YAYGIN OLARAK KULLANILAN BULUT SERVİS SAĞLAYICILARININ YENİ BULUT GÜVENLİK ÖNLEMİ ÖNERİLERİ AÇISINDAN DEĞERLENDİRİLMESİ

Yıl 2017, , 122 - 130, 24.12.2017

Mohamad Soubra , Ömer Özgür Tanrıöver

https://doi.org/10.22531/muglajsci.355273

Öz

Bu yazıda, bulut servis
sağlayıcıları için önerilen ve yaygın olarak kullanılan bulut servis
sağlayıcıları tarafından sağlanan son güvenlik yaklaşımlarını ve çözümlerini
sunmayı amaçlıyoruz. Önce, yeni bulut güvenlik mekanizmaları, çalışma tarzları,
yapıları ve güvenlik hizmetleri sunma teknikleri özetlenmiştir. Sonra beş
yaygın olarak kullanılan bulut servis sağlayıcısı yani Microsoft 365, Cisco
WebEx Messenger, Force.com, Yammer, Servicenow güvenlik hizmetleri açısından ve
yeni güvenlik mekanizmaları desteği açısından değerlendirilmiştir. Sağlanan
bilgiler, kuruluşlar tarafından, güvenlik politikalarını bulut servis
sağlayıcılarınkilerle uyumlu hale getirmek için kullanılabilir.

Anahtar Kelimeler

Bulut hizmetleri, güvenlik önlemleri, örgütsel güvenlik politikaları

AN ASSESSMENT OF RECENT CLOUD SECURITY MEASURE PROPOSALS IN COMPARISON TO THEIR SUPPORT BY WIDELY USED CLOUD SERVICE PROVIDERS

Öz

In this paper, we aim to
present the recent security approaches and solutions proposed for cloud service
providers and those provided by widely used cloud service providers. Through a
review, recent cloud security mechanisms are discussed with respect to their mode of operation,
their structure and the techniques to offer security services. Then five widely used cloud service providers namely Microsoft
365, Cisco WebEx messenger, Force.com, Yammer, Servicenow are assessed in terms
of their security services. The provided information by the assessment may be
potentially used by organizations in order to align their security policies
with those of cloud service providers.

Anahtar Kelimeler

Cloud services, security measures, organizational security policies

Kaynakça

• A. Apostu, F. Puican, G. Ularu, and G. Suciu, Study on advantages and disadvantages of Cloud Computing – the advantages of Telemetry Applications in the Cloud 2 Cloud Computing, pp. 118–123, (2014).
• Ahmed, A. Using COBIT to Manage the Benefits, Risks and Security of Outsourcing Cloud Computing. COBIT Focus, 2011(2), 13–16. (2011).
• Bernal Bernabe, J., Marin Perez, J. M., Alcaraz Calero, J. M., Garcia Clemente, F. J., Martinez Perez, G., & Gomez Skarmeta, A. F. Semantic-aware multi-tenancy authorization system for cloud architectures. Future Generation Computer Systems, 32(1), 154–167, (2014).
• Challenges for IT Based Cloud Computing Governance Yassine BOUNAGUla, Hatim HAFIDDIab, AbdellatifMEZRIOUla aISL Team, STRS Lab, (2010).
• Cloud Security Alliance. Top Threats to Cloud Computing. Security, (March), 1–14, (2010).
• F. Huang, H. Li, Z. Yuan and X. Li. An Application Deployment Approach Based on Hybrid Cloud ieee 3rd international conference on big data security on cloud (bigdatasecurity), ieee international conference on high performance and smart computing (hpsc), and ieee international conference on intelligent data and security (ids), Beijing, 2017, pp. 74-79. (2017).
• Flood, J. & Keane, A. A Proposed Framework for the Active Detection of Security Vulnerabilities in Multi-tenancy Cloud Systems., in 'EIDWT’, pp. 231-235, (2012).
• Gill, K. S., & Sharma, A. IDPS based Framework for Security in Green Cloud Computing and Comprehensive Review on Existing Frameworks and Security Issues. (2015).
• Grundy, J., & Ibrahim, A. S. Collaboration-Based Cloud Computing Security Management Framework Collaboration-Based Cloud Computing Security Management Framework, (2011).
• H.-Y. Lee and Y.-S. Tao, Chapter 4 - Multitiered cloud security model. Elsevier Inc., (2015).
• Cloud computing types http://blog.marconet.com/blog/a-breakdown-of-the-3-types-of-cloud-computing Accessed 1st Nov 2017
• Amazon official site http://www.amazon.com Accessed 1st Nov 2017
• Google engine official site http://www.code.google.com/appengine Accessed 1st Nov 2017
• Hadoop Apache official site http://www.hadoop.apache.org Accessed 1st Nov 2017
• Topics about flexible computing http://www.hp.com/services/flexiblecomputing Accessed 1st Nov 2017
• Big table official site http://www.labs.google.com/papers/bigtable.html Accessed 1st Nov 2017
• Azure official site http://www.microsoft.com/azure/data.mspx Accessed 1st Nov 2017
• Top five services 2016 https://www.skyhighnetworks.com/cloud-security-blog/the-20-totally-most-popular-cloud-services-in-todays-enterprise/ Accessed 1st Nov 2017
• Topics about services architecture https://www.xml.com/pub/a/2001/01/24/rdf.html Accessed 1st Nov 2017
• Khrisna, A. Risk Management Framework With COBIT 5 And Risk Management Framework for Cloud Computing Integration, 103–108, (2014).
• King, N. J., & Raja, V. T. Protecting the privacy and security of sensitive customer data in the cloud. Computer Law and Security Review, 28(3), 308–319, (2012). A., Task, J., & Transformation, F. Guide for Applying the Risk Management Framework to Federal Information Systems, 1, (2016).
• Rebollo, O., Mellado, D., Fernendez-Medina, E., & Mouratidis, H. Empirical evaluation of a cloud computing information security governance framework. Information and Software Technology, 58, 44–57. (2015).
• Rohitash Kumar Banyal, Pragya Jain, and Vijendra Kumar Jain. Multi-factor Authentication Framework for Cloud Computing. Washington, DC, USA, 105-110. (2013).
• Ryan, M. D. Cloud computing security: The scientific challenge, and a survey of solutions. Journal of Systems and Software, 86(9), 2263–2268. (2013).
• S. Bertram, M. Boniface, M. Surridge, N. Briscombe and M. Hall-May, (2010) On-Demand Dynamic Security for Risk-Based Secure Collaboration in Clouds, pp. 518-525.
• Sood, S. K. A combined approach to ensure data security in cloud computing. Journal of Network and Computer Applications, 35(6), 1831–1838. (2012).
• V. Chang and M. Ramachandran, “07299312,” vol. 9, no. 1, pp. 138–151, (2016).
• Virtualization and Cloud Computing, Security Threats To Evolving Data Centers, Data Center Security, (2011)
• Zhang, X. Z. X., Wuwong, N., Li, H. L. H., & Zhang, X. Z. X. (2010). Information Security Risk Management Framework for the Cloud Computing Environments. Computer and Information Technology (CIT), 2010 IEEE 10th International Conference on, 1328–1334. (2007).
• Topics about security architectures http://searchnetworking.techtarget.com/definition/stateful-inspection Accessed 1st Nov 2017
• Disadvantages of force.com http://stackoverflow.com/questions/1664503/disadvantages-of-the-force-com-platform Accessed 1st Nov 2017
• Topics about online protection https://technet.microsoft.com/library/exchange-online-protection-service-description.aspx Accessed 1st Nov 2017
• Microsoft 365 service official; site download.microsoft.com/.../Operational-Security-for-Online-Services-Overview.pdf Accessed 1st Nov 2017
• Topics about data loss prevention http://whatis.techtarget.com/definition/data-loss-prevention-DLP Accessed 1st Nov 2017
• Microsoft 365 support site https://support.office.com/en-us/article/IPv6-support-in-Office-365-services-c08786fb-298e-437c-8222-dab7625fc815?ui=en-US&rs=en-US&ad=US&fromAR=1 Accessed 1st Nov 2017
• Disadvantages of Microsoft 365 service https://threatpost.com/office-365-vulnerability-exposed-any-federated-account/117716/ Accessed 1st Nov 2017
• Disadvantages about Microsoft 365 service http://www.securityweek.com/serious-flaw-exposed-microsoft-office-365-accounts Accessed 1st Nov 2017
• Advantages of ServiceNow service http://searchdatacenter.techtarget.com/definition/configuration-management-database Accessed 1st Nov 2017
• ServiceNow architecture http://searchsecurity.techtarget.com/definition/security-information-and-event-management-SIEM Accessed 1st Nov 2017
• Disadvantages of ServiceNow http://seekingalpha.com/article/1111961-after-interviewing-more-industry-insiders-i-am-even-more-bearish-on-servicenow Accessed 1st Nov 2017
• Yammer architecture https://www.trustradius.com/products/servicenow/reviews Accessed 1st Nov 2017
• Disadvantages of Yammer http://www.securityfocus.com/archive/1/530292 Accessed 1st Nov 2017
• Disadvantage of Yammer http://searchsecurity.techtarget.com/definition/Secure-Sockets-Layer-SSL Accessed 1st Nov 2017
• M. Almorsy, J. Grundy and A. S. Ibrahim, "Collaboration-Based Cloud Computing Security Management Framework," Cloud Computing (CLOUD), 2011 IEEE International Conference on, Washington, DC, pp. 364-371. (2011).
• Cisco WebEx official site https://www.google.com/search?q=vulnerability+of+cisco+webex+messenger Accessed 1st Nov 2017
• Information about Logical Unit Numbers [LIU] http://searchstorage.techtarget.com/definition/SCSI Accessed 1st Nov 2017
• Information about Small System Computer Interface (SCSI) http://searchnetworking.techtarget.com/definition/stateful-inspection Accessed 1st Nov 2017
• Disadvantages of Cisco WebEx messenger service https://www.google.com/search?q=vulnerability+of+cisco+webex+messenger&ie=utf-8&oe=utf-8&client=firefox-b-ab&gfe_rd=cr&ei=TshIV- Accessed 1st Nov 2017
• Force.com architecture https://developer.salesforce.com/page/Multi_Tenant_Architecture Accessed 1st Nov 2017