security issues in cloud database
DESCRIPTION
TRANSCRIPT
SECURITY ISSUES IN CLOUD DATABASES
# Cloud Databases
1. A cloud database is a database that typically runs on a cloud computing platform, such as Amazon EC2 and Rackspace.
2. The cloud database was conceived for the purpose of online data management by using a variety of distributed servers .
3. There are two common deployment models: users can run databases on the cloud independently, using a virtual machine image, or they can purchase access to a database service, maintained by a cloud database provider.
# Advantages of cloud databases
1. The cloud database system makes information
sharing simple and convenient.
2. Easy access to files and data is what a cloud database actually emphasizes. If freak accidents happen, there is no reason for you to worry since all pieces of information are safely kept.
3. A cloud database is far cheaper than that of maintaining an actual server, wherein a lot of other applications are necessary.
4. Being a virtual data storage location, you get every single opportunity of manipulating data wherever you may be.
Security Analysis ProcessStreamlined Identify Assets
• Which assets are we trying to protect?
• What properties of these assets must be maintained? Identify Threats
• What attacks can be mounted?
• What other threats are there (natural disasters, etc.)? Identify Countermeasures
• How can we counter those attacks? Appropriate for Organization-Independent Analysis
• We have no organizational context or policies
Identify Threats
Failures in Provider SecurityAttacks by Other CustomersAvailability and Reliability IssuesLegal and Regulatory Issue
Failures in Provider Security
Explanation
• Provider controls servers, network, etc.
• Customer must trust provider’s security
• Failures may violate CIA principles Countermeasures
• Verify and monitor provider’s security Notes
• Outside verification may suffice
• For SMB, provider security may exceed customer
security
Attacks by Other Customers
Threats
• Provider resources shared with untrusted parties
• CPU, storage, network
• Customer data and applications must be separated
• Failures will violate CIA principles Countermeasures
• Hypervisors for compute separation
• MPLS, VPNs, VLANs, firewalls for network separation
• Cryptography (strong)
• Application-layer separation (less strong)
Availability and Reliability Issues
Threats
• Clouds may be less available than in-house IT
• Complexity increases chance of failure
• Clouds are prominent attack targets
• Internet reliability is spotty
• Shared resources may provide attack vectors
• BUT cloud providers focus on availability Countermeasures
• Evaluate provider measures to ensure availability
• Monitor availability carefully
• Plan for downtime
• Use public clouds for less essential applications
Security issues
1. Middleware muddles2. Authentication3. Regulatory compliance issues in the cloud
1. Middleware muddles1. Middleware is the technology that facilitates
integration of components in a distributed system.. 2. It is software that allows elements of applications
to interoperate across network links, despite differences in
underlying communications protocols, system architectures, other application services.3. Middleware makes it possible to develop
architectural patterns that represent innovative design solutions
for specific system design problems.
4. Managers report that unwanted middleware access to the database causes security breaches.
5. To avoid this hassle, security and database administrators must stop unauthorized database access from middleware components, including the application server, which can be treated as a middleware in this scenario..
6. Also, you can cement database security by using trusted/secured connections and communications between middleware and the database and proven/standardized authentication mechanisms.
2. Authentication1. Authentication is the process of confirming a user or
computer’s identity.2. The process normally consists of four steps:
1. The user makes a claim of identity, usually by providing a username. For example, I might make this claim by telling a database that my username is “mchapple”.2. The system challenges the user to prove his or her identity. The most common challenge is a request for a password.3. The user responds to the challenge by providing the requested proof. In this example, I would provide the database with my password4. The system verifies that the user has provided acceptable proof by, for example, checking the password against a local password database or using a centralized authentication server
3. Regulatory compliance issues in the cloud
1. Despite these notable anticipated benefits, commercial acceptance of cloud databases their growth has been somewhat slower than many expected.
2. An important factor behind this apparent reluctance to embrace cloud computing is uncertainty regarding regulatory compliance issues associated with activities in the cloud.
3. There is uncertainty as to the specific regulatory requirements applicable to the cloud.
4. In the cloud environment, location matters, especially from a legal standpoint.
5. Cloud computing contracts should include many data protection provisions, but cloud computing service providers may not agree to them.
6. The use of cloud services could sacrifice an entity’s ability to comply with several laws and regulations and could put sensitive data at risk.
THANK YOU