Monday, March 4, 2019
Cyber Security Policies in the Private and Public Sector
Cyber Security Policies in the Private and Public Sector Cyber Security Vulnerabilities and Associated Threats of defame-Computing 16-03-2013 Cloud computing is a technology through which the information swear out argon provided on demand basis. It is like serve well oriented architecture. End-users admission price the go through the demoralize as per the requirement. The cloud term basic solelyy refers internet, so services be provided through profits. Cloud computing reduces the total approach of graveling the application.The applications be developed by the third smart set and the users remunerate per service to the third exposey for access codeing the service. But there atomic number 18 lots of pledge es shows associated with the cloud-computing. These relates to the data loneliness, new(prenominal)wise vulnerabilities and associated threats. These vulnerabilities and the associated threats volition be discussed in this paper. in effect(p) Policies and proc edures depart too be defined in this paper which will assistance in managing the estimated take chances of the threats. Cyber Security Vulnerabilities and Associated Threats of Cloud-Computing Cloud-ComputingThe information technology is growing these years and the managers be trying to reduce the total greet of development of the services using various path due to a number of task undercoats. Cloud-computing is a technique which helps the management in reducing the total cost of development. The indispensable resources are configured in a cloud and the users access these services through the cloud. In case of in-house development, the complete process is through with(p) inside the comp either premises and using the resources of the organization. So the organization has to net profit for the complete resource to the vendor even if full service is not required.The license to use the product is also very costly. The organization has to pay for the complete product even if a part of the service is required. In the case of cloud computing, the users take away not to pay for the entire service or product, he will pay only for the part of the service. For example, a service is created for user-id creation and as most of the organization needs this policy, so this policy is created and configured in the dual-lane pool of resources. Now the variant organizations base access the service as per their use. This helps in overall lessening of the total cost of accessing the service.These resources are configured in a shared out pool of resources. These shared resources include the innkeepers, storage, networks, services, etc. Cloud computing has near forms and these forms are mainly as described here Software as a Service, Platform as a Service, and alkali as a service. This technology has m any(prenominal) advantages but it has some disadvantages too. As discussed above, that the services are provided by a third party vendor, so the responsibilit y to provide support and maintenance is also fathern care by the third party service provider.When a company access the service using cloud-computing, the crucial business data resides in remote servers provided by the third party so there are lot of put on the line relate to data privacy and confidentiality. The interrogation related to analyzing the vulnerabilities and associated threats is way out on and suitable natural processs are being taken to defy the risk level. Cyber Security Vulnerabilities, Threats and Actions Vulnerabilities refer to the loop holes in the agreement or the flaws in the scheme. When an organization has decided to move on the cloud, and then(prenominal) it should also consider the associated vulnerabilities and the threats.Some of the major vulnerabilities are discussed below Session Hijacking It means that the cloud or the required service is hacked by the hackers using a valid session mark. This key is employ to gain the unauthorized acces s on the critical resources of the organization. Once hacked, the hackers basin have the complete access on the establishments, and they can perform any malicious activity they necessitate to do, to hit the company resources. If victorian and effective earnest measures are not followed in the infrastructure then it may cause a ponderous business loss in terms of financial terms as well as the reputation of the organization.Probability of Occurrence The probability of point of these display cases of flak is more often than not high. The former being is that the polishers keep on continuously scan the arrangement to find out the vulnerabilities in it. Once they gain the access, they honourable execute their jobs. powerful Policies & Procedures To mitigate this winning of risk, firewalls should be implemented in the system at the right places. Firewalls prevent unauthorized access of data. Rules and policies should be configured to shelter the session keys. To increase the awareness among employees, a proper training should be given to them.For example, session monitoring should be do to keep a check on the malicious activities. Virtual tool Access In this technology, the servers uses same resources like operating system, business applications, etc which are utilise by the virtual machines & other servers. If the attacker is successful in to gaining the unauthorized access to any of these system resources, then the whole system can be compromised easily. If other virtual machines are also primed(p) in the same configuration zone then there is a high risk of compromising other virtual machines too.This may straight hit the operating system and the host server and hence all the services hosted by the server. Probability of Occurrence The probability of occurrence of these types of attack is also high. As the flaws in the software or hardware becomes the calm down cause of these types of attacks. The bugs or flaws in the software are identifie d at a later stage and regular updates or patches needs to be applied on the software. Effective Policies & Procedures The software should be regularly updated and patches should be applied on it.Hardware flaws should be filled up using various tools. An effective network configuration is very important to mitigate this type of attacks. Service Availability This is a major impuissance in cloud computing technology. No company can afford the unavailability of the required service. The company has to suffer from a huge business loss in case of downtime. The services offered by the cloud are not such(prenominal) reliable, any outage in the system may cause the services to founder working and hence the services will not be accessible. And this would be again responsible for a major loss to the company.Service Level Agreements (SLA) essential be well defined and signed by both the compound parties and the above mentioned issues should be discussed and taken care using the SLAs. Backu p plans should be carefully designed and implemented so that the risk level can be controlled. In case of any outage, lets enounce electricity outage, can be taken care by shift key to electricity generators or other back-up devices. Probability of Occurrence The probability of occurrence of these types of attack is generally low. This types of issues rarely occur in any organization.Service providers generally keep the backup resources so that the system working remains continuous. And in case of some issues, switches to the localise back-up resources can be easily through. Effective Policies & Procedures To mitigate this kind of risk, firewalls should be implemented in the system at the right places. Firewalls prevent unauthorized access of data. Rules and policies should be configured to protect the session keys. To increase the awareness among employees, a Cryptography Flaws This flaw refers to the weakness in the cryptography techniques implemented in the cloud based system .Hackers can easily decode the encoding mechanism used in the system if there are some security gaps, for example if the key used in the encryption mechanism is not situate and strong lavish then the attacker can easily gain the access to the key and hence they can easily decode the encrypted message to the original textual matter form. Probability of Occurrence The probability of occurrence of these types of attack is generally medium. The tenability being is that most of the times, attackers could not find out the key used to encrypt the data or it is difficult to decode the encoded data.Effective Policies & Procedures To mitigate this kind of risk, strong cryptography techniques should be used. Ethical hacking can be done intentionally just to psychometric test the security level of the complete system. This test will help in analyzing the security gaps in the system and then these loop holes can be filled with effective security procedures. info Privacy When the data resid es in third party servers, then this risk of data privacy always persists. As the crucial data is handled and managed by the third party, so there are high chances of risks to data privacy and confidentiality.Basically an agreement is signed-off amid the parties for accessing the services. It should also include the issues related to maintaining privacy of data. intend the contract gets complete, now what would happen to the data which is stored in the third part servers? Probability of Occurrence The probability of occurrence of these types of attack is generally high. The reason being is that the data is always accessible to the service provider. Service providers take care of the support and maintenance of the data too. This risk is generally high.Research is going on so that this issue can be sort out. Effective Policies & Procedures These kinds of issues should be openly discussed with the service provider before signing any agreement. Vendors Technique As the technology is g rowing, there are lots of vendors coming up in this industry. Sometimes these vendors are untested and they follow the platform specific techniques which cause trouble in migrating to the novel service or integrating with other services. The developed technology will be of no use if it cannot be updated or integrated with other services as per the requirement.Probability of Occurrence The probability of occurrence of these types of attack is generally medium, as it varies with the knowledge and experience of the service provider. Effective Policies & Procedures Proper research should be done before finalizing the right vendor. The initial requirements should be crystal clear so that both the parties should understand what actually needs to be done. There should not be any communication gap between both the parties so that in case of some issues, the right action can be taken immediately to fill the gaps.Dependency on Internet As discussed above, the services are accessed through a cloud of shared resources. This cloud refers to internet. So in other word we can say that the services are accessed through the internet which means that the services are highly dependent on internet. Suppose internet goes down then the client will not be able to access the required services. Probability of Occurrence The probability of occurrence of these types of attack is generally low. The reason is that backup plans are ready for the service in case of some emergency.As the service provider also realizes the importance of internet so overflowing resources are used so that the system does not suffer from any kind of outages. Effective Policies & Procedures To mitigate this kind of risk, backup plans should be ready and available all the time so that if at any time, the system disrupts, the backup plans can be used so that the functioning of the system does not affect in any way. There are other important security threats too which are associated with cyber-security. These ar e discussed below self-discipline of Service (DOS) Attack Denial of Service attacks are also cognise as DOS attacks.Due to these attacks, the legitimate requests of the end users are not completed due to heavy loading of the host server caused by the player calls. Attackers may hit the routers or over flood the host server using the fake calls and this prevents the legitimate calls to execute. This may cause the complete perturbation in the system. Appropriate rules and filters should be configured in the firewall to mitigate the risk associated with these attacks. Customer Satisfaction Customer satisfaction increases with the writ of execution of the above mentioned policies and procedures.The implementation basically helps in the availability of the service in a secure environment. And nodes would be happy to gain access to the required service whenever they need and as per their requirement and that too in a secure environment. thereof we can say that the implementation of the above mentioned policies and procedures helps in increasing the customers satisfaction level. Conclusion In this research paper, various security vulnerabilities and the associated threats related to cloud computing are discussed.Cloud computing really helps in reducing the overall cost of accessing a service. But the security risk associated with this technology cannot be ignored. Proper security measures should be implemented in the system. Secure protocols should be designed and configured so that a sleep can be achieved between the cost and the security level. References 1. Blaisdell, R. (2011, February 24). How Much enkindle You Save On Your Cloud Computing Implementation? Retrieved from Ezinearticles. com http//ezinearticles. com/? How-Much-Can-You-Save-On-Your-Cloud-Computing-Implementation? ampid=5989672 2. European Network and Information Security Agency. (2009). Cloud Computing Benefits, risks and recommendations for information assurance. Heraklion European Networ k and Information Security Agency. 3. Mell, P. , & Grance, T. (2011, September). The NIST Definition of Cloud Computing. Retrieved from US incision of Commerce National Institute of Standards and Technology, Special Publication 800-145 http//csrc. nist. gov/publications/nistpubs/800-145/SP800-145. pdf 4. Meiko Jensen ,Jorg Sehwenk et al. , On skilful Security, Issues in cloud
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment