To : Professor Ellis
From :David Requena
Date: Sept 25, 2020
Subject: 500-Word Summary
My 500-word summary is based on the article “Addressing cloud computing security issues” by Zissis, D., & Lekkas, D. This articles tell us about how cloud is growing at very fast rate. It also tell us about how important it is to find measures to be fight against this new problems that we are currently facing.
` Although the innovation of Cloud Computing has changed many technologies, it also arises new issues with computing, security and several other aspects. As with every technological invention, new security measures must be taken as we further our technological knowledge. In today’s world, there are already security measures when it comes to dealing with the possible threats to Cloud Computing. However, traditional and functional security is constantly being depreciated. The following methods are the ones that are currently considered as solutions for risks towards cloud security – trust in the third parties, security identification of the threats, and better security using cryptography.
There are three main types of cloud services, each with a different function or purpose, and one common. The three models are Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). IaaS basically gives the consumer the thing it needs to run, allowing the consumer to deploy and run the software. This includes storage, network, and computer resources. PaaS gives the user the ability to deploy in the cloud infrastructure. This service is usually provided by a third party. PaaS is mainly used to develop software on its own infrastructure. SaaS allows a third party to provide and host the software for their customer’s use over the internet.
Trust is a major factor in any type of cloud-related technology. This is because it’s a globalized service, many people in various countries interact with it. Third party companies are the ones that provide the different types of cloud services to its consumers. They are the ones that overview from security to privacy. According to the article ‘Addressing Cloud Computing Security Issues’, “Third parties are trusted within a cloud environment by enabling trust and using cryptography to ensure the confidentiality, integrity and authenticity of data and communications while attempting to address specific security vulnerabilities.” This simply means that it is possible to trust the third parties if they are willing to commit to help and secure the servers by being private and encrypting it so it could be harder to break into, even if someone tries. The article also states that the purpose of cloud computing is to have “the ability to clearly identify, authenticate, authorize and monitor who or what is accessing the assets of an organization is essential to protecting an IS from threats and vulnerabilities.” Being able to have trust in a company is a difficult action for another company because it is harder to verify ever action if it’s not being watched and constantly modified. Therefore, people have a hard time outsourcing what’s needed to be done and those that are to be done within the company. The way to trust a company is to have some sort of barrier or filter when it comes to the information, you’re sharing with your partner company. “Separation is the key ingredient of any secure system and is based on the ability to create boundaries between entities that must be protected, and those which cannot be trusted.” This is a great solution for any company, if both the third party and the company commit.
There are many threats in Cloud Computing, but first they need to be identified. Cloud Computing is a fairly new technology that traditional securities have already countered, but because it’s a new technology, it requires a different approach to security. First, threats must need to be identified, which may take some time because there are several areas like “availability and reliability issues, data integrity, recovery, privacy and auditing” to consider. The ability to identify the vulnerabilities are very complicated because there are building blocks to be used in designing secure systems. These important aspects of security apply to three broad categories of assets which are necessary to be secured – data, software, and hardware resources. Building blocks are in basic systems that can be reused to protect and deploy faster solutions. This is to ensure that it is developed and deployed in the areas that are having security problems. The reason that they work like this is so they can target different areas at the same time. For example, if a cloud is having a problem that include data being lost and a data breach, a building block can help solve these problems if it was developed in that specific way.
The third way to make cloud environment more secure is by having implement cryptography. Many times the way the hacker are able to trust pass the security by finding outdated security measures and. According to the article, the best way to secure is by the, “use of a combination of Public Key Cryptography, Single-Sign-On technology … to securely identify and authenticate implicated entities.” . A public key cryptography is a modern cryptographic method of communicating safely without having agreeing in a secret key. This is a method that uses private key and a public key using algorithm to secure the data. The way this work for example is the sender uses the receiver’s public key to encrypt the message. This way they only way to decrypt it is by using the receiver’s private key. The Single-Sign-On technology(SSO) is to have users only have one password to access many applications not having to have multiple credentials. One example for this is google services, when you have a google account you are instantly granted many services like google drive, google photos, etc. The way to access all these services is just by logging in one time and you will have access to everything thanks to SSO. These two different ways to make logging in and transferring data more safe for everyone who is involved
Zissis, D., & Lekkas, D. (2010, December 22). Addressing cloud computing security issues. from https://www.sciencedirect.com/science/article/pii/S0167739X10002554