SlideShare una empresa de Scribd logo

Cloud Computing

sahil lalwani
sahil lalwani

White paper on Cloud Computing-How cloud computing can be a Game changer.

Tecnología
1 de 6
Descargar para leer sin conexión
MIS 6326: DATA MANAGEMENT 1 Research topic: CLOUD COMPUTING AND DATABASE SYSTEMS Submitted by: Research Group 6 ================================================================= Introduction: “We believe we’re moving out of the Ice Age, the Iron Age, the Industrial Age, the Information Age, to the participation age. You get on the Net and you do stuff. You IM, you blog, you take pictures, you publish, you podcast, you transact, you distance learn, you telemedicine. You are participating on the Internet, not just viewing stuff. We build the infrastructure that goes in the data center that facilitates the participation age. We build that big friggin’ Webtone switch. It has security, directory, identity, privacy, storage, compute, the whole Web services stack.” - Scott McNealy, former CEO, Sun Microsystems. This statement by the former CEO of Sun microsystems sums up pretty much what the cloud computing is. Cloud computing is not an innovation, but a means to constructing IT services that use advanced computational power and improved storage capabilities. The main focus of cloud computing from the provider's view as extraneous hardware connected to support downtime on any device in the network, without a change in the users' perspective. Also, the users' software image should be easily transferable from one cloud to another. Though cloud computing is targeted to provide better utilization of resources using virtualization techniques and to take up much of the work load from the client, it is fraught with security risks [1] . The benefits of cloud computing are hard to dispute but the vulnerabilities it possess are also hard to neglect. GTRA research showed that the most common concern about implementing cloud programs was security and privacy, a finding supported by an IDC study of 244 CIOs on cloud computing, in which 75% of respondents listed security as their number-one concern[2] . Security within cloud computing is an especially worrisome issue because of the fact that the devices used to provide services do not belong to the users themselves. Security risks of databases in the cloud The increase in popularity of cloud computing in recent years has caused a tremendous growth of the systems which also poses more security risks. Increasing the size or adding capabilities to the cloud leaves the system to be exposed to many internal and external conflicts. With many security risks, keeping the dependency on cloud computing becomes a big challenge for many firms attempting to grow their databases. The following are the most common security risk cloud databases possess: Data Breach: One of the most common security risks cloud computing faces are data breaches in the system. Data breaches are incidents where sensitive or confidential data are accessed by unauthorized parties. Once that data has been breached, whoever accesses them may view, steal, use, or even manipulate the data to their advantage. These individuals or “groups of organized criminal elements [are] looking to rapidly monetize information [or] have a social
MIS 6326: DATA MANAGEMENT 2 or other agendas” (Green, 2013). Many retail stores face this issue when storing data pertaining to customer credit cards. Dealing with the security of these databases in the cloud for many firms becomes a challenge preventing data breaches. Data loss: Another common security risk cloud computing face are data loses. Since the data is stored in a combined database on a cloud, there is a likely chance multiple authorized users can gain access to a single piece of data. With that power, one person can go in a purposely delete the piece of data making it disappear from the database permanently. Data loss can also occur externally from hackers gaining unauthorized access to the system. Once hackers have entered the cloud database, they can manually go in and change data points or wipe out data that is stored causing data loss. Service Hijacking: A third common security risk is service hijacking causing hackers to gain full control of the service and use it to their control. With advanced cloud computing and complex systems, attackers will be able to access the database and hijack the service. Intruders will be able to exploit the service and weaken its security even further making it more vulnerable for other risks. Hackers can gain control of eavesdropping on users and change or delete data that can damage future records. Hijacking causes huge data breaches and data losses for any organization and can severely damage an organizations reputation. Overcoming hijacking can cause difficulty since the database is comprised and vulnerable for more attacks. Security breaches in the past and how it was overcomed  Home depot: Issue: Breach of database security leading to leakage of customer’s credit card information. Information used by hackers for malicious practices. Steps taken: “We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges,” said Frank Blake, chairman and CEO. This statement was issued by Chairman and CEO of Home depot as soon as the investigations revealed a breach in the database security. The company took few steps to regain the lost confidence by the customers. A press release by Home Depot which reads as “The company’s new payment security protection locks down payment data through enhanced encryption, which takes raw payment card information and scrambles it to make it unreadable and virtually useless to hackers. Home Depot’s new encryption technology, provided by Voltage Security, Inc., has been tested and validated by two independent IT security firms.” [3] Home depot also decided to use EMV “Chip and PIN” technology after this major breach of security which compromised the users information and lead to loss of faith in the company. EMV refers to payment chip cards that contain an embedded microprocessor, a type of small computer that provides strong security features and other capabilities not possible with traditional magnetic stripe cards [4] . EMV relies on chip present in the card and the pin supplied by the customer at the merchant purchases rather than verifying signatures to validate the transactions.
MIS 6326: DATA MANAGEMENT 3  Target: Issue: Breach in the network of Target Corporation during the timeline of thanksgiving discounts for a period of 2 weeks. It is approximated that around 70 million records were compromised leading to customers information being used by hackers for unauthentic transactions. Steps taken: The retail giant took significant actions to strengthen its network and regain the lost confidence in customers, few of the steps include [5] :  Enhancing monitoring and logging  Includes implementation of additional rules, alerts, centralizing log feeds and enabling additional logging capabilities  Installation of application whitelisting point-of-sale systems  Includes deploying to all registers, point-of-sale servers and development of whitelisting rules  Implementation of enhanced segmentation  Includes development of point-of-sale management tools, review and streamlining of network firewall rules and development of a comprehensive firewall governance process  Includes decommissioning vendor access to the server impacted in the breach and disabling select vendor access points including FTP and telnet protocols  Includes coordinated reset of 445,000 Target team member and contractor passwords, broadening the use of two-factor authentication, expansion of password vaults, disabled multiple vendor accounts, reduced privileges for certain accounts, and developing additional training related to password rotation Target also announced its initiative to shift to the chip-and-PIN enabled cards. It planned to invest around $100 million to expedite the process of transition to chip and pin enabled cards and install supporting softwares and payment devices across all its stores. How to overcome security challenges of cloud computing Despite the limitations and security vulnerabilities, cloud computing continues to be a game changer for small and big enterprises. The security challenges can be overcomed by the following methods:  Data Encryption Major cloud service providers, such as Microsoft, Yahoo and Google have implemented data encryption settings of the end-users' data that they are hosting and managing. For example, Google Cloud Storage can now realize the automatic encryption to the new data written into the disk, and this server-side encryption will soon be used in the old data stored in the Google cloud, in order to protect the security of all data. Microsoft announced they will strengthen the encryption settings of all services provided by Microsoft, including Outlook.com, Office 365,
MIS 6326: DATA MANAGEMENT 4 SkyDrive and Windows Azure, etc. This method is extremely important for the security of data which is transmitted between enterprise users and suppliers.  The key management and data ownership Only if key management system is safe, the data encryption will be safe. When the cloud service provider uses encryption method, the user needs to know: If the cloud supplier leaks user’s data, or give the keys over to someone else, their data will be stolen. This concern has stimulated one method to protect the security of the cloud, which has enabled business users who are making use of cloud services to own their data key, and understand key management procedures when data is being used or transferred. More and more cloud providers, such as Vaultive, CipherCloud, TrendMicro and HyTrust have provided appropriate tools that allow business users to have greater control in the use of cloud services. For example, CipherCloud provides a gateway technology that allows business users to encrypt data when in transmission or storage. Meanwhile, the gateway allows enterprises to store the key and manage encrypted data stored in the cloud. The merge of this technique means that any departments can only get the data by the owner of the data, its purpose is to eliminate the behaviour that cloud service providers reveal the key to the third party.  Regionalization People have been always worrying about the server in the United States or other foreign countries because these suppliers are too far away from those enterprises. This concern caused many business users, especially those non-US business users prefer to use the cloud service suppliers in the local area in order to avoid the risk brought by the long distance. In Asia and Africa, especially in China, Many companies are very worried about the technology of these providers. They are now choosing cloud service suppliers outside the United States. Now the global cloud computing providers are distributed everywhere. In the past few years, in different parts of the world, there are hundreds of small public cloud service providers have sprung up, to serve in the local market. Many cloud service providers implement regionalization in order to improve the agility and performance. Conclusion: One of the biggest security worries with the cloud computing model is the sharing of resources. Cloud service providers need to inform their customers on the level of security that they provide on their cloud. Data security is major issue for Cloud Computing. There are many security risks that are associated with the implementation of cloud computing as a software service [6] . Risks can severely damage an organizations reputation and tarnish their cloud databases from recovering. Many organizations have already faced major security breaches and had to strategically overcome those barriers to strengthen their security. As cloud computing systems become more advanced and complex, there needs to be an increase on attention when scanning for possible attacks on those servers. Using different techniques and investing the skills to forecast future attacks will help organizations overcome security challenges and benefit from the database in cloud computing.
MIS 6326: DATA MANAGEMENT 5 References:  [1]: Vahid Ashktorab, , Seyed Reza Taghizadeh. (October 2012).Security threats and countermeasures in Cloud computing. Retreived from International Journal of Application or Innovation in Engineering & Management (IJAIEM)  [2]: “IT Cloud Services User Study,” IDC, Inc., October 2008.  [3]: Press release. (September 2014). Retrieved from Press release for home depot https://corporate.homedepot.com/MediaCenter/Documents/Press%20Release.pdf  [4]: About EMV. Retrieved from http://www.emvco.com/about_emv.aspx  [5]: Press release. (April 2014). Retrieved from “Target Appoints New Chief Information Officer, Outlines Updates on Security Enhancements”, http://pressroom.target.com/news/target-appoints-new-chief-information-officer- outlines-updates-on-security-enhancements  [6]: Rabi Prasad Padhy, Manas Ranjan Patra, Suresh Chandra Satapathy. (December 2011). Cloud Computing: Security Issues and risk challenges. Retrieved from IRACST - International Journal of Computer Science and Information Technology & Security (IJCSITS).  Green, S. (2013, March 12). The Companies and Countries Losing Their Data. Retrieved November 1, 2014, from http://blogs.hbr.org/2013/03/the-companies-and- countries-lo/  Neumann, P. G. (2014). Risks and Myths of Cloud Computing and Cloud Storage. Communications of the ACM, 57(10), 25-27. doi:10.1145/2661049  Phil Kernick, Chief Technology Officer , Balkanization of the Internet, Retrieved NOVEMBER ,15, 2013 from http://cqraustralia.blogspot.com/2013/11/balkanization- ofinternet.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed% 3A+SecurityBloggersNetwork+%28Security+Bloggers+Network%29  Ten ways to protect the data in cloud.(2013).In TechTargetChina. Retrieved August,23,2013,fromhttp://www.searchcloudcomputing.com.cn/showcontent_75964. htm
MIS 6326: DATA MANAGEMENT 6 Questions to audience  Do you think the cost of implementing new security measures will increase as the complexity of the database in the cloud increases?  Do you know any other major breach in security in the past and how did they tackle?  What are your methods for backing up our data? What offerings are available to back up data?

Recomendados

Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Ulf Mattsson
 
ISSA: Cloud data security
ISSA: Cloud data securityISSA: Cloud data security
ISSA: Cloud data securityUlf Mattsson
 
IRJET- Medical Big Data Protection using Fog Computing and Decoy Technique
IRJET- Medical Big Data Protection using Fog Computing and Decoy TechniqueIRJET- Medical Big Data Protection using Fog Computing and Decoy Technique
IRJET- Medical Big Data Protection using Fog Computing and Decoy TechniqueIRJET Journal
 
ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010Ulf Mattsson
 
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonUlf Mattsson
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentIOSR Journals
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkSecurity and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkIOSR Journals
 
Data Storage Issues in Cloud Computing
Data Storage Issues in Cloud ComputingData Storage Issues in Cloud Computing
Data Storage Issues in Cloud Computingijtsrd
 

Recomendados

Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Ulf Mattsson
 
ISSA: Cloud data security
ISSA: Cloud data securityISSA: Cloud data security
ISSA: Cloud data securityUlf Mattsson
 
IRJET- Medical Big Data Protection using Fog Computing and Decoy Technique
IRJET- Medical Big Data Protection using Fog Computing and Decoy TechniqueIRJET- Medical Big Data Protection using Fog Computing and Decoy Technique
IRJET- Medical Big Data Protection using Fog Computing and Decoy TechniqueIRJET Journal
 
ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010Ulf Mattsson
 
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonUlf Mattsson
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentIOSR Journals
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkSecurity and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkIOSR Journals
 
Data Storage Issues in Cloud Computing
Data Storage Issues in Cloud ComputingData Storage Issues in Cloud Computing
Data Storage Issues in Cloud Computingijtsrd
 
Iaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd Iaetsd
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Security and privacy approach of cloud computing
Security and privacy approach of cloud computingSecurity and privacy approach of cloud computing
Security and privacy approach of cloud computingJahangeer Qadiree
 
Where Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the CloudWhere Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the CloudUlf Mattsson
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudKumar Goud
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskCloudMask inc.
 
OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...
OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...
OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...Editor IJMTER
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Ulf Mattsson
 
Towards Achieving Efficient and Secure Way to Share the Data
Towards Achieving Efficient and Secure Way to Share the DataTowards Achieving Efficient and Secure Way to Share the Data
Towards Achieving Efficient and Secure Way to Share the DataIRJET Journal
 
Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing SystemsProposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing SystemsHossam Al-Ansary
 
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...cscpconf
 
Employment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous AuthenticationEmployment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous AuthenticationIRJET Journal
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Peter Wood
 
Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for GovernmentsCloudMask inc.
 
Secure Data Sharing In an Untrusted Cloud
Secure Data Sharing In an Untrusted CloudSecure Data Sharing In an Untrusted Cloud
Secure Data Sharing In an Untrusted CloudIJERA Editor
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the CloudChirag Joshi, CISA, CISM, CRISC
 
Ad4502189193
Ad4502189193Ad4502189193
Ad4502189193IJERA Editor
 
Cloud Auditing
Cloud AuditingCloud Auditing
Cloud AuditingJonathan Sinclair
 
IRJET- Security Enhancement for Sharing Data within Group Members in Cloud
IRJET- Security Enhancement for Sharing Data within Group Members in CloudIRJET- Security Enhancement for Sharing Data within Group Members in Cloud
IRJET- Security Enhancement for Sharing Data within Group Members in CloudIRJET Journal
 
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016Karla Sasser, CPA CITP, CIA, CGMA
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityArunvignesh Venkatesh
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekEr. rahul abhishek
 

Más contenido relacionado

La actualidad más candente

Iaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd Iaetsd
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Security and privacy approach of cloud computing
Security and privacy approach of cloud computingSecurity and privacy approach of cloud computing
Security and privacy approach of cloud computingJahangeer Qadiree
 
Where Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the CloudWhere Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the CloudUlf Mattsson
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudKumar Goud
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskCloudMask inc.
 
OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...
OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...
OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...Editor IJMTER
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Ulf Mattsson
 
Towards Achieving Efficient and Secure Way to Share the Data
Towards Achieving Efficient and Secure Way to Share the DataTowards Achieving Efficient and Secure Way to Share the Data
Towards Achieving Efficient and Secure Way to Share the DataIRJET Journal
 
Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing SystemsProposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing SystemsHossam Al-Ansary
 
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...cscpconf
 
Employment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous AuthenticationEmployment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous AuthenticationIRJET Journal
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Peter Wood
 
Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for GovernmentsCloudMask inc.
 
Secure Data Sharing In an Untrusted Cloud
Secure Data Sharing In an Untrusted CloudSecure Data Sharing In an Untrusted Cloud
Secure Data Sharing In an Untrusted CloudIJERA Editor
 

La actualidad más candente (18)

Iaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd cloud computing and security challenges
Iaetsd cloud computing and security challenges
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefing
 
Security and privacy approach of cloud computing
Security and privacy approach of cloud computingSecurity and privacy approach of cloud computing
Security and privacy approach of cloud computing
 
Where Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the CloudWhere Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the Cloud
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMask
 
OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...
OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...
OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...
 
Towards Achieving Efficient and Secure Way to Share the Data
Towards Achieving Efficient and Secure Way to Share the DataTowards Achieving Efficient and Secure Way to Share the Data
Towards Achieving Efficient and Secure Way to Share the Data
 
Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing SystemsProposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
 
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...
 
Employment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous AuthenticationEmployment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous Authentication
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)
 
Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for Governments
 
Secure Data Sharing In an Untrusted Cloud
Secure Data Sharing In an Untrusted CloudSecure Data Sharing In an Untrusted Cloud
Secure Data Sharing In an Untrusted Cloud
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
 
Ad4502189193
Ad4502189193Ad4502189193
Ad4502189193
 
Cloud Auditing
Cloud AuditingCloud Auditing
Cloud Auditing
 

Similar a Cloud Computing

IRJET- Security Enhancement for Sharing Data within Group Members in Cloud
IRJET- Security Enhancement for Sharing Data within Group Members in CloudIRJET- Security Enhancement for Sharing Data within Group Members in Cloud
IRJET- Security Enhancement for Sharing Data within Group Members in CloudIRJET Journal
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekEr. rahul abhishek
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentIOSR Journals
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentIOSR Journals
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDSweta Kumari Barnwal
 
Data Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationData Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationIJSRD
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxsarah david
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfsarah david
 
DATA SECURITY ON VIRTUAL ENVIRONMENT USING ENCRYPTION STANDARDS
DATA SECURITY ON VIRTUAL ENVIRONMENT USING ENCRYPTION STANDARDSDATA SECURITY ON VIRTUAL ENVIRONMENT USING ENCRYPTION STANDARDS
DATA SECURITY ON VIRTUAL ENVIRONMENT USING ENCRYPTION STANDARDSIRJET Journal
 
Enhanced security framework to ensure data security
Enhanced security framework to ensure data securityEnhanced security framework to ensure data security
Enhanced security framework to ensure data securityeSAT Publishing House
 
Enhanced security framework to ensure data security in cloud using security b...
Enhanced security framework to ensure data security in cloud using security b...Enhanced security framework to ensure data security in cloud using security b...
Enhanced security framework to ensure data security in cloud using security b...eSAT Journals
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekEr. rahul abhishek
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsLindaWatson19
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management ActMichelle Singh
 

Similar a Cloud Computing (20)

IRJET- Security Enhancement for Sharing Data within Group Members in Cloud
IRJET- Security Enhancement for Sharing Data within Group Members in CloudIRJET- Security Enhancement for Sharing Data within Group Members in Cloud
IRJET- Security Enhancement for Sharing Data within Group Members in Cloud
 
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing Environment
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing Environment
 
H017155360
H017155360H017155360
H017155360
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
 
Data Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationData Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud Application
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
 
F017414853
F017414853F017414853
F017414853
 
DATA SECURITY ON VIRTUAL ENVIRONMENT USING ENCRYPTION STANDARDS
DATA SECURITY ON VIRTUAL ENVIRONMENT USING ENCRYPTION STANDARDSDATA SECURITY ON VIRTUAL ENVIRONMENT USING ENCRYPTION STANDARDS
DATA SECURITY ON VIRTUAL ENVIRONMENT USING ENCRYPTION STANDARDS
 
Enhanced security framework to ensure data security
Enhanced security framework to ensure data securityEnhanced security framework to ensure data security
Enhanced security framework to ensure data security
 
Enhanced security framework to ensure data security in cloud using security b...
Enhanced security framework to ensure data security in cloud using security b...Enhanced security framework to ensure data security in cloud using security b...
Enhanced security framework to ensure data security in cloud using security b...
 
1784 1788
1784 17881784 1788
1784 1788
 
1784 1788
1784 17881784 1788
1784 1788
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production Environments
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management Act
 

Último

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Último (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Cloud Computing

  • 1. MIS 6326: DATA MANAGEMENT 1 Research topic: CLOUD COMPUTING AND DATABASE SYSTEMS Submitted by: Research Group 6 ================================================================= Introduction: “We believe we’re moving out of the Ice Age, the Iron Age, the Industrial Age, the Information Age, to the participation age. You get on the Net and you do stuff. You IM, you blog, you take pictures, you publish, you podcast, you transact, you distance learn, you telemedicine. You are participating on the Internet, not just viewing stuff. We build the infrastructure that goes in the data center that facilitates the participation age. We build that big friggin’ Webtone switch. It has security, directory, identity, privacy, storage, compute, the whole Web services stack.” - Scott McNealy, former CEO, Sun Microsystems. This statement by the former CEO of Sun microsystems sums up pretty much what the cloud computing is. Cloud computing is not an innovation, but a means to constructing IT services that use advanced computational power and improved storage capabilities. The main focus of cloud computing from the provider's view as extraneous hardware connected to support downtime on any device in the network, without a change in the users' perspective. Also, the users' software image should be easily transferable from one cloud to another. Though cloud computing is targeted to provide better utilization of resources using virtualization techniques and to take up much of the work load from the client, it is fraught with security risks [1] . The benefits of cloud computing are hard to dispute but the vulnerabilities it possess are also hard to neglect. GTRA research showed that the most common concern about implementing cloud programs was security and privacy, a finding supported by an IDC study of 244 CIOs on cloud computing, in which 75% of respondents listed security as their number-one concern[2] . Security within cloud computing is an especially worrisome issue because of the fact that the devices used to provide services do not belong to the users themselves. Security risks of databases in the cloud The increase in popularity of cloud computing in recent years has caused a tremendous growth of the systems which also poses more security risks. Increasing the size or adding capabilities to the cloud leaves the system to be exposed to many internal and external conflicts. With many security risks, keeping the dependency on cloud computing becomes a big challenge for many firms attempting to grow their databases. The following are the most common security risk cloud databases possess: Data Breach: One of the most common security risks cloud computing faces are data breaches in the system. Data breaches are incidents where sensitive or confidential data are accessed by unauthorized parties. Once that data has been breached, whoever accesses them may view, steal, use, or even manipulate the data to their advantage. These individuals or “groups of organized criminal elements [are] looking to rapidly monetize information [or] have a social
  • 2. MIS 6326: DATA MANAGEMENT 2 or other agendas” (Green, 2013). Many retail stores face this issue when storing data pertaining to customer credit cards. Dealing with the security of these databases in the cloud for many firms becomes a challenge preventing data breaches. Data loss: Another common security risk cloud computing face are data loses. Since the data is stored in a combined database on a cloud, there is a likely chance multiple authorized users can gain access to a single piece of data. With that power, one person can go in a purposely delete the piece of data making it disappear from the database permanently. Data loss can also occur externally from hackers gaining unauthorized access to the system. Once hackers have entered the cloud database, they can manually go in and change data points or wipe out data that is stored causing data loss. Service Hijacking: A third common security risk is service hijacking causing hackers to gain full control of the service and use it to their control. With advanced cloud computing and complex systems, attackers will be able to access the database and hijack the service. Intruders will be able to exploit the service and weaken its security even further making it more vulnerable for other risks. Hackers can gain control of eavesdropping on users and change or delete data that can damage future records. Hijacking causes huge data breaches and data losses for any organization and can severely damage an organizations reputation. Overcoming hijacking can cause difficulty since the database is comprised and vulnerable for more attacks. Security breaches in the past and how it was overcomed  Home depot: Issue: Breach of database security leading to leakage of customer’s credit card information. Information used by hackers for malicious practices. Steps taken: “We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges,” said Frank Blake, chairman and CEO. This statement was issued by Chairman and CEO of Home depot as soon as the investigations revealed a breach in the database security. The company took few steps to regain the lost confidence by the customers. A press release by Home Depot which reads as “The company’s new payment security protection locks down payment data through enhanced encryption, which takes raw payment card information and scrambles it to make it unreadable and virtually useless to hackers. Home Depot’s new encryption technology, provided by Voltage Security, Inc., has been tested and validated by two independent IT security firms.” [3] Home depot also decided to use EMV “Chip and PIN” technology after this major breach of security which compromised the users information and lead to loss of faith in the company. EMV refers to payment chip cards that contain an embedded microprocessor, a type of small computer that provides strong security features and other capabilities not possible with traditional magnetic stripe cards [4] . EMV relies on chip present in the card and the pin supplied by the customer at the merchant purchases rather than verifying signatures to validate the transactions.
  • 3. MIS 6326: DATA MANAGEMENT 3  Target: Issue: Breach in the network of Target Corporation during the timeline of thanksgiving discounts for a period of 2 weeks. It is approximated that around 70 million records were compromised leading to customers information being used by hackers for unauthentic transactions. Steps taken: The retail giant took significant actions to strengthen its network and regain the lost confidence in customers, few of the steps include [5] :  Enhancing monitoring and logging  Includes implementation of additional rules, alerts, centralizing log feeds and enabling additional logging capabilities  Installation of application whitelisting point-of-sale systems  Includes deploying to all registers, point-of-sale servers and development of whitelisting rules  Implementation of enhanced segmentation  Includes development of point-of-sale management tools, review and streamlining of network firewall rules and development of a comprehensive firewall governance process  Includes decommissioning vendor access to the server impacted in the breach and disabling select vendor access points including FTP and telnet protocols  Includes coordinated reset of 445,000 Target team member and contractor passwords, broadening the use of two-factor authentication, expansion of password vaults, disabled multiple vendor accounts, reduced privileges for certain accounts, and developing additional training related to password rotation Target also announced its initiative to shift to the chip-and-PIN enabled cards. It planned to invest around $100 million to expedite the process of transition to chip and pin enabled cards and install supporting softwares and payment devices across all its stores. How to overcome security challenges of cloud computing Despite the limitations and security vulnerabilities, cloud computing continues to be a game changer for small and big enterprises. The security challenges can be overcomed by the following methods:  Data Encryption Major cloud service providers, such as Microsoft, Yahoo and Google have implemented data encryption settings of the end-users' data that they are hosting and managing. For example, Google Cloud Storage can now realize the automatic encryption to the new data written into the disk, and this server-side encryption will soon be used in the old data stored in the Google cloud, in order to protect the security of all data. Microsoft announced they will strengthen the encryption settings of all services provided by Microsoft, including Outlook.com, Office 365,
  • 4. MIS 6326: DATA MANAGEMENT 4 SkyDrive and Windows Azure, etc. This method is extremely important for the security of data which is transmitted between enterprise users and suppliers.  The key management and data ownership Only if key management system is safe, the data encryption will be safe. When the cloud service provider uses encryption method, the user needs to know: If the cloud supplier leaks user’s data, or give the keys over to someone else, their data will be stolen. This concern has stimulated one method to protect the security of the cloud, which has enabled business users who are making use of cloud services to own their data key, and understand key management procedures when data is being used or transferred. More and more cloud providers, such as Vaultive, CipherCloud, TrendMicro and HyTrust have provided appropriate tools that allow business users to have greater control in the use of cloud services. For example, CipherCloud provides a gateway technology that allows business users to encrypt data when in transmission or storage. Meanwhile, the gateway allows enterprises to store the key and manage encrypted data stored in the cloud. The merge of this technique means that any departments can only get the data by the owner of the data, its purpose is to eliminate the behaviour that cloud service providers reveal the key to the third party.  Regionalization People have been always worrying about the server in the United States or other foreign countries because these suppliers are too far away from those enterprises. This concern caused many business users, especially those non-US business users prefer to use the cloud service suppliers in the local area in order to avoid the risk brought by the long distance. In Asia and Africa, especially in China, Many companies are very worried about the technology of these providers. They are now choosing cloud service suppliers outside the United States. Now the global cloud computing providers are distributed everywhere. In the past few years, in different parts of the world, there are hundreds of small public cloud service providers have sprung up, to serve in the local market. Many cloud service providers implement regionalization in order to improve the agility and performance. Conclusion: One of the biggest security worries with the cloud computing model is the sharing of resources. Cloud service providers need to inform their customers on the level of security that they provide on their cloud. Data security is major issue for Cloud Computing. There are many security risks that are associated with the implementation of cloud computing as a software service [6] . Risks can severely damage an organizations reputation and tarnish their cloud databases from recovering. Many organizations have already faced major security breaches and had to strategically overcome those barriers to strengthen their security. As cloud computing systems become more advanced and complex, there needs to be an increase on attention when scanning for possible attacks on those servers. Using different techniques and investing the skills to forecast future attacks will help organizations overcome security challenges and benefit from the database in cloud computing.
  • 5. MIS 6326: DATA MANAGEMENT 5 References:  [1]: Vahid Ashktorab, , Seyed Reza Taghizadeh. (October 2012).Security threats and countermeasures in Cloud computing. Retreived from International Journal of Application or Innovation in Engineering & Management (IJAIEM)  [2]: “IT Cloud Services User Study,” IDC, Inc., October 2008.  [3]: Press release. (September 2014). Retrieved from Press release for home depot https://corporate.homedepot.com/MediaCenter/Documents/Press%20Release.pdf  [4]: About EMV. Retrieved from http://www.emvco.com/about_emv.aspx  [5]: Press release. (April 2014). Retrieved from “Target Appoints New Chief Information Officer, Outlines Updates on Security Enhancements”, http://pressroom.target.com/news/target-appoints-new-chief-information-officer- outlines-updates-on-security-enhancements  [6]: Rabi Prasad Padhy, Manas Ranjan Patra, Suresh Chandra Satapathy. (December 2011). Cloud Computing: Security Issues and risk challenges. Retrieved from IRACST - International Journal of Computer Science and Information Technology & Security (IJCSITS).  Green, S. (2013, March 12). The Companies and Countries Losing Their Data. Retrieved November 1, 2014, from http://blogs.hbr.org/2013/03/the-companies-and- countries-lo/  Neumann, P. G. (2014). Risks and Myths of Cloud Computing and Cloud Storage. Communications of the ACM, 57(10), 25-27. doi:10.1145/2661049  Phil Kernick, Chief Technology Officer , Balkanization of the Internet, Retrieved NOVEMBER ,15, 2013 from http://cqraustralia.blogspot.com/2013/11/balkanization- ofinternet.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed% 3A+SecurityBloggersNetwork+%28Security+Bloggers+Network%29  Ten ways to protect the data in cloud.(2013).In TechTargetChina. Retrieved August,23,2013,fromhttp://www.searchcloudcomputing.com.cn/showcontent_75964. htm
  • 6. MIS 6326: DATA MANAGEMENT 6 Questions to audience  Do you think the cost of implementing new security measures will increase as the complexity of the database in the cloud increases?  Do you know any other major breach in security in the past and how did they tackle?  What are your methods for backing up our data? What offerings are available to back up data?