Revision as of 16:29, 12 March 2025 edit Dimitrie569 (talk \| contribs) Extended confirmed users 666 edits mNo edit summary Tags: Visual edit Mobile edit Mobile web edit Advanced mobile edit ← Previous edit		Revision as of 08:13, 17 March 2025 edit undo 2402:8100:206c:8c39:f2a7:67f2:cbc4:4054 (talk) →Security issues associated with the cloud Tags: Reverted Mobile edit Mobile web edit Next edit →
Line 6: ==Security issues associated with the cloud== [[Cloud computing]] and storage provide users with the capabilities to store and process their data in third-party [[data center]]s.<ref name="cloudid">{{cite journal \|last1=Haghighat \|first1=Mohammad \|last2=Zonouz \|first2=Saman \|last3=Abdel-Mottaleb \|first3=Mohamed \|title=CloudID: Trustworthy ~~cloud-based and~~cand cross-enterprise biometric identification \|journal=Expert Systems with Applications \|date=November 2015 \|volume=42 \|issue=21 \|pages=7905–7916 \|doi=10.1016/j.eswa.2015.06.025 \|s2cid=30476498 }}</ref> Organizations use the cloud in a variety of different service models (with acronyms such as [[Software as a service\|SaaS]], [[Platform as a service\|PaaS]], and [[Infrastructure as a service\|IaaS]]) and deployment models ([[Cloud computing#Private cloud\|private]], [[Cloud computing#Public\|public]], [[Cloud computing#Hybrid\|hybrid]], and [[community cloud\|community]]).<ref name="Srinivasan">{{cite book \|doi=10.1145/2345396.2345474 \|chapter=State-of-the-art cloud computing security taxonomies \|title=Proceedings of the International Conference on Advances in Computing, Communications and Informatics - ICACCI '12 \|year=2012 \|last1=Srinivasan \|first1=Madhan Kumar \|last2=Sarukesi \|first2=K. \|last3=Rodrigues \|first3=Paul \|last4=Manoj \|first4=M. Sai \|last5=Revathy \|first5=P. \|pages=470–476 \|isbn=978-1-4503-1196-0 \|s2cid=18507025 }}</ref> Security concerns associated with cloud computing are typically categorized in two ways: as security issues faced by cloud providers (organizations providing [[Software as a service\|software-]], [[Platform as a service\|platform-]], or [[Infrastructure as a service\|infrastructure-as-a-service]] via the cloud) and security issues faced by their customers (companies or organizations who host applications or store data on the cloud).<ref>{{cite news\|url=http://security.sys-con.com/node/1231725\|title=Swamp Computing a.k.a. Cloud Computing\|publisher=Web Security Journal\|date=2009-12-28\|access-date=2010-01-25\|archive-date=2019-08-31\|archive-url=https://web.archive.org/web/20190831163708/http://security.sys-con.com/node/1231725\|url-status=dead}}</ref> The responsibility is shared, however, and is often detailed in a cloud provider's "shared security responsibility model" or "shared responsibility model."<ref name="CSACloudCont4">{{cite web \|url=https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v4/ \|format=xlsx \|title=Cloud Controls Matrix v4 \|publisher=Cloud Security Alliance \|date=15 March 2021 \|access-date=21 May 2021}}</ref><ref name="AWSShared20">{{cite web \|url=https://docs.aws.amazon.com/whitepapers/latest/navigating-gdpr-compliance/shared-security-responsibility-model.html \|title=Shared Security Responsibility Model \|work=Navigating GDPR Compliance on AWS \|publisher=AWS \|date=December 2020 \|access-date=21 May 2021}}</ref><ref name="TozziAvoid20">{{cite web \|url=https://www.paloaltonetworks.com/blog/prisma-cloud/pitfalls-shared-responsibility-cloud-security/ \|title=Avoiding the Pitfalls of the Shared Responsibility Model for Cloud Security \|author=Tozzi, C. \|work=Pal Alto Blog \|publisher=Palo Alto Networks \|date=24 September 2020 \|access-date=21 May 2021}}</ref> The provider must ensure that their infrastructure is secure and that their clients’ data and applications are protected, while the user must take measures to fortify their application and use strong passwords and authentication measures.<ref name="AWSShared20" /><ref name="TozziAvoid20" />

Cloud computing security: Difference between revisions