Cloud Computing Security:
Cloud Computing security refers to set of policies and measures deployed to protect cloud infrastructure and the underlying data and applications. It is a part of information security. Cloud Computing Security is needed as there are certain security concerns regarding security and privacy of the users and their data. Cloud Computing gives users the ability to store and process data at third-party data centers. Cloud Computing provides cloud service models -IaaS, PaaS, and SaaS along with cloud deployment models – public, private, hybrid, and community cloud.
The cloud computing security issues may be at the provider end or at the customer end. It is the responsibility of the provider that their infrastructure is secure and also user’s data and the information is protected. Users should also secure their data with strong authentication measures. Data stored in the public cloud is sensitive to third-party attacks or the insider attacks. Often cloud service providers store more than one customer’s data on a single server to reduce costs and maintain efficiency. Due to this, there are chances of one user’s data being exposed to another user. For handling such situation, cloud service providers must provide proper data isolation and logical segregation of data.
Controls in Cloud Security
Following are the controls in Cloud Security Architecture:
Deterrent Control – These controls try to reduce outside attacks on the cloud system.
Preventive Control – These controls strengthen the cloud system by eliminating all the possible vulnerabilities.
Detective Control – These controls are intended to detect any incident which may lead to the attack on the system.
Corrective Control – Corrective controls try to minimise the damage caused by the incident or attack.
Following is the list of current research and thesis topics in Cloud Computing Security:
- Cloud Security Dimensions
- Denial of Service(DoS)
- Identity Management
- Data Security
- Data separation
- DDoS Attacks
Virtualization is an important concept in cloud computing and it refers to the process of creating a virtual version of something rather than real like a server, storage, and networks. Cloud Computing is based on this concept of virtualization. Hardware Virtualization means the creation of virtual machines that can act and work like a real computer with an operating system. Hardware Virtualization is of two types – Full Virtualization and Paravirtualization. The actual machine on which virtualization is done is referred to as host machine while the virtual machine is referred to as the guest machine. It is a very good topic for the thesis. Students looking for cloud computing thesis topic suggestion can opt this topic for their work.
Encryption is a method of protecting the data by sending the data in some other form. In order to provide more protection and privacy to data, cloud computing uses advanced encryption algorithms. Another measure known as crypto-shredding is also applied in which keys are deleted when there is no need to use data. The types of encryption employed in cloud computing security include – Fully homomorphic encryption and Searchable Encryption.
3.Cloud Security Dimensions
The Cloud Security Controls are selected and implemented in accordance with the amount of risk, threat, and vulnerabilities. The cloud security concerns can be grouped according to their amount of risk. There is a software named Cloud Access Security Brokers(CASB) in between cloud service users and cloud applications that monitors all the cloud security policies and also enforce security policies.
4.Denial of Service(DoS)
Denial of Service(DoS) is a type of attack in which an intruder makes resources unavailable to users by disrupting the services connected to the internet. The attacker tries to overload the system with surplus requests and also block the incoming genuine requests. There are various types of DoS attacks like Distributed DoS attack, Application layer attack.
Identity Management is the process of providing authorized access to the cloud services. Every user is provided with a unique ID and password for access to the cloud system. The main purpose of Identity Management is to verify that whether a user should be allowed access to cloud system or not. It ensures that only authorized users are granted access to the system.
Security of data in Cloud-based services is a major concern. Often data is exposed particularly in public cloud due to some loopholes and vulnerabilities. For providing security and privacy of data, the encryption method is used in cloud computing. Other data security issues include data replication, data loss due to breach, and security of data in public cloud platform.
Due to multi-tenant nature of public cloud and other data security concerns, users try to avoid this platform. Due to sharing of cloud resources like virtual machine between users, data separation is almost impossible. Another aspect of data separation is geolocation. Enterprises should ensure that the geolocation for data storage is a trusted location. Tenancy and geolocation are the major factors in Data Separation.
DDoS stands for Distributed Denial of Service and is a type of Denial of Service Attack in which malicious traffic comes from multiple devices. This makes it difficult to differentiate genuine traffic from the malicious traffic. There is another type of DDoS attack known as Application layer DDoS attack in which the application layer of the OSI model is targeted by the attacker.