- Discuss in details (2-3 pages) using your own
words about Cloud Security Concerns, Risk Issues,...
- Discuss in details (2-3 pages) using your own
words about Cloud Security Concerns, Risk Issues, and
Legal Aspects (use at least 3 books as a references
) .
Solutions
Expert Solution
About Cloud Security Concerns, Risk Issues, and Legal
Aspects
Before going discuss these topics, first let us know
about the cloud
what is cloud?
The term is generally used to describe data centers
available to many users over the internet.
Ex:-Google cloud platform, Amazon web services,
Microsoft Azure are the examples of cloud software
Now, let us look into the topics cloud security
concerns, Risk issues, and legal aspects
Cloud security concerns:-
As we know according to cloud security Alliance(CSA),
almost of all the world's business now operate on the
cloud
still, the cloud has its share of security
issues
But , the cloud security spotlight report saying that
so many organizations are very or moderately concerned about public
cloud security, these concerns run the gamut from vulnerability to
hijacked accounts to malicious insiders to full-scale data
breaches.
It is not a problem for just small, also for Big
organizations but still they are hesitant to make the move without
a clear plan for security in place.
The top most cloud security concerns are
:-
Data Breaches
Hijacking of Accounts
Malware Injection
Insecure APIs
Data Breaches
:-
In the area of cloud , this is a common problem over
years.
A Data Breach is a security incident in which
Information is accessed without authorization.
Data Breaches can hurt business and consumers in a
variety of ways.
The Data Breaches commonly occurred due to for an
account having a weak passwords, as the cloud having less
security.
The Hackers could done that to steal money, and to take
confidential information
Hijacking
Accounts :-
The growth and implementation of the cloud in many
organizations has opened a whole new set of issues in account
hijacking.
Attackers now have the ability to use your (or your
employees) login information to remotely access sensitive data
stored on the cloud
additionally, attackers can falsify and manipulate
information through hijacked credentials.
In other methods of hijacking include scripting bugs
and reused passwords, which allow attackers to easily and often
without detection steal credentials.
I think in April 2010 Amazon faced a cross-site
scripting bug that targeted customer credentials as
well.
phishing, keylogging, and buffer overflow all present
similar threats.
Malware
Injection:-
Malware injections are scripts or code embedded into
cloud services that act as "valid instances" and run as SaaS to
cloud servers.
This means that malicious code can be injected into
cloud services and viewed as part of the software or service that
is running withing the cloud servers themselves.
Insecure APIs
:-
API means Application programming Interfaces(API) give
users the opportunity to customize their cloud
experience.
However, APIs can be a threat to cloud security because
of their very nature.
Not only do they give companies the ability to
customize features of their cloud services to fit business needs,
but they also authenticate, provide access, and effect
encryption.
The vulnerability of an API lies in the communication
that takes place between applications.
While this can help programmers and business, they also
leave exploitable security risks.
RISK ISSUES :-
As the world wide cloud computing increasing day by day
, as their use increasing with them the risk issues are also been
increasing.
As it is having more benefits in the world wide web ,
it is also facing so many risk issues.
Some of them are,
Loss or theft
of intellectual property :-
Companies increasingly store sensitive data in the
cloud . An analysis by Skyhigh found that 21% of files uploaded to
cloud-based file sharing services contain sensitive data including
intellectual property.
when a cloud service is breached, cyber criminals can
gain access to this sensitive data.
2.
Compliance violations and regulatory actions
:-
These days, most companies operate under some sort of
regulatory control of their information, whether it's HIPAA for
private health information, FERPA for confidential student records,
or one for many other government and industry
regulations.
Under these mandates, companies must know where their
data is, who is able to access it, and how it is being
protected.
3.Loss of
control over end user actions :-
when companies are in the dark about workers using
cloud services, those employees can be doing just about anything
and no one would know until it's too late.
For instance, a salesperson who is about to resign from
the company cloud download a report of all customer contacts,
upload the data to a personal cloud storage service, and then
access information once she is employed by a
competitor.
The preceding example is actually one of the more
common insider threats today.
4.Increased
customer churn :-
If customers even suspect that their data is not fully
protected by enterprise-grade security controls, they may take
their business elsewhere to a company they can trust.
A growing chorus of critics are instructing consumers
to avoid cloud companies who do not protect customer
privacy.
LEGAL ASPECTS :-
Legal aspects are indispensable part of successful
business environment in any country.
They reflect the policy framework and the mind set of
the Governmental structure of that country.
The legal aspects of cloud security is
as follows.
Enterprise
computing is migrating to the cloud quickly :-
A central feature of this transformational change is
the epic migration now well underway in enterprise(large
organization)computing from 'on
premise'-traditional IT infrastructure at the user -to
'in-cloud'-open access to the public cloud, the more dedicated
resources of the private cloud and their hybrid cloud
combination.
Increasing
data volumes are fuelling cloud growth :-
The cloud, as an extension of Moore's law, demonstrates
the marvel of compound growth, and cloud data center economics are
truly mind bogging
driven by the internet of things(IoT), data volumes
created are growing by 30% to 40% annually, so will increase by 4X
to 5X over the next 5 years.
data created is currently two orders of magnitude
(100X) higher than data stored, so data stored in the cloud's data
center 'core' has come catching up to do, and in 5 years time will
be 5X to 10X higher than today.
At the same time, cloud power consumption rises
everything inside the data center gets smaller and
faster:technology advances in cloud storage for example mean that
storage device space -'tin on the floor' - will reduce to a small
fraction of what it is today even as data volumes stored rise
exponentially
Cloud service
providers(CSPs) are growing rapidly :-
Networking companyCisco systems in
its current global cloud index forecasts that by 2022 there will be
over 600 of 'hyperscale' data centers globally, operated by 24 CSPs
and by then accounting for over 85% of the public cloud's installed
server base and workloads.
The development of the cloud is particularly visible at
the moment in the cloud revenue growth of the three largest CSPs,
with amazon web services(AWS) increasing by 50% annually and
Microsoft and Google each by around 100%: by 2020, cloud revenues
at AWS, Microsoft and Google and forecast to reach $44bn, $19bn and
$17bnrespectively.
This is about the Cloud Security concerns, Risk Issues
and Legal aspects
- Read the below chapter and discuss in details (2-3 pages)
using your own words about Cloud
Security Concerns, Risk Issues, and Legal Aspects (use the
below reference )
NOTE: please make sure that the answer is
typing on the computer with font size 11pt
Explain briefly the below products of cloud platform using
your own words.
Security, Identity and Compliance
Internet of things
Machine learning
Mobile services
Developer tools
Cloud storage
Networking
Blockchain
Databases
Private Cloud
In your own words, discuss the cloud operating system in detail.
Also, research Cloud Computing and explore five major challenges
and five major advantages of Cloud Computing.
Discuss in details, and in your own words, the steps of protein
synthesis. This is a 20 point assignment so answers like "step 1 is
transcription and step 2 is translation" are NOT acceptable. Make
sure you go into details of each step and use your own words.
Discuss in details, and in your own words, the steps of protein
synthesis. This is a 20 point assignment so answers like "step 1 is
transcription and step 2 is translation" are NOT acceptable. Make
sure you go into details of each step and use your own words.
In 1-2 pages, describe in your own words, Risk Mitigation
Techniques for the OWASP Top Ten Vulnerabilities. Make sure to
cover the following for each vulnerability:
Vulnerability Name
Prevention Technique
Prevention Tool(s)
- In details write a report using your own
words and mention some references (at least 3
books) about Cloud Security Concerns, Risk Issues, and
Legal Aspects. (2-3 pages)