Category: cloudsecurity

Previous article in series – Security Considerations for PaaS When SaaS is consumed from a public cloud service provider, the security options that the customer can control may be only at the application level. In that model, application security is the responsibility of the cloud service provider, but the customer retains responsibility for identity access…

Previous article in the series – IaaS: Cloud Virtual Infrastructure Threats With the PaaS (platform as a service) model the vendor offers a complete development environment in which application developers can create and deploy their code. This avoids the need to build a server environment to run an application and the need to install a…

Previous article in series – IaaS: Hypervisor Security Provisioning tools and VM templates are exposed to different attacks that attempt to create new unauthorized VMs or patch the VM templates to infect the other VMs that will be cloned from this template. These new categories of security threats are a result of the new, complex,…

Previous article in series – Cloud Computing: Shared Security Model The hypervisor acts as the abstraction layer that provides the management functions for required hardware resources among VMs. Virtual machine attacks: Active VMs are vulnerable to all traditional attacks that can affect physical servers. Once a VM is compromised, it may be able to attack…

In cloud computing, security is a shared responsibility between the CSP and the customer. The service model will dictate the general responsibilities, but specifics will also vary based on the actual service being consumed. Security Considerations for Infrastructure as a Service (IaaS) Within IaaS, a key emphasis and focus must be placed on the various…