3.6 Incident Response Incident response is the method for dealing with the security of a computer system when there is an attack. Incident response activities include incident verification, analyzing and containing the attack, collecting and preserving data, fixing the problem, and restoring services. Hence it is very essential to revise the organization's incident response plan and ensure that the differences between the computing environment of the organization and the cloud are addressed. This is a prerequisite for transitioning of applications and data but it is overlooked most of the time. To ensure security and privacy in cloud computing, it is important for the service provider and the subscriber to collaborate and formulate a well-defined incident response plan.
Businesses should monitor cloud service providers, have protocols to ensure compliance with the providers rules, and ensure that policies are in place to monitor and manage cloud service providers, offshore vendors and their associated outsourcing relationships. The future of cloud computing is certainly exciting, but moving more of our lives online means we will inevitably have to consider privacy, security and ownership of the information.
Because information and technology is the cornerstone for a wide array of businesses, keeping those resources protected and secure is a top priority. Moving to the cloud can alleviate some of the security overhead from organizations, but it also requires a closer look at the client/provider relationship. This association, and the mutual provisions and expectations, between entities is explicitly defined within the service level agreement (SLA). Therefore, it is important that the SLA includes considerations that will protect critical business data and processes while they are in the hands of a third party. The most important of these being detailed descriptions of the service provider's security, details on auditing and metrics capabilities, thorough separation of duties and responsibilities, and penalties for not complying with the security requirements (Greer, 2012).
As with anything, it is important to understand the risks and benefits in order to weigh whether or not moving to the Cloud is the best move for the business. Some companies, like Lavu, an iPad based point of sale system, operate solely on the Cloud. Without Cloud computing capability, some organizations would not exist. There are three different kinds of cloud storage available: Public Clouds, Private Clouds and Hybrid Cloud service. The differences between the types of cloud storage available can be deduced from the names.
The company may face many constraints in the computing env... ... middle of paper ... ...and chargeback. 4. Account Management Users are required to have an account for licensing purposes. The account management is a mean to keep cloud accounts in sync with the existing enterprise systems. The account management plays a crucial role as when an employee leaves the enterprise, it need to remove that employee’s account to prevent data leakage, should the employee decided to turn against the enterprise.
Concerns about cloud computing are further compounded by the need to comply with data security standards... ... middle of paper ... ...le, the cloud may even provide a safer environment for storing information, managing transactions, and conducting business. But even the most secure cloud vendors may not be fully compliant with PCI DSS standards or the privacy and data security laws in some countries. Hospitality companies should take precautionary measures to assure compliance, which, in the case of PCI DSS, often means that they will need to maintain an active role in meeting requirements. Additionally, companies should ensure that they are financially protected from the consequences of a data breach. They may be able to contractually transfer some of the risk to cloud vendors, albeit limited.
Cloud computing has three different definitions such as Infrastructure as a service (IaaS), Platform as a service (PaaS) and Software as a service(SaaS).All three definitions have different security issues. Network storage, virtualization and fundamental processing resources are provided by the service provider to customers in IaaS model where the customer deploy and run the software. With IaaS, cloud users have better control over the security com-pared to the other models as long there is no security hole in the virtual machine monitor .With PaaS, customers can deploy their application onto the cloud infrastructure without installation any tools. PaaS service provider needs to secure software platform stack. With SaaS, customer may use service provider software through a web browser.
Cloud Confidentiality The confidentiality of the cloud, or a system, can be guaranteed only under the condition that it is able to prevent unauthorized access. Zhifeng et al. (2013) states that within cloud environments, confidentiality implies that a customer’s data and computation tasks are to be kept confidential from both the cloud provider and other customers. Confidentiality remains as one of the greatest concerns with regard to cloud computing. This is largely due to the fact that customers outsource their data and computation tasks on cloud servers, which are controlled and managed by potentially untrustworthy cloud providers [1.x].
Now a day even though Cloud services offer flexibility, scalability, there have been proportionate concerns about security. As more data moves from centrally located server storage to the cloud storage. Security is the most important factor related to the cloud computing. As the users can stores his private data on cloud with the help of cloud service providers. Data stored on single cloud is risk of service availability failure due to attacker enters in single cloud.
Dierence Between Classical RE and RE for Cloud Adoption 1.1 Introduction Adopting cloud services bring fundamental changes in how organiza- tions function. Particularly, the requirements engineering process for cloud based systems is aected by problems that are very dierent from those of traditional systems. Cloud services are designed to satisfy the generic and wider requirements of the market, instead of satisfying the requirements of a particular organization. It is not ensured that the available features of the cloud will meet all user requirements. There- fore, during the evaluation of the cloud services users should be pre- pared to perform an extensive process of requirements prioritisation and negotiation .