Cloud Security Framework The Cloud Security Framework provides industry-wide details of security measures related to cloud environments. As with any security framework, there are multiple controls, including guidelines. The present work also proposes a security framework for end-to-end security in cloud computing.
Cloud Security Framework for End-to-End security.
Client Level Security: This domain talks about various security techniques that can be applied on the client side to protect from multiple attacks like SQL injection, XSS, broken authentication, etc. Proprietary-based APIs should be minimized, and open standard-based APIs or browsers should be used to access cloud data. Each input from the user should be validated and verified before submitting it to the server.
Client Level Security
- Open API
- SSH/RDP
- Input Validation
Read More: Cloud Deployment Models
Monitoring: This domain talks about maintaining logs and keeping checks that could be used for auditing and helping investigate any failure. This can be achieved by end-to-end monitoring, server and network monitoring, transaction monitoring, application monitoring, event log monitoring, etc.
MonitoringÂ
- Logging
- alert System
- Reporting
Read More: Cloud Deployment Models
Transmission Medium security: This domain looks into the question: If data is secure on the server and client-side but is leaked or tampered with before delivery on either side, is data security during transmission? Recently we can find a lot of incidences in which man-in-middle attacks or similar attacks breach data. Data security during transmission can be ensured with any preventive techniques available. We can choose a combination of many processes per need and feasibility.
Transmission Medium security
- VPN TLS
- SSL/TLS
- IPSec
Read More: Cloud Deployment Models
Data Security and Storage Security: This domain explains the security of data stored on servers, from data generation to usage and, after use, proper disposal of data. The data should be intelligent enough, so if any unauthorized entity discloses it, it should be meaningless.
There should be a proper disposal mechanism to dispose of the data because that data may contain critical information and may cause risk if reached to the wrong person. Special attention must be on the garbage disposal from the virtual image location.
Data Security and Storage Security
- Encryption
- Key Management
- DRP (Disaster Recovery Plan)
- Garbage Management
- Digital Signature
- Data Masking
Read More: Cloud Deployment Models
Identity and Access Management (IAM):Â This improves operational efficiency and regulatory compliance management by managing Authentication, Authorization, and Accountability services. Few experts suggested IAM as a Service as a new service model to achieve greater security and privacy goals in cloud computing. It provides convenience to retrieve, manage, update and query for any information.
It should ensure that the users have reliable, fast, cost-effective access to resources and secure information retrieval. There should be automatic identity provisioning at the time when a new customer is going to avail of the services. Automated provisioning, authentication, and authorization are the primary security concern. We can solve this problem using various solutions such as single sign-on, federated identity, access control list, directory-based service, and access based on attributes. Â
Identity and Access Management (IAM)
- SSO
- ACL
- Authorization
- Federated identity
- Directory Services
- Attribute
Read More: Cloud Deployment Models
Virtual images Security: This domain discusses the security and integrity of virtual images. Virtual images contain user data, so they should be considered critical assets and protection to safeguard these virtual images. All the pictures are created on the server, and an attacker or malicious code can exploit these images. Cloud allows attackers to create negative impressions.
Virtual images Security
- Image Encryption
- Registry Security
- Blind authentication protocol
- Provenance tracking
Read More: Cloud Deployment Models
Network and Perimeter Security: This domain talks about the logical security of routers, switches, other devices, and locations where the data or virtual images are stored in the data center by configuring effectively. We can deploy the AAA (Authentication, Authorization, and Accountability) servers for strong authentication.
Network and Perimeter Security
- IDS
- IPS
- Firewall
Read More: Cloud Deployment Models
Physical Security: This domain addresses the security of physical assets like data centers, servers, storage devices, power supplies, network devices, and other components that help smooth cloud services.
Physical Security
- CCTV
- Access Log Register
- Data Center
Read More: Cloud Deployment Models
Cloud Security deployment model
Many cloud security deployment rules are available and customizable to meet your organization’s needs. Users move to the cloud for various reasons, including regulatory compliance, improved security, or aging hardware. Cloud computing is the demanding availability of computer system resources without direct active management by the user. Instead, the distribution of said resources is available through the Internet, making cloud computing a popular service that various industries use to manage and manage work tasks.
Deployment Model
- Hybrid
- Private
- Public
Cloud Security Objectives
- Privacy
- Trust
- Interoperability
- CIA
- Transparency
- Open Standard
- Self-Managed Security services
Read More: Cloud Deployment Models