Cloud computing, no longer just a buzzword, but it has established itself over the years as a serious technology for the provision of infrastructure, platforms and applications. Cloud computing cow offers industry specific cloud solution for certain services.
The end-users, for example, have the opportunity to outsource the data previously stored locally in the cloud and the advantage of this, a connection to the Internet can enable to access data from anywhere.
But that is not the only advantage provided by cloud computing. Especially small and medium-sized enterprises can use the technology flexibly for new IT requirements. In addition to the outsourcing of the data, it is possible to combine the cloud services from different providers. Through the sharing of resources, the arise for the customer cost savings and standardized quality of service added more advantages.
|Table of Contents|
Introduction to Technical Aspects of Data Security in the Cloud
The Cloud Service Provider (CSP) benefits from the sharing of resources and the improved utilization of their systems, but this provision also carries some risks. Regardless of whether it is an infrastructure, a platform or application, all providers have to overcome major challenges to safely provide their solution to the end user. On the one hand, standards and certifications help both the CSP as well as help the user to distinguish reputable CSP.
The data security must be guaranteed for all data in the first place. In addition to the availability of systems and data integrity also includes the confidential handling of the data stored in the cloud. The CSP must therefore make extensive technical security measures, which are described in this article.
Problems Related To The Technical Aspects of Data Security in the Cloud
The technical data security is one of the main reasons why companies or end users shun the path to the cloud. The supposedly insufficient security of CSP coupled with the uncertainty of the end users about data security shuns many clients to outsource company’s internal or personal data in the cloud.
This situation is quite understandable, since it is a very complex structure with an extensive cloud solution. Such a comprehensive system has many potential sources of error, and making it prone to the hackers. This is why the security of data is of vital importance for the CSPs, because if there is a data leak, the acceptance of the customer to the CSP will be quickly depleted. Thus, the CSP can also hedge by law, it must be straight when it comes to the security of personal data, subject to legislative requirements and guidelines. If these legal requirements are adhered to by the CSP on technical standards and technical implementation is done properly, only then the end user can expect to store the data in a safe place.
Objective of Technical Aspects of Data Security in the Cloud
The primary objective of this article is to show how to minimize the barriers in terms of data security by implementing the safety related technical components. In this article the technical aspects of data security in the cloud are described. This first basics on cloud computing and data security are presented. Then we will go in to the details at the individual sections of the technical aspects. Here, the application security and data security are explained with its authentication and encryption methods in the first place. Cloud computing is clearly defined among the circle of users as two main models a private cloud model and a public cloud model. Third is the hybrid cloud model.
Data security is a functional property of a reliable system to accept only those system states which do not result in unauthorized access to system resources, and in particular the data. Based on this definition and using the ISO 27001 defined protection goals of confidentiality, integrity and availability, the data security of a system can be described in details. Accordingly, the provider of a system has to take care of all the necessary measures to provide a working system to the end user. These measures include primarily the protection of the system from unauthorized access. Unauthorized access could lead to the manipulation or even deletion of existing data.
Due to the confidentiality of data as property, unauthorized access should be prevented. The appropriate permissions and controls are used for certain users or user groups, so that the access is given to certain data exclusively with the assigned permissions. Permissions for the processing of such data must be assigned and revoked and controls which enforce compliance with these rights.
The mechanisms required and procedures to ensure the protection goal of data integrity belong to the domain of access control. A cryptographic checksum (such as one-way hash functions) can detect integrity violations and this thus prevent the fraud. If the data integrity no longer can be guaranteed in spite of safeguards, notification systems need to arise the alarm and report data inconsistency. The systems need to operate 24 hours a day, work reliably 7 days a week, 365 days a year and provide the end users of the resources provided are available.