About me & Submission details

� Parveen Yadav

� Security Researcher aka Ethical Hacker .

� Working as a Freelancer .

� White Hat Hacking work.

� Few Recognitions :-

� Got listed my name in Google Hall of fame,Amazon,Paypal,Adobe

& Few others.

� Paper Title :- Cloud Computing & Security .

Cloud Computing

What is Cloud Computing ?

� Cloud Computing is a technology used to provide:

� Ease of access to user data, programs and security

� Services anytime and anywhere� Services anytime and anywhere

� Ensuring complete reliability and security

� Reduces the cost of work..least possible expenditure

BASIC Characteristics of Cloud Computing

� Multi-tenancy� Resources in cloud systems can be

shared among a large number of users.

� Improve the efficiency of cloud systems

and save cost for cloud service

providers.

..

� Scalability

� Even when the total work load for a cloud

system increases dramatically, the system

could improve its capacity by adding more

hardware to handle the increased load hardware to handle the increased load

effectively

..

� Elasticity

� A cloud system only delivers the minimum

amount of computing resources that meet

users’ need. The amount of resources provided

to users increase when they need more, and to users increase when they need more, and

decrease when they need less. Users only pay

for whatever they consumed.

..

� Device Independent

� Users can utilize cloud services using

whatever device they have, should it be a

laptop, an iPad or a smartphone, as long as

they have access to the Internet.they have access to the Internet.

..

�Low-cost

� Computing resources are provided by cloud systems.

Users do not need to purchase expensive computers

to perform tasks that need high performanceto perform tasks that need high performance

computing.

..

� Reliability

� Multiple redundant sites are used in cloud systems.

There are always backups available when one or

more sites are down.more sites are down.

History of cloud computing

Evolution� The idea of cloud computing dates as far back as the 1960’s

when John McCarthy envisioned a time when computation

may someday be orgainsed as a public organisation.

� Cloud computing has evolved through a number of phases

which include grid and utility computing ,application service

processing(ASP),software as a service (Saas)

� Grid Computing a form of distributed computing,acting in concert to perform very large

tasks.

� Utility Computing a metered service similar to a traditional public utility such as electricity.

Cloud Computing is an Evolution in IT

4

Major services

Major Services

� Few other types of Clouds�Network as a Service (NaaS)

�Storage as a Service (STaaS)

�Security as a Service (SECaaS)

�Data as a Service (DaaS)

�API as a Service (APIaaS)

Cloud Service Models

� Software as a Service (SaaS)

� Service provider’s apps

� User’s do not manage the Network, Servers, OS, Storage or applications by the user

� Platform as a Service (PaaS)

� User deploys their apps on the cloud� User deploys their apps on the cloud

� Controls their apps

� User’s do not manage Servers, IS, Storage

� Infrastructure as a Service (IaaS)

� User’s get access to the infrastructure to deploy their content

� Doesn’t manage or control the infrastructure

� Does manage or control the OS, storage, apps, selected network components.

Cloud Deployment models

� Public Cloud computing environment are open for

use to anyone who wants to sign up and use them.

� These are run by vendors and applications from

different customers are likely to be mixed together on different customers are likely to be mixed together on

the cloud’s servers, storage systems, and networks.

� Examples of a public cloud: Amazon Web Services and Google's AppEngine .

� A private cloud is basically an organization that

needs more control over their data than they can get

by using a vendor hosted service.

� A hybrid cloud combine both public and private

cloud modelscloud models.

Google Docs

�A cloud based online Office

�Allow you to create, edit and share documents online using web browsers, iPads or even smart phones.even smart phones.

https://docs.google.com/demo/edit?id=scAAVln2yf3it2VCiVf-DUzGg&dt=document#document

Amazon Cloud Drive

�Amazon Cloud Drive is an personal hard drive in a cloud system.

� Store music, videos, photos, and documents on Amazon's servers.

https://www.amazon.com/clouddrive

documents on Amazon's servers.

Dropbox cloud provider

� Dropbox is a file hosting service that offers cloud

storage,file synchronization & client software.

� It allows users to create a special folder on each of their

computers,which dropbox then synchronizes so that it computers,which dropbox then synchronizes so that it

appears to be in the same folder regardless of which

computer is used to view it.

Rate/Price of Cloud Services

How Cloud Works :-

Opportunities and Challenges

� The use of the cloud provides a number of

opportunities:

� It enables services to be used without any

understanding of their infrastructure.

� It potentially lowers the outlay expense for start up � It potentially lowers the outlay expense for start up

companies, as they would no longer need to buy

their own software or servers.

� Cost would be by on-demand pricing.

� Data and services are stored remotely but accessible

from “anywhere”.

22

Advantages Of Cloud Computing

� Lower total cost of ownership.

� Always on, Always available.

� Faster application delivery.

� Improved business continuity.

Platform for easier and faster sharing, mobile� Platform for easier and faster sharing, mobile

workforce.

� Rental pricing model.

� Pay-as–you-go, Try before you buy.

� Lower Infrastructure Cost .

Disadvantages Of Cloud computing

� Security issue

� Data Loss Risks

� Privacy policies

But can we tackle it……How???43% of current cloud users reported a security incident in the past 12 months

Cloud Computing-Attacking methods

� Distributed Denial of Service Attacks (DDoS) .

� Authenticated Risks.

� Data Segregation Risks.

� Web-application Attacking methods.� Web-application Attacking methods.

Distributed Denial of Service Attacks

� Distributed Denial of service (DDoS) attacks means

many node systems attacking one node all at the same

time with a Flood of useless messages to exhaust Web

Server’s resources .

Authenticated Risks

� Authentication is a weak point in a hosted & virtual service’s and

frequently targeted.

� Ways to check the Authenticity of the client :

� Leverage strong two –factor authentication techniques.

� Use of static I.P, Virtual I.P techniques .

� Designated Emplyoee’s Access .

�

Data Segregation Risks

� Data segregation is not easily facilitated in all cloud enviornments

as all the data can’t be segregated acc. To the user needs.Some

customers do not encrypt the data as there are chances for the

encryption itself to destroy the data .

� The compromised servers are shut down whenever a data is

needed to be recovered.The available data is not correctly sent to needed to be recovered.The available data is not correctly sent to

the customer at all times of need.

� When recovering the data there could be instances of replication

of data in multiple sites.

How to safeguard your Cloud Database

Cloud computing & parameter security

firewall .

Few things to know before choosing

.....

� Select the right Cloud service provider .

� Cloud provider Location.

� Market value of cloud provider.

� Pre-Examination Test .

Q & A

• Parveen Yadav

• Contact me :-

• parveen1015@gmail.com

• https://www.facebook.com/proxy.test