Recently the media have shown that the security breaches at a amount of high profile business networks, public cloud services and web services. In some events, confidential government data and the customer has been exposed by planned groups of hackers. Encryption keys have been stolen and to attack government and business sites. It has also been come to know that some hackers have used the utility cloud computing to implement one or more attacks.
Each time a user clicks a hyperlink on the Internet, the web browser could connect to services anywhere in the world. Domain name server resolves URLs to IP addresses; system switches route interchange between the endpoints and data traffic or can cross any number of crossing points on the road. Web servers and applications can run on virtual machines, whose physical location can be changed at any time. And with virtualization of desktop, the client and the server can run in the cloud. With ubiquitous access to the nature of web services makes it difficult to control the attack surface of services that the architect is trying to protect.
Despite the physical location of a service cannot be accurately known, many agreements specify cloud service regional geographic restrictions or elsewhere, ensuring that the data does not move outside the boundaries of certain regions or regulatory controlled by the service provider.
Another basic component of multi-tenant cloud computing is. A service multi-tenant is any service which hosts N tenants (e.g., customers or clients) within service instances N. Multi-tenant can reduce the expenses of providing services, but also creates some problems. One of the key security issues of multi-tenant data that services should solve the problem of how to maintain the privacy of data between tenants.
In practice, data privacy controls can be implemented in one or more layers of solution architecture:
Application layer - the application reason to filter or restrict access to customer data
Data Layer - different views of database, virtual private databases, files, or instances of the file system client
Layer the machine - separate instances of virtual machines by the customer