Ways to reduce security breaches in cloud computing, Slides of Information Security and Markup Languages

this includes cloud concern for security,security breaches and its Ways to reduce security breaches in cloud computing

Typology: Slides

2019/2020

Uploaded on 03/24/2020

saniksha-murria
saniksha-murria 🇮🇳

3 documents

1 / 20

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
PRESENTATION
ON
WAYS TO REDUCE CLOUD
SECURITY BREACHES
Submitted by
Saniksha Murria
CTIMIT
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14

Partial preview of the text

Download Ways to reduce security breaches in cloud computing and more Slides Information Security and Markup Languages in PDF only on Docsity!

PRESENTATION

ON

WAYS TO REDUCE CLOUD

SECURITY BREACHES

Submitted by

Saniksha Murria

CTIMIT

Cloud Concern

Cloud computing has opened up a whole new world of opportunities to the small and medium enterprises allows the users to collaborate with others to fulfill their IT requirements in a cost effective way. However, the security of the cloud is a huge concern for the majority of the organizations. With all the security risks, threats and breaches, not just the stored data but even the cloud based applications require comprehensive security management.

Causes of Security Breach

1. Weak and Stolen Credentials, a.k.a. Passwords  (^) Attacks may well be the most common cause of a security breach but it is often a weak or lost password that is the vulnerability that is being exploited by the opportunist hacker. 2. Back Doors, Application Vulnerabilities  (^) Hackers love to exploit software applications which are poorly written or network systems which are poorly designed or implemented, they leave holes that they can crawl straight through to get your personal information. 3. Malware  (^) The use of both direct and in-direct Malware is on the rise. Malware is, by definition, malicious software: software loaded without intention that opens up access for a hacker to exploit a system and potentially other connected systems. 4. Social Engineering  (^) As a hacker, why go to the hassle of creating your own access point to exploit when you can persuade others with a more legitimate claim to the much sought after data.

Causes of Security Breach

5. Too Many Permissions  (^) Overly complex access permissions are a gift to a hacker. Businesses that don’t keep a tight rein on who has access to what within their organisation are likely to have either given the wrong permissions to the wrong people or have left out of date permissions around for a smiling hacker to exploit! 6. Insider Threats  (^) The phrase “keep your friends close and your enemies closer” could not be any more relevant. The rogue employee, the disgruntled contractor or simply those not bright enough to know better have already been given permission to access your data; what’s stopping them copying, altering or stealing it.

Examples of Security Breaches in Cloud

 Verizon- Nice Systems, which is a 3rd party

vendor working for Verizon, committed a configuration blunder on an AWS S3 bucket which exposed names, addresses, account details, and pin numbers of millions of US- based Verizon customers. This incident also highlighted the fact that how alarming is the storage of sensitive info on 3rd party vendor.

Examples of Security Breaches in Cloud  (^) Booz Allen Hamilton- In this year, technology consulting firm Booz Allen hired UpGuard to carry out security assessment on both its internal and external computer systems. To our surprise, the assessment discovered that 60,000 files were on a public access on AWS S3 bucket owned by an intelligence and defense contract of Booz Allen. The cache is said to have exposed 28GB of data and this includes credentials of senior engineers, passwords of US Government systems, and over half a dozen of files containing unencrypted passwords of government contractors holding top Secret Facility Clearance.

1. Authenticate the people who have
access to the network:

 (^) Your data on the cloud is safe as you keep it. If you give your network access to everyone, you are going to end up compromising your data security. It is wiser to authenticate the person whom you are giving access to your cloud database.  (^) A proper authentication of each of the users will not only help you keep a tab on the access log for each user but also reduce the chances of unauthorized access. Whether you run cloud- based free VAT software or a premium accounting application, such authentication can save you from several security breaches.

2. Frame user-specific access

permissions

 There’s no need to give an all-

access pass to the database to

everyone in the organization. While

issuing the network access to each of

the individuals frame their access

permission as per their job role. This

may just help you reduce the data

breach.

4. Keep a log of all the unusual

activities

 Install an intruder-detection

technology which will notify you

every time there is suspicious

activity in progress. This may help

you prevent the security breach then

and there while acknowledging the

source of the breach.

5. Streamline the permission

requesting process

 In order to make sure whether you

are sharing the system with a third

party or you have given the access

to the members of the organizations

only, a streamlined requesting

process will help you maintain a safe

and secure network. In fact, you

should include the permission to

upload data to the cloud in this

streamlining process.

7. Monitor the user activities and
analyze them for unexpected behavior

 Keeping an eye on the activities of

the users can help you prevent the

security breach to a great extent.

Just monitor all the unexpected

activities that are done by the

members and follow them up

regarding the issue.

Shared Responsibility Model  (^) The main areas that an on-premises solution manages include: application, data, runtime, middleware, O/S, virtualization, servers, storage and network. Essentially these are only responsible for all aspects of operating, maintaining, and securing the solution.