Cloud Computing Security: Approaches & Requirements

Instructor: Muhammad Wannous

Muhammad has been teaching Computer Sci. and Eng. and has a Ph.D. degree in Computer Sci. and Electrical Eng.

This lesson covers the security aspect of the cloud computing environment. You will study the additional security concerns that are related to cloud computing and the techniques to address them.

Is the Cloud Secure?

Connie: the new IT engineer is studying cloud security as part of her training and she is finding a difficulty in getting things together. She heads to her coaching expert Teresa seeking some answers.

Connie: I have been studying about the cloud security for a while but can't tell whether it is as secure as the in-house IT environment or not! Many articles state that cloud service providers implement cutting-edge security features and policies, but others state that the nature of the cloud environment introduces additional vulnerabilities.

Teresa: Security remains a major concern when adopting cloud computing because of its architecture and out-sourced nature; however, the features available from the cloud service providers are quite useful to consumers.

Connie: So is the cloud more secure or more vulnerable?

Teresa (laughing): Both are true.

Connie: How the cloud is more secure for the consumer?

Teresa: We have to agree first that cloud service providers implement the best security features and policies available for in-house IT environment. Consequently, cloud service consumers will be benefiting from these features and policies because they are utilizing resources from the cloud service providers.

Connie: That's right. If you had a server with advanced security features and I was using your server for running my application then I would be benefiting from the security of your server.

Teresa: Exactly. However, there is the additional risk of placing data on a resource that is shared among many other consumers as in the cloud computing environment. If I shared my secure server with you and James then I should make sure that your data sets don't mix and that each one of you can't access the private data of the other.

Connie: Alright. I see the point here. But isn't it only a matter of user privileges within the operating system?

Teresa: Don't forget that the cloud is made up of distributed systems with resource pooling and multi-tenanted architecture. So, the issue is not as simple as setting the correct access level within the operating system.

Connie: True. I almost forgot this point.

Security challenges in the Cloud

Teresa: Security experts count a number of security challenges in the cloud including:

  1. Authentication
  2. Authorization
  3. Data security
  4. Data integrity
  5. Auditing

Authentication and Authorization

Connie: I thought that authentication and authorization were the same!

Teresa: No they are not. Authentication is about confirming the identity of the party requesting access to resources while authorization refers to setting the access rights to resources. A service consumer, for example, could be authenticated to log in but not authorized to access a certain resource. Several mechanisms exist for authenticating and authorizing users in the cloud. For example, the Single Sign-On (SSO) mechanism supports authentication and it has implementations adopting Security Assertion Markup Language (SAML) token, Kerberos, or One Time Password (OTP). You can follow a sample flow of SAML-token SSO authentication in Figure-1.

Figure-1: SAML-Token SSO Authentication
SAML-Token SSO Authentication

Connie: What is the benefit of having a single point of signing in?

Teresa: The SSO mechanism is particularly useful because it allows using different services after signing in one time.

On the other hand, the Open Authorization (OAuth) mechanism allows resource owners to share the resources they utilize in the cloud with web applications without handing over their important credentials. Figure-2 demonstrates the flow of OAuth mechanism. You can imagine the resource as an image file that you have in the cloud and the web application as a web-based photo editor.

Figure-2: OAuth flow
OAuth flow

Data Security

Connie: Great example. You made the things easier to comprehend. What about the other security challenges?

Teresa: Data security can be divided into security at rest and in motion. The data at rest refers to the data when it is stored in any form on any medium while data in motion points to the situation when data is being transferred over a connection. Symmetric_ and asymmetric encryption schemes are commonly implemented to secure data at rest. Secure transport protocols such as SSL and TLS are commonly used for securing data in motion. With relation to encryption, we have to keep in mind the importance of managing the keys starting from creation time until destruction.

To unlock this lesson you must be a Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use

Become a member and start learning now.
Become a Member  Back
What teachers are saying about
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account