Information Technology Reference
In-Depth Information
19.5 Cloud Security Solutions
Here is an overview of what cloud users can and should do to minimize
security risks regarding data handling by the Cloud Service Provider (CSP).
First, users should evaluate the security policies and the mechanism the CSP
has in place to enforce these policies. Then users should analyze the informa-
tion that would be stored and processed on the cloud. Finally, the contractual
obligations should be clearly spelled out. The contract between the user and
the CSP should do the following:
• State explicitly the CSP's obligations to securely handle sensitive
information and its obligation to comply with privacy laws
• Spell out CSP liabilities for mishandling sensitive information
• Spell out CSP liabilities for data loss
• Spell out the rules governing the ownership of the data
• Specify the geographical regions where information and backups
can be stored
To minimize security risks, a user may try to avoid processing sensitive data
on a cloud.
19.5.1 Aspects of Cloud Security Solutions
19.5.1.1 Operating System Security
Operating System (OS) is a complex software system consisting of millions
of lines of code, and it is vulnerable to a wide range of malicious attacks. An
OS does not insulate completely one application from another, and once an
application is compromised, the entire physical platform and all applications
running on it can be affected. The platform security level is thus reduced
to the security level of the most vulnerable application running on the plat-
form. Operating systems provide only weak mechanisms for applications to
authenticate to one another and do not have a trusted path between users
and applications. These shortcomings add to the challenges of providing
security in a distributed computing environment.
An OS allows multiple applications to share the hardware resources
of a physical system, subject to a set of policies. A critical function of an
OS is to protect applications against a wide range of malicious attacks
such as unauthorized access to privileged information, tampering with
executable code, and spoofing. Such attacks can now target even single-
user systems such as personal computers, tablets, or smartphones. Data
brought into the system may contain malicious code; this could occur via
a Java applet, or data imported by a browser from a malicious Website.
The existence of trusted paths, mechanisms supporting user interactions
Search WWH ::
Custom Search