8/3/2019 Cloud intro and possible threats
1/35
Cloud Computing
andSecurity Threats
8/3/2019 Cloud intro and possible threats
2/35
SOFTWARE SECURITY SYSTEM
For Course :
8/3/2019 Cloud intro and possible threats
3/35
SIR MAQSOOD RAZI
For
8/3/2019 Cloud intro and possible threats
4/35
IQBAL UDDIN KHAN
From
8/3/2019 Cloud intro and possible threats
5/35
What is Cloud?
The term "cloud" is used as a metaphor forthe Internet, based on the cloud drawingused in the past to represent the
telephone network and later to depict theInternet in computer network diagrams asan abstraction of the underlying
infrastructure it represents.
8/3/2019 Cloud intro and possible threats
6/35
Commercial deployment ofCloud
In early 2008, Eucalyptus became the firstopen-source, AWS API-compatibleplatform for deploying private clouds. In
early 2008, OpenNebula, enhanced in theRESERVOIR European Commission-funded project, became the first open-
source software for deploying private andhybrid clouds, and for the federation ofclouds.
8/3/2019 Cloud intro and possible threats
7/35
Commercial deployment ofCloud contd
Eucalyptus: is a software platform for theimplementation of private cloud computing.
Eucalyptus has two editions:
1. Open-core enterprise edition.
2. Open-source edition.
8/3/2019 Cloud intro and possible threats
8/35
Commercial deployment ofCloud contd
Eucalyptus is Compatible withAMAZONs Elastic Compute Cloud
(EC2) and Simple Storage Service (S3).
Eucalyptus works with most currentlyavailable Linux distributions includingUbuntu, Red Hat Enterprise Linux(RHEL), CentOS, SUSE LinuxEnterprise Server (SLES), openSUSE,Debian and Fedora.
8/3/2019 Cloud intro and possible threats
9/35
Commercial deployment ofCloud contd
OpenNebula: An open-source cloudcomputing toolkit for managingheterogeneous distributed data center
infrastructures. The OpenNebula toolkitmanages a data center's virtualinfrastructure to build private, public
and hybrid clouds.
8/3/2019 Cloud intro and possible threats
10/35
Why Cloud is Necessary?
The answer depends upon what typeof user we are?
example:
System Administrator.
Software Developers. IT buyers, Corporate and Federal.
8/3/2019 Cloud intro and possible threats
11/35
Benefits of Cloud Computing
Reduced CostCloud technology is paid incrementally,saving organizations money.
Increased StorageOrganizations can store more data than onprivate computer systems.
Highly AutomatedNo longer do IT personnel need to worryabout keeping software up to date.
8/3/2019 Cloud intro and possible threats
12/35
Benefits of Cloud Computingcontd
FlexibilityCloud computing offers much moreflexibility than past computing methods.
More MobilityEmployees can access informationwherever they are, rather than having to
remain at their desks.
8/3/2019 Cloud intro and possible threats
13/35
Benefits of Cloud Computingcontd
Allows IT to Shift FocusNo longer having to worry about constantserver updates and other computing
issues, government organizations will befree to concentrate on innovation.
8/3/2019 Cloud intro and possible threats
14/35
Cloud Details
Cloud computing is a marketing term fortechnologies that provide computation,software, data access, and storage services thatdo not require end-user knowledge of thephysical location and configuration of thesystem that delivers the services.
A parallel to this concept can be drawn with theelectricity grid, wherein end-users consumepower without needing to understand thecomponent devices or infrastructure required toprovide the service.
8/3/2019 Cloud intro and possible threats
15/35
Cloud Details
8/3/2019 Cloud intro and possible threats
16/35
Cloud Layers
Client
Applications
Platform
Infra
Structure
Server
8/3/2019 Cloud intro and possible threats
17/35
Cloud Layers contd
Client
A cloud clientconsists ofcomputer hardware and/orcomputer software thatrelies on cloud computing
for application delivery andthat is in essence useless
without it.
Example ChromeOS.
a Linux-based operatingsystem designed by Googleto work exclusively with webapplications.
8/3/2019 Cloud intro and possible threats
18/35
Cloud Layers contd
Application
A cloud application issoftware provided as
a service. Example :
Google Apps.
8/3/2019 Cloud intro and possible threats
19/35
Cloud Layers contd
Platform
a computing platformand/or solution stackas a service, oftenconsuming cloudinfrastructure andsustaining cloudapplications.
Example
8/3/2019 Cloud intro and possible threats
20/35
Cloud Layers contd
Infrastructure
a platformvirtualization
environment as aservice, along withraw (block) storageand networking.
Example
AMAZON EC2
8/3/2019 Cloud intro and possible threats
21/35
Cloud Layers contd
Server
The servers layerconsists of computerhardware and computersoftware products thatare specifically designedfor the delivery of cloudservices, including multi-core processors, cloud-specific operatingsystems and combinedofferings.
8/3/2019 Cloud intro and possible threats
22/35
Cloud Deployment Models
Public cloud
Community
cloud
Hybrid cloud
Private cloud
8/3/2019 Cloud intro and possible threats
23/35
Cloud Deployment Models Contd
Public cloud
A public cloud is one based on the standardcloud computing model, in which
applications and storage, available to thegeneral public over the Internet. Publiccloud services may be free or offered on a
pay-per-usage model.
8/3/2019 Cloud intro and possible threats
24/35
Cloud Deployment Models Contd
Community cloud
Community cloud shares infrastructurebetween several organizations from a
specific community with common concerns(security, compliance and jurisdiction).
8/3/2019 Cloud intro and possible threats
25/35
Cloud Deployment Models Contd
Hybrid cloud
Hybrid cloud is a composition of two or moreclouds (private, community, or public) that
remain unique entities or can also bedefined as multiple cloud systems that areconnected in a way that allows programs
and data to be moved easily from onedeployment system to another.
8/3/2019 Cloud intro and possible threats
26/35
Cloud Deployment Models Contd
Private cloud
Private cloud is infrastructure operatedsolely for a single organization, whether
managed internally or by a third-party andhosted internally or externally.
8/3/2019 Cloud intro and possible threats
27/35
Threats to Cloud Computing
Abusive use of Cloud Computing.
Insecure Interfaces and APIs.
Malicious Insiders.
Shared Technology Issues.
Data Loss or Leakage.
Account or Service Hijacking.
8/3/2019 Cloud intro and possible threats
28/35
Threats to Cloud ComputingContd
Abusive use of Cloud Computing.
Cloud Computing providers are actively beingtargeted, partially because their relatively
weak registration systems facilitateanonymity, and providers fraud detection
capabilities are limited. So criminalscontinue to leverage new technologies to
improve their reach, avoid detection, andimprove the effectiveness of their activities.
8/3/2019 Cloud intro and possible threats
29/35
Threats to Cloud ComputingContd
Insecure Interfaces and APIs
Reliance on a weak set of interfaces and APIsexposes organizations to a variety of
security issues related to confidentiality,integrity, availability and accountability.While most providers strive to ensuresecurity is well integrated into their service
models
8/3/2019 Cloud intro and possible threats
30/35
Threats to Cloud ComputingContd
Malicious Insiders
The impact that malicious insiders can have onan organization is considerable, given their
level of access and ability to infiltrateorganizations and assets. Brand damage,financial impact, and productivity losses arejust some of the ways a malicious insider
can affect an operation.
8/3/2019 Cloud intro and possible threats
31/35
Threats to Cloud ComputingContd
Shared Technology Issues
Attackers focus on how to impact theoperations of other cloud customers, and
how to gain unauthorized access to data. Sothey target the shared technology insideCloud Computing environments. Diskpartitions, CPU caches, GPUs, and other
shared elements were never designed forstrong compartmentalization.
8/3/2019 Cloud intro and possible threats
32/35
Threats to Cloud ComputingContd
Data Loss or Leakage
Data loss or leakage can have a devastatingimpact on a business. Beyond the damage to
ones brand and reputation, a loss couldsignificantly impact employee, partner, andcustomer morale and trust. Loss of coreintellectual property could have competitive
and financial implications.
8/3/2019 Cloud intro and possible threats
33/35
Threats to Cloud ComputingContd
Account or Service Hijacking.
Organizations should be aware of thesethreats, Account and service hijacking,
usually with stolen credentials, remains a topthreat. With stolen credentials, attackers canoften access critical areas of deployed cloudcomputing services, allowing them to
compromise the confidentiality, integrity andavailability of those services.
8/3/2019 Cloud intro and possible threats
34/35
References from
Wikipedia.
Report from Cloud Security Alliance
March 2010.
8/3/2019 Cloud intro and possible threats
35/35
Thank you