Discussion and Replies needeed
Reply needed 1 One of the most common issue with database privacy is SQL injection attacks. SQL injection is when an attacker uses SQL injections to expose data and compromise any unprotected data source. Some of a few ways to address this issue is 1.) syntax checking such as removal of any semi-colons since this the syntax required for any sql injections, and 2.) prepared statement in which database interaction is already prewritten which only allow enough rights.
Source:
Database. (n.d.). Retrieved from https://ethics.csc.ncsu.edu/privacy/database/study.php.
Reply needed 2 While the use of cloud computing brings many new advantages, it also brings about new security challenges. One major issue is that it is hard for customers to ensure the integrity of data that is stored. Cloud services are typically provided by completely separate entities, which ultimately means the customer is giving up total control over their data. This puts the accuracy of the data stored in the cloud at risk for many reasons. For example, the data center could have an outage, and the cloud can have security breaches, or cyber-attacks. It is also possible for cloud service providers to be untrustworthy for different reasons. Wang, Wang, Ren, and Lou (2010) state, “Examples include cloud service providers, for monetary reasons, reclaiming storage by discarding data that has not been or is rarely accessed, or even hiding data loss incidents so as to maintain a reputation” (p. 1). There are a couple ways to ensure data integrity. One of the most important security features is public auditability, which permits users to verify the accuracy of the data stored in the cloud at any point in time. The customer can also verify the storage correctness to make sure there are no cloud servers hidden from the audit (Wang, Wang, Ren, and Lou, 2010, p. 2)
Reference
Wang, C., Wang, Q., Ren, K., & Lou, W. (2010). Privacy-preserving public auditing for data storage security in cloud computing. In 2010 proceedings ieee infocom (pp. 1-9).
Reply needed 3 The great challenge of the “Internet Age” is how to balance the drive to be an early adopter of exciting new technology without also becoming a case study in what not to do. Like most new and exciting technological breakthroughs, the transition from an on premise network infrastructure to cloud-based technologies like software, platform, and infrastructure as a service (SaaS, PaaS, and IaaS, respectively) happened before all of the risks had been properly assessed and controls implemented. The concept of cloud storage seems at first glance like a fantastic tool. Why pay to maintain large database servers when you can just store all of your data on someone else’s infrastructure? Without adequate planning and safeguards however, transferring your database to the cloud is a perfect recipe for a data breach. Most cloud service providers (CSPs) have robust database management systems (DBMS) with more than adequate security and safeguards, but how does the data get there? If a company has dozens of terabytes of data, they certainly are not going to be able to burn it onto a DVD or attach it to an email to their new CSP to be securely uploaded. This introduces the question of data-in-transit (DIT). Any transmission via the Internet runs the risk of being intercepted by hackers and tampered with, or accidentally lost or corrupted due to a bad connection, so how does an organization securely transition all of its data into the cloud and perform secure uploads and downloads to keep the data current?
One method is to use a virtual private network (VPN). By establishing a VPN link to the cloud database, an encrypted tunnel is created between the sending and receiving VPN gateways that adds an extra layer of security between the user and the data being uploaded to or downloaded from the cloud (Gildred, 2019). There are numerous VPN providers available, and some CSPs even offer their own site-to-cloud VPNs (or something similar) as a subscription service that can be added to the cloud storage contract. Amazon Web Services (AWS) offers AWS Direct Connect, which bypasses the public Internet that most VPNs ride on top of by directly connecting the customer’s router to the AWS router via a dedicated fiber optic cable (Hudzia, 2016). This is an expensive and complex option however, so it is likely only useful for very large enterprises that are either transitioning entirely to the cloud or establishing a hybrid cloud solution.
As useful as VPNs are, there is no such thing as a perfectly secure solution. Like everything else that touches the Internet, VPNs can be compromised. In October of this year, NordVPN – one of the most popular subscription VPN providers available – announced that it had suffered a breach at one of its data facilities. Someone gained unauthorized access “by exploiting an insecure remote management system left by the data center provider; NordVPN said it was unaware that such a system existed” (Whittaker, 2019). By itself, the compromise is unlikely to create any serious compromise of data since only an expired private key was taken (which cannot be used to decrypt any connections), and NordVPN claims to have a “no logs” policy (they do not keep any records of customer connections or data transactions via their service). What the breach did do was remind everyone, especially Nord, that VPNs are only as secure as the facility housing the VPN servers. Like many data breaches before it, the NordVPN breach highlighted that physical security is still just as important as technical and virtual security solutions.
References
Gildred, J. (2019). Best VPN for cloud storage: Practice safe syncs. Cloudwards. Retrieved from https://www.cloudwards.net/best-vpn-for-cloud-storage/
Hudzia, B. (2016). How to build a secure tunnel from your on-premises data center to Amazon Cloud. Stratoscale. Retrieved from https://www.stratoscale.com/blog/cloud/build-secure-tunnel-on-prem-data-center-amazon-cloud/
Whittaker, Z. (2019). NordVPN confirms it was hacked. TechCrunch. Retrieved from https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/
Reply 4 needed Cloud security are the policies and controls that protect data and their infrastructure or the information that is stored in the cloud. Cloud service providers and problems faced by customers as a result of storage are a few of the pressing issues with the technology. With cloud, all of the data is stored outside of the organization, so there is always a consistent threat of the organizations data and ensuring that customer’s data does not get stolen. Employees need to be checked with identification mechanisms and passwords to confirm the data is being accessed by that organizations employee only. Confidential data of one customer could potentially be accessed by another if their data is in the same server. Often, the most commonly expressed reasons are concerns about security, privacy and compliance (Blount & Zanella, 2010). When one considers moving to the Cloud, the first thing most people worry about is whether their data will be secure, how their applications will be protected from inappropriate access by unauthorized persons, and how they can ensure that they will remain compliant with key security-related regulations and mandates.
References
Blount, S., & Zanella, R. (2010). Cloud Security and Governance : Who’s on Your Cloud? Ely: IT Governance Publishing. Retrieved from http://search.ebscohost.com.ezproxy.umuc.edu/login.aspx?direct=true&db=nlebk&AN=391120&site=eds-live&scope=site