Sunday, March 3, 2019

Cloud computing



Cloud computing is an information technology that develops to delivery of computing services such as storage, database, networking, software, analytics and much more over the internet. In other words cloud computing is a delivery of hosted services over the internet. We all are using cloud computing in everyday life activities such as Banking, Email, Media Streaming, and eCommerce all use the Cloud but without knowing it.

Clouds can divide as public cloud, private cloud and hybrid cloud based on cloud computing resources. Public cloud would be provided totally by outside vendor. Amazon, Microsoft companies are some examples for public cloud providers. A private cloud refers to cloud computing resources used by a single organization or business. Hybrid cloud combines both public and private clouds and it gives greater flexibility and more deployment options to the business. Most cloud computing services can categorized under three main categories. Identify differences of these three categories makes it easier to achieve our goals easily.





  1. Infrastructure-as-a-service (IaaS) : In IaaS, we can rent IT structure like servers and virtual machines, networks, operating systems from a cloud provider.

  2. Platform as a service (PaaS): In PaaS, cloud providers supply an on-demand environment for developing, testing, delivering and managing software applications for developers. Heroku, Amazon’s AWS Elastic Beanstalk, and Microsoft Azure Cloud services are some examples of PaaS providers.

  3. Software as a service (SaaS): SaaS is a method for delivering software applications over the Internet, on demand and typically on a subscription basis. Apple iCloud, Gmail, Webmail mail, Dropbox all are examples for SaaS.

Apart from day to day cloud computing using we use cloud computing for creating new apps and services, host websites and blogs, analyze data for patterns and make predictions, deliver software on demand etc. Some of the top benefits of cloud computing are flexed, disaster recovery, security, competitiveness, low cost, speed, high productivity, good performance.

References:
  1. Azure.microsoft.com. (2018). What is cloud computing? A beginner’s guide | Microsoft Azure. [online] Available at: https://azure.microsoft.com/en-in/overview/what-is-cloud-computing/ [Accessed 3 Mar. 2019].



Saturday, March 2, 2019

Database Security

The database can described as a structured set of data. It’s a very important part in the business environment because database normally contains very sensitive data related to the organization. Hence, to protect the database against attacks and threats we should use a board range of security system. It is called as a database security.

There are various types of threats that can affect database security. The most common database threats are:

  • Database injection attacks - Injection attacks can give an attacker to unauthorized access to the database. It can divide as a two categories like SQL injections and NoSQL injection.

  • Excessive privileges - When database users are granted with privileges for their job requirements, these privileges can be abused. It can be done intentionally or unintentionally.
  • Legitimate privilege abuse - In some case database users may be able to abuse legitimate database for their private or unauthorized purpose.
  • Operating system vulnerabilities - Some operating systems and the service can cause to the unauthorized access and attacks.
  • Malware - Malware is a term used to refer virus, worms, ransomware, and other malware applications. It can steal sensitive data from database.
Threats to database can cause to degradation main security goals in databases such as integrity, availability and confidentiality. Database integrity means maintain accuracy and correctness data in the database. Making objects available to the legitimate users called database availability. Database confidentiality refers to the security system and protection of data from unauthorized users. Four main control measures are used to protect database against these threats and maintain to the security goals. Those are access control, inference control, flow control, data encryption. To prevent unauthorized users from accessing the database or obtain data from the database the restricting access security systems are used in database. This system called access control. Inference control is used to, published or access to users to data without revealing confidential information linked to the specific individuals among those to which the data correspond. Also known as statistical database security. Flow control is method to use preventing data from unauthorized users. It is managed data flowing to the unauthorized users. A final one is data encryption which is used to protect sensitive data that is transmitted via communication networks. It is a process that uses an algorithm to transform data stored in a database. Encryption techniques are very difficult to decode.

In an organization database administrator has the main responsibility to maintain a database security system of an organization. To ensure protection of data must consider some factors before deciding reveal the data. The main factors are data availability, access acceptability and authenticity assurance.

  1. Data availability - If a user updating a field, then this field becomes inaccessible and other users should not able to view this data. This blocking is only temporary and only to ensure that no user sees any inaccurate data. This is typically handled by the concurrency control mechanism.                                                                                                                                        
  2. Access acceptability - Data should not reveal to unauthorized users. It should be only revealed to the authorized users. A data administrator should be careful before granting access to users. And a data administrator can deny access to a user request even if the request does not directly access a sensitive data.                                                                                                                     
  3. Authenticity assurance - Before granting access, certain external characteristics about the user may also be considered. For example, a user may only be permitted access during working hours.

    As I mentioned earlier database is the very important part of an organization. It’s like backbone of an organization. Transaction, employees, customer or supplier information, financial data, salary details are all held in databases. Hence database security is an essential part of an organization.

    References:
    1. Elmasri, N. and Navathe, E. (2002). Fundamentals of database systems. Reading, Mass.: Addison-Wesley.
    2. Bright Hub. (2017). Types of Threats to Database Security. [online] Available at: http://www.brighthub.com/computing/smb-security/articles/61554.aspx [Accessed 2 Mar. 2019].
    3. En.wikipedia.org. (2017). Database security. [online] Available at: https://en.wikipedia.org/wiki/Database_security [Accessed 2 Mar. 2019].

    Test

    Cloud computing is an information technology that develops to delivery of computing services such as storage, database, networking, softwar...