We would also like to express our honest appreciation to our colleagues at the Haldia Institute of Technology Haldia, West Bengal, India, and CHRIST (Deemed to be University), Bengaluru, Karnataka India, for their guidance and support.
We also thank all the authors who have contributed some chapters to this book. This book would not have been possible without their contribution.
We are also very thankful to the reviewers for reviewing the book chapters. This book would not have been possible without their continuous support and commitment towards completing the chapters’ review on time.
To all of the team members at Scrivener Publishing, who extended their kind cooperation, timely response, expert comments, and guidance, we are very thankful to them.
Finally, we sincerely express our special and heartfelt respect, gratitude, and gratefulness to our family members and parents for their endless support and blessings.
Sabyasachi Pramanik
Department of Computer Science and Engineering, Haldia Institute of Technology, Haldia, West Bengal, India
Debabrata Samanta
Department of Computer Science, CHRIST (Deemed to be University) Bengaluru, Karnataka
M. Vinay
Department of Computer Science, CHRIST (Deemed to be University), Bangalore, India
Abhijit Guha
First American India Private Limited, Bangalore, India
1
Securing Cloud-Based Enterprise Applications and Its Data
Subhradip Debnath*, Aniket Das and Budhaditya Sarkar
Department of Computer Science, Institute of Engineering and Management, Maulana Abul Kalam Azad University of Technology, Kolkata, West Bengal, India
Abstract
In today’s world that is mostly through applications interacting over the internet, data security both inside and outside the client devices is a very critical topic. MSME sector and the new enterprises coming up are mostly shifting to the cloud space for grabbing up the opportunities of the virtual market that are coming up and shifting their work culture to the online space. Thus, the enterprise communication that was mainly happening in offline methods, behind closed doors, and locked storage rooms with files has now shifted to a more public space, files being routed through the public internet to public facing servers. Resulting in a whole new domain of security and compliance problems as many of the servers for Public/Hybrid Cloud models fall under a joint ownership between two or more parties/stakeholders. Thus, securing the data in transit, i.e., coming in and out of the cloud, and the data in rest, i.e., the data lying inside the cloud, needs to be encrypted such that no third party can access it without the consent of its owner. In this proposed research model, it is proposed that data from a client application as in an enterprise communication application are encrypted using modified algorithms which would be accessible securely through a series of access control functionalities with least privilege access policies. The data is further packed up and are transported over the SSL layers to an server side application instance running in a public cloud (here)/private cloud which shall decrypt the information coming through and sorts the data accordingly and further saves them into the object-based storages, NoSQL, and Ledger databases with high availability and security at rest. The data at rest is further encrypted, can be packed up, and sent back to the client application when requested with necessary encryption in transit criteria fulfilled. The transactions are carried out using role-based assigning systems and least access privilege access mode, thus successfully stopping the concepts of threats to privacy, data eavesdropping, threat to personal security, etc.
Keywords: Enterprise, architecture, secure, application, data, cloud, encryption, threats
1.1 Introduction
Human life is driven by data. In this century, every business decision that is undertaken is based on derivations of data collected over the years. Data warehouses and databases are overflowing with ever growing data, but the main concern at this point of time is the security of both data in transit, i.e., being sent over the public internet and the security of the data at rest. Security of the data does not only mean about its confidentiality but also its availability and integrity.
Due to the rapidly growing virtual market, data is at its abundance as starting from the startup companies, companies from the MSME sector and even the traditional core large companies are shifting and changing their business model to adapt to cloud. Thus, security of the applications along with the data has become a necessity rather than a choice.
Due to the rapidly increasing demands, which are producing a large amount of data, the users are facing problems of securely storing that data in a searchable format. Studies have also suggested that security and privacy are among the major factors of influencing a consumer’s trust [1, 2]. Some researchers have worked upon the concept of securing the data through blockchain. However, blockchain integration makes the computations required, and unnecessarily complex and large computations of the blockchain are quite unnecessary when thinking of saving data that are important but come in too frequently. This concept was not introduced to just storing data cryptographically but from the concept of “transfer of assets from peer to peer”.
Thus, in our proposed model, our objective is to help the data from users, (here) an enterprise software transfer their data through the public network by the use of a web-based software, facilitating encrypted communications over the public channels and keeping unnecessary computations to its bare minimum. Data, be it object-based or text or JSON data structure, can be passed through the system and can be checked up for malware. If the data transmitted is seen to be coming in through valid credentials and passes the security checks, then it would be stored in the NoSQL databases. For object-based files, the files would be checked for security exploits, and after passing the checks, it would be checked if the files could be scaled down and they would be saved over in the object storage buckets. Logs would be generated for every action undertaken by the user after log in and those corresponding logs would be added on to immutable ledger databases for further audits and checks with timestamps, so that every user in the system is accountable for their actions.
The proposed system has a highly scalable and available architecture. The number of systems provisioned in the architecture can grow/shrink according to the load. The proposed system is developed keeping in mind that the data stored can be queried easily, so that it can serve as a better alternative to the proposed blockchain systems that are being proposed widely. The suggested architecture can also check for intrusion and can perform malware analysis, spam detection, etc.
1.2 Background and Related Works
Every device produces metadata based on the client’s request. For securing cloud base applications, metadata exchange is also necessary to maintain nondisrupting service.