Cloud Fundamentals and Cyber Security Assessment -2
- What is the ideal web session timeout? - 15/05/2023
- Why is it important for companies to plan for internal threats? - 09/02/2023
- How pentesting differs in various operating systems? - 09/02/2023
Cloud Delivery Models
In a IaaS model too, infrastructure is provided to run applications. The cloud computing approach provides a pay-per-use model for the client and he/she can also scale the service depending on demand; i.e., you have to pay for the processing power, disk space and other computing resources that you have used. IaaS is the service in cloud computing which offers online services that abstract the user from the details of infrastructure including data partitioning, physical computing resources, scaling, security, backup and so on. A cloud provider is in complete control of the infrastructure. Users seek a service that allows them to deploy, manage and scale online services using the provider’s resources and pay for resources that they use. IaaS systems provide scalability, best of breed technology and resources and even have a pay-as-you-go facility.
In a PaaS model, a cloud platform provides an environment on which developers can create and deploy applications without worrying about the number of processors or the amount of memory that the applications will use. A cloud provider receives a payment for providing the platform and the sales and distribution services. PaaS provides a development platform in which development tools are hosted in the cloud and accessed through a browser. By using PaaS, developers can create web applications without installing any tools on their computer and they can deploy these applications without any specialized system administration skills. Google App Engine is an example of the PaaS model. This offers a scalable platform for developing and hosting web applications.
In a traditional model, a customer needs to purchase a software and install it on the customer’s system. The customer could also purchase a maintenance agreement to get patches and other support services. The customer also needs to check the compatibility of the operating system, patch installations etc. The SaaS model offers online software services. In a SaaS model, a customer rents software for use on a subscription or pay-per-use model. By using this model, 11 applications such as word processing or spreadsheets can be accessed as a service on the web. SaaS relieves the overhead of software maintenance for customers. For example, Salesforce.com uses the SaaS model which provides business productivity applications that reside completely on their servers and allows customers to access and customize applications on demand
Cloud Security Vulnerabilities
In a cloud computing system, cloud service models provide different types of services; but it also exposes the system to security risks along with this.
The first vulnerability is that, a hacker may attack the computing facility provided by a cloud through illegal activities. The infrastructure-as-a service (IaaS) model, that is located in the bottom layer, which provides a powerful functionality. This helps users to customize a realistic environment which includes virtual machines running with different operating systems. An attacker can rent these virtual machines, analyze their configurations, find vulnerabilities and attack other customers’ virtual machines that are located within the same cloud. IaaS also enables hackers to attack. For example, consider the case of a brute-force attack, which requires high computing power. Since IaaS supports multiple virtual machines, it provides an ideal platform for hackers to set up attacks.
Another major security risk of cloud models is data loss. Let’s consider the different service models. In a SaaS model, organizations use different applications to process business data and store a customer’s data in data centers. In a PaaS model, developers use data to test software integrity during the system development life cycle (SDLC). In an IaaS cloud model, users create 44 new drives on virtual machines and store data on those drives. In all these cloud models, data can be accessed by unauthorized internal employees, as well as external hackers. Internal employees may be able to access data intentionally or accidently. Using a range of hacking techniques, external hackers gain access to databases in cloud environments.
The third risk is that traditional network attack strategies may be applied to attack different cloud models. Malicious programs that can be uploaded into cloud system that cause damage. Malicious programs can be embedded in a normal command and passed to clouds and executed as valid instances. In order to implement better security mechanisms to protect a cloud environment, it is necessary to identify the possible cloud threats.