On :August 11, 2017
- Do some Internet research to identify businesses who have suffered because of cloud security weaknesses or failures. What can companies who are contemplating cloud computing services learn from the negative experiences of these businesses? Most of us have been heard about the most cloud security failures in which all the cloud technology companies are continued to mature, they still suffer the same type of issues in-house infrastructure’s. Cloud computing has become a biggest market in today’s technology. In a report of 2016, analysts at Gartner predicted that transferring to cloud is going to affect $1 Trillion in Information technology in the next five years. Cloud services market has grown to an extent level that it was not a notable percentage of total it is spending, which was helping to generate new technologies and start-ups which are born in the cloud. When cloud services are going offline or software and websites will fail it can always results in huge business problems.
Verizon, Jan. 14:
A power outage on the Verizon data center which was mainly impacted by the Jet Blue Airways operations on January 14 on delaying all their flights and sending all the passengers back which leads into Reebok for the other schedules. Verizon was very calm in sending the exact reason for the issue outside that exactly which data center was affected by this. A New York based Jet Blue Airways wrote in their blog that airline has been experienced a lot network issues which was completely based on the Verizon data center power outage which was been impacted to many passengers and the staff.
Adobe’s Security Breach:
According to 2016 analytics adobe has no longer strange to clod services which are going awry. In October 2013 adobe has suffered a lot in security bleach, with the final figures which are suggesting as many as 38 million accounts had been compromised. It has been marked a wearied back turn for the company which originally claimed the attack only affected 3 million users. The attacked has mainly gained to get the accessed into Adobe ID’s which encrypts customer credit cards records, and the login data which is of a full range of adobe’s software was compromised. After this major attack, Adobe has made the seemingly positive gesture of offering a year worth of credit monitoring which was only to stumble into another PR disaster for all the affected customers. “It was revealed the monitoring was provided by Experian – a company that was still recovering from a security breach in which the company was tricked into selling consumer records directly to an online identity theft service.”
Knight capital is cloud based stock trading software. According to New York post, Knight capital on an incorrect and an automated software which was based on an incorrect algorithm which mainly costs a firm staggering $440 million in just forty-five minutes. New York post has been described it as Meltdown waiting to happen. The program software which was incorrectly has bought the stocks at the market price resulting in several billion dollars of unwanted positions, before selling the stocks at the bid price for less money. This Error has cleared 75 percent of the knight capital’s equity value, which was in the fallout from the incident Knight capital was fined $12 million by the securities and exchange commission. Eventually they had to sell their business to algorithmic trading company GETCO for a merge $3.75/ share.
2. Do some Internet research on security mechanisms associated with virtualization. How can virtualization be used by cloud service providers to protect subscriber data?
Virtualization majorly comes from different forms this was distinguished primarily by the layer in which the computing system to which virtualization is applied. All virtualization forms will have an entity called a hyper visor or virtual machine monitor (VMM). This is the major central unit which controls all the functions of the virtualization programs interact with beyond the layers. Application virtualization is the virtual implementation of the application programming interface which enables the programs to run on different platforms by providing them all the virtual API. Operation system virtualization is called as virtual implementation of an operating system where all the operating system programs where written for that operating system can run.
Hyper visors which are directly implemented on the hardware firmware or the computer firmware without any host operating that. Every instance system will run on the virtual hardware which is also called as the guest OS or virtual management. Hyper visors which always allocates resources in between the virtual managements.
Hyper visors which will run on a host operating system that will manage all the hardware resources. The hyper visor in the hosted virtualization will still manages the guest operating systems and virtual managements, except the hyper visor is treated as an application on the host operating system.
The new management layer which is an essentially a layer that was created by the hyper visor, therefore hyper visor will always manage all the virtual managements which are running on the physical machine. Concentration are characteristics which is a plethora of virtual management systems that will run on the same physical machine in which the same purpose of virtualization which was mainly used to fulfill the physical resource or hardware available. This issue was always directly related to the new management layer which was created by virtualization.The major important input according to that research will always leads to the constant stream of inquiries from Gartner clients. One of the major reasons which is important for an enterprise to access the risk of using the cloud-based services this will always remake the ultimate liability for the loss or exposure of customer information in the event of the security.
3. Choose one of the following cloud services categories: SaaS, IaaS, PaaS. Do some Internet research that focuses the security issues associated with the selected cloud service category. Summarize the major security risks associated with the cloud service category and identify mechanisms that can be used to address these risks.
Cloud computing networks which are more highly concentrated to the traditional network systems, in which the large part is always because of the virtualization technology which always allows a single server to hold to many virtual mechanic systems and potentially the data of multiple customers. “If a server that has been hacked holds 15 virtual machines, “now 15 machines are at risk rather than one at a time.”
Identity management in the cloud is immature:
Cloud providers by themselves are not always sophisticated about integrating their major platforms with the identity services which always return behind the enterprise firewall.Some of the third-party networks which allows the IT extended role based access controls into the cloud with the help of single sign on system (SSOS). Google always has an “Secure Data Connector” which will form an encrypted connection between the customer’s data and the google business applications, while in letting the customers to control which all the google employees can able to access google app resources. According to Wang sales force provides a similar tool. By this process customers will become unwieldy because all the major customers which are numerous to the SAAS applications which couldn’t find themselves dealing with many different security tools. Third party produces will at least offer the advantages of connecting to many types of SAAS applications.
“Managing identities and access control for enterprise applications remains one of the greatest challenges facing IT today,” according to research from the Cloud Security Alliance.
Cloud vendors will always argue that they are more experienced to secure data than a typical customer. SaaS security is always better than most people think. Some customers will always think that it’s hard to believe that SaaS vendors will always tend to be rather secretive about their security process. Many cloud service providers will always release many details about their data centers and operations. Always customer and technology analysts are really getting pissed up with all the un answered questions and hush- hush nondisclosure agreements.
Analysts in Gartner’s Burton Group recently accused Amazon CTO Werner Vogel’s of not being transparent enough about Amazon’s internal security practices. In general, the analyst firm says customers should assume the worst-case scenario in terms of security when a vendor is being secretive.