Skip to main content

2014 | OriginalPaper | Buchkapitel

5. Cloud Computing Security

verfasst von : S. Srinivasan

Erschienen in: Cloud Computing Basics

Verlag: Springer New York

Aktivieren Sie unsere intelligente Suche um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Security aspects of cloud computing draw much attention. Many cloud customers feel that their lack of control over hardware and software makes their information vulnerable for compromise on the cloud. The security issues surrounding the cloud vary among the different types of cloud services such as SaaS, PaaS and IaaS. Among the cloud deployment models only the public cloud has several vulnerabilities. Businesses feel that since they do not control the cloud infrastructure any data stored in the cloud is insecure. It is more a perception issue than something that is inherently insecure. The cloud service providers are trying to reassure the public of their security practices and provide third party audits to back up their claims. Moreover, all the major service providers seek the enhanced SSAE 16 Type II Audit and the ISAE 3402 international reporting standards compliance certification. In this chapter we will analyze the security implications for businesses from the perspective of compliance with laws and industry standards as well as certifications carried by the service provider. Moreover, the service providers facilitate implementing both access control mechanisms and organizational control policies to limit the number of privileged users with access to customer data. Also, we discuss the proactive steps an organization could take to protect their data in transit and storage.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literatur
Zurück zum Zitat Blum, D. (2009). Cloud computing security in the enterprise. Gartner research report. Blum, D. (2009). Cloud computing security in the enterprise. Gartner research report.
Zurück zum Zitat Carpenter, M., Liston, T., & Skoudis, E. (2007). Hiding virtualization from attackers and malware. IEEE Security and Privacy, 5(3), 62–65.CrossRef Carpenter, M., Liston, T., & Skoudis, E. (2007). Hiding virtualization from attackers and malware. IEEE Security and Privacy, 5(3), 62–65.CrossRef
Zurück zum Zitat Chow, R., Gotlle, P., Jakobson, E., Staddon, J., Masuoka, R., & Molina, J. (2009). Controlling data in the cloud: Outsourcing computation without outsourcing control. Proceedings of the 2009 cloud computing workshop on cloud computing security. Chow, R., Gotlle, P., Jakobson, E., Staddon, J., Masuoka, R., & Molina, J. (2009). Controlling data in the cloud: Outsourcing computation without outsourcing control. Proceedings of the 2009 cloud computing workshop on cloud computing security.
Zurück zum Zitat Gartner. (2009). Data center efficiency and capacity: A metric to calculate Both. Gartner research report. Gartner. (2009). Data center efficiency and capacity: A metric to calculate Both. Gartner research report.
Zurück zum Zitat Hashizume, K., Rosado, D., Fernandez-Medina, E., & Fernandez, E. (2013). An analysis of security issues for cloud computing. Jl. of Internet Services and Applications, 4(5), 1–13. Hashizume, K., Rosado, D., Fernandez-Medina, E., & Fernandez, E. (2013). An analysis of security issues for cloud computing. Jl. of Internet Services and Applications, 4(5), 1–13.
Zurück zum Zitat He, B., Tran, T., & Xie, B. (2014). Authentication and identity management for secure cloud businesses and services, Chap. 11 in the book Security, Trust, and Regulatory Aspects of Cloud Computing in Business Environments, Editor S. Srinivasan, Hershey, PA: IGI Global. He, B., Tran, T., & Xie, B. (2014). Authentication and identity management for secure cloud businesses and services, Chap. 11 in the book Security, Trust, and Regulatory Aspects of Cloud Computing in Business Environments, Editor S. Srinivasan, Hershey, PA: IGI Global.
Zurück zum Zitat McKinsey. (2008). Revolutionizing data center energy. McKinsey company report. McKinsey. (2008). Revolutionizing data center energy. McKinsey company report.
Zurück zum Zitat NIST. (2011). Guidelines on security and privacy in public cloud computing, SP 800-144. Gaithersburg: NIST Publication. NIST. (2011). Guidelines on security and privacy in public cloud computing, SP 800-144. Gaithersburg: NIST Publication.
Zurück zum Zitat Ristenpart, T., Tromer, E., Schacham, H., & Savage, S. (2009). Hey, you, get off of my cloud: exploring information leakage in third party compute clouds. Proceedings of the 16th ACM computer and communications security, 199–212. Ristenpart, T., Tromer, E., Schacham, H., & Savage, S. (2009). Hey, you, get off of my cloud: exploring information leakage in third party compute clouds. Proceedings of the 16th ACM computer and communications security, 199–212.
Zurück zum Zitat Rittinghouse, J., & Ransome, J. (2009). Security in the cloud: Cloud Computing Implementation, Management and Security. Boca Raton, FL: CRC Press. Rittinghouse, J., & Ransome, J. (2009). Security in the cloud: Cloud Computing Implementation, Management and Security. Boca Raton, FL: CRC Press.
Zurück zum Zitat Sengupta, S., Kaulgud, V., & Sharma, V. (2011). Cloud computing security—trends and research directions. IEEE world congress on services, pp. 524–531. Sengupta, S., Kaulgud, V., & Sharma, V. (2011). Cloud computing security—trends and research directions. IEEE world congress on services, pp. 524–531.
Zurück zum Zitat Shackleford, D. (2013). Simplifying cloud access without sacrificing corporate control. SANS Whitepaper. Shackleford, D. (2013). Simplifying cloud access without sacrificing corporate control. SANS Whitepaper.
Zurück zum Zitat Srinivasan, S. (2014a). Is security realistic in cloud computing? Journal of International Technology and Information Management, 13(1). Srinivasan, S. (2014a). Is security realistic in cloud computing? Journal of International Technology and Information Management, 13(1).
Zurück zum Zitat Srinivasan, S. (2014b). Security, trust, and regulatory aspects of cloud computing in business environments, Chapter 8. Hershey: IGI Global.CrossRef Srinivasan, S. (2014b). Security, trust, and regulatory aspects of cloud computing in business environments, Chapter 8. Hershey: IGI Global.CrossRef
Zurück zum Zitat Takabi, H., Joshi, J., & Ahn, G. (2010). Security and privacy challenges in cloud computing environments. IEEE Security & Privacy, 8(6), 24–31.CrossRef Takabi, H., Joshi, J., & Ahn, G. (2010). Security and privacy challenges in cloud computing environments. IEEE Security & Privacy, 8(6), 24–31.CrossRef
Zurück zum Zitat Zhang, Y., Juels, A., Reiter, M., & Ristenpart, T. (2012). Cross-VM side channels and their use to extract private keys. Proceedings of the 2012 ACM conference on computer and communications security, 305–316. Zhang, Y., Juels, A., Reiter, M., & Ristenpart, T. (2012). Cross-VM side channels and their use to extract private keys. Proceedings of the 2012 ACM conference on computer and communications security, 305–316.
Metadaten
Titel
Cloud Computing Security
verfasst von
S. Srinivasan
Copyright-Jahr
2014
Verlag
Springer New York
DOI
https://doi.org/10.1007/978-1-4614-7699-3_5

Neuer Inhalt