UNIT 5 –CLOUD COMPUTING

-
Application and case studies:
What is an application in cloud computing?
More specifically, a cloud application is software that runs its processing logic and data
storage between 2 different systems: client-side and server-side. Some processing takes
place on an end user's local hardware, such as a desktop or mobile device, and some takes place
on a remote server

Best practices in Architecting Cloud Application in the AWS

Which of the following is an architectural best practices recommended by AWS?
Design Principles implement a strong identity foundation. Enable traceability. Apply
security at all layers. Automate security best practices.

1|Page
2|Page
3|Page
4|Page
Data Security in the cloud:
What is Cloud Data Security?
Cloud data security refers to the technologies, policies, services and security controls that
protect any type of data in the cloud from loss, leakage or misuse through breaches, exfiltration
and unauthorized access. A robust cloud data security strategy should include:
Ensuring the security and privacy of data across networks as well as within applications,
containers, workloads and other cloud environments
Controlling data access for all users, devices and software
Providing complete visibility into all data on the network
The cloud data protection and security strategy must also protect data of all types. This
includes:
Data in use: Securing data being used by an application or endpoint through user authentication
and access control
Data in motion: Ensuring the safe transmission of sensitive, confidential or proprietary data
while it moves across the network through encryption and/or other email and messaging
security measures
Data at rest: Protecting data that is being stored on any network location, including the cloud,
through access restrictions and user authentication
How does data security work in cloud computing?
data security is the combination of technology solutions, policies, and procedures that the
enterprise implements to protect cloud-based applications and systems, along with the
associated data and user access.

5|Page
There are three core elements to data security that all organizations should adhere
to: Confidentiality, Integrity, and Availability.

Why is data security important in cloud computing?

You need a secure way to immediately access your data. Cloud security ensures your data and
applications are readily available to authorized users. You'll always have a reliable method to
access your cloud applications and information, helping you quickly take action on any
potential security issues.

Types of data security

Encryption
Using an algorithm to transform normal text characters into an unreadable format, encryption
keys scramble data so that only authorized users can read it. File and database encryption
solutions serve as a final line of defense for sensitive volumes by obscuring their contents
through encryption or tokenization. Most solutions also include security key management
capabilities.

Data Erasure
More secure than standard data wiping, data erasure uses software to completely overwrite
data on any storage device. It verifies that the data is unrecoverable.

Data Masking
By masking data, organizations can allow teams to develop applications or train people using
real data. It masks personally identifiable information (PII) where necessary so that
development can occur in environments that are compliant.

Data Resiliency
Resiliency is determined by how well an organization endures or recovers from any type of
failure – from hardware problems to power shortages and other events that affect data
availability (PDF, 256 KB). Speed of recovery is critical to minimize impact.

What are the legal issues involved in cloud computing?

Legal issues that can arise “in the cloud” include liability for copyright infringement, data
breaches, security violations, privacy and HIPAA violations, data loss, data management,
electronic discovery (“e-discovery”), hacking, cybersecurity, and many other complex issues
that can lead to complex litigation and ...

What are the legal issues in cloud computing?

Besides this cloud computing creates new cloud-based services for generating employment.
Well, several legal issues are associated with cloud computing like privacy, data security,
contact issues, and the issues related to the location of data.

6|Page
LEGAL ISSUES IN CLOUD COMPUTING
Introduction:
cloud computing is here to stay, all thanks to its several benefits. When connected to the right
cloud infrastructure, you can save costs and enjoy broad network access and rapid elasticity.

While it is easy to be clouded by the benefits of cloud computing, you must also consider some
legal issues. Doing so would ensure that you make an informed decision, especially in your
choice of Cloud Service Provider (CSP). Plus, you can adequately protect yourself from the
adverse effects of these legal issues in cloud computing. Today, I’ll be discussing some of the
issues you need to look out for.
List of legal issues in cloud computing:
i) Data Protection
Data protection is one of the most critical legal issues you must consider when using the cloud
for your operations. It is especially important if your business includes handling the personal
data of individuals in any form. There are data protection regulations with strict provisions on
how you handle the personal data of individuals.
Under most of these regulations, including the General Data Protection Regulation, which deals
with handling data of EU citizens, you can’t just export citizens’ personal data to the cloud
without obtaining the necessary consent. You must also comply with the data protection
standards as stipulated by these regulations. Failure to do so would attract strict sanctions.

7|Page
You need to understand what the law says about data protection in your jurisdictions.
ii) Data Privacy and Security
Another essential legal issue in cloud computing that you should pay attention to is data privacy
and security. If a third party receives unauthorized access to private information about your
clients, it can damageyour company’s reputation. Your business risks losing sensitive and
corporate confidential information in the case of a security breach. You may also have to
compensate your customer for violating their data privacy, which would cost your business a
lot.

Make sure you engage a CSP that would offer you the highest privacy and security standard
possible. You should also ensure that there are necessary firewalls to prevent a security breach.

iii) Data Ownership (Intellectual Property Rights)

It is safe to assume that you own all the rights to data sent to the cloud by your company.
However, it is advisable that your Service Level Agreement (SLA) with the CSP expressly
indicates that your company has full rights to the data stored in the cloud and can retrieve it
whenever you want. It is also essential to have these provisions in place, especially concerning
data generated inside the cloud. The CSP may want to claim newly generated data because it
was generated in the cloud through a data analytics solution.

Let the SLA provide that data generated in and out of the cloud by your company belongs to
your company.

iv) Jurisdiction Issues

The issue of differences in laws applicable across different jurisdictions is one of the legal
issues in cloud computing. For instance, the government can require CSPs to disclose client
data in some jurisdictions. However, in some other jurisdictions, there is express protection for
data stored in the cloud, and in those jurisdictions, governments cannot access it without
following due process.

You may want your SLA to contain express provisions that the CSP can only hold your data
in specific jurisdictions.

Conclusion
While these legal issues are not exhaustive, they are some of the most important ones you need
to consider when you decide to use the cloud for your business operations. As much as you
want to use the cloud for its several benefits, don’t ignore the legal issues I’ve highlighted.
Keep your business adequately protected at all times.

8|Page