SlideShare a Scribd company logo

Cloud Computing

sahil lalwani, profile picture
sahil lalwani

This document discusses security risks associated with cloud computing and databases. The main security risks are data breaches, data loss, and service hijacking that can occur when sensitive data is stored in cloud databases. Two examples of past data breaches at large companies, Home Depot and Target, are described along with the steps they took to strengthen security and regain customer trust. Methods to overcome security challenges in cloud computing discussed are encrypting data, implementing strong key management practices, and giving users control over their encryption keys.

Technology
Related topics:
Cloud Computing Insights
1 of 6
Download to read offline
1
2
3
4
5
6
MIS 6326: DATA MANAGEMENT 1 Research topic: CLOUD COMPUTING AND DATABASE SYSTEMS Submitted by: Research Group 6 ================================================================= Introduction: “We believe we’re moving out of the Ice Age, the Iron Age, the Industrial Age, the Information Age, to the participation age. You get on the Net and you do stuff. You IM, you blog, you take pictures, you publish, you podcast, you transact, you distance learn, you telemedicine. You are participating on the Internet, not just viewing stuff. We build the infrastructure that goes in the data center that facilitates the participation age. We build that big friggin’ Webtone switch. It has security, directory, identity, privacy, storage, compute, the whole Web services stack.” - Scott McNealy, former CEO, Sun Microsystems. This statement by the former CEO of Sun microsystems sums up pretty much what the cloud computing is. Cloud computing is not an innovation, but a means to constructing IT services that use advanced computational power and improved storage capabilities. The main focus of cloud computing from the provider's view as extraneous hardware connected to support downtime on any device in the network, without a change in the users' perspective. Also, the users' software image should be easily transferable from one cloud to another. Though cloud computing is targeted to provide better utilization of resources using virtualization techniques and to take up much of the work load from the client, it is fraught with security risks [1] . The benefits of cloud computing are hard to dispute but the vulnerabilities it possess are also hard to neglect. GTRA research showed that the most common concern about implementing cloud programs was security and privacy, a finding supported by an IDC study of 244 CIOs on cloud computing, in which 75% of respondents listed security as their number-one concern[2] . Security within cloud computing is an especially worrisome issue because of the fact that the devices used to provide services do not belong to the users themselves. Security risks of databases in the cloud The increase in popularity of cloud computing in recent years has caused a tremendous growth of the systems which also poses more security risks. Increasing the size or adding capabilities to the cloud leaves the system to be exposed to many internal and external conflicts. With many security risks, keeping the dependency on cloud computing becomes a big challenge for many firms attempting to grow their databases. The following are the most common security risk cloud databases possess: Data Breach: One of the most common security risks cloud computing faces are data breaches in the system. Data breaches are incidents where sensitive or confidential data are accessed by unauthorized parties. Once that data has been breached, whoever accesses them may view, steal, use, or even manipulate the data to their advantage. These individuals or “groups of organized criminal elements [are] looking to rapidly monetize information [or] have a social
MIS 6326: DATA MANAGEMENT 2 or other agendas” (Green, 2013). Many retail stores face this issue when storing data pertaining to customer credit cards. Dealing with the security of these databases in the cloud for many firms becomes a challenge preventing data breaches. Data loss: Another common security risk cloud computing face are data loses. Since the data is stored in a combined database on a cloud, there is a likely chance multiple authorized users can gain access to a single piece of data. With that power, one person can go in a purposely delete the piece of data making it disappear from the database permanently. Data loss can also occur externally from hackers gaining unauthorized access to the system. Once hackers have entered the cloud database, they can manually go in and change data points or wipe out data that is stored causing data loss. Service Hijacking: A third common security risk is service hijacking causing hackers to gain full control of the service and use it to their control. With advanced cloud computing and complex systems, attackers will be able to access the database and hijack the service. Intruders will be able to exploit the service and weaken its security even further making it more vulnerable for other risks. Hackers can gain control of eavesdropping on users and change or delete data that can damage future records. Hijacking causes huge data breaches and data losses for any organization and can severely damage an organizations reputation. Overcoming hijacking can cause difficulty since the database is comprised and vulnerable for more attacks. Security breaches in the past and how it was overcomed  Home depot: Issue: Breach of database security leading to leakage of customer’s credit card information. Information used by hackers for malicious practices. Steps taken: “We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges,” said Frank Blake, chairman and CEO. This statement was issued by Chairman and CEO of Home depot as soon as the investigations revealed a breach in the database security. The company took few steps to regain the lost confidence by the customers. A press release by Home Depot which reads as “The company’s new payment security protection locks down payment data through enhanced encryption, which takes raw payment card information and scrambles it to make it unreadable and virtually useless to hackers. Home Depot’s new encryption technology, provided by Voltage Security, Inc., has been tested and validated by two independent IT security firms.” [3] Home depot also decided to use EMV “Chip and PIN” technology after this major breach of security which compromised the users information and lead to loss of faith in the company. EMV refers to payment chip cards that contain an embedded microprocessor, a type of small computer that provides strong security features and other capabilities not possible with traditional magnetic stripe cards [4] . EMV relies on chip present in the card and the pin supplied by the customer at the merchant purchases rather than verifying signatures to validate the transactions.
MIS 6326: DATA MANAGEMENT 3  Target: Issue: Breach in the network of Target Corporation during the timeline of thanksgiving discounts for a period of 2 weeks. It is approximated that around 70 million records were compromised leading to customers information being used by hackers for unauthentic transactions. Steps taken: The retail giant took significant actions to strengthen its network and regain the lost confidence in customers, few of the steps include [5] :  Enhancing monitoring and logging  Includes implementation of additional rules, alerts, centralizing log feeds and enabling additional logging capabilities  Installation of application whitelisting point-of-sale systems  Includes deploying to all registers, point-of-sale servers and development of whitelisting rules  Implementation of enhanced segmentation  Includes development of point-of-sale management tools, review and streamlining of network firewall rules and development of a comprehensive firewall governance process  Includes decommissioning vendor access to the server impacted in the breach and disabling select vendor access points including FTP and telnet protocols  Includes coordinated reset of 445,000 Target team member and contractor passwords, broadening the use of two-factor authentication, expansion of password vaults, disabled multiple vendor accounts, reduced privileges for certain accounts, and developing additional training related to password rotation Target also announced its initiative to shift to the chip-and-PIN enabled cards. It planned to invest around $100 million to expedite the process of transition to chip and pin enabled cards and install supporting softwares and payment devices across all its stores. How to overcome security challenges of cloud computing Despite the limitations and security vulnerabilities, cloud computing continues to be a game changer for small and big enterprises. The security challenges can be overcomed by the following methods:  Data Encryption Major cloud service providers, such as Microsoft, Yahoo and Google have implemented data encryption settings of the end-users' data that they are hosting and managing. For example, Google Cloud Storage can now realize the automatic encryption to the new data written into the disk, and this server-side encryption will soon be used in the old data stored in the Google cloud, in order to protect the security of all data. Microsoft announced they will strengthen the encryption settings of all services provided by Microsoft, including Outlook.com, Office 365,
MIS 6326: DATA MANAGEMENT 4 SkyDrive and Windows Azure, etc. This method is extremely important for the security of data which is transmitted between enterprise users and suppliers.  The key management and data ownership Only if key management system is safe, the data encryption will be safe. When the cloud service provider uses encryption method, the user needs to know: If the cloud supplier leaks user’s data, or give the keys over to someone else, their data will be stolen. This concern has stimulated one method to protect the security of the cloud, which has enabled business users who are making use of cloud services to own their data key, and understand key management procedures when data is being used or transferred. More and more cloud providers, such as Vaultive, CipherCloud, TrendMicro and HyTrust have provided appropriate tools that allow business users to have greater control in the use of cloud services. For example, CipherCloud provides a gateway technology that allows business users to encrypt data when in transmission or storage. Meanwhile, the gateway allows enterprises to store the key and manage encrypted data stored in the cloud. The merge of this technique means that any departments can only get the data by the owner of the data, its purpose is to eliminate the behaviour that cloud service providers reveal the key to the third party.  Regionalization People have been always worrying about the server in the United States or other foreign countries because these suppliers are too far away from those enterprises. This concern caused many business users, especially those non-US business users prefer to use the cloud service suppliers in the local area in order to avoid the risk brought by the long distance. In Asia and Africa, especially in China, Many companies are very worried about the technology of these providers. They are now choosing cloud service suppliers outside the United States. Now the global cloud computing providers are distributed everywhere. In the past few years, in different parts of the world, there are hundreds of small public cloud service providers have sprung up, to serve in the local market. Many cloud service providers implement regionalization in order to improve the agility and performance. Conclusion: One of the biggest security worries with the cloud computing model is the sharing of resources. Cloud service providers need to inform their customers on the level of security that they provide on their cloud. Data security is major issue for Cloud Computing. There are many security risks that are associated with the implementation of cloud computing as a software service [6] . Risks can severely damage an organizations reputation and tarnish their cloud databases from recovering. Many organizations have already faced major security breaches and had to strategically overcome those barriers to strengthen their security. As cloud computing systems become more advanced and complex, there needs to be an increase on attention when scanning for possible attacks on those servers. Using different techniques and investing the skills to forecast future attacks will help organizations overcome security challenges and benefit from the database in cloud computing.
MIS 6326: DATA MANAGEMENT 5 References:  [1]: Vahid Ashktorab, , Seyed Reza Taghizadeh. (October 2012).Security threats and countermeasures in Cloud computing. Retreived from International Journal of Application or Innovation in Engineering & Management (IJAIEM)  [2]: “IT Cloud Services User Study,” IDC, Inc., October 2008.  [3]: Press release. (September 2014). Retrieved from Press release for home depot https://corporate.homedepot.com/MediaCenter/Documents/Press%20Release.pdf  [4]: About EMV. Retrieved from http://www.emvco.com/about_emv.aspx  [5]: Press release. (April 2014). Retrieved from “Target Appoints New Chief Information Officer, Outlines Updates on Security Enhancements”, http://pressroom.target.com/news/target-appoints-new-chief-information-officer- outlines-updates-on-security-enhancements  [6]: Rabi Prasad Padhy, Manas Ranjan Patra, Suresh Chandra Satapathy. (December 2011). Cloud Computing: Security Issues and risk challenges. Retrieved from IRACST - International Journal of Computer Science and Information Technology & Security (IJCSITS).  Green, S. (2013, March 12). The Companies and Countries Losing Their Data. Retrieved November 1, 2014, from http://blogs.hbr.org/2013/03/the-companies-and- countries-lo/  Neumann, P. G. (2014). Risks and Myths of Cloud Computing and Cloud Storage. Communications of the ACM, 57(10), 25-27. doi:10.1145/2661049  Phil Kernick, Chief Technology Officer , Balkanization of the Internet, Retrieved NOVEMBER ,15, 2013 from http://cqraustralia.blogspot.com/2013/11/balkanization- ofinternet.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed% 3A+SecurityBloggersNetwork+%28Security+Bloggers+Network%29  Ten ways to protect the data in cloud.(2013).In TechTargetChina. Retrieved August,23,2013,fromhttp://www.searchcloudcomputing.com.cn/showcontent_75964. htm
MIS 6326: DATA MANAGEMENT 6 Questions to audience  Do you think the cost of implementing new security measures will increase as the complexity of the database in the cloud increases?  Do you know any other major breach in security in the past and how did they tackle?  What are your methods for backing up our data? What offerings are available to back up data?

More Related Content

PDF
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Ulf Mattsson
 
PDF
ISSA: Cloud data security
Ulf Mattsson
 
PDF
IRJET- Medical Big Data Protection using Fog Computing and Decoy Technique
IRJET Journal
 
PDF
ISACA Houston Texas Chapter 2010
Ulf Mattsson
 
PPTX
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
Ulf Mattsson
 
PDF
Encryption Technique for a Trusted Cloud Computing Environment
IOSR Journals
 
PDF
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
IOSR Journals
 
PDF
Data Storage Issues in Cloud Computing
ijtsrd
 
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Ulf Mattsson
 
ISSA: Cloud data security
Ulf Mattsson
 
IRJET- Medical Big Data Protection using Fog Computing and Decoy Technique
IRJET Journal
 
ISACA Houston Texas Chapter 2010
Ulf Mattsson
 
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
Ulf Mattsson
 
Encryption Technique for a Trusted Cloud Computing Environment
IOSR Journals
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
IOSR Journals
 
Data Storage Issues in Cloud Computing
ijtsrd
 

What's hot (18)

PDF
Iaetsd cloud computing and security challenges
Iaetsd Iaetsd
 
PPTX
Microsoft Platform Security Briefing
technext1
 
PDF
Security and privacy approach of cloud computing
Jahangeer Qadiree
 
PDF
Where Data Security and Value of Data Meet in the Cloud
Ulf Mattsson
 
PDF
MIST Effective Masquerade Attack Detection in the Cloud
Kumar Goud
 
PDF
Law firms keep sensitive client data secure with CloudMask
CloudMask inc.
 
PDF
OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...
Editor IJMTER
 
PDF
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Ulf Mattsson
 
PDF
Towards Achieving Efficient and Secure Way to Share the Data
IRJET Journal
 
PDF
Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Hossam Al-Ansary
 
PDF
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...
cscpconf
 
PDF
Employment Feedback by Securing Data using Anonymous Authentication
IRJET Journal
 
PPTX
Big Data and Security - Where are we now? (2015)
Peter Wood
 
PDF
Global Security Certification for Governments
CloudMask inc.
 
PDF
Secure Data Sharing In an Untrusted Cloud
IJERA Editor
 
PPTX
Practical Security for the Cloud
Chirag Joshi, CISA, CISM, CRISC
 
PDF
Ad4502189193
IJERA Editor
 
PDF
Cloud Auditing
Jonathan Sinclair
 
Iaetsd cloud computing and security challenges
Iaetsd Iaetsd
 
Microsoft Platform Security Briefing
technext1
 
Security and privacy approach of cloud computing
Jahangeer Qadiree
 
Where Data Security and Value of Data Meet in the Cloud
Ulf Mattsson
 
MIST Effective Masquerade Attack Detection in the Cloud
Kumar Goud
 
Law firms keep sensitive client data secure with CloudMask
CloudMask inc.
 
OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...
Editor IJMTER
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Ulf Mattsson
 
Towards Achieving Efficient and Secure Way to Share the Data
IRJET Journal
 
Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Hossam Al-Ansary
 
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...
cscpconf
 
Employment Feedback by Securing Data using Anonymous Authentication
IRJET Journal
 
Big Data and Security - Where are we now? (2015)
Peter Wood
 
Global Security Certification for Governments
CloudMask inc.
 
Secure Data Sharing In an Untrusted Cloud
IJERA Editor
 
Practical Security for the Cloud
Chirag Joshi, CISA, CISM, CRISC
 
Ad4502189193
IJERA Editor
 
Cloud Auditing
Jonathan Sinclair
 
Ad

Similar to Cloud Computing (20)

PDF
IRJET- Security Enhancement for Sharing Data within Group Members in Cloud
IRJET Journal
 
PDF
User_Access_IIA-LA_3-9-2016
Karla Sasser, CPA CITP, CIA, CGMA
 
PPTX
CLOUD CHALLENGES challenges we face during cloud
mehrasampada98
 
PDF
Cloud Computing Security
Arunvignesh Venkatesh
 
DOC
Security Issues in Cloud Computing by rahul abhishek
Er. rahul abhishek
 
PDF
Cloud Security Challenges, Types, and Best Practises.pdf
manoharparakh
 
PDF
Fast & Secure Data Access Anytime, Anywhere
Home
 
PDF
Encryption Technique for a Trusted Cloud Computing Environment
IOSR Journals
 
PDF
H017155360
IOSR Journals
 
PDF
Encryption Technique for a Trusted Cloud Computing Environment
IOSR Journals
 
PDF
Module 5-cloud computing-SECURITY IN THE CLOUD
Sweta Kumari Barnwal
 
PDF
Data Stream Controller for Enterprise Cloud Application
IJSRD
 
PDF
Advancing integrity and privacy in cloud storage: challenges, current solutio...
IAESIJAI
 
PPTX
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
sarah david
 
PDF
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
sarah david
 
PDF
F017414853
IOSR Journals
 
PDF
DATA SECURITY ON VIRTUAL ENVIRONMENT USING ENCRYPTION STANDARDS
IRJET Journal
 
PDF
Enhanced security framework to ensure data security
eSAT Publishing House
 
PDF
Enhanced security framework to ensure data security in cloud using security b...
eSAT Journals
 
PDF
1784 1788
Editor IJARCET
 
IRJET- Security Enhancement for Sharing Data within Group Members in Cloud
IRJET Journal
 
User_Access_IIA-LA_3-9-2016
Karla Sasser, CPA CITP, CIA, CGMA
 
CLOUD CHALLENGES challenges we face during cloud
mehrasampada98
 
Cloud Computing Security
Arunvignesh Venkatesh
 
Security Issues in Cloud Computing by rahul abhishek
Er. rahul abhishek
 
Cloud Security Challenges, Types, and Best Practises.pdf
manoharparakh
 
Fast & Secure Data Access Anytime, Anywhere
Home
 
Encryption Technique for a Trusted Cloud Computing Environment
IOSR Journals
 
H017155360
IOSR Journals
 
Encryption Technique for a Trusted Cloud Computing Environment
IOSR Journals
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Sweta Kumari Barnwal
 
Data Stream Controller for Enterprise Cloud Application
IJSRD
 
Advancing integrity and privacy in cloud storage: challenges, current solutio...
IAESIJAI
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
sarah david
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
sarah david
 
F017414853
IOSR Journals
 
DATA SECURITY ON VIRTUAL ENVIRONMENT USING ENCRYPTION STANDARDS
IRJET Journal
 
Enhanced security framework to ensure data security
eSAT Publishing House
 
Enhanced security framework to ensure data security in cloud using security b...
eSAT Journals
 
1784 1788
Editor IJARCET
 
Ad

Recently uploaded (20)

DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
A Presentation on Artificial Intelligence
memembruh336
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Encapsulation theory and applications.pdf
gurumoop
 
Teaching material agriculture food technology
LiaRayya
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 

Cloud Computing

  • 1. MIS 6326: DATA MANAGEMENT 1 Research topic: CLOUD COMPUTING AND DATABASE SYSTEMS Submitted by: Research Group 6 ================================================================= Introduction: “We believe we’re moving out of the Ice Age, the Iron Age, the Industrial Age, the Information Age, to the participation age. You get on the Net and you do stuff. You IM, you blog, you take pictures, you publish, you podcast, you transact, you distance learn, you telemedicine. You are participating on the Internet, not just viewing stuff. We build the infrastructure that goes in the data center that facilitates the participation age. We build that big friggin’ Webtone switch. It has security, directory, identity, privacy, storage, compute, the whole Web services stack.” - Scott McNealy, former CEO, Sun Microsystems. This statement by the former CEO of Sun microsystems sums up pretty much what the cloud computing is. Cloud computing is not an innovation, but a means to constructing IT services that use advanced computational power and improved storage capabilities. The main focus of cloud computing from the provider's view as extraneous hardware connected to support downtime on any device in the network, without a change in the users' perspective. Also, the users' software image should be easily transferable from one cloud to another. Though cloud computing is targeted to provide better utilization of resources using virtualization techniques and to take up much of the work load from the client, it is fraught with security risks [1] . The benefits of cloud computing are hard to dispute but the vulnerabilities it possess are also hard to neglect. GTRA research showed that the most common concern about implementing cloud programs was security and privacy, a finding supported by an IDC study of 244 CIOs on cloud computing, in which 75% of respondents listed security as their number-one concern[2] . Security within cloud computing is an especially worrisome issue because of the fact that the devices used to provide services do not belong to the users themselves. Security risks of databases in the cloud The increase in popularity of cloud computing in recent years has caused a tremendous growth of the systems which also poses more security risks. Increasing the size or adding capabilities to the cloud leaves the system to be exposed to many internal and external conflicts. With many security risks, keeping the dependency on cloud computing becomes a big challenge for many firms attempting to grow their databases. The following are the most common security risk cloud databases possess: Data Breach: One of the most common security risks cloud computing faces are data breaches in the system. Data breaches are incidents where sensitive or confidential data are accessed by unauthorized parties. Once that data has been breached, whoever accesses them may view, steal, use, or even manipulate the data to their advantage. These individuals or “groups of organized criminal elements [are] looking to rapidly monetize information [or] have a social
  • 2. MIS 6326: DATA MANAGEMENT 2 or other agendas” (Green, 2013). Many retail stores face this issue when storing data pertaining to customer credit cards. Dealing with the security of these databases in the cloud for many firms becomes a challenge preventing data breaches. Data loss: Another common security risk cloud computing face are data loses. Since the data is stored in a combined database on a cloud, there is a likely chance multiple authorized users can gain access to a single piece of data. With that power, one person can go in a purposely delete the piece of data making it disappear from the database permanently. Data loss can also occur externally from hackers gaining unauthorized access to the system. Once hackers have entered the cloud database, they can manually go in and change data points or wipe out data that is stored causing data loss. Service Hijacking: A third common security risk is service hijacking causing hackers to gain full control of the service and use it to their control. With advanced cloud computing and complex systems, attackers will be able to access the database and hijack the service. Intruders will be able to exploit the service and weaken its security even further making it more vulnerable for other risks. Hackers can gain control of eavesdropping on users and change or delete data that can damage future records. Hijacking causes huge data breaches and data losses for any organization and can severely damage an organizations reputation. Overcoming hijacking can cause difficulty since the database is comprised and vulnerable for more attacks. Security breaches in the past and how it was overcomed  Home depot: Issue: Breach of database security leading to leakage of customer’s credit card information. Information used by hackers for malicious practices. Steps taken: “We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges,” said Frank Blake, chairman and CEO. This statement was issued by Chairman and CEO of Home depot as soon as the investigations revealed a breach in the database security. The company took few steps to regain the lost confidence by the customers. A press release by Home Depot which reads as “The company’s new payment security protection locks down payment data through enhanced encryption, which takes raw payment card information and scrambles it to make it unreadable and virtually useless to hackers. Home Depot’s new encryption technology, provided by Voltage Security, Inc., has been tested and validated by two independent IT security firms.” [3] Home depot also decided to use EMV “Chip and PIN” technology after this major breach of security which compromised the users information and lead to loss of faith in the company. EMV refers to payment chip cards that contain an embedded microprocessor, a type of small computer that provides strong security features and other capabilities not possible with traditional magnetic stripe cards [4] . EMV relies on chip present in the card and the pin supplied by the customer at the merchant purchases rather than verifying signatures to validate the transactions.
  • 3. MIS 6326: DATA MANAGEMENT 3  Target: Issue: Breach in the network of Target Corporation during the timeline of thanksgiving discounts for a period of 2 weeks. It is approximated that around 70 million records were compromised leading to customers information being used by hackers for unauthentic transactions. Steps taken: The retail giant took significant actions to strengthen its network and regain the lost confidence in customers, few of the steps include [5] :  Enhancing monitoring and logging  Includes implementation of additional rules, alerts, centralizing log feeds and enabling additional logging capabilities  Installation of application whitelisting point-of-sale systems  Includes deploying to all registers, point-of-sale servers and development of whitelisting rules  Implementation of enhanced segmentation  Includes development of point-of-sale management tools, review and streamlining of network firewall rules and development of a comprehensive firewall governance process  Includes decommissioning vendor access to the server impacted in the breach and disabling select vendor access points including FTP and telnet protocols  Includes coordinated reset of 445,000 Target team member and contractor passwords, broadening the use of two-factor authentication, expansion of password vaults, disabled multiple vendor accounts, reduced privileges for certain accounts, and developing additional training related to password rotation Target also announced its initiative to shift to the chip-and-PIN enabled cards. It planned to invest around $100 million to expedite the process of transition to chip and pin enabled cards and install supporting softwares and payment devices across all its stores. How to overcome security challenges of cloud computing Despite the limitations and security vulnerabilities, cloud computing continues to be a game changer for small and big enterprises. The security challenges can be overcomed by the following methods:  Data Encryption Major cloud service providers, such as Microsoft, Yahoo and Google have implemented data encryption settings of the end-users' data that they are hosting and managing. For example, Google Cloud Storage can now realize the automatic encryption to the new data written into the disk, and this server-side encryption will soon be used in the old data stored in the Google cloud, in order to protect the security of all data. Microsoft announced they will strengthen the encryption settings of all services provided by Microsoft, including Outlook.com, Office 365,
  • 4. MIS 6326: DATA MANAGEMENT 4 SkyDrive and Windows Azure, etc. This method is extremely important for the security of data which is transmitted between enterprise users and suppliers.  The key management and data ownership Only if key management system is safe, the data encryption will be safe. When the cloud service provider uses encryption method, the user needs to know: If the cloud supplier leaks user’s data, or give the keys over to someone else, their data will be stolen. This concern has stimulated one method to protect the security of the cloud, which has enabled business users who are making use of cloud services to own their data key, and understand key management procedures when data is being used or transferred. More and more cloud providers, such as Vaultive, CipherCloud, TrendMicro and HyTrust have provided appropriate tools that allow business users to have greater control in the use of cloud services. For example, CipherCloud provides a gateway technology that allows business users to encrypt data when in transmission or storage. Meanwhile, the gateway allows enterprises to store the key and manage encrypted data stored in the cloud. The merge of this technique means that any departments can only get the data by the owner of the data, its purpose is to eliminate the behaviour that cloud service providers reveal the key to the third party.  Regionalization People have been always worrying about the server in the United States or other foreign countries because these suppliers are too far away from those enterprises. This concern caused many business users, especially those non-US business users prefer to use the cloud service suppliers in the local area in order to avoid the risk brought by the long distance. In Asia and Africa, especially in China, Many companies are very worried about the technology of these providers. They are now choosing cloud service suppliers outside the United States. Now the global cloud computing providers are distributed everywhere. In the past few years, in different parts of the world, there are hundreds of small public cloud service providers have sprung up, to serve in the local market. Many cloud service providers implement regionalization in order to improve the agility and performance. Conclusion: One of the biggest security worries with the cloud computing model is the sharing of resources. Cloud service providers need to inform their customers on the level of security that they provide on their cloud. Data security is major issue for Cloud Computing. There are many security risks that are associated with the implementation of cloud computing as a software service [6] . Risks can severely damage an organizations reputation and tarnish their cloud databases from recovering. Many organizations have already faced major security breaches and had to strategically overcome those barriers to strengthen their security. As cloud computing systems become more advanced and complex, there needs to be an increase on attention when scanning for possible attacks on those servers. Using different techniques and investing the skills to forecast future attacks will help organizations overcome security challenges and benefit from the database in cloud computing.
  • 5. MIS 6326: DATA MANAGEMENT 5 References:  [1]: Vahid Ashktorab, , Seyed Reza Taghizadeh. (October 2012).Security threats and countermeasures in Cloud computing. Retreived from International Journal of Application or Innovation in Engineering & Management (IJAIEM)  [2]: “IT Cloud Services User Study,” IDC, Inc., October 2008.  [3]: Press release. (September 2014). Retrieved from Press release for home depot https://corporate.homedepot.com/MediaCenter/Documents/Press%20Release.pdf  [4]: About EMV. Retrieved from http://www.emvco.com/about_emv.aspx  [5]: Press release. (April 2014). Retrieved from “Target Appoints New Chief Information Officer, Outlines Updates on Security Enhancements”, http://pressroom.target.com/news/target-appoints-new-chief-information-officer- outlines-updates-on-security-enhancements  [6]: Rabi Prasad Padhy, Manas Ranjan Patra, Suresh Chandra Satapathy. (December 2011). Cloud Computing: Security Issues and risk challenges. Retrieved from IRACST - International Journal of Computer Science and Information Technology & Security (IJCSITS).  Green, S. (2013, March 12). The Companies and Countries Losing Their Data. Retrieved November 1, 2014, from http://blogs.hbr.org/2013/03/the-companies-and- countries-lo/  Neumann, P. G. (2014). Risks and Myths of Cloud Computing and Cloud Storage. Communications of the ACM, 57(10), 25-27. doi:10.1145/2661049  Phil Kernick, Chief Technology Officer , Balkanization of the Internet, Retrieved NOVEMBER ,15, 2013 from http://cqraustralia.blogspot.com/2013/11/balkanization- ofinternet.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed% 3A+SecurityBloggersNetwork+%28Security+Bloggers+Network%29  Ten ways to protect the data in cloud.(2013).In TechTargetChina. Retrieved August,23,2013,fromhttp://www.searchcloudcomputing.com.cn/showcontent_75964. htm
  • 6. MIS 6326: DATA MANAGEMENT 6 Questions to audience  Do you think the cost of implementing new security measures will increase as the complexity of the database in the cloud increases?  Do you know any other major breach in security in the past and how did they tackle?  What are your methods for backing up our data? What offerings are available to back up data?