Unit 4_Cloud-1
Unit 4_Cloud-1
Cloud Security: Risks, Top concern for cloud users, privacy impact
assessment, trust, OS security, VM Security, Security Risks posed by
shared images and management OS.
• The evolution of computing from isolated systems to interconnected
networks has significantly increased security risks, as malware can
now spread globally and cross-national borders.
• Cybersecurity has become critical as societies rely more heavily on
information infrastructure, with even national critical systems
vulnerable to attacks like those exemplified by the Stuxnet virus and
cyberwarfare.
• Cloud computing, a transformative technology, presents a target-rich
environment for cyber threats, raising security concerns for both
current and potential users.
• While some risks are shared with other network-centric systems, new
methods are expected to address emerging threats, and some
concerns may prove exaggerated over time.
• Despite perceptions that cloud adoption reduces internal security
threats, outsourcing computing introduces new privacy and security
challenges.
• Service-level agreements often fail to offer sufficient legal protection,
leaving cloud users vulnerable to uncontrollable events.
• Overall, security remains a major barrier to the acceptance of cloud
computing, even as its value proposition strengthens.
Cloud security risks
Cloud computing presents significant three broad classes of risks ,
• Security risks including traditional threats,
• Availability issues, and
• Challenges related to third-party data control.
Traditional threats
• The traditional threats begin at the user site. The user must protect the infrastructure used to
connect to the cloud and to interact with the application running on the cloud. This task is more
difficult because some components of this infrastructure are outside the firewall protecting the
user.
• The next threat is related to the authentication and authorization process. The procedures in
place for one individual do not extend to an enterprise. In this case the cloud access of the
members of an organization must be nuanced; individuals should be assigned distinct levels of
privilege based on their roles in the organization
• Moving from the user to the cloud Traditional threats, such as
phishing, DDoS attacks, SQL injection, and cross-site scripting, are
amplified in the cloud due to the scale of resources and shared
environments.
• Multitenancy and vulnerabilities in virtualization open new avenues
for malicious actors, complicating attack tracing and digital forensics.