Duyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
Law of Torts
Can-Tho University
38 pag.
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
ASSIGNMENT 2 FRONT SHEET
Qualification
BTEC Level 5 HND Diploma in Computing
Unit number and title
Unit 16: Cloud Computing
Submission date
4/9/2020
Date Received 1st submission
Re-submission Date
4/9/2020
Date Received 2nd submission
Student Name
Trinh Le Tuong Duy
Student ID
GCC18119
Class
GCC0701
Assessor name
Thai Minh Tuan
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand
that making a false declaration is a form of malpractice.
Student’s signature
Tuong Duy
Grading grid
P5
P6
P7
P8
M3
M4
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
D2
D3
❒ Summative Feedback:
Grade:
❒ Resubmission Feedback:
Assessor Signature:
Signature & Date:
ASSIGNMENT 2 BRIEF
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
Date:
Qualification
BTEC Level 5 HND Diploma in Computing
Unit number
Unit 9: Cloud Computing
Assignment title
Cloud’s implementation and security threats
Academic Year
2019 – 2020
Unit Tutor
Issue date
Submission date
IV name and date
Submission Format:
Format:
A presentation in Power Point format(about 25 pages)
A security manual(in PDF format)
You must use font Calibri size 12, set number of the pages and use multiple line spacing at
1.3. Margins must be: left: 1.25 cm; right: 1 cm; top: 1 cm and bottom: 1 cm. The reference
follows Harvard referencing system.
Submission Students are compulsory to submit the assignment in due date and in a way requested by
the Tutors. The form of submission will be a soft copy posted on
http://cms.greenwich.edu.vn/
Note:
The Assignment must be your own work, and not copied by or from another student or from
books etc. If you use ideas, quotes or data (such as diagrams) from books, journals or other sources, you
must reference your sources, using the Harvard style. Make sure that you know how to reference
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
properly, and that understand the guidelines on plagiarism. If you do not, you definitely get failed
Unit Learning Outcomes:
LO3 Develop Cloud Computing solutions using service provider’s frameworks and open source tools.
LO4 Analyse the technical challenges for cloud applications and assess their risks
Assignment Brief and Guidance:
Task 1
Base on the scenario and architecture design in the first assignment provide the implementation.
Because of the time constraint of the assignment, the implementation just provides some demo
functions of the scenario. The implementation includes two parts:


A presentation (about 25 pages)
o which shows which functions are implemented
o How to config, deploy and test the services (Web application, Database Server, Source
code management, server logs..) using service provider’s frameworks and open source
tools.
o Images for the built functions
The source code for the built application
Task 2
The table of contents in your security manual (which should be 500–700 words) should be as follows:
1.
2.
3.
4.
Analysis of the most common problems of a cloud computing platform.
Possible solutions to these problems.
Analysis of the most common security issues in the cloud environment.
Discussion on how to overcome these issues.
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
5. Summary.
Learning Outcomes and Assessment Criteria
Pass
Merit
Distinction
LO3 Develop Cloud Computing solutions using service provider’s frameworks
and open source tools
P5 Implement a cloud platform using
open source tools.
M3 Discuss the issues and
constraints one can face during the
development process.
D2 Critically discuss how one can
overcome these issues and
constraints.
P6 PConfigure a Cloud Computing
platform with a cloud service
provider’s framework.
LO4 Analyse the technical challenges for cloud applications and assess their
risks
P7 Analyse the most common
problems which arise in a Cloud
Computing platform and discuss
appropriate solutions to these
problems.
P8 Assess the most common security
issues in cloud environments.
M4 Discuss how to overcome these
security issues when building a
secure cloud platform.
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
D3 Critically discuss how an
organisation should protect their
data when they migrate to a cloud
solution.
Contents
LO3 Develop Cloud Computing solutions using service provider’s frameworks and open source tools ................................................................... 6
P5 Implement a cloud platform using open source tools. ................................................................................................................................... 6
P6 PConfigure a Cloud Computing platform with a cloud service provider’s framework. ...................................................................................22
LO4 Analyse the technical challenges for cloud applications and assess their risks ................................................................................................27
P7 Analyse the most common problems which arise in a Cloud Computing platform and discuss appropriate solutions to these problems. .....27
P8 Assess the most common security issues in cloud environments. .................................................................................................................34
References: ..........................................................................................................................................................................................................38
LO3 Develop Cloud Computing solutions using service provider’s frameworks and open source tools
P5 Implement a cloud platform using open source tools.
Introduction:
The design of this website complies with the requirements set by the webisite ordering party: The Home Page is to be generated using Sections
with an appropriate logo / name shop can be attached to the header section that will display pictures of various toys, the platform has to have
the connections to navigate through various styles of toys, specification and price of shoes, along with the pictures, customer should register a
store member and then login to the store homepage / can see contact for shop, It is easy for customers to see the latest news about new toys as
well as upcoming products, create contact pages for customers to easily know toys information, map of the store address, operating time, phone
number, email and social networking sites, the bottom half of the home page features updates, bestselling products, most viewed products and
the latest products. At the same time, there are logos of famous toys Marvel, requests on each page linked to the home page, all displayed on
top of the logo information, shop name, tabs, search, phone number and email. And the bottom of the page display the customer support and
protection policies, contact information and email subscriptions to receive the latest news about the shop.
UseCase Diagram:
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
Database:
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
Sitemap:
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
Interface Management:
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
The Store Branch management interface when logged in with an administrator account
Users can add more store branch and when clicking "Add new" will have 1 more category on the management category page and if clicking
"Ignition" the system will bring users back to the homepage.
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
Add successfully when you have filled all the information in the right place, you will fill in again and the information is added directly into the
Database
Users can updating 1 store branch and when clicking "Update" will change 1 store branch on the management category page and if clicking
"Ignition" the system will bring users back to the homepage.
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
Update Successfully when you have filled all the information in the right place, you will fill in again
When an administrator delete a category, the system will send a notification back to the administrator to consider deleting it if it is an incorrect
click.
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
The product management interface when logged in with an administrator account
Users can updating 1 product and when clicking "Update" will change 1 product on the management product page and if clicking "Ignition" the
system will bring users back to the homepage.
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
Update Successfully when you have filled all the information in the right place, you will fill in again
When an administrator deletes a product, the system will send a notification back to the administrator to consider deleting it if it is an incorrect
click.
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
Once the administrator has confirmed that, the system will proceed to delete that category and in case the administrator disagrees with
deletion, it will return to the management page.
The staff management interface when logged in with an administrator account
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
Users can add more staffs and when clicking "Add new" will have 1 more category on the management staff page and if clicking "Ignition" the
system will bring users back to the homepage.
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
Add successfully when you have filled all the information in the right place, you will fill in again and the information is added directly into the
database
Users can updating 1 category and when clicking "Update" will change 1 category on the management category page and if clicking "Ignition" the
system will bring users back to the homepage.
Update Successfully when you have filled all the information in the right place, you will fill in again.
When an administrator deletes a category, the system will send a notification back to the administrator to consider deleting it if it is an incorrect
click.
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
Once the administrator has confirmed that, the system will proceed to delete that category and in case the administrator disagrees with
deletion, it will return to the management page.
Contact interface:
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
At the request of the customer needs a contact page so customers can easily contact and the shop can quickly support customers. On the
contact page include: map, about sneaker, opentimes, email, address and social network.
Interface Home:
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
P6 PConfigure a Cloud Computing platform with a cloud service provider’s framework.
ATN’Platform Proccess
Step 1 : Sign up account Heroku
Step 2: GitHub connection at VS Code
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
Step 3 : Open CMD
Step 4: Loggin Heroku
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
Step 5 : Heroku Create tltduycloud
Step 6 : Git in and Git add
Step 7 : Git commit -m “My first commit”
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
Step 8 : Create “Procfile” with this line this line -> web: vendor/bin/heroku-php-apache2
Step 9 : Git push heroku master
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
Step 10 : Open Shell at Xammp
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
Step 11 : CMD of Shell to Update Database
Linkwedsite on Heroku : https://tltduycloud.herokuapp.com/
LO4 Analyse the technical challenges for cloud applications and assess their risks
P7 Analyse the most common problems which arise in a Cloud Computing platform and discuss appropriate solutions to these problems.
Introduction:
It's important to protect the data from your company. Automated backup cloud storage is scalable, versatile, and offers peace of mind. The
enterprise-grade backup and recovery solution from Cobalt Iron is known at a lower cost for its hands-free automation and reliability. Just
functioning cloud backup.
In the Cloud State of the RightScale 2018 Study, 96 per cent of IT professionals surveyed said their businesses were using cloud computing
services, and 92 per cent used the public cloud. Organizations run about 40 percent of their cloud workloads on average, and that number is
rising.
The cloud business is booming with businesses pushing more software to the cloud. The public cloud market is expected to be worth $186.4
billion in 2018 , up 21.4 per cent over last year, according to Gartner. The demand for infrastructure as a service (IaaS) is increasing especially
rapidly. This segment alone will rise to a total of $40.8 billion 35.9 per cent this year.
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
However, various studies are showing that cloud computing issues still exist with organizations. Although IT leaders support the cloud because of
the advantages it provides, they continue to face very significant challenges in cloud computing, including:
1. Sercurity:
Businesses have worried about potential security risks since the advent of the public cloud and that hasn't changed. It was the number one
challenge cited by respondents in the RightScale survey, with 77 per cent claiming cloud protection is a challenge, including 29 per cent who
called it a major challenge.
Experts in cybersecurity are even more worried about cloud security than do other IT workers. A survey carried out by Crowd Research Partners
in 2018 showed that 90 percent of security professionals are worried about cloud protection. More precisely, they have concerns about data loss
and leakage (67%), data protection (61%), and privacy violations (53%).
Interestingly, however, security concerns seem to wane as time passes, particularly among companies that have been using the cloud longer.
The RightScale report noted, "The top challenge shifts as companies become more experienced with cloud. Security is the biggest issue among
cloud novices, while cost becomes a bigger challenge for intermediate and advanced users."
Vendors provide a variety of solutions to counter threats to cloud protection. Moreover, the survey carried out by Crowd Research Partners
found that companies rely on training and certification of their IT staff (57 percent) and the security tools offered by public cloud vendors (50
percent) to reduce their risk.
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
Figure 1 : RightScale 2018 State of the Cloud Report
2. Managing Cloud Spending:
Organizations make a lot of errors which can help push their costs upwards. Developers or other IT workers often spin a cloud instance that was
meant to be used for a short time, and forget to turn it off. And many organizations are stymied by the inscrutable cloud pricing schemes which
give numerous discount opportunities that organizations may not be using.
Multiple technology solutions can help businesses tackle the challenges of controlling cloud costs. For example, cloud cost management
solutions, automation, containers, serverless services, autoscaling features, and the many management tools cloud vendors provide can help
reduce the problem's reach. Some companies have successfully formed a central cloud team to control use and expenses.
3. Lack of Resources/Expertise:
Although many IT employees have taken steps to improve their expertise in cloud computing, employers continue to find it hard to find staff
with the skills they need. And the pattern appears to be continuing. The Robert Half Technology 2018 Salary Guide noted that "Technology staff
with knowledge of the latest innovations in cloud, open source, web, big data, security and other technologies will only become more important
to companies in the years ahead.
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
Many businesses are aiming to solve this obstacle by recruiting more employees with certifications or expertise in cloud computing. Experts also
suggest educating current staff to help them get up to speed with the technology.
4. Governance:
In this scenario, one of cloud computing's main advantages — the pace and ease of deploying new computing tools — can become a possible
downfall. Many companies lack visibility in the "shadow IT" their workers use, and governance in hybrid cloud and multi-domain environments
becomes especially challenging.
Experts claim that companies can mitigate some of these issues around cloud infrastructure management by adopting best practices, including
setting and implementing standards and policies. And several vendors provide tools for Cloud management to simplify and automate the
operation.
5. Compliance:
For several enterprise IT teams, the recent explosion of activities surrounding the EU General Data Protection Regulation ( GDPR) has brought
compliance back to the forefront.
It is important that one feature of the GDPR law could encourage enforcement in the future. Many organisations are required by law to
designate a data protection officer who manages data privacy and security. If these people are well versed in the enforcement requirements of
the organizations where they operate, centralizing enforcement duties can help businesses satisfy their legal or regulatory obligations.
6. Managing Multi-Cloud Environments:
It's not just one cloud that most organizations use. RightScale findings show that 81 percent of companies pursue a multi-cloud strategy, and 51
percent pursue a hybrid cloud strategy (both public and private clouds are integrated together). In fact, on average, 4.8 different public and
private clouds are used in companies.
Multi-cloud environments add to the IT-team 's complexity. Experts recommend best practices, such as doing research, training employees,
actively managing vendor relationships and rethinking processes and tooling, to overcome this challenge.
7. Migration:
Although it's a fairly simple process to launch a new application in the cloud, transferring an existing application to a cloud computing system is
much more challenging. A Velostrata-sponsored Dimensional Research study found that 62 per cent of those surveyed said their cloud migration
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
ventures were harder than anticipated. Moreover, 64 per cent of migration projects have taken longer than planned and 55 per cent have
exceeded their target.
More precisely, many of the companies transitioning applications to the cloud reported time-consuming trouble-shooting (47 percent), security
configuration difficulties (46 percent), sluggish data migration (44 percent), difficulty getting migration tools to function properly (40 percent),
difficulty synchronizing data before cutover (38 percent) and downtime during migration (37 percent).
To resolve these obstacles, the IT leaders surveyed said they needed further pre-migration testing (56%), set a longer project timetable (50%),
recruited an in-house specialist (45%) and boosted their budgets (42%).
8. Vendor Lock-In:
A few vendors currently dominate the public cloud market, namely Amazon Web Services, Microsoft Azure, the Google Cloud Platform and IBM
Cloud. This poses the specter of vendor lock-in for both analysts and company IT executives.
"Although it allows efficiencies and cost savings, companies need to be vigilant about IaaS providers potentially gaining unregulated consumer
and business leverage. In response to trends in multicloud adoption, enterprises are increasingly seeking a simplified way to transfer workloads,
applications and data through IaaS offerings from cloud providers without penalties."
Experts suggest that they consider how convenient it would be to transfer such workloads to another cloud before companies implement a
specific cloud service should future circumstances warrant.
9. Immature Technology:
Many cloud computing systems are at the cutting edge of technology such as artificial intelligence , machine learning, augmented reality , virtual
reality and sophisticated analysis of big data. The potential downside to using this modern and innovative technology is that the services do not
always live up to the efficiency, usability and reliability standards to enterprises.
And sadly, the only possible solutions for the issue are changing expectations, trying to create your own solution or waiting for the vendors to
boost their offerings.
10. Integration:
Finally, many organizations, particularly those with hybrid cloud environments, report challenges associated with working with their public cloud
and on-premise tools and apps.
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
Like the others listed in this post, this challenge is unlikely to vanish any time in the near future. It takes time, expertise and money to
incorporate existing systems and modern cloud based applications. Yet several companies discover that the advantages of cloud computing
outweigh the technology's possible downside.
Look for a continuation of the cloud adoption trend, despite the potential challenges of cloud computing.
11. Downtime:
Downtime is often cited as one of cloud computing's major drawbacks. Owing to the internet-based cloud storage systems, service outages are
often an unwelcome possibility and can occur for any cause.
Best practices for minimizing planned downtime in a cloud environment: Develop services which take into account high availability and recovery
from disasters. Leverage multi-availability zones inside your infrastructure supported by cloud vendors. If your services have poor fault
tolerance, suggest multi-regional deployments with automatic failover to ensure the best possible continuity of operation. Create and execute a
disaster recovery plan in accordance with your business priorities to have the lowest recovery time (RTO ) and recovery point targets (RPO)
possible. Consider introducing dedicated connections such as AWS Direct Link, Azure ExpressRoute or the Dedicated Interconnect or Partner
Interconnect from Google Cloud. These services provide a dedicated network link between you and the point of presence for cloud service. This
will minimize exposure from the public internet to the possibility of a business interruption. On your Service Level Agreement ( SLA), read the
fine print. Do you have guaranteed uptime of 99.9 per cent or even better? That 0.1 per cent downtime is about 45 minutes a month, or around
8 hours a year.
12. Security and privacy:
While the best security standards and industry certifications are enforced by cloud service providers, storing data and essential information on
external storage providers often opens up risks. Any discussion involving data must address security and privacy, particularly as regards the
management of sensitive data. We should not forget what happened at Code Space and the hacking of their AWS EC2 console which resulted in
data deletion and eventual company shutdown. Their dependency on remote cloud-based computing suggested the possibility of outsourcing
anything.
Obviously, every cloud service provider is required to maintain and safeguard a deployment 's underlying hardware infrastructure. Your duties
lie in the user access control domain, however, and it is up to you to weigh all the risk scenarios with care.
Although recent breaches of credit card data and user login credentials are still fresh to the public's mind, measures have been taken to ensure
data protection. One example of this is the General Data Protection Rule (GDPR), recently implemented in the European Union to allow
consumers more control over their data. However, you also need to be mindful of your duties and obey best practices.
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
Best practices for minimizing security and privacy risks: This is important: Understand your cloud provider's shared responsibility model. You are
still responsible for what happens within your network and in your product. Implement protection on all aspects of your deployment. Knowing
who should have access to any resource and service, and restricting access to the least privilege. If an employee goes rogue and accesses your
deployment, you 'd like their effect to be as minimal as possible. Aware that the capabilities of the staff are up to the challenge. The Top 10
Things Technology Practitioners Need to Know is a fantastic article for understanding how cloud protection and privacy issues can be mitigated.
Take a risk-based approach to cloud-based asset securing and add security to the computers. Implement multi-factor authentication for all
sensitive data or applications accessing accounts. It encrypts, encrypts, encrypts. Switch on encryption anywhere you can — easy wins are in
object storage, such as Amazon S3 or Azure Blob Storage, where consumer data also resides. The simple act of turning encryption on S3 could
have prevented the data breach of Capital One in July 2019 which exposed information about 100 million users.
13. Vulnerability to attack:
Each component is online in cloud computing which exposes potential vulnerabilities. Also the strongest teams still suffer serious attacks and
security breaches. Constructed as a public utility, cloud computing makes it easy to run before you learn to walk. After all, no one at a cloud
provider tests your administration skills before granting you an account: a legitimate credit card is usually all it takes to get started.
Best practices to help you reduce cloud attacks: Make security a central aspect of all IT operations: Keep ALL the employees up to date on best
practices in cloud protection. Ensure that the safety protocols and procedures are tested and reviewed periodically. Classify information
proactively, and apply regulation of access. To automate compliance controls use cloud services such as AWS Inspector, AWS CloudWatch, AWS
CloudTrail and AWS Config. Prevent exfiltration of information. Integrate techniques for prevention and reaction into defense operations.
Discover audits of rogue projects. Delete access to the password from accounts which do not need to log in to services. Check and rotate key and
credentials for the entry. To be aware of suspected threats, follow the security blogs and updates. Apply best practices in protection to any open
source software you are using. Using encryption once more whenever and wherever possible.
These activities can help track the organization for sensitive data disclosure and movement, defend vital networks from attack and misuse, and
authenticate infrastructure and data access to protect against further risks.
14. Limited control and flexibility:
Because the cloud infrastructure is wholly owned, managed, and controlled by the service provider, it transfers minimal control to the client.
Cloud users may find that they have less control over the operation and execution of services within a cloud-hosted infrastructure to varying
degrees (depending on the specific service). The end-user license agreement (EULA) for a cloud service and management policies could set
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
limitations on what customers can do with their deployments. Customers retain control over their applications , data, and services, but may not
have equal control over their backend infrastructure.
Best practices for maintaining control and flexibility: Consider using a partner cloud provider to help introduce, manage , and maintain cloud
services. Understand the obligations and the cloud vendor's obligations in the shared liability model to reduce the probability of omissions or
errors. Make time to consider the specific level of support the cloud service provider has. Can that level of service fulfill your support needs? For
an extra fee, most cloud services provide advanced support thirds over and beyond the standard service. Make sure you understand the SLA
regarding the facilities and services you will be using, and how this will affect your customer agreements.
15. Cost concerns:
Adopting cloud applications on a small scale that may be viewed as costly for short-term projects. However, in terms of The cost savings, the
most important advantage for cloud computing is. Cloud services that pay-as-you-go will offer more versatility and lower hardware costs, but
the overall price tag could end up being higher than you anticipated. It's a good idea to play with a range of offerings before you are sure of what
would work best for you. Cost calculators made available by companies such as Amazon Web Services and the Google Cloud Platform can also be
used.
Best practices to reduce costs: Try not to over-provide the services, but consider using auto-scaling services instead. Ensure that you have both
the DOWN and UP scale options. Prepaid and take advantage of reserved instances if you have a minimum defined need. Automate the start /
stop process to save money when your instances are not being used. Creates reminders to monitor spending in the cloud.
P8 Assess the most common security issues in cloud environments.
Introduction:
According to the Cloud Security Alliance (CSA), more than 70 per cent of the world 's companies are now running on the cloud – at least in part.
With advantages such as lower operating costs, greater flexibility, automatic software upgrades, enhanced collaboration and the opportunity to
operate from anywhere, 70 percent is no big surprise.Even so, the cloud has its security share.
The " Cloud Security Spotlight Report" recently found that "90 per cent of organizations are very or moderately concerned with public cloud
security." These issues range from vulnerability to compromised accounts to malicious insiders to full-scale data breaches.
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
Although cloud providers have embarked on a new era of data sharing and storage, many businesses are either reluctant or making the leap
without a specific security strategy in place. I'll show you a big picture view of the top 10 security issues you should be aware of for cloud-based
services.
1. Data Breaches:
Cloud computing and services are relatively recent, but data breaches have occurred in all forms for years. The question remains: "Is the cloud
necessarily less stable, with sensitive data being stored online rather than on premise? A study conducted by the Ponemon Institute entitled
"Man In Cloud Attack" estimates that more than 50 percent of IT and security professionals surveyed believed the security steps taken by their
company to protect data on cloud services were poor. This study used nine scenarios, where there had been a data breach, to determine
whether that belief was actually founded.
After analyzing each case, the study concluded that for organizations that use the cloud, total data breach was three times more likely to occur
than those that don't. The simple inference is that the cloud comes with a specific collection of features, making it more vulnerable.
2. Hijacking of Accounts:
In several organisations the cloud's development and deployment has opened up a whole new range of problems of account hijacking. Attackers
also have the ability to use your login information (or your employees') to access confidential data stored on the cloud remotely; in addition,
attackers can falsify and exploit information through hijacked credentials.
Other hijacking methods include scripting bugs and reusing passwords, which allow attackers to steal credentials quickly and sometimes without
detection. Amazon faced a cross-site scripting problem in April 2010 which also targeted client credentials. Both present related threats to
phishing, keylogging, and buffer overflow. However, the most prominent new threat – known as the Man In Cloud Attack – involves the theft of
user tokens that cloud services use to validate individual devices after each upgrade and sync, without needing logins.
3. Insider Threat:
An attack from inside your organization may seem impossible but there is an insider danger. Employees can use their permitted access to cloudbased services provided by an organization to misuse or access information such as customer accounts, financial forms and other sensitive
information.
An Imperva report, "Inside Track on Insider Threats" found that misuse of information through malicious intent, incidents or malware was an
insider threat. The study also discussed four best practices that could be adopted by organizations to adopt a stable plan, such as corporate
alliances, program prioritization, access management and technology implementation.
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
4. Malware Injection:
Injections of malware are scripts or code embedded in cloud services that function as "true instances" and run to cloud servers as SaaS. This
means that malicious code can be injected into cloud systems and treated as part of the cloud server program or service running itself.
Once an injection is executed and the cloud begins to function in tandem with it, attackers can eavesdrop, compromise sensitive information
integrity, and steal data. Security Threats On Cloud Computing Vulnerabilities, an East Carolina University study, analyses the risks to cloud
computing from malware injections and notes that "malware injection attacks have become a major security issue in cloud computing systems."
5. Abuse of Cloud Services:
The proliferation of cloud-based computing has made it easier to access large quantities of data for both small and enterprise-level
organisations. However, the enormous computing capacity of the cloud has also allowed both hackers and approved users to host and distribute
malware, illicit software and other digital resources with ease.
In some cases the cloud service provider and its customer are affected by this activity. For instance, privileged users may increase the security
risks directly or indirectly and thereby infringe the terms of use offered by the service provider.
These threats involve downloading pirated apps, images, songs, or books, which can have legal repercussions with the U.S. in forms of fines
which compensation. Copyright law to the tune of $250,000. These fines can be even more cost-prohibitive, depending on the damage. Through
tracking the use and setting standards on what your employees host in the cloud, you will reduce your exposure to risk. Service providers and
regulatory agencies, such as CSA, have described what is coercive or offensive conduct along with measures to identify such behaviours.
6. Insecure APIs
Application programming interfaces ( APIs) allow users to customize their cloud experience. However, because of their very existence, APIs may
present a threat to cloud security. They not only offer businesses the opportunity to configure their cloud services' features to suit business
needs, but they also authenticate, provide access, and effect encryption.
As API 's infrastructure expands to provide better support, so do its security risks. APIs offer programmers the tools to develop their programs to
combine their applications with other job-critical software. YouTube is a common and easy example of an API, where developers have the ability
to incorporate YouTube videos into their sites or apps.
An API 's weakness lies in the interapplication communication. While this can benefit programmers and companies, it also leaves exploitable risk
to protection.
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
7. Denial of Service Attacks
Unlike other forms of cyberattacks usually conducted to build a long-term foothold and hijack confidential information, denial of service assaults
may not seek to penetrate the perimeter of security. They try instead to make the website and servers unavailable to legitimate users. However,
in some cases, DoS is often used as a smokescreen for other malicious operations, and to take down security devices such as firewalls for web
applications.
8. Insufficient Due Diligence:
Most of the issues we have looked at here are of a technical nature, but this particular security gap occurs when an organization lacks a clear
plan for its cloud goals, resources, and policies. That is to say, it is the factor of people.
In addition, insufficient due diligence can pose a security risk when an organization migrates quickly into the cloud without properly anticipating
that the services will not meet the expectations of the customer.
This is particularly important for companies whose data falls within regulatory laws such as PII, PCI, PHI, and FERPA or those which handle
customer financial data.
9. Shared Vulnerabilities:
Cloud security is a shared responsibility between customer and provider. This partnership between customer and provider requires the
customer to take preventive measures to protect his data. While major providers like Box , Dropbox, Microsoft and Google have standardized
procedures to secure their side, it is up to you, the customer, to control fine grain.
The bottom line is that customers and providers share responsibilities, and omitting yours can lead to compromised data.
10. Data Loss:
Data on cloud services may be lost by the service provider through malicious attack, natural disaster, or data wipe. Losing vital information will
devastate companies that do not have a recovery plan. Amazon is an example of an organization that suffered data loss in 2011 by permanently
destroying many of the data from its own clients. Google was another organization that lost data when the lightning struck four times over its
power grid. Securing your data means scrutinizing the backup procedures for your provider as they relate to physical storage locations, physical
access and physical disasters.
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)
References:
Harvey, C. (2018, August 2). Datamation. Retrieved from Datamation: https://www.datamation.com/cloud-computing/top-10-cloud-computingchallenges.html
Larkin, A. (2019, August 7). Cloud Academy. Retrieved from Cloud Academy: https://cloudacademy.com/blog/disadvantages-of-cloudcomputing/
Ma, J. (2015, December 14). Imperva. Retrieved from Imperva: https://www.imperva.com/blog/top-10-cloud-security-concerns/
Document shared on www.docsity.com
Downloaded by: fuck-you-19 (iloveui2001@gmail.com)