All elements in the cloud computing environment can keep the same security features in a shared security limit for any particular user. Computing elements living within that range trust each other. The resulting security environment in which this security border is called a security container. In this way, instead of defining security limits for each element There are touch points with its data, which is partially used as a separate ally to produce a container, which consists of elements that are part of the same security attributes. This network is usually in the network layer, because network information is the way to transport. Thus virtual networks are created on physical networks and each container uses virtual networks inside it.So other containers (external) can not access their internal data. To enter a specific container, three security procedures are usually used: identification, verification, and permission.Identity is based on user identification. The user may be a person, application, system, or “thing” that wants to connect to the cloud or its security container.
Verification determines whether a user is a user or not. You have the authentication that is usually based on or what you know. An example of this user will be a smart card, fingerprints, or sound biometrics, where the user knows which user knows a password or PIN (personal identification number). Once a user has been set, it is verified once.Assign permits that are allowed to authorize an authoritative user. The rights given to a certified user depends on the user who is in the cloud computing environment. A user receives permission after the author has been authenticated.One of the common concerns that users of cloud com-puting have is that the data stored in the cloud may end up being stored in a country that differs from the one where the user resides. Such concerns relate to the legal or regulatory jurisdiction of the data stored. Should the data
be compromised, then which country’s laws or data pro-tection mechanism should apply? This is a valid concern because the elastic characteristic of cloud computing can indeed move computing resources, including data storage, from one place to another. Alternatively, it could be a case that the cloud is hosted in one country but its users come from another. In order to address this challenge, I propose the use of security containers that are defined in terms of their jurisdictional characteristics in addition to the CIA or Parkerian ones. This would mean that the data segregation takes place not in the data center but across any part of the world from where the cloud service is provided; by impli-cation, this entails that the security container be created using virtual wide area networks rather than virtual local area networks.