Thursday, December 12, 2019

Project Proposal And Plan Cloud Security †Myassignmenthelp.Com

Questions: What Security Threats Are Faced By Cloud Computing Technologies? What Cloud Security Solutions Are Available And How Do They Work? What Latest Technologies Are Used For Protection Of Cloud Platforms? What Are The Best Practices In Cloud Security Enhancement? Answers: Introduction Cloud computing is a rapidly growing technology that gives on demand access to a shared pool of computing resources to users such as servers, storage, networks, and services. There are four deployment models in cloud and these include public, private, community, and hybrid, and three services models including SaaS, PaaS, and IaaS (MYOB, 2016). Innovation in Security Systems There are several security standards that are available for the protection of cloud based platforms such as XML encryption, XML key management, Security Assertions, Transport Layer Security, and so on. TLS provides security through the use of authentication and confidentiality in the transport layer of the application architecture. It is a very old protocol that was used for internet security. However, the history has shown that there have been Accounting security violations despite this protocol such as breaches, truncation, padding, and renegotiation(Varmour, 2011). By 2002, XML encryption came that involved encryption of documents as well as data elements through the use of algorithms such as AES, DES, and RSA(Security Awareness Program Special Interest Group, 2014). However, attackers could still decrypt this data by sending modified ciphers. To prevent this from happening, XML signature was added to the security layer (Luhach, Dwivedi, Jha, 2014). It reduced the vulnerabilities but added more issues due to complexities involved. XKMS was the next innovation in the security space that created an interface between the XML code and the web space KPI. The attacks upgraded themselves with newer attacks in response such as reply attacks and Denial of Service attacks that failed even XKMS security (Youseef Liu, 2012) A variety of other attempts to secure systems exposed to internet included SAML and Kerberos for authentication and authorization to enhance protection against the reply attacks and other attacks like eavesdropping (TrustSphere, 2012). Cloud Computing Security Framework Figure 1: Framework for Secure Cloud Computing(Kaur Kumar, 2016) A framework for secure cloud computing suggests there are three components of security including security and privacy requirements, attacks and threats, and concerns and risks. Attacks include injection, spoofing, Denial of Service, Wrapping, etc. These attacks cause concerns and risks that are addressed through mechanisms like access control, data monitoring, encryption, testing, access control and incident management. The Security and privacy requirements of cloud based systems can be authentication, authorization, integrity, compliance, governance, accountability, and so on(Youssef Alageel2, 2012). Research and Systems Development method The research would utilize the cloud security framework as the base to determine different types of threats, risks and the innovations in the security systems used for protection of cloud computing. As per this framework, the study on cloud computing security can explore threats, risks, and security requirements. Each of the areas would be explored in the case studies taking threats or attacks as the key problem causing threats such that the innovations done for combating them would be identified. Data collection For exploring the challenges and solutions to the security issues in cloud computing, a qualitative research would be conducted where the data on risks, threats and security technologies would be collected journals, security websites, and academic research reports. Specific cases of cloud security solutions would be studied for which the data would be taken from past journals and research reports (Optus, 2016). Ethical Issues The secondary data would only be collected from the authentic sources that have verifiable data. To ensure that the research maintains the ethical code, the data obtained would not be modified by would be used in the case study analysis as it is(MYOB, 2016). Compliance Requirements This project would present solutions based on the defined security framework for cloud computing. Analysis of data A multiple case study analysis would be conducted on the secondary cases data to extract the data on risks, threats and security solutions. The case studies would include the exploration of some of the security threats like DDOS, cloud injection, and Meta spoofing. In each case, the risks and possible solutions would be explored to identify innovative solutions that were able to secure the cloud against these risks. Further, upon getting the analysis of all cases, a combined case study analysis would be performed on the results obtained to come up with the final recommendations for the enhancement of the security of a cloud system. Project Plan Deliverables The deliverables of this research project are: Exploration of various types of risks and concerned in the security of cloud computing Study of various types of security attacks such as spoofing, DDOS and injection attacks Exploration of cases of types of attacks and the solutions used for protection Analysis of different case to identify best security solutions Recommendations on enhancing the security of the cloud computing system based on case study analysis Development of a security enhancement plan based on the security solutions identified in the data analysis as efficient. Work breakdown structure (WBS) 1.0 Explore Literature 1.1 Cloud Computing system 1.2 Security Concerns and Risks 1.3 Security Threats and Attacks 1.4 Security Solutions 2.0 System development framework 2.1 Cloud Security Framework 2.2 Study of Security components 2.2.1 Risks and Concerns 2.2.2 Threats and attacks 2.2.2.1 Spoofing 2.2.2.2 DDOS 2.2.2.3 Cloud Injection 2.2.3 Security Technologies 3.0 data collection 3.1 Case Studies 3.1.1 Journals 3.1.2 Research reports 3.1.3 Security companies websites 4.0 Case Study analysis 4.1 Case Study analysis 4.2 Multiple case study analysis 4.3 Security solutions 5.0 Cloud Security System development 5.1 Security components 5.2 development methodology 5.3 Security Solutions 6.0 project closure Risk Analysis The table below shows various types of risks that can occur on the research project and presents a response plan to deal with them/ Risk Probability Impact Response plan Sufficient literature may not be found for collection of case data Medium High The scope of research cases would be limited to only few threats that have the data available Delays can happen in completion of research tasks Medium Medium The researcher would create a timeline for milestones and would keep monitoring the work against it to ensure that the research steps are conducted as per the timeline The results of the research may not sufficient to add value to the field of research Low High The researcher would do an exhaustive study of literature, identify gaps and would work on those gaps to ensure that the research findings add value to the field of research The researcher may not be able to make any usable recommendations on the cloud security Low High Before making recommendations for strengthening of the cloud security, the researcher would get the probable solutions discussed with the tutor and peers to ensure that the selected solutions are appropriate. Duration This research project would be completed in 3 months. The initial literature study would take 3 days and the data collection for case studies would take another 15 days. The case study analysis would be finished in 20 days and the remaining days would be utilized for making interpretations of data, making recommendations, and preparing the research report. References Kaur, S., Kumar, D. (2016). Analysis of Cloud COmputing Security Framework in E-governance. IJCST , 7 (1), 99-102. Luhach, A. K., Dwivedi, D. S., Jha, D. C. (2014). DESIGNING A LOGICAL SECURITY FRAMEWORK FOR E-COMMERCE SYSTEM BASED ON SOA. International Journal on Soft Computing (IJSC) , 5 (2), 1-10. Ma, D. Q. (2008). A Review of Emerging Technology Trends in E-Commerce. International Technology Management Review , 1 (2), 2-15. MYOB. (2016, September 13). Company file security. Retrieved from MYOB: https://help.myob.com/wiki/display/ar/Company+file+security MYOB. (2016, September 13). Protecting your confidential information. Retrieved from MYOB: https://myob.com.au/myob/australia/myob-security-recommendations-1257829253909 OECD. (2008). Malicious Software (Malware): A security Threat to Internet Economy. OECD. Optus. (2016). Security in the cloud. Optus. Security Awareness Program Special Interest Group. (2014). Best Practices for Implementing a Security Awareness Program. PCI. TrustSphere. (2012). Advanced Security Methods for eFraud and Messaging. TrustSphere. Varmour. (2011). Pathway to Multi-Cloud Security Architecture. Varmour. Youseef, A., Liu, F. (2012). A new Framework to Model a Secure E-commerce System. International Journal of Social, Behavioral, Educational, Economic, Business and Industrial Engineering , 6 (2), 159-164. Youssef, A. E., Alageel2, M. (2012). A Framework for Secure Cloud Computing . IJCSI International Journal of Computer Science Issues , 9 (4), 487-500

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.