Cloud computing provides on-demand access to IT resources over the internet. The document discusses security and privacy considerations for cloud computing, including types of cloud computing, good security practices like monitoring and vulnerability detection, and principles of privacy protection such as notice, choice, and access. Ensuring both security and privacy in cloud computing requires policies that comply with legal frameworks and empower individuals to control their personal information.
3. INTRODUCTION
SECURITY
AND
PRIVACY
3
Cloud computing is on-demand access, via the internet,
to computing resources—applications, servers (physical
servers and virtual servers), data storage, development
tools, networking capabilities, and more—hosted at a
remote data centre managed by a cloud services provider
(or CSP).
The CSP makes these resources available for a monthly
subscription fee or bills them according to usage.
4. INTRODUCTION
Cloud computing helps in the following:
1. Lower IT costs: Cloud lets you offload some or most of
the costs and effort of purchasing, installing, configuring,
and managing your own on-premises infrastructure.
2. Improve agility and time-to-value: With cloud, your
organization can start using enterprise applications in
minutes, instead of waiting weeks or months for IT to
respond to a request, purchase and configure supporting
hardware, and install software.
3. Scale more easily and cost-effectively: Cloud provides
elasticity—instead of purchasing excess capacity that sits
unused during slow periods, you can scale capacity up
and down in response to spikes and dips in traffic.
4
SECURITY
AND
PRIVACY
5. TYPES OF CLOUD
COMPUTING
1. Public cloud
2. Private cloud
3. Hybrid cloud
4. Multicloud
5. Hybrid multicloud
5
SECURITY
AND
PRIVACY
6. GOOD SECURITY
PRACTICES
1. Protection against internal and external threats
Security monitoring services help to improve the effectiveness of the
security infrastructure of a customer by actively analysing logs and alerts
from infrastructure devices around the clock and in real time. Usually the
skills required to maintain the level of service of an organization is very
high.
2. Early detection
An early detection service detects and reports new security
vulnerabilities shortly after they appear. Security vulnerability reports
include information on the impact the exploitation of this vulnerability
would have on the system or applications previously selected by the
company receiving the report.
6
SECURITY
AND
PRIVACY
7. GOOD SECURITY
PRACTICES
3. Vulnerabilities detection and management
Vulnerability detection and management enables automated
verification and management of the security level of information
system. The service performs periodic follow-up of tasks
performed by security professional managing information
systems security and provides reports that can be used to
implement a plan for continuous improvement of the system’s
security level.
4. Intervention, forensics, and help desk services
Quick intervention when a threat is detected is crucial to
mitigating the effects of a thread. This requires security
engineers with ample knowledge in the various technologies and
with the ability to support applications as well as infrastructures
7
SECURITY
AND
PRIVACY
8. ENSURING
PRIVACY
Privacy protection in cloud computing environment is less
of a technical issue and more of a policy and legal issue.
Policies are required to be framed to conform to the legal
framework protecting the privacy of individuals and
organization. Policies have to empower people to control
the collections, use, and distribution of their personal
information.
8
SECURITY
AND
PRIVACY
9. 7 PRINCIPLES OF
PRIVACY PROTECTION
Notice: individuals must be informed that data is being
collected and about how it will be used.
Choice: individuals must have the ability to opt out of
the collection and forward transfer of data to third
parties.
Onward transfer: transfer of data third parties may
only occur to other organizations that follow adequate
data protection principles.
Security: reasonable efforts must be made to prevent
loss of collected information.
9
SECURITY
AND
PRIVACY
10. 7 PRINCIPLES OF
PRIVACY PROTECTION
Data integrity: data must be relevant and
reliable for the purpose it was collected for.
Access: individuals must be able to access
information held about them, and correct or
delete it if it is inaccurate.
Enforcement: there must be effective means of
enforcing these rules.
1 0
SECURITY
AND
PRIVACY
11. SECURITY VS PRIVACY
SECURITY
• Protects data
• Keeps you safe from potential
threats.
• Long been deemed essential
PRIVACY
• Involves how data is used and
controlled.
• Refers to details about you directly
and how you wish to share them.
• Considered a luxury and not for
everyone.
1 1
SECURITY
AND
PRIVACY
12. SUMMARY
SECURITY
AND
PRIVACY
1 2
Cloud computing is the on-demand delivery of it
resources over the internet with pay-as-you-go
pricing.
Cloud security is a collection of procedures and
technology designed to address external and
internal threats to business security.
Cloud privacy is the concept of sharing data
while protecting certain personal information.