Вы находитесь на странице: 1из 8

“WHY WE NEED TO IMPROVE CLOUD COMPUTING’S

SECURITY”

A Report submitted to the INNOVATIVE THINKING

RAJIV GANDHI PROUDYOGIKI VISHWAVIDYALAYA, BHOPAL

in partial fulfillment of the requirements for the award of the degree of

BACHELOR OF ENGINEERING
IN
INFORMATION TECHNOLOGY

Submitted by

PRIYA CHETRI (0126IT151074)


RAJNI THAKUR (0126IT151080)
ROSHINI PILLAI (0126IT151088)

Under the Guidance of


Prof. Imran Khan

DEPARTMENT OF INFORMATION TECHNOLOGY

ORIENTAL COLLEGE OF TECHNOLOGY


BHOPAL (M.P.)-462021, INDIA
2017-18

1
TABLE OF CONTENT :-

PAGE NO.

 Introduction to Cloud Computing 3

 Cloud Computing Security and Its Advantages 4-5

 Reasons to improve security in Cloud Computing 6

 Ways to Reduce Risk and Secure Data on Cloud 7-8

 Idea 9

2
What is cloud computing?

Cloud computing means that instead of all the computer hardware and software you're using
sitting on your desktop, or somewhere inside your company's network, it's provided for you as a
service by another company and accessed over the Internet, usually in a completely seamless
way. Exactly where the hardware and software is located and how it all works doesn't matter to
you, the user—it's just somewhere up in the nebulous "cloud" that the Internet represents.

Cloud computing is a buzzword that means different things to different people. For some, it's just
another way of describing IT (information technology) "outsourcing"; others use it to mean any
computing service provided over the Internet or a similar network; and some define it as any
bought-in computer service you use that sits outside your firewall. However we define cloud
computing, there's no doubt it makes most sense when we stop talking about abstract definitions
and look at some simple, real examples—so let's do just that.

3
Cloud Computing Security and Its Advantages:-

The digital hackers of 20 years Cloud computing is a game-changing innovation in the industry.
However, there's an ever-present question on whether it's safe for users. Consequently, security
of cloud computing solutions is by far the most serious concern among those associated with the
technology. For users unfamiliar with the cloud computing, putting their valuable application
and data in a cloud platform may feel like a leap of faith. But faith alone isn't enough, because
users should be sure that their data is completely secure and any issue is addressed immediately.

Cloud providers typically implement a rigorous security system, but the involvement of a
different party could be needed to improve the security level even further. A reliable cloud
computing service strives to create highly secure cloud environments with robust encryption
system that can keep essential information private.

Here are eight advantages of employing a cloud computing security service:

1. Data breaches prevention: Strong data encryption can effectively prevent data breach -
ensures that the multi-tenant cloud service database is properly designed and
configured to keep hackers away from the system.
2. Data loss prevention: The prospect of seeing their critical information disappears
without trace can be frightening to users. Not only data encryption may ward off hackers,
the regularly updated offline data backups also reduce risks of data loss.
3. Account hijacking prevention: your service should offer solutions that protect users'
credentials from being stolen. Without a secure platform, hackers may eavesdrop on out
transactions, manipulate data and return falsified information that harms clients.
4. More secure APIs: APIs are important to maintain the availability and security of a
cloud service. Your service should help users to identify and improve weak APIs that can
expose the organization.
5. DoS prevention: Denial of service is a classic Internet threat and outages may cost users
immensely. Solutions offered by a reliable cloud computing service will detect DoS
attacks and provide effective responses to ensure 24/7 availability.
6. Reduction of malicious threats: your cloud computer service should provide a solid
solution to prevent former employees, contractors and business partners from gaining
access to a cloud network.
7. Proper due diligence: Organizations that embrace cloud computing technology should
fully understand its unique environments and risks associated with them. As an example,

4
improper uses of cloud may cause contractual problems with service providers over
transparency and liability. A reliable cloud computing service provides consultation and
reliable internal bureaucracy systems to prevent occurrences of legal issues.
8. Reduction on impacts of shared resources: Cloud computing solutions could be based
on shared infrastructure such as processors, RAM, GPUs, caches and hard drives. A
reliable cloud computing service will provide solid isolation properties for SaaS, PaaS
and IaaS.

Cloud computing is way of giving access to shared resources such as computer networks,
servers, storage, applications and services. Individuals and organisations can place their data on
the cloud and enjoy unlimited storage free or at a relatively low cost. It also allows services such
as email to be offloaded, reducing companies’ development and maintenance costs.

REASONS TO IMPROVE TO CLOUD COMPUTING’s SECURITY:

Data breaches happen every day:-


Despite the tremendous benefits of cloud computing, the security and privacy of data are
probably the biggest concerns that individuals and organisational users have. Current efforts to
protect users’ data include measure such as firewalls, virtualisation (running multiple operating
systems or applications simultaneously) and even regulatory policies, yet often users are required
to provide information to service providers “in the clear” – means plain-text data without any
protection.

Moreover, because cloud-computing software and hardware are anything but bug-free, sensitive
information may be exposed to other users, applications and third parties. In fact, cloud data
breaches happen every day.

The cyber-security website Csoonline.com compiled a list of 16 of the biggest data breaches of
the 21st century all happened during the past 11 years.

At the top of the list is Yahoo. In September 2016 the company announced that it had been the
victim of a huge data breach in 2014 – names, e-mail addresses and other data belonging to half
a billion users were hacked. The following December Yahoo revised their estimate, and said
that 1 billion accounts were hacked in 2013. In addition to names and passwords, users’ security
questions and answers were also compromised.

5
Six ways to reduce risk and protect data:
Securing the security perimeter of the traditional data centre was made relatively straightforward
with the help of firewalls and intrusion detection systems. When we traded terminals for PCs,
anti-virus software helped keep those devices safe.

With employees, customers, business partners, suppliers and contractors increasingly accessing
corporate applications and data with mobile devices from the cloud, protecting the edge of the
network is no longer enough. As the traditional perimeter disappears, here are six things to do to
help ensure security in the cloud.

1. Know who's accessing what


People within your organisation who are privileged users, – such as database administrators and
employees with access to highly valuable intellectual property – should receive a higher level of
scrutiny, receive training on securely handling data, and stronger access control.

2. Limit data access based on user context


Change the level of access to data in the cloud depending on where the user is and what device
they are using. For example, a doctor at the hospital during regular working hours may have full
access to patient records. When she's using her mobile phone from the neighborhood coffee
shop, she has to go through additional sign-on steps and has more limited access to the data.

3. Take a risk-based approach to securing assets used in the cloud


Identify databases with highly sensitive or valuable data and provide extra protection, encryption
and monitoring around them.

4. Extend security to the device


Ensure that corporate data is isolated from personal data on the mobile device. Install a patch
management agent on the device so that it is always running the latest level of software. Scan
mobile applications to check for vulnerabilities.

5. Add intelligence to network protection


The network still needs to be protected – never more so than in the cloud. Network protection
devices need to have the ability to provide extra control with analytics and insight into which
users are accessing what content and applications.

6
6. Build in the ability to see through the cloud
Security devices, such as those validating user IDs and passwords, capture security data to create
the audit trail needed for regulatory compliance and forensic investigation. The trick is to find
meaningful signals about a potential attack or security risk in the sea of data points.

Adding a layer of advanced analytics – a security intelligence layer – brings all of this security
data together to provide real-time visibility into the both the data centre and the cloud
infrastructure.

In the same way that clouds in the sky have an ever-evolving perimeter, so does cloud
computing. Security is an important factor in cloud deployments and by building in the security
capabilities described in these six steps, organizations can better manage and protect people, data
and their devices in the cloud.

7
IDEA:-
“Our idea is to encrypt the cloud data using following encryption algorithms so that no one
can easily decrypt it and add additional security measures to the cloud.”

There are currently a myriad of symmetric algorithms available to you; Following are the some
common algorithms in the symmetric category:

Data Encryption Standard (DES) Originally adopted by the U.S. Government in 1977, the
DES algorithm is still in use today. DES is a 56-bit key algorithm, but the key is too short to be
used today for any serious security applications.DES is still encountered in many applications
but should never be chosen without very careful consideration or the lack of other viable options.

Triple DES (3DES) This algorithm is an extension of the DES algorithm and is three times
more powerful than the DES algorithm. The algorithm uses a 168-bit key. Triple DES, or 3DES,
is very commonly used and is a component of many security solutions including e-commerce
and others.

Blowfish Blowfish is an algorithm that was designed to be strong, fast, and simple in its design.
The algorithm uses a 448-bit key and is optimized for use in today’s 32- and 64-bit processors
(which its predecessor DES was not). The algorithm was designed by encryption expert Bruce
Schneier.

International Data Encryption Algorithm (IDEA) Designed in Switzerland and made


available in 1990, this algorithm is seen in applications such as the Pretty Good Privacy (PGP)
system.

Вам также может понравиться