Content deleted Content added
m Removed unnecessary nowiki from URL to improve accessibility, also moved persistent IDs to proper template. (via WP:JWB) |
Jerry Biggle (talk | contribs) No edit summary |
||
Line 6:
==Security issues associated with the cloud==
Cloud [[computing]] and storage provide users with the capabilities to store and process their data in third-party [[data center]]s.<ref name="cloudid">{{cite journal |last1=Haghighat |first1=Mohammad |last2=Zonouz |first2=Saman |last3=Abdel-Mottaleb |first3=Mohamed |title=CloudID: Trustworthy cloud-based and cross-enterprise biometric identification |journal=Expert Systems with Applications |date=November 2015 |volume=42 |issue=21 |pages=7905–7916 |doi=10.1016/j.eswa.2015.06.025 }}</ref> Organizations use the cloud in a variety of different service models (with acronyms such as [[SaaS]], [[PaaS]], and [[IaaS]]) and deployment models ([[Cloud computing#Private cloud|private]], [[Cloud computing#Public|public]], [[Cloud computing#Hybrid|hybrid]], and [[community cloud|community]]).<ref name="Srinivasan">{{cite book |doi=10.1145/2345396.2345474 |chapter=State-of-the-art cloud computing security taxonomies |title=Proceedings of the International Conference on Advances in Computing, Communications and Informatics - ICACCI '12 |year=2012 |last1=Srinivasan |first1=Madhan Kumar |last2=Sarukesi |first2=K. |last3=Rodrigues |first3=Paul |last4=Manoj |first4=M. Sai |last5=Revathy |first5=P. |pages=470–476 |isbn=978-1-4503-1196-0 |s2cid=18507025 }}</ref>
Security concerns associated with cloud computing are typically categorized in two ways: as security issues faced by cloud providers (organizations providing [[Software as a service|software-]], [[Platform as a service|platform-]], or [[Infrastructure as a service|infrastructure-as-a-service]] via the cloud) and security issues faced by their customers (companies or organizations who host applications or store data on the cloud).<ref>{{cite news|url=http://security.sys-con.com/node/1231725|title=Swamp Computing a.k.a. Cloud Computing|publisher=Web Security Journal|date=2009-12-28|access-date=2010-01-25}}</ref> The responsibility is shared, however, and is often detailed in a cloud provider's "shared security responsibility model" or "shared responsibility model."<ref name="CSACloudCont4">{{cite web |url=https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v4/ |format=xlsx |title=Cloud Controls Matrix v4 |publisher=Cloud Security Alliance |date=15 March 2021 |access-date=21 May 2021}}</ref><ref name="AWSShared20">{{cite web |url=https://docs.aws.amazon.com/whitepapers/latest/navigating-gdpr-compliance/shared-security-responsibility-model.html |title=Shared Security Responsibility Model |work=Navigating GDPR Compliance on AWS |publisher=AWS |date=December 2020 |access-date=21 May 2021}}</ref><ref name="TozziAvoid20">{{cite web |url=https://www.paloaltonetworks.com/blog/prisma-cloud/pitfalls-shared-responsibility-cloud-security/ |title=Avoiding the Pitfalls of the Shared Responsibility Model for Cloud Security |author=Tozzi, C. |work=Pal Alto Blog |publisher=Palo Alto Networks |date=24 September 2020 |access-date=21 May 2021}}</ref> The provider must ensure that their infrastructure is secure and that their clients’ data and applications are protected, while the user must take measures to fortify their application and use strong passwords and authentication measures.<ref name="AWSShared20" /><ref name="TozziAvoid20" />
Line 24:
;Preventive controls
:The main objective of preventive controls is to strengthen the system against incidents, generally by reducing if not actually eliminating vulnerabilities, as well as preventing unauthorized intruders from accessing or entering the system.<ref>Virtue, T., & Rainey, J. (2015). Preventative Control - an overview | ScienceDirect Topics. Retrieved October 13, 2021, from https://www.sciencedirect.com/topics/computer-science/preventative-control</ref> This could be achieved by either ''adding'' software or feature implementations (such as firewall protection, endpoint protection, and multi-factor authentication), or ''removing'' unneeded functionalities so that the attack surface is minimized (as in [[unikernel]] applications). Additionally, educating individuals through security awareness training and exercises is included in such controls due to
;Detective controls
Line 146:
=== Fully homomorphic encryption (FHE) ===
[[Fully homomorphic encryption|Fully Homomorphic Encryption]] is a cryptosystem that supports arbitrary computation on ciphertext and also allows computing sum and product for the encrypted data without decryption. Another interesting feature of Fully Homomorphic Encryption or FHE for short is that it allows operations to be executed without the need
=== Searchable encryption (SE) ===
| |||