Hello, Your Research Project is due this week. It must consist of: 1. Five source annotated bibliography 2. Slide presentation with 12 or more slides 3. Summary or Abstract containing at least 750 wor

Hello,

Your Research Project is due this week. It must consist of:

1. Five source annotated bibliography

2. Slide presentation with 12 or more slides

3. Summary or Abstract containing at least 750 words.

Below is the Topic I selected and submitted as a proposal and got approved by professor.

Vulnerability and Risk assessment:

Cloud computing is an effective delivery model to provide services. It is not a new technology but uses information to deliver services using existing technologies. Vaquero (2009) “Clouds are a large pool of easily usable and accessible virtualized resources (such as hardware, development platforms and/or services). These resources can be dynamically re-configured to adjust to a variable load (scale), allowing also for optimum resource utilization. This pool of resources is typically exploited by a pay-per-use model in which guarantees are offered by the infrastructure Provider by means of customized SLAs”.

When the organizations using the cloud services there are a considerable number of vulnerabilities and risks involved that needs to be assessed and managed to continue using the services without any interruption.

“Vulnerability” refers to a software, hardware, or procedural weakness that may provide an attacker the open door to enter a computer or network and have unauthorized access to resources, within the environment. Vulnerability characterizes the absence or weakness of a safeguard that could be exploited. This vulnerability may be a service running on a server, unpatched applications or operating system software, or an unsecured physical entrance (Kamal, 2011).

A risk is the negative impact on the systems in terms of data storage, data theft by the malicious intruders. The level of risk can be varied based on the type of cloud architecture that is being used. A cloud customer or user can transfer the risk to the cloud services provider and consider it in the cost benefit that’s being received from the services. However, all the risks can’t be transferred to the cloud provider for example if the risk occurred due to the failure of the business then cloud provider or any other third party can’t mitigate the damage or can compensate the expenses for this.

There is a level of risk involved in allocating resources to all the participating firms when using cloud as it is a more demanding service and resources are allocated based on the statistical projections. There are resource allocation algorithms that are used for resource allocation purpose and these are vulnerable to distortions of fairness. There are risks of service being unavailable when a particular application uses a specific resource very intensively. When the service provider is not able to meet, due to this economic and reputational loss can occur to the cloud provider. There are risks when access controls and permissions are compromised and it can lead to loss of data of the customers and so financial loss to the organizations. Also, this can put the company’s confidential and PII data at risk.

Computing capacity, storage, and network are shared between multiple users. This class of risks includes the failure of mechanisms separating storage, memory, routing, and even reputation between different tenants of the shared infrastructure (e.g., so-called guest-hopping attacks, SQL injection attacks exposing multiple customers’ data stored in the same table, and side channel attacks). Insider attacks are considered to be a high risk as it can impact the confidential data and can impact the organization’s reputation, customer trust and experiences of all the employees.

References:

Vaquero, Luis Rodero-Merino Juan Caceres et. al “A break in clouds : Towards a cloud definition.” ACM SIGOMM Computer Communication Review Archive, Volume 39, Issue 1 (January 2009).

Kamal Dahbur, Bassil Mohammad, Ahmed BisherTarakji, A Survey of risks, threats, and vulnerabilities in cloud computing, ACM 978-1-4503- 0474-0/04/2011