Cyber Security Policies in the Private and Public Sector

Cyber Security Policies in the Private and Public Sector Cyber Security Vulnerabilities and Associated Threats of Cloud-Computing 16-03-2013 Cloud computing is a technology through which the training values be provided on demand basis. It is like religious return oriented architecture. End-users access the helpings through the cloud as per the extremity. The cloud term essentially refers internet, so dos argon provided through Internet. Cloud computing reduces the total cost of accessing the application.The applications are developed by the third party and the users pay per service to the third party for accessing the service. But on that point are lots of security measure risks associated with the cloud-computing. These relates to the entropy privacy, former(a) vulnerabilities and associated threats. These vulnerabilities and the associated threats leave behind be discussed in this paper. Effective Policies and procedures will to a fault be defined in this paper which will help in managing the estimated risk of the threats. Cyber Security Vulnerabilities and Associated Threats of Cloud-Computing Cloud-ComputingThe information technology is growing these days and the managers are arduous to reduce the total cost of development of the services use various means due to a number of business reasons. Cloud-computing is a technique which helps the perplexity in reducing the total cost of development. The required resources are configured in a cloud and the users access these services through the cloud. In faux pas of in-house development, the complete process is done inside the comp all premises and using the resources of the organization. So the organization has to pay for the complete resource to the vendor even if just service is not required.The license to use the product is also very costly. The organization has to pay for the complete product even if a part of the service is required. In the depicted object of cloud computing, the users nee d not to pay for the entire service or product, he will pay only for the part of the service. For ex adenylic acidle, a service is created for user-id creation and as most of the organization needs this policy, so this policy is created and configured in the divided pool of resources. Now the different organizations mint access the service as per their use. This helps in overall reduction of the total cost of accessing the service.These resources are configured in a shared pool of resources. These shared resources include the servers, storage, networks, services, etc. Cloud computing has m all forms and these forms are mainly as described here Software as a service of process, program as a Service, and Infrastructure as a service. This technology has many advantages but it has some disadvantages too. As discussed above, that the services are provided by a third party vendor, so the responsibility to provide support and maintenance is also taken care by the third party service pr ovider.When a company access the service using cloud-computing, the crucial business selective information resides in remote servers provided by the third party so on that point are lot of risk related to data privacy and confidentiality. The research related to analyzing the vulnerabilities and associated threats is going on and suitable actions are being taken to go through the risk level. Cyber Security Vulnerabilities, Threats and Actions Vulnerabilities refer to the loop holes in the form or the flaws in the system. When an organization has decided to move on the cloud, thence it should also run into the associated vulnerabilities and the threats.Some of the major(ip) vulnerabilities are discussed below Session Hijacking It means that the cloud or the required service is hacked by the hackers using a valid academic session key. This key is employ to come upon the unauthorized access on the critical resources of the organization. Once hacked, the hackers stomach have the complete access on the systems, and they can come any malicious activity they want to do, to hit the company resources. If proper and effective security measures are not followed in the infrastructure then it whitethorn cause a heavy business loss in terms of financial terms as well as the reputation of the organization.Probability of Occurrence The opportunity of situation of these types of attack is in general high. The reason being is that the attackers reenforcement on continuously scan the system to find out the vulnerabilities in it. Once they get together the access, they just execute their jobs. Effective Policies & Procedures To mitigate this diversity of risk, firewalls should be use in the system at the right places. Firewalls stay unauthorized access of data. Rules and policies should be configured to protect the session keys. To increase the awareness among employees, a proper training should be given to them.For example, session monitoring should be done to k eep a check on the malicious activities. Virtual Machine Access In this technology, the servers uses same resources like operating system, business applications, etc which are used by the virtual machines & other servers. If the attacker is successful in to gaining the unauthorized access to any of these system resources, then the whole system can be compromised easily. If other virtual machines are also located in the same configuration zone then there is a high risk of compromising other virtual machines too.This may directly hit the operating system and the host server and hence all the services hosted by the server. Probability of Occurrence The opportunity of occurrence of these types of attack is also high. As the flaws in the software or hardware becomes the root cause of these types of attacks. The bugs or flaws in the software are identify at a later stage and regular updates or patches needs to be applied on the software. Effective Policies & Procedures The software shoul d be regularly updated and patches should be applied on it.Hardware flaws should be take uped up using various tools. An effective network configuration is very important to mitigate this type of attacks. Service Availability This is a major weakness in cloud computing technology. No company can afford the unavailability of the required service. The company has to develop from a huge business loss in case of down quantify. The services offered by the cloud are not much reliable, any outage in the system may cause the services to stop working and hence the services will not be accessible. And this would be again responsible for a major loss to the company.Service Level Agreements (SLA) must be well defined and signed by both the involved parties and the above mentioned issues should be discussed and taken care using the SLAs. Backup plans should be carefully designed and implemented so that the risk level can be controlled. In case of any outage, lets say electricity outage, can be taken care by switching to electricity generators or other back-up devices. Probability of Occurrence The probability of occurrence of these types of attack is generally low. This types of issues rarely occur in any organization.Service providers mostly keep the title resources so that the system working remains continuous. And in case of some issues, switches to the ready back-up resources can be easily done. Effective Policies & Procedures To mitigate this kind of risk, firewalls should be implemented in the system at the right places. Firewalls prevent unauthorized access of data. Rules and policies should be configured to protect the session keys. To increase the awareness among employees, a Cryptography Flaws This flaw refers to the weakness in the cryptography techniques implemented in the cloud based system.Hackers can easily decode the encoding mechanism used in the system if there are some security gaps, for example if the key used in the encryption mechanism is not secur e and strong enough then the attacker can easily gain the access to the key and hence they can easily decode the encrypted message to the original text form. Probability of Occurrence The probability of occurrence of these types of attack is generally medium. The reason being is that most of the times, attackers could not find out the key used to encrypt the data or it is difficult to decode the encoded data.Effective Policies & Procedures To mitigate this kind of risk, strong cryptography techniques should be used. Ethical hacking can be done intentionally just to test the security level of the complete system. This test will help in analyzing the security gaps in the system and then these loop holes can be filled with effective security procedures. Data Privacy When the data resides in third party servers, then this risk of data privacy always persists. As the crucial data is handled and managed by the third party, so there are high chances of risks to data privacy and confidentia lity.Basically an agreement is signed-off between the parties for accessing the services. It should also include the issues related to maintaining privacy of data. Suppose the contract gets completed, now what would happen to the data which is stored in the third part servers? Probability of Occurrence The probability of occurrence of these types of attack is generally high. The reason being is that the data is always accessible to the service provider. Service providers take care of the support and maintenance of the data too. This risk is generally high.Research is going on so that this issue can be differentiate out. Effective Policies & Procedures These kinds of issues should be openly discussed with the service provider forwards signing any agreement. Vendors Technique As the technology is growing, there are lots of vendors coming up in this industry. Sometimes these vendors are immature and they follow the platform specific techniques which cause trouble in migrating to the new service or integrating with other services. The developed technology will be of no use if it cannot be updated or integrated with other services as per the requirement.Probability of Occurrence The probability of occurrence of these types of attack is generally medium, as it varies with the knowledge and experience of the service provider. Effective Policies & Procedures Proper research should be done before finalizing the right vendor. The initial requirements should be crystal clear so that both the parties should understand what actually needs to be done. There should not be any communication gap between both the parties so that in case of some issues, the right action can be taken immediately to fill the gaps.Dependency on Internet As discussed above, the services are accessed through a cloud of shared resources. This cloud refers to internet. So in other word we can say that the services are accessed through the internet which means that the services are highly dependent on internet. Suppose internet goes down then the client will not be able to access the required services. Probability of Occurrence The probability of occurrence of these types of attack is generally low. The reason is that backup plans are ready for the service in case of some emergency.As the service provider also realizes the importance of internet so enough resources are used so that the system does not suffer from any kind of outages. Effective Policies & Procedures To mitigate this kind of risk, backup plans should be ready and available all the time so that if at any time, the system disrupts, the backup plans can be used so that the functioning of the system does not affect in any way. There are other important security threats too which are associated with cyber-security. These are discussed below Denial of Service (DOS) Attack Denial of Service attacks are also known as DOS attacks.Due to these attacks, the legitimate requests of the end users are not completed due to heavy loading of the host server caused by the fake calls. Attackers may hit the routers or over flood the host server using the fake calls and this prevents the legitimate calls to execute. This may cause the complete severance in the system. Appropriate rules and filters should be configured in the firewall to mitigate the risk associated with these attacks. Customer Satisfaction Customer satisfaction increases with the implementation of the above mentioned policies and procedures.The implementation fundamentally helps in the availability of the service in a secure environment. And customers would be happy to gain access to the required service whenever they need and as per their requirement and that too in a secure environment. Hence we can say that the implementation of the above mentioned policies and procedures helps in increasing the customers satisfaction level. final stage In this research paper, various security vulnerabilities and the associated threats related to cloud compu ting are discussed.Cloud computing really helps in reducing the overall cost of accessing a service. But the security risk associated with this technology cannot be ignored. Proper security measures should be implemented in the system. Secure protocols should be designed and configured so that a balance can be achieved between the cost and the security level. References 1. Blaisdell, R. (2011, February 24). How Much Can You Save On Your Cloud Computing Implementation? Retrieved from Ezinearticles. com http//ezinearticles. com/? How-Much-Can-You-Save-On-Your-Cloud-Computing-Implementation? ampid=5989672 2. European Network and Information Security Agency. (2009). Cloud Computing Benefits, risks and recommendations for information assurance. Heraklion European Network and Information Security Agency. 3. Mell, P. , & Grance, T. (2011, September). The NIST Definition of Cloud Computing. Retrieved from US plane section of Commerce National Institute of Standards and Technology, Special Publication 800-145 http//csrc. nist. gov/publications/nistpubs/800-145/SP800-145. pdf 4. Meiko Jensen ,Jorg Sehwenk et al. , On Technical Security, Issues in cloud