Software as a Service: Analysing Security Issues

Software-as-a-service (SaaS) is a type of software service delivery model which encompasses a broad range of business opportunities and challenges. Users and service providers are reluctant to integrate their business into SaaS due to its security concerns while at the same time they are attracted by its benefits. This article highlights SaaS utility and applicability in different environments like cloud computing, mobile cloud computing, software defined networking and Internet of things. It then embarks on the analysis of SaaS security challenges spanning across data security, application security and SaaS deployment security. A detailed review of the existing mainstream solutions to tackle the respective security issues mapping into different SaaS security challenges is presented. Finally, possible solutions or techniques which can be applied in tandem are presented for a secure SaaS platform

A Strategic Decision for Information Security

A utilização de recursos informáticos é a estratégia mais comum à maioria das organizações para gerirem os seus ativos e propriedade intelectual. Esta decisão estratégica implica a sua exposição ao exterior através de canais de comunicação (infraestrutura de dados). McDermott e Redish (1999), descrevem a terceira lei de Newton como o princípio da ação - reação, as organizações ao exporem a sua infraestrutura ao exterior despoletaram, como reação, estranhos quererem aceder à sua infraestrutura para diversos fins, seja como puro divertimento, detetarem fragilidades ou, mais relevante para este trabalho, roubarem ativos/propriedade intelectual e criarem uma disrupção no serviços. As organizações sentem necessidade de se protegerem contra estes estranhos/ataques ao implementarem estratégias de segurança, mas a realidade é que as linhas de defesa da rede são permeáveis e as arquiteturas de segurança não são suficientemente dinâmicas para travar as ameaças existentes. Uma estratégia de segurança informática baseada na tecnologia “Deception” poderá permitir de uma forma rápida detetar, analisar e defender as redes organizacionais contra-ataquesem tempo real. Esta tecnologia “Deception” poderá oferecer informações precisas sobre “malware” e atividades maliciosas não detetadas por outros tipos de defesa cibernética. Este trabalho pretende explorar esta estratégia recente baseada em “Deception”, que pretende ser diferenciadora face à panóplia de dispositivos/software de segurança informática existentes. Como resultados, pretende-se elaborar uma análise onde as organizações possam perceber a tecnologia “Deception” nas suas vertentes da eficácia, eficiência e o seu valor estratégico para que, eventualmente, a possam utilizar para suportar/adicionar valor a uma decisão de estratégia de segurança informática.The use of Information Technology (IT) resources are the common approach for most organizations so they assets and intellectual property are properly managed. This strategic decision implies its exposure to the outside world through the data infrastructure. McDermott and Redish (1999), described the third Newton’s law as the principle of action- reaction, when organizations expose their infrastructure to the outside world and, as a response, strangers want to access their infrastructure for various purposes, either as pure fun, detect weaknesses or, more relevant for this work, steal assets/intellectual property. Organizations feel the need to protect themselves against these strangers/attacks by implementing security strategies, but truly, the network's first defense lines are permeable, and the security architectures are not dynamic enough to face existing or future threats. A Deception-based technology could enable the organizations to quickly detect, analyze and defend organizational networks against real-time attacks. Deception technology may provide accurate information on malware and malicious activity not detected by other types of cyber defense. This work intends to explore a new technology, Deception, that claims a differentiation when compared with the range of existing information security suite. The types of cyber-threats and their materialization could be relevant to the information technology and risk analysis. Thus, the intent is to elaborate an analysis where organizations can understand the Deception technology, his effectiveness, and strategic value so they can, eventually, use it to support/add value to a decision regarding information security strategy

Cyber Security Considerations When Moving to Public Cloud Computing

Cloud computing has the capability to level the playing field for small and medium sized businesses that find it difficult to acquire and operate the type of information technology found in large organizations. Public cloud computing, the focus of this paper, describes the situation whereby resources are dynamically provided over the Internet via web applications/web services from an off-site third-party provider who shares resources. Public cloud computing provides immense benefits but introduces huge security and privacy risks which makes some organizations apprehensive. This paper examines the potential and possibility of data security concerns to derail the future of public cloud computing. The results of the study reveal that data security concern is the single greatest concern when moving into the cloud

Managing IT Operations in a Cloud-driven Enterprise: Case Studies

Enterprise IT needs a new approach to manage processes, applications and infrastructure which are distributed across a mix of environments. In an Enterprise traditionally a request to deliver an application to business could take weeks or months due to decision-making functions, multiple approval bodies and processes that exist within IT departments. These delays in delivering a requested service can lead to dissatisfaction, with the result that the line-of-business group may seek alternative sources of IT capabilities. Also the complex IT infrastructure of these enterprises cannot keep up with the demand of new applications and services from an increasingly dispersed and mobile workforce which results in slower rollout of critical applications and services, limited resources, poor operation visibility and control. In such scenarios, it’s better to adopt cloud services to substitute for new application deployment otherwise most Enterprise IT organizations face the risk of losing 'market share' to the Public Cloud. Using Cloud Model the organizations should increase ROI, lower TCO and operate with seamless IT operations. It also helps to beat shadow IT and the practice of resource over-or under provisioning. In this research paper we have given two case studies where we migrated two Enterprise IT application to public clouds for the purpose of lower TCO and higher ROI. By migrating, the IT organizations improved IT agility, enterprise-class software for performance, security and control. In this paper, we also focus on the advantages and challenges while adopting cloud services

Security comparison of ownCloud, Nextcloud, and Seafile in open source cloud storage solutions

Cloud storage has become one of the most efficient and economical ways to store data over the web. Although most organizations have adopted cloud storage, there are numerous privacy and security concerns about cloud storage and collaboration. Furthermore, adopting public cloud storage may be costly for many enterprises. An open-source cloud storage solution for cloud file sharing is a possible alternative in this instance. There is limited information on system architecture, security measures, and overall throughput consequences when selecting open-source cloud storage solutions despite widespread awareness. There are no comprehensive comparisons available to evaluate open-source cloud storage solutions (specifically owncloud, nextcloud, and seafile) and analyze the impact of platform selections. This thesis will present the concept of cloud storage, a comprehensive understanding of three popular open-source features, architecture, security features, vulnerabilities, and other angles in detail. The goal of the study is to conduct a comparison of these cloud solutions so that users may better understand the various open-source cloud storage solutions and make more knowledgeable selections. The author has focused on four attributes: features, architecture, security, and vulnerabilities of three cloud storage solutions ("ownCloud," "Nextcloud," and "Seafile") since most of the critical issues fall into one of these classifications. The findings show that, while the three services take slightly different approaches to confidentiality, integrity, and availability, they all achieve the same purpose. As a result of this research, the user will have a better understanding of the factors and will be able to make a more informed decision on cloud storage options

Review on IoT Security and Challenge in Industry 4.0

Wireless networks are very exposed to the danger of security. The majority of in military, commercial, health, retail, and transportation wireless communication network is used. These systems utilize networks that are wired, mobile, or adhoc. The Internet of Things (IoT) was quite attractive. The future of the Internet is regarded by IoT. In the future, IoT plays an important part and affects our way of life, norms, and business methods. IoT use is predicted to expand quickly in the next years in many applications. The IoT provides for the connection and information sharing of billions of equipment, people, and services. As IoT devices are being used more widely, several security threats are occurring in the IoT networks. In order to provide privacy, authentication, access, and integrity control, it is crucial to implement efficient protocols for the security of IoT networks and privacy among others. In addition, user privacy in the IoT environment is becoming critical since much personal information is provided and distributed among related items. It is, therefore, necessary to guarantee that personal data are protected and controlled from cloud events. The presentation addresses security and privacy dangers and concerns coming out of IoT services and presents ways to the industrial problem of security and privacy. In this article, a study on security and problems in IoT networks are discussed