Premium Essay

Cloud Hooks: Security and Privacy Issues in Cloud Computing

In:

Submitted By ayeesh
Words 7808
Pages 32
Proceedings of the 44th Hawaii International Conference on System Sciences - 2011

Cloud Hooks: Security and Privacy Issues in Cloud Computing
Wayne A. Jansen, NIST

Abstract
In meteorology, the most destructive extratropical cyclones evolve with the formation of a bent-back front and cloud head separated from the main polar-front, creating a hook that completely encircles a pocket of warm air with colder air. The most damaging winds occur near the tip of the hook. The cloud hook formation provides a useful analogy for cloud computing, in which the most acute obstacles with outsourced services (i.e., the cloud hook) are security and privacy issues. This paper identifies key issues, which are believed to have long-term significance in cloud computing security and privacy, based on documented problems and exhibited weaknesses.



applications can be developed upon and deployed. It can reduce the cost and complexity of buying, housing, and managing hardware and software components of the platform. Infrastructure-as-a-Service (IaaS) enables a software deployment model in which the basic computing infrastructure of servers, software, and network equipment is provided as an on-demand service upon which a platform to develop and execute applications can be founded. It can be used to avoid buying, housing, and managing the basic hardware and software infrastructure components.

1. Introduction
Cloud computing has been defined by NIST as a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction [45]. Cloud computing can be considered a new computing paradigm with implications for greater flexibility and availability at lower cost. Because of this, cloud computing has been receiving a good deal of

Similar Documents

Premium Essay

Increasing Attacks on Cloud Platforms

...STUDENT NUMBER: 066275 CLOUD COMPUTING SECURITY TERM PAPER TWO Living with Increasing Attacks on Cloud Computing Platforms Cloud Computing is an on demand, flexible and cost friendly delivery platform that has provided IT consumers and organizations services such as networks, storage, servers and applications over the Internet. Its importance is increasing as a large number of industrial and technological communities are rapidly adopting it. The benefits such as low cost and convenience of cloud computing services have significantly changed our day to days activities, however, there are numerous security issues facing cloud computing making it difficult to maintain data security and privacy, support data and service availability and demonstrate compliance. These issue also make cloud vulnerable to exploitation by attackers. The three cloud services models used today are Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS).Iaas provides the most dynamic functionality since it is based as the underlying layer in cloud. It widens the resilience for users to design a practical environment that includes virtual machines running with different operating systems. This may pose as a vulnerability since an attacker could lease these virtual machines, analyze their configurations, find their vulnerabilities, and attack other customers’ virtual machines within the same cloud. Brute force and Distributed denial of service (DDoS) attacks could...

Words: 1310 - Pages: 6

Premium Essay

Managment

...A review on cloud computing security issues & challanges F. A. Alvi1, Ψ, B.S Choudary2 ,N. Jaferry3 , E.Pathan4 1 Department of Computer Systems Engineering, QUEST Nawabshah, Sindh, Pakistan 2 Department of Computer Systems Engineering, MUET Jamshoro, Sindh, Pakistan 3 Department of Computer Systems Engineering, QUEST Nawabshah, Sindh, Pakistan 4 Department of Electronic Engineering, QUEST Nawabshah, Sindh, Pakistan Abstract The new developments in the field of information technology offered the people enjoyment, comforts and convenience. Cloud computing is one of the latest developments in the IT industry also known as on-demand computing. It provides the full scalability, reliability, high performance and relatively low cost feasible solution as compared to dedicated infrastructures. It is the application provided in the form of service over the internet and system hardware in the data centers that gives these services. This technology has the capacity to admittance a common collection of resources on request. It is proving extremely striking to cash-strapped IT departments that are wanted to deliver better services under pressure. When this cloud is made available for the general customer on pay per use basis, then it is called public cloud. When customer develops their own applications and run their own internal infrastructure then is called private cloud. Integration and consolidation of public and private cloud is called hybrid cloud. But having many advantages for...

Words: 4903 - Pages: 20

Premium Essay

Pirivacy Issues

...Insights on IT risk February 2010 Top privacy issues for 2010 Information serves as an integral part of most business processes. Organizations cannot survive without information and the supporting systems, third parties and manual activities that collect, derive, process, store and make available the information. Organizations rely on information and, therefore, are at risk when the information is degraded. In addition, information often imposes obligations to the organization, whether because a law or regulation requires it, or fiduciary duty demands it. Enterprise governance, risk and compliance (GRC) represents the actions that an organization takes to achieve its performance objectives and manage risk. This includes information risk and the organization’s obligations over the information it owns, produces, uses and makes available to others. Organizations use different kinds of information — financial, business, intellectual property, etc. — each with its own unique governance, risk and compliance considerations. Personal information is one such information category, and in this publication we take a closer look at the specifics of personal information and privacy risk. Insights on IT risk — February 2010 1 Introduction to privacy risk management and compliance This document introduces the related topics of privacy risk management and compliance, describes how they must be addressed integrally to be effectively managed, discusses how effective management...

Words: 6110 - Pages: 25

Premium Essay

Cloud Computing

...Introduction To Cloud Computing (IT175-1601A) Colorado Technical University Individual Project 02/08/2016 Table Of Contents Cloud Providers and Cost Savings Analysis………………………………………..……3 Cost Savings of the Cloud…………………………………………………………..…...5 Cloud Providers……………………………………………………………………..…...8 Software as a service Service (SaaS)…………………………………………………....10 Identity as a Service (IDaaS) ………………………………………………………...….13 Service-Oriented Architecture (SOA)………………………………………………...…17 Platform as a Service (PaaS)………………………………………………………….…18 PaaS Provider (Engine Yard)…………………………………………………………...19 Pass Provider (Red Hat Open Shift)……………………………………………………20 PaaS Provider (Caspio)……………………………………….…………………………21 Infrastructure as a Service (IaaS)……………………………………………………….24 IaaS Provider (Google Compute Engine)………………………………………………25 IaaS Provider (Rackspace Open Cloud)………………………………………………..27 IaaS Provider (HP Enterprise Converged Infrastructure)………………………………30 Security threats in cloud-based solutions with risk management strategies……………33 Risk Management in Cloud Computing………………………………………………..35 IT Governance for cloud-based solutions………………………………………………38 Identity Management In The Cloud……………………………………………………39 References………………………………………………………………………….…..45 Cloud Providers and Cost Savings Analysis Cloud computing is a type of computing that relies on sharing computing resources rather than having local servers or personaldevices to handle applications. Cloud computing is comparable togrid...

Words: 12017 - Pages: 49

Premium Essay

Telework. Acs, a Xerox Company

...Telework. ACS, A Xerox Company Managerial Applications of Information Technology IS 535 Professor: Anne Peters By: Samira Taghavi June 13, 2012 Table of Contents Proposal Introduction………………………………………………….. 3 Business Problem……………………………………………. 3 Benefits of Solution…………………………………………. 4 Approach……………………………………………… . ..…..5 Target Audience……………………………………………. 5 Milestone 1 Company Background………………………………………. 6 Business Issues……………………………………………… 6 Benefits of Solving Problem………………………………… 7 Proposed Technology Solution……………………………… ..8 Milestone 2 Detailed Technology Solution………………………………. 9 Value of this Approach……………………………………… 11 Business Process Changes…………………………………... 11 Milestone 3 Additional Technology Solutions…………………………… 12 Additional Business Process Changes………………………. 12 Overall Recommendations…………………………………... 13 Implementation Plan………………………………………… 13 Conclusion…………………………………………………... 14 References……………………………………………………………... 14 Proposal Introduction It’s 5:45 in the morning and you are waking up to the annoying sound of your alarm clock going off. You are fighting yourself just to get out of bed to drive to work. You may have to drive 5 days out of the week and sometimes...

Words: 3118 - Pages: 13

Premium Essay

Cloud Storage

...known it for the last four decades is facing significant internal and external pressures. The rapid growth of inexpensive or even free public cloud storage for consumers has created a bring-your-own storage grass-roots revolution demanding IT deliver simple self-service storage at costs far below current chargeback levels. At the same time the capacity requirements for user-generated content from sources like mobile applications is becoming a driving force in storage expansion. While public cloud options exist for enterprises they still have often unacceptable gaps in security and control despite their favorable economics compared to legacy on-premise storage. All of these factors are making it both technically and economically indefensible to just keep expanding your reliance on existing legacy NAS and SANs that suffer from years of vendor lock-in and are burdened by costly proprietary hardware. Something new is needed and the option of pushing data out to public cloud providers just isn’t feasible for organizations who need their storage to protect intellectual property and comply with regulations. But there is another cost-effective alternative. A new approach called Software-Defined Storage delivers reliable and secure private cloud storage far cheaper than legacy NAS/SAN storage and less than half the cost of business-grade public cloud storage. Building on...

Words: 4121 - Pages: 17

Premium Essay

Cloud Computing

...Cloud computing A collection of working papers Thomas B Winans John Seely Brown Cloud Computing frequently is taken to be a term that simply renames common technologies and techniques that we have come to know in IT. It may be interpreted to mean data center hosting and then subsequently dismissed without catching the improvements to hosting called utility computing that permit near realtime, policy-based control of computing resources. Or it may be interpreted to mean only data center hosting rather than understood to be the significant shift in Internet application architecture that it is. Perhaps it is the name. Certainly it is more nebulous than mnemonic, if you’ll pardon the poor pun. We happen to think so too. We’d rather use the term service grid, frankly, but that name also has its problems. The fact is that cloud and service grid computing are paradigmatically different from their common interpretations, and their use can shed light on how internet architectures are constructed and managed. Cloud computing represents a different way to architect and remotely manage computing resources. One has only to establish an account with Microsoft or Amazon or Google to begin building and deploying application systems into a cloud. These systems can be, but certainly are not restricted to being, simplistic. They can be web applications that require only http services. They might require a relational database. They might require web service infrastructure and message queues...

Words: 20471 - Pages: 82

Free Essay

Project Proposal

...The Strategic Center Firm (SCF) Kaplan University Leticia Butler IT-521: Decision Support Systems Professor Desiree Depriest Date Submitted: 7/23/2013 Executive Summary As one of the largest providers of outsourcing, collaborating opportunities firms, and newly appointed Strategic Center Firm. The organization must become the foundation for all network structures. This will require the company to operate globally. Contingent upon the case study provided by the CEO, we would begin an aggressive proposal to design and implement a DSS. The DSS will create cooperative and collaborative relationships with all shareholding companies globally. This design will include implementation of tools, application, data warehousing, and current DSS available. There are solid recommendations with justifications of current market products. The experience I have as a technical analyst will be present, showing my knowledge and understanding of technology requirements; integrate them into this proposal for the CEO, which supports the objective of this project. The components chosen will support current and future initiatives of the organization. There have been logical assumptions declared based on the objective of the case study that will bring global success to this organization. The Challenge The challenge as the new Strategic Center Firm (SCF), we must be the foundation for all the network’s structures. We must build a decision support structure that...

Words: 3941 - Pages: 16

Free Essay

Core Concepts of Ais

...Inc. This book was set in 10/12pt Garamond by Laserwords Private Limited, and printed and bound by RR Donnelley/Jefferson City. The cover was printed by RR Donnelley/Jefferson City. This book is printed on acid free paper. Founded in 1807, John Wiley & Sons, Inc. has been a valued source of knowledge and understanding for more than 200 years, helping people around the world meet their needs and fulfill their aspirations. Our company is built on a foundation of principles that include responsibility to the communities we serve and where we live and work. In 2008, we launched a Corporate Citizenship Initiative, a global effort to address the environmental, social, economic, and ethical challenges we face in our business. Among the issues we are addressing are carbon impact, paper specifications and procurement, ethical conduct within our business and among our vendors, and community and...

Words: 241803 - Pages: 968

Premium Essay

Management Information System

...Chapter 3 Q1. How does organizational strategy determine information systems structure?` Ultimately, competitive strategy determines the structure, features, and functions of every information system. * Porter’s Five Forces Model of Industry Structure * Bargaining power of customers * Threat of substitutions * Bargaining power of suppliers * Threat of new entrants * Rivalry Q2. What five forces determine industry structure? * The intensity of each of the five forces determines the characteristics of the industry, how profitable it is, and how sustainable that profitability will be. * Organizations examine five forces and determine how they intend to respond to them. That examination leads to competitive strategy. Q3. How does analysis of industry structure determine competitive strategy? * Porter’s Four Competitive Strategies | Cost | Differentiation | Industry-wide | Lowest cost across the industry | BetterProduct/serviceacross theindustry | Focus | Lowest costwithin anindustry segment | Betterproduct/servicewithin anindustry segment | To be effective, the organization’s goals, objectives, culture, and activities must be consistent with the organization’s strategy. Q4. How does competitive strategy determine value chain structure? * Value: The amount of money that a customer is willing to pay for a resource, product, or service. * Margin: The difference between the value that an activity generates and the cost...

Words: 7172 - Pages: 29

Free Essay

Project Scope Statement

...Company Members Project scope statement Project Title: Improve Network Structure for Lawyers Firm Date: June 27, 2012 Document prepared by: Email: * We will provide our clients with IT solutions that offer practical value today while positioning them to meet the business and technological needs of tomorrow. With our constant focus on improved business results, we will make and build definitive plans for the best and most economical IT hardware and solutions. Our goal is to ensure a solid network as well as a state of the art design and equipment for a Law Firm’s work environment. Assure that appropriate telecommunications and computing resources are available to support the mission of the firm Assure that each staff member who uses telecommunications and computing resources in his or her position has a computer of sufficient capability to fulfill their required job responsibilities Ease resource and financial planning by reducing the effort involved in budgeting and planning for new telephone units, computers, network, classroom equipment and server systems. Provide for the cost effective and timely purchasing and installation of new equipment while decreasing the deployment time for new equipment; and disposal of old and obsolete equipment. ------------------------------------------------- Deliverables Dell Desktops and laptops Cisco Routers, switches, and Ip phones will be installed and configured Firewalls will be installed Blade server holding case will be provided...

Words: 11532 - Pages: 47

Premium Essay

Windows 10 Introduction

...Introducing Windows 10 for IT Professionals Technical Overview ED BOTT PUBLISHED BY Microsoft Press A Division of Microsoft Corporation One Microsoft Way Redmond, Washington 98052-6399 Copyright 2016 © Microsoft Corporation All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form or by any means without the written permission of the publisher. ISBN: 978-0-7356-9697-6 Printed and bound in the United States of America. First Printing Microsoft Press books are available through booksellers and distributors worldwide. If you need support related to this book, email Microsoft Press Support at mspinput@microsoft.com. Please tell us what you think of this book at http://aka.ms/tellpress. This book is provided “as-is” and expresses the author’s views and opinions. The views, opinions and information expressed in this book, including URL and other Internet website references, may change without notice. Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred. Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en/us/IntellectualProperty/ Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies. All other marks are property of their respective owners. Acquisitions Editor: Rosemary Caperton Project Editor: Christian Holdener; S4Carlisle Publishing Services Editorial Production:...

Words: 48336 - Pages: 194

Premium Essay

Cissp

...ACCESS CONTROL? AN OVERVIEW 5 5 7 DOMAIN 2: SOFTWARE DEVELOPMENT SECURITY WHAT’S NEW IN APPLICATIONS SECURITY (NOW SOFTWARE DEVELOPMENT SECURITY)? AN OVERVIEW 9 9 10 DOMAIN 3: BUSINESS CONTINUITY & DISASTER RECOVERY WHAT’S NEW? AN OVERVIEW 12 12 13 DOMAIN 4: CRYPTOGRAPHY WHAT’S NEW? AN OVERVIEW 17 17 18 DOMAIN 5: INFORMATION SECURITY GOVERNANCE & RISK MANAGEMENT WHAT’S NEW? AN OVERVIEW 21 21 22 DOMAIN 6: LEGAL, REGULATIONS, INVESTIGATIONS, AND COMPLIANCE WHAT’S NEW? AN OVERVIEW 24 24 26 DOMAIN 7: SECURITY OPERATIONS WHAT’S NEW? AN OVERVIEW 28 28 29 DOMAIN 8: PHYSICAL & ENVIRONMENTAL SECURITY WHAT’S NEW? AN OVERVIEW 32 32 33 DOMAIN 9: SECURITY ARCHITECTURE & DESIGN WHAT’S NEW? AN OVERVIEW 36 36 38 DOMAIN 10: TELECOMMUNICATIONS & NETWORK SECURITY WHAT’S NEW? AN OVERVIEW 40 40 41 INFOSEC INSTITUTE’S CISSP BOOT CAMP COURSE OVERVIEW COURSE SCHEDULE 44 44 45 INTRODUCTION (ISC)²’s CISSP Exam covers ten domains which are:           Access Control Application Development Security Business Continuity and Disaster Recovery Planning Cryptography Information Security Governance and Risk Management Legal regulations, investigations, and compliance Operations Security Physical and Environmental Security Security Architecture and Design Telecommunications and Network Security Over the course of the this eBook, we’ll take a look at each one of the...

Words: 11687 - Pages: 47

Premium Essay

Internet

...not necessarily those of the European Commission or any of its officials» A great deal of additional information on the European Union is available on the Internet. It can be accessed through the Europa server (http://www.europa.eu). Cataloguing data can be found at the end of this publication. ISBN 978-92-79-08008-1 © European Communities, 2008 Reproduction is authorised provided the source is acknowledged. Printed in Belgium PRINTED ON CHLORE FREE PAPER The Future of the Internet A Compendium of European Projects on ICT Research Supported by the EU 7th Framework Programme for RTD European Commission I nform ati on S oc i et y and M ed ia ••• 2 Preface 5 priorities identified by the Internet Governance Forum: openness, security, access, diversity and critical Internet resources. The use of the Internet in public policies will considerably grow in areas such as education, culture, health and e-government. These topics will be at the core of our contribution to the OECD Seoul Summit in June. In the longer term, we have to prepare the future Internet, including for example, a 3D-Internet. This has already been pioneered through virtual environments such as “Second Life”. Turnover in online gaming has grown threefold over the past 5 years, and virtual worlds are estimated to attract more...

Words: 66329 - Pages: 266

Premium Essay

Smartphones Operating Systems

...allocation, the operating system acts as an intermediary between programs and the computer hardware, although the application code is usually executed directly by the hardware and will frequently make a system call to an OS function or be interrupted by it. Operating systems can be found on almost any device that contains a computer—from cellular phones and video game consoles to supercomputers and web servers. Examples of popular modern operating systems include Android, BSD, iOS, Linux, OS X, QNX, Microsoft Windows, Windows Phone, and IBM z/OS. All these, except Windows, Windows Phone and z/OS, share roots in UNIX. Smartphone A Smartphone, or smart phone, is a mobile phone built on a mobile operating system, with more advanced computing capability and connectivity than a feature phone. The first smartphones combined the functions of a personal digital assistant (PDA), including email functionality, with a mobile phone. Later models added the functionality of portable media players, low-end compact digital cameras, pocket video cameras, and GPS navigation units to form one multi-use device. Many modern smartphones also include high-resolution touchscreens and web browsers that display standard web pages as well as mobile-optimized sites. High-speed data access is provided by...

Words: 15551 - Pages: 63