Cloud Security Interview Questions
| Question: What is Cloud Security? How it works and what are the benefits ? |
| Answer: Cloud security is an evolving sub-domain of computer security, network security, and, more broadly, information security. It refers to a broad set of policies, technologies, and controls deployed to protect data, applications, and the associated infrastructure of cloud computing Cloud computing security is the set of control-based technologies and policies designed to adhere to regulatory compliance rules and protect information, data applications and infrastructure associated with cloud computing use. Cloud computing security is the set of control-based technologies and policies designed to adhere to regulatory compliance rules and protect information, data applications and infrastructure associated with cloud computing use Cloud security controls Deterrent controls These controls are intended to reduce attacks on a cloud system. Much like a warning sign on a fence or a property, deterrent controls typically reduce the threat level by informing potential attackers that there will be adverse consequences for them if they proceed. [Some consider them a subset of preventive controls.] Preventive controls Preventive controls strengthen the system against incidents, generally by reducing if not actually eliminating vulnerabilities. Strong authentication of cloud users, for instance, makes it less likely that unauthorized users can access cloud systems, and more likely that cloud users are positively identified. Detective controls Detective controls are intended to detect and react appropriately to any incidents that occur. In the event of an attack, a detective control will signal the preventative or corrective controls to address the issue.System and network security monitoring, including intrusion detection and prevention arrangements, are typically employed to detect attacks on cloud systems and the supporting communications infrastructure. Corrective controls Corrective controls reduce the consequences of an incident, normally by limiting the damage. They come into effect during or after an incident. Restoring system backups in order to rebuild a compromised system is an example of a corrective control. • Detection – Cloud computing creates the ability to link together millions of security nodes on the net. By working together, these nodes can better detect new threats. • Remediation – Quick remediation is a critical component of cybersecurity – the less time the malware is in the system, the better protected you are. Cloud computing allows security providers to implement the solution much more rapidly than the traditional model of loading the solution onto multiple machines. • Prediction – One of the most effective strategies for cybersecurity is to limit the ability of bad actors to act at all. Cloud computing allows solutions providers to build reputation scores of machines that are bad actors, creators and disseminators of malware. The cloud solution can enable the provider to build reputation scores, much like credit scores, and block the ability of bad actors and bad machines to infect customer systems. • Protection against end user breach or corruption – One of the greatest threats to security derives from the user side, in the form of data breach or corruption resulting form lost or stolen laptops, mobile devices and portable drives. Cloud computing can eliminate or minimize these threats through the use of centrally stored data with continuous and automated network analysis and protection |
| Question: Is it safe to store personal data in the cloud ? |
| Answer: In principle there is nothing preventing you from the processing and storage of personal identifiable data in the cloud, but all relevant security rules and guidelines must of course be observed. This is easier to say than to implement. The nature of the personal data is a crucial element. Both email addresses and disease information may be ‘personal’, but security requirements for them are different. It is important to note that the European privacy directives are older than any cloud service, and that when the DPA uses the law text on cloud computing services, it often generates a series of questions to both users and suppliers that can difficult to answer. |
| Question: What is the meaning of cloud here ? It is cloud computing or something else ? |
| Answer: Primary characteristics of cloud computing are IT services on-demand, great flexibility and scalability – often called elasticity. Resources are to some or large extent shared with other users of the same cloud – multi-tenancy. |
| Question: Cloud server is faster than standing alone server? |
| Answer: This is depends on the configuration of cloud server which is provided by Cloud Vendor. |
| Question: What is cloud security and why ? |
| Answer: Cloud security is an evolving sub-domain of computer security, network security, and, more broadly, information security. It refers to a broad set of policies, technologies, and controls deployed to protect data, applications, and the associated infrastructure of cloud computing.Cloud computing security is the rule set based on technologies and policies designed to follow to regulatory compliance rules and protect information, data applications and infrastructure associated with cloud computing use. Cloud computing security processes should address the security controls the cloud provider will incorporate to maintain the customer’s data security, secrecy and compliance with necessary protocols. Security in the cloud depends on many factors, whether you choose SaaS, Paas or IaaS, and whether the cloud is private, public, hybrid or “community”-based. For companies without special IT security competencies, e.g. many small or medium sized businesses without a dedicated IT security function, cloud computing could probably provide better security than they would be able to establish, not least maintain by themselves |
| Question: What are types of cloud security? |
| Answer: Security in the cloud depends on many factors, whether you choose SaaS, Paas or IaaS, and whether the cloud is private, public, hybrid or “community”-based. For companies without special IT security competencies, e.g. many small or medium sized businesses without a dedicated IT security function, cloud computing could probably provide better security than they would be able to establish, not least maintain by themselves. Private cloud: The cloud infrastructure is operated solely for our customer. Infrastructure may be managed by our customer or by a third party and may exist on premises or off premises. (The “private†descriptor emphasizes dedication to specific customer, rather than any statement of greater level of security etc.) • Public cloud: The cloud infrastructure is available to the general public or a large industry group and is owned by an organization selling cloud services as a common utility service. However each customer still comprises a fully logically and virtually separate “tenant†within the common infrastructure. • Hybrid cloud: The cloud infrastructure is a composition of two or more clouds (private, community or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds). |
| Question: Cloud Security can be implement with Windows Azure? |
| Answer: Microsoft Azure is a cloud computing platform and infrastructure, created by Microsoft, for building, deploying and managing applications and services through a global network of Microsoft-managed datacenters. It provides both PaaS and IaaS services and supports many different programming languages, tools and frameworks, including both Microsoft-specific and third-party software and systems |
| Question: Suggest OEM solutions for cloud security, preferably at different layers(network, application, so on) |
| Answer: Please find the top 5 market leader for Cloud Security Solution Providers Zscaler Websense Bluecoat Cisco Macfee Saas–> Application Software–> Salesforce.com/GoogleApps/Microsfot Office 365 PaaS–>platform(OS,Tools,Framework)–> Force.com/Google App Engine/Microsfot Azure Iaas–> Infrastructure(Hardware,Storage)–>Amazon EC2/ Amazon S3/ Cloudscaling.com |
| Question: Is there a way to protect cloud backups and disaster recovery? |
| Answer: Data must be secured throughout its lifecycle. Properly encrypting data while it is in use, but then offering hacker’s unencrypted replicas as backup defeats the purpose of encrypting in the first place. You must encrypt and own the encryption keys for every point of the lifecycle of your information. Fortunately solutions that are built for the cloud do exist, and they should cover backups as well as primary copies |
| Question: Is there a difference in the various providers security? |
| Answer: Yes. Besides the natural differences between Software, Platform or Infra-Structure as a service, there are also – sometimes large – differences in the security facilities provided by different vendors. You should examine in detail if your potential cloud suppliers security is up to your standards |
| Question: What is Cloud Security Alliance? |
| Answer: Cloud Security Alliance (CSA) is a “nonprofit” organization, which implements a wide range of initiatives in cloud security. For example, CSA publishes a free guide and instructions on cloud security. Members are a variety of vendors and corporate users of cloud computing, in addition to individuals. That combination gives a good weight behind the association and its initiatives. Other initiatives from CSA includes a GRC stack with a “control matrix”. The matrix has a series of “controls” with relevance to cloud security, each mapped up to ISO 27001, PCI, COBIT, NIST and more |
| Question: What are the element involved in cloud security or components ? |
| Answer: A. Security: It is clear that the security issue has played the most important role in hindering Cloud computing acceptance. Without doubt, putting your data, running your software on someone else’s hard disk using someone else’s CPU appears daunting to many. Well-known security issues such as data loss, phishing, botnet (running remotely on a collection of machines) pose serious threats to organization’s data and software. Moreover, the multi-tenancy model and the pooled computing resources in cloud computing has introduced new security challenges that require novel techniques to tackle with. For example, hackers can use Cloud to organize botnet as Cloud often provides more reliable infrastructure services at a relatively cheaper price for them to start an attack. B. Costing Model: Cloud consumers must consider the tradeoffs amongst computation, communication, and integration. While migrating to the Cloud can significantly reduce the infrastructure cost, it does raise the cost of data communication, i.e. the cost of transferring an organization’s data to and from the public and community Cloud and the cost per unit of computing resource used is likely to be higher. This problem is particularly prominent if the consumer uses the hybrid cloud deployment model where the organization’s data is distributed amongst a number of public/private (in-house IT infrastructure)/community clouds. Intuitively, ondemand computing makes sense only for CPU intensive jobs. C. Charging Model: The elastic resource pool has made the cost analysis a lot more complicated than regular data centers, which often calculates their cost based on consumptions of static computing. Moreover, an instantiated virtual machine has become the unit of cost analysis rather than the underlying physical server. For SaaS cloud providers, the cost of developing multitenancy within their offering can be very substantial. These include: re-design and redevelopment of the software that was originally used for single-tenancy, cost of providing new features that allow for intensive customization, performance and security enhancement for concurrent user access, and dealing with complexities induced by the above changes. Consequently, SaaS providers need to weigh up the trade-off between the provision of multitenancy and the cost-savings yielded by multi-tenancy such as reduced overhead through amortization, reduced number of on-site software licenses, etc. Therefore, a strategic and viable charging model for SaaS provider is crucial for the profitability and sustainability of SaaS cloud providers. D. Service Level Agreement (SLA): Although cloud consumers do not have control over the underlying computing resources, they do need to ensure the quality, availability, reliability, and performance of these resources when consumers have migrated their core business functions onto their entrusted cloud. In other words, it is vital for consumers to obtain guarantees from providers on service delivery. Typically, these are provided through Service Level Agreements (SLAs) negotiated between the providers and consumers. The very first issue is the definition of SLA specifications in such a way that has an appropriate level of granularity, namely the tradeoffs between expressiveness and complicatedness, so that they can cover most of the consumer expectations and is relatively simple to be weighted, verified, evaluated, and enforced by the Kuyoro S. O., Ibikunle F. & Awodele O. International Journal of Computer Networks (IJCN), Volume (3) : Issue (5) : 2011 253 resource allocation mechanism on the cloud. In addition, different cloud offerings (IaaS, PaaS, and SaaS) will need to define different SLA metaspecifications. This also raises a number of implementation problems for the cloud providers. Furthermore, advanced SLA mechanisms need to constantly incorporate user feedback and customization features into the SLA evaluation framework. E. What to migrate: Based on a survey (Sample size = 244) conducted by IDC in 2008, the seven IT systems/applications being migrated to the cloud are: IT Management Applications (26.2%), Collaborative Applications (25.4%), Personal Applications (25%), Business Applications (23.4%), Applications Development and Deployment (16.8%), Server Capacity (15.6%), and Storage Capacity (15.5%). This result reveals that organizations still have security/privacy concerns in moving their data on to the Cloud. Currently, peripheral functions such as IT management and personal applications are the easiest IT systems to move. Organizations are conservative in employing IaaS compared to SaaS. This is partly because marginal functions are often outsourced to the Cloud, and core activities are kept in-house. The survey also shows that in three years time, 31.5% of the organization will move their Storage Capacity to the cloud. However this number is still relatively low compared to Collaborative Applications (46.3%) at that time. F. Cloud Interoperability Issue: Currently, each cloud offering has its own way on how cloud clients/applications/users interact with the cloud, leading to the “Hazy Cloud” phenomenon. This severely hinders the development of cloud ecosystems by forcing vendor locking, which prohibits the ability of users to choose from alternative vendors/offering simultaneously in order to optimize resources at different levels within an organization. More importantly, proprietary cloud APIs makes it very difficult to integrate cloud services with an organization’s own existing legacy systems (e.g. an on-premise data centre for highly interactive modeling applications in a pharmaceutical company).The primary goal of interoperability is to realize the seamless fluid data across clouds and between cloud and local applications. There are a number of levels that interoperability is essential for cloud computing. First, to optimize the IT asset and computing resources, an organization often needs to keep in-house IT assets and capabilities associated with their core competencies while outsourcing marginal functions and activities (e.g. the human resource system) on to the cloud. Second, more often than not, for the purpose of optimization, an organization may need to outsource a number of marginal functions to cloud services offered by different vendors. Standardization appears to be a good solution to address the interoperability issue. However, as cloud computing just starts to take off, the interoperability problem has not appeared on the pressing agenda of major industry cloud vendors. |
| Question: How do you isolate and safeguard my data from that of other clients? |
| Answer: We can isolate and safeguard my data by adding Cloud security controls. Deterrent controls These controls are intended to reduce attacks on a cloud system. Much like a warning sign on a fence or a property, deterrent controls typically reduce the threat level by informing potential attackers that there will be adverse consequences for them if they proceed. Preventive controls Preventive controls strengthen the system against incidents, generally by reducing if not actually eliminating vulnerabilities. Strong authentication of cloud users, for instance, makes it less likely that unauthorized users can access cloud systems, and more likely that cloud users are positively identified. Detective controls Detective controls are intended to detect and react appropriately to any incidents that occur. In the event of an attack, a detective control will signal the preventative or corrective controls to address the issue.System and network security monitoring, including intrusion detection and prevention arrangements, are typically employed to detect attacks on cloud systems and the supporting communications infrastructure. Corrective controls Corrective controls reduce the consequences of an incident, normally by limiting the damage. They come into effect during or after an incident. Restoring system backups in order to rebuild a compromised system is an example of a corrective control. |
| Question: For Openstack cloud, we need to use different tool for security or it has its tools for the same? |
| Answer: It has its own tool. recommendation to use a combination of the OpenStack command-line interface (CLI) tools and the OpenStack dashboard for administration Some users with a background in other cloud technologies may be using the EC2 Compatibility API, which uses naming conventions somewhat different from the native API. Install the command-line clients from the Python Package Index (PyPI) instead of from the distribution packages. |
| Question: Is open source cloud like Eucalyptus secure to use as a private? |
| Answer: Eucalyptus is a Linux-based open-source software architecture that implements efficiency-enhancing private and hybrid clouds within an enterprise’s existing IT infrastructure.Eucalyptus is an acronym for Elastic Utility Computing Architecture for Linking Your Programs to Useful Systems. Eucalyptus private cloud is deployed across an enterprise on premise data center infrastructure and is accessed by users over enterprise intranet. Thus, sensitive data remains entirely secure from external intrusion behind the enterprise firewall. Eucalyptus enables pooling compute, storage, and network resources that can be dynamically scaled up or down as application workloads change. Eucalyptus Systems announced a formal agreement with AWS in March 2012 to maintain compatibility. Marten Mickos is the CEO of Eucalyptus.In September 2014, Eucalyptus was acquired by Hewlett-Packard. |
