Cloud Security Deep Dive

Cloud Computing Security II

Estimated read time: 1:20

    Summary

    In this continuation of the cloud security series, the focus is on understanding security paradigms unique to cloud computing. The lecture initially revisits fundamental security components and threats, aligning them contextually within cloud environments. The nuances of cloud's elasticity, on-demand provisioning, and pay-as-you-go models introduce specific security challenges. Despite the economic benefits, many organizations hesitate to adopt cloud infrastructures due to data confidentiality, integrity, availability, and additional attack vectors unique to the cloud. The discussion covers several security models like IaaS, PaaS, and SaaS, emphasizing the complexities of potential threats such as co-tenancy, hypervisor vulnerabilities, and data management across different jurisdictions. Trust between providers and consumers is crucial, with Gartner's identified risks serving as a framework for understanding persistent issues in cloud security.

      Highlights

      • Cloud's elasticity and economic benefits clash with security hesitations. 🎭
      • Traditional security concerns like confidentiality and integrity persist in the cloud. 🔍
      • Gartner points out seven risk areas in cloud security, still relevant today. 🧩
      • Hypervisors and co-tenancy present unique vulnerabilities in cloud systems. 🤔
      • Choosing a cloud provider involves navigating trust and compliance issues. 🤝

      Key Takeaways

      • Cloud computing offers economic benefits but poses unique security challenges. ⚡
      • Key security concerns include data confidentiality, integrity, and availability. 🔒
      • IaaS, PaaS, and SaaS models transfer different security responsibilities between providers and consumers. 🎭
      • Co-tenancy and hypervisor vulnerabilities are significant threats in cloud environments. ⚠️
      • Trust and legal issues complicate data management across jurisdictions. 🌎

      Overview

      Welcome to another engaging journey into cloud security. In this session, we delve into how traditional security concepts adapt (or don't) in the sprawling universe of cloud computing. While elasticity and scalability make cloud appealing to businesses, these same features open new avenues for concerns regarding security, confidentiality, and data integrity. Why is everyone not diving into the clouds? Because the fears of security loopholes still loom large!

        Get ready to dissect the intricacies of cloud service models like IaaS, PaaS, and SaaS. Each model shifts the security burden differently between providers and consumers, leaving many at a crossroads on how best to protect their data. And then there's the drama of hypervisor vulnerabilities and the eerie concept of co-tenancy—where your data neighbors might not be as friendly as you'd hope. These intricate layers of security have their unique quirks and challenges, demanding more than traditional solutions.

          We also navigate the murky waters of trust, privacy laws, and the global dance of data jurisdiction with a big fat nod to Gartner's cloud security risks. Understanding these key vulnerabilities framed by Gartner helps businesses weigh their options and cautiously wade into cloud partnerships. If your head's spinning with questions on trust metrics and vendor lock-in, you're not alone—welcome to the labyrinth that is cloud security!

            Chapters

            • 00:00 - 01:00: Introduction to Cloud Computing Security The chapter begins with a brief welcome to the cloud computing lecture series. The focus is on cloud security, as the discussion continues into more detailed aspects of security in cloud environments.
            • 01:00 - 02:30: Security Challenges in Cloud The chapter 'Security Challenges in Cloud' discusses various aspects of security from a cloud perspective. It builds upon previous lectures, highlighting key security components and concepts. The chapter delves into threats, policy issues, and trust assumptions associated with cloud environments.
            • 02:30 - 04:30: Cloud Characteristics and Security Significance This chapter discusses the unique characteristics of cloud computing and the significance of security in cloud environments. It highlights that every information system, including cloud systems, carries certain risks and these must be thoroughly reviewed. The chapter mentions that while cloud systems share common risks with other information systems, they also possess additional unique characteristics that necessitate a heightened focus on security.
            • 04:30 - 07:00: Economic Advantages vs Security Concerns This chapter discusses the fundamental concept of cloud computing, emphasizing its resource elasticity and scalability. Cloud resources, which include computing power, memory, and more, can be adjusted according to demand, allowing for dynamic scaling both upwards and downwards.
            • 07:00 - 10:00: Traditional vs Cloud Security Threats The chapter 'Traditional vs Cloud Security Threats' discusses the concept of cloud computing, emphasizing its key characteristics such as infinite and elastic resource scalability. It highlights on-demand, just-in-time provisioning, allowing users to access resources when needed. The chapter also covers the metered service model, where users pay for what they use, reflecting the flexible nature of cloud resources. The transcript introduces the basics of these cloud computing advantages in contrast to traditional security threats.
            • 10:00 - 12:30: Co-tenancy and Lack of Control The chapter discusses the challenges and reluctance organizations face when considering moving fully to the cloud. This is primarily due to security concerns and the need for appropriate policies. The concept of co-tenancy and lack of control is highlighted as a significant barrier to cloud adoption.
            • 12:30 - 15:00: Service Models and Security Responsibilities The chapter titled 'Service Models and Security Responsibilities' discusses the economic benefits of cloud computing, emphasizing its cost-effectiveness for consumers. Consumers only need to pay for what they use, allowing for scalability without upfront costs. It highlights the flexibility that cloud services offer, permitting users to utilize as much or as little as they need, aiming to underline the overall philosophy and advantages of cloud computing.
            • 18:00 - 21:00: Hypervisor and Virtualization Risks The chapter discusses the concept of hypervisor and virtualization in cloud computing, addressing the increased utilization of data center resources. It highlights the benefits, suggesting it is a win-win situation for cloud adoption. However, it also points out that cloud environments, despite their advantages, are still vulnerable to traditional data confidentiality, integrity, availability, and privacy issues, as well as additional attacks specific to the cloud context.
            • 21:00 - 24:00: Access Control and Identity Management Challenges The chapter delves into the challenges associated with access control and identity management, particularly in the context of cloud computing. It highlights why, despite both providers and consumers often being satisfied with cloud solutions, there are still significant concerns that impede immediate and widespread adoption. These concerns revolve around data confidentiality, integrity, availability, and privacy. Furthermore, the chapter notes that there are additional challenges specific to cloud environments, such as those documented by the IDC enterprise panel in 2008.
            • 24:00 - 27:00: Data Lifecycle Management The chapter 'Data Lifecycle Management' addresses major challenges including security, performance, and availability. Security remains a top concern, not necessarily due to a lack of security, but possibly due to challenges in precisely defining security measures.
            • 15:00 - 18:00: Gartner's Cloud Security Risk Parameters The chapter discusses the barriers to adopting cloud services, highlighting security as a significant concern. A survey mentioned in the chapter indicates that a lack of trust and confidence in cloud systems and providers is a key issue. The chapter also points out new security threats that emerge with cloud technology.
            • 27:00 - 30:00: Inter-Cloud Communication Challenges This chapter discusses the challenges associated with inter-cloud communication, particularly focusing on the security aspects. Traditional security systems primarily aim to prevent unauthorized access by keeping attackers out. Using the analogy of securing IIT Kharagpur as an enterprise network, the chapter highlights the importance of having robust mechanisms to prevent both external and internal attackers from compromising the system. Key methods to achieve this include ensuring strong authentication, implementing effective access control systems, and preventing impersonation of legitimate users.
            • 30:00 - 31:30: Trust and Provider Selection Considerations This chapter discusses the concept of trust and considerations for selecting providers in the context of cloud services. It highlights how users voluntarily offer their data to cloud service providers, leading to co-tenancy where multiple independent users share the same physical infrastructure. It brings forward the importance of understanding the shared infrastructure dynamic when considering which provider to trust and select for cloud services.
            • 31:30 - 34:30: Conclusion and Wrap-up Discussion on potential security risks in shared infrastructure environments, where an attacker can legitimately share the same physical machine as the target, posing a challenge to the integrity and security of data and applications. Concerns regarding user control over their data and applications when hosted on a service provider's premises, highlighting issues of reduced control.

            Cloud Computing Security II Transcription

            • 00:00 - 00:30 hi so ah welcome to this cloud computing ah lecture series ah today we will be uh discussing we will be continuing our discussion on cloud security ah so we will more ah now try to
            • 00:30 - 01:00 look at thus security with respect to more with respect to ah um cloud ah perspective so as we have seen in our ah last ah lecture that ah the security ah has different aspects right like one is that security concepts ah or security components other part is the threats there are issues of policies mechanisms there are ah ah issues of trust assumptions and
            • 01:00 - 01:30 those or risk so all those things are ah need to be ah [loot/looked] looked into when we are review on to implement the things so as as it is as as we have to as we have seen or discussed that ah these these are manifested in any type of information system in including cloud so but cloud has different other some few more characteristics right so we will try to see that what are the different characteristics and why this security becomes the important
            • 01:30 - 02:00 component when we talk about cloud computing so as ah if we try to boil down ah cloud to ah to a very simplistic are what we do one part is it is a resource elastic resource scalability right you can go up and go down in your resources and resources can be ah anything right it is [stu/studying] studying from computing power to memory to any type
            • 02:00 - 02:30 of a ah network resources bandwidth and so on so it is infinite and elastic resource scalability theoretically another thing is on demand just in time provisioning if i require it should be on demand just in time provisioning should be there there is another important aspect thirdly it should be no its should be in a model what we say pay a metered service right pay as you go model right as as you use or as you go model right so when a what a i pay for the things that means the resources are being acquired released escalated skill
            • 02:30 - 03:00 down as path the ways of the things this whole paradigm of security need to be ah over around these type of these policies right so that becomes a serious challenge and for that that number of organisation are not are little reluctant in going to the fully cloud even
            • 03:00 - 03:30 that is economically at times beneficial right so use as much as you ah use as much or as less as you need use only when want and pay only what you use this is the whole ah philosophy of going towards that right so if if we already you have seen but just to have a quick ah loop economic advantage of cloud computing for the consumer no upfront cost can scale
            • 03:30 - 04:00 uses as as and when required minimize that of course for provider increased utilization of the data centre resources so provider has a huge volume of resources and that has a increase utilization of the resources is the one of the ah major aspects so if it is win win situation why not everybody is using cloud right so one of the major thing is that cloud are still subject to traditional data confidentiality integrity availability privacy issues plus some additional attacks right so this is a
            • 04:00 - 04:30 serious concern that any state so if it is ah if the provider is happy if the consumer is happy why not the things everything a going to cloud immediately because of this type of scenario because of saas scenario of that ah there are issues of data confidentiality integrity availability privacy etcetera plus some additional cloud related things if we look some references that idc inter price panel in two thousand eight they say
            • 04:30 - 05:00 that the major ah challenges or issue is the security right then the performance then availability and so and so forth right so this is a from their survey it has been seen that the security still at the top level when you look at the challenges and issues in the things it is not like that is insecure it is like at i am not able to define it is not only insecurity that thing but also i failed to defined the things which we are define in more precisely
            • 05:00 - 05:30 there or i am not having that much trust or confidence on systems or the providers so similarly [serve/survey] survey on potential cloud barriers that also say that what what we is blocking that going to the things is also that you look at it is a security plays a ah major role here so ah what ah this may new threats come into play here one is the
            • 05:30 - 06:00 traditional systems security mostly keeps means keeping attackers out right so if i say that iit kharagpur need to be secured as a enterprise with this network and i have a very very very strong ah so that the attackers are out i have different mechanism to keep my internal attackers also out right maybe so that but my concern is that how to keep these attackers out is the thing the attacker needs to either compromise the authentication or access control system or impersonate existing user in order to do that whereas in [cat/case]
            • 06:00 - 06:30 case of cloud i voluntarily the provide consumer or the ah user voluntarily gives keep their data services etcetera at the ah providers place that means ah it is by by nature it is co tenancy is there so it is cotenant so multiple impendent users share the same physical infrastructure so i know that the infrastructure i am sharing
            • 06:30 - 07:00 my some attacker or some other parties also sharing the infrastructure so attacker can legitimately use the same physical machine as the target it is not like that digit into or for into the things it can legitimately use customers lack of control over his own data and application right it is on the ah premises of the service provider so it is [la/less] less control or lack ah of control over the the services applications
            • 07:00 - 07:30 and there can be reputation fate sharing right it is a what we say that i if ah if as i go together as we go together so i share the fate of each other right so that is also ah there is also a challenge so these are the things if you see ah co tenancy lack of control reputation fate sharing these are the things which are not there in that a big way in case of a traditional things traditional security measures and this becomes a new way of looking
            • 07:30 - 08:00 at the security in some cases now if we look at the different three prominent ah service model iaas paas and saas so ah in case of the iaas the infrastructure why is the provider is there rest of the thing is the responsibility of the ah consumer so that means the increase providers responsibility is whenever i go to iaas paas to saas right
            • 08:00 - 08:30 the provider has more responsibility or in other sense if i if i have the increase consumer responsibility so the when it goes the iaas it is the maximum right so uh it it it so whenever somebody is taking iaas paas etcetera this one is definitely need the organizational of the individual need along with that need to look at that the type of security aspects now we need to need to ah deploy on my system now to ah typical scenario whatever we are
            • 08:30 - 09:00 discussing is one is that in case of private cloud say organisational cloud say iit kharagpur cloud so it has three business you need business a business b and business c and there is a chance that i ah the business a is sharing one of the vms of the ah in the data centre or the ah infrastructure where the business b is there where the c is isolated so this type of scenarios are there so that means the services or data are are residing
            • 09:00 - 09:30 on one physical or one or in the physical systems right whereas in case of a public ah similarly for a public cloud i can have different customer who are sharing the same infrastructure and there is a there is a possibility of a channel of ah communication between the things it can be thing the vmm if might having compromised or ah there are some ah attack on though those things which are ah there so these are the there can be different type
            • 09:30 - 10:00 of things which is beyond a control of the consumer consumer do not have or the ah cloud service consumer or the user do not ah users do not have any control over this or not much control over this other other than ah basically relying on the slas and the how the reporting of the providers are there so gartner ah ah have seven ah cloud computing
            • 10:00 - 10:30 security risk parameters right so there is a gartner seven points things so rather gartners ah cloud computing according gartner has a unique attributes that ah require risk assessment in areas such as data integrity recovery and privacy and evaluation of legal issues in the areas the of e discovery regulatory compliance and type of things right so these are five ah securities which gartner point out in a report that is the one is privileged user
            • 10:30 - 11:00 access that is one ah securities regularity compliance and audit is another thing data location where the data is located with why whether i how much control i am having data segregation is another problem recovery mechanisms investigative support like if i want to do some post mortem type of things then how much investigated support what i am having and long term viability right so there is a there is a chance of vender locking then that will
            • 11:00 - 11:30 see that how that long and viability will be there so if we look at user privileged access sensitive data process outside enterprise brings with it an inherent level risk right any sensitive data which is beyond going beyond your premise as a risk into the things outsourced services bypass the physical logical and personnel controls right which is there if you are doing those of traditionally in house deployment so all these traditional in house deployments we have we bypass this so like a gartner says
            • 11:30 - 12:00 that ask providers to supplies specific information on hiring and oversight of privileged administrator and controls over their access so that is ah re ah there but as such i ah a organization may feel insecure that while will it loses ah its number of controls to the ah provider next is the regulatory compliance and audit like ah traditional services are subject to
            • 12:00 - 12:30 external audits and security ah certificatiosn right so so our traditionally in house services are there computing cloud computing provider who refuse to undergo a scrutiny signalling that the customer can only use them for the most ah trivial functions etcetera so in case of a cloud computing providers this type of things making audit etcetera become a tricky things right so because your data is there but you dont have the control over the infrastructure
            • 12:30 - 13:00 so making the audit successful or compliance successful whether it will be compliance of that what what the provider sends or what the provider supposed to do it or your compliance and things are like that so though the sla tries to address this is but still there is a ah there are ah risk or ah um what we say ah security loopholes ah there so ah there are usually no customer side audit facility difficult to audit data held outside
            • 13:00 - 13:30 organisation in a cloud trusted third party auditor maybe a thing then again how this auditor will be there and said that there is another question data location is a major ah major issue right where ah i share the data in the things where my data are hosted i i dont have any clue whether in this country or outside country whether these jurisdiction of our ah own country or not or etcetera we dont wont state it and either types of things up we dont have think so that becomes a major issue data centres
            • 13:30 - 14:00 ah located at graphically dispersed location different jurisdictions and regulations and legal implications these has different legal implications like say held data they keep of protected in uas or other some other countries but we we dont have ah we have a different type of things here and that it creates a problem that if are the data is store there that whose whose law will prevail on the thing data segregation is another ah issue another
            • 14:00 - 14:30 which a pointed out by gartner the data in the cloud is typically in a shared environment alongside data from other end customers right encryption effective but is in that cure all type of solution right find out what is done to segregate data at rest so encryption data encrypt data in transit needs to be decrypted at the time of processing another major issue right so where the key will lie at types of things so there should
            • 14:30 - 15:00 be a secure key store resource the cloud provider should provide evidence that the encryption schemes were designed and tested by experienced specialist or what is the test mechanisms and what should the encryption scheme and type of things so these are several challenges which are data segregation related things which are not there in a big way when we have used additional systems another point and what we are we are extremely concerned is the recovery right if something goes wrong what sees the recovery mechanism
            • 15:00 - 15:30 even if you dont know where the data your data is data providers is to tell you what happens to your data and services in case of a disaster if there is a ah disaster ah then or outrage then what what happened to my data right a store i in a say share data storage i store my data and if goes for some problem then what happened whether how much time it will take recovery at all whole recovery is possible or not these are the things which
            • 15:30 - 16:00 will be questioned right so there are there are two concepts if you will try to use one is the recovery point objective the maximum amount of data that will be law has to following a interruption or disaster so that is the rpo recovery point objective there is rto there is a period time period allowed for recovery that the time that is allow to ah elapse between the disaster and activation of the secondary side right
            • 16:00 - 16:30 so that that they how much time even it is recovered how long it will take so that my business process not does not get ah much affected so fault tolerance two type of things it is followed one is that ah replication that of the same thing or redundancy or ah duplication of critical components of the systems and type of things then investigative support another ah risk component as mentioned by things like ah investigation
            • 16:30 - 17:00 investigating inappropriate or illegal activity may be impossible in cloud computing like how to [in/investigate] investigate on the things especially there is not much control on the customer side so neither there is much control on monitoring the things long term viability so i leverage the things my work processes work flows or my deferent organisational processes into the cloud and i end up in a long term viability things or long term arrangement
            • 17:00 - 17:30 with the things right ask potential provider how would you get your data back if it would be in a format that would import from a replacement application etcetera so if the if if there is a from one provider to another provider then ah how the data will be there and how data can ah i can recover my data if there is the if there is a problem with the provider so when to switch cloud provider contract price increase provider
            • 17:30 - 18:00 bankruptcy provider service shutdown decrease in service quality business dispute and all those things mainly to for thus ah consumer to switch cloud providers the major is vender logging ah vender ah lock in so that with the particular provider the ah uh consumer gets locked in and it is very difficult to recover from that lock in phase
            • 18:00 - 18:30 so these are the ah major gartner ah issues ah so there are few more ah issues which are ah which are uh critical which are critical so there is one is virtualization access control and identity management application security data life ah data lifecycle management right so one is the issue of the virtualization what you have seen the virtualization is primarily
            • 18:30 - 19:00 ah done by that ah vmm or the hypervisor right so the virtualization becomes the key of this cloud computing so if i have a vm so that means it is evolved from the ah basically handled by the vmm now if the vmm is compromised or then ah then my i am in trouble even though uh even that ah different processes of the vm etcetera to some level compromise then the whole system is in trouble um so if you look at the virtualization there are two component
            • 19:00 - 19:30 one is virtual machine one at vmm or the hypervisor or virtual machine monitor as we have seen so two type of uh primarily two type of virtualization one is full virtualization vms run on the hypervisor that interacts with the hardware so that the vm is there in between hypervisor and the rest of the hardware it interacts another is a para virtualization when a vm interacts with the host os directly ah that means it penetrates to a level higher so that
            • 19:30 - 20:00 two type of things major functionality resource isolation right so what it tries to do it tries to isolate this consumer ah or the user with the rest of the ah infrastructure at the back bone and so that it it basically tries to provide difference scalable services [aware/over] over the things right so hypervisor vulnerabilities now if there is a hypervisor vulnerability that will crop in and basically put the whole whole
            • 20:00 - 20:30 system in ah trouble so shared clipboard technology transferred malicious programs from vms from from vms to the host and type of things so hypervisor vulnerability key stroke logging so one one bun one such things that some vm technologies enable logging of key stores and the screen updates to be passed across virtual virtual terminals in the single virtual machine so these are some of the properties of the things and that becomes a ah ah threat right there are hypervisor risk like ah there can
            • 20:30 - 21:00 be a rogue hypervisor rootkits initiate a rogue hypervisor and it its creates a havoc into the system hide itself from the [mo/normal] normal malware detection system create a covert channel to dump unauthorised codes right it can create even create a covert channel to um to dump with the unauthorised codes there are other hypervisor risks like that external
            • 21:00 - 21:30 modification of the hypervisor or vm [espake/escape] escape in proper configuration of the vm so there there can be other issues ah there are denial of services attacks so there are issues of threats unauthorized access to virtual resources loss of confidentiality integrity availability and these are these are the different issues of ah these are the
            • 21:30 - 22:00 different threats which are there there is a high loss of confidentially integrity availability that means what we refer to these type of cia related issues will come in to play access control is a big big ah gain as those who have ah gone through uh access control things like ah like one is that troll base access control and different type of mac dac type of things so those ah issues are there so access control similar to traditional in house it network in here also proper access control to address cia tenets of information
            • 22:00 - 22:30 security right so prevention of ah identity theft major challenge primarily privacy issues via massive data mining so that i whether i can have some learning techniques and data mining techniques to ah uh to find out the identity of the ah uh user or the cloud service consumer identity management is another challenge ah it is a challenge not only here it is a
            • 22:30 - 23:00 challenge across if [dis/any] any distributed or in type of system so identity management authenticate users and services based on credential and characteristics right so it based on ah different features said it tries to look at that ah um um that i have to authenticate the users and services so at the application level ah it is ah mostly there is cloud applications
            • 23:00 - 23:30 are web based right most of the applications are web based so similar type of attacks like injection attacks x xml ah signature element wrapping attack cross site scripting attack flooding dnas poisoning and phishing metadata like wsdls spoofing attacks so these are the different attacks which are still still prevailed in case of a ah in case of application level cloud security right so there can be insecure
            • 23:30 - 24:00 communication channel because at the application level your data is data is more uh more vulnerable right ah and that that insecure communication channel can lead to interrupts and of the services eavesdropping and so and so forth data lifecycle management so uh ah need to
            • 24:00 - 24:30 look at that over all data lifecycle so one is that your confidentiality right will the sensitive data stored on cloud remains confidential that is one major major question or major challenge we will cloud compromise leak confidential client data right fear of loss of control over the data so that is another problem will the cloud provider itself be honest and wont peek into the data that is a how much trust into the things so a trusting a provider is
            • 24:30 - 25:00 a is another ah challenge that is for of in our day to day life also if we need to uh trust ah or we need to build trust on deferent service provider so there are lot of work going on ah we will try to ah if ah time permits we will we will try to see some of the aspects of this ah how this task risk competence were together
            • 25:00 - 25:30 and we have ah um we have a ah mechanism of a more security or how can i select a more trusted provider for a particular work if if there are more than one provider for that so that is one the confidentiality another ah another aspect is the integrity how do i know that the cloud provider is doing computations correctly right so i i i do some processing
            • 25:30 - 26:00 then how do i know that it is ah things because i i push my data and process and i expect is result out of it how do i ensure that a cloud provider really stored my data without tempering it so how do i ensure that right availability with critical system go down at the client if the provider is attacked in a denial of service attack right so this is another availability with the critical system go down at the ah client
            • 26:00 - 26:30 if the provider is at attacked in a denial if there is a dos type of a attack on the provider end what will happen to my things right if that a even if the cloud provider goes out of business what will happen to my data and processes so these are ah very tricky issues and extremely difficult to address ah this ah this type of challenges data locations as we have seen if we look at the data ah uh ah lifecycle data location all copies beck
            • 26:30 - 27:00 up stored only at location allowed by the contract sla or regulation etcetera right so ah where the data are located which which extension etcetera we dont have much control over the things then archive access latency these are the different other ah issues which are which are there in this type of scenarios so if we if we look at holistically that the overall ah cloud aspects so one major problem is co ah tenancy that means you are your data
            • 27:00 - 27:30 processes are residing on the same system another ah issue what we have seen that ah which is which is making it different from the traditional thing another issue is your data is located in somewhere where i dont have any control over the things data even my application function processes are located in the premises where i dont have much control
            • 27:30 - 28:00 other than looking at the slas and type of things so this is another ah major challenge of ah handling those type of a scenarios there are the other tricky issues which come up because if if [we/where] where if if there are inter cloud communication then the issues are become more tricky like a a process at ah cloud one communicating to the cloud two communicating to the cloud three and so forth in doing so whether it is able to again that
            • 28:00 - 28:30 ah it is coming back to the originating cloud in doing so is it possible that i can there is a possibility or there is a chance that i violate the basic principle of ah access control like i am i am able to access a data which are otherwise i am not able to access it right so this is ah major ah challenge when there is a inter cloud communication things right so there is way that can be very much true
            • 28:30 - 29:00 because you are ah you have different provider consumers and a provider can be consumer for some other services and so on and so forth so that is another ah issues and there are other underlining threats like what will happen if the vm vmm is compromised if the hypervisor is compromised then likely that all the vms can be compromised right or all the vms are in a spin like which vm is up or down etcetera whether it is functioning properly or not
            • 29:00 - 29:30 we dont have any control so there are underlining ah challenges at the at the ah highest level itself so these are the which need to be ah access and finally when selecting ah cloud providers or things how can i trust each other right how whether the sla in the things or i if i have more than one providers for a things whether there is a possibility or whether there is a mechanism that i can know that this is these are the
            • 29:30 - 30:00 [dif/different] different trust etcetera so the trust competence risk also plays a ah uh serious role into the things in in ah looking at all these aspects we see that the cloud ah is ah this cloud security or the security issues in cloud plays a extremely vital role in making this cloud computing popular other than coming this ah coming that
            • 30:00 - 30:30 resource availability and other type of ah pros ah benefits of traditional ah versus cloud etcetera this security issues ah become a major bottleneck going from ah say traditional to the cloud computing things so uh with this we will ah wrap up our todays lecture and in the subsequent lecture ah we will see that other aspects of cloud thank you