Sunday, November 20, 2011

SECURING THE CLOUDS

Even though the cloud continues to grow in popularity and respectability, complications with data privacy and data protection still plague the market.There's a long way to go before cloud becomes mainstream ,Obstacles on the road to cloud computing.Data security is a concern for any enterprise, and cloud computing often can magnify security anxieties. Adopting a few ground rules will help protect users, their data and your overall cloud investment



Everywhere the acceptance of cloud computing by corporate, now one of the fastest emerging technology in field of Information Technology (IT). From startup to experienced companies often lack of protection measure to weather off an attack on their servers due to scarcity of resources:
  • Due to poor programming skills that explores software vulnerabilities in Python, Ruby, PhP, JavaScript.
  • Even some good programmers aren't aware about Cyber security so Companies need hybrid developers (security + good programmers)
  • Open ports to firewalls or insufficient knowledge of security by system administrator, Knowledge of Nmap. Nessues, Snort must be mendentory for system administrator before hiring them for cloud based firms.
  • Those companies are encouraged to pursue cloud computing must have need to support their own hardware backbone.



Due to Ineffective Security Policies many of startup or firms afraid to adopt cloud computing. But there is solution how Rescue security in cloud their are above 4 point must be remembered by companies when they gonna to hire guys for their cloud operations.
SECURITY CHALLENGES



DATA SECURITY

Basic Definition of Information security have 3 aspects according to our Corporate world refers as confidentiality, integrity and availability, these are major security issue for cloud vendors.

Confidentiality refers that who stores the encryption key is must be secure from users, employees only permitted to respected officials whose are responsible for operation.

Integrity refers every firms must need to have some policies for no data exchange without strict set of rules or protocols. Must be aware from client side don't store sensitive data and password those can be stolen easily.

Availability, this is one major concern by security experts, many of large caps in cloud computing have already experienced downtime. There must be relationship only among clients and provider, no third parties. Also need to focus on protocols to increase security during authentication should backed several methods using combination of hardware and password, or including face rectification of face, figure prints. Because SSL is also hacked by some hackers so need to focus on these protocols. Even Amazon faced denial of service attack.

Untrustworthy supplier, eavesdropping, impersonation, data theft, lack of performance and logical and physical disasters are addressed by this pattern. Consider checking supplier applications for Cross-site scripting (XSS) attacks which can be used to log keystrokes and capture data, and propagate web application worms such as Samy. Feed injection for RSS and Atom can allow an attacker to compromise applications, if feeds are not properly secured


All programmer must need to go through some Relevant Technologies those are safer than other such Django in python, AJAX, RSS, JSON, Gears in JAVA, SOAP (Simple object access Protocol), REST (Representational State Transfer)

PRIVACY IN CLOUDS


Information privacy is the interest an individual has in controlling or at-least significantly influencing, the handling of data about themselves. Need to ensure data among only the clients and provider only but how?

  • Need to insure security of MapReduce for privacy and confidentiality using Airavat our main aim here to provide assurances privacy for sensitive data
  • Using System Model such as data provider have their own set of data, cloud provider need to use Airavat Framework.
  • Trustworthiness of data provider using a Threat Model
  • Computation Model of MapReduce must be deployed into input chunks so that mapper and reducer so that set of the input and output can have separate function and chunks
  • Differential privacy concept can used to ensure privacy and Random Laplacian noise, other noise algorithm can be used or implemented during designing.
  • Functional Sensitivity algorithm can be used during designing of model for cloud architecture, some new policies such as use of SELinux and MAC model for key architecture of any cloud access control.
  • In case must concern over such as Security (OpenID,. Net Access Control, PKI), and Load Monitoring and Testing (Soasta, Hyperic), Provisioning and Configuration Management.

NETWORK SECURITY
Basic Network Security refers performance, bandwidth, quality, availability, more flexibility over the networks. Reconfiguration of network according to clients such as Network as a Service (NaaS)
and virtualization of cloud network to users

  • Provide the basic network functions for applications with highly variable demands according.
  • Integrating functionality with computing and storage with variable demands during seasons with peak requirement
  • Integration of necessary tools for management and security such as Snort, Nmap, Tcpdump ... etc

MALWARE IN CLOUD

Security as a service can be used to ensure security in cloud. Need to run anti-virus on both side of cloud on vendor and client side, multi-version of anti-virus can be used for ensuring proper security from malware.

  • Reduce possibility number of bugs, contribute to open-source so can benefited from community.
  • Multiple Functionality equivalent programmers independently, use multiple scanner's in parallel to increase detection rate
  • Use cloud forensics also go trough with no-vendor lock in service for better productivity so that
    clients never agnostic with vendor service

  • Need to improve system Architecture, include specific protocols on both side for the end-users
    and use hash technique to extract unique id of host and user using MAC.

  • Certification and 3 rd party audits is provider is certified.



CONCLUSION

Despite the numerous security involved with cloud computing, it is critical that industry ans organization taking a thoughtful and proactive approach to cloud. So as we need it as basic utility in our in daily uses so we need to insure security in cloud. There are following suggestion are provided here to ensure security of your cloud

  • Secure Architecture Model such need to integrated applications, for security architecture community. Some important entities involved in the data flow are end users, developers, system architect, Auditors. Need to integrate all application level tool inside architecture so that we can use the grid concept of security with step by step.
  • End Uses: Use certain protocol and policies those committed to ensure security while they are accessing resources from cloud. Need to use signatures and token on server side and on client side must need to use firewalls, entry point protocols, need to update regularly so that can patch bugs as soon as possible. Also need to ensure security using TSL, SSL, using Secure IPSEC.
  • System Architects: These Guys must employed using some certain policies should have knowledge of basic security concepts and tools that are need to use to prevention of cloud. They also need to write policies that pertain to installation and configuration of hardware components such as Firewalls, Servers, Routers, Operating systems, Proxy server configurations and encryption tunnels
  • Developers: Developers must need to gone through with security concepts. They may desire extra virtual machines to either generate test data or to perform data analysis, processes and penetrate their code. Monitoring of API call for the server requests for software must be include inside the architectural model

PLEASE HELP US GROW 

FOLLOW US OF TWITTER 

THANKS FOR VISITING


LHS as a source of information – and a source of inspiration – I hope you’ll choose to act right now.enjoy keep learning.

No comments:

Post a Comment