• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
The Customize Windows > Computer and Internet > Cloud Computing > Technical Aspects of Data Security in the Cloud

By Abhishek Ghosh November 7, 2013 4:33 am Updated on November 7, 2013

Technical Aspects of Data Security in the Cloud

Advertisement

Technical aspects of data security in the cloud is one of the main reason why the companies or the end users thinks to be in the cloud. Here is a discussion.
Cloud computing is no longer just a buzzword, over the years cloud computing has established itself as a serious technology as alternative resource for infrastructure, platforms and applications. Cloud computing now offers own cloud based unique solutions for certain services. The end-users, for example, have the opportunity to outsource the data stored locally to export to the cloud and for getting this advantage, an Internet connection from anywhere is enough. But that is not the only advantage cloud computing provides. Especially the small and medium sized companies can react with the provided technology flexibly to new IT requirements. In addition to the outsourcing of the data, it is possible to combine cloud services and own data center to operate on the market. Through the sharing of resources, there is customer cost savings and quality benefits through the usage of the available standardized services on the market.

The cloud service provider (CSP) benefited from the sharing of resources and the improved utilization of their system, but this poses dangers. Regardless of whether it is an infrastructure, a platform or an application, all providers have to overcome major challenge to the end user. On the one hand, having the standards and certifications did help to both the cloud service provider (CSP) to make sure systems are at par with the standards available, as well as help the user to distinguish from non-legitimate cloud service providers.

The data security must be guaranteed for all data in the first place. In addition to the availability of systems and data integrity thus includes the confidential handling of data stored in the cloud. Therefore, the cloud service provider (CSP) must make extensive technical security measures.

Table of Contents

  • 1 Introduction
  • 2 Problems and Objectives
  • 3 Legislature and Standards
  • 4 Planning Model
  • 5 Authentication and Encryption

Go To Top of This Article

 

Technical Aspects of Data Security in the Cloud : Problems and Objectives

 

The supposedly inadequate security of cloud service provider (CSP) coupled with the uncertainty of the end users about data security shuns many clients to outsource company’s internal or personal data in the cloud. This barrier is thus confirmed by various third party driven statistics. The security survey covering over 1200 stated as the biggest obstacle is the risks of a cloud environment. This setting is quite understandable, since it is a very complex structure with a comprehensive cloud solution. Such an extensive system poses many potential sources of error and this results in a large attacking platform for the hackers. Therefore, the security of data is of vital importance for the cloud service provider (CSP), because if there is a point of leak of data, the acceptance of the customer is quickly depleted.
The ultimate goal of this article is to minimize the barriers in terms of data security by the technical safety related components are described. This is the acceptance of the end user a security risk can be reduced Compared to a cloud solution implemented without having any taken measures. It therefore addresses the role of the legislature, which resolves the legal requirements on technology and guidelines for dealing with standardizations and certifications.

 

Technical Aspects of Data Security in the Cloud : Legislature and Standards

 

Data security is the property of a functionally reliable system to accept only those states which system do not lead to unauthorized access to system resources and data. Based on this definition and using the ISO 27001 defined protection goals of confidentiality, integrity and availability of data, the security of a system is maintained. Accordingly, the provider of a system has to take care to make all the necessary measures to provide a functioning system available to the end user. Primarily the measures are to protect the system from unauthorized access. Unauthorized access could lead to the manipulation or even deleting existing data. Two important standards for any cloud service provider (CSP) are ISO 27001 and ISO 27002. These standards define the IT Baseline Protection and monitoring guidelines. However,  these are not specifically developed for the cloud standards, but only for general IT policies.

Go To Top of This Article

Advertisement

---

 

Technical Aspects of Data Security in the Cloud : Planning Model

 

If the security of a web application is considered, this assessment will almost always take place with regard to a faulty or correct programming and configuration. Even if this view is correct, this level is (the implementation level) only one of several aspects that should be considered. In order to assess a web application as fully safe, it is essential to consider all levels and to set a focus on perhaps the adverse interaction between the individual levels. The Web Application Security can be divided into 6 sections. Even if a classification to exactly one level is not always possible, this model can be very helpful in understanding the subject matter and the organization of the management of web application security.

 

Level 0 – Network and host

Although the Web Application Security is of course also dependent on the security of network, hardware and host, this level is not directly allocated to this area of ??security. The security in this plane is nowadays taken granted and is firmly anchored in the security of business processes.

Level 1 – System Level

Level 1 contains all the software components, which requires a web application to be run. This includes servers such as application servers and Web servers and databases involved as back-end systems. In order to assess the safety of a Web application, it is important to involve all components involved in the consideration. If the database is accessed via an insecure channel, it is exposed to manipulations from the web and therefore represents a target for the hackers.

Level 2 – Technology

This area includes the technologies those are used to protect an application. When a web application, for example, transmits sensitive information unencrypted over the Internet, the right technology is not used for transmission. If the Web application, transmits the data in encrypted form in this example, but uses smaller number of encryption key, the right technology is used but it is used incorrectly.
The first example shows the fact that the application is unacceptable to spying attempts on the transmission completely unprotected, in the second example, there is the danger of attacks using a cracking method. Thus, both applications are not secure, although no security vulnerabilities are included in the program code.

Level 3 – Implementation

This level is the one with the most obvious reference to web application security. In the implementation at the level of programming, errors can occur, which can lead to security problems. In addition, errors can occur when testing an application. This testing can be a one-sided approach or the neglect of quality assurance in order to save costs or to meet deadlines.

Level 4 – Logic

Level 4 is devoted to the logic of the processes within the application. These are mainly the application and business logic and the interaction with the user. If this was implemented in a “purpose-oriented” way, a vulnerability is given by the fact that too little has been honored as the application could be used differently than intended. For example, to disable an user after the fifth failed login attempt, is an easy way for an attacker to selectively lock out certain users. This is facilitated by easy-to-guess user IDs, such as the e-mail address.

Level 5 – Semantics

The semantic level concerns the communication content and related aspects. It establishes the trust context for the interaction of the application with the user. In this area, the approach is very difficult to limit to a single application. The rules and guidelines in this area rather affect entire sites or even across companies. If errors occur at the semantic level, for example, is to be expected following attacks: social engineering, phishing, identity theft, fraud, forgery, fraud, and the breaking up of data protection and the protection of privacy.

Level 6 – Rules and Regulations

At this level include all of the rules of the company, from third parties and any other legal requirements. These include compliance with the Privacy Policy or the obligations of liability issues. This level is treated as such with no questions about the IT security itself. Nevertheless, a disregard of regulations or policy breaches cause serious damage.

Go To Top of This Article

 

Technical Aspects of Data Security in the Cloud : Authentication and Encryption

 

Technical Aspects of Data Security in the Cloud

Latest authentication technologies for identity and access management strategy requires a good planning. Appropriate technologies and products must be tested. In this previous article, we have discussed about the latest authentication technologies in terms of encryption, access control, biometrics and authentication.

Tagged With article on security system on technical aspects , aspects of data srcurity in cloud

This Article Has Been Shared 3053 Times!

Facebook Twitter Google+ Pinterest
Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Orthopaedic Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to Technical Aspects of Data Security in the Cloud

  • Installing CakePHP on Rackspace Cloud Sites

    Installing CakePHP on Rackspace Cloud Sites is quite easy if you know the method. Please carefully note we are talking that about Cloud sites not Cloud Servers.

  • Cloud Computing XaaS : Approaches and Possibilities

    Cloud Computing XaaS is an approach towards everything to provide as a service to make available and consume like we use electricity.Read the important aspects.

  • Cloud Computing : What Really Matters

    Cloud Computing and migration of IT into the cloud replace capital costs (capex) by operating costs (Opex). But, does Cloud Computing makes IT operations cheap?

  • Easy Guide to Use Git : For Heroku Cloud, GitHub or Anything

    Easy Guide to Use Git shows how easily a Git repository can be created, modified or changed, So that you can use excellent Free PaaS like Heroku Cloud easily. Easy Guide to Use Git is intended for those you get scared with Git and commands and can not follow our huge guides on Heroku Cloud. We […]

  • Cloud Computing for SMBs

    Cloud Computing for SMBs can empower the full IT department avoiding the one time investment and recurring costs at the same quality like that of enterprise.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us



Subscribe To Our Free Newsletter

You can subscribe to our Free Once a Day, Regular Newsletter by clicking the subscribe button below.

Click To Subscribe

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (15K Followers)
  • Twitter (4.4k Followers)
  • Facebook (5.2k Followers)
  • LinkedIn (3.3k Followers)
  • YouTube (1.5k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • 6 Tips for Securing Your Data from Cyber Attacks as a Remote Worker December 11, 2019
  • What is Process Mining? December 10, 2019
  • Explanation of the ESP32 Vulnerability Warnings December 6, 2019
  • OLTP versus OLAP December 4, 2019
  • What is OLTP (Online Transaction Processing)? December 3, 2019

About This Article

Title: Technical Aspects of Data Security in the Cloud
2013-11-07

Author: Abhishek Ghosh
Subjects: Cloud Computing

Is Part Of:


TheCustomizeWindows,

Thursday, November 7th, 2013,
Vol.1(01),
p.1–38033 [IoT Ready Journal]


Source:The Customize Windows
ISSN: 0019-5847 ;
E-ISSN: 0019-5847 ;
Publisher:
jima.in

Cite this article as: Abhishek Ghosh, "Technical Aspects of Data Security in the Cloud," in The Customize Windows, November 7, 2013, December 11, 2019, https://thecustomizewindows.com/2013/11/technical-aspects-of-data-security-in-the-cloud/.

This website uses cookies. If you do not want to allow us to use cookies and/or non-personalized Ads, kindly clear browser cookies after closing this webpage.

Read Cookie Policy.


PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

web analysis

Copyright © 2019 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy