Cloud Computing:

Cloud Computing; usually referred to as merely "the cloud," involves delivering information,

applications, photos, videos, and a lot of over the web to information centers

The principle on which cloud computing is working is to make the computing assigned to a large

number of computers connected together instead of local computer or remote server. Basically, the

cloud is an extension of these three, grid computing, distributed computing, and parallel

computing. The resource is shared in cloud computing via the internet. You can access your

resources placed on the cloud in real time. Like you, anyone else can access their resources.

(Asanghanwa, 2017)

Cloud computing security or, more simply, cloud security refers to a broad set of policies,

technologies, applications, and controls utilized to protect virtualized IP, data, applications,

services, and the associated infrastructure of cloud computing. IBM has helpfully weakened cloud

computing into six totally different categories. In other words, the security model of cloud

computing.

1. Software as a service (SaaS):

Cloud-based applications run on computers off-site (or "in the cloud"). People or firms own and

operate these devices, that hook up with users' computers, usually through an internet browser.

Security Architecture:

SaaS is hosts the data and the software centrally that are accessible via browser. The enterprise

normally negotiates with the CSP the terms of security ownership in a legal contract.
Cloud Access Security Brokers (CASB) play a central role in discovering security issues within a

SaaS cloud service model as it logs, audits, provides access control, and oftentimes includes

encryption capabilities. (Lamos, 2018)

2.Platform as a service (PaaS):

Here, the cloud homes everything necessary to create and deliver cloud-based applications. This

removes the necessity to get and maintain hardware, software, hosting, and more. CSA is defining

the Paas as “The development of the applications without the cost as well as the complexity of

buying and merging the underlying hardware plus software, provisioning hosting capabilities.”

Security Architecture:

The CSP secures a majority of a PaaS cloud service model. However, the security of applications

rests with the enterprise. The essential components to secure the PaaS cloud include security of

the application rests with the enterprises while CSP is securing a majority of PaaS cloud service.

(Lamos, 2018)

3. Infrastructure as a service (IaaS):

IaaS provides firms with servers, storage, networking, and information centers on a per-user basis.

Security Architecture:

The infrastructure IaaS provides us the storage and networking components to cloud networking.

It heavily relies on application programming interfaces (APIs) to allow enterprises to manage and
interact with the cloud. While on the other hand, cloud APIs tend to be insecure as they’re open

and readily accessible on the network.

Additional security features require for IaaS Cloud computing services are: -

1. Virtual web application firewalls which are placed in front of a website to protect it from

malware.

2. Virtual network-based firewalls located at the cloud network’s edge that guards the

perimeter.

3. Virtual routers

4. Intrusion Detection Systems and Intrusion Prevention Systems

5. Network segmentation (Meola, 2016)

Security issues in Cloud Computing:

Cloud computing is expected to implement some new strategies like Encryption which will ensure

safe data storage, strict access control, secure ad stable back of user data. This reason is that many

security issues are concerned with Cloud Computing. On the other hand, user can achieve high

power of computing which will beat their own physical domain using cloud. (Meola, 2016)

Security Issues: -

1 Identification and Authentication:

2. Access control:

3. Data Seizure: 4. Encryption/ Decryption

5. Policy Integration: 6. Audit:

7. Availability

8 Network Consideration.

9 Secure Data Management

10 Resource Allocation

The Internet of Things

The Internet of Things, meanwhile, refers to the association of devices (other than the same old

examples like computers and smartphones) to the web. Cars, room appliances, and even heart

monitors will all be connected through the IoT. And because the web of Things surges within the

coming back years, a lot of devices can be a part of that list. (Kumaraswamy, 2017)
Internet of Things (IoT) which already started to transform that how we are living our lives, but in

the end, all of the added convenience and increased efficiency comes at a cost.

Nowadays companies are working on to find ways to alleviate that pressure of solving that data

problem with the help of IoT. IoT is remarkably generating an unprecedented amount of data which

is turning to put a tremendous strain on the infrastructure of the internet. (Kumaraswamy, 2017)

Don’t forget Cloud Computing will be a major part of that, by making all of the connected devices

working together. But you have to keep in mind the important difference between cloud computing

and IoT which will play out in the upcoming years as we will generate more and more data.

The Role of Cloud Computing in the Internet of Things

Interestingly the IoT and Cloud Computing both are serving to bring an increase in the efficiency

which is helping us in our daily tasks, and both of them have a complimentary relationship. IoT is

generating massive amount of data and on the other hand cloud is providing a pathway for that

data to travel to its final destination.

Security Architecture of IoT

In order to provide a framework for securing digital access among devices, we have to connect

special purpose devices have a significant number of potential interaction surface areas and

interaction pattern. We are using the term “Digital Access” to distinguish it from any kind

operations that are carried out through the direct device interaction whereas access security if

provided them through physical control. In order to optimize security best

practices, it's suggested that a typical IoT design is split into many component/zones as a part

of the threat modeling exercise. (Lamos, 2018)

As zones are broad way to segment a solution, however, each zone often has its own data and

authentication and authorization requirements. Zones can be also used to restrict the impact of low

trust zones on high trust zones as well as to isolation damage.

Every single zone is separated by a Trust Boundary, which is noted as red line, as shown in

diagram. It is representing a transition of data/ information from one source to another. During the

process of transition, the data could be subject to Spoofing, Tampering, Repudiation, Information

Disclosure, Denial of Service and Elevation of Privilege.

The components which are depicted within each boundary are also subjected to STRIDE, enabling

a full 360 threat modeling to view of the solution. The following sections explain on each of the

components and specific security concerns and solutions that should be put into place.

The following sections will discuss the standard components typically found in these zones.

1.Device zone

The device environment is the immediate physical area around the device where ever physical

access and/or “local network” peer-to-peer digital access to the device is possible.

A “local network” is assumed to be a network that is unique and insulated from however probably

bridged to the public Internet, and includes any short-range wireless radio technology that allows

peer-to-peer communication of devices. It doesn’t include any network virtualization technology

making the illusion of such as in the local network and it will not include public operator networks

that needs any two devices to communicate across public network area if they were to enter a peer-

to-peer communication relationship.

2.The field gateway zone

Field gateway is a device/appliance or some all-purpose server computer software that acts as

communication enabler and, doubtless, as a device control system and device data processing hub.

The field gateway zone includes the field gateway itself and all other devices that are hooked up

to that. As the name implies, field gateways act outside dedicated data processing facilities, are

usually location bound, are potentially subject to physical intrusion, and has restricted operational

redundancy. All to say that a field gateway is usually a factor that can touch and sabotage while

knowing what its function is. (Shahan, 2019)

A field gateway is totally different from a mere traffic router in this it has had an active role in

managing access and data flow, that’s mean it is an application self-addressed entity and network

connection or session terminal. The NAT device or firewall, in other words, does not qualify as

field gateways since they are not explicit connection or session terminals, but rather a route (or

block) connections or sessions made through them. The field gateway has two distinct surface

areas. One faces the devices that are attached to it and represents within the zone, and therefore all

other different faces all external parties and is the edge of the zone.

3.The Cloud Gateway Zone

The Cloud gateway is a system allows enables remote communication from and to devices or field

gateways from many completely different sites across public network space, generally towards a

cloud-based control and data (information) analysis system, a federation of such systems. In some

cases, a cloud gateway might be immediately facilitate access to special-purpose devices from

terminals like tablets or phones. Within the context discussed here, “cloud” is meant to refer to a

dedicated data processing system that is not bound to the same site as the attached devices or field
gateways. Additionally, in a Cloud Zone, operational measures prevent targeted physical access

and are not necessarily exposed to a “public cloud” infrastructure.

A cloud gateway might potentially to be mapped into a network virtualization overlay to insulate

the cloud gateway and every one of its connected devices or field gateways from any other network

traffic. However cloud gateway which itself is not a device control system or a processing or

storage facility for device data; those facilities interface with the cloud gateway. The cloud

gateway zone includes the cloud gateway itself along with all field gateways and devices directly

or indirectly connected to it. Keep in mind that the edge of the zone is a distinct surface area where

all external parties communicate through.

4.The services zone

Services are mediators. They all are act under their identity towards gateways and other

subsystems, store and analyze data, autonomously issue commands to devices based on data

insights or schedules and expose information and control capabilities to approved end users.
References.

Andrew Meola, (2016). “The roles of cloud computing and fog computing in the Internet of Things

revolution.” Available at: https://www.businessinsider.com/internet-of-things-cloud-

computing-2016-10

Bryan Lamos, (2018). “Internet of Things (IoT) security architecture.” Available at:

https://docs.microsoft.com/en-us/azure/iot-fundamentals/iot-security-architecture

Eustace Asanghanwa, (2017). “Securing the Intelligent Edge”. Available at:

https://azure.microsoft.com/en-us/blog/securing-the-intelligent-edge/

Giti Javidi, Ehsan Sheybani, Lila Rajabion. (2017). “Fog Computing: A New Space Between Data

and the Cloud.” Available at”https://www.cutter.com/article/fog-computing-new-space-

between-data-and-cloud-497871

K.Sravani, K.L.A.Nivedita, (2013). “Effective Service Security Schemes in Cloud Computing”.

International Journal of Computational Engineering Research Vol. 3 Issue. 3. Available at:

https://pdfs.semanticscholar.org/42c8/4e8873239199aab5b50a7d30544bb6f8e887.pdf

Robin Shahan, (2019). “Security standards for Azure IoT Edge” Available at:

https://docs.microsoft.com/en-gb/azure/iot-edge/security

Subra Kumaraswamy (2017). “Introduction to Cloud Security Architecture from a Cloud

Consumer's Perspective.” Available at: https://www.infoq.com/articles/cloud-security-

architecture-intro