YAYGIN OLARAK KULLANILAN BULUT SERVİS SAĞLAYICILARININ YENİ BULUT GÜVENLİK ÖNLEMİ ÖNERİLERİ AÇISINDAN DEĞERLENDİRİLMESİ

Abstract

Bu yazıda, bulut servis sağlayıcıları için önerilen ve yaygın olarak kullanılan bulut servis sağlayıcıları tarafından sağlanan son güvenlik yaklaşımlarını ve çözümlerini sunmayı amaçlıyoruz. Önce, yeni bulut güvenlik mekanizmaları, çalışma tarzları, yapıları ve güvenlik hizmetleri sunma teknikleri özetlenmiştir. Sonra beş yaygın olarak kullanılan bulut servis sağlayıcısı yani Microsoft 365, Cisco WebEx Messenger, Force.com, Yammer, Servicenow güvenlik hizmetleri açısından ve yeni güvenlik mekanizmaları desteği açısından değerlendirilmiştir. Sağlanan bilgiler, kuruluşlar tarafından, güvenlik politikalarını bulut servis sağlayıcılarınkilerle uyumlu hale getirmek için kullanılabilir.

Keywords

• Bulut hizmetleri,güvenlik önlemleri,örgütsel güvenlik politikaları

AN ASSESSMENT OF RECENT CLOUD SECURITY MEASURE PROPOSALS IN COMPARISON TO THEIR SUPPORT BY WIDELY USED CLOUD SERVICE PROVIDERS

Abstract

In this paper, we aim to present the recent security approaches and solutions proposed for cloud service providers and those provided by widely used cloud service providers. Through a review, recent cloud security mechanisms are discussed with respect to their mode of operation, their structure and the techniques to offer security services. Then five widely used cloud service providers namely Microsoft 365, Cisco WebEx messenger, Force.com, Yammer, Servicenow are assessed in terms of their security services. The provided information by the assessment may be potentially used by organizations in order to align their security policies with those of cloud service providers.

Keywords

• Cloud services,security measures,organizational security policies

References

1. A. Apostu, F. Puican, G. Ularu, and G. Suciu, Study on advantages and disadvantages of Cloud Computing – the advantages of Telemetry Applications in the Cloud 2 Cloud Computing, pp. 118–123, (2014).
2. Ahmed, A. Using COBIT to Manage the Benefits, Risks and Security of Outsourcing Cloud Computing. COBIT Focus, 2011(2), 13–16. (2011).
3. Bernal Bernabe, J., Marin Perez, J. M., Alcaraz Calero, J. M., Garcia Clemente, F. J., Martinez Perez, G., & Gomez Skarmeta, A. F. Semantic-aware multi-tenancy authorization system for cloud architectures. Future Generation Computer Systems, 32(1), 154–167, (2014).
4. Challenges for IT Based Cloud Computing Governance Yassine BOUNAGUla, Hatim HAFIDDIab, AbdellatifMEZRIOUla aISL Team, STRS Lab, (2010).
5. Cloud Security Alliance. Top Threats to Cloud Computing. Security, (March), 1–14, (2010).
6. F. Huang, H. Li, Z. Yuan and X. Li. An Application Deployment Approach Based on Hybrid Cloud ieee 3rd international conference on big data security on cloud (bigdatasecurity), ieee international conference on high performance and smart computing (hpsc), and ieee international conference on intelligent data and security (ids), Beijing, 2017, pp. 74-79. (2017).
7. Flood, J. & Keane, A. A Proposed Framework for the Active Detection of Security Vulnerabilities in Multi-tenancy Cloud Systems., in 'EIDWT’, pp. 231-235, (2012).
8. Gill, K. S., & Sharma, A. IDPS based Framework for Security in Green Cloud Computing and Comprehensive Review on Existing Frameworks and Security Issues. (2015).

9. Grundy, J., & Ibrahim, A. S. Collaboration-Based Cloud Computing Security Management Framework Collaboration-Based Cloud Computing Security Management Framework, (2011).
10. H.-Y. Lee and Y.-S. Tao, Chapter 4 - Multitiered cloud security model. Elsevier Inc., (2015).
11. Cloud computing types http://blog.marconet.com/blog/a-breakdown-of-the-3-types-of-cloud-computing Accessed 1st Nov 2017
12. Amazon official site http://www.amazon.com Accessed 1st Nov 2017
13. Google engine official site http://www.code.google.com/appengine Accessed 1st Nov 2017
14. Hadoop Apache official site http://www.hadoop.apache.org Accessed 1st Nov 2017
15. Topics about flexible computing http://www.hp.com/services/flexiblecomputing Accessed 1st Nov 2017
16. Big table official site http://www.labs.google.com/papers/bigtable.html Accessed 1st Nov 2017
17. Azure official site http://www.microsoft.com/azure/data.mspx Accessed 1st Nov 2017
18. Top five services 2016 https://www.skyhighnetworks.com/cloud-security-blog/the-20-totally-most-popular-cloud-services-in-todays-enterprise/ Accessed 1st Nov 2017
19. Topics about services architecture https://www.xml.com/pub/a/2001/01/24/rdf.html Accessed 1st Nov 2017
20. Khrisna, A. Risk Management Framework With COBIT 5 And Risk Management Framework for Cloud Computing Integration, 103–108, (2014).
21. King, N. J., & Raja, V. T. Protecting the privacy and security of sensitive customer data in the cloud. Computer Law and Security Review, 28(3), 308–319, (2012). A., Task, J., & Transformation, F. Guide for Applying the Risk Management Framework to Federal Information Systems, 1, (2016).
22. Rebollo, O., Mellado, D., Fernendez-Medina, E., & Mouratidis, H. Empirical evaluation of a cloud computing information security governance framework. Information and Software Technology, 58, 44–57. (2015).
23. Rohitash Kumar Banyal, Pragya Jain, and Vijendra Kumar Jain. Multi-factor Authentication Framework for Cloud Computing. Washington, DC, USA, 105-110. (2013).
24. Ryan, M. D. Cloud computing security: The scientific challenge, and a survey of solutions. Journal of Systems and Software, 86(9), 2263–2268. (2013).
25. S. Bertram, M. Boniface, M. Surridge, N. Briscombe and M. Hall-May, (2010) On-Demand Dynamic Security for Risk-Based Secure Collaboration in Clouds, pp. 518-525.
26. Sood, S. K. A combined approach to ensure data security in cloud computing. Journal of Network and Computer Applications, 35(6), 1831–1838. (2012).
27. V. Chang and M. Ramachandran, “07299312,” vol. 9, no. 1, pp. 138–151, (2016).
28. Virtualization and Cloud Computing, Security Threats To Evolving Data Centers, Data Center Security, (2011)
29. Zhang, X. Z. X., Wuwong, N., Li, H. L. H., & Zhang, X. Z. X. (2010). Information Security Risk Management Framework for the Cloud Computing Environments. Computer and Information Technology (CIT), 2010 IEEE 10th International Conference on, 1328–1334. (2007).
30. Topics about security architectures http://searchnetworking.techtarget.com/definition/stateful-inspection Accessed 1st Nov 2017
31. Disadvantages of force.com http://stackoverflow.com/questions/1664503/disadvantages-of-the-force-com-platform Accessed 1st Nov 2017
32. Topics about online protection https://technet.microsoft.com/library/exchange-online-protection-service-description.aspx Accessed 1st Nov 2017
33. Microsoft 365 service official; site download.microsoft.com/.../Operational-Security-for-Online-Services-Overview.pdf Accessed 1st Nov 2017
34. Topics about data loss prevention http://whatis.techtarget.com/definition/data-loss-prevention-DLP Accessed 1st Nov 2017
35. Microsoft 365 support site https://support.office.com/en-us/article/IPv6-support-in-Office-365-services-c08786fb-298e-437c-8222-dab7625fc815?ui=en-US&rs=en-US&ad=US&fromAR=1 Accessed 1st Nov 2017
36. Disadvantages of Microsoft 365 service https://threatpost.com/office-365-vulnerability-exposed-any-federated-account/117716/ Accessed 1st Nov 2017
37. Disadvantages about Microsoft 365 service http://www.securityweek.com/serious-flaw-exposed-microsoft-office-365-accounts Accessed 1st Nov 2017
38. Advantages of ServiceNow service http://searchdatacenter.techtarget.com/definition/configuration-management-database Accessed 1st Nov 2017
39. ServiceNow architecture http://searchsecurity.techtarget.com/definition/security-information-and-event-management-SIEM Accessed 1st Nov 2017
40. Disadvantages of ServiceNow http://seekingalpha.com/article/1111961-after-interviewing-more-industry-insiders-i-am-even-more-bearish-on-servicenow Accessed 1st Nov 2017
41. Yammer architecture https://www.trustradius.com/products/servicenow/reviews Accessed 1st Nov 2017
42. Disadvantages of Yammer http://www.securityfocus.com/archive/1/530292 Accessed 1st Nov 2017
43. Disadvantage of Yammer http://searchsecurity.techtarget.com/definition/Secure-Sockets-Layer-SSL Accessed 1st Nov 2017
44. M. Almorsy, J. Grundy and A. S. Ibrahim, "Collaboration-Based Cloud Computing Security Management Framework," Cloud Computing (CLOUD), 2011 IEEE International Conference on, Washington, DC, pp. 364-371. (2011).
45. Cisco WebEx official site https://www.google.com/search?q=vulnerability+of+cisco+webex+messenger Accessed 1st Nov 2017
46. Information about Logical Unit Numbers [LIU] http://searchstorage.techtarget.com/definition/SCSI Accessed 1st Nov 2017
47. Information about Small System Computer Interface (SCSI) http://searchnetworking.techtarget.com/definition/stateful-inspection Accessed 1st Nov 2017
48. Disadvantages of Cisco WebEx messenger service https://www.google.com/search?q=vulnerability+of+cisco+webex+messenger&ie=utf-8&oe=utf-8&client=firefox-b-ab&gfe_rd=cr&ei=TshIV- Accessed 1st Nov 2017
49. Force.com architecture https://developer.salesforce.com/page/Multi_Tenant_Architecture Accessed 1st Nov 2017