Security, Standards and Applications in Cloud Computing

Introduction of Security, Standards

Security and standardization are critical pillars of cloud computing. Since cloud services are delivered over the Internet and managed by third-party providers, issues related to data security, privacy, interoperability, and access control become extremely important. Standards help ensure compatibility, portability, and secure communication across cloud platforms.

Security in Clouds

Cloud security refers to a set of policies, technologies, controls, and practices designed to protect cloud-based data, applications, and infrastructure.

Security Responsibility Model (Exam Point)

Cloud security follows a shared responsibility model:

Cloud Provider: Infrastructure, physical security, virtualization
User: Data, access control, application security

Cloud Security Challenges

Data Security

Data stored on third-party servers
Risk of data leakage and breaches

Privacy Issues

Data location across different countries
Compliance with legal regulations (GDPR, etc.)

Identity and Access Management

Unauthorized access
Weak authentication mechanisms

Multi-Tenancy Risk

Multiple users share same infrastructure
Risk of side-channel attacks

Availability and Downtime

Dependency on Internet
Service outages and DoS attacks

Vendor Lock-in

Difficulty in migrating data and applications

Summary Table: Cloud Security Challenges

Challenge	Description
Data Breach	Unauthorized data access
Privacy	Regulatory compliance issues
Multi-Tenancy	Shared resource risks
Downtime	Service unavailability
Lock-in	Limited portability

Software as a Service (SaaS) Security

SaaS security focuses on protecting applications and user data hosted and managed by cloud service providers.

Key Security Concerns in SaaS

Data Confidentiality – Encryption of stored and transmitted data
Authentication & Authorization – Role-based access control
Data Isolation – Separation between tenants
Application Vulnerabilities – SQL injection, XSS

SaaS Security Mechanisms

Encryption (AES, SSL/TLS)
Multi-factor authentication
Secure APIs
Regular security audits

Common Standards in Cloud Computing

Standards ensure interoperability, portability, security, and management consistency across cloud platforms.

The Open Cloud Consortium (OCC)

The Open Cloud Consortium (OCC) is an organization that promotes the development of open standards and reference implementations for cloud computing.

Objectives

Support open cloud standards
Enable large-scale data-driven applications
Improve interoperability

Exam Point

OCC focuses on open and interoperable cloud environments.

Distributed Management Task Force (DMTF)

The DMTF is a standards organization that develops management standards for IT infrastructure, including cloud systems.

Key Contributions

CIM (Common Information Model)
OVF (Open Virtualization Format)

Importance

Standardized VM packaging
Cloud infrastructure management

Standards for Application Developers

Purpose

To ensure that cloud applications are:

Portable
Interoperable
Scalable

Important Standards

RESTful APIs

OpenStack APIs
OASIS TOSCA (Topology and Orchestration Specification)

Benefits

Vendor independence
Faster development
Easy deployment

Standards for Messaging

Messaging standards define how applications communicate in cloud environments.

Common Messaging Standards

AMQP (Advanced Message Queuing Protocol)
MQTT
SOAP
REST

Exam Note

AMQP is widely used for reliable message delivery in distributed cloud systems.

Standards for Security

Purpose : To ensure confidentiality, integrity, and availability of cloud services.

Common Security Standards

Standard	Purpose
SSL / TLS	Secure data transmission
OAuth	Secure authorization
SAML	Single Sign-On (SSO)
ISO/IEC 27001	Information security management
AES	Data encryption

End User Access to Cloud Computing

End users access cloud services through Internet-enabled devices using web browsers or thin clients.

Access Methods

Web applications
Mobile apps
Virtual desktops

Security Measures

Authentication
Authorization
Encryption
Access logging

Mobile Internet Devices and the Cloud

Mobile cloud computing refers to the use of cloud services through mobile devices such as smartphones and tablets.

Features

Data storage in cloud
Cloud-based apps
Synchronization across devices

Advantages

Low device storage usage
High scalability
Anywhere access

Challenges

Network latency
Battery consumption
Mobile security threats

Applications of Secure Cloud Computing

E-Governance
Online Banking
Healthcare systems
E-learning platforms
Enterprise collaboration tools

Apache Hadoop

Apache Hadoop is an open-source framework used for distributed storage and processing of large datasets across clusters of commodity hardware using simple programming models.

Key Characteristics

Distributed processing
Fault tolerance
Scalability
High throughput

Hadoop Architecture

Hadoop mainly consists of two core components:

HDFS (Hadoop Distributed File System) – Storage
MapReduce – Processing

HDFS Components

NameNode – Manages metadata
DataNode – Stores actual data blocks
Secondary NameNode – Checkpointing

Advantages of Hadoop

Handles big data efficiently
Cost-effective (commodity hardware)
Reliable due to data replication

Limitations

Not suitable for small data
High latency
Complex configuration

MapReduce

MapReduce is a programming model and processing framework used in Hadoop for processing large datasets in parallel across a distributed cluster.

MapReduce Programming Model

Two Main Phases

Map Phase
- Input split into key–value pairs
- Processes data independently
Reduce Phase
- Aggregates output of Map phase

MapReduce Flow

Input → Map → Shuffle & Sort → Reduce → Output

Simple MapReduce Formula (Exam Friendly)

If data is split into N blocks and processed by M nodes, then:

Processing Time \propto \frac{Data Size}{M​}

Advantages of MapReduce

Parallel processing
Fault tolerant
Simple programming logic