Regulations and Standards in Public Cloud

2020 ◽  
Vol 13 (3) ◽  
pp. 21-36
Author(s):  
Jitendra Singh ◽  
Kamlesh Kumar Raghuvanshi
Keyword(s):  
Data Center ◽  
Critical Issue ◽  
Regulatory Compliance ◽  
Cloud Provider ◽  
Security Threats ◽  
Public Cloud ◽  
The Public ◽  
Regulatory Standards ◽  
The One ◽  
Security Standards

Security is a critical issue particularly in public cloud as it rests with the cloud providers. During security implementation, prevailing security threats and regulatory standards are borne in mind. Regulatory compliance varies from one cloud provider to another according to their maturity and location of the data center. Thus, subscribers need to verify the security requirement meeting their objective and the one implemented by the public cloud provider. To this end, subscribers need to visit each cloud provider's site to view the compliance. This is a time-consuming activity at the same time difficult to locate on a website. This work presents the prominent security standards suggested by the leading security institutions including NIST, CSA, ENISA, ISO, etc., that are applicable to the public cloud. A centrally-driven scheme is proposed in order to empower the subscriber to know the regulation and standards applicable according to their services need. The availability of an exhaustive list at one place will lower the users hassle at subscription time.

End-User-Driven Approach for Regulatory Compliance in the Public Cloud

2021 ◽  
Vol 12 (3) ◽  
pp. 1-19
Author(s):  
Jitendra Singh ◽  
Vikas Kumar
Keyword(s):  
Present State ◽  
Business Groups ◽  
Regulatory Compliance ◽  
Third Party ◽  
Expert Advice ◽  
Small Scale ◽  
Public Cloud ◽  
End User ◽  
The Public ◽  
Limited Budget

Regulatory compliance is equally binding on small and medium business groups. Owing to the small scale and limited budget, such SMBs are unable to seek expert advice. To adequately guard the SMBs in regulatory compliance, the present work proposed a third-party managed-end user-driven approach that renders the list of regulatory acts applicable in one's case according to the country of one's residence, services subscribed, and type of the operations to be carried out in subscribed cloud paradigm. The list of applicable regulatory acts are rendered at the subscriber's end only. In addition, the proposed method notifies the present state of compliance of under-considered cloud providers. Based on the recommendation received, the subscriber can proceed with his decision to subscribe or not to subscribe in the event if desired compliances do not exist. This technological assistance will eliminate the need to possess the required knowledge in regulatory acts or seeking advice from the regulatory expert.

scholarly journals Secure Server Key Management Designs for the Public Cloud

2020 ◽  
Author(s):  
Kevin Foltz ◽  
William R. Simpson
Keyword(s):  
Key Management ◽  
Web Server ◽  
Free Access ◽  
Cloud Provider ◽  
Public Cloud ◽  
Web Based ◽  
The Public ◽  
Cloud Providers ◽  
Enterprise Level ◽  
Secure Server

The Enterprise Level Security (ELS) model focuses on designing secure, distributed web-based systems starting from basic principles. One area of ELS that poses significant design challenges is protection of web server private keys in a public cloud. Web server private keys are of critical importance because they control who can act as the server to represent the enterprise. This includes responding to requests as well as making requests within the enterprise and to its partners. The cloud provider is not part of this trusted network of servers, so the cloud provider should not have access to server private keys. However, current cloud systems are designed to allow cloud providers free access to server private keys. This paper proposes design solutions to securely manage private keys in a public cloud. An examination of commonly used approaches demonstrates the ease with which cloud providers can currently control server private keys. Two designs are proposed to prevent cloud provider access to keys, and their implementation issues are discussed.

A Survey

2018 ◽  
pp. 181-191
Author(s):  
Srishti Sharma ◽  
Yogita Gigras
Keyword(s):  
Cloud Computing ◽  
Security Threats ◽  
Public Cloud ◽  
Security Measures ◽  
Unauthorized Access ◽  
Cloud Data ◽  
The Public ◽  
Fast Pace

The cloud computing field is an emerging field and continuously growing at a fast pace. The data stored on the public cloud is not safe as the attackers can hack or gain unauthorized access to the data and can modify its contents to harm the organizations and the users as well. They pose security threats and risks at various levels. These threats need to be removed and security actions need to be taken at right time to protect the cloud data and resources from being misused by the attackers. Some of the security measures are summarized in order to protect the data.

scholarly journals Seguridad y protección de datos (también) en el teletrabajo

2020 ◽  
pp. 76-91
Author(s):  
M. Ascensión MORO CORDERO
Keyword(s):  
Personal Data ◽  
Regulatory Compliance ◽  
Fundamental Rights ◽  
Data Governance ◽  
Privacy And Security ◽  
The Public ◽  
Management Culture ◽  
Multiple Challenges ◽  
The Public Sphere ◽  
The One

Laburpena: Telelana administrazio publikoak murgilduta dauden eraldaketa digitalaren beste dimentsio bat bezala ulertu beharko litzateke. Pandemiak bizkortu egin du esparru publikoaren digitalizazio-prozesua. Izan ere, esparru horrek atzerapen nabarmena zuen indarreko araudia betetzeari dagokionez, baina, batez ere, bizkarra eman dio gero eta gehiago datu-truke masiboan eta teknologien bidezko harreman-modu berrietan oinarritzen den errealitate sozialari, kontuan izanik teknologia horiek erritmo bizian egiten dutela aurrera. Administrazio publikoek bultzatu beharko luketen kudeaketa-eredu berrian pribatutasuna eta segurtasuna bermatzeko beharrezkoak diren neurri teknikoetan eta antolaketa-neurrietan oinarritzen da lana. Kudeaketa-sistemak mobilizatzeak dituen erronka ugarien aurrean, administrazio publikoak datuen gobernantzarako estrategia bat eta informazioa kudeatzeko kultura berri bat behar ditu, telelana benetako aukera eraginkorra izan dadin lortzeko, baina, batez ere, oinarrizko eskubideak eta askatasun publikoak babestuz. Agerikoa da datu pertsonalen babesa eta informazioaren segurtasuna ez direla berrikuntzarako oztopo bat, berme bat baizik. Resumen: El teletrabajo debería entenderse como una dimensión más de la transformación digital en la que están inmersas las Administraciones públicas. La pandemia ha acelerado el proceso de digitalización del ámbito público que venía arrastrando un retraso más que evidente en el cumplimiento normativo vigente, por un lado, pero fundamentalmente, de espaldas a una realidad social basada, cada vez más, en un intercambio masivo de datos y en nuevas formas de relación mediante tecnologías que, éstas sí, avanzan a un ritmo vertiginoso. El trabajo se centra en las medidas técnicas y organizativas necesarias para garantizar la privacidad y la seguridad en el nuevo modelo de gestión que deberían impulsar las Administraciones públicas, que ante los múltiples desafíos que presenta la movilización de sus sistemas de gestión, requiere de una estrategia de gobernanza de datos y una nueva cultura de gestión de la información para conseguir que el teletrabajo sea un estadio real, eficiente y eficaz, pero sobretodo salvaguardando los derechos fundamentales y las libertades públicas, con el convencimiento de que la protección de datos personales y la seguridad de la información no son un impedimento para la innovación, sino una garantía. Abstract: Telework should be understood as another dimension of the digital transformation in which the Public Administrations are immersed. The pandemic has accelerated the process of digitizing the public sphere which had been causing a more than evident delay in current regulatory compliance, on the one hand, but fundamentally, with its back to a social reality based, increasingly, on a massive exchange of data and on new forms of relating by means of technologies that, in this case, advance at a dizzying pace. The work focuses on the technical and organizational measures necessary to guarantee privacy and security in the new management model that should be promoted by the Public Administrations, which, given the multiple challenges presented by the mobilization of their management systems, requires a strategy of data governance and a new information management culture to make teleworking a real, efficient and effective stage, but above all safeguarding fundamental rights and public freedoms, with the conviction that the protection of personal data and information security is not an impediment to innovation, but a guarantee.

scholarly journals IP Spoofing In and Out of the Public Cloud: From Policy to Practice

Computers ◽  
2019 ◽  
Vol 8 (4) ◽  
pp. 81 ◽  
Author(s):  
Natalija Vlajic ◽  
Mashruf Chowdhury ◽  
Marin Litoiu
Keyword(s):  
Real World ◽  
Service Providers ◽  
Denial Of Service ◽  
Research Literature ◽  
Third Party ◽  
Cloud Provider ◽  
Public Cloud ◽  
The Public ◽  
Cloud Providers ◽  
Ip Spoofing

In recent years, a trend that has been gaining particular popularity among cybercriminals is the use of public Cloud to orchestrate and launch distributed denial of service (DDoS) attacks. One of the suspected catalysts for this trend appears to be the increased tightening of regulations and controls against IP spoofing by world-wide Internet service providers (ISPs). Three main contributions of this paper are (1) For the first time in the research literature, we provide a comprehensive look at a number of possible attacks that involve the transmission of spoofed packets from or towards the virtual private servers hosted by a public Cloud provider. (2) We summarize the key findings of our research on the regulation of IP spoofing in the acceptable-use and term-of-service policies of 35 real-world Cloud providers. The findings reveal that in over 50% of cases, these policies make no explicit mention or prohibition of IP spoofing, thus failing to serve as a potential deterrent. (3) Finally, we describe the results of our experimental study on the actual practical feasibility of IP spoofing involving a select number of real-world Cloud providers. These results show that most of the tested public Cloud providers do a very good job of preventing (potential) hackers from using their virtual private servers to launch spoofed-IP campaigns on third-party targets. However, the same very own virtual private servers of these Cloud providers appear themselves vulnerable to a number of attacks that involve the use of spoofed IP packets and/or could be deployed as packet-reflectors in attacks on third party targets. We hope the paper serves as a call for awareness and action and motivates the public Cloud providers to deploy better techniques for detection and elimination of spoofed IP traffic.

A Survey

2017 ◽  
pp. 87-97
Author(s):  
Srishti Sharma ◽  
Yogita Gigras
Keyword(s):  
Cloud Computing ◽  
Security Threats ◽  
Public Cloud ◽  
Security Measures ◽  
Unauthorized Access ◽  
Cloud Data ◽  
The Public ◽  
Fast Pace

The cloud computing field is an emerging field and continuously growing at a fast pace. The data stored on the public cloud is not safe as the attackers can hack or gain unauthorized access to the data and can modify its contents to harm the organizations and the users as well. They pose security threats and risks at various levels. These threats need to be removed and security actions need to be taken at right time to protect the cloud data and resources from being misused by the attackers. Some of the security measures are summarized in order to protect the data.

scholarly journals Sprachliche Gleichbehandlung von Frau und Mann: Eine korpusgestützte Untersuchung über den Sprachwandel in der Schweiz

2009 ◽  
Vol 39 (3) ◽  
Author(s):  
Daniel Elmiger
Keyword(s):  
Language Use ◽  
Critical Issue ◽  
Equal Treatment ◽  
Men And Women ◽  
The Public ◽  
Advantages And Disadvantages ◽  
Explorative Study ◽  
Regulatory Interventions ◽  
The One ◽  
The Individual

The use of designations used for men and women has been discussed in German (as well as in other languages) very controversally since the seventies. Language use has been challenged by feminist linguists and some propositions have been supported by various regulatory interventions. In German, the most critical issue – the avoidance of generically used masculine forms – has been documented quite thoroughly as regards the individual phenomena (creation and use of personal nouns, alternative pronouns, strategies to avoid generically used masculine forms, etc.), but the actual extent of language use is still unknown so far and has given rise to very diverse appreciations: Whereas some experts reckon that alternative uses are achieving acceptance, others believe that there is stagnation or even a decrease of "nonsexist language". In this paper we will discuss an explorative study, in which we have looked for evidence for a series of more or less conventional feminine personal nouns in two language corpora: on the one hand the new Schweizer Textkorpus and on the other the public collections that can be queried via COSMAS II. The analysis of the results show specific advantages and disadvantages of each corpus and poses some questions about future explorations in the field of linguistic equal treatment of women and men.

scholarly journals A Stackelberg Game Approach toward Migration of Enterprise Applications to the Cloud

Mathematics ◽  
2021 ◽  
Vol 9 (19) ◽  
pp. 2348
Author(s):  
Shiyong Li ◽  
Wenzhe Li ◽  
Huan Liu ◽  
Wei Sun
Keyword(s):  
Energy Consumption ◽  
Optimization Problem ◽  
Stackelberg Game ◽  
Dynamic Game ◽  
Good Choice ◽  
Cloud Provider ◽  
Public Cloud ◽  
Migration Process ◽  
Cloud Resource Management ◽  
The Public

With the development of cloud computing, more and more cloud resources are rented or purchased by users. Using an economics approach to achieve cloud resource management has been thought of as a good choice for an enterprise user to complete an application’s migration and deployment into the public cloud. During an application’s migration process, it is important but very challenging to achieve the satisfaction of both the enterprise user and the public cloud provider at the same time. In this paper, we apply an economics approach to investigate the migration optimization problem during the migration process of applications from the enterprise user’s data center to the remote public cloud. We consider the application migration time of the enterprise user and the energy consumption of physical machines, and establish a single static round optimization problem for both the enterprise user and the cloud provider on the premise of satisfying the quality of experience (QoE) based on the Stackelberg game, where the public cloud provider is leader and the enterprise user is follower. Then we propose a novel algorithm to find the optimal physical machine placement for application migration. After that, we further consider that an enterprise user needs to migrate several applications, and extend the single-round static game to the multi-round dynamic game, where the energy consumption costs of the physical machines are reduced by adjusting the states of the physical machines in each round. We finally illustrate the performance of our scheme through some simulation results.

A Review on Load Balancing Model Using Best Partition Technique

2017 ◽  
Vol 7 (8) ◽  
pp. 284
Author(s):  
M. Chaitanya ◽  
K. Durga Charan
Keyword(s):  
Cloud Computing ◽  
Fault Tolerance ◽  
Load Balancing ◽  
Load Balance ◽  
Large Impact ◽  
Cloud Environment ◽  
Public Cloud ◽  
The Public ◽  
Partition Technique ◽  
Textual Content

Load balancing makes cloud computing greater knowledgeable and could increase client pleasure. At reward cloud computing is among the all most systems which offer garage of expertise in very lowers charge and available all the time over the net. However, it has extra vital hassle like security, load administration and fault tolerance. Load balancing inside the cloud computing surroundings has a large impact at the presentation. The set of regulations relates the sport idea to the load balancing manner to amplify the abilties in the public cloud environment. This textual content pronounces an extended load balance mannequin for the majority cloud concentrated on the cloud segregating proposal with a swap mechanism to select specific strategies for great occasions.

Sign in / Sign up

Export Citation Format

Share Document