The Flexibility Of Secured Data

Published Date: 02 Nov 2017

Abstract: Cloud Computing is the flexibility of using the services as per need and paying according to use. In addition, these services run on shared infrastructure.so we use these services just as much as we need, and utilizing resources without investing on new additional infrastructure. So No Extra Computers. Additional Computers would have meant extra idling time as well, so all this avoided with the concept of utility computing. "If we need Milk, Why we buy a Cow for Milk?"

This is that the ideal solution is to grow a more successful and vibrant technology innovation sector. There is a number of security issues/concerns associated with cloud computing but these issues fall into two broad categories: Security issues faced by cloud providers (organizations providing Software, platform, or infrastructure-as-a-service via the cloud) and security issues faced by their customers. In most cases, the provider must ensure that their infrastructure is secure and that their clients’ data and applications are protected while the customer must ensure that the provider has taken the proper security measures to protect their information While cloud computing provides managed services, we are still responsible for compliance. No provider will assume this responsibility for us, simply because they are managing our applications and data. In order to comply with regulations like PCI DSS, HIPPA, SOX, and the many others it is essential that security be one of the most important factors when making the decision to move to the cloud.

So moving to the cloud helps an organization’s agenda to reduce costs associated with energy and to comply with environment objectives to a great extent. So that’s killing two birds with one stone, and a remarkable achievement for any organization.

In this paper I would like to present overview of cloud computing, why we choose cloud computing for our Small and large business. I would like to introduce various types of cloud, their uses, & many more, how cloud services worked, journally I have organized as follows: section 1 provides Introduction to cloud, services and deployment model, types, benefits, how to work services. Section 2 , I would like to provide storage cloud, because without using of storage cloud services cannot worked, so cloud services are depend on cloud storage. And section 3, I would like to present security in web application, who is responsible for security in PAAS, IAAS, and SAAS. And last in summary , I must say why cloud is fit for any organization, A lots of reasons, I have discussed here, so just I tell "two birds killed with one stone, because one place where we kept our data safe."

Keywords: Cloudstorage, Customer, Organization, Provider, Privacy, security,Services,,Vendor etc.

I.Introduction: Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over a network (typically the Internet). The name comes from the use of a cloud-shaped symbol as an abstraction for the complex infrastructure it contains in system diagrams. Cloud computing entrusts remote services with a user's data, software and computation.[1].

There are many types of public cloud computing:

Infrastructure as a service (IaaS)

Platform as a service (PaaS)

Software as a service (SaaS)

Network as a service (NaaS)

Storage as a service (STaaS)

Security as a service (SECaaS)

Data as a service (DaaS)

Desktop as a service (DaaS)

Database as a service (DBaaS)

Test environment as a service (TEaaS)

API as a service (APIaaS)

Backend as a service (BaaS)

Integrated development environment as a service (IDEaaS)

Integration platform as a service (IPaaS)

Service models:

1 Infrastructure as a service (IaaS)

2 Platform as a service (PaaS)

3 Software as a service (SaaS)

4 Network as a service (NaaS)

Deployment models: The cloud model is composed of four deployment models

1 Private cloud

2. Community cloud

3. Public cloud

4. Hybrid cloud

Here is a definition for each deployment model.

1. Private cloud -- The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise.[1]

2. Community cloud The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise.

3. Public cloud -- The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.[1]

4.Hybrid cloud -- The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds).

This graphic displays how each sample services would operate per development model:

II. Benefits of Cloud computing:

Achieve economies of scale – increase volume output or productivity with fewer people. Your cost per unit, project or product plummets.[1]

Reduce spending on technology infrastructure. Maintain easy access to your information with minimal upfront spending. Pay as you go (weekly, quarterly or yearly), based on demand.

Globalize your workforce on the cheap. People worldwide can access the cloud, provided they have an Internet connection.

Streamline processes. Get more work done in less time with less people.

Reduce capital costs. There’s no need to spend big money on hardware, software or lic ensing fees.

Improve accessibility. You have access anytime, anywhere, making your life so much easier!

Monitor projects more effectively. Stay within budget and ahead of completion cycle times.

Less personnel training is needed. It takes fewer people to do more work on a cloud, with a minimal learning curve on hardware and software issues.

Minimize licensing new software. Stretch and grow without the need to buy expensive software licenses or programs.

10. Improve flexibility. We can change direction without serious "people" or "financial" issues at stake cloud computing. If you have an e-mail account with a Web-based e-mail service like Hotmail, Yahoo! Mail or Gmail, then we've had some experience with cloud computing. Instead of running an e-mail program on our computer, we log in to a Web e-mail account remotely. The software and storage for our account doesn't exist on our computer -- it's on the service's computer cloud.

III.How Cloud Services Work: of installing a suite of software for each computer, we only have to load one application. That application would allow workers to log into a Web-based service which hosts all the programs the user would need for his or her job. Remote machines owned by another company would run everything from e-mail to word processing to complex data analysis programs. It's called cloud computing, and it could change the entire computer industry.

In a cloud computing system, there's a significant workload shift. Local computers no longer have to do all the heavy lifting when it comes to running applications. The network of computers that make up the cloud handles them instead. Hardware and software demands on the user's side decrease. The only thing the user's computer needs to be able to run is the cloud computing systems interface software, which can be as simple as a Web browser, and the cloud’s network takes care of the rest. There’s a good chance we’ve already used some form of cloud computing. If you have an e-mail account with a Web-based e-mail service like Hotmail, Yahoo! Mail or Gmail, then you've had some experience with cloud computing. Instead of running an e-mail program on your computer, you log in to a Web e-mail account remotely. The software and storage for your account doesn't exist on your computer -- it's on the service's computer cloud.

IV. Without cloud Storage, there can be no cloud service:

Cloud data storage is a critical component in the cloud computing model; without cloud Storage, there can be no cloud service. The following storage cloud topics are covered to help us continue our journey to storage cloud:

Overview of storage cloud and storage types.

1. Traditional storage versus storage cloud.

2. Benefits and features of storage cloud.

3. Storage cloud service level classes.

4. Storage cloud delivery models.

5. Storage cloud journey use cases.

IV.1.Storage Cloud Overview:

A storage cloud provides storage as a service to storage consumers. It may be delivered in any of the previously discussed cloud delivery models (public, private, hybrid, community). A storage cloud can be used to support a diverse range of storage needs, including mass data stores, file shares, backup, archive, and more. Implementations range from public user data stores to large private storage area networks (SAN) or network-attached storage (NAS), hosted in-house or at third-party managed facilities. The following examples are publicly available storage clouds: [3].

IBM Smart Cloud offers a variety of storage options, including archive, backup, and object storage. Sky drive from Microsoft allows the public to store and share nominated files on the Microsoft public storage cloud service. Email services, such as Hotmail, Gmail, and Yahoo, store user email and attachments in their respective storage clouds. Face book and YouTube allow users to store and share photos and videos. Storage cloud capability can also be offered in the form of storage as a service, where we pay based on the amount of storage space used. There are various ways a storage cloud can be used, based on our organization’s specific requirements.

IV.II.. Benefits and features of storage cloud:

The overall benefits of storage cloud vary significantly based on the underlying storage infrastructure. Storage cloud can help businesses achieve more effective functionality at lower cost while improving business agility and reducing project scheduling risk.[3].http://www.ibm.com/cloud-computing/us/en/index.html

1. Dynamic scaling and provisioning (elasticity): One of the key advantages of storage cloud is dynamic scaling, also known as elasticity. Elasticity means that storage resources can be dynamically allocated (scaled up) or released (scaled down) based on business needs. Traditional IT storage infrastructure administration most often acquires capacity needed within the next year or two, which necessarily means this reserve capacity will be idle or underutilized for some period of time. A storage cloud can start small and grow incrementally with business requirements, or even shrink in size to lower costs if appropriate to capacity demands. For this key reason, storage cloud can support a company's growth while reducing net capital investment in storage.

2. Faster deployment of storage resources:

New enterprise storage resources can be provisioned and deployed in minutes compared to less optimized traditional IT, which typically takes more time, sometimes days or even months.

3. Reduction in TCO and better ROI:

Enterprise storage virtualization and consolidation lowers infrastructure total cost of ownership (TCO) significantly, with centralized storage capacity and management driving improved usage and efficiency, generally providing a significantly higher return on investment (ROI) through storage capacity cost avoidance. In addition, savings can be gained because of reduced floor space, energy required for cooling, labor costs, and also support and maintenance. This gain can be important where storage costs grow faster than revenues and directly affect profitability.

4. Reduce cost of managing storage:

Virtualization helps in consolidating storage capacity and helps achieve much higher utilization, thereby significantly reducing the capital expenditure on storage and its management. [3] Www. Ibm.com/redbooks

5. Greener data centers:

By consolidating geographically dispersed storage into fewer data centers, we achieve a smaller footprint in terms of rack space,we can save on energy (electrical power) and charges for infrastructure space, which also improves TCO and ROI.

6. Dynamic, flexible chargeback model (pay-per-use):

By implementing storage cloud, an organization pays only for the amount of storage that is actually that is used rather than paying for an incremental spare capacity, which remains idle until needed. This model can provide an enterprise with enormous benefits financially. Savings can also be realized from hardware and software licensing for functionality such as replication and point-in-time copy.

7. Multiuser file sharing:

By centralizing the storage infrastructure, all users can have parallel and simultaneous access to all the data across the enterprise rather than dealing with isolated islands of data. This also helps in collaboration and file sharing with higher data access rates. [3],[4] www.ibmredbook.com

8. Self-service user portal

A self-service user portal that is based on a service catalog empowers clients to automatically provision based on predefined templates. Manage IT infrastructure based on the user’s needs.

9. Integrated storage and service management:

The storage cloud infrastructure usually includes integrated management software, which helps to manage the complete storage infrastructure from a single console, without having to buy proprietary management software from multiple vendors. This way saves time and helps reduce spending on various proprietary management software.

10. Improved efficiency of data management:

Consolidation and standardization of storage resources facilitates less infrastructure complexity, which is intrinsically simpler to manage. Consistent policies and process with integrated management tools support geographically diverse infrastructure requirements that are driven by performance or availability considerations.

11. Faster time to market:

Automation, self-service portals, rapid deployment, dynamic scaling, and centralized storage management enhance business agility by facilitating significant improvements such as decreased time-to-market for new products. Businesses can focus on building their core products and competencies instead of worrying about the management of their IT infrastructure.

IV.III. Benefits of a storage cloud implementation:

For a distributed computing environment, a storage cloud provides significant benefits for the accessibility, replication and hierarchical storage management of data. . A storage cloud can help the business units become more agile and dynamic to meet the fluctuating resource demands of their clients. Storage cloud also helps the larger organization to implement a pay-per-use model to accurately track and recover infrastructure costs across the business units.

1. Data accessibility

One of the features of a storage cloud is its ability to consolidate multiple disparate data islands into a single data repository, accessible to anyone from anywhere throughout an organization (if security permits it). This single view of data is particularly helpful in a Distributed Computing Environment, where data islands are prevalent. Users and administrators can take advantage of this consolidated view to more easily access the data across the organization.

2. Data replication:

Data replication is the key to enabling effective user roaming within and across the Distributed Computing Environment tiers. It can reduce WAN congestion and improve operational performance by having users access copies of data that are located on their local area network (LAN), rather than across the WAN.

Branch staff can have their personal data replicated to branches within their region. Regional managers can have their personal data replicated to all of the branches within their region. Inter-region managers can have their personal data replicated to all regional offices. Teams that operate across regions can have their shared data replicated to their own regional office.

Each tier can have data replicated to its parent to facilitate high availability at the originating tier, and also to enhance the efficiency of the enterprise backup strategy. Corporate data can be replicated out to the branches for local manipulation, including printing.

IT infrastructure data can be replicated to all locations to facilitate IT-related tasks such as workstation builds, software distribution, and patch management. Although data replication is the key enabler for solving the data distribution dilemma, a smart storage cloud solution enhances the process by supporting automated management functions. These functions include features such as caching to reduce the amount of WAN traffic when accessing remote files, checking file "staleness" to ensure the current version of a file is always used, delta updates to minimize network traffic for updated files, and multiuser access management to eliminate update conflicts.

3. Cost reduction:

The business unit can provision storage to its clients at a significantly reduced cost, because the infrastructure costs are shared across multiple customers and other business units, rather than paid solely by the client. By consolidating its storage infrastructure, the organization is able to provide a single storage infrastructure over a broader client base. This way provides both economies of scale, and potential to even out the demand peaks and troughs. Pooling of storage resources means that the organization can allocate storage from anywhere, where it is the most effective in meeting a client need.

4. Elasticity: Client resource demands can be met with agility because a storage cloud enables resources to be provisioned in an elastic fashion, dynamically as demands dictate. Internal resource peak and trough demands for resources can also be met by provisioning a

Storage cloud. After activities, such as testing, are completed, the virtual machines and the attached storage that is associated with these activities can be released and added back to the virtual storage pool, to be used later, or by other business units.

5. Rapid provisioning

A storage cloud allows for rapid provisioning of resources by providing a consolidated view of resources and automation of the overall storage provisioning process through a storage cloud portal. Automation and self-provisioning also helps the temporary workforce, in terms of providing the test setup in minutes, rather than weeks. This feature means that personnel can be productive on startup, rather than being delayed by infrastructure provisioning workflows. Standard deployment templates, which can be customized for differing environments, ensure that the provisioned environments are more stable and less error-prone, thereby improving the quality of deliverables.

6. Faster time to market

As a result of the reduction in time spent for manual provisioning processes, the business unit is able to focus on its core competencies, rather than being distracted by storage infrastructure administration. Less administrative complexity facilitates benefits like faster time to market for new products and services.

7. Hierarchical storage management :

Data islands, as encountered within a distributed computing environment, exacerbate the issue of organization data growth. As requirements for data storage grow, pressure is placed on each individual data island for capacity expansion. This pressure can be relieved by smart management of the data on each island. Because a storage cloud has a consolidated view of the storage environment across the enterprise, it is able to make intelligent decisions about whether data should be stored at a particular location based on metadata. Data that is infrequently used may be migrated to a central location. Inactive data can be archived, and retrieved on demand. These features allow for storage optimization, without the need for administrators to individually manage each storage repository.

Coming part we will discuss about Saas, Paas,Iaas Security in cloud.& who is responsible for security.[3]www.ibmredbook.com

V. Who Is Responsible for Web Application Security in the Cloud? Vendor or customer?

Depending on the cloud services delivery model (SPI) and service-level agreement (SLA), the scope of security responsibilities will fall on the shoulders of both the customer and the cloud provider. The key is to understand what your security responsibilities are versus those of the CSP. In that context, recent security surveys have highlighted the fact that lack of transparency in security controls and practices employed by CSPs is a barrier to cloud adoption. To start with, cloud customers do not have the transparency required in the area of software vulnerabilities in cloud services.[2][4]

A good reference for browser security is Google's Browser Security Handbook.

See http://www.daemonology.net/blog/2008-12-18-AWS-signature-version-1-is-insecure.html.

This prevents customers from managing the operational risk that might come with the vulnerabilities. Furthermore, by treating their software as proprietary, CSPs are impeding security researchers from analyzing the software for security flaws and bugs. (The exception is cloud providers that are operating on open source software.) Due to this lack of transparency, customers are left with no choice but to trust their CSPs to disclose any new vulnerability that may affect the confidentiality, integrity, or availability of their application.[2]

Cloud security and privacy: An enterprise perspective on risks and Compliance.pdf by Tim Mather, Subra Kumaraswamy, and Shahed Latif

A good reference for browser security is Google's Browser Security Handbook.

See http://www.daemonology.net/blog/2008-12-18-AWS-signature-version-1-is-insecure.html. For example, as of March 2009, no prominent IaaS, PaaS, or SaaS vendors are participating in the Common Vulnerability and Exposures (CVE) project. Case in point: AWS took 7.5 months to fix a vulnerability that Colin Percival reported in May 2007.[3]. This vulnerability was a cryptographic weakness in Amazon's request signing code that affected its database API (SimpleDB) and EC2 API services, and it was not made public until after it was fixed in December 2008. (Colin does acknowledge that Amazon took this issue seriously at all times, and the lengthy timeline was simply due to the large amount of work involved in rolling out a patch to the affected services.) Enterprise customers should understand the vulnerability disclosure policy of cloud services and factor that into the CSP risk assessment. The following sections discuss the web application security in the context of the SPI cloud service delivery model. [2].

V.I. SaaS Application Security:

The SaaS model dictates that the provider manages the entire suite of applications delivered to users. Therefore, SaaS providers are largely responsible for securing the applications and components they offer to customers. Customers are usually responsible for operational security functions, including user and access management as supported by the provider. It is a common practice for prospective customers, usually under an NDA, to request information related to the provider's security practices. This information should encompass design, architecture, development, black- and white-box application security testing, and release management. Some customers go to the extent of hiring independent security vendors to perform penetration testing (black-box security testing) of SaaS applications (with consent from the provider) to gain assurance independently.

[2],[4] Google Docs access control issue: http://peekay.org/2009/03/26/security-issues-with-google-docs/.

Google Docs access control response to a weakness issue: http://googledocs.blogspot.com/2009/03/just-to . However, penetration testing can be costly and not all providers agree to this type of verification. Extra attention needs to be paid to the authentication and access control features offered by SaaS CSPs. Usually that is the only security control available to manage risk to information. Most services, including those from Salesforce.com and Google, offer a web-based administration user interface tool to manage authentication and access control of the application. Some SaaS applications, such as Google Apps, have built-in features that end users can invoke to assign read and write privileges to other users. However, the privilege management features may not be advanced, fine-grained access and could have weaknesses that may not conform to our organization’s access control standard. One example that captures this issue is the mechanism that Google Docs employs in handling images embedded in documents, as well as access privileges to older versions of a document. Evidently, embedded images stored in Google Docs are not protected in the same way that a document is protected with sharing controls. That means if we have shared a document containing embedded images, the other person will always be able to view those images even after we’ve stopped sharing the document. [2] Google Docs privacy glitch: http://www.techcrunch.com/2009/03/07/huge-google-privacy-blunder-shares-your docs-without-permission/. A blogger discovered this access control quirk and brought it to Google's attention. Although Google has acknowledged the issue, its response conveys that it believes those concerns do not pose a significant security risk to its users. Another incident related to Google Docs was a privacy glitch that inappropriately shared access to a small fraction (Google claims 0.05% of the documents were affected) of word processing and presentation documents stored on its Google Apps cloud service. Though the documents were shared only with people whom the Google Docs users had already shared documents, rather than with the world at large, the problem illustrates the need to evaluate and understand cloud-specific access control mechanisms. Cloud customers should try to understand cloud-specific access control mechanisms— including support for strong authentication and privilege management based on user roles and functions—and take the steps necessary to protect information hosted in the cloud. Additional controls should be implemented to manage privileged access to the SaaS administration tool, and enforce segregation of duties to protect the application from insider threats. In line with security standard practices, customers should implement a strong password policy—one that forces users to choose strong passwords when authenticating to an application. It is a common practice for SaaS providers to commingle their customer data (structured and unstructured) in a single virtual data store and rely on data tagging to enforce isolation between customer data. In that multitenant data store model, where encryption may not be feasible due to key management and other design barriers, data is tagged and stored with a unique customer identifier. This unique data tag makes it possible for the business logic embedded in the application layer to enforce isolation between customers when the data is processed. It is conceivable that the application layer enforcing this isolation could become vulnerable during software upgrades by the CSP. Hence, customers should understand the virtual data store architecture and the preventive mechanisms the SaaS providers use to guarantee the compartmentalization and isolation required in a virtual multitenant environment. Established SaaS providers, such as Salesforce.com, Microsoft, and Google, are known to invest in software security and practice security assurance as part of their SDLC. However, given that there is no industry standard to assess software security, it is almost impossible to benchmark providers against a baseline.

V.II:PaaS Application Security :

PaaS vendors broadly fall into the following two major categories:

•Software vendors (e.g.,Bungee, Etelos,

GigaSpaces, Eucalyptus)

• CSPs (e.g., Google App Engine, Salesforce.com's Force.com, Microsoft Azure, Intuit QuickBase)

Organizations evaluating a private cloud may utilize PaaS software to build a solution for internal consumption. Currently, no major public clouds are known to be using commercial off-the-shelf or open source PaaS software such as Eucalyptus (Eucalyptus does offer a limited experimental pilot cloud for developers at Eucalyptus.com,however). Therefore, given the nascent stage of PaaS deployment, we will not discuss software security of standalone PaaS software in this topic. Nonetheless, it is recommended that organizations evaluating PaaS software perform a risk assessment and apply the software security standard similar to acquiring any enterprise software. By definition, a PaaS cloud (public or private) offers an integrated environment to design, develop, test, deploy, and support custom applications developed in the language the platform supports. PaaS application security encompasses two software layers:

• Security of the PaaS platform itself (i.e., runtime engine)

• Security of customer applications deployed on a PaaS platform

[3]See Cloud Security and Privacy an Enterprise perspective on Risks and Compliance.pdf.

Generally speaking, PaaS, CSPs (e.g., Google, Microsoft, and Force.com) are responsible for securing the platform software stack that includes the runtime engine that runs the customer applications. Since PaaS applications may use third-party applications, components, or web services, the third-party application provider may be responsible for securing their services. Hence, customers should understand the dependency of their application on all services and assess risks pertaining to third-party service providers. Until now, CSPs have been reluctant to share information pertaining to platform security using the argument that such security information could provide an advantage for hackers. However, enterprise customers should demand transparency from CSPs and seek information necessary to perform risk assessment and ongoing security management.

V.III:PaaS application container :

In the multitenant PaaS service delivery model, the core security tenets are containment and isolation of multitenant applications from each other. [2],[2] See http://open.eucalyptus.com/wiki/EucalyptusPublicCloud.

In that model, access to our data should be restricted to enterprise users and to applications that our own and manage. The security model of the PaaS platform runtime engine is the CSP's intellectual property, and it is essential to delivering the "sandbox" architecture in a multitenant computing model. Hence, the sandbox characteristic of the platform runtime engine is central in maintaining the confidentiality and integrity of our application deployed in the PaaS. CSPs are responsible for monitoring new bugs and vulnerabilities that may be used to exploit the PaaS platform and break out of the sandbox architecture. This type of situation is the worst case scenario for a PaaS service; the privacy implications for customer-sensitive information are undesirable and could be very damaging to our business. Hence, enterprise customers should seek information from the CSP on the containment and isolation architecture of the PaaS service. Network and host security monitoring outside the PaaS platform is also the responsibility of the PaaS cloud provider (i.e., monitoring of a shared network and system infrastructure hosting customer applications). PaaS customers should understand how PaaS CSPs are managing their platform, including updating of the runtime engine and change, release, and patch management.

V.IV. IaaS Application Security:

IaaS cloud providers (e.g., Amazon EC2, GoGrid, and Joyent) treat the applications on customer virtual instances as a black box, and therefore are completely agnostic to the operations and management of the customer's applications. The entire stack—customer applications, runtime application platform (Java, .NET, PHP, Ruby on Rails, etc.), and so on— runs on the customer's virtual servers and is deployed and managed by customers. To that end, customers have full responsibility for securing their applications deployed in the IaaS cloud. Hence, customers should not expect any application security assistance from CSPs other than basic guidance and features related to firewall policy that may affect the application's communications with other applications, users, or services within or outside the cloud. Web applications deployed in a public cloud must be designed for an Internet threat model, embedded with standard security countermeasures against common web vulnerabilities (e.g., the OWASP Top 10).

[2](http://www.cloud-standards.org]In adherence with common security development practices, they should also be periodically tested for vulnerabilities, and most importantly, security should be embedded into the SDLC. Customers are solely responsible for keeping their applications and runtime platform patched to protect the system from malware and hackers scanning for vulnerabilities to gain unauthorized access to their data in the cloud. It is highly recommended that you design and implement applications with a "least-privileged" runtime model (e.g., configure the application to run using a lower privileged account). Developers writing applications for IaaS clouds must implement their own features to handle authentication and authorization. In line with enterprise identity management practices, cloud applications should be designed to leverage delegated authentication service features supported by an enterprise Identity Provider (e.g., OpenSSO, Oracle IAM, IBM, CA) or third-party identity service provider (e.g., Ping Identity, Symplified, TriCipher). Any custom implementations of Authentication, Authorization, and Accounting (AAA) features can become a weak link if they are not properly implemented, and you should avoid them when possible.

In summary, the architecture for IaaS hosted applications closely resembles enterprise web applications with an n-tier distributed architecture. In an enterprise, distributed applications run with many controls in place to secure the host and the network connecting the distributed hosts. Comparable controls do not exist by default in an IaaS platform and must be added through a network, user access, or as application-level controls. Customers of IaaS clouds are responsible for all aspects of their application security and should take the steps necessary to protect their application to address application-level threats in a multitenant and hostile Internet environment.

VI. Insecure data in any cloud application using a single encryption system:

"Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction". Cloud provider can share only encrypted data.

For enterprise organizations that are using cloud-based applications, a paramount question is how to meet data security, privacy, residency and compliance requirements. It’s no longer a matter of "if" data should be encrypted or tokenized, but "how" to do it in the most effective way. For the most part, cloud service providers are leaving this decision up to customers. While cloud providers willingly offer to store or process data for clients, they maintain that the responsibility and liability of securing the data belongs to the organization that owns the data. As a result, many enterprises are now looking at the various encryption solutions that are coming to market to address this cloud conundrum. The requirements for a data encryption solution vary from company to company, and even from application to application. Nevertheless, there are some general guidelines that should help organization consider their options:

• Control of data -- The enterprise should retain complete control of its data. The cloud provider should have no access to real data in the clear.

• Control of keys -- The organization should have complete control of its encryption keys. The cloud provider should not be able to access keys that can decrypt the data.

• Flexibility -- The solution should give the organization the flexibility to choose its preferred data security technique (i.e., encryption, tokenization or both) as well as which data fields will be protected, and in what formats.

• Usability -- The solution should be transparent to end users so they don't have to change normal work processes.

• Adaptability -- The solution should not require any changes to the application or cloud services where the encrypted or tokenized data will reside. The enterprise is unlikely to be able to change them anyway, so the solution has to adapt to the application, not the other way around.

VII. Security and data protection:

Organizations today demand that their data is protected from corruption and loss, whether by accident or intent. This section highlights the security and data protection mechanisms available within storage clouds, and their relevance to providing the data integrity, which businesses have come to expect.

I. Backup and disaster recovery:

Despite rapid data growth, data protection and retention systems are expected to maintain service levels and data governance policies. Data has become integral to business decision-making and basic operations, from production to sales and customer management. Data protection and retention are core capabilities for their role in risk mitigation and for the amount of data involved.

II.Backup and recovery:

Provides cost-effective and efficient backup and restore capabilities, improving the performance, reliability and recovery of data in respect to SLAs. Backups protect current data and they are unlikely to be accessed unless data is lost.

III. Archiving:

Retains data that handles long term data retention requirements, either for compliance or business purpose, by providing secure and cost effective solutions with automated process for retention policies and data migration to different storage media. Continuous data availability Ensures uninterrupted access to data for critical business systems, reducing the risk of downtime providing capability to fail over transparently and as instantaneously as possible to an active copy of the data. The total mirroring strategy needs to be automated to ensure automated failover and then an appropriate automated fail-back. Optimizing all of these areas helps an organization deliver better services with reduced application downtime. Data protection and retention, archiving, and continuous data availability can improve business agility by ensuring that applications have the correct data when needed, while inactive data is stored in the correct places for the correct length of time. This way means that the data protection functions must be application aware.

IV. Multitenancy:

The term multitenancy refers to an architecture that is typically used in cloud environments. Instead of providing each cloud service consumer (tenant) a separate, dedicated infrastructure (single-tenancy architecture), all consumers share one common environment. Shared layers must behave as though they were setup in a dedicated fashion in terms of customization, isolation, and so on. A cloud environment has two primary technology stacks were multitenancy is relevant: The management environment (cloud management stack) The managed environment (infrastructure, platform, or application that is provided as a service) .

Conclusion:

Let I discussed here, lots of benefits of cloud services using of large/small scale of organization. With cloud computing, we eliminate those headaches because we’re not managing hardware and software—that’s the responsibility of an experienced vendor like salesforce.com. The shared infrastructure means it works like a utility: we can only pay for what we need, upgrades are automatic, and scaling up or down is easy.Cloud-based apps can be up and running in days or weeks, and they cost less. With a cloud app, we just open a browser, log in, customize the app, and start using it.so relax, write application and leave on cloud. The latest innovations in cloud computing are making our business applications even more mobile and collaborative, similar to popular consumer apps like Facebook and Twitter. As consumers, we now expect that the information we care about will be pushed to us in real time, and business applications in the cloud are heading in that direction as well. With Cloud, keeping up with our work is as easy as keeping up with our personal life on Face book.

So using cloud, we can say two birds killed with one stone. Feel relax and all is leave on cloud.