Question

Identify the main secuirty threats for the SaaS cloud delivery model on the public cloud. Discuss the different aspects of these threat on a public cloud vs the threats posed to similar services provided by a traditional service-oriented architecture running on a private infrastructure.

Answer 1

• The main factor od Saas cloud delivery model for IT Executives when it moves to cloud computing is security and privacy. It environments are the multi-domain environment in which various resources are shared.
• While sharing Hardware and placing data it seems to be a highly risk factor. Any unauthorized person can easily hacked either accidentally or due to malevolent attack. Hence data storage would be a major security violation. By considering this security issues, two surveys were carried out by IDC in 2008 and 2009. Their observations are analyzed and presented here.
• Check out what will happen to data in the case of disaster. Do they offer complete restoration and if so, how long that would take. Ask whether a vendor has the ability to investigate any inappropriate or illegal activity. Examine what will happen to data if the company goes out of business. How will data be returned and in what format?

Here we See Some Important threats ans there Aspects :-

Secure data transfer. All of the traffic travelling between your network and whatever service you’re accessing in the cloud must traverse the Internet. Make sure your data is always travelling on a secure channel; only connect your browser to the provider via a URL that begins with ”https.” Also, your data should always be encrypted and authenticated using industry standard protocols, such as IPsec (Internet Protocol Security), that have been developed specifically for protecting Internet traffic.

2. Secure software interfaces. The Cloud Security Alliance (CSA) recommends that you be aware of the software interfaces, or APIs, that are used to interact with cloud services. ”Reliance on a weak set of interfaces and APIs exposes organizations to a variety of security issues related to confidentiality, integrity, availability, and accountability,” says the group in its Top Threats to Cloud Computing document. CSA recommends learning how any cloud provider you’re considering integrates security throughout its service, from authentication and access control techniques to activity monitoring policies.

3. Secure stored data. Your data should be securely encrypted when it’s on the provider’s servers and while it’s in use by the cloud service. In Q&A: Demystifying Cloud Security, Forrester warns that few cloud providers assure protection for data being used within the application or for disposing of your data. Ask potential cloud providers how they secure your data not only when it’s in transit but also when it’s on their servers and accessed by the cloud-based applications. Find out, too, if the providers securely dispose of your data, for example, by deleting the encryption key.

4. User access control. Data stored on a cloud provider’s server can potentially be accessed by an employee of that company, and you have none of the usual personnel controls over those people. First, consider carefully the sensitivity of the data you’re allowing out into the cloud. Second, follow research firm Gartner’s suggestion to ask providers for specifics about the people who manage your data and the level of access they have to it.

5. Data separation. Every cloud-based service shares resources, namely space on the provider’s servers and other parts of the provider’s infrastructure. Hypervisor software is used to create virtual containers on the provider’s hardware for each of its customers. But CSA notes that ”attacks have surfaced in recent years that target the shared technology inside Cloud Computing environments.” So, investigate the compartmentalization techniques, such as data encryption, the provider uses to prevent access into your virtual container by other customers

6. Insufficient identity, credential, and access management:-Bad actors masquerading as legitimate users, operators, or developers can read, modify, and delete data; issue control plane and management functions; snoop on data in transit or release malicious software that appears to originate from a legitimate source, CSA says. As a result, insufficient identity, credential, or key management can enable unauthorized access to data and potentially catastrophic damage to organizations or end users.

7.Malicious insiders:-While the level of threat is open to debate, the fact that insider threat is a real adversary is not, CSA says. A malicious insider such as a system administrator can access potentially sensitive information, and can have increasing levels of access to more critical systems and eventually to data. Systems that depend solely on cloud service providers for security are at greater risk.

• Usually there is an ongoing debate between IT professionals of whether or not private Clouds are really more secure. Besides from the common view that private Clouds should be more secure, there are some interesting attributes/properties of public Clouds to consider.
• Public Clouds are hardened through continual hacking attempts. Public Cloud providers are much larger targets for hackers than private Clouds.
• Public Clouds also attract the best security people available; the biggest and best Cloud service providers have millions of customers relying on them.

They definitely would be meticulous about who they hire. Also public Cloud providers, especially larger companies like Google, Amazon, and Facebook would get the latest security gear much easier than a small to midsize private company. Here are some other security issues related to Public Cloud Computing:

Services provided by a traditional service-oriented architecture for such threats:-

Firewall:-

is a system designed to prevent unauthorized access to or from a private network. Firewall can help by decreasing the attack surface of virtualized servers in cloud computing environments. Deploying firewall on VM with policies that map to security policy of organization, one may achieve the Virtual Machine isolation, data filtering at fine-grained level of ports, data segregation for analysis covering all IP-based protocols, frame types, etc.. Attacks like Denial of Services (DoS) can be prevented. Firewalls also allow setting different policies over different network interfaces.

Intrusion Detection and Prevention (IDS/IPS):

IDS/IPS can shield vulnerabilities in operating systems and enterprise applications until they can be patched, to achieve timely protection against known and zero-day attacks. An IDS/IPS can detect newly discovered vulnerabilities in both applications and operating system running in VM. This provides protection against exploits attempting to compromise virtual machines. There are IDS/IPS which are based on artificial intelligence techniques [8] which may learn about new vulnerabilities dynamically.

Integrity Monitoring:-

It involves monitoring files, systems and registry for changes. Application files and critical system files (files, directories, registry keys and values, etc.) can be monitored for detecting malicious and unexpected changes which could signal compromise of cloud computing resources. Integrity monitoring software must be applied at the virtual machine level. An integrity monitoring solution should enable . On-demand or scheduled detection. Extensive file property checking, including attributes (enables compliance with PCI Directory-level monitoring. iv. Flexible, practical monitoring through includes/excludes. Auditable reports.

Log Inspection:

Log inspection collects and analyzes operating system and application logs for security events. Rules are defined in log inspection which allows efficient extraction of security related events from multiple log-files. These logs can be sent to a stand-alone security system, or to a Security Information and Event Management (SIEM) system or centralized logging server for analysis. Log inspection software on cloud resources enables suspicious behavior detection. Like integrity monitoring, log inspection capabilities must be applied at the virtual machine level.

Secure introspection:-

In cloud computing users may move images from one cloud to another, thus an effective solution requires learning what guest operating system (OS) runs in each virtual machine (VM) and secure the guest OS without relying on the guest OS functionality or an initially secure guest VM state. One such solution is secure introspection .