User:Cmg373/Cloud computing security

Cloud security controls
Cloud security architecture is effective only if the correct defensive implementations are in place. An efficient cloud security architecture should recognize the issues that will arise with security management and follow all of the best practices, procedures, and guidelines to ensure a secure cloud environment. The security management addresses these issues with security controls. These controls protect cloud environments and are put in place to safeguard any weaknesses in the system and reduce the effect of an attack. While there are many types of controls behind a cloud security architecture, they can usually be found in one of the following categories:


 * Deterrent controls
 * These controls are administrative mechanisms intended to reduce attacks on a cloud system, and are utilized to ensure compliance with external controls. Much like a warning sign on a fence or a property, deterrent controls typically reduce the threat level by informing potential attackers that there will be adverse consequences for them if they proceed . (Some consider them a subset of preventive controls.) Examples of such controls could be considered as policies, procedures, standards, guidelines, laws, and regulations that guide an organization towards security. Although most malicious actors ignore such deterrent controls, such controls are intended to ward off those who are inexperienced or curious of compromising the IT infrastructure of an organization.


 * Preventive controls
 * The main objective of preventive controls is to strengthen the system against incidents, generally by reducing if not actually eliminating vulnerabilities, as well as preventing unauthorized intruders from accessing or entering the system . Such controls could be seen as software or feature implementations such as Firewall protection, endpoint protection, and multi-factor authentication. Additionally, educating individuals through security awareness training and exercises is included in such controls due to human error being the weakest point of security. Strong authentication of cloud users, for instance, makes it less likely that unauthorized users can access cloud systems, and more likely that cloud users are positively identified. All in all, preventative controls affect the likelihood of a loss event occurring, and are intended to prevent or eliminate the systems’ exposure to malicious action.


 * Detective controls
 * Detective controls are intended to detect and react appropriately to any incidents that occur. In the event of an attack, a detective control will signal the preventative or corrective controls to address the issue. Detective security controls function not only when such an activity is in progress and after it has occurred. System and network security monitoring, including intrusion detection and prevention arrangements, are typically employed to detect attacks on cloud systems and the supporting communications infrastructure. Most organizations acquire or create a dedicated security operations center (SOC), where dedicated members continuously monitor the organization’s IT infrastructure through logs and Security Information and Event Management (SIEM) software. SIEM’s are security solutions that help organizations and security teams analyze “log data in real-time for swift detection of security incidents.” SIEMS are not the only examples of detective controls. There are also Physical security controls, Intrusion detection systems, and anti-virus/anti-malware tools, which all have different functions centered around the exact purpose of detecting security compromises within an IT infrastructure.


 * Corrective controls
 * Corrective controls reduce the consequences of an incident, generally by limiting the damage. Such controls include technical, physical, and administrative measures that occur during or after an incident to restore the systems or resources to their previous state after a security incident. There are plenty of examples of corrective controls, both physical and technical. For instance, re-issuing an access card or repairing physical damage can be considered corrective controls. However, technical controls such as terminating a process and administrative controls such as implementing an incident response plan could also be considered corrective controls. Corrective controls are focused on recovering and repairing any damage caused by a security incident or unauthorized activity.

There are numerous security threats associated with cloud data services. This includes traditional threats and non-traditional threats. Traditional threats include: network eavesdropping, illegal invasion, and denial of service attacks, but also specific cloud computing threats, such as side channel attacks, virtualization vulnerabilities, and abuse of cloud services. In order to mitigate these threats security controls often rely on monitoring the three areas of the CIA triad. The CIA Triad refers to confidentiality, integrity, as well as access controllability which can be further understood from the following.

It is important to note that many effective security measures cover several or all of the three categories. Encryption for example prevents unauthorized access and as a result ensures the confidentiality, availability, and integrity of the data. Backups on the other hand generally only cover integrity and firewalls only cover confidentiality and access controllability.

Confidentiality
Data confidentiality is the property that data contents are not made available or disclosed to illegal users. Outsourced data is stored in a cloud and out of the owners' direct control. Only authorized users can access the sensitive data while others, including CSPs, should not gain any information of the data. Meanwhile, data owners expect to fully utilize cloud data services, e.g., data search, data computation, and data sharing, without the leakage of the data contents to CSPs or other adversaries. Confidentiality refers to how data must be kept strictly confidential to the owner of said data

An example of a security control that covers confidentiality is encryption so that only authorized users can access the data.

Access controllability
Access controllability means that a data owner can perform the selective restriction of access to their data outsourced to the cloud. Legal users can be authorized by the owner to access the data, while others can not access it without permissions. Further, it is desirable to enforce fine-grained access control to the outsourced data, i.e., different users should be granted different access privileges with regard to different data pieces. The access authorization must be controlled only by the owner in untrusted cloud environments.

Access control can also be referred to as availability. While unauthorized access should be strictly prohibited, access for administrative or even consumer uses should be allowed but monitored as well. Availability and Access controls ensure that the proper amount of permissions are granted to the correct persons.

Integrity
Data integrity demands maintaining and assuring the accuracy and completeness of data. A data owner always expects that her or his data in a cloud can be stored correctly and trustworthily. It means that the data should not be illegally tampered with, improperly modified, deliberately deleted, or maliciously fabricated. If any undesirable operations corrupt or delete the data, the owner should be able to detect the corruption or loss. Further, when a portion of the outsourced data is corrupted or lost, it can still be retrieved by the data users. Effective integrity security controls go beyond protection from malicious actors and also protect data from unintentional alterations as well.

An example of a security control that covers integrity is automated backups of information.

Risks and vulnerabilities of Cloud Computing
While cloud computing is on the cutting edge of information technology there are risks and vulnerabilities to consider before investing fully in it. Security controls and services do exist for the cloud but as with any security system they are not guaranteed to succeed. Furthermore, some risks extend beyond asset security and may involve issues in productivity and even privacy as well.

Privacy Concerns:
Cloud computing is still an emerging technology and thus is developing in relatively new technological structures. As a result, all cloud services must undertake Privacy Impact Assessments or PIAs before releasing their platform. Consumers as well that intend to use clouds to store their customer’s data must also be aware of the vulnerabilities of having non-physical storage for private information.

Unauthorized Access to Management interface:
Due to the autonomous nature of the cloud, consumers are often given management interfaces to monitor their databases. By having controls in such a congregated location and by having the interface be easily accessible for convenience for users, there is a possibility that a single actor could gain access to the cloud’s management interface; giving them a great deal of control and power over the database.

Data Recovery Vulnerabilities:
The cloud’s capabilities with allocating resources as needed often result in resources in memory and otherwise being recycled to another user at a later event. For these memory or storage resources, it could be possible for current users to access information left by previous ones.

Internet Vulnerabilities:
The cloud requires an internet connection and therefore internet protocols to access. Therefore it is open to many internet protocol vulnerabilities such as man-in-the-middle attacks. Furthermore by having a heavy reliance on internet connectivity, if the connection fails consumers will be completely cut off from any cloud resources.

Encryption Vulnerabilities:
Cryptography is an ever-growing field and technology. What was secure 10 years ago may be considered a significant security risk by today’s standards. As technology continues to advance and older technologies grow old, new methods of breaking encryptions will emerge as well as fatal flaws in older encryption methods. Cloud providers must keep up to date with their encryption as the data they typically contain is especially valuable.

Legal issues:
Privacy legislation often varies from country to country. By having information stored via the cloud it is difficult to determine under which jurisdictions the data falls under. Transborder clouds are especially popular given that the largest companies transcend several countries. Other legal dilemmas from the ambiguity of the cloud refer to how there is a difference in privacy regulation between information shared between and information shared inside of organizations. This creates a scenario in which data transfer is easy across borders, but may come with repercussions if not done lawfully. It is important to understand the relationship between data privacy and security laws as some countries include conflicting laws as seen with the United States and Argentina.

Security and privacy

 * Identity management
 * Every enterprise will have its own identity management system to control access to information and computing resources. Cloud providers either integrate the customer's identity management system into their own infrastructure, using federation or SSO technology, or a biometric-based identification system, or provide an identity management system of their own. CloudID, for instance, provides privacy-preserving cloud-based and cross-enterprise biometric identification. It links the confidential information of the users to their biometrics and stores it in an encrypted fashion. Making use of a searchable encryption technique, biometric identification is performed in encrypted domain to make sure that the cloud provider or potential attackers do not gain access to any sensitive data or even the contents of the individual queries.


 * Physical security
 * Cloud service providers physically secure the IT hardware (servers, routers, cables etc.) against unauthorized access, interference, theft, fires, floods etc. and ensure that essential supplies (such as electricity) are sufficiently robust to minimize the possibility of disruption. This is normally achieved by serving cloud applications from 'world-class' (i.e. professionally specified, designed, constructed, managed, monitored and maintained) data centers.


 * Personnel security
 * Various information security concerns relating to the IT and other professionals associated with cloud services are typically handled through pre-, para- and post-employment activities such as security screening potential recruits, security awareness and proactively implementing training programs. Keeping employees trained and informed helps reduce the possibility of social engineering attacks. These attacks have become increasingly popular as they require little to no technical knowledge and rely on social interaction to gain access to restricted areas and information. Security measures should be reviewed with employees once a year to ensure accurate and useful information as it pertains to security. The successful implementation of security practices with employees helps secure intellectual property of both the company and its clients utilizing the cloud based service.


 * Privacy
 * Providers ensure that all critical data (credit card numbers, for example) are masked or encrypted and that only authorized users have access to data in its entirety. Moreover, digital identities and credentials must be protected as should any data that the provider collects or produces about customer activity in the cloud. As it pertains to cloud services, different countries institute different laws on data privacy and protection. An important factor when considering data privacy is the location of the service provider. Cloud based services here in the United States will offer security and privacy that many of us are accustomed to, but this is not the case globally. An important part of protection laws usually extensively covers data consent, and how an employer or other “data user” can access employee or customer data. Consent laws are a means of protection for employees and customers as companies increasingly collect information on these individuals. An example of conflicting data privacy laws is evident in countries like Argentina and Spain who include exception clauses when obtaining consent to further protect the individuals privacy . Due to these differences in data privacy, data can only be shared with countries that follow similar policy, which does not include the United States of America. Understanding data privacy laws of not only your residence but also service providers can help ensure that your data is properly protected.

Cloud Vulnerability and Penetration Testing
Scanning the cloud from outside and inside using free or commercial products is crucial because without a hardened environment your service is considered a soft target. Virtual servers should be hardened just like a physical server against data leakage, malware, and exploited vulnerabilities. "Data loss or leakage represents 24.6% and cloud related malware 3.4% of threats causing cloud outages”

Scanning and penetration testing from inside or outside the cloud must be authorized by the cloud provider. Since the cloud is a shared environment with other customers or tenants, following penetration testing rules of engagement step-by-step is a mandatory requirement. Violation of acceptable use policies can lead to termination of the service. Some key terminology to grasp when discussing penetration testing is the difference between application and network layer testing. Understanding what is asked of you as the tester is sometimes the most important step in the process. The network-layer testing refers to testing that includes internal/external connections as well as the interconnected systems throughout the local network. Oftentimes, social engineering attacks are carried out, as the most vulnerable link in security is often the employee.

White-box Testing

Testing under the condition that the “attacker” has full knowledge of the internal network, it’s design, and implementation.

Grey-box Testing

Testing under the condition that the “attacker” has partial knowledge of the internal network, it’s design, and implementation.

Black-box Testing

Testing under the condition that the “attacker” has no prior knowledge of the internal network, it’s design, and implementation.

Attacks
There are several different types of attacks on cloud computing, one that is still very much untapped into is infrastructure compromise. Though not completely known it is listed as the attack with the highest amount of payoff. What makes this so dangerous is the person carrying out the attack is able to gain a level of privilege to having essentially root access to the machine. It is very hard to defend against attacks like these because they are so unpredictable and unknown, attacks of this type are also called zero day exploits because they are difficult to defend against since the vulnerabilities were previously unknown and unchecked until the attack has already occurred.

DoS attacks aim to have systems be unavailable to its users. Since cloud computing software are used by large numbers of people, resolving these attacks is increasingly difficult. Now with cloud computing on the rise  this has left new opportunities for attacks because of virtualization of data centers and cloud services being utilized more.

With the global pandemic that started early 2020 taking effect there was a massive shift to remote work, because of this companies became more reliant on the cloud. This massive shift has not gone unnoticed especially by cybercriminals and bad actors, many of which saw the opportunity to attack the cloud because of this new remote work environment. Companies have to constantly remind their employees to keep constant vigilance especially remotely. Constantly keeping up to date with the latest security measures and policies, mishaps in communication are some of the things that these cybercriminals are looking for and will prey upon.

Moving work to the household was critical for work to be able to continue, but as the move to remote work happened, several security issues arose quickly. The need for data privacy, using applications, personal devices, the internet all came to the forefront. The pandemic has had large amounts of data be generated especially in the healthcare sector. Big data is accrued for the healthcare sector now more than ever due to the growing coronavirus pandemic. The cloud has to be able to organize and share the data with its users securely. Quality of data looks for four things: accuracy, redundancy, completeness and consistency.

Users had to think about the fact that massive amounts of data are being shared globally. Different countries have certain laws and regulations that have to be adhered to. Differences in policy and jurisdiction give rise to risk involved with the cloud. Workers are using their personal devices more now that they are working from home. Criminals see this increasingly as an opportunity to exploit people, software is developed to infect peoples devices and gain access to their cloud. The current pandemic has put people in a situation where they are incredibly vulnerable and susceptible to attacks. The change to remote work was so sudden that many companies simply were unprepared to deal with the tasks and subsequent workload they have found themselves deeply entrenched in. Tighter security measures have to be put in place to ease that new found tension within organizations.

Encryption
Some advanced encryption algorithms which have been applied into cloud computing increase the protection of privacy. In a practice called crypto-shredding, the keys can simply be deleted when there is no more use of the data.

Attribute-based encryption (ABE)
Attribute-based encryption is a type of public-key encryption in which the secret key of a user and the ciphertext are dependent upon attributes (e.g. the country in which he lives, or the kind of subscription he has). In such a system, the decryption of a ciphertext is possible only if the set of attributes of the user key matches the attributes of the ciphertext.

Some of the strengths of Attribute-based encryption are that it attempts to solve issues that exist in current public-key infrastructure(PKI) and identity-based encryption(IBE) implementations. By relying on attributes ABE circumvents needing to share keys directly, as with PKI, as well as having to know the identity of the receiver, as with IBE.

These benefits come at a cost as ABE suffers from the decryption key re-distribution problem. Since decryption keys in ABE only contain information regarding access structure or the attributes of the user it is hard to verify the user’s actual identity. Thus malicious users can intentionally leak their attribute information so that unauthorized users can imitate and gain access.

Ciphertext-policy ABE (CP-ABE)
Ciphertext-policy ABE (CP-ABE) is a type of public-key encryption. In the CP-ABE, the encryptor controls the access strategy. The main research work of CP-ABE is focused on the design of the access structure. A ciphertext-policy attribute-based encryption scheme consists of four algorithms: Setup, Encrypt, KeyGen, and Decrypt. The Setup algorithm takes security parameters and an attribute universe description as input and outputs public parameters and a master key. The encryption algorithm takes data as an input. It then encrypts it to produce ciphertext that only a user that possesses a set of attributes that satisfies the access structure will decrypt the message. The KeyGen algorithm then takes the master key and the user’s attributes to develop a private key. Finally, the Decrypt algorithm takes the public parameters, the ciphertext, the private key, and user attributes as input. With this information, the algorithm first checks if the users’ attributes satisfy the access structure and then decrypts the ciphertext to return the data.

Key-policy ABE (KP-ABE)
Key-policy Attribute-Based Encryption, or KP-ABE, is an important type of Attribute-Based Encryption. KP-ABE allows senders to encrypt to their messages under a set of attributes, much like any Attribute Based Encryption system. For each each encryption, private user keys are then generated which contain decryption algorithms for deciphering the message and these private user keys grant users access to specific messages that they correspond to. In a KP-ABE system, ciphertexts, or the encrypted messages, are tagged by the creators with a set of attributes, while user's private keys are issued that specify which type of ciphertexts the key can decrypt. The private keys control which cipher texts a user is able to decrypt. In KP-ABE, the attribute sets are used to describe the encrypted texts and the private keys are associated to specified policy that users will have for the decryption of the ciphertexts. A drawback to KP-ABE is that in KP-ABE the encryptor does not control who has access to the encrypted data, except through descriptive attributes, which creates a reliance on the key-issuer granting and denying access to users. Hence, the creation of other ABE systems such as Ciphertext-Policy Attribute-Based Encryption.

Fully homomorphic encryption (FHE)
Fully Homomorphic Encryption is a cryptosystem that supports arbitrary computation on ciphertext and also allows computing sum and product for the encrypted data without decryption. . Another interesting feature of Fully Homomorphic Encryption or FHE for short is that it allows operations to be executed without the need of a secret key. FHE has been linked not only to cloud computing but electronic voting as well. Fully Homomorphic Encryption has been especially helpful with the development of cloud computing and computing technologies. However as these systems are developing the need for cloud security has also increased. FHE aims to secure data transmission as well as cloud computing storage with its encryption algorithms. Its goal is to be a much more secure and efficient method of encryption on a larger scale to handle the massive capabilities of the cloud.

Searchable encryption (SE)
Searchable encryption is a cryptographic system which offer secure search functions over encrypted data. SE schemes can be classified into two categories: SE based on secret-key (or symmetric-key) cryptography, and SE based on public-key cryptography. In order to improve search efficiency, symmetric-key SE generally builds keyword indexes to answer user queries. This has the obvious disadvantage of providing multimodal access routes for unauthorized data retrieval, bypassing the encryption algorithm by subjecting the framework to alternative parameters within the shared cloud environment.