Thursday, October 24, 2019

Cloud Computing Essay -- Technology, Cyber Criminals

â€Æ' Introduction Over the past several years the term cloud computing has become common in homes and organizations alike. Cloud computing can be defined as a pooled set of computing resources that are furnished via the internet. There are three types of cloud services typically available, these services are Platform as a Service (PaaS), Infrastructure as a Service (IaaS), and Software as a Service (SaaS). Organizations can benefit greatly from cloud services because they eliminate the need to buy and manage physical resources. Although such an action cuts cost it leaves organization victim to the vulnerabilities and threats that exist in cloud computing. Throughout this paper I will discuss the vulnerabilities and threats that come along with the adoption of cloud computing. In addition, I will discuss standards and policies that effectively manage the risk associated with cloud computing. Threats & Vulnerabilities The abuse and nefarious use of cloud computing is a threat to any organization that takes advantage of cloud services. Most providers of cloud services make it all too easy for cyber criminals to register for service, all that is need to register for service with many providers is a valid credit card (Cloud Security Alliance, 2011). In addition to the ease of registration providers offer free trials of their services allowing attacker to carry out attacks covertly on cloud services. By gaining such access cyber criminals can deploy malicious code, abuse known exploits, and send spam messages to those that are sharing the same resources. Organizations are aware that threats can be internal as well as external, those that provide cloud services are no exception. The people who the service providers employ can pose... ...ncy use(CIO, 2011). FedRAMP is not alone in the effort to create standards regarding cloud computing. The National Institute of Standards & Technology (NIST) has published two draft publications specifically related to cloud computing. The first document, Special Publication 800-145 (Draft), has been created provide the NIST definition of cloud computing. The NIST has defined as the following: â€Å"Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.† (NIST, 2011)

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.