
• Transition between user’s PC and cloud server
  • Inevitably goes through public internet
  • Relatively risky, so countermeasures are required

 

[Authentication of users/applications/processes]

• User’s end system to the cloud environment management console
  • only legitimate access from outside of the cloud.
• The majority of cloud services
  
  • Provide web-based access as their gateway of computing resources.
• The website for accessing the cloud service is publicly located
  • the access to the web is specially managed and controlled
  • well-defined authentication mechanism

 

[Robust separation of data belonging to different  customers]

• When a physical system is used for deploying several virtual  machines
  • Computing resources of one virtual machine should not be disclosed  to other virtual machines.
• The multi-tenancy of cloud computing
  • Cloud service provider needs to guarantee the independent  operation of each virtual machine.
• Two aspects
  • Preserving secrecy of data
  • Concealing side channel

 

[Legal and regulatory issues]

• Cloud computing services can arouse legal issues
  • when a company decides to transfer their information asset to a  cloud environment.
• Information can be stored in different countries
  • which causes possible disputes.

 

[Incident response]

• Incidents take place on computing resources that are in  remote places
  • the damage is on the users.
• Effective procedures in which users and cloud service  providers participate are required.
  • Incident alarms
  • Sharing the logs and evidence with users
• Utilizing functions from cloud services for incident responses
  • Load balancing, Fault domain, and auto-scaling