Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Cloud Computing; usually referred to as merely "the cloud," involves delivering information,
applications, photos, videos, and a lot of over the web to information centers
The principle on which cloud computing is working is to make the computing assigned to a large
number of computers connected together instead of local computer or remote server. Basically, the
cloud is an extension of these three, grid computing, distributed computing, and parallel
computing. The resource is shared in cloud computing via the internet. You can access your
resources placed on the cloud in real time. Like you, anyone else can access their resources.
(Asanghanwa, 2017)
Cloud computing security or, more simply, cloud security refers to a broad set of policies,
technologies, applications, and controls utilized to protect virtualized IP, data, applications,
services, and the associated infrastructure of cloud computing. IBM has helpfully weakened cloud
computing into six totally different categories. In other words, the security model of cloud
computing.
Cloud-based applications run on computers off-site (or "in the cloud"). People or firms own and
operate these devices, that hook up with users' computers, usually through an internet browser.
Security Architecture:
SaaS is hosts the data and the software centrally that are accessible via browser. The enterprise
normally negotiates with the CSP the terms of security ownership in a legal contract.
Cloud Access Security Brokers (CASB) play a central role in discovering security issues within a
SaaS cloud service model as it logs, audits, provides access control, and oftentimes includes
Here, the cloud homes everything necessary to create and deliver cloud-based applications. This
removes the necessity to get and maintain hardware, software, hosting, and more. CSA is defining
the Paas as “The development of the applications without the cost as well as the complexity of
buying and merging the underlying hardware plus software, provisioning hosting capabilities.”
Security Architecture:
The CSP secures a majority of a PaaS cloud service model. However, the security of applications
rests with the enterprise. The essential components to secure the PaaS cloud include security of
the application rests with the enterprises while CSP is securing a majority of PaaS cloud service.
(Lamos, 2018)
IaaS provides firms with servers, storage, networking, and information centers on a per-user basis.
Security Architecture:
The infrastructure IaaS provides us the storage and networking components to cloud networking.
It heavily relies on application programming interfaces (APIs) to allow enterprises to manage and
interact with the cloud. While on the other hand, cloud APIs tend to be insecure as they’re open
Additional security features require for IaaS Cloud computing services are: -
1. Virtual web application firewalls which are placed in front of a website to protect it from
malware.
2. Virtual network-based firewalls located at the cloud network’s edge that guards the
perimeter.
3. Virtual routers
Cloud computing is expected to implement some new strategies like Encryption which will ensure
safe data storage, strict access control, secure ad stable back of user data. This reason is that many
security issues are concerned with Cloud Computing. On the other hand, user can achieve high
power of computing which will beat their own physical domain using cloud. (Meola, 2016)
Security Issues: -
2. Access control:
7. Availability
8 Network Consideration.
10 Resource Allocation
The Internet of Things, meanwhile, refers to the association of devices (other than the same old
examples like computers and smartphones) to the web. Cars, room appliances, and even heart
monitors will all be connected through the IoT. And because the web of Things surges within the
coming back years, a lot of devices can be a part of that list. (Kumaraswamy, 2017)
Internet of Things (IoT) which already started to transform that how we are living our lives, but in
the end, all of the added convenience and increased efficiency comes at a cost.
Nowadays companies are working on to find ways to alleviate that pressure of solving that data
problem with the help of IoT. IoT is remarkably generating an unprecedented amount of data which
is turning to put a tremendous strain on the infrastructure of the internet. (Kumaraswamy, 2017)
Don’t forget Cloud Computing will be a major part of that, by making all of the connected devices
working together. But you have to keep in mind the important difference between cloud computing
and IoT which will play out in the upcoming years as we will generate more and more data.
Interestingly the IoT and Cloud Computing both are serving to bring an increase in the efficiency
which is helping us in our daily tasks, and both of them have a complimentary relationship. IoT is
generating massive amount of data and on the other hand cloud is providing a pathway for that
In order to provide a framework for securing digital access among devices, we have to connect
special purpose devices have a significant number of potential interaction surface areas and
interaction pattern. We are using the term “Digital Access” to distinguish it from any kind
operations that are carried out through the direct device interaction whereas access security if
practices, it's suggested that a typical IoT design is split into many component/zones as a part
authentication and authorization requirements. Zones can be also used to restrict the impact of low
Every single zone is separated by a Trust Boundary, which is noted as red line, as shown in
diagram. It is representing a transition of data/ information from one source to another. During the
process of transition, the data could be subject to Spoofing, Tampering, Repudiation, Information
The components which are depicted within each boundary are also subjected to STRIDE, enabling
a full 360 threat modeling to view of the solution. The following sections explain on each of the
components and specific security concerns and solutions that should be put into place.
The following sections will discuss the standard components typically found in these zones.
1.Device zone
The device environment is the immediate physical area around the device where ever physical
access and/or “local network” peer-to-peer digital access to the device is possible.
A “local network” is assumed to be a network that is unique and insulated from however probably
bridged to the public Internet, and includes any short-range wireless radio technology that allows
making the illusion of such as in the local network and it will not include public operator networks
that needs any two devices to communicate across public network area if they were to enter a peer-
Field gateway is a device/appliance or some all-purpose server computer software that acts as
communication enabler and, doubtless, as a device control system and device data processing hub.
The field gateway zone includes the field gateway itself and all other devices that are hooked up
to that. As the name implies, field gateways act outside dedicated data processing facilities, are
usually location bound, are potentially subject to physical intrusion, and has restricted operational
redundancy. All to say that a field gateway is usually a factor that can touch and sabotage while
A field gateway is totally different from a mere traffic router in this it has had an active role in
managing access and data flow, that’s mean it is an application self-addressed entity and network
connection or session terminal. The NAT device or firewall, in other words, does not qualify as
field gateways since they are not explicit connection or session terminals, but rather a route (or
block) connections or sessions made through them. The field gateway has two distinct surface
areas. One faces the devices that are attached to it and represents within the zone, and therefore all
other different faces all external parties and is the edge of the zone.
The Cloud gateway is a system allows enables remote communication from and to devices or field
gateways from many completely different sites across public network space, generally towards a
cloud-based control and data (information) analysis system, a federation of such systems. In some
cases, a cloud gateway might be immediately facilitate access to special-purpose devices from
terminals like tablets or phones. Within the context discussed here, “cloud” is meant to refer to a
dedicated data processing system that is not bound to the same site as the attached devices or field
gateways. Additionally, in a Cloud Zone, operational measures prevent targeted physical access
A cloud gateway might potentially to be mapped into a network virtualization overlay to insulate
the cloud gateway and every one of its connected devices or field gateways from any other network
traffic. However cloud gateway which itself is not a device control system or a processing or
storage facility for device data; those facilities interface with the cloud gateway. The cloud
gateway zone includes the cloud gateway itself along with all field gateways and devices directly
or indirectly connected to it. Keep in mind that the edge of the zone is a distinct surface area where
Services are mediators. They all are act under their identity towards gateways and other
subsystems, store and analyze data, autonomously issue commands to devices based on data
insights or schedules and expose information and control capabilities to approved end users.
References.
Andrew Meola, (2016). “The roles of cloud computing and fog computing in the Internet of Things
computing-2016-10
Bryan Lamos, (2018). “Internet of Things (IoT) security architecture.” Available at:
https://docs.microsoft.com/en-us/azure/iot-fundamentals/iot-security-architecture
https://azure.microsoft.com/en-us/blog/securing-the-intelligent-edge/
Giti Javidi, Ehsan Sheybani, Lila Rajabion. (2017). “Fog Computing: A New Space Between Data
between-data-and-cloud-497871
https://pdfs.semanticscholar.org/42c8/4e8873239199aab5b50a7d30544bb6f8e887.pdf
Robin Shahan, (2019). “Security standards for Azure IoT Edge” Available at:
https://docs.microsoft.com/en-gb/azure/iot-edge/security
architecture-intro