Scribd
Upload
28 views8 pages

Cloud_Security__1709963031

Test

Uploaded by

z2v4qghmdt
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
28 views8 pages

Cloud_Security__1709963031

Test

Uploaded by

z2v4qghmdt
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

𝐂𝐥𝐨𝐮𝐝 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐅𝐫𝐚𝐦𝐞𝐰𝐨𝐫𝐤 𝐟𝐨𝐫 𝐞𝐧𝐝-𝐭𝐨-𝐞𝐧𝐝 𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲

1. Physical Security

Physical Security ensures the safety of physical


assets like data centers, servers, and power supply.

Physical assets can be protected by installing CCTV


equipment, biometric devices, and maintaining
access control registers.

2. Network and Perimeter Security

Network and Perimeter Security focuses on the


logical security of routers, switches, and other
devices where data or virtual images are stored.

Different controls like firewalls, IDS/IPS can be


placed to manage security of the network by
denying unauthorised access.

AAA servers can be used for strong authentication.


3. Virtual Image Security

Virtual images contain user data and should be


considered critical assets.

Security measures are needed to safeguard virtual


images from attackers and malicious code.

Cloud provides opportunities for attackers to create


malicious images and execute malicious code on the
same platform as other clients' images.

Virtual images can be tampered with by internal


employees of service providers or clients who work
on those images.

To address this issue, encryption of virtual images,


blind authentication protocol, provenance tracking,
and access control have been proposed.

It is also suggested to encrypt image names in the


image registry to provide a linking pointer between
image name and physical location.
4.Identity and Access Management (IAM)

Identity and Access Management (IAM) manages AAA


services to improve efficiency and regulatory
compliance management.

IAM as a Service (IDaaS) is a new service model to


achieve greater security and privacy goals in cloud
computing.

Automated redundant identity management,


provisioning of cloud services, and privilege
management are essential for effective IAM.

IAM provides convenience to retrieve, manage,


update, and query information while ensuring
reliable, fast, cost-effective, and secure access to
resources.

Automated identity provisioning, authentication, and


authorization are vital security concerns that can be
addressed using solutions like single sign-on, access
control list, and access based on attributes.
5. Data Security and Storage Security

Data Security and Storage Security is about


protecting data stored on servers from generation
to disposal

Data should be unintelligible if disclosed to


unauthorized entities

Strong encryption, data masking, good key


management, and digital signature techniques can
help achieve this goal

Proper backup services and reliable replication


schemes should be in place

Client data should be removed from servers when


objectives are met or when the client discontinues
service

Proper disposal mechanisms must be in place to


prevent critical information from falling into the
wrong hands
6. Transmission

Transmission security considers the safety of data


while it's being sent.

Data breaches can occur during transmission due to


man in the middle attacks.

To ensure data security during transmission,


preventive techniques can be deployed.

Examples of techniques include VPN, SSL/TLS, and


IPSEC.
7. Monitoring

Monitoring is important for maintaining logs and


checking for auditing purposes.

Different types of monitoring include end-to-end,


server and network, transaction, application, and
event log monitoring.

Automated log generation and management system


should be in place to record all monitoring types.

Logs should be periodically reviewed and analyzed


by experts or automated tools to generate reports
for higher management.

Reports should mention the number of security


breaches and anomalies detected, and an alarm
system should be in place to detect such
anomalies..
8. Client Level Security

Client Level Security is important for protecting


against attacks like SQL injection, XSS, broken
authentication, etc.

Minimize the use of proprietary based APIs and instead


use open standard based APIs or browser to access
cloud data.

Validate and verify each input from the user before


submitting to the server.

Source:Via/Credit: Reseachgate

𝐃𝐢𝐬𝐜𝐥𝐚𝐢𝐦𝐞𝐫 - This post has only been shared for an


educational and knowledge-sharing purpose related to
Technologies. Information was obtained from the source
above source. All rights and credits are reserved for the
respective owner(s).

You might also like