Cloud computing security

Cloud computing security refers to the set of techniques, protection controls, and security policy to secure the application, data, and related infrastructure components on the cloud infrastructure.

While the introduction of cloud computing and big data in organizations helps solve the maintenance overhead of on premise software, platform, and/or infrastructure, this model also reminds us of the security concerns as aforementioned are being maintained on third-party data centers. Even though the cloud application providers are coming up their own security features, application teams should ensure that their components are deployed with application security in the cloud practice.

Cloud security controls such as deterrent, preventive, detective, and corrective controls are referred by security management to address the cloud security issues.

Different security policies such as identity management (SSO/CloudID) and the physical and privacy policy (data masking / encryption) should be engaged to ensure the cloud applications are secured.

If you are dealing with the data on cloud, the corresponding confidentiality, integrity, and access control policies should be incorporated.

More advanced encryption algorithms are available in the market such as Ciphertext Policy Attribute Based Encryption (CP-ABE) / Key Policy Attribute Based Encryption (KP – ABE), Fully Homomorphic Encryption (FHE), and Searchable Encryption (SE) with the features like crypto shredding, which can clear the cryptographic keys when the related data usage is complete, which are more appropriate for cloud information exchange.

Services such as Identity and Access Management (IAM), governance, and authentication should be thoroughly reviewed, and cloud-based solutions should be added to these services. The following diagram shows a glimpse of such services in each area of the application portfolio:

As the cloud infrastructure allows multiple organizations to host their applications and data on a common service provider, the changes made in the secure information of one organization is accessible to other organization's applications, if no proper data isolation and logical storage segregation is engaged.

Security as a service (SECaaS): Cloud service providers are offering security services, including authentication, antivirus/malware/spyware, security events, and intrusion detection and management, and delivering these as a cloud service called as SECaaS.

For the applications on cloud and the ones that are intranet-based, the Internet security services and protection with no additional hardware is the biggest advantage of SECaaS.

Cloudbric, Incapsula, AIONCLOUD, and Cloudflare are some of the cloud security offerings.

While the security solutions can be delivered in gateway, hub, and spoke (Inline/management) models, they can be classified based on the functionality as:

  • Identity and access management
  • Endpoint security
  • Network, messaging, and web security
  • Security and vulnerability management

The following diagram shows some of the security solutions for these categories:

Java 9 comes up with the features that include the enhancements to the security to support cloud and distributed platforms. Let's now review some of the interesting security enhancements in java 9.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset