Do some Internet research that focuses the security issues a

Do some Internet research that focuses the security issues associated with the selected cloud service category. Summarize the major security risks associated with the cloud service category and identify mechanisms that can be used to address these risks.

Solution

Security Issues in Cloud Computing:
....................................
Security in the cloud is achieved, in part, through third party controls and assurance much like in
traditional outsourcing arrangements. But since there is no common cloud computing security standard,
there are additional challenges associated with this. Many cloud vendors implement their own proprietary
standards and security technologies, and implement differing security models, which need to be evaluated
on their own merits. In a vendor cloud model, it is ultimately down to adopting customer organizations to
ensure that security in the cloud meets their own security polices through requirements gathering provider
risk assessments, due diligence, and assurance activities (CPNI Security Briefing, 2010).
Thus, the security challenges faced by organizations wishing to use cloud services are not radically
different from those dependent on their own in-house managed enterprises. The same internal and
external threats are present and require risk mitigation or risk acceptance. In the following, we examine
the information security challenges that adopting organizations will need to consider, either through
assurance activities on the vendor or public cloud providers or directly, through designing and
implementing security control in a privately owned cloud. In particular, we examine the following issues:
• The treats against information assets residing in cloud computing environments.
• The types of attackers and their capability of attacking the cloud.
• The security risks associated with the cloud, and where relevant considerations of attacks

Cloud Security Risks

Privileged user access:
Cloud providers generally have unlimited access to user
data, controls are needed to address the risk of privileged
user access leading to compromised customer data.
Data location and segregation:
Customers may not know where their data is being stored
and there may be a risk of data being stored alongside
other customers’ information.

Data disposal:Cloud data deletion and disposal is a risk, particularly
where hardware is dynamically issued to customers based
on their needs. The risk of data not being deleted from data
stores, backups and physical media during decommissioning
is enhanced within the cloud.

e-investigations and Protective monitoring:
The ability for cloud customers to invoke their own
electronic investigations procedures within the cloud can
be limited by the delivery model in use, and the access and
complexity of the cloud architecture. Customers cannot
effectively deploy monitoring systems on infrastructure
they do not own; they must rely on the systems in use by
the cloud service provider to support investigations.

Assuring cloud security:
Customers cannot easily assure the security of systems that
they do not directly control without using SLAs and
having the right to audit security controls within their
agreements.

Cloud computing threats and suggested defense mechanisms for these threats

Spoofing identity:Authentication
Protect secrets
Don’t store secrets

Tampering with data:
Authorization
Hashes
Message authentication codes
Digital signatures
Tamper-resistant protocols

Repudiation:
Digital signatures
Time-stamps
Audit trails

Information disclosure:
Authorization
Privacy-enhanced protocols
Encryption
Protect secrets
Don’t store secrets

Denial of Service (DoS):
Authentication
Authorization
Filtering
Throttling
Quality of service (QoS)

Elevation of privilege:
Run with least privilege