Is Cloud Security bothering you?

Cloud computing is one of the most emerging fields in Information Technology , reaching the point where significant and legitimate business functions are available.

The advantages of cloud computing are

1. Scalability – Easy to grow or reduce based on the demand
2. Service is instantly available when we need it. When we don’t need it we just need to turn it off.
3. Cost – Pay only for what we use.
4. Reduced hardware cost.

There are different types of Cloud service providers, they are

1. IaaS - Infrastructure as a service - provides network storage or hosts customer’s VM’s
2. Daas - Data as a Service - customers queries against providers database
3. Saas - Software as a service - Network hosted application
4. PaaS - Platform as a service - Network hosted software development platform
5. IPMaaS - Identity and Policy Management as a service-provider manages identity and access control policy of customer
6. NaaS - Provider offers Virtualized networks such as VPN

Some of the threats to cloud computing services are

1. Insider attack- The threat may arise from inside the service provider i.e. employees of the service provider. These customers will be the main target in this type of the threat. The service provider may not reveal to the customers about his employees access rights. There are chances that some employees with malicious intent may try to access, modify, delete or inject some malicious code into the data of the customers. To eliminate this kind of threat the service provider should keep a strict audit and monitoring system of their employees.

2. Misuse of cloud computing services- The cloud service providers promise their customers by giving good services, unlimited computing and network storage facilities and they follow a very weak registration process, wherein any customer can pay with their card details and start up the services. By this way many hackers, malicious code developers can enter the services and perform all kinds of malicious activities on the cloud with being noticed. They may use DOS attack, they may steal passwords, inject malicious codes. This type of threat can be prevented by following a stricter and strong registration process. A system which monitors the activity of the users must be in place.

3. Data loss- There are many ways for data loss. Loss of passwords for important documents may result in loss of valuable data. Modification or deletion of files without backup. Unauthorized entry of users may results in loss of severe data. The threat of data loss on cloud increases because of the architecture of the cloud. Data loss threat can be prevented by Make backups of important data, creating strong keys, create strong ACL, encrypt the data before transmitting.

4. Account Hijacking- Account hijacking is an old method to take over a user's accounts. These attacks take place when a user shares their credentials with others. Hence legitimate users can be denied services. The attack methods are social engineering, phishing mails, and other fraud. Cloud solutions add a new level of threat to this attack. If an attacker gets a user credential, he can monitor activities, transactions, change and modify data and credentials, and redirect others to illegitimate sites. The hacker can completely take over your account. This threat can be prevented by not sharing user credentials with anyone. Use a strong and multiple-factor authentication technique. Reset user credentials after a particular period. Monitor the system to detect suspicious activity, and understand the policies of the service provider.

5. Vulnerable interfaces and API’s- Cloud service customers are given a set of software interfaces or APIs so that they can use this to manage and interact with the cloud services. Management, monitoring, and provisioning are done using these interfaces. The security for these services is dependent only on the security of the APIs. The API security must be strong. These must be designed so they have strong authentication, access control and monitor the activities. The interfaces must be able to prevent malicious attacks. These type of threat can be prevented by designing strong APIs and interfaces, and implement strong authentication and access control policies.

6. Sharing of Service issues- In an Infrastructure as a service, the service is shared between many clients. The components that are used are actually not designed for multi clients and sharing use. To solve this problem a virtualization hypervisor is used which mediates the access between a guest operating system and the physical computer resource but there are a few flays in this hypervisors which allows the guest operating system to control over the underlying platform. To prevent this type of threat strong security practices should be followed while installation and configuration, monitoring should be done of unauthorized activity, customers should not be allowed to access other customers data. Regular audits should be conducted.

IAM Identity and Access Management provide the foundation for an effective security system by controlling users and giving them appropriate level of access rights based on their identity. IAM also helps in reducing administrative cost by automating many administrative functions and also allowing or denying access rights. It also helps in simplifying compliance audits.

Identity management requirements in cloud environment

• Web Access control
• Federated Identity/ On-Boarding
• Life cycle Management
• Privileged user Monitoring
• Security Governance, Risk Management and compliance

Access Management- People and their Access

Tivoli Access Manager for e-business

• Secures Web Applications
• Centralized authentication and authorization
• supports multiple user registries (LDAP)
• Web SSO (single sign-on) for heterogeneous web applications e.g. IBM Websphere, Microsoft, SAP,..etc
• Policy based access control
• Provides advanced security capabilities to address web vulnerabilities
• Auditing and Reporting capabilities
• Out of box solution to provide web security
• Centralized session management

Tivoli Federated Identity Manager (TFIM)

In an Cloud computing infrastructure, which involves in thousands of users constantly logging into their IT services TFIM’s authentication management helps in connecting users to services across different domains and automate user access rights.

Tivoli Identity Manager

It allows policy based user access provisioning from privileged users to end users of cloud computing services with auditing to ensure compliance

Tivoli Security Information and Event Manager (TSIEM)

It helps in inspection and audit a cloud providers logs and records. It helps in generating log files from network, applications, OS, and security technologies in an UI based platform.