Share Email Print
cover

Proceedings Paper • new

Security in the Cloud: understanding your responsibility
Author(s): Kelly W. Bennett; James Robertson
Format Member Price Non-Member Price
PDF $14.40 $18.00
cover GOOD NEWS! Your organization subscribes to the SPIE Digital Library. You may be able to download this paper for free. Check Access

Paper Abstract

The popularity of public cloud services continues to grow with Gartner predicting the total worldwide revenue to almost double from $145 billion in 2017 to $278 billion in 20211 . Many cloud service types are components of this growth including Software-as-a-Service (SAAS), Platform-as-a-Service (PAAS) and Infrastructure-as-a-Service (IAAS). The use of cloud services brings many possible benefits such as scalability, high performance and availability, flexibility, cost effectiveness and security 2 . However; each of these benefits comes with some responsibilities and requires a detailed knowledge of the specific cloud services used. For example, in Amazon Web Services (AWS) shared responsibility model for security, AWS is responsible for securing the facilities, physical security of hardware, network infrastructure, and the virtualization infrastructure. The cloud service customer is responsible for securing and managing the applications that run in the cloud, the operating systems, data-at-rest, data-in-transit, policies and other responsibilities. This paper works through several different use cases and provides the details for properly securing the services with which Army Research Laboratory (ARL) researchers interact. The use cases include sample configurations and descriptions required to fulfill the customer security responsibilities in a public cloud environment. Cloud services used include AWS Elastic Computer Cloud (EC2) Windows and Linux instances, Relational Database Services (RDS), Simple Cloud Storage Service (S3), Glacier S3 Storage, and DynamoDB. Challenges and approaches associated with delegating temporary security credentials, Identity and Access Management (IAM) service, and securing data-at-rest and data-in-transit will also be discussed.

Paper Details

Date Published: 17 May 2019
PDF: 18 pages
Proc. SPIE 11011, Cyber Sensing 2019, 1101106 (17 May 2019); doi: 10.1117/12.2521821
Show Author Affiliations
Kelly W. Bennett, U.S. Army Research Lab. (United States)
James Robertson, Clearhaven Technologies LLC (United States)


Published in SPIE Proceedings Vol. 11011:
Cyber Sensing 2019
Igor V. Ternovskiy; Peter Chin, Editor(s)

© SPIE. Terms of Use
Back to Top