Buch, Englisch, 300 Seiten, PB, Format (B × H): 178 mm x 254 mm
Solutions for Service-Oriented Organizations
Buch, Englisch, 300 Seiten, PB, Format (B × H): 178 mm x 254 mm
ISBN: 978-1-4842-0615-7
Verlag: Apress
Clouds face many threats like compromises of the hypervisor, insecure cloud storage, insecure images of VMs that are used infrequently, and remote cloud clients that face threats from malicious outsiders and insiders. Whether in a private cloud or third-party infrastructures, your services remain under threat and need protection that must be ever more sophisticated. Expert Cloud Security: Solutions for Service-oriented Organizations offers the solutions IT pros need to secure clouds from malicious sources as well as from poor security practices and IT ignorance.
Arpan Roy, a cloud security expert for Infosys, first takes a deep dive into security issues relating to cloud systems. These span four broad areas that include the computing infrastructure, the data, security in communication, and external and insider service integration threats. For each security issue, the reader will learn about the potential causes of threats, a comparative study of relevant security case studies in the area, and a range of possible countermeasures. Roy also provides background on each--the significance of each security area, its relevance to a service company that deploys or manages clouds, and the current state of research.
You will learn:
* Which attack scenarios are exploited most often in the cloud environmentAttack scenarios that require you to secure the hypervisor, prevent the exploitation by a co-resident VM, secure VM images, mitigate insider threats, secure cloud storage, eliminate abuse of lightweight SaaS clients, and protect data propagation in clouds. * Industry standards and innovations in cloud security in the form of hardware, firmware, and software security solutions aimed at securing cloud infrastructures.Wearing a practitioner’s glasses, Roy explores the relevance of each attack scenario and how to protect your company or clients from them. There are many threats to your company’s or client’s cloud, but as you will learn, knowledge, insight, and effective tools—all of which this book provides—can keep your cloud infrastructure working and secure at all times.
Zielgruppe
Popular/general
Autoren/Hrsg.
Fachgebiete
- Mathematik | Informatik EDV | Informatik Computerkommunikation & -vernetzung Cloud-Computing, Grid-Computing
- Wirtschaftswissenschaften Betriebswirtschaft Wirtschaftsinformatik, SAP, IT-Management
- Mathematik | Informatik EDV | Informatik Angewandte Informatik Wirtschaftsinformatik
- Mathematik | Informatik EDV | Informatik Technische Informatik Computersicherheit Datensicherheit, Datenschutz
- Mathematik | Informatik EDV | Informatik Computerkommunikation & -vernetzung Netzwerksicherheit
Weitere Infos & Material
Chapter 1: Introduction to Cloud Computing Chapter Goal: The emergence of Web 2.0 and with the emergence of on-the-go, easy-to-pay online payment gateways such as PayPal helped the rise of cloud computing, an evolution of utility computing. Content will include:
* Why cloud computing?* Cloud service models* NIST paradigms for cloud computingChapter 2: Cloud SecurityChapter Goal: In 2012, the International Working Group on Cloud Computing Resiliency
(IWGCR) asserted that a total of 568 hours of downtime (security or non-security causes) at 13 well-known cloud services since 2007 suffered an economic impact of more than $71.7 million dollars. Securing the cloud can help companies avoid at least 50% of this economic loss. Content will include:
* Cloud models based on security* Cloud security vs. virtualization security* Cloud security SLA PART I: Threats to the Cloud (Attack Scenarios)Chapter 3: Initiate Hypervisor SecurityChapter Goal: The most exploited attack scenarios in the cloud can be classified in order of
the four pillars of cloud service, namely (i) infrastructure, (ii) data, (iii) communication, and (iv) external service integration. Content will include:
* Hypervisor, privileged VM, rings of execution, and trusted computing base (TCB)* IDS placement for securing hypervisors* 3. State-of-the-art secure hypervisorsChapter 4: Prevent Side-Channel AttacksChapter Goal: Resource pooling in public clouds calls for multiple tenants to share the same infrastructure and resources. As a result, the attackers can exploit the fact that several VMs from different customers reside on the same host. The attacker can collocate his VM with the target VM and launch an attack on the target VM. Content will include:
* 1. Detecting co-residency of VMs2. Types of side channels in the cloud
3. Securing against side-channel attacks
Chapter 5: Secure Virtual Machine Images Chapter Goal: Due to the provision of on-demand computing resources from the cloud, VMs can be generated quickly by the users. After initial usage, these VM images are often left unattended for long periods of time. This state of being unattended for prolonged periods leads to issues in patching. Installing patches is essential to keep the VM image updated and hence secure. Content will include:
* VM sprawl problems* Attacks due to incorrect VM patching* Secure servicing of offline or hibernating VM imagesChapter 6: Secure Cloud StorageChapter Goal: Cloud-based storage is available both as paid service (e.g., Amazon Simple Storage Service-S3, Azure Blob storage) as well as free service (e.g., Dropbox). Integrity and availability of cloud-based storage is of paramount importance in cloud-based storage solutions. With the rise of big-data analytics, the security of big data computing and big data storage infrastructures is also important. Content will include:
* Storage architectures for secure cloud storage* Encryption solutions for secure cloud storage* Big data securityChapter 7: Secure Communication in the Cloud Chapter Goal: Two major issues fall under this area: (i) protection of end-to-end packet data propagation in clouds and (ii) unauthorized network-based access of cloud resources by using compromised cloud clients. Content will include:
* Network encryption (SSL, TLS) for cloud networks* Secure lightweight cloud clientsChapter 8: Secure Component Integration Chapter Goal: Several software-as-a-service applications such as Google Wallet uses other external SaaS applications (banking applications) to fulfill its service requirements. Compromising these external SaaS applications may lead to service compromise of the SaaS application using them. Such compromises need to be monitored. Content will include:
* Insider threats in the cloud* Secure group collaboration in cloud servicesPart II: Cloud Security SolutionsChapter 9: Hardware-based Solutions Chapter Goal: Purely hardware based solutions include hardware-based encryption where specialized hardware is used to implement algorithms for encryption. Content will include:
* Hardware-based encryption solutions* Secure cloud hardwareChapter 10: Software-based Solutions Chapter Goal: Software-based solutions are less expensive than hardware solutions. Content will include:
* Cloud-based anti-virus software.* Cloud-based data-leakage prevention (DLP) and Information Rights Management (IRM) solutions Chapter 11: Firmware-based Solutions Chapter Goal: Firmware solutions include software as well as a hardware component. Trusted Computing paradigms provide several such solutions. Trusted Computing guarantees the integrity of software involved in the computing. The Trusted Computing Group (TCG) has prescribed a set of standards for hardware and software for building trusted platforms. These procedural standards are implemented in a commodity chip called as Trusted Platform Module (TPM). Content will include:
* Secure cloud architecture combining secure cloud hardware with secure cloud storage and secure networking solutions* Trusted Computing Group and Trusted Platform Modules (TPM)Part III: Open ProblemsChapter 12: Some Open Problems Chapter Goal: Some open problems will be discussed:
* Predicting propagation of security failures on cloud based on dependency* Penetration testing of cloud-based applicationsAPPENDIX
