ESE Revision Topics Fall 2024 PDF

Summary

This document contains revision topics for a course called ESE. The topics cover cloud security, risks, and economics. It includes sections on security in cloud computing, security aspects, data security, data center security, network security, and platform-as-a-service security.

Full Transcript

Unit 5 Cloud Security, Risks and
Economics
 Security in Cloud Computing

 Security is an important aspect to be considered in the
cloud computing environment.

 Subsequent sections talk about data security;
virtualization security; security issues in Software as a
Service (SaaS), Infrastructure as a Service (IaaS), and
Platform as a Service (PaaS) models; etc.

 Privacy challenges and identity and access management
issues in cloud are also discussed in this Unit.
 Security Aspects
Security concerns in the cloud are not that different from non-
cloud service offerings although they are exasperated—
because in a single-tenant, non-cloud environment, you
generally know where information is and how it is being kept.
There are many different customers and there is no
mechanism followed to isolate each other’s data.
Cloud computing places business data into the hands of an
outside provider and makes regulatory compliance inherently
riskier and more complex than it is when systems are
maintained in-house.

Loss of direct oversight means that the client company must
 Data Security
Due to huge infrastructure, cost organizations are slowly
switching to cloud technology. Data are stored in the CSP’s
infrastructure. As data do not reside in organization territory,
many complex challenges arise. Some of the complex data
security challenges in cloud include the following.

 The need to protect confidential business, government, or
regulatory data.

 Cloud service models with multiple tenants sharing the
same infrastructure.

 Data mobility and legal issues relative to such government
 Data Security
 Lack of standards about how CSPs securely recycle disk
space and erase existing data.

 Auditing, reporting, and compliance concerns.

 Loss of visibility to key security and operational intelligence
that no longer is available to feed enterprise IT security
intelligence and risk management.

 A new type of insider who does not even work for your
company but may have control and visibility into your data.
 Data Security
Such issues raise the level of anxiety about security risks in
the cloud. Enterprises worry whether they can trust their
employees or need to implement additional internal controls in
the private cloud and whether third-party providers can
provide adequate protection in multitenant environments that
may also store competitor data.
There is also an ongoing concern about the safety of moving
data between the enterprise and the cloud, as well as how to
ensure that no residual data remnants remain upon moving to
another CSP.
Unquestionably, virtualized environments and the private
cloud involve new challenges in securing data, mixed trust
levels, and the potential weakening of separation of duties and
 Data Center Security
i. Data are stored in outside territory of the user in a location
called as data center, which is unknown to the user. As the
location of the data center is unknown to the user, it
becomes a virtual data center.
ii. The backbone of this virtual data center is virtual
infrastructure, or the virtual machine (VM); however, virtual
platforms are dependent on many other, often forgotten
components of both the physical and virtual data centers.
iii. There are typically seven areas of concern that accompany
any major virtual platform implementation or migration.
iv. Often, these issues are not seen during staging and testing
and only appear when the VMs take on the same amount of
load as physical machines. The critical points represent two
 Data Center Security
i. Lack of performance and availability

ii. Lack of application awareness

iii. Additional, unanticipated costs

iv. Unused virtualization features

v. Congested storage network

vi. Management complexity
 Network Security
Cloud is based on networking of many things together like
the network of infrastructure. While the network is the
backbone of the cloud, many challenges are encountered in
this network. Some of the challenges in the existing cloud
networks are discussed in the following.

 Application performance
 Flexible deployment of appliances
 Policy enforcement complexities
 Topology-dependent complexity
 Application rewriting
 Location dependency
 Multilayer network complexity
 Platform-as-a-Service Security
Issues
1. PaaS provides a ready-to-use platform, including OS that
runs on vendor-provided infrastructure. As the infrastructure
is of the CSP, various security challenges of the focused
architecture are caused mainly by the spread of the user
objects over the hosts of the cloud.
2. Stringently allowing access of objects to the resources and
defending the objects against malicious or corrupt providers
reasonably reduce possible risks.
3. Network access and service measurement bring together
concerns about secure communications and access control.
Well-known practices, object scale enforcement of
authorization, and undeniable traceability methods may
alleviate the concerns.
 Infrastructure-as-a-Service Security
Issues
Cloud computing makes a lot of promises in the areas of
increased flexibility and agility, potential cost savings, and
competitive advantages for developers so that they can stand
up an infrastructure quickly and efficiently to enable them to
develop the software to drive business success. There are a lot
of problems that cloud, especially private cloud, solves, but it
is not that much good in solving problems related to security.
i. Hypervisor security.
ii. Multitenancy.
iii. Identity management and access control (IdAM).
iv. Network security
 Audit and Compliance
1. It is a widely known fact that data protection and regulatory
compliance are among the top security concerns for chief
information officers (CIOs) of any organization.
2. According to the Pew Internet and American Life Project, an
overwhelming majority of users of cloud computing services
expressed serious concern about the possibility of a service
provider disclosing their data to others.

3. Ninety percent of cloud application users said that they
would be very concerned if the company at which their data
were stored sold them to another party.
 Audit and Compliance
4. A survey conducted by many firms expressed the view that
security is the biggest challenge for the cloud computing
model.

5. Stakeholders, therefore, increasingly feel the need to
prevent data breaches. In recent months, many newspaper
articles have revealed data leaks in sensitive areas such as
the financial and governmental domains and web
community.
6. One of the missions of the data protection authorities is to
prevent the so-called Big Brother phenomenon, which refers
to a scenario whereby a public authority processes personal
data without adequate privacy protection. In such a
 Audit and Compliance
7. One of the missions of the data protection authorities is to
prevent the so-called Big Brother phenomenon, which refers
to a scenario whereby a public authority processes personal
data without adequate privacy protection. In such a
situation, end users may view the cloud as a vehicle for
drifting into a totalitarian surveillance society.

8. The specificities of cloud computing, therefore, make the
data protection incentive even greater. For example, the
cloud provider should provide encryption to protect the
stored personal data against unauthorized access, copy,
leakage, or processing.
 Audit and Compliance
9. In a cloud environment, companies have no control over
their data, which, being entrusted to third-party application
service providers in the cloud, could now reside anywhere in
the world.
10.Nor will a company know in which country its data reside at
any given point in time.
11.This is a central issue of cloud computing that conflicts with
the EU requirements whereby a company must at all times
know where the personal data in its possession are being
transferred to.
12.Cloud computing thus poses special problems for
multinationals with specific EU customers.
 Privacy and Integrity
The promise to deliver IT as a service is addressed to a large
range of consumers, from small- and medium-sized enterprises
(SMEs) and public administrations to end users. Users are
creating an ever-growing quantity of personal data.

1. Complexity of risk assessment in a cloud
environment: The complexity of cloud services introduces
a number of unknown parameters. Service providers and
consumers are cautious about offering guarantees for
compliance-ready services and adopting the services. With
service providers promoting a simple way to flow personal
data irrespective of national boundaries, a real challenge
arises in terms of checking the data processing life cycle
 Privacy and Integrity
2. Emergence of new business models and their
implications for consumer privacy:
A report by the Federal Trade Commission (FTC) on Protecting
consumer privacy in an era of rapid change analyzes the
implications for consumer privacy of technological advances in
the IT sphere. According to the FTC, users are able to collect,
store, manipulate, and share vast amounts of consumer data
for very little cost.

These technological advances have led to an explosion of new
business models that depend on capturing consumer data at a
specific and individual level and over time, including profiling,
online behavioral advertising (OBA), social media services, and
 Disaster Recovery
1. Simple data backup as well as more comprehensive disaster
recovery and business continuity planning is an essential
part of business and personal life.

2. Backup as a Service and Disaster Recovery as a Service is
now available online through the cloud for every level of
user, from personal, small business to large enterprise data
storage and retrieval, either publicly through the Internet or
via more secure dedicated access methods.

3. As a result, traditional methods are becoming obsolete.
 Disaster Recovery
A few of the advantages include the following:

1. No huge upfront costs for capital investment or
infrastructure management or black boxes.
2. Backups are physically stored in a different location from
the original source of your data.
3. Remote backup does not require user intervention or
periodic manual backups.
4. Unlimited data retention. You can get as much or as little
data storage space as you need.
5. Backups are automatic and smart. They occur continuously
and efficiently back up your files only as the data change.
 Disaster Recovery
Cloud computing, based on virtualization, takes a very
different approach to disaster recovery.

With virtualization, the entire server, including the OS,
applications, patches, and data, is encapsulated into a single
software bundle or virtual server.

This entire virtual server can be copied or backed up to an
offsite data center and spun up on a virtual host in a matter of
minutes.
 Disaster Recovery
Since the virtual server is hardware independent, the OS,
applications, patches, and data can be safely and accurately
transferred from one data center to a second data center
without the burden of reloading each component of the server.

This can dramatically reduce recovery times compared to
conventional (non-virtualized) disaster recovery approaches
where servers need to be loaded with the OS and application
software and patched to the last configuration used in
production before the data can be restored
Thank You