Data leakage in SaaS

Abstract

Data leakage can be defined as the accidental or unintentional distribution of sensitive data to an unauthorised entity. This issue is considered to be one of the largest threats that companies are facing when moving to a cloud infrastructure. However, new security threats are constantly surfacing targeting data leakages; this is especially so in cloud models Software-as-a-Service (SaaS). As these services depend on multitenancy architecture where resources are shared amongst tenants, the issue of data leakage increases. Thus, the Cloud Computing Service Provider (CCSP) has to ensure that data security is in place and that each tenant follows set and accepted security enhancing measures. This is the area explored in this research. Two main stages had to be adopted in order to try and tackle this issue. First was the design of a SaaS multitenancy database and the configuration requirements (mainly for security) for the database server, configuration of the middleware software like a load balancer and connection manager, and the actual logon and connection mechanism that the client must adopt to connect to the SaaS. Second is that of the creation of data collection processes that monitor tenant activities, for example logon requests, query submissions, stored procedure invocations, and delegating data access privileges. A set of tools were developed to help in overviewing security related activities and possible identification of threats. Out of the normal or expected activities are earmarked through the use of data warehousing and data mining techniques. Data warehousing was adopted due to the need to collate data from a variety of data sources both at the client, middleware and backend software were utilised to implement a typical SaaS multitenant information system. As a result, this data warehouse helped to serve as a Log Management System (LMS) over all systems (i.e. client, middleware, DBMS and application). Also the data mining techniques, such as Rule Mining and Classification algorithms, were implemented and used the data available in the DWH to help security administrators with the possible identification of data leakage threats in such environments. Although this DWH and DM techniques are owned by the CCSP, relevant subparts are made available to the tenants.