Chuyển đến nội dung chính

What is Cloud computing security?

Cloud computing security is the set of control-based technologies and policies designed to adhere to regulatory compliance rules and protect information, data applications and infrastructure associated with cloud computing use.



Cloud computing security or, more simply, cloud security is an evolving sub-domain of computer security, network security, and, more broadly, information security. It refers to a broad set of policies, technologies, and controls deployed to protect data, applications, and the associated infrastructure of cloud computing.

SECURITY ISSUES ASSOCIATED WITH THE CLOUD
Cloud computing and storage solutions provide users and enterprises with various capabilities to store and process their data in third-party data centers. Organizations use the Cloud in a variety of different service models (SaaS, PaaS, and IaaS) and deployment models (Private, Public, Hybrid, and Community). There are a number of security concerns associated with cloud computing. These issues fall into two broad categories: security issues faced by cloud providers (organizations providing software-, platform-, or infrastructure-as-a-service via the cloud) and security issues faced by their customers (companies or organizations who host applications or store data on the cloud). The responsibility is shared, however. The provider must ensure that their infrastructure is secure and that their clients’ data and applications are protected, while the user must take measures to fortify their application and use strong passwords and authentication measures.

When an organization elects to store data or host applications on the public cloud, it loses its ability to have physical access to the servers hosting its information. As a result, potentially sensitive data is at risk from insider attacks. According to a recent Cloud Security Alliance Report, insider attacks are the sixth biggest threat in cloud computing. Therefore, Cloud Service providers must ensure that thorough background checks are conducted for employees who have physical access to the servers in the data center. Additionally, data centers must be frequently monitored for suspicious activity.

In order to conserve resources, cut costs, and maintain efficiency, Cloud Service Providers often store more than one customer's data on the same server. As a result, there is a chance that one user's private data can be viewed by other users (possibly even competitors). To handle such sensitive situations, cloud service providers should ensure proper data isolation and logical storage segregation.

The extensive use of virtualization in implementing cloud infrastructure brings unique security concerns for customers or tenants of a public cloud service. Virtualization alters the relationship between the OS and underlying hardware - be it computing, storage or even networking. This introduces an additional layer - virtualization - that itself must be properly configured, managed and secured. Specific concerns include the potential to compromise the virtualization software, or "hypervisor". While these concerns are largely theoretical, they do exist. For example, a breach in the administrator workstation with the management software of the virtualization software can cause the whole datacenter to go down or be reconfigured to an attacker's liking.

CLOUD SECURITY CONTROLS
Cloud security architecture is effective only if the correct defensive implementations are in place. An efficient cloud security architecture should recognize the issues that will arise with security management. The security management addresses these issues with security controls. These controls are put in place to safeguard any weaknesses in the system and reduce the effect of an attack. While there are many types of controls behind a cloud security architecture, they can usually be found in one of the following categories:

Deterrent controls
These controls are intended to reduce attacks on a cloud system. Much like a warning sign on a fence or a property, deterrent controls typically reduce the threat level by informing potential attackers that there will be adverse consequences for them if they proceed. (Some consider them a subset of preventive controls.)

Preventive controls
Preventive controls strengthen the system against incidents, generally by reducing if not actually eliminating vulnerabilities. Strong authentication of cloud users, for instance, makes it less likely that unauthorized users can access cloud systems, and more likely that cloud users are positively identified.

Detective controls
Detective controls are intended to detect and react appropriately to any incidents that occur. In the event of an attack, a detective control will signal the preventative or corrective controls to address the issue. System and network security monitoring, including intrusion detection and prevention arrangements, are typically employed to detect attacks on cloud systems and the supporting communications infrastructure.

Corrective controls
Corrective controls reduce the consequences of an incident, normally by limiting the damage. They come into effect during or after an incident. Restoring system backups in order to rebuild a compromised system is an example of a corrective control.

DIMENSIONS OF CLOUD SECURITY
It is generally recommended that information security controls be selected and implemented according and in proportion to the risks, typically by assessing the threats, vulnerabilities and impacts. Cloud security concerns can be grouped in various ways; Gartner named seven[9] while the Cloud Security Alliance identified fourteen areas of concern. Cloud Application Security Brokers (CASB) are used to add additional security to cloud services.

SECURITY AND PRIVACY
Identity management 
Every enterprise will have its own identity management system to control access to information and computing resources. Cloud providers either integrate the customer’s identity management system into their own infrastructure, using federation or SSO technology, or a biometric-based identification system,[1] or provide an identity management solution of their own. CloudID, for instance, provides a privacy-preserving cloud-based and cross-enterprise biometric identification solutions for this problem. It links the confidential information of the users to their biometrics and stores it in an encrypted fashion. Making use of a searchable encryption technique, biometric identification is performed in encrypted domain to make sure that the cloud provider or potential attackers do not gain access to any sensitive data or even the contents of the individual queries.

Physical security 
Cloud service providers physically secure the IT hardware (servers, routers, cables etc.) against unauthorized access, interference, theft, fires, floods etc. and ensure that essential supplies (such as electricity) are sufficiently robust to minimize the possibility of disruption. This is normally achieved by serving cloud applications from 'world-class' (i.e. professionally specified, designed, constructed, managed, monitored and maintained) data centers.

Personnel security 
Various information security concerns relating to the IT and other professionals associated with cloud services are typically handled through pre-, para- and post-employment activities such as security screening potential recruits, security awareness and training programs, proactive.

Privacy 
Providers ensure that all critical data (credit card numbers, for example) are masked or encrypted and that only authorized users have access to data in its entirety. Moreover, digital identities and credentials must be protected as should any data that the provider collects or produces about customer activity in the cloud.

DATA SECURITY
There are a number of security threats associated with cloud data services, not only covering traditional security threats, e.g., network eavesdropping, illegal invasion, and denial of service attacks, but also including specific cloud computing threats, e.g., side channel attacks, virtualization vulnerabilities, and abuse of cloud services. To throttle the threats the following security requirements are to be met in a cloud data service.

Data Confidentiality
Data confidentiality is the property that data contents are not made available or disclosed to illegal users. Outsourced data is stored in a cloud and out of the owners' direct control. Only authorized users can access the sensitive data while others, including CSPs, should not gain any information of the data. Meanwhile, data owners expect to fully utilize cloud data services, e.g., data search, data computation, and data sharing, without the leakage of the data contents to CSPs or other adversaries.

Data Access Controllability
Access controllability means that a data owner can perform the selective restriction of access to his data outsourced to cloud. Legal users can be authorized by the owner to access the data, while others can not access it without permissions. Further, it is desirable to enforce fine-grained access control to the outsourced data, i.e., different users should be granted different access privileges with regard to different data pieces. The access authorization must be controlled only by the owner in untrusted cloud environments.

Data Integrity
Data integrity demands maintaining and assuring the accuracy and completeness of data. A data owner always expects that his data in a cloud can be stored correctly and trustworthily. It means that the data should not be illegally tampered, improperly modified, deliberately deleted, or maliciously fabricated. If any undesirable operations corrupt or delete the data, the owner should be able to detect the corruption or loss. Further, when a portion of the outsourced data is corrupted or lost, it can still be retrieved by the data users.

Tự Học tiếng Anh Giao Tiếp

Tự Học tiếng Anh Giao Tiếp
Những video tự học tiếng Anh giao tiếp đơn giản dễ thuộc

Bài đăng phổ biến từ blog này

Vì sao xác con tàu huyền thoại Titanic vẫn chưa được trục vớt?

Việc khôi phục lại di tích từ các thảm kịch của lịch sử không phải lúc nào cũng dễ dàng, và đó chính là trường hợp của việc trục vớt xác con tàu huyền thoại Titanic. Tháng 9/1985, đoàn thám hiểm chung giữa Mỹ và Pháp đã xác định vị trí xác tàu Titanic nằm dưới đáy đại dương ở độ sâu khoảng 3900m. Tìm thấy xác tàu dưới đáy đại dương sau 73 năm Đống đổ nát dưới đáy đại dương không được phát hiện trong nhiều thập kỷ cho đến năm 1985. Vào tháng 9/1985, nhà hải dương học Robert Ballard muốn thử nghiệm tàu ​​ngầm robot, một loại công nghệ mới sẽ được sử dụng để tìm kiếm tàu ​​chiến và tàu ngầm bị chìm. Ông yêu cầu Hải quân Mỹ cho phép ông thử xác định vị trí Titanic bằng công nghệ mới này và đã được cấp phép để tiến hành. Ngày 1/9/1985, một đoàn thám hiểm chung giữa Mỹ và Pháp đã xác định vị trí xác tàu Titanic Chỉ sau hai tuần tìm kiếm ở độ sâu 12.500m dưới mặt nước, nhóm các nhà khoa học do Robert Ballard dẫn đầu đã xác định vị trí xác con tàu ở độ sâu hơn 3.900m dưới bề mặt Đại Tây Dương,...

Google xóa rào cản ngôn ngữ với cuộc gọi dịch giọng nói sống động như thật

Trong bối cảnh thế giới ngày càng kết nối, rào cản ngôn ngữ vẫn là một trong những thách thức lớn đối với giao tiếp toàn cầu. Với hơn 7.000 ngôn ngữ được sử dụng trên toàn thế giới, việc giao tiếp hiệu quả giữa những người nói các ngôn ngữ khác nhau không phải lúc nào cũng dễ dàng. Tuy nhiên, tại sự kiện Google I/O 2025 diễn ra vào ngày 21/5/2025, Google đã công bố một bước tiến công nghệ mang tính đột phá: tính năng dịch giọng nói trực tiếp trong cuộc gọi. Tính năng này không chỉ hứa hẹn xóa bỏ rào cản ngôn ngữ mà còn mang lại trải nghiệm giao tiếp tự nhiên, gần gũi và liền mạch hơn bao giờ hết. Bài viết này sẽ phân tích chi tiết về công nghệ mới của Google, những ứng dụng tiềm năng và tác động mà nó có thể mang lại cho đời sống và công việc. Công nghệ dịch giọng nói trực tiếp: một bước đột phá Tính năng dịch giọng nói trực tiếp được giới thiệu bởi CEO Google Sundar Pichai tại Google I/O 2025, được mô tả như một “bước đột phá công nghệ” giúp phá vỡ rào cản ngôn ngữ. Khác biệt hoàn toà...

Hiện tượng "nửa nạc nửa mỡ" trong ngôn ngữ giới trẻ: Góc nhìn và suy ngẫm

Trong bối cảnh hội nhập toàn cầu, ngôn ngữ của giới trẻ đang chứng kiến một sự thay đổi đáng kể, nổi bật nhất là xu hướng sử dụng ngôn ngữ “nửa nạc nửa mỡ” – cách nói pha trộn giữa tiếng Việt và tiếng Anh. Những câu nói như “Có ok hay không thì mày nhớ confirm cho người ta nha” hay “Deadline gần kề rồi, mày finish cái project đi nha!”  đã trở thành một phần quen thuộc trong giao tiếp hàng ngày của giới trẻ, đặc biệt ở các đô thị lớn. Hiện tượng này không chỉ phản ánh sự sáng tạo và năng động của thế hệ trẻ mà còn đặt ra những câu hỏi về việc bảo vệ sự trong sáng của tiếng Việt và hiệu quả giao tiếp trong bối cảnh văn hóa đa dạng.     Ngôn ngữ “nửa nạc nửa mỡ” không phải là một hiện tượng mới mẻ. Từ hàng chục năm trước, nó đã manh nha xuất hiện trong các bài hát nhạc trẻ. Trào lưu này không chỉ dừng ở âm nhạc mà còn lan sang nghệ danh của các nghệ sĩ, tạo nên một làn sóng “Tây hóa” trong cách đặt tên và giao tiếp. Những cách dùng từ này nhanh chóng được giới trẻ đón ...

Some of the best muscle cars to ever tear up the tarmac

1964 Pontiac GTO The original 1960s muscle car, the Pontiac GTO had amazing performance for its day 1964 Pontiac GTO The Pontiac GTO is widely acknowledged as the car that really kicked off the 1960s Muscle Car era. It was initially offered as an optional package on the mid-size Pontiac Tempest and was the first truly mass-market high performance model to follow the big displacement engine route, using a tuned 389 cubic inch (6.4-litre) V8 engine in place of the entry-level Tempest’s 140bhp six. 1970 Chevrolet Chevelle SS 454 The Chevelle Super Sport was Chevrolet's 60s muscle car monster 1970 Chevrolet Chevelle SS 454 Chevrolet’s first foray into the Muscle Car world was with the Chevelle Super Sport (or SS) introduced in 1964. Early in its life it was significantly out-gunned by the Pontiac GTO, but it wasn’t long before Chevy started turning up the wick. By 1970, the Chevelle SS had reached its most outrageous specification, with a huge 454 cubic inch (7.5-litre) big block V8 th...

The first robot to paint like an artist

Gripping the brush, Ai-Da's robot arm moves slowly but accurately, dipping into the palette one by one, then sketching the lines on the paper. Ai-Da (centre) is painting a guest portrait. Photo: Guardian In her small London room, Ai-Da glued her eyes to every stroke, with the same attention as the average person. Unlike robots that rely on available paintings, Ai-Da chooses and makes decisions for each stroke to produce works. This robot spends an average of 5 hours on each picture, no two pictures are alike. "Ai-Da is an intellectual and groundbreaking tool," said Aidan Meller, head of the robotics team. "We spent a lot of time and money creating a smart painter." Ai-Da started showing off its painting abilities last year, but new enhancements allow the robot to think at a higher level thanks to an upgraded AI algorithm. According to Meller, machines like Ai-Da change the way people envision robots. Now, there is no longer the question "can robots create a...

Chevrolet Impala

The 1959 Chevrolet Impala was redesigned. Sharing bodyshells with lower-end Buicks and Oldsmobiles as well as with Pontiac, part of a GM economy move, the Chevrolet's wheelbase 1-1/2 inches longer. Using a new X-frame chassis, the roof line was three inches lower, bodies were two inches wider, and curb weight increased. Its tailfins protruded outward, rather than upward. The taillights were a large "teardrop" design at each side, and two slim-wide nonfunctional front air intake scoops were added just above the grille. 1959 Chevrolet Impala 4-Door Sedan The Impala became a separate series, adding a four-door hardtop and four-door sedan, to the two-door Sport Coupe and convertible. Sport Coupes featured a shortened roof line and wrap-over back window. The standard engine was an I6, while the base V8 was the carryover 283 cu in (4,640 cc), at 185 hp (138 kW). Optional were a 283 cu in with 290 hp (220 kW) and 348 cu in (5,700 cc) V8 up to 315 hp (235 kW). Standard were front...

The ten Iconic American Muscle Cars That Defined Power And Performance

Some of the most iconic muscle cars of all time had extremely limited production numbers and can sell for 6 figures or even 7 figures in some extreme cases. Many collectors are willing to pay such exorbitant price tags for outstanding condition vehicles with original factory parts and matching serial numbers because these models literally defined what many see as the greatest era of American muscle cars. With that in mind, the American scene really started to take off with iconic muscle cars from the 1960s leading to what many would call the most iconic muscle cars ever made in the 1970s. 1970 Dodge Challenger R/T - 425 HP, 0-60 MPH In 5.4 Seconds The 1970 Dodge Challenger R/T had 4 engine options: the 383 Magnum, 440 Magnum, 440 Six Pack, and 426 Hemi. The 426 Hemi V8 engine put out 425 hp and 490 ft-lbs of torque which was more than enough to get the adrenaline pumping. The R/T only options included a Rallye instrument cluster which consisted of a 150 MPH speedo, 8,000 rpm tach, and ...