Cloud Security and

Securing The Cloud

Security
• Cloud security refers to the policies, tools, and practices used to protect data,
applications, and infrastructure in a cloud environment from threats like theft,
unauthorized access, and damage, ensuring confidentiality, integrity, and
availability. It involves a shared responsibility model between the cloud provider
(who secures the underlying infrastructure) and the customer (who secures
everything placed on top of it). Key security measures include identity and access
management (IAM), data encryption, continuous monitoring, regular system
updates, and implementing multi-factor authentication to protect data and
applications in the cloud.
Key Components and Practices
• Identity and Access Management (IAM): Managing who can access cloud resources using
policies and strong authentication methods like multi-factor authentication (MFA).
• Data Encryption: Encrypting data both when it's stored (at rest) and when it's being
transferred (in transit) to make it unreadable to unauthorized users.
• Continuous Monitoring and Threat Detection: Using tools to continuously monitor cloud
activity, detect suspicious patterns, and respond to potential threats.
• Vulnerability Management: Regularly patching and updating systems to close security gaps
and prevent vulnerabilities from being exploited
• Network Security:Employing firewalls and network segmentation to isolate and protect
different parts of the cloud environment.
• Configuration Management: Ensuring cloud resources are configured securely to prevent
misconfigurations that could lead to vulnerabilities.
• Disaster Recovery: Implementing backup and recovery plans to ensure data and services can
be restored in the event of an outage or incident.
Security Threats and Vulnerabilities in
Cloud Computing Platform
• Data breaches: One of the most significant risks in cloud computing. Misconfigurations, poor access
controls, and stolen credentials can lead to the exposure of sensitive data.
• Inadequate Identity and Access Management (IAM): Weak authentication methods, excessive
permissions, or poor password hygiene can lead to account hijacking and unauthorized access.
• Cloud Misconfigurations: Often caused by human error, these are a leading cause of cloud data
breaches. Examples include publicly exposed storage buckets or overly permissive security settings.
• Insider threats: Malicious or negligent actions by current or former employees, contractors, or
partners can compromise data. This is difficult to detect because the individual has legitimate access.
• Insecure Application Programming Interfaces (APIs): Since APIs are the communication bridge for
many cloud services, their vulnerabilities can be exploited for data theft or denial-of-service attacks.
• Shadow IT: The use of unauthorized or unmanaged cloud applications and services within an
organization, which creates security risks and visibility gaps.
• Denial-of-Service (DoS) attacks: These attacks overwhelm cloud services with traffic, disrupting
operations and rendering services unavailable to legitimate users.
• Shared infrastructure vulnerabilities: In multi-tenant public cloud environments, a vulnerability in
the shared infrastructure could potentially affect multiple customers.
Securing Cloud
• Encrypt Data: Use encryption for data both at rest (in storage) and in transit (moving across
networks).
• Implement Strong IAM: Enforce multi-factor authentication (MFA) and the principle of least
privilege, which grants users only the access required for their roles.
• Monitor and Log Activities: Continuously monitor the cloud environment for suspicious activity and
enable security logging. Integrate logs into a Security Information and Event Management (SIEM)
system for centralized analysis.
• Conduct Regular Security Audits and Penetration testing: Perform regular assessments to identify
and address vulnerabilities and misconfigurations. Third-party penetration tests can simulate real-world
attacks to evaluate defenses.
• Automate Security: Use automated tools for continuous security posture management (CSPM) to
detect misconfigurations in real-time. Incorporate security into DevOps (DevSecOps) pipelines to find
and fix flaws early.
• Adopt a Zero Trust Model: Treat every access request as a potential threat and verify it rigorously,
regardless of origin.
• Develop an Incident Response Plan: Have a specific, well-defined plan for responding to security
incidents in the cloud, including containment, investigation, and recovery.
• Secure APIs and Endpoints: Harden APIs with authentication and authorization mechanisms and use
endpoint security tools to protect devices connecting to the cloud.
• Train Employees: Educate staff on security policies, risks like phishing, and how to use cloud services
Securing Data
• Protecting data in cloud is major concern
• Data can be intercepted and modified in network.
These are the key mechanism to secure data:
• Access Control
• Auditing
• Authentication
• Authorization
Brokered Cloud Storage Access
• The problem with the data stored in cloud is that it can be located
anywhere in the cloud service provider system, in another data
center, in state, in country or province, and in many cases data store
in other country also. Data stored in other types of system
architecture as client/server, firewall is only system to serve security
of data, there are no physical system to protect the data. Brokered
cloud storage is the mechanism to protect data. The approach is there
are client, proxy, and broker devices where broker has access to proxy
but not access the storage, proxy can access client and broker but no
access to storage.
Broker Storage Access
Mechanism
• The request goes to the external service interface of proxy, which has
only partial trust.
• Proxy forward request to broker
• Broker requests the data from the cloud storage system
• The storage system return the result to the broker
• The broker send the result to the proxy.
• Proxy complete the process by sending the response to the client.
Encryption
• To protect data in cloud data must be stored in encrypted form.
• Various encryption techniques followed to encrypt data in cloud.
• It provide data security in cloud storage
• Encryption protect data from unauthorized access
Audit and Compliances
• Logging is the recording of events into repository auditing is the
ability to monitor the events to understand performance.
• Auditing and logging is an important function because it not only
necessary for evaluation performances, but it also used to investigate
security and when illegal activities performed on the cloud.