Author Box
Articles Categories
All Categories
Articles Resources

Security Consideration for Cloud Applicatons

June 19, 2012 | Comments: 0 | Views: 164

Be it Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS), cloud environments pose an increased threat to applications data and security practices need to give due consideration to the nuances that exist in cloud environments.

The steps to secure an application on a cloud computing infrastructure and the types of potential vulnerabilities depend on the cloud deployment models. Private cloud vulnerabilities closely match traditional IT architecture vulnerabilities but public cloud infrastructure, however, requires an organizational rethink of security architecture and processes. A secure cloud implementation must not only address the risks of confidentiality, integrity, and availability, but also the risks to data storage and access control.

Some of the common security considerations of applications in a cloud environment can be classified into following categories:

1. Application Lock in

SaaS providers typically develop a custom application tailored to the needs of their target market. Customer data is stored in a custom database schema designed by the SaaS provider. Most SaaS providers offer API calls to read and export data records. However, if the provider does not offer a readymade data 'export' routine, the customer will need to develop a program to extract their data. SaaS customers with a large user-base can incur very high switching costs when migrating to another SaaS provider and end-users could have extended availability issues.

2. Vulnerabilities related to Authentication, Authorization and Accounting

A poor system design could lead to unauthorized access to resources or privileges escalation, the cause of these vulnerabilities could include:

a. Insecure storage of cloud access credentials by customer;

b. Insufficient roles management;

c. Credentials stored on a transitory machine.

Weak password policies or practices can expose corporate applications and stronger or two-factor authentication for accessing cloud resources is highly recommended.

3. User Provisioning and De-provisioning Vulnerabilities

Provisioning and De-provisioning can cause concern for the following reasons:

a. Lack of control of the provisioning process;

b. Identity of users may not be adequately verified at registration;

c. Delays in synchronization between cloud system components;

d. Multiple, unsynchronized copies of identity data;

e. Credentials are vulnerable to interception and replay;

f. De-provisioned credentials may still valid due to time delays in roll-out of a revocation.

4. Weak or lack of encryption of archives and data in transit

Unencrypted data or use of weak encryption for archived or data in transit pose great threat to the authenticity, confidentiality and integrity of the data.

Organizations are recommended to define encryption approaches for applications based on a host of factors such as data forms that are available in the cloud, the cloud environment and encryption technologies to name a few.

5. Vulnerability assessment and Penetration testing process

The type of cloud model will have an impact on the type or possibility carrying out penetration testing. For the most part, Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) clouds will permit pen testing. However, Software as a Service (SaaS) providers are not likely to allow customers to pen test their applications and infrastructure. Customers normally have to rely on the testing carried out on the infrastructure as a whole and this might not suit the security requirements of some.

6. Lack of forensic readiness

While the cloud has the potential to improve forensic readiness, many providers do not provide appropriate services and terms of use to enable this. For example, SaaS providers will typically not provide access to the IP, firewall or systems logs.

7. Sanitization of sensitive media

Shared tenancy of physical storage resources means that data destruction policies can be hampered for example; it may not be possible to physically destroyed media because a disk may still be used by another SaaS customer or the disk that stored your data may be difficult to locate.

8. Storage of data in multiple jurisdiction

Data store in different or even multiple jurisdictions could leave the company vulnerability to unfavorable regulatory requirements. Companies may unknowingly violate regulations, especially if clear information is not provided about the jurisdiction of storage.

9. Audit or certification not available to customer

The cloud provider cannot provide any assurance to the customer via audit certification

For instance, some CP are using open source hypervisors or customized versions of them (e.g., Xen) which have not reached any common criteria certification, which is a fundamental requirement for some organizations (e.g., US government agencies).

Cloud is surely going to be the next big thing and is going to change the way businesses work. Security is the biggest concern for the cloud applications but reducing the vulnerable aspects of a Cloud system can reduce the risk and impact of threats on the system.

Source: EzineArticles
Was this Helpful ?

Rate this Article

Article Tags:

Cloud Computing


Cloud Security


Security Consideration


Cloud Environment


Cloud Environments

Hence the professional search engine services are very beneficial and also help to increase traffic and clients on your site. This is also helpful to attain target and increase sale. Is you have

By: Mukesh Kumar l Internet Businesses > SEO l December 28, 2012 lViews: 347

Some people are still unaware about how helpful the redesigning of website can be for them. In order to have a better understanding, these people should have clear knowledge the importance of website

By: dauly rani l Internet Businesses > Web Design l December 27, 2012 lViews: 411

If you use SEO, Montreal is a great location for tapping an online audience because of the city's sophisticated business landscape. For your small Montreal business, maximizing your blog's visibility

By: quincycovillon l Internet Businesses > SEO l November 16, 2012 lViews: 218

As it is a well known fact that website development carries big dream of people; it is none other than revenue generation quickly. Although many people fantasize that creating and building website

By: Mohsen Ansari l Internet Businesses > SEO l November 16, 2012 lViews: 267

Today everybody is after a successful business and to make a business successful one goes to any length resorting to different tactics. If anyone has an online business, he must be trying best to

By: suresh chakma l Internet Businesses > SEO l November 04, 2012 lViews: 216

Website development has transpired as an industry in the last decade. A company or a person develops web sites to be placed on the World Wide Web in the field of web development. Here Helena tries to

By: newagesmb l Internet Businesses > Web Development l October 26, 2012 lViews: 203

Credit card fraud and chargebacks are fast becoming major merchant concerns, and the statistics are rising. Credit card validation and other security measures are no longer just optional - fraud is a

By: Peggy J Meeksl Internet Businesses > Securityl June 26, 2012 lViews: 194

At some point of time when you are on online, you might have visited a website and have seen some sort of security emblem present in the website. Most of people frequently see it and don't know what

By: Mary Thomsonl Internet Businesses > Securityl June 25, 2012 lViews: 141

Location-based services are increasing in popularity all the time. But are we opening ourselves up to a world of pain and potential abuse through the use of such services?

By: Lee Hezzlewoodl Internet Businesses > Securityl June 23, 2012 lViews: 167

Organisations with an online presence need to consider the security of their websites as well as it's look and feel, functionality and usefulness as a marketing tool. Otherwise there could be serious

By: Lee Hezzlewoodl Internet Businesses > Securityl June 23, 2012 lViews: 178

One of the most important things to remember is that by enhancing website security you can easily enhance the total amount of sales. If a customer feels secure they are more likely to purchase. Check

By: Brandon Allredl Internet Businesses > Securityl June 22, 2012 lViews: 176

If a professional hacker enters your system or gains access to your website, he could do a lot of damage to your online business. Read this article to see how you can keep your website safe.

By: Brandon Allredl Internet Businesses > Securityl June 22, 2012 lViews: 161

Discuss this Article

comments powered by Disqus