Ensuring Information Security Regime Using Cloud Services

This thesis is devoted to the concept of information security regime for companies that use cloud services. The main goal of this thesis is the analysis of information security threats in systems that use the cloud-computing technology to process data with different levels of confidentiality, the paper also observes current information security methods in case of using cloud services. According to the targets of the thesis, the subject of the research is methods of information security for systems that are implemented as cloud-based service models PaaS, SaaS, IaaS. The object of the study are cloud services based on ABS “CFR-Bank”, which are presented in several banks. The following tasks were carried out to achieve the main goal: • reviewed the overall functioning and cloud deployment models; • analyzed the problems of information security in case cloud services using, taking into account relevant legal and regulatory framework; • Listed some examples of the most popular cloud services; • carried out the analysis of security threats in the cloud-based networks; • analyzed the safety of cloud service by the example of a specific banking enterprise, and provided recommendations for the technical and organizational measures to protect it assets. As the result of the thesis, it was found that information security measures provided by the supplier of cloud services are insufficient for the banking business. In addition, the use of an intermediary to access bank’s own data adds new risks due to the fact that the specific business processes of the bank become out of control of the bank. Thus, according to the results of the research, not only the methods and means of protection offered by the provider of cloud services were analyzed, but also were suggested specific actions to ensure the safety of bank’s data that should be taken directly by bank.