SECURITY ISSUES IN CLOUD DATABASES

# Cloud Databases

1. A cloud database is a database that typically runs on a cloud computing platform, such as Amazon EC2 and Rackspace.

2. The cloud database was conceived for the purpose of online data management by using a variety of distributed servers .

3. There are two common deployment models: users can run databases on the cloud independently, using a virtual machine image, or they can purchase access to a database service, maintained by a cloud database provider.

# Advantages of cloud databases

1. The cloud database system makes information

sharing simple and convenient.

2. Easy access to files and data is what a cloud database actually emphasizes. If freak accidents happen, there is no reason for you to worry since all pieces of information are safely kept.

3. A cloud database is far cheaper than that of maintaining an actual server, wherein a lot of other applications are necessary.

4. Being a virtual data storage location, you get every single opportunity of manipulating data wherever you may be.

Security Analysis ProcessStreamlined Identify Assets

• Which assets are we trying to protect?

• What properties of these assets must be maintained? Identify Threats

• What attacks can be mounted?

• What other threats are there (natural disasters, etc.)? Identify Countermeasures

• How can we counter those attacks? Appropriate for Organization-Independent Analysis

• We have no organizational context or policies

Identify Threats

Failures in Provider SecurityAttacks by Other CustomersAvailability and Reliability IssuesLegal and Regulatory Issue

Failures in Provider Security

Explanation

• Provider controls servers, network, etc.

• Customer must trust provider’s security

• Failures may violate CIA principles Countermeasures

• Verify and monitor provider’s security Notes

• Outside verification may suffice

• For SMB, provider security may exceed customer

security

Attacks by Other Customers

Threats

• Provider resources shared with untrusted parties

• CPU, storage, network

• Customer data and applications must be separated

• Failures will violate CIA principles Countermeasures

• Hypervisors for compute separation

• MPLS, VPNs, VLANs, firewalls for network separation

• Cryptography (strong)

• Application-layer separation (less strong)

Availability and Reliability Issues

Threats

• Clouds may be less available than in-house IT

• Complexity increases chance of failure

• Clouds are prominent attack targets

• Internet reliability is spotty

• Shared resources may provide attack vectors

• BUT cloud providers focus on availability Countermeasures

• Evaluate provider measures to ensure availability

• Monitor availability carefully

• Plan for downtime

• Use public clouds for less essential applications

Security issues

1. Middleware muddles2. Authentication3. Regulatory compliance issues in the cloud

1. Middleware muddles1. Middleware is the technology that facilitates

integration of components in a distributed system.. 2. It is software that allows elements of applications

to interoperate across network links, despite differences in

underlying communications protocols, system architectures, other application services.3. Middleware makes it possible to develop

architectural patterns that represent innovative design solutions

for specific system design problems.

4. Managers report that unwanted middleware access to the database causes security breaches.

5. To avoid this hassle, security and database administrators must stop unauthorized database access from middleware components, including the application server, which can be treated as a middleware in this scenario..

6. Also, you can cement database security by using trusted/secured connections and communications between middleware and the database and proven/standardized authentication mechanisms.

2. Authentication1. Authentication is the process of confirming a user or

computer’s identity.2. The process normally consists of four steps:

1. The user makes a claim of identity, usually by providing a username. For example, I might make this claim by telling a database that my username is “mchapple”.2. The system challenges the user to prove his or her identity. The most common challenge is a request for a password.3. The user responds to the challenge by providing the requested proof. In this example, I would provide the database with my password4. The system verifies that the user has provided acceptable proof by, for example, checking the password against a local password database or using a centralized authentication server

3. Regulatory compliance issues in the cloud

1. Despite these notable anticipated benefits, commercial acceptance of cloud databases their growth has been somewhat slower than many expected.

2. An important factor behind this apparent reluctance to embrace cloud computing is uncertainty regarding regulatory compliance issues associated with activities in the cloud.

3. There is uncertainty as to the specific regulatory requirements applicable to the cloud.

4. In the cloud environment, location matters, especially from a legal standpoint.

5. Cloud computing contracts should include many data protection provisions, but cloud computing service providers may not agree to them.

6. The use of cloud services could sacrifice an entity’s ability to comply with several laws and regulations and could put sensitive data at risk.

THANK YOU