Security Threats On Cloud

Computing

Presented by : Monu yadav

Shalini singh
 Abstract
 Cloud computing is growing in popularity as more enterprise applications and data are
migrated to cloud platforms.
 software platform; identity management and access control; data integrity; confidentiality
and privacy; physical and process safety aspects. Regulatory compliance in the cloud.
 We present our findings from the perspective of cloud service providers, cloud customers,
and third parties such as governments.
 It also covers key research directions for cloud security in areas such as Trusted
Computing, Information Centric Security, and Privacy Preserving Models.
 Introduction

 Cloud computing is fast becoming a popular option for renting of computing and storage and
it provides many services like Iaas,Paas,Saas.
 The cloud infrastructure has been further sub-divided into Public cloud – where the
infrastructure resides totally outside of the enterprises firewall Hybrid cloud – where the
infrastructure and business processes reside partly within the enterprise and partly consumed
from third party and Private cloud – where IT services are mounted on top of large-scale
combination and virtualized infrastructure within enterprise firewall and
 Technology consulting firm Gartner has estimated market size of $59 billion for Public and
Hybrid cloud and has predicted it to grow to $149 billion by 2014 with a compounded annual
growth rate of 20%.
The primary concerns for cloud security are around cloud
infrastructure, software platform and user data; as well as
access control and identity management.
 Cloud security concerns and threats
We classify common security concerns surrounding cloud computing such as:
 Third party handeling data:-
 Accessing and managing the data
 No gurantee 100% about data security
 Cyber attacks
 There are many different type of attacks on your data and it is very challenging issues
 Insider threats:-
 Privacy of data
 Which means the third party can also steal your data, it is called insider threats
 Government intrusion
 It means your data can also access by government or any organizations
 Lack of standardization
 There are different types of cloud suppliers may not follow same standards
We classify common security issues surrounding cloud computing into four main categories.

 Cloud Infrastructure
Platforms and Hosted Code. This includes concerns about potential vulnerabilities in the areas of virtualization,
storage and networking.
 Data
This category includes data integrity, data lockout, data retention, data provenance and confidentiality, and
specific user privacy concerns.
 Access
This includes issues related to cloud access (authentication, authorization, and access control or AAA),
encrypted data communications, and user identity management.
 Compliance
Due to its scale and disruptive impact, the cloud has attracted regulatory attention, especially in relation to
security reviews and data storage.
 Concern C1:-Are your cloud service providers' physical and software infrastructures secure?
A recent Novell survey found that 87% of enterprise respondents see the hybrid cloud as the future data center
evolution, with 92% % say their internal IT will eventually move to the public cloud.
 Concern C2: What happens to my data?
In today's competitive economy, data is the most important asset owned by businesses and individuals. Cloud
computing is primarily about data integrity, confidentiality and privacy, and provenance.
 Concern C3: Are the users accessing cloud services truly theirs, and can all real users seamlessly and
securely access cloud services?
Another fundamental security concern in the cloud is user authentication, authorization, and access control
(AAA).
 Concern C4: Is your cloud provider compliant?
There are many forms of compliance in cloud computing. Industry compliance initiatives such as accounting
(SarbanesOxley, Basel), health information privacy (HIPAA), and credit card information security (PCI) are
important to many industries.
 ADVANCED SECURITY ISSUES IN CLOUD COMPUTING
 

 Abstraction: The cloud provides an abstract set of service endpoints. The user cannot
determine which physical machines .Therefore, in the event of a security breach, it
becomes difficult for users to isolate specific physical resources that are compromised or
compromised.
 Lack of execution control: External cloud users do not have precise control over their
remote execution environment. Therefore, critical points such as memory management, I/O
calls, access to external shared utilities, and data are out of the user's reach.
 Data management by third parties: In the cloud, ownership of storage infrastructure and
data is also in the hands of the provider.
 Multi-party processing: In a multi-cloud scenario, one can use some of the data provided
by the other.
Threats
 We classify common threats surrounding cloud computing:
• Deniel-of-service:- In this threats attacker tries to bring server down or crash.
• Man in middle :- An attack in which an attacker is positioned between two
communicating parties in order to intercept and/or alter data traveling between them.
• Network sniffing:- Network sniffing is a process of monitoring and capturing all data
packets or sensitive message passing through given network.
• Port scanning :-Port scanning is a method attackers use to scope out their target
environment by sending packets to specific ports on a host and using the responses to find
vulnerabilities and understand which services, and service versions, are running on a host.
• Sql injection:-Structured query language injection is a cyberattack that injects malicious
SQL code into an application, allowing the attacker to view or modify a database. 
• Xss (cross-site-scripting attack):-Cross site scripting (XSS) is an attack in which an
attacker injects malicious executable scripts into the code of a trusted application or
website.
Impact of cloud computing on security

 Cloud services with insecure APIs threaten the confidentiality and integrity of information
and risk the exposure of your data and systems. Typically, there are three types of attacks
that hackers will use to try to compromise APIs: brute force attacks, denial-of-service
attacks and man-in-the-middle attacks.
 The purpose of a Security Impact Analysis is to determine if the change has created any
new vulnerabilities in the system. The change should be analyzed for security weaknesses
using whatever tool is appropriate for that particular change.
 Why is Information Security so important? Weak data security can lead to key information
being lost or stolen, create a poor experience for customers and reputational harm. 
 Future work
 Quantum Computing
Quantum computing is changing the business world in unprecedented ways. Companies like
Google promote innovation by leveraging quantum physics principles to develop next-
generation end-user products. Supercomputers are the best example of how quantum computing
works when used correctly. Companies such as IBM, Microsoft, Google, and AWS compete by
adapting to the emerging quantum technologies.
 Secure Access Service Edge (SASE)
As employees access more services and data from devices outside of corporate IT networks,
businesses are reevaluating their security and risk management strategies. Gartner coined the
term Secure Access Service Edge to refer to a cloud-based IT security approach that addresses
the changeability of work processes.
 Green Cloud
The extensive infrastructure, electricity, and cooling required for cloud computing significantly
increase a business's environmental impact. The US Department of Energy found that data
centers consume 2% of the total electricity used in the United States. The average data center
uses between 10 and 50 times more energy per floor than a typical commercial office building.
 Conclusion
Cloud computing is rapidly gaining importance as a platform for outsourcing and remote processing of
applications and data. Security Concern especially regarding Platforms, Data and Access. It can be a hurdle
for public and hybrid cloud adoption. This white paper has attempted to categorize the major concerns and
discuss the technical implications and research issues involved, including advanced security issues unique
to the cloud. We also discussed security compliance issues in the cloud. In addition, we have presented
some high-level steps towards a safety assessment framework. We made some observations about the
current state of cloud security. First, security standards activities are fragmented under the auspices of a
number of standards bodies and industry forums such as the CSA, OGF, W3C, and SNIA. The proliferation
of open, community-based identity management solutions also complicates managing and integrating
cloud identities. Second, rapidly provisioning users in the cloud and mapping user roles between the
enterprise and the cloud is somewhat complicated. Third, data anonymization and privacy protection
technologies will become increasingly important, requiring more mainstream research in this area. Fourth,
moving common in-house software code to the public cloud requires a thorough understanding of the
potential security risks
Thank you