Explain security architecture design for cloud computing./ Explain the design principles of cloud information security.

-

 SECURITY ARCHITECTURE DESIGN

Processes such as enterprise authentication and authorization, access control, confidentiality, integrity, repudiation, security management, etc. should be considered when developing a security architecture framework, as should operational procedures, technology specifications, people and organizational management, and security program compliance and reporting. To fulfill business objectives, a security architecture document should be created that defines security and privacy standards. Asset classification and control, physical security, system access restrictions, network and computer administration, application development and maintenance, business continuity, and compliance all necessitate documentation. A design and implementation program that includes a business case, requirements definition, design, and implementation strategies should be linked with the formal system development life cycle. Technological and design approaches, as well as the security processes required to deliver the following services across all technology levels, should be included in the security architecture.

  1. Authentication
  2. Authorization
  3. Availability
  4. Confidentiality 
  5. Integrity
  6. Accountability
  7. Privacy

The development of a secure architecture gives engineers, data center operations staff, and network operations staff a standardized blueprint for designing, building, and testing the security of applications and systems. Design reviews of new modifications may be more effectively examined against this architecture to ensure that they adhere to the principles outlined in the architecture, allowing for more consistent and effective design reviews.

VULNERABILITY ASSESSMENT

Vulnerability assessment categorizes network assets to better prioritize vulnerability-mitigation initiatives such as patching and system upgrades. It assesses the success of risk mitigation by establishing objectives such as reduced vulnerability exposure and faster mitigation. To close vulnerabilities before they may be exploited, vulnerability management should be linked with discovery, patch management, and upgrade management procedures.


Data Privacy

A risk assessment, as well as a gap analysis of controls and processes, must be conducted. Formal privacy processes and activities must be defined, maintained, and perpetuated based on this data. Privacy control and protection, like security, must be incorporated into the secure architectural design. Depending on the size of the business and the scope of activities, an individual or a team should be allocated and charged with safeguarding privacy. To handle data privacy issues and concerns, a member of the security team responsible for the privacy or a corporate security compliance team should engage with the business legal team. Typically, the security compliance team, if one exists at all, will lack formalized data privacy training, limiting the organization's capacity to effectively handle the data privacy concerns it already faces and will be repeatedly challenged in the future. The solution is to employ a consultant in this field, a Privacy specialist, or have one of your current staff members adequately taught. This ensures that your firm is ready to satisfy the data privacy requirement of its customers and regulators.


DATA SECURITY

Data-level security is the ultimate difficulty in cloud computing because sensitive data is the province of the organization, not the cloud computing provider. Enterprises will need to bring security to the data level to ensure that their data is secure wherever it travels. For example, using data-level security, the company can indicate that this data is not permitted to leave the United States. It can also compel the encryption of particular types of data and restrict access to the data to only specific people.


APPLICATION SECURITY

One of the crucial success elements for a world-class SaaS firm is application security. The security features and requirements are defined here, and the application security test results are examined. Application security methods, secure coding rules, training, and testing scripts and tools are often developed together by the security and development teams. Although product engineering will most likely focus on the application layer, the application's security design, and the infrastructure layers that interact with the application, the security team should give the security requirements for the product development engineers to implement.

The security and product development teams should work together on this. For application source code reviews, external penetration testers are utilized, and attack and penetration tests give an examination of the program's security as well as assurance to clients that attack and penetration tests are done regularly. Collaboration on application security that is fragmented and undefined might result in lower-quality design, development, and testing results.

Because many connections between businesses and their SaaS providers are made via the web, providers should secure their web applications in the cloud by following Open Web Application Security Project guidelines for secure application development and locking down ports and unnecessary commands on Linux, Apache, MySQL, and PHP (LAMP) stacks, just as they would on-premises. LAMP stands for Linux as the operating system, Apache as the web server, MySQL as the relational database management system RDBMS, and PHP as the object-oriented scripting language. PHP is frequently replaced with Perl or Python.


VIRTUAL MACHINE SECURITY

Physical servers in the cloud are aggregated to numerous virtual machine instances on virtualized servers. Data center security teams may not only duplicate conventional security policies for the data center as a whole to safeguard virtual machines, but they can also advise their clients on how to prepare machines for transfer to a cloud environment when suitable. Firewalls, intrusion detection and prevention, these integrity monitoring, and log inspection may all be implemented as software on virtual machines to boost server and application protection and compliance integrity when virtual resources migrate from on-premises to public cloud settings. By applying this conventional line of protection to the virtual machine itself, you can safeguard the migration of essential programs and data to the cloud. To enable centralized management of a server firewall policy, the security software loaded onto a virtual machine should include a bidirectional stateful firewall that enables virtual machine isolation and location awareness, allowing for tighter policy and the flexibility to move the virtual machine from on-premises to cloud resources. At the virtual machine level, integrity monitoring and log inspection software must be used. As a significant approach to virtual machine security, the software can be put into a single software agent that provides consistent control and management throughout the cloud while seamlessly integrating back into existing security infrastructure investments, providing economies of scale, deployment, and cost savings.



Comments

Post a Comment

Popular posts from this blog

Suppose that a data warehouse consists of the four dimensions; date, spectator, location, and game, and the two measures, count and charge, where charge is the fee that a spectator pays when watching a game on a given date. Spectators may be students, adults, or seniors, with each category having its own charge rate. a) Draw a star schema diagram for the data b) Starting with the base cuboid [date; spectator; location; game], what specific OLAP operations should perform in order to list the total charge paid by student spectators at GM Place in 2004?

-
Image
  b) The specific OLAP operations to be performed are: 1. Roll-up on date from date id to year. 2. Roll-up on spectator from spectator id to status. 3. Roll-up on location from location id to location name. 4. Roll-up on the game from game id to all. 5. Dice with status= “students”, location name= “GM Place”, and year=2004
Read more

Suppose that a data warehouse for Big-University consists of the following four dimensions: student, course, semester, and instructor, and two measures count and avg_grade. When at the lowest conceptual level (e.g., for a given student, course, semester, and instructor combination), the avg_grade measure stores the actual course grade of the student. At higher conceptual levels, avg_grade stores the average grade for the given combination. a) Draw a snowflake schema diagram for the data warehouse. b) Starting with the base cuboid [student, course, semester, instructor], what specific OLAP operations (e.g., roll-up from semester to year) should one perform in order to list the average grade of CS courses for each BigUniversity student. c) If each dimension has five levels (including all), such as “student < major < status < university < all”, how many cuboids will this cube contain (including the base and apex cuboids)?

-
Image
a) A Snowflake Shema is shown in figure below: b) The specific OLAP operations to be performed: 1. Roll-up on course from course_id to department. 2. Roll-up on a student from student_id to university. 3. Dice on course, student with department ="CS" and university = "biguniversity" 4. Drill-down on a student from the university to student_name. c) N = 4 dimensions The cube will contain 54 = 625 cuboids.
Read more

Explain network topology .Explain tis types with its advantages and disadvantges.

-
Network topology Network topology refers to how the nodes and links in a network are arranged. A network node is a device that can send, receive, store, or forward data. A network link connects nodes and may be either cabled or wireless links. Understanding topology types provides the basis for building a successful network. There are a number of topologies but the most common are bus, ring, star, and mesh: A bus network topology is when every network node is directly connected to a main cable. In a ring topology, nodes are connected in a loop, so each device has exactly two neighbors. Adjacent pairs are connected directly; non-adjacent pairs are connected indirectly through multiple nodes. In a star network topology, all nodes are connected to a single, central hub and each node is indirectly connected through that hub.  A mesh topology is defined by overlapping connections between nodes. You can create a full mesh topology, where every node in the network is connected to every other
Read more