Unit - V

Cloud Security

-by Poonam Kinage

Unit - V Cloud Security
Unit - V Cloud Security
5.1 Need and importance of Cloud Security
5.2 Methods of Providing Cloud Security
5.3 Infrastructure Security:
 Methods
 Case study
5.4 Data security and Storage:
 Methods
 Case study
5.5 Identity and Access
Management:
 Access Control
 Trust
 Reputation
 Risk
Cloud Security
 Cloud security refers broadly to measures undertaken to protect
digital assets and data stored online via cloud services providers.
 Measures to protect this data include two-factor authorization
(2FA), the use of VPNs, security tokens, data encryption, and
firewall services, among others.
 Cloud security is the protection of data stored online via cloud
computing platforms from theft, leakage, and deletion.
 Methods of providing cloud security include firewalls, penetration
testing, obfuscation, tokenization, virtual private networks (VPN),
and avoiding public internet connections.
 Cloud security is a form of cyber security.
 Cloud security is essential for the many users who are concerned
about the safety of the data they store in the cloud
Cloud Security Cont.…
 Security in cloud computing is a major concern.
 Data in cloud should be stored in encrypted form.
 To restrict client from accessing the shared data directly, proxy
and brokerage services should be employed.
 Encryption helps to protect data from being compromised.
 It protects data that is being transferred as well as data stored
in the cloud. It is a essential component of the protection
policy.
 Security and privacy issues can be overcome by employing
encryption, security hardware and security applications.
 Types of encryption:
1. Asymmetric encryption 2. Symmetric encryption
 Interoperability - It means the application on one platform
should be able to incorporate services from the other
platforms.
Cloud Security Cont.…
 Security in cloud consist of –
 Set of policies – cloud provider different policies
 Controls- To implement policies to provide the service to user
 Procedures - different algorithms/APIs/services are used
 Technologies- Service/cloud Provider provide technology based
security provided to user under different services.
 This all above works together to protect cloud basic system, data and
infrastructure, for gaining the security.
 Service delivery depends upon the individual cloud service provider/
cloud security solution. It is responsibility of Cloud /service Provider.
 Cloud service providers must learn from the managed service
provider (MSP) model and ensure that their customer’s applications
and data are secure if they hope to retain their customer base and
competitiveness.
 Security standards define the processes, procedures, and practices
necessary for implementing a security program.
Legal issues in Cloud Computing
 Cloud Computing has raised a number of legal issues
including privacy and data security, contracting issues,
issues relating to the location of the data, and business
considerations.
 Legal provisions clearly cannot force the cloud providers
to have a negotiating session with each and every
customer.
 However, legal provisions may be made to ensure that
the liability and risk responsibility clauses follow a
standard pattern which compensates the user for the lack of
negotiation during the formation of the contract.
 Security ranked first as the greatest challenge or issue of cloud
computing.
Cloud Computing Security Concerns

 Cloud Computing Security Concerns:

 Third Party Handling Data- No Guarantee (100%) data security.
 TP is accessing and managing Data
 Cyber Attacks- Challenging issues
 Insider Threats- Privacy of data
 Government Intrusion- Supervision of data
 Legal Liability- Court case filed against or by you
 Lack of Support- Competition
 Lack of Standardization- Different cloud provider may not
follow some standards.
Cloud Computing Security Threats/Risk
 Threats in Cloud Computing Security:
 DOS (Denial of Service)-
 Tries to bring server down.

 MIM (Man in Middle)

 NS (Network Sniffing)- Monitoring all traffic in network

 PS (Port Scanning)- Hackers tries to steal about ports used.
 SIA (SQL Injection Attack)- Tries to steal user credentials
from database
 XSS (Client-site scripting attack)- Embedding harmful
links/script
5.1 Need and importance of Cloud Security
 Cloud security important –
 For businesses, making the transition to the cloud, robust
cloud security is imperative/crucial.
 Security threats are constantly evolving and becoming
more sophisticated, and cloud computing is no less at risk
than an on-premise environment.
 For this reason, it is essential to work with a cloud provider
that offers best-in-class security that has been customized
for the infrastructure
 While cloud security models allow for more convenience, always-
on connectivity requires new considerations to keep them secure.
 Cloud security, as a modernized cyber security solution, stands out
from legacy IT models in a few ways.
5.1 Need and importance of Cloud Security
 It has become more essential/importance for two key reasons:
 Convenience over security:
 Cloud computing is exponentially growing as a primary method
for both workplace and individual use.
 Innovation has allowed new technology to be implemented
quicker than industry security standards can keep up, putting
more responsibility on users and providers to consider the risks
of accessibility.
 Centralization and multi-tenant storage:
 Every component — from core infrastructure to small data like
emails and documents — can now be located and accessed
remotely on 24/7 web-based connections.
 All this data gathering in the servers of a few major service
providers can be highly dangerous.
 Threat actors can now target large multi-organizational data
centres and cause immense data breaches.
Benefits of Cloud security
 Centralized security:
 Just as cloud computing centralizes applications and data, cloud
security centralizes protection.
 Cloud-based business networks consist of numerous devices
and endpoints that can be difficult to manage when dealing with
shadow IT or BYOD (Bring Your Own Device).
 Managing these entities centrally enhances traffic analysis and
web filtering, streamlines the monitoring of network events and
results in fewer software and policy updates.
 Disaster recovery plans can also be implemented and auctioned
easily when they are managed in one place.
 Reduced costs:
 One of the benefits of utilizing cloud storage and security is that
it eliminates the need to invest in dedicated hardware.
 Not only does this reduce capital expenditure, but it also
reduces administrative overheads.
Benefits of Cloud security
 Reduced Administration: Manual security configurations and
constant security updates are not required when you choose a
reputable cloud services provider or cloud security platform,.
 These tasks can have a massive drain on resources, but when
you move them to the cloud, all security administration happens
in one place and is fully managed on your behalf.
 The cloud is more reliable: Cloud computing services offers the
right cloud security measures in place, users can safely access data
and applications within the cloud no matter where they are or what
device they are using.
 Cloud computing allows organizations to operate at scale,
reduce technology costs and use agile systems that give them
the competitive edge. However, organizations have complete
confidence in their cloud computing security and that all data,
systems and applications are protected from data theft, leakage,
corruption and deletion.
Difference between Cloud Security & Traditional IT Security
5.2 Methods of Providing Cloud Security

 Following are the methods of Providing Cloud Security

1. Authentication
2. Encryption
3. Integrity
4. Attack Solutions
5.2 Methods of Providing Cloud Security
 Authentication-
 Authentication software is mostly responsible for the eligibility
of a person or computer to gain access to the resources in the
cloud.
 We can do this physically or digitally. Some popular tools and
methods to authenticate a person physically are access cards,
fingerprint, retina scanning, access key, etc.
 We can do digital authentication using credentials, which is
usually a password. Other tools here are captcha, patterns, audio
recognition, etc.
 The aim of these is to ensure that an authorised person gets
access to critical information in the cloud.
5.2 Methods of Providing Cloud Security
 Encryption - It helps to protect data from being compromised.
 It protects data that is being transferred and data stored in the cloud.
 Although encryption helps to protect data from any unauthorized access, it
does not prevent data loss. The same concept (i.e., a single shared, secret
key) is used in data storage encryption.
 Encryption refers to the process of encoding data into a non-recognisable
format. Therefore, if hackers get access to the data, they need the encryption
key to decrypt data.
 If the cloud does not provide such services when uploading files, they can do
this using third-party applications.
 One of the most recent technologies here is cloud cryptography.
 In this method, Quantum Direct key system is used to add another security
layer for whoever requires access to the resources in the cloud.
 There are several different ways of using encryption, and they may be offered
by a cloud provider or by a separate cloud security solutions provider:
 Communications encryption with the cloud in their entirety.
 Particularly sensitive data encryption, such as account credentials.
 End-to-end encryption of all data that is uploaded to the cloud.
 Types of Encryption of Cloud Security method
 Asymmetric encryption – It is
different on each side; the sender
and the recipient use two different
keys. It also known as public key
encryption, uses a public key-
private key pairing : data encrypted
with the public key can only be
decrypted with the private key.
 Symmetric encryption involves the use of
a single secret key for both the
encryption and decryption of data. Only
symmetric encryption has the speed and
computational efficiency to handle
encryption of large volumes of data. The
same concept (i.e., a single shared, secret
key) is used in data storage encryption.
Difference between Symmetric & Asymmetric encryption
Symmetric Encryption Asymmetric Encryption
Uses a public key to encrypt data and a private key to
Uses a single key to encrypt and decrypt data
decrypt data
Single key is shared among all participants Public key is shared only to message senders.
decreasing security Recipient stores private key secretly.
Faster encryption process Slower encryption process
Example key sizes are 128 or 256-bit long Example key sizes are 2048-bit or longer
Doesn’t use a lot of resources Uses more resources
Cipher text is smaller, or the same size as the Cipher text is larger or the same size as the original
original plain text cipher text
Both symmetric and asymmetric algorithms provide
Both symmetric and asymmetric algorithms
authentication capability. Only non-repudiation can be
provide authentication capability
achieved using an asymmetric algorithm.
Example algorithms are AES, DES, 3DES,
Example algorithms are RSA, ECC, DSA
IDEA and Blowfish
Better at handling and transferring large Better at handling and transferring smaller amounts of
amounts of data data
Has the risk of someone stealing the key if it Has the risk of losing the private key (the key-pair is
is not managed properly irrevocable
5.2 Methods of Providing Cloud Security
 Integrity-
 Data integrity ensures that data represents what we expect it to
represent. One of the most widely used methods to ensure data
integrity is to use ALOCA:
 Attributable: Any data generated and stored should be linked
to the person or people who create or collect them. We can
do this using digital signatures.
 Legible (clear enough to read): This shows that data should
be readable and permanent.
 Contemporaneous (occurring in the same period of time):
We should record the date and time of creating data.
 Original: We create and store each data at a point in time.
To consider and label data as original, it must be the first
instance of the data.
 Accurate: Data should be error-free, accurate, and complete.
5.2 Methods of Providing Cloud Security

 Attack Solutions
 There are many types of attacks in a cloud.
 Ex- ransomare attacks, denial of service(DoS) attacks, malware
injection attacks, side-channel attacks, authentication attacks,
phishing attacks, man-in-the-cloud attacks, etc.
 We can detect and prevent attacks using a variety of methods
including checking excess bandwidth, regular system checks,
using an intrusion detection system, using a firewall, and blocking
malicious IP addresses.

 To prevent some of these attacks, we can disable some port

numbers in the cloud (e.g. port 22), install the most recent anti-
viruses, and we can use a firewall to bounce the attack, and so on.
HOME WORK
 Explain Data Security
 Explain the Infrastructure Security
 What is Cloud Security and Encryption?
 How to overcome the cloud security issues?
 What is Interoperability in Cloud Computing?
 What are Legal Provisions?
 Explain the legal issues in Cloud Computing.
 What is Network Security?
 Describe content level security.
 State the goals of cloud security
 Explain about cloud security and its challenges.
 Elaborate some standards specific to cloud security.
 What are the types of security policies for Cloud Computing?
 Explain the various cloud security challenges in Cloud Computing.
 List any four general issues in securities of cloud computing.
 List and discuss Security implications of Cloud Computing.
HOME WORK
 What are security services in the cloud.
 What are the different security challenges in cloud computing ?
Discuss each in brief.
 Name any two security challenges associated with cloud in today’s
digital scenario.
 What is infrastructure security in cloud computing?
 What are the security aspects provided with cloud?
 What is encryption ? Define the types of encryption.
 Explain the following : a) Symmetric & Asymmetric Key Encryption
 What are the different components of Data Security in cloud?
 What do you understand by Big Data in cloud?