1. About me & Submission details
Parveen Yadav
Security Researcher aka Ethical Hacker .
Working as a Freelancer .
White Hat Hacking work.
Few Recognitions :-
Got listed my name in Google Hall of fame,Amazon,Paypal,Adobe
& Few others.
Paper Title :- Cloud Computing & Security .
3. What is Cloud Computing ?
Cloud Computing is a technology used to provide:
Ease of access to user data, programs and security
Services anytime and anywhereServices anytime and anywhere
Ensuring complete reliability and security
Reduces the cost of work..least possible expenditure
4. BASIC Characteristics of Cloud Computing
Multi-tenancy
Resources in cloud systems can be
shared among a large number of users.
Improve the efficiency of cloud systems
and save cost for cloud service
providers.
5. ..
Scalability
Even when the total work load for a cloud
system increases dramatically, the system
could improve its capacity by adding more
hardware to handle the increased loadhardware to handle the increased load
effectively
6. ..
Elasticity
A cloud system only delivers the minimum
amount of computing resources that meet
users’ need. The amount of resources provided
to users increase when they need more, andto users increase when they need more, and
decrease when they need less. Users only pay
for whatever they consumed.
7. ..
Device Independent
Users can utilize cloud services using
whatever device they have, should it be a
laptop, an iPad or a smartphone, as long as
they have access to the Internet.they have access to the Internet.
8. ..
Low-cost
Computing resources are provided by cloud systems.
Users do not need to purchase expensive computers
to perform tasks that need high performanceto perform tasks that need high performance
computing.
10. History of cloud computing
Evolution
The idea of cloud computing dates as far back as the 1960’s
when John McCarthy envisioned a time when computation
may someday be orgainsed as a public organisation.
Cloud computing has evolved through a number of phases
which include grid and utility computing ,application service
processing(ASP),software as a service (Saas)
11. Grid Computing a form of distributed
computing,acting in concert to perform very large
tasks.
Utility Computing a metered service similar to
a traditional public utility such as electricity.
13. Major services
Major Services
Few other types of Clouds
Network as a Service (NaaS)
Storage as a Service (STaaS)
Security as a Service (SECaaS)
Data as a Service (DaaS)
API as a Service (APIaaS)
14. Cloud Service Models
Software as a Service (SaaS)
Service provider’s apps
User’s do not manage the Network, Servers, OS, Storage or
applications by the user
Platform as a Service (PaaS)
User deploys their apps on the cloudUser deploys their apps on the cloud
Controls their apps
User’s do not manage Servers, IS, Storage
Infrastructure as a Service (IaaS)
User’s get access to the infrastructure to deploy their content
Doesn’t manage or control the infrastructure
Does manage or control the OS, storage, apps, selected network
components.
15. Cloud Deployment models
Public Cloud computing environment are open for
use to anyone who wants to sign up and use them.
These are run by vendors and applications from
different customers are likely to be mixed together ondifferent customers are likely to be mixed together on
the cloud’s servers, storage systems, and networks.
Examples of a public cloud: Amazon Web Services and
Google's AppEngine .
16. A private cloud is basically an organization that
needs more control over their data than they can get
by using a vendor hosted service.
A hybrid cloud combine both public and private
cloud modelscloud models.
17. Google Docs
A cloud based online Office
Allow you to create, edit and
share documents online
using web browsers, iPads or
even smart phones.even smart phones.
https://docs.google.com/demo/edit?id=scAAVln2yf3it2VCiVf-
DUzGg&dt=document#document
18. Amazon Cloud Drive
Amazon Cloud Drive is an personal hard
drive in a cloud system.
Store music, videos, photos, and
documents on Amazon's servers.
https://www.amazon.com/clouddrive
documents on Amazon's servers.
19. Dropbox cloud provider
Dropbox is a file hosting service that offers cloud
storage,file synchronization & client software.
It allows users to create a special folder on each of their
computers,which dropbox then synchronizes so that itcomputers,which dropbox then synchronizes so that it
appears to be in the same folder regardless of which
computer is used to view it.
22. Opportunities and Challenges
The use of the cloud provides a number of
opportunities:
It enables services to be used without any
understanding of their infrastructure.
It potentially lowers the outlay expense for start upIt potentially lowers the outlay expense for start up
companies, as they would no longer need to buy
their own software or servers.
Cost would be by on-demand pricing.
Data and services are stored remotely but accessible
from “anywhere”.
22
23. Advantages Of Cloud Computing
Lower total cost of ownership.
Always on, Always available.
Faster application delivery.
Improved business continuity.
Platform for easier and faster sharing, mobilePlatform for easier and faster sharing, mobile
workforce.
Rental pricing model.
Pay-as–you-go, Try before you buy.
Lower Infrastructure Cost .
24. Disadvantages Of Cloud computing
Security issue
Data Loss Risks
Privacy policies
But can we tackle it……How???43% of current cloud users reported a security
incident in the past 12 months
25. Cloud Computing-Attacking methods
Distributed Denial of Service Attacks (DDoS) .
Authenticated Risks.
Data Segregation Risks.
Web-application Attacking methods.Web-application Attacking methods.
26. Distributed Denial of Service Attacks
Distributed Denial of service (DDoS) attacks means
many node systems attacking one node all at the same
time with a Flood of useless messages to exhaust Web
Server’s resources .
27. Authenticated Risks
Authentication is a weak point in a hosted & virtual service’s and
frequently targeted.
Ways to check the Authenticity of the client :
Leverage strong two –factor authentication techniques.
Use of static I.P, Virtual I.P techniques .
Designated Emplyoee’s Access .
28. Data Segregation Risks
Data segregation is not easily facilitated in all cloud enviornments
as all the data can’t be segregated acc. To the user needs.Some
customers do not encrypt the data as there are chances for the
encryption itself to destroy the data .
The compromised servers are shut down whenever a data is
needed to be recovered.The available data is not correctly sent toneeded to be recovered.The available data is not correctly sent to
the customer at all times of need.
When recovering the data there could be instances of replication
of data in multiple sites.
31. Few things to know before choosing
.....
Select the right Cloud service provider .
Cloud provider Location.
Market value of cloud provider.
Pre-Examination Test .
32. Q & A
• Parveen Yadav
• Contact me :-
• parveen1015@gmail.com
• https://www.facebook.com/proxy.test