Question

- Discuss in details (2-3 pages) using your own words about Cloud Security Concerns, Risk Issues, and Legal Aspects (use at least 3 books as a references ) .

Answer 1

• About Cloud Security Concerns, Risk Issues, and Legal Aspects
• Before going discuss these topics, first let us know about the cloud
• what is cloud?
• The term is generally used to describe data centers available to many users over the internet.
• Ex:-Google cloud platform, Amazon web services, Microsoft Azure are the examples of cloud software
• Now, let us look into the topics cloud security concerns, Risk issues, and legal aspects

• Cloud security concerns:-
• As we know according to cloud security Alliance(CSA), almost of all the world's business now operate on the cloud
• still, the cloud has its share of security issues
• But , the cloud security spotlight report saying that so many organizations are very or moderately concerned about public cloud security, these concerns run the gamut from vulnerability to hijacked accounts to malicious insiders to full-scale data breaches.
• It is not a problem for just small, also for Big organizations but still they are hesitant to make the move without a clear plan for security in place.
• The top most cloud security concerns are :-

1. Data Breaches
2. Hijacking of Accounts
3. Malware Injection
4. Insecure APIs

• Data Breaches :-
• In the area of cloud , this is a common problem over years.
• A Data Breach is a security incident in which Information is accessed without authorization.
• Data Breaches can hurt business and consumers in a variety of ways.
• The Data Breaches commonly occurred due to for an account having a weak passwords, as the cloud having less security.
• The Hackers could done that to steal money, and to take confidential information

• Hijacking Accounts :-
• The growth and implementation of the cloud in many organizations has opened a whole new set of issues in account hijacking.
• Attackers now have the ability to use your (or your employees) login information to remotely access sensitive data stored on the cloud
• additionally, attackers can falsify and manipulate information through hijacked credentials.
• In other methods of hijacking include scripting bugs and reused passwords, which allow attackers to easily and often without detection steal credentials.
• I think in April 2010 Amazon faced a cross-site scripting bug that targeted customer credentials as well.
• phishing, keylogging, and buffer overflow all present similar threats.

• Malware Injection:-
• Malware injections are scripts or code embedded into cloud services that act as "valid instances" and run as SaaS to cloud servers.
• This means that malicious code can be injected into cloud services and viewed as part of the software or service that is running withing the cloud servers themselves.

• Insecure APIs :-
• API means Application programming Interfaces(API) give users the opportunity to customize their cloud experience.
• However, APIs can be a threat to cloud security because of their very nature.
• Not only do they give companies the ability to customize features of their cloud services to fit business needs, but they also authenticate, provide access, and effect encryption.
• The vulnerability of an API lies in the communication that takes place between applications.
• While this can help programmers and business, they also leave exploitable security risks.

• RISK ISSUES :-
• As the world wide cloud computing increasing day by day , as their use increasing with them the risk issues are also been increasing.
• As it is having more benefits in the world wide web , it is also facing so many risk issues.
• Some of them are,

1. Loss or theft of intellectual property :-

• Companies increasingly store sensitive data in the cloud . An analysis by Skyhigh found that 21% of files uploaded to cloud-based file sharing services contain sensitive data including intellectual property.
• when a cloud service is breached, cyber criminals can gain access to this sensitive data.

• 2. Compliance violations and regulatory actions :-
• These days, most companies operate under some sort of regulatory control of their information, whether it's HIPAA for private health information, FERPA for confidential student records, or one for many other government and industry regulations.
• Under these mandates, companies must know where their data is, who is able to access it, and how it is being protected.

• 3.Loss of control over end user actions :-
• when companies are in the dark about workers using cloud services, those employees can be doing just about anything and no one would know until it's too late.
• For instance, a salesperson who is about to resign from the company cloud download a report of all customer contacts, upload the data to a personal cloud storage service, and then access information once she is employed by a competitor.
• The preceding example is actually one of the more common insider threats today.

• 4.Increased customer churn :-
• If customers even suspect that their data is not fully protected by enterprise-grade security controls, they may take their business elsewhere to a company they can trust.
• A growing chorus of critics are instructing consumers to avoid cloud companies who do not protect customer privacy.

• LEGAL ASPECTS :-
• Legal aspects are indispensable part of successful business environment in any country.
• They reflect the policy framework and the mind set of the Governmental structure of that country.
• The legal aspects of cloud security is as follows.
• Enterprise computing is migrating to the cloud quickly :-
• A central feature of this transformational change is the epic migration now well underway in enterprise(large organization) computing from 'on premise'-traditional IT infrastructure at the user -to 'in-cloud'-open access to the public cloud, the more dedicated resources of the private cloud and their hybrid cloud combination.

• Increasing data volumes are fuelling cloud growth :-
• The cloud, as an extension of Moore's law, demonstrates the marvel of compound growth, and cloud data center economics are truly mind bogging
• driven by the internet of things(IoT), data volumes created are growing by 30% to 40% annually, so will increase by 4X to 5X over the next 5 years.
• data created is currently two orders of magnitude (100X) higher than data stored, so data stored in the cloud's data center 'core' has come catching up to do, and in 5 years time will be 5X to 10X higher than today.
• At the same time, cloud power consumption rises everything inside the data center gets smaller and faster:technology advances in cloud storage for example mean that storage device space -'tin on the floor' - will reduce to a small fraction of what it is today even as data volumes stored rise exponentially

• Cloud service providers(CSPs) are growing rapidly :-
• Networking company Cisco systems in its current global cloud index forecasts that by 2022 there will be over 600 of 'hyperscale' data centers globally, operated by 24 CSPs and by then accounting for over 85% of the public cloud's installed server base and workloads.
• The development of the cloud is particularly visible at the moment in the cloud revenue growth of the three largest CSPs, with amazon web services(AWS) increasing by 50% annually and Microsoft and Google each by around 100%: by 2020, cloud revenues at AWS, Microsoft and Google and forecast to reach $44bn, $19bn and $17bn respectively.

• This is about the Cloud Security concerns, Risk Issues and Legal aspects

        Thank You...!