Corey wk 6
1
4
Security Design
Shared Responsibility Model
A shared responsibility model is a safety framework that involves a cloud provider transferring responsibilities to a security team. This is done to improve security accountability. Each user's responsibility, especially in the setting of many clouds, is to reduce the risks associated with vulnerability. This paradigm could shift differently depending on the type of infrastructure being utilized. The model also varies depending on the company that provides the security. In contrast to Microsoft Azure, which defines its shared model as security ownership of the host, data centers, and general networks, Amazon Web Services mandates that customers take full responsibility for the upkeep of all hardware, networking, and software, in addition to general security precautions (Demissie & Ranise, 2021). Under the shared model, the user is responsible for performing some responsibilities, such as those of the data controller. Essentially, it is up to the user to decide when and how their data will be exploited. This responsibility falls squarely on the user's shoulders.
Expounding The Shared Responsibility Model
The cloud environment is one of a kind because of the shared responsibility model's capability to allow test groups of developers to spin up servers utilizing self-service methods. Even while these settings have the potential to stimulate creativity, they are often tied to your production assets. If they are not set up effectively, they pose major security hazards. Even if the cloud is inherently safe from the perspective of the provider, to have a secure cloud, the infrastructure has to be configured properly and access carefully monitored.
Security Threats
Even though the cloud environment is more secure than on-premise commercial operations infrastructure, security concerns still need to be addressed. One of the security threats associated with working in the cloud is the possibility of experiencing a data breach. These types of breaches can occur when an unauthorized user or program views, copies, or sends personal data due to an attack on cloud computing security. The cloud environment is also susceptible to the security threat of data loss, which may occur due to natural disasters or man-made disasters brought on by the destruction of servers or human error. This type of data loss can occur due to any of these events. Another common threat is the possibility of a denial of service attack (DoS) (Kim et al., 2020). To overload the system, attackers use enormous amounts of bandwidth, resulting in the server providing cloud services at a much slower rate. Even if the systems in the cloud environment are perfectly secure, the presence of third-party services inside the cloud environment may still introduce additional vulnerabilities to the cloud's data protection. Attackers can use insecure application programming interfaces (APIs) to access data stored in cloud environments through third-party services.
Security Services
The three types of security services include data protection, identity and access management, and network and application protection. Through the use of data security, unauthorized access is prevented to data accounts as well as workloads. The AWS data security service incorporates identification of potential dangers, encryption of sensitive information, and key management. The combination of identity management with access control makes it feasible to securely manage many identities, resources, and permissions. Network and application protection is responsible for implementing fine-grained security rules at network control points across an organization. The AWS service contributes to monitoring and filtering traffic, which helps prevent unauthorized access to resources.
Mitigating Threats
The security services contribute to the risk reduction effort by helping to define, detect, and identify potential threats. First, to understand how to reduce the risks posed by insiders, it is necessary to precisely define such risks. An insider threat can be anybody who has permitted access to or knowledge of an organization's resources, such as its people, facilities, information, equipment, networks, or systems. This includes anyone who has this access or knowledge. Effective insider threat programs proactively employ a mitigation strategy that includes detecting, identifying, evaluating, and managing to protect their companies from potential harm (Spooner et al., 2018). The capacity of the program to notice and identify observed behaviors and acts that should raise red flags is essential to the program's efficacy. The terms "threat detection and identification" relate to the process of bringing to the attention of an organization or an insider threat team the behaviors of persons who may constitute an internal threat to the organization.
References
Demissie, B. F., & Ranise, S. (2021, September). Assessing the Effectiveness of the Shared Responsibility Model for Cloud Databases: the Case of Google’s Firebase. In 2021 IEEE International Conference on Smart Data Services (SMDS) (pp. 121-131). IEEE.
Kim, J., Kim, J., Kim, H., Shim, M., & Choi, E. (2020). CNN-based network intrusion detection against denial-of-service attacks. Electronics, 9(6), 916.
Spooner, D., Silowash, G., Costa, D., & Albrethsen, M. (2018, May). Navigating the insider threat tool landscape: low cost technical solutions to jump start an insider threat program. In 2018 IEEE Security and Privacy Workshops (SPW) (pp. 247-257). IEEE.