Improving Security in Software-as-a-Service Solutions

The essence of cloud computing is about moving workloads from your local IT infrastructure to a data center that scales and provides resources at a moments notice. Using a pay-as-you-go model to rent virtual infrastructure is also known as a Infrastructure-as-a-Service (IaaS) offering. This helps consumers provision hardware on-demand without the need for physical infrastructure and the challenges and costs that come with it. When moving to the cloud, however, issues regarding the confidentiality, integrity, and availability of the data and infrastructure arise, and new security challenges compared to traditional on-premises computing appear. It is important for the consumer to know exactly what is their responsibility when it comes to securing software running on IaaS platforms. Axis has one such software solution, henceforth referred to as the 'Axis-hosted cloud service'. There is a need for Axis to improve the client-cloud communication, and in this report, we detail a prototype solution for a new secure communication between client and cloud. Additionally, an evaluation of the prototype is presented. The evaluation is based on a model constructed by studying literature from state-of-the-art cloud service providers and organizations dedicated to defining best practices and critical areas of focus for cloud computing. This was collected and compiled in order to present a summary of the most important aspects to keep in mind when deploying software on an IaaS. It showed that the cloud service fulfills many industry best-practices, such as encrypting data in transit between client and cloud, using virtual private clouds to separate infrastructure credentials from unauthorized access, and following the guidelines from their infrastructure provider. It also showed areas where there was a need for improvement in order to reach a state-of-the-art level. The model proved to be a useful tool to ensure that security best practices are being met by an organization moving to the cloud, and specifically for Axis, the prototype communication solution can be used as a base for further development

The Conundrum of Security in Modern Cloud Computing

In today’s economic climate organizations are seeking greater cost-saving measures, increased agility, and scalability that responds to the rapid changes in technology and business. Cloud computing, with its low cost pay-as-you-go business model, is helping organizations manage these changes while transforming information technology (IT) into an engine that drives business. Benefits from on-demand clouds provide users greater portability and the ability to access information from virtually anywhere: at home, a client location, when traveling, or at the office. The reduced costs and increased flexibility, however, associated with cloud computing also come with complex security issues and increased overall risk. When cloud services are moved beyond organizational boundaries, outside the border firewall, security is heightened for most organizations and navigating the complexity of these environments can be daunting. In this research paper we seek to help organizations make pragmatic decisions about where and when to use cloud solutions by outlining specific security issues that enterprises should address. We use external research sources and explore current security trends within cloud computing in order to provide background information, related research, and conclusions. We make use of colleagues, textbooks, peer reviewed journal articles, and Internet websites related to information technology and information security. Each section of our research is formatted similarly and presents pertinent security information, techniques, and tools that organizations would need in order to make relevant decisions when utilizing Software as a Service (SaaS), Platform as a Service (PaaS), or Infrastructure as a Service (IaaS)

Research Issues in Cloud Computing

Cloud computing moved away from personal computers and the individual enterprise application server to services provided by the cloud of computers The emergence of cloud computing has made a tremendous impact on the Information Technology IT industry over the past few years Currently IT industry needs Cloud computing services to provide best opportunities to real world Cloud computing is in initial stages with many issues still to be addressed The objective of this paper is to explore the different issues of cloud computing and identify important research opportunities in this increasingly important area We present different design challenges categorized under security challenges Data Challenges Performance challenges and other Design Challenge

Implementing Azure Active Directory Integration with an Existing Cloud Service

Training Simulator (TraSim) is an online, web-based platform for holding crisis management exercises. It simulates epidemics and other exceptional situations to test the functionality of an organization’s operating instructions in the hour of need. The main objective of this thesis is to further develop the service by delegating its existing authentication and user provisioning mechanisms to a centralized, cloud-based Identity and Access Management (IAM) service. Making use of a centralized access control service is widely known as a Single Sign-On (SSO) implementation which comes with multiple benefits such as increased security, reduced administrative overhead and improved user experience. The objective originates from a customer organization’s request to enable SSO for TraSim. The research mainly focuses on implementing SSO by integrating TraSim with Azure Active Directory (AD) from a wide range of IAM services since it is considered as an industry standard and already utilized by the customer. Anyhow, the complexity of the integration is kept as reduced as possible to retain compatibility with other services besides Azure AD. While the integration is a unique operation with an endless amount of software stacks that a service can build on and multiple IAM services to choose from, this thesis aims to provide a general guideline of how to approach a resembling assignment. Conducting the study required extensive search and evaluation of the available literature about terms such as IAM, client-server communication, SSO, cloud services and AD. The literature review is combined with an introduction to the basic technologies that TraSim is built with to justify the choice of OpenID Connect as the authentication protocol and why it was implemented using the mozilla-django-oidc library. The literature consists of multiple online articles, publications and the official documentation of the utilized technologies. The research uses a constructive approach as it focuses into developing and testing a new feature that is merged into the source code of an already existing piece of software