–by Eyal Estrin, Cloud Architect, Inter-University Computation Center (IUCC)

Cloud security is a hot topic worldwide due to both regulation and demand from institutions. Migrating workloads to the cloud raises a wide range of potential security threats to the institutions, whether it be the University itself, a researcher or faculty member. These include insufficient identity, credentials and access management, data breaches, data loss, denial of service, and more.

This series of posts deals with the some of the underlying concepts of cloud security, and how they address various security challenges in academia.

The CIA triad

The CIA triad is a model to guide information security policies in an organization. The three elements of the triad are often considered the three most crucial components of information security.

The CIA triad is based on the following fundamental characteristics:

  • Confidentiality: keeping sensitive information private from unauthorized individuals. Examples of confidentiality breaches are revealing student healthcare information on a public website, revealing results of an academic research before the researcher has officially published his research, password theft for accessing data stored in the cloud, etc.
    These threats to confidentiality can be mitigated via:

    • Encrypting sensitive data in transit and at rest
    • Strong password policies
    • Multi-factor authentication
    • Audit unauthorized access attempts
  • Integrity means maintaining data accuracy and totality. Examples of threats to data integrity include manipulating genomics records within a database and manipulating research results. These breaches in integrity can be mitigated via:
    • Setting file permissions
    • Access control lists
    • Cryptographic checksums
  • Availability addresses the need to keep systems always accessible when needed. Examples of obstacles to data availability include denial of service attacks and power outages, which makes resource for a researcher, kept in the cloud inaccessible. These threats can be mitigated via:
    • RAID disk arrays
    • Network load balancers
    • Redundant network communication lines
    • Backup

Reference:

https://whatis.techtarget.com/definition/Confidentiality-integrity-and-availability-CIA