CLOUD COMPUTING MODULE 4 BCS601 | 22 Scheme VTU 6th SEM CSE

Hello everyone. Today in this video I'll

be discussing the module four of cloud

computing and in this module we have

about the cloud security. Some concepts

are there. Make sure you watch this

video till the end so that easily you

can score more than 80% marks. I'll be

discussing the most important questions

from the exam point of view. And before

starting please do like and subscribe.

It helps me make more videos like this.

And if you have any questions you can DM

me here. Okay. So without wasting more

time let's get started. So I'll be

covering all the topics which you need

to know from the exam point of view. The

first topic is top concerns for cloud

users security. Okay. Now see the trend

is that whatever the company is there

and whoever is using the computers they

are transferring the data to the cloud

but it is uh not that safe. Okay. Cloud

also has some security issues that we'll

be discussing. Okay. We think that once

all the data is moved to the cloud.

Okay. All the data which is there if it

is moved to the cloud it is in safe and

secure. But it is not true. Why? Because

first reason is false sense of security.

The belief that cloud providers handle

all the security can lead to neglect of

critical risk. Because C providers do

not handle all the security. Okay. And

loss of control. Once we have given the

data, the users lose the direct control

over the data. Unauthorized access and

insider threats can also happen. Means

someone external can attack to the cloud

and take your data. Okay. And data

storage vulnerabilities. The data which

is there that could be exposed during

processing and deletion. Backup process

are not transparent. Lack of

standardization. No uniform rules are

present which uh due to which the

processing happens. There are no rules

present. Okay. It just happens. Okay.

And legal and jurisdiction issues data

may be stored across multiple countries.

Okay. The servers which are there that

might be across multiple countries. So

that the nearest to which country you

are it will be taken from that place.

Okay. So that's why they keep in

different countries. But different

countries means different rules. We

don't know with unclear applicable rules

what will be the protection of the data.

Okay. And multi-tenency risks. Shared

infrastructure can lead to large scale

breaches. Okay. And future technology

risks. Emerging system like autonomic

computing may introduce unpredictable

security issues. As a technology rises,

the hackers also use the technology to

hack our systems. Right? So it is a

risk. Outsourcing chain risks, limited

audibility and compliance means we are

not aware of what's happening in the

behind the scenes because of some uh

policies. We don't know what they are

doing with our data. Right? So these are

the things which are happening. 10

things are there. Okay? Any five you can

remember from the exam point of view.

And to minimize the risk the contract

between the user and the cloud service

provider. CSP means cloud service

provider. The user and the cloud service

provider there should be some agreement.

What should be the agreement?

Obligations to handle sensitive

information and its obligation to comply

with the privacy laws. Liabilities for

mishandling the sensitive information or

data loss. They should be paying the

price for it. The rules for governing

the ownership of the data. Specifying

geographical location where your data is

stored and where it can be stored. Okay.

And there are multiple ways in which the

cloud security becomes risky. Okay, few

more things are traditional security

threats. Why cloud security can become

risky? It can happen at the user site.

Some other fake email can come, a spam

email can come and you click on it and

your data will be accessible by them.

Authentication and authorization is not

up to that level. Distributed denial of

service. Many hackers try to access your

data at once and the system gets hanged.

Fishing that is making you fool and

you'll be clicking the link and the

they'll be able to access it. SQL

injection means some script they will be

writing and you'll be downloading that

file in the name of some other song or

something and that will not be a song.

It will be actually a hacker script and

your data will be gone to them. Cross-

site scripting from the different sites

they will be attacking and attacking on

the virtual machines also. So these are

some of the traditional methods which

are used for hacking. Okay. Traditional

security threats are there. Same goes

for the cloud data as well. So if your

data is stored in the cloud also these

same things can happen there also.

Availability of cloud services. Cloud

services may not be always available.

Okay. System can fail, power outages can

happen and even an earthquake or

something else can happen which could

shut down the cloud services for long

period of time and you'll not be able to

access also them. Once cloud is gone,

you'll not be able to access because

entire data of yours is stored in the

cloud without any backup. Right? And

third party control. There will be third

party people who are using you don't

know who is using. There is lack of

transparency present. Right? And storing

of proprietary data your important data

which is there that could be leaked to

the hackers. Okay? and privacy issues

also they they are using your data

without asking you. Okay. And broken

authentication. People without

authentication can also access your

data. If there is any broke breakage in

that hacked interfaces and APIs, APIs

can also be used if they are not secure.

Permanent data loss. The hackers can

delete your data forever. Then what you

will do? Your data is gone in the cloud.

It will be there and the hacker will go

and delete your data. Okay. So these are

the risks. Few more risks. Okay. What is

related to the cloud security? Now next

topic is the privacy and privacy impact

assessment. What is privacy? Privacy

means something not to be disclosed.

What is personal to you, private to you,

that has to be not to be disclosed to

the whole world. That is called as

privacy. There are laws preventing the

usage of users data without consent. But

they are not fully followed by all

websites as we all are all aware of it.

Whatever we try to um means if we make a

search in a Google about some shoes and

we open Instagram or Facebook, they will

be seeing the shoes ads and all right.

So it's very clear that our data is

being sold to other companies. Okay.

without our consent. And the main

aspects of cloud privacy are lack of

users control. We cannot control what

data is a potential unauthorized

security secondary use that is using for

ads and data proliferation and dynamic

provisioning. Okay. All website should

follow the four practices to ensure that

the users data is secure. Okay. Notice

should be there. If any data is going to

be used for some other purposes, there

should be a notice and we should be

given a choice whether we are allowing

it or not. Okay. That's the second

point. And the third point is access.

Access should be given whatever the

information is being collected that

should be accessible to us whether we

want to continue it or not. Okay. And if

you want to delete that information we

should be able to delete it. It's not

that we give to the cloud and cloud can

do whatever they want and security

should be there. Whatever data is being

used it should be secure. It should not

be applicable to everything and everyone

it will become public like that it

should not happen. And uh we have some

tools privacy impact assessment tools

that will be carried out that should be

carried out in all websites to ensure

that whatever the data is being used is