Top

Published in:

2014 | OriginalPaper | Chapter

5. Cloud Computing Security

Author : S. Srinivasan

Published in: Cloud Computing Basics

Publisher: Springer New York

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Security aspects of cloud computing draw much attention. Many cloud customers feel that their lack of control over hardware and software makes their information vulnerable for compromise on the cloud. The security issues surrounding the cloud vary among the different types of cloud services such as SaaS, PaaS and IaaS. Among the cloud deployment models only the public cloud has several vulnerabilities. Businesses feel that since they do not control the cloud infrastructure any data stored in the cloud is insecure. It is more a perception issue than something that is inherently insecure. The cloud service providers are trying to reassure the public of their security practices and provide third party audits to back up their claims. Moreover, all the major service providers seek the enhanced SSAE 16 Type II Audit and the ISAE 3402 international reporting standards compliance certification. In this chapter we will analyze the security implications for businesses from the perspective of compliance with laws and industry standards as well as certifications carried by the service provider. Moreover, the service providers facilitate implementing both access control mechanisms and organizational control policies to limit the number of privileged users with access to customer data. Also, we discuss the proactive steps an organization could take to protect their data in transit and storage.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Cloud Computing Providers

next chapter Assessing Cloud Computing for Business Use

AWS. (2013). Amazon web services: Risk and compliance. Whitepaper. http://media.amazonwebservices.com/AWS_Risk_and_Compliance_Whitepaper.pdf. Accessed 22 Jan 2014.

Blum, D. (2009). Cloud computing security in the enterprise. Gartner research report.

Carpenter, M., Liston, T., & Skoudis, E. (2007). Hiding virtualization from attackers and malware. IEEE Security and Privacy, 5(3), 62–65.CrossRef

CDW. (2012). Energy efficient IT report. http://www.cdwnewsroom.com/2012-energy-efficient-it-report/. Accessed 22 Jan 2014.

Chow, R., Gotlle, P., Jakobson, E., Staddon, J., Masuoka, R., & Molina, J. (2009). Controlling data in the cloud: Outsourcing computation without outsourcing control. Proceedings of the 2009 cloud computing workshop on cloud computing security.

Cloud Commons. (2011). http://www.ca.com/us/news/press-releases/na/2011/ca-technologies-unveils-cloud-commons-marketplace-and-developer-studio.aspx. Accessed 1 OCT 2014.

Cloud Security Alliance. (2013). Cloud controls matrix. https://cloudsecurityalliance.org/download/cloud-controls-matrix-v3/. Accessed 22 Jan 2014.

COSO. (2012). Enterprise risk management for cloud computing. http://www.coso.org/documents/Cloud%20Computing%20Thought%20Paper.pdf. Accessed 22 Jan 2014.

CSA STAR. (2011). Security, trust and assurance registry. https://cloudsecurityalliance.org/star/. Accessed 22 Jan 2014.

eMarketer. (2013). US retail Mcommerce sales 2011–2017. http://www.emarketer.com/. Accessed 1 Oct 2014

European Union Report. (2009). Cloud computing: Benefits, risks and recommendations for information security. http://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-risk-assessment. Accessed 22 Jan 2014.

Gartner. (2009). Data center efficiency and capacity: A metric to calculate Both. Gartner research report.

Hashizume, K., Rosado, D., Fernandez-Medina, E., & Fernandez, E. (2013). An analysis of security issues for cloud computing. Jl. of Internet Services and Applications, 4(5), 1–13.

He, B., Tran, T., & Xie, B. (2014). Authentication and identity management for secure cloud businesses and services, Chap. 11 in the book Security, Trust, and Regulatory Aspects of Cloud Computing in Business Environments, Editor S. Srinivasan, Hershey, PA: IGI Global.

ISAE3402. (2011). ISAE 3402 Global Standard. http://isae3402.com/. Accessed 22 Jan 2014.

McKinsey. (2008). Revolutionizing data center energy. McKinsey company report.

NIST. (2011). Guidelines on security and privacy in public cloud computing, SP 800-144. Gaithersburg: NIST Publication.

OAuth. (2007). OAuth standard. http://oauth.net/about/. Accessed 22 Jan 2014.

Ponemon Institute. (2011). Cloud security study. http://www.dome9.com/resources/ponemon-cloud-security-study. Accessed 5 Feb 2014.

Ristenpart, T., Tromer, E., Schacham, H., & Savage, S. (2009). Hey, you, get off of my cloud: exploring information leakage in third party compute clouds. Proceedings of the 16th ACM computer and communications security, 199–212.

Rittinghouse, J., & Ransome, J. (2009). Security in the cloud: Cloud Computing Implementation, Management and Security. Boca Raton, FL: CRC Press.

Sengupta, S., Kaulgud, V., & Sharma, V. (2011). Cloud computing security—trends and research directions. IEEE world congress on services, pp. 524–531.

Shackleford, D. (2013). Simplifying cloud access without sacrificing corporate control. SANS Whitepaper.

Softlayer. (2013). Bare metal servers. http://www.softlayer.com. Accessed 22 Jan 2014.

Srinivasan, S. (2014a). Is security realistic in cloud computing? Journal of International Technology and Information Management, 13(1).

Srinivasan, S. (2014b). Security, trust, and regulatory aspects of cloud computing in business environments, Chapter 8. Hershey: IGI Global.CrossRef

SSAE16. (2011). SSAE 16 standard overview. http://ssae16.com/SSAE16_overview.html. Accessed 22 Jan 2014.

Takabi, H., Joshi, J., & Ahn, G. (2010). Security and privacy challenges in cloud computing environments. IEEE Security & Privacy, 8(6), 24–31.CrossRef

TIA. (2012). Data center standard. http://tiaonline.org/node/773. Accessed 22 Jan 2014.

Zhang, Y., Juels, A., Reiter, M., & Ristenpart, T. (2012). Cross-VM side channels and their use to extract private keys. Proceedings of the 2012 ACM conference on computer and communications security, 305–316.

Title: Cloud Computing Security
Author: S. Srinivasan
Publisher: Springer New York
Book: Cloud Computing Basics
Print ISBN: 978-1-4614-7698-6

Electronic ISBN: 978-1-4614-7699-3

Copyright Year: 2014
DOI: https://doi.org/10.1007/978-1-4614-7699-3_5

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"