Before we discuss Cloud Security lets,take a step back and define what Cloud Computing is,to many it may seem like this;
But in all seriousness Cloud Computing is In science, cloud computing is a synonym for distributed computing over a network, and means the ability to run a program or application on many connected computers at the same time. The phrase also more commonly refers to network-based services, which appear to be provided by real server hardware, and are in fact served up by virtual hardware, simulated by software running on one or more real machines. Such virtual servers do not physically exist and can therefore be moved around and scaled up (or down) on the fly without affecting the end user – arguably, rather like a cloud.
In the same vein, then Cloud Security then can be defined as loud computing security (sometimes referred to simply as “cloud security”) is an evolving sub-domain of computer security, network security, and, more broadly, information security. It refers to a broad set of policies, technologies, and controls deployed to protect data, applications, and the associated infrastructure of cloud computing.
To discuss Cloud Security you have to look at a number of commonly used Security Models,namely Saas,Iaas and Paas.
Saas
Saas is a Security Model that stands for/short for Short for Software as a Service(webopedia), is a model a software delivery method that provides access to software and its functions remotely as a Web-based service. Software as a Service allows organizations to access business functionality at a cost typically less than paying for licensed applications since SaaS pricing is based on a monthly fee.
Paas
Paas is another Security Model that stand for/short for Platform as a Service(webopedia), PaaS is defined as a computing platform being delivered as a service. Here the platform is outsourced in place of a company or data center purchasing and managing their own hardware and software layers. Typically, PaaS facilitates deployment of applications, application development, testing, and also supports the building, testing and hosting of Web applications. PaaS enables IT to develop, test, deploy, host, and also update from a single streamlined environment. May also be referred to as cloudware.
Iaas
Iaas is short for/stands for Infrastructure as a Service, IaaS is defined as computer infrastructure, such as virtualization, being delivered as a service. IaaS is popular in the data center where software and servers are purchased as a fully outsourced service and usually billed on usage and how much of the resource is used – compared to the traditional method of buying software and servers outright. May also be called enterprise-level hosting platform.
The Conundrum is In most cases, the provider must ensure that their infrastructure is secure and that their clients’ data and applications are protected while the customer must ensure that the provider has taken the proper security measures to protect their information.
This is actually of greatest concern as see by Cloud computing has grabbed the spotlight at this year’s RSA Conference 2013 in San Francisco, with vendors aplenty hawking products and services that equip IT with controls to bring order to cloud chaos. But the first step is for organization to identify precisely where the greatest cloud-related threats lie.According to an article in inforworld the CSA has identified 9(not ten) cardinal points that are of greatest concern or threats to Cloud Security:
Data Loss
Data Breach
Service traffic hijacking
Insecure interfaces and APIs
Denial of Services
Malicious insiders
Cloud abuse
Insufficient due diligence
Shared technology
Sources:
- Mariana Carroll, Paula Kotzé, Alta van der Merwe (2012). “Securing Virtual and Cloud Environments”. In I. Ivanov et al. Cloud Computing and Services Science, Service Science: Research and Innovations in the Service Economy. Springer Science+Business Media. doi:10.1007/978-1-4614-2326-3.
- Webopedia.
- Infoworld
Information Technologi 