Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. [email protected].
-
Upload
cody-morgan -
Category
Documents
-
view
215 -
download
0
Transcript of Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. [email protected].
![Page 2: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/2.jpg)
Subwaves within the information age
NETE4630 Advanced Network Security and Implementation
2
![Page 3: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/3.jpg)
Evolution of Cloud Computing
NETE4630 Advanced Network Security and Implementation
3
![Page 4: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/4.jpg)
Why Cloud?
Cloud computing is a low-cost solution.
Cloud computing offers responsiveness and flexibility.
The IT expense matches the transaction volumes.
Business users are in direct control of technology decisions.
The line between home computing applications and enterprise applications will blur.
NETE4630 Advanced Network Security and Implementation
4
![Page 5: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/5.jpg)
Sources of incremental IT spending growth
NETE4630 Advanced Network Security and Implementation
5
![Page 6: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/6.jpg)
Worldwide IT cloud services spending
NETE4630 Advanced Network Security and Implementation
6
![Page 7: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/7.jpg)
Evolution of Cloud Computing (cont.)
ISP 1.0 ISPs quickly proliferated to provide access to the Internet
for organizations and individuals. These early ISPs merely provided Internet connectivity for
users and small businesses, often over dial-up telephone service.
ISP2.0 As access to the Internet became a commodity, ISPs consolidated
and searched for other value-added services, such as providing access to email and to servers at their facilities.
NETE4630 Advanced Network Security and Implementation
7
![Page 8: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/8.jpg)
Evolution of Cloud Computing (cont.)
ISP3.0 Colocation facilities: specialized facilities for hosting
organizations’ (customers’) servers, along with the infrastructure to support them and the applications running on them.
Those facilities are “a type of data center where multiple customers locate network, server, and storage gear and interconnect to a variety of telecommunications and other network service provider(s) with a minimum of cost and complexity.”
NETE4630 Advanced Network Security and Implementation
8
![Page 9: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/9.jpg)
Evolution of Cloud Computing (cont.)
ISP4.0 As collocation facilities proliferated and became
commoditized, the next step in the evolution was the formation of application service providers (ASPs), which focused on a higher value-added service of providing specialized applications for organizations, and not just the computing infrastructure.
ASPs typically owned and operated the software application(s) they provided, as well as the necessary infrastructure.
NETE4630 Advanced Network Security and Implementation
9
![Page 10: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/10.jpg)
Cloud Computing (ISP5.0)
Although ASPs might appear similar to a service delivery model of cloud computing that is referred to as software-as-a-service (SaaS), there is an important difference in how these services are provided, and in the business model.
Although ASPs usually provided services to multiple customers (just as SaaS providers do today), they did so through dedicated infrastructures.
That is, each customer had its own dedicated instance of an application, and that instance usually ran on a dedicated host or server.
The important difference between SaaS providers and ASPs is that SaaS providers offer access to applications on a shared, not dedicated, infrastructure.
NETE4630 Advanced Network Security and Implementation
10
![Page 11: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/11.jpg)
Cloud Computing Defined
Properties Descriptions
Multi-tenancy (shared resources)
cloud computing is based on a business model in which resources are shared (i.e., multiple users use the same resource) at the network level, host level, and application level.
Massive scalability
cloud computing provides the ability to scale to tens of thousands of systems, as well as the ability to massively scale bandwidth and storage space
Elasticity Users can rapidly increase and decrease their computing resources as needed, as well as release resources for other uses when they are no longer required.
Pay as you go Users pay for only the resources they actually use and for only the time they require them.
Self-provisioning of resources
Users self-provision resources, such as additional systems (processing capability, software, storage) and network resources
NETE4630 Advanced Network Security and Implementation
11
![Page 12: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/12.jpg)
Attributes of Elasticity
NETE4630 Advanced Network Security and Implementation
12
![Page 13: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/13.jpg)
Notable Cloud Launches
NETE4630 Advanced Network Security and Implementation
13
![Page 14: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/14.jpg)
SPI Service Model
NETE4630 Advanced Network Security and Implementation
14
![Page 15: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/15.jpg)
Architecture for Relevant Technologies
NETE4630 Advanced Network Security and Implementation
15
![Page 16: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/16.jpg)
Cloud Services Delivery Model
NETE4630 Advanced Network Security and Implementation
16
![Page 17: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/17.jpg)
Cloud Deployment Model
Private Clouds
Public Clouds
Hybrid Clouds
NETE4630 Advanced Network Security and Implementation
17
![Page 18: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/18.jpg)
Cloud Service Deployment Model
NETE4630 Advanced Network Security and Implementation
18
![Page 19: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/19.jpg)
Public Clouds
NETE4630 Advanced Network Security and Implementation
19
![Page 20: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/20.jpg)
Hybrid Clouds
NETE4630 Advanced Network Security and Implementation
20
![Page 21: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/21.jpg)
Key Drivers to Adopting Clouds
Small Initial Investment and Low Ongoing Costs
Economies of Scale
Open Standards
Sustainability
NETE4630 Advanced Network Security and Implementation
21
![Page 22: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/22.jpg)
Governance in the Cloud
NETE4630 Advanced Network Security and Implementation
22
![Page 23: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/23.jpg)
Barriers to Cloud Computing Adoption in the Enterprise
Security
Privacy
Connectivity and Open Access
Reliability
Interoperability
Independence from CSPs
Economic Value
Changes in the IT Organization
IT Governance
Political Issues Due to Global Boundaries
NETE4630 Advanced Network Security and Implementation
23
![Page 24: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/24.jpg)
Complexity of security in cloud environment
NETE4630 Advanced Network Security and Implementation
24
![Page 25: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/25.jpg)
Security Issues in Service Models
Security in SaaS Most enterprises are still
uncomfortable with the SaaS model due to lack of visibility about the way their data is stored and secured.
Security in IaaS IaaS only provides basic
security (perimeter firewall, load balancing, etc.) and applications moving into the cloud will need higher levels of security provided at the host.
Security in PaaS PaaS offers an integrated
set of developer environment that a developer can tap to build their applications without having any clue about what is going on underneath the service.
This can be helpful for a hacker to leverage the PaaS cloud infrastructure for malware command and control and go behind IaaS applications.
NETE4630 Advanced Network Security and Implementation
25
![Page 26: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/26.jpg)
Security for the SaaS Stack
NETE4630 Advanced Network Security and Implementation
26
![Page 27: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/27.jpg)
Security for the SaaS StackData Security
In a traditional on-premise application deployment model, sensitive data of each enterprise continues to reside within the enterprise boundary and is subject to its physical, logical and personnel security and access control policies.
In SaaS model, the enterprise data is stored outside the enterprise boundary, at the SaaS vendor end.
EC2 Administrators with a business need are required to use their individual cryptographi- cally strong Secure Shell (SSH) keys to gain access to a host. All such accesses are logged and routinely audited.
Data at rest in Simple Storage Service (S3) is not encrypted by default, users can encrypt their data before it is uploaded to Amazon S3, so that it is not accessed or tampered with by any unauthorized party.
NETE4630 Advanced Network Security and Implementation
27
![Page 28: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/28.jpg)
Possible Vulnerabilities in SaaS
Cross-site scripting [XSS]
Access control weaknesses
OS and SQL injection flaws
Cross-site request forgery [CSRF]
Cookie manipulation
Hidden field manipulation
Insecure storage
Insecure configuration
NETE4630 Advanced Network Security and Implementation
28
![Page 29: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/29.jpg)
Security for the SaaS StackNetwork Security
Sensitive data is obtained from the enterprises, processed by the SaaS application and stored at the SaaS vendor end.
All data flow over the network needs to be secured in order to prevent leakage of sensitive information.
This involves the use of strong network traffic encryption techniques such as Secure Socket Layer (SSL) and the Transport Layer Security (TLS) for security.
NETE4630 Advanced Network Security and Implementation
29
![Page 30: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/30.jpg)
Data Locality
Customer does not know where the data is getting stored.
Due to compliance and data privacy laws in various countries, locality of data is of utmost importance in many enterprise architecture.
In many EU and South America countries, certain types of data cannot leave the country because of potentially sensitive information.
A secure SaaS model must be capable of providing reliability to the customer on the location of the data of the consumer.
NETE4630 Advanced Network Security and Implementation
30
![Page 31: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/31.jpg)
Data Integrity
Each SaaS application may have different levels of availability and SLA (service-level agreement), which further complicates management of transactions and data integrity across multiple SaaS applications.
The lack of integrity controls at the data level (or, in the case of existing integrity controls, bypassing the application logic to access the database directly) could result in problems.
NETE4630 Advanced Network Security and Implementation
31
![Page 32: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/32.jpg)
Data Segregation
data of various users will reside at the same location. Intrusion of data of one user by another becomes possible in this environment.
A SaaS model should therefore ensure a clear boundary for each user’s data.
The boundary must be ensured not only at the physical level but also at the application level.
Possible Attacks include SQL injection flaws, Data validation, and Insecure storage.
NETE4630 Advanced Network Security and Implementation
32
![Page 33: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/33.jpg)
Data Access
The SaaS model must be flexible enough to incorporate the specific policies put forward by the organization.
The model must also be able to provide organizational boundary within the cloud because multiple organization will be deploying their business processes within a single cloud environment.
NETE4630 Advanced Network Security and Implementation
33
![Page 34: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/34.jpg)
Authentication and Authorization
With SaaS, the software is hosted outside of the corporate firewall.
Many a times user credentials are stored in the SaaS providers’ databases and not as part of the corporate IT infrastructure.
This means SaaS customers must remember to remove/disable accounts as employees leave the company and create/enable accounts as come onboard.
NETE4630 Advanced Network Security and Implementation
34
![Page 35: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/35.jpg)
Vulnerabilities in Virtualization
Some vulnerability has been found in all virtualization software which can be exploited by malicious, local users to bypass certain security restrictions or gain privileges.
For example, the vulnerability of Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating system.
Vulnerability in Virtual PC and Virtual Server could allow elevation of privilege.
NETE4630 Advanced Network Security and Implementation
35
![Page 36: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/36.jpg)
Availability
A multi-tier architecture needs to be adopted, supported by a load-balanced farm of application instances, running on a variable number of servers.
Resiliency to hardware/software failures, as well as to denial of service attacks, needs to be built from the ground up within the application.
NETE4630 Advanced Network Security and Implementation
36
![Page 37: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/37.jpg)
Backups
The SaaS vendor needs to ensure that all sensitive enterprise data is regularly backed up to facilitate quick recovery in case of disasters.
The use of strong encryption schemes to protect the backup data is recommended
In the case of cloud vendors such as Amazon, the data at rest in S3 is not encrypted by default. The users need to separately encrypt their data and backups so that it cannot be accessed or tampered with by unauthorized parties.
NETE4630 Advanced Network Security and Implementation
37
![Page 38: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/38.jpg)
Identity Management
NETE4630 Advanced Network Security and Implementation
38
![Page 39: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/39.jpg)
Security in PaaS
Provider might give some control to the people to build applications on top of the platform.
But any security below the application level such as host and network intrusion prevention will still be in the scope of the provider and the provider has to offer strong assurances that the data remains inaccessible between applications.
PaaS is intended to enable developers to build their own applications on top of the platform.
NETE4630 Advanced Network Security and Implementation
39
![Page 40: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/40.jpg)
Security in PaaS (cont.)
Hackers are likely to attack visible code, including but not limited to code running in user context.
They are likely to attack the infrastructure and perform extensive black box testing.
The vulnerabilities of cloud are not only associated with the web applications but also vulnerabilities associated with the machine-to-machine Service-Oriented Architecture (SOA) applications, which are increasingly being deployed in the cloud.
NETE4630 Advanced Network Security and Implementation
40
![Page 41: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/41.jpg)
Security Issues in IaaS
With IaaS the developer has better control over the security as long as there is no security hole in the virtualization manager.
The security responsibilities of both the provider and the consumer greatly differ between cloud service models.
Amazon’s EC2 infrastructure as a service offering includes vendor responsibility for security up to the hypervisor, meaning they can only address security controls such as physical security, environmental security, and virtualization security.
The consumer, in turn, is responsible for the security controls that relate to the IT system including the OS, applications and data
NETE4630 Advanced Network Security and Implementation
41
![Page 42: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/42.jpg)
Security Management and Monitoring Scope
NETE4630 Advanced Network Security and Implementation
42
![Page 43: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/43.jpg)
ITIL Life Cycle in Enterprise
NETE4630 Advanced Network Security and Implementation
43
![Page 44: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/44.jpg)
Security Management in Clouds
Availability management (ITIL)
Access control (ISO/IEC 27002, ITIL)
Vulnerability management (ISO/IEC 27002)
Patch management (ITIL)
Configuration management (ITIL)
Incident response (ISO/IEC 27002)
System use and access monitoring (ISO/IEC 27002)
NETE4630 Advanced Network Security and Implementation
44
![Page 45: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/45.jpg)
Security-as-a-Service
Email filtering (including backup, archival, and e-discovery)
Web content filtering; vulnerability management
Identity-as-a-service (spelled as IDaaS).
NETE4630 Advanced Network Security and Implementation
45
![Page 46: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/46.jpg)
Email Filtering
SaaS for email primarily involves cleansing spam, phishing emails, and malware included in email from an organization’s incoming email stream, and then delivering that clean email securely to the organization so that it is effectively not repolluted.
Not only more comprehensive security for clients due to the use of multiple engines, but also better performance of those client devices (because the anti-malware runs in the cloud and not on the endpoint directly), as well as far better anti-malware management.
Provide email encryption, SSL tunnel between email servers, backups and recovery
NETE4630 Advanced Network Security and Implementation
46
![Page 47: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/47.jpg)
Web Content Filtering
NETE4630 Advanced Network Security and Implementation
47
![Page 48: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/48.jpg)
Vulnerability Management
Discover, prioritize, and assess systems for vulnerabilities, and then report and remediate those vulnerabilities and verify the systems’ secure operation.
Monitor for and report on compliance with some regulatory requirements (e.g., the Payment Card Industry’s Data Security Standard).
NETE4630 Advanced Network Security and Implementation
48
![Page 49: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/49.jpg)
Identity Management-As-a-Service
NETE4630 Advanced Network Security and Implementation
49
![Page 50: Lecture 7 Security in Cloud Computing Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649ec15503460f94bcd16a/html5/thumbnails/50.jpg)
Questions?
NETE4630 Advanced Network Security and Implementation