31 IntroductionOne of the key technologies in cloud computing is Essay

3.1 Introduction

One of the key technologies in cloud computing is data. Cloud Service

Provider (CSP) such as Microsoft Azure, Google, Dropbox and Amazon deal

with a lot of data. It is not like the data in computers drives which con

tains mostly 2 terabytes but these CSP can handle up to petabytes of data

especially when Big Data becomes a trend in this era. So, of course, one of

the cloud computing services is to store data. Based on Data Security Basis,

there are 2 important things which are life cycle of data and Con?dentiality,

Integrity and Availability (CIA).

However, there are security issues happen

when handling the data. (Kumar, Raj, & Jelciana, 2017)

3.2 Data security basics

3.2.1 Data life cycle

In data life cycle, there are six stages; Create, Store, Use, Share, Archive and

Destroy. Firstly, when the user enter a data, it is automatically created. In

this stage, the data can move freely between any stages based on what the

user wants. Next, once it is created, the data will be stored outside the users

place, which means in CSPs side.

The data is called as data-at-rest since

there is no activity happens to the data. When the data is being used or in

use stage, the stage is called as data-in-use. (Kumar et al., 2017)

10

Data sharing stage is called as data-in-transit as it will be moved from

one location to another. The archive stage is also called as data-at-rest.

The destroy stage is called as data-after-deleted. All of these stages are

self-explanatory. To protect the data while it is in share stage, encryption

methods is used. When a data is deleted, there may be some digital data

that remains that allowing data to be reconstructed. It is called as data

remanence. (Kumar et al., 2017)

3.2.2 CIA triad

CIA triad is the three important properties of the data while three impor

tant properties associated to people who access the data are authentication,

authorization and nonrepudiation. Con?dentiality is data privacy; data that

is belong to CSC is not revealed to any unauthorized parties in any occasion.

Integrity of data is refers as the con?dence of data that stored in the cloud

is not ?ddled by any unauthorized parties. It is happens in data-in-transit.

Availability of data refers to whenever CSC needs or wants the data, the data

should be available to them without any occasion. (Kumar et al., 2017)

3.3 Data security issues

3.3.1 CIA Triad related

There are three main data security issues discussed in this research paper.

Firstly, CIA related security issues. It is happens when one of the triad is

not secured. For con?dentiality, there are a few examples of attacks such as

11

sensitive data are given to unauthorized parties by employees via a SD cards

or hard disks. Installing a spyware on a data server in order to send private

information to the attackers also one of the attacks on con?dentiality. Lastly,

doxxing, which is leaking private information such as social security numbers

or phone numbers about someone or an organization to do harm. (Kumar

et al., 2017)

Next is integrity. Threats on integrity are including penetrating a web

server in order to embed malware into webpages and web server-side script

ing. Next, is accessing a ?nancial server in order to falsify ?nancial records

maliciously. Lastly, turning a machine into a zombie computer in order to

control it through botnet. (Kumar et al., 2017)

The A in CIA triad is availability. Attacks on availability such as De

nial of Service (DoS) and Distributed Denial of Service (DDoS) attacks on

servers. Next is ransomware attacks. It happens when data is encrypted

on targeted device to make sure the authorized parties cannot use it until a

ransom is paid. Lastly is when an employee disrupting a server rooms power

supply in order to make the server o?ine. (Kumar et al., 2017)

There are a few ways to improve data security related to CIA triad.

Firstly, apply data encryption when data is not in motion (store, archive

and share stage). Generally, encryption method can provide con?dentiality

against attacks from cloud provider. Next, Third Party Auditing (TPA) can

be employed to check for the data integrity. Lastly, encryption keys should

not be stored along with encrypted data. (Kumar et al., 2017)

12

3.3.2 Authentication and Access Control (AAC) related

The second data security issues is in Authentication and Access Control

(AAC). When a user want to access a data, an authentication is needed.

There are many types of authentications but mostly people use passwords.

Password-based authentication are more subject to vulnerability especially in

a public cloud. It can be cracked by using brute force attacks, dictionary at

tack and phishing. A brute force attack is a repetition of successful attempts

of trying passwords combinations to break a website. It is a trial-and-error

method. (Kumar et al., 2017)

Next is dictionary attack. Di?er to brute force attack, a dictionary at

tack is an attempt to gain illicit access to a computer system by using a

very large set of words to generate potential passwords. The attacker use

a list of known or commonly used passwords. A dictionary of passwords is

tried to break a website. Lastly, phishing is also another way to crack a

password-based authentication. Phishing is a fraudulent attempt to obtain

sensitive information such as usernames, passwords and credit card details

by disguising oneself as a trustworthy entity in an electronic communication.

Some people would call it as scamming. (Kumar et al., 2017)

There are some important methods that can overcome AAC security chal

lenges. For example, multi-factor authentication can avoid attackers from

breaching a website. Next, Intrusion Detection System (IDS) or ?rewalls

can be implemented on di?erent network and cloud layers to enable access

control in cloud computing. Lastly, employing third-party identity manage

ment solutions also can prevent data security challenges in AAC. Examples

of third-party solutions are Microsoft Azure Active Directory, Okta identity

13

management and McAfee cloud identity manager. (Kumar et al., 2017)

3.3.3 Data Loss

The next data security issues is data loss. Data loss is a process or event

when that data being corrupted, deleted and/or made unreadable by a user,

software or application. It is also called as data leakage and occurs when one

or more data can no longer be utilized by the authorized parties. Data loss

can happen during data-at-rest and also when in motion. (Kumar et al.,

2017)

Data loss can occur for a lot of reasons such as data corruption. It is

occur the data become inaccessible to a user or an application. When a data

element loses its base integrity, it transform into a form that is unreadable or

not understandable by a user or application. Thus, it is inaccessible. Data

corruption usually happens when the data in sharing stage. (Kumar et al.,

2017)

The next reason for data loss to occur is when data being intentionally

or accidentally deleted or overwritten by a user or an attacker. Lastly, data

loss also occur when data is stolen over the network by network penetration

or any network intervention attack. (Kumar et al., 2017)

Data loss can be avoided by implementing backup and recovery for data.

(Kumar et al., 2017)

Still stressed from student homework?
Get quality assistance from academic writers!