Cloud Computing Security
Cloud Security is a sub-domain of computer
security, network security and Information security. Security in cloud is the
Data in cloud be stored in encrypted form. To
restrict client from direct accessing the shared data, proxy and brokerage
services should be employed.
It includes broad set of policies, technologies,
and controls deployed to protect data, applications, and the associated
infrastructure of cloud computing.
Before deploying a particular resource to cloud, one should
need to analyze several attributes about the resource such as:
Select which resources he is going to move to
cloud and analyze its sensitivity to risk.
Consider cloud service models such as IaaS, PaaS, and SaaS. These models require consumer to be responsible for security
at different levels of service.
Consider which cloud type such as public,
private, community or hybrid.
Understand the cloud service provider's system
that how data is transferred, where it is stored and how to move data into and
out of cloud.
Security of Cloud
A particular service model defines the boundary between the responsibilities of
service provider and consumer. Cloud
Security Alliance (CSA) stack model defines the boundaries between each
service model and shows how different functional units relate to each other
IaaS is the most basic level of service with
PaaS and SaaS next two above levels of service.
Moving upwards each of the service inherits
capabilities and security concerns of the model beneath.
IaaS provides the infrastructure, PaaS provides
platform development environment and SaaS provides operating environment.
IaaS has the least level of integrated
functionalities and integrated security while SaaS has the most.
This model describes the security boundaries at
which cloud service provider's responsibility ends and the consumer's
Any security mechanism below the security
boundary must be built into the system and above should be maintained by the
Note: Although each service model has security mechanism but
security needs also depends upon where these services are located, in private,
public, hybrid or community cloud.
Since all the data is transferred using Internet, data
security is of major concern in cloud. Here are key mechanisms for protecting
data mechanisms listed below:
All of the service models should incorporate security
mechanism operating in all above-mentioned areas.
Since data stored in cloud can be accessed from anywhere,
therefore to protect the data, we must have a mechanism to isolate data from
direct client access.
Brokered Cloud Storage
Brokered Cloud Storage Access is one of the approaches for
isolating storage in cloud. In this approach, two servers are created:
A broker with full access to storage but no
access to client.
A proxy with no access to storage but access to
both client and broker.
Working of Brokered cloud storage access system.
When the client issue request to access data:
The client data request goes to proxy's external
The proxy forwards the request to the broker.
The broker requests the data from cloud storage
The cloud storage system returns the data to the
The broker returns the data to proxy.
Finally the proxy sends the data to the client.
Encryption helps to protect data from being compromised. It protects data that
is being transferred as well as data stored in the cloud. Although encryption
helps to protect data from any unauthorized access, it does not prevent from