The malicious insider can be an employees, user and/or third party business partner. In cloud environment, clients may store sensitive data about their organization in cloud data centers. The cloud service provider should ensure integrity, security, access control and confidentiality about the stored data at cloud data centers. The malicious insiders can perform stealing on sensitive data at cloud storage and at organizations. Most of the organizations ignoring the insider attack because it is harder to detect and mitigate. This is a major emerging problem at the cloud data centers as well as in organizations. In this paper, we proposed a method that ensures security, integrity, access control and confidentiality on sensitive data of cloud clients by employing multi cloud service providers. The organization should encrypt the sensitive data with their security policy and procedures and store the encrypted data in trusted cloud. The keys which are used during encryption process are again encrypted and stored in another cloud area. So that organization contains only keys for keys of encrypted data. The Administrator of organization also does not know what data kept in cloud area and if he accesses the data, easily caught during the auditing. Hence, the only authorized used can access the data and use it and we can mitigate insider attacks by providing restricted privileges.
[1]
Randy H. Katz,et al.
Above the Clouds: A Berkeley View of Cloud Computing
,
2009
.
[2]
Dimitris Gritzalis,et al.
Exploitation of auctions for outsourcing security-critical projects
,
2011,
2011 IEEE Symposium on Computers and Communications (ISCC).
[3]
Dimitris Gritzalis,et al.
The Insider Threat in Cloud Computing
,
2011,
CRITIS.
[4]
Ning Hu,et al.
A Layered Approach to Insider Threat Detection and Proactive Forensics
,
2005
.
[5]
Paul Thompson,et al.
Weak models for insider threat detection
,
2004,
SPIE Defense + Commercial Sensing.
[6]
Carrie Gates,et al.
Defining the insider threat
,
2008,
CSIIRW '08.
[7]
E. Eugene Schultz.
A framework for understanding and predicting insider attacks
,
2002,
Comput. Secur..