Please enable JavaScript.
Coggle requires JavaScript to display documents.
Virtualization and Cloud Computing, image, image, image - Coggle Diagram
Virtualization and Cloud Computing
The Virtual Environment
Virtualization benefits an organization by decreasing the number of physical machines (e.g. servers and workstations) required in the IT environment.
Cloud-Based Technology
Cloud-based technologies enable organizations like
Apollo
to access computing, storage, software and servers through the Internet. It moves the technology component from the organization to the cloud provider.
Cloud Computing
Cloud computing classifications are based on how the service models are deployed that are private, pulbic, hybird and comunity cloud
Top Threats to Cloud Computing
Cloud computing is susceptible to many of the same threats that affect physical enterprise networks. However, the cloud environment also introduces unique threats.
The Domains of Cloud Security
Domains of Cloud Security
There are many resources available promoting cloud computing security. A widely respected and referenced resource is the Security Guidance for Critical Areas of Focus in Cloud Computing v4 document. Developed by the Cloud Security Alliance (CSA), it promotes best practices to provide security assurance within the cloud computing domains. Specifically, the document covers 14 domains of cloud security.
Cloud Infrastructure Security
Infrastructure Security
The Infrastructure Security domain describes cloud-specific aspects of infrastructure security and the foundation for operating securely in the cloud.
Cloud infrastructure is the foundation on which virtualized cloud resources such as compute, networking, and data storage are built and deployed.
Application Development
To maintain security at all stages of application development,
Input Validation
Controlling the data input process is key to maintaining database integrity. Many attacks run against a database and insert malformed data. Such attacks can confuse, crash or make the application divulge too much information to the attacker. Scroll down to look at an example — in this case, an automated input attack.
Validation Rules
A validation rule checks that data falls within the parameters defined by the database designer. A validation rule helps to ensure the completeness, accuracy and consistency of data. The criteria used in a validation rule include the following:
Size – checks the number of characters in a data item
Format – checks that the data conforms to a specified format
Consistency – checks for the consistency of codes in related data items
Range – checks that data lies within a minimum and maximum value
Check digit – provides for an extra calculation to generate a check digit for error detection
Cloud Data Security
Cryptography
Cryptography is the science of making and breaking secret codes.
By storing and transmitting encrypted data, only the intended recipient can read or process it, and only if they have proper knowledge of the secret used in the encryption algorithm.
Encryption is the process of scrambling data so that unauthorized people cannot easily read it.
When enabling encryption, readable data is called plaintext, while the encrypted version is encrypted text or ciphertext. Encryption converts the plaintext readable message to ciphertext, which is the unreadable, disguised message. Decryption reverses the process.
Hashing
Hashing is a tool that ensures data integrity by taking binary data (i.e., the message) and producing a fixed-length representation called the hash value (i.e., message digest).
Hash functions are one-way functions used to verify and ensure data integrity. A hash tool can also verify authentication. It works by using a cryptographic hashing function to replace plaintext passwords or encryption keys.
Protecting VMs
Protecting VMs from VM Sprawl Attacks
It is a relatively easy process to create VM instances in a cloud. However, this may lead to a VM Sprawl issue, where an organization has many VM instances that are not properly managed. For example, it is common practice to create multiple VM instances when a project starts just to try different options. Some of these VMs may no longer be used but left running. If these running instances are not monitored and maintained, they eventually become outdated and vulnerable to attacks.
