Cloud Computing Security

Explore the essentials of cloud computing security, including planning, understanding security models, and protecting data through encryption and access control.

Cloud Computing Security

Security in cloud computing is crucial to ensure that data stored in the cloud remains protected. Proper security measures involve encrypting data and restricting direct access to shared information through proxy and brokerage services.

Security Planning

Before deploying resources to the cloud, consider the following aspects to ensure effective security:

  • Resource Sensitivity: Evaluate the sensitivity of the resource you plan to migrate to the cloud.
  • Cloud Service Models: Understand that different cloud service models (IaaS, PaaS, SaaS) require varying levels of customer responsibility for security.
  • Cloud Types: Choose between public, private, community, or hybrid clouds based on your security needs.
  • Provider’s Security System: Familiarize yourself with the provider's policies on data storage and transfer.

Understanding Cloud Security

The service model defines the boundaries of responsibility for security between the provider and the customer. The Cloud Security Alliance (CSA) stack model illustrates these boundaries:

  • IaaS (Infrastructure-as-a-Service): Provides basic infrastructure with minimal integrated functionalities and security measures.
  • PaaS (Platform-as-a-Service): Offers a development platform with additional integrated security features.
  • SaaS (Software-as-a-Service): Delivers a complete operating environment with the highest level of integrated functionalities and security.

As you move up the stack, each model builds upon the capabilities and security concerns of the model below.

Understanding Data Security

Key mechanisms for protecting data include:

  • Access Control: Restricting who can access data.
  • Auditing: Monitoring and recording access and changes to data.
  • Authentication: Verifying the identity of users accessing the data.
  • Authorization: Granting permissions based on user roles and requirements.

All service models should incorporate these security mechanisms.

Isolated Access to Data

To protect cloud data from unauthorized access, consider Brokered Cloud Storage Access:

  • Broker: Has full access to storage but no client access.
  • Proxy: Has no storage access but can interact with both client and broker.

Working of Brokered Cloud Storage Access:

  1. The client sends a request to the proxy's external service interface.
  2. The proxy forwards the request to the broker.
  3. The broker requests data from the cloud storage system.
  4. The cloud storage system returns the data to the broker.
  5. The broker sends the data to the proxy.
  6. The proxy delivers the data to the client.

Diagram: Illustrates the Brokered Cloud Storage Access system.

Encryption

Encryption is essential for protecting data both in transit and at rest. While encryption helps prevent unauthorized access, it does not protect against data loss.

Explore our latest online courses and learn new skills at your own pace. Enroll and become a certified expert to boost your career!