Describe a process of how an employee that cannot log in can be provided access.

Cloud Security

Questions

For this question,consider a solution where each of the devices approved by Vertika get an authentication token K, put on the device by Vertika’s IT department. Possession of this authentication token is a factor in authenticating to the cloud as an employee the other part is a valid username and password.

Would you consider this set–up to be a cloud? Why (not)? half page

On a conceptual level,how would you authenticate an employee, using his/her username, password,and the
token on their device? With this approach, are you vulnerable to replay attacks, or people learning the value of K? Why (not)?

Can a disgruntled designer currently employed by Vertika enable a competitor to gain access to confidential files in particular,files that the disgruntled designer is authorised to access?

Describe a process of how an employee that cannot log in can be provided access.