Cloud Computing Definition
Cloud computing is an IT model, composed of hardware, software, networking, services and processes that together enable us to develop and deliver cloud
services through the Internet or a private network.
What is Cloud Service?
Services that are provided by a cloud and delivered over the Internet or a private network.
There are three types of cloud services available:
1. Infrastructure-as-a-service (IaaS):
This service provides infrastructure related components like virtual machines & other hardware and operating systems.
Examples of IaaS service providers are; Amazon Elastic Compute Cloud, Go Grid, Sun Grid.
2. Platform-as-a-service (PaaS):
It offers services like development tools, configuration management, and deployment platforms, allowing customers to develop, run, and manage applications without the complexity of building and maintaining the complete infrastructure.
Examples of PaaS service providers are; Microsoft Azure, Google app engine.
3. Software-as-a-service (SaaS):
It allows users to use cloud-based apps over the Internet like email, Microsoft office 365.
Example of SaaS service provider is; Salesforce Customer Relationship Management.
What is cloud deployment model?
A cloud deployment model is a cloud environment, distinguished by ownership, size, and access.
Mainly there are four types of cloud deployment models:
1. Public Cloud:
Services accessible over a network for public use.
2. Private Cloud:
Whole cloud infrastructure for a single company.
3. Hybrid Cloud:
Combination of more than one clouds offering benefits of multiple deployment models.
4. Community Cloud:
Shared infrastructure between various companies with common concerns like compliance or security.
What are the Cyber-Security concerns for cloud computing?
• Improper infrastructure design
• Data leakage
• Insecure APIs
• Insufficient logging and monitoring
• Malicious insider user
• Privilege escalation
• Natural disasters
• Hardware failure
• Weak authentication mechanism
• Weak encryption or cryptanalysis attack
• Theft of computer equipment
• No backup or weak backup configuration
• DOS attack
• Cross-site scripting attack
• Service hijacking attack
• Domain name system attack
• SQL injection attack
• Network sniffing attack
Cloud Security Testing – How to make secure cloud computing?
What is cloud penetration testing?
It is a method of evaluating the security controls implemented in the cloud system by performing real-life attacks.
Cloud security is the responsibility for both service provider and client.
Both external and internal penetration testing for the cloud is necessary since there are threats from hacker and internal employees also.
For cloud penetration testing, the scope should be:
• Web applications
• Mobile applications
Best Cyber-Security practices for cloud
• The service provider must provide higher multi-tenancy. (Multi-tenancy means that a single instance of the software and the entire supporting infrastructure serves multiple customers). It secures cloud applications.
• Include “load balancing” to improve response time.
• Implement “Disaster Recovery Plan”.
• Encryption must be implemented.
• Enforce data protection, backup mechanism.
• Implement authentication, authorization and auditing processes properly.
• Review the cloud service provider’s security policies.
• Frequently update all the software, operating system, etc…
• Perform configuration audit for web servers, application servers and database servers.
• Wherever possible use two-factor authentication.
• Perform risk-assessment.
• Implement “incident detection” and “reporting” process.
• Do an audit, who is responsible for data security in the cloud.
• Create awareness about cloud security responsibilities.