Scribd
Upload
125 views21 pages

Unit-4 - Cloud Computing Security Architecture

The document discusses the importance of security in cloud computing, emphasizing the need for encryption, access control, and understanding service models like IaaS, PaaS, and SaaS. It outlines various threats and vulnerabilities associated with cloud environments, such as data breaches and insecure APIs, while also highlighting the microservices architecture for efficient application development. Additionally, it stresses the significance of security planning and the responsibilities of both cloud service providers and customers in maintaining data security.

Uploaded by

beebird234
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
125 views21 pages

Unit-4 - Cloud Computing Security Architecture

The document discusses the importance of security in cloud computing, emphasizing the need for encryption, access control, and understanding service models like IaaS, PaaS, and SaaS. It outlines various threats and vulnerabilities associated with cloud environments, such as data breaches and insecure APIs, while also highlighting the microservices architecture for efficient application development. Additionally, it stresses the significance of security planning and the responsibilities of both cloud service providers and customers in maintaining data security.

Uploaded by

beebird234
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 21

Cloud Computing

Security Architecture
• Security in cloud computing is a major concern. Proxy
and brokerage services should be employed to restrict a
client from accessing the shared data directly. Data in
the cloud should be stored in encrypted form.
Security Planning

Before deploying a particular resource to the cloud, one should need


to analyze several aspects of the resource, such as:
• A select resource needs to move to the cloud and analyze its
sensitivity to risk.
• Consider cloud service models such as IaaS, PaaS,and These
models require the customer to be responsible for Security at
different service levels.
• Consider the cloud type, such as public, private, community, or
• Understand the cloud service provider's system regarding data
storage and its transfer into and out of the cloud.
• The risk in cloud deployment mainly depends upon the service
models and cloud types.
Understanding Security of Cloud

• Security Boundaries
• The Cloud Security Alliance (CSA) stack model defines the boundaries
between each service model and shows how different functional units relate. A
particular service model defines the boundary between the service provider's
responsibilities and the customer. The following diagram shows the CSA stack
model:
Key Points to CSA Model

• IaaS is the most basic level of service, with PaaS and SaaS next two
above levels of services.
• Moving upwards, each service inherits the capabilities and security
concerns of the model beneath.
• IaaS provides the infrastructure, PaaS provides the platform
development environment, and SaaS provides the operating
environment.
• IaaS has the lowest integrated functionality and security level, while
SaaS has the highest.
• This model describes the security boundaries at which cloud service
providers' responsibilities end and customers' responsibilities begin.
• Any protection mechanism below the security limit must be built into
the system and maintained by the customer.
Understanding data security

Since all data is transferred using the Internet, data


security in the cloud is a major concern. Here are the
key mechanisms to protect the data.
• access control
• audit trail
• certification
• authority
Broker cloud storage

Broker cloud storage is a way of separating storage in the Access Cloud.


In this approach, two services are created:
1.A broker has full access to the storage but does not have access to the
client.
2.A proxy does not have access to storage but has access to both the client
and the broker.
3.Working on a Brocade cloud storage access system
4.When the client issues a request to access data:
5.The client data request goes to the external service interface of the
proxy.
6.The proxy forwards the request to the broker.
7.The broker requests the data from the cloud storage system.
8.The cloud storage system returns the data to the broker.
9.The broker returns the data to the proxy.
10.Finally, the proxy sends the data to the client.
Microarchitectures

• In cloud computing, microarchitecture, or microservices architecture, involves


building applications as collections of independently deployable, loosely coupled
services that communicate via APIs, enabling agility, scalability, and efficient
resource utilization.
OR
Microservices architecture (often shortened to microservices) refers to an
architectural style for developing applications. Microservices allow a large
application to be separated into smaller independent parts, with each part having
its own realm of responsibility. To serve a single user request, a microservices-
based application can call on many internal microservices to compose its
response.

• Containers are a well-suited microservices architecture example, since they let


you focus on developing the services without worrying about the dependencies.
Modern cloud-native applications are usually built as microservices using
containers.
Monolithic Vs Microservices
Key Concepts of Microservices Architecture:

Independent Deployment and Scaling: :


• Each microservice can be deployed, updated, and scaled independently,
without affecting other services.

Loose Coupling:
• Microservices communicate with each other through well-defined
interfaces, such as APIs, minimizing dependencies and enabling
independent development

Focus on Business Capabilities:


• Each microservice typically focuses on a specific business function or
domain, making it easier to understand, develop, and maintain
Cloud-Native Design:
• Microservices are designed to be deployed and run on
cloud platforms, taking advantage of cloud resources
like virtual machines, containers, and orchestration
tools .

DevOps Alignment:
• Microservices often go hand in hand with DevOps
practices, enabling continuous integration, continuous
delivery, and rapid application development
Types of Microservices
There are three types of microservices used in software
development:
1. Domain
2. Integration
3. unit-of-work
What is secure execution environment and communication in cloud?
Explain different threats and vulnerability specific to virtual machines

• Vulnerability: is a weakness that can be exploited by the attacker


for his own personal gain. A weakness can be present in software,
environments, systems, network, etc.
• Threat: is an actor who wants to attack assets in the cloud at a
particular time with a particular goal in mind, usually to inflict his
own financial gain and consequentially financial loss of a customer.
Cloud Computing Vulnerabilities
When deciding to migrate to the cloud, we have to consider the
following cloud vulnerabilities
• Session riding: session riding happens when an attacker steals a
user’s cookie to use the application in the name of the user. An
attacker might also use CSRF attacks ( Cross-Site Request
Forgery) in order to trick the user into sending authenticated
requests to arbitrary web sites to achieve various things.
• Virtual Machine Escape: in virtualized environments, the physical
servers run multiple virtual machines on top of hypervisors. An
attacker can exploit a hypervisor remotely by using a vulnerability
present in the hypervisor itself
• Reliability and Availability of Service: we expect our cloud
services and applications to always be available when we need
them, which is one of the reasons for moving to the cloud. But this
isn’t always the case, especially in a bad weather with a lot of
lightning where power outages are common.
• Insecure Cryptography: cryptography algorithms usually require
random number generators, which use unpredictable sources of
information to generate actual random numbers, which is required
to obtain a large entropy pool
• Internet Dependency: by using the cloud services, we’re
dependent upon the Internet connection, so if the Internet
temporarily fails due to a lightning strike or ISP maintenance, the
clients won’t be able to connect to the cloud services.
Cloud Computing Threats

Before deciding to migrate to the cloud, we have to look at the cloud security vulnerabilities and threats
to determine whether the cloud service is worth the risk due to the many advantages it provides. The
following are the top security threats in a cloud environment
• Ease of Use - the cloud services can easily be used by malicious attackers, since a registration process is
very simple
• Secure Data Transmission - when transferring the data from clients to the cloud, the data needs to be
transferred by using an encrypted secure communication channel like SSL/TLS.
• Insecure APIs - various cloud services on the Internet are exposed by application programming
interfaces. Since the APIs are accessible from anywhere on the Internet
• Malicious Insiders - employees working at cloud service provider could have complete access to the
company resources. Therefore cloud service providers must have proper security measures in place to
track employee actions like viewing a customer’s data.
• Shared Technology Issues - the cloud service SaaS/PasS/IaaS providers use scalable infrastructure to
support multiple tenants which share the underlying infrastructure.
• Data Loss - the data stored in the cloud could be lost due to the hard drive failure. A CSP could
accidentally delete the data, an attacker might modify the data, etc.
• Data Breach - when a virtual machine is able to access the data from another virtual machine on
the same physical host, a data breach occurs – the problem is much more prevalent when the
tenants of the two virtual machines are different customers.
• Account/Service Hijacking - it’s often the case that only a password is required to access our
account in the cloud and manipulate the data, which is why the usage of two-factor
authentication is preferred.
• Unknown Risk Profile - we have to take all security implications into account when moving to
the cloud, including constant software security updates, monitoring networks.
• Denial of Service - an attacker can issue a denial of service attack against the cloud service to
render it inaccessible, therefore disrupting the service
• User Awareness - the users of the cloud services should be educated regarding different attacks,
because the weakest link is often the user itself.

You might also like