assignment

Assignment on “Cloud cyber security threats and its counter measures”

University Of Cumberlands

Course name : Emerging Threats and Countermeasures

Course Number : ITS 834

Semester term : Fall Main-TERM 2019

Full name : Rajini Chinthakayala

Student id : 002815637

Date : 09/22/2019

Cloud cyber security and counter measures:

Cyber security is the practice of safeguarding PCs, servers, cell phones, electronic frameworks, systems, and data from malicious attacks. It's also known as information innovation security or electronic information security. Cloud computing has done everything on internet online where as these services are broadly isolated into three categories like Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS). The name cloud computing was roused by the cloud image that's regularly used to speak to the Web in flowcharts and diagrams. Cloud services can be provided privately or publicly. Public cloud services can offer services to anyone on the Web. (Right now, Amazon Web Services is the largest open cloud supplier.) A private cloud is a proprietary system or a data focus that provisions facilitated services to a predetermined number of individuals. Private or open, the goal of cloud computing is to give easy, scalable access to registering assets and IT services. Cloud computing gives many advantages, for example, speed and productivity via dynamic scaling. Be that as it may, there are also a large group of potential threats in cloud computing. Most of the cloud security threats are incorporated with data breaches, human blunder, malicious insiders, account hijacking, and DDoS attacks.

For many decades many cyber attacks occurred on cloud. This worry has made cloud computing one of the all the more polarizing issues for IT professionals. Many adversaries of the cloud point to the fact that not all cloud services are equal in their dedication to security:

· Poor configuration of the cloud can lead to circumvention of internal approaches that classify touchy data and secure access to it.

· Not all cloud services offer solid authentication, encryption (both in transit and very still) and audit logging.

· Failure to isolate a client's data from different tenants in a cloud situation together with privacy controls that are not vigorous enough to control access.

· Lack of maintaining and patching to guarantee that realized flaws are not abused in the cloud service

Present day’s attackers are cyber spies that utilization traditional espionage tactics, together with innovative and problematic malware to bypass passive, guard based security measures. To reduce the cloud cyber attacks, security must transform itself into an active profile that chases today's attacks as aggressively as it predicts the threats of tomorrow. Cyber security set up is most important to protect cloud information. The cloud can leverage huge data and instant analytics over a large swath of end clients to instantly address known threats and foresee threats that try to overpower security.

Many organizations unable to manage the benefits of the cloud against the cloud security threats and challenges they may face. These cloud security challenges and dangers should be property addressed before a cloud arrangement is adopted by the organization. One of the greatest challenge facing by the majority of the organizations now a days on cloud security is lack of perceivability and power over cloud security. Day to day maintenance of a software, platform or registering are the main obligation to control the cyber threats.

Cloud security must create a collaborative approach that analyses occasion streams of normal and abnormal activity across all clients to manufacture a global threat observing framework. Because many various clients leverage the same cloud condition, cloud security is particularly fit to building a collaborative situation that instantly predicts threats through an overall threat checking framework and shares threats among all clients under the haze umbrella.

In cloud computing, each part is on the web, which uncovered potential vulnerabilities. Indeed, even the best teams endure serious attacks and security breaches every once in a while. Although cloud service suppliers actualize the best security standards and industry certifications, putting away data and important records on external service suppliers always opens up dangers. The cloud is only a server where we store the data, applications and software that you can access from any gadget, as long as you have a Web association. Cloud services must consent to cyber security standards that guarantee the trustworthiness of the data of the clients and companies that contract the services. A few times cloud makes this issue multiple times more terrible since administrative access to the cloud management platform, either by a worker or an attacker acting like a representative, enables access to duplicate and steal any virtual machine, undetected.

Cloud computing must offer secure navigation. Another important aspect is the verification of who the individual is attempting to access the cloud service. Protecting access with a solid password, utilizing password generator instrument to create solid passwords and save them on a passwords manger. Firewalls and secure client gatherings are also keys to working safely with a cloud service. Secure client gatherings can be created and subsequently discriminate access to assets according to the degree of benefits. Data encryption is also important to anticipate data reading by outsiders. A few services in the cloud integrate it. Be that as it may, there are applications, for example, Boxcryptor that maintain the privacy of the records with endpoint encryption, for example, Dropbox, Google Drive or OneDrive, among others (Allan A Friedman, Darrell M West, 2010).

Since distributed computing faces the same challenges as different systems and infrastructures that use the web, there are several ways where countermeasures can avert the dangers and threats that are manageable against cloud security. Different countermeasures are established so as to counteract the utilization of attacks that incorporate better strategies for transforming delicate data over open cloud arrangements. All the more importantly cloud servers require better data portability and insurance from external threats. This incorporates, creating character and access management guidance. In ensuring hard drives that are shared to be totally expelled, that are devastation strategies, as well as creating dynamic credentials, and signatures. Encryption should be increasingly dynamic and secure to ensure records and other client data. Better encryptions allow for better techniques in storage, acquisition of data, arrangements for security and information from service suppliers and merchants that help in regulations measurements and openings in the cloud.

Summary: Nowadays' small, mid and huge organizations are actively moving towards cloud services. There are tremendous advantages of distributed computing to these ventures, and henceforth security turns into the prime issue of worry for cloud clients. Perhaps the greatest drawback of distributed computing is lack of appropriate privacy of organizations information. Any data is of vital significance to an organization and it is duty of cloud service supplier and customer to guarantee data is safe from threats and dangers.

References: 1) https://www.researchgate.net/publication/308302020_Security_threat_on_Cloud_Computing 2) SaurabhSingh, Young-SikJeong, Jong HyukPark, Journal of Network and Computer Applications, 7th September, 2016, A survey on cloud computing security: Issues, threats, and solutions, retrieved from https://www.sciencedirect.com/science/article/pii/S1084804516301990, 3) Allan A Friedman; Darrell M West; Brookings Institution- Center for Technology Innovation, Washington, 2010, Privacy and security in cloud computing e-book, retrieved from https://www.worldcat.org/title/privacy-and-security-in-cloud-computing/oclc/671767416 4) Carstensen, Jared, Golden, Bernard, Morgenthal, JP, Published by IT Governance Publishing, 2012, Cloud Computing : Assessing the Risks, retrieved from http://search.ebscohost.com/login.aspx?direct=true&AuthType=shib&db=nlebk&AN=571554&site=eds-live 5) Fatima A. Alali and Chia-Lun Yeh (2012) Cloud Computing: summary and Risk Analysis.

Journal of Information Systems: Fall 2012, Vol. 26, No. 2, pp. 13-33., Retrieved from https://doi.org/10.2308/isys-50229 6) Hashizume, K., Rosado, D.G., Fernández-Medina, E. et al. J Internet Serv Appl (2013) 4: 5. https://doi.org/10.1186/1869-0238-4-5