Need some help with an assignment
Running head: CLOUD SECURITY 1
CLOUD SECURITY 5
Cloud Security
Patrick Carrasquillo
University of Phoenix
Aviv Raveh
1/24/2022
Cloud Security
Interaction between more than bodies or persons presenting a similar type of action ensures the item's creation. The participation of these systems might form an instinct and separate component of the product and participation that might not be distinct from other people. It squashes the risks that impede performance and concentration. The paper focuses on discussing the uniqueness of the shared responsibility model to the cloud environment, the shared responsibility model in cloud security, and the way security services aid to mitigate risks.
Shared Responsibility Model in Cloud Security
The shared responsibility model is a cloud security model that orders the security obligations of cloud computing providers and their users to assure responsibility. Various team members in the organization are accountable for cloud security, such as infrastructure team members, compliance team, apps team, security team, and network team (Demissie & Ranise, 2021). Cloud security is accountability between the wider organization and its cloud seller. Cloud is accountable for the protection of the cloud, and the consumers are accountable for protection in the cloud. Moreover, the cloud provider is also accountable for creating an infrastructure that can reliably and securely built-in a platform.
Why Shared Responsibility Model is Unique to Cloud Environment
The shared responsibility model is unique to the cloud environment because the cloud provider is accountable for cloud security and customers are accountable for cloud protection. There is shared accountability between user and CSP, as security for items like physical protection, network regulation, and information classification require clear possessors. Software-as-a-Service created accountability on CSP, as CSP organized the whole applications and infrastructure. Clients are accountable for organizing information and recognition permission.
Common Security Threats in Cloud Environment that GTR would desire to consider
Cloud computing endures to transfer the method by which firms utilize, store, and share information, workloads, and applications. It has given a host of new security challenges and threats. The security threats in the cloud environment must be considered unauthorized access, insecure APIs, and lack of visibility. The on-premises infrastructure deploys network and access to the public interest. Insecure APIs deliver various interfaces for clients. It causes problems if a consumer has not had appropriate security for cloud-based infrastructure. Various persons have weak passwords and reuse passcodes. Account hijacking is a serious issue of cloud security that depends on cloud-based infrastructure and apps of functions of the business. Cloud-based infrastructure is approachable from the internet that is not secured and deals with valuable and sensitive information. Cloud is utilized by various organizations, as successful attacks might be repeated various times with success. Cloud deployment of organizations is also a target of cyberattacks. Cloud is important for the capability of organizations to perform business.
Three Security Services
The security services are explained below:
Authentication
The assurance that is communicating an object that claims to remain in connection in authorized linkage delivers self-assurance. Information origin authentication ensures that the receipt information is requested (Lanz, 2021).
Data Confidentiality
It is regarding securing information against unauthorized, unlawful and unintentional theft. Confidentiality is concerned with privacy comprising authorization to examine, share and use information (Hong et al., 2018). Data with confidentiality concerns might be focused on the public and beyond the audience. For instance, information with higher confidentiality concerns comprises passcodes that should be confidential to secure accounts and systems and social protection schemes that remain confidential to secure recognized theft (Bharadwaj et al., 2018).
Access Control
It includes security of illegal usage of resources such as service regulations which have approach to resource beneath what situations can happen and what access the permitted capitals. It is a basic part of data security that follows permitted usage and access to resources and information of the company. Policies under access control assure proper access to the organization’s data.
How Security Services would aid to Mitigate Threats
Various security services can help to mitigate threats. There are various security threats; some are malicious because of negligence. Malicious risks might be recognized by workers' behavior, such as trying to hoard information (Bruma, 2021). Monitoring solutions can be used to recognize and arrange the information that cannot be an important resource for trailing the cyber-attack sources.
Conclusion
It is concluded that the cloud provider is accountable for the protection of the cloud and comprises protection at network service layers, computation, and storage. Clients are accountable for protecting and organizing the operating systems, virtual machines, and networks in which clients also secure and organize data, interfaces, and applications. Various team members in an organization might be accountable for cloud protection and share accountability among wider sellers and organizations.
References
Demissie, B. F., & Ranise, S. (2021, September). Assessing the Effectiveness of the Shared Responsibility Model for Cloud Databases: the Case of Google's Firebase. The 2021 IEEE International Conference on Smart Data Services (SMDS) (pp. 121-131). IEEE.
Brumă, L. M. (2021, August). Cloud security audit–issues and challenges. In 2021 16th International Conference on Computer Science & Education (ICCSE) (pp. 263-266). IEEE.
Bharadwaj, D. R., Bhattacharya, A., & Chakkaravarthy, M. (2018, November). Cloud threat defense–A threat protection and security compliance solution. In 2018 IEEE International Conference on Cloud Computing in Emerging Markets (CCEM) (pp. 95-99). IEEE.
Hong, S., Srivastava, A., Shambrook, W., & Dumitraș, T. (2018). Go serverless: Securing cloud via serverless design patterns, in 10th {USENIX} Workshop on Hot Topics in Cloud Computing (HotCloud 18).
Lanz, J. (2021). Cloud Computing: Friend or Foe?. The CPA Journal, 91(6/7), 24-29.