Security Architecture for Cloud Computing

Security Architecture for Cloud Computing

Robin Singh Bhadoria (Indian Institute of Technology Indore, India)
DOI: 10.4018/978-1-5225-5634-3.ch038

Abstract

Clouds need to address three security issues: confidentiality, integrity, and availability. Security architecture for cloud computing is designed based on the functional architecture. The approach is to enhance the components of a functional architecture with additional components providing various security services. This is an extension of SaaS concept to have several security components that are common to all application and services. Various cloud security issues are discussed in this chapter.
Chapter Preview
Top

Introduction

The of data can be problematic because of a number of ways it can be achieved since Cloud computing relies on security supported by any Cloud service Provider. As Cloud computing is constantly evolving, new threats are surfacing. An enterprise-wide understanding of the responsibilities, threats and risks should be created to take adequate security measures, establish security organization and instil the security culture. The cloud service provider’s (CSP) interface provides access to the logical endpoints, including the security manager, service manager and the service catalog. These endpoints provide various services to interact with service entities such as VMs, volumes, networks, and composite applications, get audit reports and perform a host of other activities required to fulfil and maintain a cloud service requirement.

The two categories of actors interacting with the CSP interface are:

  • Users;

  • Application programs such as management, automatic provisioning, billing, or audit applications.

The user might also interact through a portal interface using a web browser. The portal interface will be developed using the cloud service provider interfaces. Both actors would be authenticated at the CSP interface by the security manager or present an identity token to the security manager. The following table summarizes the common authentication mechanisms used:

Table 1.
Authentication techniques
Traditional authentication“User name” and “Password”
Application programCertificates or Kerberos tickets
Stronger mechanisms“Identity Federation” and “assertion provisioning”
Cloud userAuthentication tokens

However, it is deemed insecure to embed user names and passwords in application programs. In this case tokenized identity can be profitably used to provide a higher standard of security.

In case of cloud user appropriate mechanisms may vary in different environments. Trust relationships may be employed to strengthen the authentication and authorization mechanisms. There should be clear business leadership for infrastructure and technology services to set priorities, approve plans, agree investments and monitor progress, as well as to lead the introduction and awareness of new IT infrastructure technology with a specific emphasis on information or data security into cloud services (The ISO 17799 Information Security Portal, 2014).

The Alliance of Cloud Security, a group of industry which promotes the cloud computing security best practices and standards, identified total seven areas of security risk. Five of them directly focus on protecting data and platform i.e.

  • 1.

    Unauthorized and nefarious use of cloud services;

  • 2.

    Multitenancy and shared technology issues;

  • 3.

    Data loss;

  • 4.

    Account hijacks;

  • 5.

    Unknown risk.

Complete Chapter List

Search this Book:
Reset