Category: Uncategorized

Every computing service that can be delivered over the Internet mode is known as cloud computing. The computing involves resources like tools and applications as data servers, networking, data storage, and software. The name cloud computing comes as a virtual space/ cloud space having the information that is accesssible and stored in the cloud space only and computing of all the information and data is known as cloud computing. The biggest advantage of this is that the user who is using it, don’t require to gain access to a specific location to access the data, the user can work remotely. The cloud computing can be done via public as well as private mode referring to what access you want to use or want to give to the user as well.

Types of Cloud Services: Cloud computing services give its users a series of function that includes, email, data analyzing, audio and video streaming, delivery of software on demand, creating and testing apps, VM creation and storage, data retreival etcetera.

Deployment Models: 

Saying certainly that there are three type of clouds wouldn’t be possibleand right, better we can comprehend that there are various types of cloud and each one is different than the other.

Public cloud, is the cloud which works like an open-source, freely available to public providing storage and servers services over the internet. Public cloud is being operated by third-party companies, who manages hardware, software and other general infrastructure.

Private cloud, is the cloud which is not freely available, thus user needs to pay an amount to use the cloud services and it is reserved for specific clientele, usually one business or organization. The user access is reserved by the admin and is being directly operated and managed by the organisation who buys it.

Hybrid cloud,as the name suggest is the combination of both above-mentioned clouds, the public and the private one. This type of cloud provides flexibility with restriction and security for the right optimization and function of the cloud by the user.

Multi-cloud, this is a cloud service in which the client don’t restricted to use the service of only one type of cloud service provider. Insead the client can use the cloud service of one provider and for other they can opt out for some other service provider.

Types of Cloud Computing

The cloud computing types is based on Shared responsibility model, which emphasise on sharing the responsibility and work at different hierarchical level. The Shared responsibility as name defines, is sharing responsibility, i.e.,  the security team maintains some responsibilities for security, while the provider takes some responsibility, but not all the responsibility will be  put on someone’s shoulder to handle it on single-hand mode. Cloud computing is based on three services which are as follows:

–Software-as-a-service (SaaS), the service provider has the major responsibility of handling and operating the system and services.It is based on product-perspective based cloud service.The service provider provides you with a license to access the software applications like Microsoft office’s 365.

–Infrastructure-as-a-service (IaaS), the services is handled majorly by the customer, the service provider maintain the hardware, network connectivity and physical security. Main Function is to lift nd shift or migrate from an on-premise data centre to a cloud-deployment. Example of IaaS is Microsoft Azure.

–Platform-as-a-service (PaaS), this is the complex one as a service as it shares some responsibility of SaaS and some of the IaaS. The main function of PaaS is to provide the platform for the cloud service for developing the software instead of giving the software as a service which is seen in SaaS.

Advantages of Cloud Computing 

Cloud computing based software provides a number of benefits, which includes the ability to use software from any device through browser or app based function. Thus, user can have the access from anywhere and anytime. 

The storage provide by the Cloud computing services make it possible for the users to keep backup of their data  ensuring that the files are available to them whenever they need it.

Reliability, the ability of a system to recover from failure and continues to function and  Predictability, the ability of a system to perform during the major outbreak of traffic and usage, the cloud computing has proven righteous for both the above-explained cases.

Disadvantages of the Cloud

With everything that the cloud comes out in name of services and flexibility, but security is the biggest concern not for cloud computing only, but for every computing device irrespective of whether it is working on internet or not. Servers maintained by the cloud computing service provider can be a victim of cyber attacks, internal bugs, power outages etcetera.

Securing everything which is over the internet or is a piece of critical information is called cyber Information Technology Security. It is a general, but important practice of securing critical systems and important information from any kind of digital attack. Cyber security policies and rules are defined and designed in a way that their main function is to combat all kinds of threats against networks, systems, applications, and data.

According to data shared via ‘n’ a number of research organizations, it was stated that, ‘in the year 2020, the average cost of a data breach is found to be USD 3.86 million globally. Cybercriminals target customers personally and organizations via information like address, name, Credit card information etcetera.

Cybersecurity domains:

If the user can follow a well-defined strategy for protection in order to defend against any cybercrime or cyber-attacks, one can safeguard the information and data from cybercriminals. There are layers of protective measures that can be considered as cybersecurity domains for safety from cyber attacks.  The security parameters lie in Critical Infrastructure Security, Application and Network Security, Cloud and Information Security, End User Education, Storage Security, Mobile Security, and Data Disaster Recovery are some of the very important measures in the cybersecurity domains.

Cybersecurity MythsWith technology rising day by day, the myths related to it are also rising to create more misconceptions at the user’s end. But to get full security, one should be aware of all the pros and cons of it. The notions and myths related to technology. Some of the myths related to  Cybersecurity are like Cybercriminals are outsiders which is not true, instead, most of the time cybersecurity breaches are often the result of malicious insiders, working for outsiders who are hackers. Attack vectors are contained in nature which they actually are not, to predict exactly their behavior is quite a difficult job. Risk are known, which actually aren’t because the vulnerabilities are increasing in old as well as new devices and applications, thus giving a certain behavioral result about any risks is not a good practice. Industry Safe,  no industry is safe or far away from the vulnerability access of cyber criminals. Whether you are sitting in a gov. organization or any private firm, you are or can be in the radar of the cybercriminal, so it’s better to be safe, than to get cyberattacked by any criminal.

Common Cyber Threats:Let’s discuss some of the security threats which are as follows:

1) Malware: The term ‘malware’ defines as ‘malicious software, and this software can be worms, viruses, trojans, and spyware. This malware files less and gets unauthorized access to the device and corrupts or misuses the data of the system. 

2) Ransomware: It is a type of malware that demands ransom from the victim by locking down the files, and data, and to release it asks for the ransom, unless a ransom is paid, the data won’t be released.

3) Phishing: These are the most prevalent attacks nowadays, causing victims a heavy loss of amount by using platforms like emails, messages, and calls acting as an authenticate service provider.

4) Insider Threats: Data revelation by the current or former partners, employees, or compromise of the device they are/were using. As they are insider threats, thus are invisible or less vulnerable to security solutions like firewalls, and IDS (Intrusion Detection System), as the focus is on external threats.

5) DDoS Attacks: The purpose of this distributed denial of services is to overwhelm the network of the enterprise by overloading it with irrelevant traffic, usually from multiple coordinated systems.

6) APTs: Advanced persistent threats, are made by an intruder or group of intruders to infiltrate a system by remaining undetected for a time period to steal data and use it in attacks or other illegal activities.

7) Man in the Middle: It is an eavesdropping attack in which the data is stolen by the man in the middle of the service provider and the user. Like the data between the User of an insecure Wi-Fi and the Wi-Fi service provider can be attacked by the man-in-the-middle because of the insecure mode of the Wi-Fi.

Cyber Security Best Practises:

1. Keep hardware and software up-to-date.
2. Avoid opening suspicious emails.
3. Use a secure file-sharing solution to encrypt data or use a VPN to privatize your system.
4. A strong Password is a key to security.
5. 2-factor authentication is a must.
6. Remove adware from your machine.
7. Double-check for the HTTPS or SSL certificate of the website.
8. Don’t store or share information on an insecure platform.
9. Avoid public device usage.
10. Education at both ends, users as well as providers.
11. Protect access with efficient identity management.
12. Use anti-virus and anti-malware.

The applications you are using like food eateries, clothing, e-commerce, and all, on every application you are sending a request and getting a reply; the request sent from the user end is taken via the application to the concerned server and the server gives a reply to it eventually. Thus, for all the above-mentioned cycle processes API aka application programming interface is working.

What exactly API is?

An application Programming Interface or API is a middleman in application technology whose function is to set rules, standards and protocols that will allow the different software applications to communicate, receive or send data with each other on different or same grounds. So, basically, API is asking you to let your application services of yours interact with the application service of others without even asking each other that ‘how they are processing or working?

API can be released in different policies method:

Private: The company is the master of this API and is controlled by the company only.

Public: This API is open to all and can be used by any innovator to use by, to create any innovation.

Partner: Partner API defined itself, that it is sometimes private or sometimes public in nature, i.e., partners can limit the sharing and usage of API, without compromising the API quality and encryption.

Composite: These combine two or more APIs’ together to address complex system requirements at the user end.

Usage of API:

The main function is to request data from one end and send it to another end, like a request made by the user replied to by the API on a web browser.

API is an updating tool as well which means updating social media, updating servers, adding, or deleting things etcetera. API uses all this through integration property.

Benefits of using API:

–Data Sharing

–Increased Security

–Easy to use

How does API function?

REST API: Representational State Transfer. The REST API let the data be shared between the client and server using the HTTP method via a set of functions like GET, PUT etcetera. It is stateless in nature, thus not saving any user data at an end. The REST API has major benefits like integration, innovation, ease of maintenance and expansion. REST API can be made secure via authentication tokens and API Keys

SOAP API: Simple Object Access Protocol. The messages between the client and server are exchanged via the XML method. This is an old API method, frequently used in past, nowadays REST API is more frequently in usage.

RFC API: Remote Procedure Calls. At first, the client input the function/procedure on the server then only the server give output to the client.

WebSocket API: It is another modern API after the REST API. It uses JSON to exchange messages between clients and the server. It supports two-way communication, i.e., a client can send call-back messages to the server, making it more efficient than the REST API.

GRAPH QL API: It is a special type of query language created for the API exchange of messages only. It is a developer-friendly, fast, and flexible format an easy manner giving an output of required data only neither less than that nor more than asked. It gives free hand to developers for the database’s multiple queries, microservices and APIs’, thus making it easy to handle and update developers.

API GATEWAY: An API Gateway is a management tool client that will use a broad range of activities. Like all gateways, the API Gateway handles the tasks like user authentication, rate management and statistics overall API calls. For example, Amazon API Gateway.

What is API testing?

API testing strategies are like other software testing methodologies. The focus is on validating server responses. API testing includes making multiple requests to API endpoints for performance testing, writing tests to check business logic and function and security testing by simulating system attacks.

Creating an API: A reliable, flexible, fast and developer-friendly is the prime goal while creating an API.

–PLAN API

–BUILD API

–TEST API

–DOCUMENT THE API

–MARKET THE API