UNIT 4

CLOUD SECURING, OPERATIONS AND

APPLICATIONS
AMIT PATEL
 INTRODUCTION
▪ Security in cloud computing is a major concern.

▪ Service provider created different cloud and it store high volume data of various users.
There is a possibility that hackers are active there and ready to steal the data.

▪ Services provider requires to implement different service mechanism against the

unauthorize access on data store at location.
 INTRODUCTION
▪ Definition: Cloud security consist of Set of Policy, Controls, Procedures, Technologies that
work together to protect cloud-based system, data and infrastructure.

▪ Provider provide service based on their set of policy, they execute this policy and check
how services is implemented and provided to the customer. Procedure define what are the
different algorithm apply on various mechanism of services. Technologies define what are
the technology-based security provided to user.

▪ Because of cloud's nature of sharing resources, cloud security gives particular concern to
identity management, privacy & access control.
 INTRODUCTION
▪ So, the data in the cloud should have to be stored in an encrypted form.

▪ With the increase in the number of organizations using cloud technology for a data
operation, proper security and other potentially vulnerable areas became a priority for
organizations contracting with cloud providers.

▪ Cloud computing security processes the security control in cloud & provides customer data
security, privacy & compliance with necessary regulations.
 SECURITY RISK OF CLOUD COMPUTING
▪ Cloud computing provides various advantages, such as improved collaboration, excellent
accessibility, Mobility, Storage capacity, etc. But there are also security risks in cloud
computing.

▪ Some most common Security Risks of Cloud Computing are given below:

▪ Data Loss ▪ Increased Complexity

▪ Hacked Interface and Insecure API ▪ Denial of Service (DoS) Attacks

▪ Data Breach ▪ Account Hijacking

▪ Vendor Lock-In
 SECURITY RISK OF CLOUD COMPUTING
Data Loss

▪ Data loss is the most common cloud security risks of cloud computing.

▪ It is also known as data leakage.

▪ Data loss is the process in which data is being deleted, corrupted, and unreadable by a
user, software, or application.

▪ In a cloud computing environment, data loss occurs when our sensitive data is somebody
else's hands, one or more data elements can not be utilized by the data owner, hard disk is
not working properly, and software is not updated.
 SECURITY RISK OF CLOUD COMPUTING
Hacked Interfaces and Insecure APIs

▪ Cloud computing is completely depending on Internet, so it is compulsory to protect

interfaces and APIs that are used by external users.

▪ APIs are the easiest way to communicate with most of the cloud services.

▪ In cloud computing, few services are available in the public domain. These services can be
accessed by third parties, so there may be a chance that these services easily harmed and
hacked by hackers.

▪ If you are not using a secure API, it is very likely that attackers can also use it to interact
with your resources and data. communications, or modify and steal your data.
 NOTES : API ( APPLICATION PROGRAM INTERFACE )
▪ An API or Application Programming Interface provides a set of functionality. It could be a
function or a method that provides a specific function.

▪ API act as middleman between app and web server.

▪ Companies share their data with Third party apps via API key.

▪ API makes the communication between two apps possible.

 NOTES : EXAMPLE OF API
▪ Logins on third party apps via Google/Facebook etc is done with the help of API thus you
don't have to save passwords.

▪ If you post pictures on Instagram and it automatically gets posted on Facebook. How? Via
API only.

▪ You can track your orders on Zomato easily. You can track your delivery person's location.
Zomato takes the help of Google maps, but Google only shares the API key with zomato.

▪ Online bookings are made on third party apps like make my trip via API. These hotel
companies share their API key with these third-party apps.
 SECURITY RISK OF CLOUD COMPUTING
Data Breach

▪ Data Breach is the process in which the confidential data is viewed, accessed, or stolen by
the third party without any authorization, so organization's data is hacked by the hackers.

Vendor lock-in

▪ Vendor lock-in is the of the biggest security risks in cloud computing.

▪ Organizations may face problems when transferring their services from one vendor to
another. As different vendors provide different platforms, that can cause difficulty moving
one cloud to another.
 SECURITY RISK OF CLOUD COMPUTING
Increased complexity strains IT staff

▪ Migrating, integrating, and operating the cloud services is complex for the IT staff. IT staff
must require the extra capability and skills to manage, integrate, and maintain the data to
the cloud.

Account hijacking

▪ Account hijacking is a serious security risk in cloud computing.

▪ It is the process in which individual user's or organization's cloud account (bank account,
e-mail account, and social media account) is stolen by hackers. The hackers use the stolen
account to perform unauthorized activities.
 SECURITY RISK OF CLOUD COMPUTING
Denial of Service (DoS) attacks

▪ Denial of service (DoS) attacks occur when the system receives too much traffic to buffer
the server. Mostly, DoS attackers target web servers of large organizations such as banking
sectors, media companies, and government organizations.

▪ To recover the lost data, DoS attackers charge a great deal of time and money to handle the
data.
 CLOUD SECURITY CONTROL
▪ Cloud security becomes effective only if the defensive implementation remains strong.

There are many types of control for cloud security architecture; which are listed below:

▪ Detective Control: are meant to detect and react instantly & appropriately to any incident.

▪ Preventive Control: strengthen the system against any incident or attack by eliminating the
vulnerabilities.

▪ Deterrent Control: is meant to reduce attack on cloud system; it reduces the threat level by
giving a warning sign.

▪ Corrective Control: reduces the consequences of an incident by controlling/limiting the

damage. Restoring system backup is an example of such type.
 CLOUD SECURITY BOUNDRIES
▪ A specific service model defines the boundary among the responsibilities of customer and
service provider.

▪ The boundaries between each service model are defined by Cloud Security Alliance (CSA)
stack model.

▪ The Cloud Security Alliance (CSA) stack model defines the boundaries between each service
model and shows how different functional units relate.

▪ A particular service model defines the boundary between the service provider's
responsibilities and the customer. The following diagram shows the CSA stack model:
 CLOUD SECURITY BOUNDRIES
▪ IaaS is the most basic level of service, with PaaS and SaaS next two above levels of services.

▪ Moving upwards, each service inherits the capabilities and security concerns of the model
beneath.

▪ IaaS provides the infrastructure, PaaS provides the platform development environment,
and SaaS provides the operating environment.

▪ IaaS has the lowest integrated functionality and security level, while SaaS has the highest.

▪ This model describes the security boundaries at which cloud service providers'
responsibilities end and customers' responsibilities begin.
 CLOUD SECURITY BOUNDRIES
▪ Any protection mechanism below the security limit must be built into the system and
maintained by the customer.

▪ Although each service model has a security mechanism, security requirements also depend
on where these services are located, private, public, hybrid, or community cloud.
 DATA SECURITY
▪ Since all data is transferred using the Internet, data security in the cloud is a major concern.
Here are the key mechanisms to protect the data.

– Access control

– Audit trail [ Maintain Log ]

– Authentication

– Authorization

▪ The service model should include security mechanisms working in all of the above areas.
 DATA SECURITY
Brokered Cloud Storage Access

▪ A way of separating storage in the Access Cloud.

▪ Use to isolate the cloud storage. It means user can not know about other user storage
access.

In this approach, two services are created:

▪ Broker has full access to the storage but does not have access to the client.

▪ Proxy does not have access to storage but has access to both the client and the broker.
 DATA SECURITY
Working of Brokered Cloud Storage Access System

▪ When the client sends a request to access data:

1. The request of the client goes to the external service interface of proxy.

2. The proxy sends the request to the broker.

3. The broker asks for cloud storage data.

4. The proxy must give the information to the server at last.

 DATA SECURITY
Brokered Cloud Storage Access

5. The broker requests the data from the cloud storage system.

6. The cloud storage system returns the data to the broker.

7. The broker returns the data to the proxy.

8. Finally, the proxy sends the data to the client

 DATA SECURITY VS CLOUD SECURITY ARCHITECTURE
▪ The difference between "cloud security" and "cloud security architecture" is that the
former is built from problem-specific measures while the latter is built from threats.

▪ A cloud security architecture can reduce or eliminate the holes in Security that
point-of-solution approaches are almost certainly about to leave.

▪ The cloud security architecture also organizes security measures, making them more
consistent and easier to implement, particularly during cloud deployments and
redeployments.
 CLOUD COMPUTING OPERATIONS
▪ Operation refers to delivering superior cloud services.

▪ Concept used by company who provide cloud services.

▪ Cloud services allows businesses to perform operation online. Its responsibility of cloud
provider once client take their service to provide infrastructure and services properly on
time.

Basic operations are

▪ Email Marketing : For Promotional Part if user want some information about new services
or any offer on services.
 CLOUD COMPUTING OPERATIONS
▪ Content Management : Manage data store on cloud.

▪ Reporting : Give details about services like use of service by client

▪ Market Place: Find potential client

▪ Accounting Services : Collect Financial details

▪ HR Services
 CLOUD COMPUTING OPERATIONS
Ways to manage cloud operation

▪ Used right tool to perform cloud function.

▪ Doing things at right time.

▪ Doing thing with right cost.

▪ Follow standard to do work

CLOUD COMPUTING APPLICATIONS.