Jump to content

Cloud Storage Security


Londy

Recommended Posts

Contact starlets/media personalities such as Jennifer Lawrence, Kaley Cuoco, Kirsten Dunst, Miley Cyrus, Kate Hudson, Scarlett Johannson, Brie Larson, Avril Lavigne, Rihanna, Kate Upton and many more ( including quite a few men, also ).
They should be able to help you research the security of cloud based storage.
( or alternately, the stupidity of using cloud based storage for sensitive material )

Link to comment
Share on other sites

More seriously, you could look at some of those high profile cases and see what security lapses led to their information being leaked: weak passwords, human factors, system hacked, etc.

You could also take a look at the website https://haveibeenpwned.com which tracks security breaches to get an idea of the scale of the problem.  You could try contacting the guy who runs it and other security researchers (check their twitter accounts, for example) for information.

There are a lot of Internet security people who have blogs and write about cloud security. A google search should find you several.

Link to comment
Share on other sites

Thanks Strange,

Your contribution is heavily appreciated. However, what I'm actually looking at is a research methodology or strategy to embark on. E.g. Agile methodology, waterfall methodology, Object Oriented Programming methodology, etc. Which one is suitable for Cloud security, and why?

Link to comment
Share on other sites

32 minutes ago, Londy said:

I'm actually looking at is a research methodology or strategy to embark on. E.g. Agile methodology, waterfall methodology, Object Oriented Programming methodology, etc. Which one is suitable for Cloud security, and why?

The examples you list above are probably not research methodologies. They are more methods for management or collaboration in general. Are you looking for scientific research methodologies or more like methods for information gathering? Cloud storage is a broad area; security research methodologies could be different depending on purpose with storage and what content to store.

Link to comment
Share on other sites

23 hours ago, Londy said:

Please what is the appropriate research methodology or methodologies suitable in carrying out research on Cloud storage security?

This is a bit broad as a question. You must keep in mind that there are elements of security, a similar but different focus on privacy, and then depending on the nature of your cloud or business there are also elements of compliance with certain international standards and laws.

Even just within the concept of security, you have to consider encryption type, vulnerability to brute force or DDoS attacks, back doors in the code allowing entry or APIs that can extract info, spear phishing and Ops convincing users to click links or share passwords, and even whether or not there's a physical guard at the door of your server stacks or datacenter.

There's also concepts of have disaster recovery plans and the ability to transfer to alternate systems in the event of hardware failures, or backup generators in the case of power outages, and how granular the different user permissions models are (admin god-like access versus limited oversight access to subcomponents versus read-only access), etc.

Once you get into the topics of privacy and compliance, then things get even more squirrely with GDPR and other regulatory issues from one country to the next, so you really need to narrow your focus, IMO.

Link to comment
Share on other sites

6 hours ago, Londy said:

Your contribution is heavily appreciated. However, what I'm actually looking at is a research methodology or strategy to embark on. E.g. Agile methodology, waterfall methodology, Object Oriented Programming methodology, etc. Which one is suitable for Cloud security, and why?

The less developers, the more stable team (no job quitting, no acquiring new (unknown) programmers), the less chance to have leakage of details of the system. Final user (developer) of cloud service can use his or her own e.g. AES-256 password to encrypt the all data sent/received from cloud (and using it as just storage), from his or her web-server or computer or mobile application using cloud. This way data are not (easily) readable even by admins or owners of cloud service (nor middle man intercepting the all transmission, even if managed to pass through HTTPS/SSL).

Link to comment
Share on other sites

@iNow covered most aspects. Depending on situation one could add geographic* redundancy/failover, likelihood or possibility of an insider attack, software revisions in use and how fast reported vulnerabilities are addressed. What kind of monitoring is in use? How stable is the business? Very fast growing or an economically struggling business could possibly partially neglect security policies. To what degree do you have insight in, or the possibility to monitor, that that contracts, rules and policies stated is actually followed? Will several competing cloud storages be compared, or are you assessing one specific storage?

That said, there is also the information aspect; to which degree each concept applies depends on the purpose of storing and what kind of information that is stored:

-How sensitive will it be when information is stolen? How sensitive is it if data is not stolen but lost? Example: completely public information may not sensitive to theft but may be valuable and must be protected against accidental or intentional deletion. Company secrets, medical records or similar should not be lost or stolen. 

-What are the likely parties interested in the information? Who are you protecting the information from? Casual hackers? Competitors? Intelligence agencies?

So, depending on which aspects that are to be investigated, different methods for research will be applicable and different properties will be interesting to evaluate.

 

*) A secondary site may have less strict security, be the older of two sites, having older or weaker perimeter protection, weaker fire protection or similar weaknesses. 

Link to comment
Share on other sites

23 hours ago, Ghideon said:

The examples you list above are probably not research methodologies. They are more methods for management or collaboration in general. Are you looking for scientific research methodologies or more like methods for information gathering? Cloud storage is a broad area; security research methodologies could be different depending on purpose with storage and what content to store.

Hi Ghideon,

Yes, am looking for scientific research methodologies that can be recommended as suitable in carrying out research on Cloud storage security. As ab extension, I will also not mind methods for information gathering, as it will also form great part of my work.

Link to comment
Share on other sites

19 hours ago, Ghideon said:

@iNow covered most aspects. Depending on situation one could add geographic* redundancy/failover, likelihood or possibility of an insider attack, software revisions in use and how fast reported vulnerabilities are addressed. What kind of monitoring is in use? How stable is the business? Very fast growing or an economically struggling business could possibly partially neglect security policies. To what degree do you have insight in, or the possibility to monitor, that that contracts, rules and policies stated is actually followed? Will several competing cloud storages be compared, or are you assessing one specific storage?

That said, there is also the information aspect; to which degree each concept applies depends on the purpose of storing and what kind of information that is stored:

-How sensitive will it be when information is stolen? How sensitive is it if data is not stolen but lost? Example: completely public information may not sensitive to theft but may be valuable and must be protected against accidental or intentional deletion. Company secrets, medical records or similar should not be lost or stolen. 

-What are the likely parties interested in the information? Who are you protecting the information from? Casual hackers? Competitors? Intelligence agencies?

So, depending on which aspects that are to be investigated, different methods for research will be applicable and different properties will be interesting to evaluate.

 

*) A secondary site may have less strict security, be the older of two sites, having older or weaker perimeter protection, weaker fire protection or similar weaknesses. 

I need a scientific research methodology, that can specifically be adopted in carrying out this research on Cloud storage security. In reporting, a chapter is dedicated to Research Methodology. Now what methodology can one adopt among others for a cloud storage security, specifically?

I don't know if you are still missing the point.

Link to comment
Share on other sites

6 minutes ago, Londy said:

I need a scientific research methodology, that can specifically be adopted in carrying out this research on Cloud storage security. In reporting, a chapter is dedicated to Research Methodology. Now what methodology can one adopt among others for a cloud storage security, specifically?

This is not scientific research, so I don't know what you are looking for.

Is this chapter something you have read, or something you are expected to write? If the latter, then I think you would just describe what areas of security you decided to look at (the various technologies, the reasons for security vulnerabilities, the types of attack, etc) and why, where you looked for information, who you interviewed, etc.

If this is for a course, why not ask your lecturer / tutor for advise?

Quote

I don't know if you are still missing the point.

Maybe.

Link to comment
Share on other sites

23 hours ago, iNow said:

This is a bit broad as a question. You must keep in mind that there are elements of security, a similar but different focus on privacy, and then depending on the nature of your cloud or business there are also elements of compliance with certain international standards and laws.

Even just within the concept of security, you have to consider encryption type, vulnerability to brute force or DDoS attacks, back doors in the code allowing entry or APIs that can extract info, spear phishing and Ops convincing users to click links or share passwords, and even whether or not there's a physical guard at the door of your server stacks or datacenter.

There's also concepts of have disaster recovery plans and the ability to transfer to alternate systems in the event of hardware failures, or backup generators in the case of power outages, and how granular the different user permissions models are (admin god-like access versus limited oversight access to subcomponents versus read-only access), etc.

Once you get into the topics of privacy and compliance, then things get even more squirrely with GDPR and other regulatory issues from one country to the next, so you really need to narrow your focus, IMO.

Ok, look at it this way.

It's an academic research. The choice or focus is on encryption of data offsite before upload to the cloud. The algorithms (Symmetric/Asymmetric) will be considered, and ways to better apply them to the system when implemented to better secure the data prio upload to cloud. In the reporting of the research, section of the report requires Research methodology, and I seem to be at wits end finding an appropriate research methodology to present the report.

Your guide is hence appreciated.

Link to comment
Share on other sites

4 minutes ago, Londy said:

Ok, look at it this way.

It's an academic research. The choice or focus is on encryption of data offsite before upload to the cloud. The algorithms (Symmetric/Asymmetric) will be considered, and ways to better apply them to the system when implemented to better secure the data prio upload to cloud. In the reporting of the research, section of the report requires Research methodology, and I seem to be at wits end finding an appropriate research methodology to present the report.

Your guide is hence appreciated.

As this is more technology focussed, then I think the methodology would need to discuss the evaluation of the different algorithms (e.g performance, cost (such as compute time), security, etc), how you evaluated them (running simulations, mathematical analysis, finding research papers who have done that), why you chose that set of algorithms, etc.

Or ... ask your tutor.

Link to comment
Share on other sites

2 minutes ago, Strange said:

Is this chapter something you have read, or something you are expected to write? If the latter, then I think you would just describe what areas of security you decided to look at (the various technologies, the reasons for security vulnerabilities, the types of attack, etc) and why, where you looked for information, who you interviewed, etc.

If this is for a course, why not ask your lecturer / tutor for advise?

The chapter is part of what I am expected to write. I have reviewed several models proposed and implemented in the literature about security systems applied to data before upload to the cloud. i'm looking at an improvement to the existing system which is application of an encryption algorithm to the data. I can send you the background to the study so you can see.

2 minutes ago, Strange said:

As this is more technology focussed, then I think the methodology would need to discuss the evaluation of the different algorithms (e.g performance, cost (such as compute time), security, etc), how you evaluated them (running simulations, mathematical analysis, finding research papers who have done that), why you chose that set of algorithms, etc.

Or ... ask your tutor.

Yes, its technology focused, and yet has a dept of academic connection. The focus has been chosen already to improve on existing systems. The existing systems chosen adopt the BRING YOUR OWN ENCRYPTION, which enables the data owner to manage their encryption and keys. But yet, there are issues of data breach, because some data owners employ a trusted third party to manage their encryption and keys. Some, even after encrypting their data also send the encrypted data with keys to cloud server. Then, another uses Hardware Security Module which the provider has a sync with. Now, improving on these weaknesses is the focus of this research, and your guide towards the methodology is well appreciated.

Link to comment
Share on other sites

On 9/10/2019 at 2:43 PM, Ghideon said:

 security research methodologies could be different depending on purpose with storage and what content to store.

Hi Gidheon,

Please what are those different research methodologies that you pointed out above? You can give me some, irrespective of their purpose with storage or whatever content to store, as you mentioned also.

Link to comment
Share on other sites

18 hours ago, Londy said:

The choice or focus is on encryption of data offsite before upload to the cloud. <...> the reporting of the research, section of the report requires Research methodology,

Search cryptography testing methods. Start reading the top results. Look for new keywords and search for those

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.