Security in cloud computing is the main issue. Data should be kept in an encrypted form in the cloud. Proxy and brokerage tools should be used to limit client access to shared data directly.
Before using a specific resource to cloud, one should need to evaluate various conditions of the resource such as:
- Choose a resource that requires moving to the cloud and evaluating its sensitivity to risk.
- Understand the data storage process of the cloud service provider and its transition to and from the cloud.
- Consider models of cloud services like IaaS, PaaS, and SaaS. Such models demand that customers should be responsible for protection at various service levels.
- Consider the type of cloud to use, such as public, private, community, or hybrid.
Understanding Security of Cloud
A specific service model describes the boundary between the customer and the responsibilities of service providers. The cloud security alliances (CSA) stack model is a model which helps to explain the limits between each service model and also shows how various functional units relate to each other.
The following figure shows the CSA stack model:
Understanding Data Security
Because all the data is transferred via the internet; data security is the main concern in the cloud. There are various key mechanisms for protecting data.
- Access control
Isolated Access to Data
Because the information stored in the cloud can be accessed from anywhere, we need a mechanism for isolating and shielding data from direct access by the user.
- Brokered cloud storage access is a strategy to cloud storage isolation. Two programs are being developed in this approach.
- A broker with complete processing access but no customer access.
- A proxy with no storage access, but access to both the broker and the client
Working of Brokered Cloud Storage Access System
When the client sends a request to access data:
- The request of the client goes to the external service interface of proxy.
- The proxy sends the request to the broker.
- The broker asks for cloud storage data.
- The proxy must give the information to the server at last.
The following figure shows the entire above steps