ebook img

CLOUD COMPUTING SECURITY: HOW RISKS AND THREATS ARE AFFECTING PDF

118 Pages·2012·1.59 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview CLOUD COMPUTING SECURITY: HOW RISKS AND THREATS ARE AFFECTING

CLOUD COMPUTING SECURITY: HOW RISKS AND THREATS ARE AFFECTING CLOUD ADOPTION DECISIONS _______________ A Thesis Presented to the Faculty of San Diego State University _______________ In Partial Fulfillment of the Requirements for the Degree Master of Business Administration _______________ by Takahiko Kajiyama Fall 2012 iii Copyright © 2012 by Takahiko Kajiyama All Rights Reserved iv DEDICATION This thesis is dedicated to my father, who worked hard to support his son’s and daughters’ educational endeavors. May he rest in peace. v The ancient Romans built their greatest masterpieces of architecture for wild beasts to fight in. – Voltaire vi ABSTRACT OF THE THESIS Cloud Computing Security: How Risks and Threats Are Affecting Cloud Adoption Decisions by Takahiko Kajiyama Master of Business Administration San Diego State University, 2012 Many IT professionals would agree that cloud computing is the most revolutionary information delivery model since the introduction of the Internet. For corporate management and decision makers, cloud computing brings many financial and functional benefits as well as serious security concerns that may threaten business continuity and corporate reputation. The definition of cloud computing is still blurry in a large part, because of the magnitude of the security risks and the virtually unlimited amount of information being published. The purpose of this research is to assess how cloud security risks and threats most commonly discussed today are affecting current and prospective cloud users’ decisions on adoption. In this research, both practitioner and academic literature was reviewed in order to incorporate views from both sides on cloud security, as well as technology white papers, government reports, and recent market and security articles. Then an online survey targeting current and prospective cloud users was conducted, and real-life driving and resisting forces of cloud adoption were assessed. The survey posed questions about a variety of security risks, and even though the respondents indicated concerns about these risks, none of them were voted as a “show stopper” in cloud adoption. Furthermore, the majority of respondents were confident with their cloud service providers’ protection mechanism, while being well aware of the existence of the risk. vii TABLE OF CONTENTS PAGE ABSTRACT ............................................................................................................................. vi LIST OF TABLES .....................................................................................................................x LIST OF FIGURES ................................................................................................................. xi ACKNOWLEDGEMENTS ................................................................................................... xiii CHAPTER 1 INTRODUCTION .........................................................................................................1  Background ..............................................................................................................1  Research Question ...................................................................................................3  Methodology and Sources........................................................................................3  2 PRACTITIONER LITERATURE REVIEW ................................................................5  Cloud Services and Models .....................................................................................5  Service Providers and Users ....................................................................................7  Security Standards and Compliance Organizations .................................................9  Non-Regulatory Organizations ................................................................................9  Significance of Security Standards and Compliance .............................................10  Recent Cloud Data Breach Incidents .....................................................................11  Epsilon Email Service ..................................................................................... 11  Nasdaq Directors Desk ................................................................................... 12  The 2011 GAO Report ...........................................................................................14  Security Benefits ............................................................................................. 14  Security Risks ................................................................................................. 16  3 RESEARCH LITERATURE REVIEW ......................................................................18  New versus Traditional Security Concerns............................................................18  New Security Threats and Vulnerabilities .............................................................18  Side Channeling .............................................................................................. 19  Shared Ecosystem and Fate Sharing ............................................................... 22  Vendor Lock-In ............................................................................................... 23 viii API Changes ................................................................................................... 24  Abuse and Nefarious Use................................................................................ 25  Traditional Security Threats and Vulnerabilities ...................................................26  Cross-Site Scripting ........................................................................................ 26  SQL Injection Flaws ....................................................................................... 27  Access Control Weaknesses ........................................................................... 29  Cross-Site Request Forgery ............................................................................ 30  Buffer Overflow Attacks................................................................................. 32  HTTP Header Manipulation, Hidden Field Manipulation, and Cookie Manipulation ................................................................................................... 33  Botnets ............................................................................................................ 34  Other Traditional Security Threats and Vulnerabilities .................................. 36  Other Cloud-Specific Concerns .............................................................................37  Regulatory Compliances ................................................................................. 37  Risk Assessment ............................................................................................. 38  Security as a Service (SECaaS) ...................................................................... 38  Cloud Security Best Practices ................................................................................39  Vendor Selection ............................................................................................. 39  Service Level Agreement (SLA) .................................................................... 40  Physical Isolation ............................................................................................ 41  Data Protection – Transmission ...................................................................... 42  Data Protection – Storage and Encryption ...................................................... 42  Virtual Machine Security ................................................................................ 43  Auditing .......................................................................................................... 44  Other Considerations in Cloud Adoption ..............................................................45  4 SURVEY METHODOLOGY .....................................................................................48  Creation and Distribution .......................................................................................48  Data Collection and Responses ..............................................................................49  Data Analysis Methodology ..................................................................................49  5 DATA ANALYSIS ......................................................................................................52  Introduction ............................................................................................................52  Survey Results and Findings ..................................................................................52 ix Current Cloud Usage....................................................................................... 52  Primary Drivers and Concerns for Cloud Adoption ....................................... 55  Security Risk and Threat Awareness .............................................................. 58  Risks and Threats Affecting Cloud Adoption Decisions ................................ 61  Defensive Measures ........................................................................................ 69  6 DISCUSSION ..............................................................................................................75  Cloud Benefits and Concerns .................................................................................75  Cloud Adoption Obstacles and Show Stoppers .....................................................76  Avoiding Costly Defensive Measures ...................................................................78  Research Limitations and Shortcomings ...............................................................78  7 CONCLUSION ............................................................................................................80  REFERENCES ........................................................................................................................82  APPENDIX  SURVEY QUESTIONS AND RESPONSES ...................................................................87 x LIST OF TABLES PAGE Table 1. Likert Scale to Numeric Point Conversion ................................................................50  Table 2. T-Test Result: Minimizing Software Licensing Fees as Benefit Expected to Gain by Adopting Cloud ..............................................................................................57  Table 3. Q18: Your Cloud Resources Can Be Used as a Platform for Launching Attacks, Hosting Spams and Malware, Software Exploits Publishing, and for Many Other Unethical Purposes ..................................................................................62  Table 4. Q19: Unauthorized Users, such as Hackers and Malicious Insiders, May Gain Access to Your System Due to Flawed Hypervisor, Insecure Cryptography, and So On ............................................................................................63  Table 5. Q20: Vendor-Provided Cloud Apis with Weak Authentication May Jeopardize the Confidentiality, Integrity, and Availability ..........................................63  Table 6. Q21: Shared Resources May Affect Your System’s Performance and Business Continuity .....................................................................................................63  Table 7. Q22: Physical Location of Your Data Is Unknown ...................................................63  Table 8. Q23: Your Data May Not Be Recoverable When an Unforeseen Event Takes Place .............................................................................................................................63  Table 9. Q24: Your Systems May Be Disrupted Entirely When an Unforeseen Event Takes Place ..................................................................................................................64  Table 10. Q25: Your Service Provider May Not Be Compliant with Regulatory Standards, Including the Internal Control, Compliance, and Internal Security Procedures ....................................................................................................................64  Table 11. Q26: When a Security Breach Takes Place, There May Be Little or No Forensic Evidence Available .......................................................................................64  Table 12. Q27: Unauthorized Access and Data Leakage Will Always Remain as a Possibility, No Matter How Much Effort You Put Into Cloud Security ......................64  Table 13. Q28: There Will Be Unknown Risks and Threats as Attackers Continue to Invent New Attacking Methods ...................................................................................64  Table 14. T-Test Result: Unrecoverable Data as a Risk Factor ...............................................67  Table 15. T-Test Result: Non-Regulatory Compliant Provider as a Risk Factor ....................69  Table 16. T-Test Result: Replication of Backup in One or More Cloud Storage ....................74

Description:
CLOUD COMPUTING SECURITY: HOW RISKS AND THREATS ARE AFFECTING CLOUD ADOPTION DECISIONS _____ A Thesis Presented to the Faculty of San Diego State University
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.