SECURITY DESIGN AND

ARCHITECTURE FOR
CLOUD
UNIT II
SECURITY DESIGN AND ARCHITECTURE FOR CLOUD:

Security design principles for Cloud Computing – Comprehensive data

protection – End-to-end access control – Common attack vectors and
threats – Network and Storage – Secure Isolation Strategies –
Virtualization strategies – Inter-tenant network segmentation strategies
– Data Protection strategies: Data retention, deletion and archiving
procedures for tenant data, Encryption, Data Redaction, Tokenization,
Obfuscation, PKI and Key
Security design principles for Cloud Computing
• Cloud computing provides on-demand access to computing
resources (IaaS, PaaS, SaaS).
• Security is a shared responsibility:
– Cloud provider → ensures infrastructure security.
– Cloud customer → ensures application/data security.
 Security Design
• Process of designing and implementing security measures and
control
• Key aspects:
– Cloud Service models
– Risk assessment and compliance
– Identity and Access Management
– Data Protection
– Network security
Shared Responsibility
 Security Design and Principles

Core Security Operational and Data and Access Operational

Principles Design Principles Management Readiness
Core Security Principles
• Confidentiality
• Integrity
• Availability
Operational and Design Principles
• Shared Responsibility Model: Understand and clearly define the security responsibilities of the cloud provider
versus the customer.

• Least Privilege:Grant users and services only the minimum necessary permissions
• Defense in Depth: Implement multiple layers of security controls and defenses so that if one layer fails, others remain to
protect the system.

• Continuous Monitoring and Auditing: Track and log all activities and changes within the cloud
environment to enable real-time detection of anomalies

• Automation: Automate security processes to improve consistency, scalability, and efficiency in managing security
• Secure by Design and Development: Integrate security considerations into the entire software development
lifecycle, from the initial design to deployment and operation.
Data and Access Management
• Data in Transit Protection
• Identity and Access Management (IAM)
• Data Protection

Operational Readiness
• Resilience and Disaster Recovery
• Secure Supply Chain
• Personnel Security
The principles
• Principle 1: Data in transit protection
• Principle 2: Asset protection and resilience
• Principle 3: Separation between customers
• Principle 4: Governance framework
• Principle 5: Operational security
• Principle 6: Personnel security
• Principle 7: Secure development
• Principle 8: Supply chain security
• Principle 9. Secure user management
• Principle 10: Identity and authentication
• Principle 11: External interface protection
• Principle 12: Secure service administration
• Principle 13: Audit information and alerting for customers
• Principle 14: Secure use of the service
 Comprehensive Data Protection
It means providing end-to-end security for data across its entire lifecycle in the cloud.

Comprehensive data protection ensures that data in the cloud is:

● Confidential → protected from unauthorized access.

● Integral → not altered or corrupted.

● Available → accessible when needed.

It covers data at rest, in transit, and in use.

Elements of Comprehensive Data Protection
• Data Encryption
• Access Control & Identity Management
• Backup & Disaster Recovery
• Data Loss Prevention (DLP)
• Compliance & Regulatory Protection
• Monitoring & Threat Detection
• Data Masking & Tokenization
 Challenges in Data Security
● Security breaches
● Loss or theft of sensitive data

● Application vulnerabilities and malware propagation

Threat Landscape
• Misconfigurations: Accidental exposure of cloud storage, databases, or APIs can leak
sensitive data.
• Compromised Identities: Phishing, weak passwords, or stolen API keys can allow
unauthorized access.
• Insider Threats: Employees or contractors may misuse or mishandle sensitive data.
• Ransomware & Data Breach: Attackers may encrypt or steal cloud data for ransom or resale.
• Regulatory Risks: Failure to comply with data sovereignty and privacy laws leads to
penalties.
 Identity & Access Management

• Centralized IAM: Manage permissions centrally with least-privilege access policies.

• Multi-Factor Authentication: Adds an extra layer of security beyond passwords for all critical accounts.
• Federated Access: SSO using SAML or OIDC integrates existing identity systems with the cloud.
• Short-lived Credentials: Use temporary session tokens and rotate API keys frequently.
• Secrets Management: Securely store API keys and passwords in vaults with automated rotation.
 Data Governance & Privacy
• Data Classification: Identify and label sensitive data (PII, PHI, PCI) for better protection.
• Data Minimization: Collect and store only what is necessary, reducing exposure risk.
• De-identification: Mask or anonymize personal data to prevent re-identification.
• Differential Privacy: Add statistical noise to datasets while enabling useful analysis.
• User Rights: Enable data subjects to access, delete, or correct their personal data (GDPR,
DPDP Act).
 GDPR – cloud data protection
• General Data Protection Regulation – European nations law suite – adopted
for international use
• Six types of cloud data protection;
• Risk evaluation: Understanding the risk level to define the cloud data protection
needed.
• Backups: Storing and maintaining a backup and recovery system.
• Encryption: Making the data unreadable to unauthorized intruders.
• Pseudonymisation: Masking or stripping personal identification data such as names
within data files.
• Access control: Restricting who can access your data.
• Destruction: Getting rid of sensitive data that is no longer needed.
Best Practices
• Evaluate built-in security
• Utilize file-level encryption
• Restrict access with strong credentials
• Secure end-user devices
Simple Case Study
MediHealth Cloud Migration:

MediHealth is a mid-sized healthcare startup that provides

patient management and telemedicine services across multiple
cities. To improve scalability and reduce costs, the company
decides to migrate its IT systems to the cloud.
.
Simple Case Study
The migration involves:
● IaaS (Infrastructure as a Service): Hosting patient records in virtual servers and
cloud databases.

● PaaS (Platform as a Service): Running its telemedicine application.

● SaaS (Software as a Service): Using third-party cloud analytics tools for health
data trends.
 Solution
1. Protecting Sensitive Data (PHI & PII)

a. Encryption at Rest → AES-256 applied to cloud databases and file storage.

b. Encryption in Transit → TLS 1.3 for all communications between apps, APIs, and
services.

c. Encryption in Use → Confidential computing (secure enclaves) so even cloud

providers can’t see active patient data.

Achieves Data Protection, Privacy by Design. (Protected Health Information (PHI) )

Solution
2. Ensuring Proper Access Control

a) Identity & Access Management (IAM) → Centralized IAM system (AWS IAM, Azure AD, or GCP
IAM).

b) Role-Based Access Control (RBAC) →

● Doctors: Full access to assigned patients.

● Nurses: Limited view-only access.

● Admins: Manage systems, no patient data access.

a) Multi-Factor Authentication (MFA) → Extra layer beyond passwords.

b) Single Sign-On (SSO) → Simplifies login while enforcing policies.

Achieves Least Privilege, Zero Trust.

 Solution
3. Meeting Compliance (HIPAA, GDPR)
● Data Classification → Label PHI/PII, apply special protections.

● Data Minimization & Pseudonymization → Store only required data, mask identifiers
when used for analytics.

● Data Sovereignty → EU patient data stored in EU regions (GDPR).

● Audit Logs → All access tracked for accountability.

Achieves Compliance, Privacy by Design.
 Solution
4. Preventing Threats (Ransomware, Misuse, Misconfigurations)
● Defense in Depth → Multiple security layers (network firewalls, IAM, monitoring, backups).

● Network Segmentation → VPCs & firewalls isolate workloads (records, admin, analytics separated).

● Continuous Monitoring → SIEM to detect anomalies, CSPM to prevent misconfigurations.

● Immutable Backups → 3-2-1 rule: 3 copies, 2 media types, 1 offsite.

Achieves Resilience, Security by Design

 Solution
5. Incident Response & Recovery
● Runbooks → Documented steps for handling breaches, ransomware, or insider misuse.

● Automated Alerts → SIEM alerts unusual logins or data transfers.

● Containment → IAM can auto-suspend compromised accounts.

● Recovery → Quick restore from immutable backups.

Achieves Preparedness, Continual Improvement.

1. Protecting Sensitive Data (PHI & PII)
2. Ensuring Proper Access Control
3. Meeting Compliance (HIPAA, GDPR)
4. Preventing Threats (Ransomware, Misuse, Misconfigurations)
5. Incident Response & Recovery
END-TO-END ACCESS CONTROL IN CLOUD
 Introduction
• End-to-end access control in cloud computing ensures that only authorized
users, devices, and applications can access cloud services, applications, and
data.
• It provides a secure mechanism that governs the entire lifecycle of access —
from identity verification and authentication to authorization, enforcement,
and monitoring.
Core Concept
• Access control refers to restricting who (user, device, or system) can access
what resources, and under what conditions.

• End-to-end means this control spans the full path of access, ensuring
security at every stage.

• It involves multiple layers: identity management, authentication,

authorization, encryption, and auditing.
Key Components
• 1. Identity and Access Management (IAM): Handles user accounts, roles, and
groups. Supports federation, single sign-on, and multi-factor authentication.
• 2. Authentication: Verifies identity using passwords, MFA, certificates, or tokens.
• 3. Authorization: Determines access using Role-Based (RBAC), Attribute-Based
(ABAC), or Policy-Based (PBAC) controls.
• 4. Data Protection: Uses encryption (in transit and at rest), tokenization, and key
management.
• 5. Auditing and Monitoring: Tracks access attempts, anomalies, and compliance
reporting.
 Cloud-Specific Implementations
• Major cloud providers integrate access control as part of their security
services:

• AWS Identity and Access Management (IAM): Provides fine-grained

permissions.

• Microsoft Azure Active Directory: Supports identity federation and

conditional access.

• Google Cloud IAM: Manages resource-level permissions and service

accounts.
 End-to-End Workflow Example
1. A user attempts to access a cloud resource (e.g., a database).
2. Identity provider verifies the user through authentication methods
like MFA.
3. The IAM system evaluates the roles and access policies.
4. Authorization engine determines if access is permitted.
5. The request is sent securely using encrypted channels (TLS/SSL).
6. Resource either grants or denies access.
7. All actions are logged for monitoring and auditing purposes.
Challenges in End-to-End Access Control
• Managing access across hybrid and multi-cloud environments.
• Ensuring least-privilege principles for large organizations.
• Balancing usability with stringent security (avoiding access
fatigue).
• Meeting compliance and regulatory requirements (GDPR, HIPAA,
ISO 27001).
Week 1 MCQ Not Completed List
715523244003
715523244007
715523244007
715523244022
715523244024
715523244038
715523244043
715523244045
715523244050
715523244051
715523244059 ,
715523244060,
715523244304
Common attack vectors and threats

Attack vectors

• Specific paths or methods that cyber attackers use to gain

unauthorized access to a system, network, or application.

• Entry points for attacks

• Passive attack vectors - Eavesdropping and Network Sniffing

• Active attack vectors

• Compromised Credentials
• Misconfigured Cloud Services
• Insecure APIs & Endpoints
• Unpatched Cloud Workloads
• Insider Threats
• Supply Chain Attacks in Cloud
• Denial-of-Service
• Shadow IT & Unauthorized Cloud Usage
• Malware
• Phishing
• Missing or weak encryption
• Man-in-the-Middle (MITM) Attacks
 Common threats

• Data Breaches (Unauthorized access to sensitive data stored in the cloud)

• Account Hijacking (Attackers steal or compromise valid cloud user accounts )
• Privilege Escalation (Attackers gain higher-level permissions than intended )
• Data Loss & Leakage (Permanent loss or unintentional exposure of data due to deletion,
misconfiguration, or attack)
• Service Hijacking / Resource Abuse (Attackers take over cloud services or exploit cloud
resources for their own use)
• Compliance Violations (Failure to meet regulatory requirements)
• Crypto-Jacking(Unauthorized use of cloud resources to mine cryptocurrency)
Network and Storage
Network
❏ Cloud networks are virtualized and must be protected against threats such as data
interception, unauthorized access, and DDoS.

❏ Prevent unauthorized access, keep traffic safe, and maintain availability

Firewalls & Security Groups → Control inbound/outbound traffic to VMs and

services.

Network Segmentation (VPC, Subnets, VLANs) → Isolate workloads to reduce

attack surface.

Encryption in Transit (TLS, IPsec, VPNs) → Protects data as it travels across the
cloud.
Network

Zero Trust Networking → Every user/device must be verified, even inside the
cloud network.

Intrusion Detection/Prevention Systems (IDS/IPS) → Monitor traffic for

anomalies or attacks.

DDoS Protection → Cloud providers (AWS Shield, Azure DDoS Protection)

mitigate massive attacks.
Storage
Cloud storage holds critical business and customer data, making it a top
target for attackers.
Encryption at Rest → Data is encrypted when stored (AES-256, KMS keys).

Access Controls (IAM, ACLs, Policies) → Limit who can read/write/delete data.

Multi-Factor Authentication (MFA) → Protect access to storage accounts.

Data Loss Prevention (DLP) → Prevent accidental sharing or exposure of

sensitive data.
 Storage
Backups & Snapshots → Regular backups prevent permanent loss after
ransomware or errors.

Versioning & Replication → Protects against accidental deletion and ensures

durability across regions.

Compliance & Logging → Storage must meet standards like GDPR, HIPAA, and
all access should be logged for audits.
Secure Isolation Strategies
It refer to the mechanisms and best practices used to ensure that workloads,
applications, and data belonging to different tenants (users or organizations) remain
separated and protected from each other in a multi-tenant cloud environment.
Since cloud providers host multiple customers on shared infrastructure, strong
isolation is essential to prevent data leakage, unauthorized access, or privilege
escalation.
key secure isolation strategies:
1. Virtualization-Based Isolation
2. Network Isolation
3. Storage Isolation
Virtualization-Based Isolation

It uses a virtualization layer (hypervisor / VMM) and related OS/kernel

features to make multiple guest workloads look like they run on
separate machines, so one guest (or tenant) cannot read, tamper with, or
interfere with another. It’s the foundation of multi-tenant cloud security
for compute.
Physical server (CPU, RAM, NIC, PCI devices, TPM)
└─ Hardware virtualization features (VT-x/AMD-V, VT-d/AMD-Vi,
EPT/NPT, TPM)
└─ Host OS / Minimal management OS (control plane)
└─ Hypervisor / VMM (Type-1 or Type-2)
├ Guest VM A (guest OS + virtual devices)
├ Guest VM B
└─ MicroVMs / Containers (share kernel)
Types of virtualization & their isolation
semantics
• Full virtualization (e.g., VMware ESXi, KVM): Isolation relies on the
hypervisor trapping privileged instructions and enforcing memory
separation.
• Paravirtualization (e.g., Xen PV, virtio drivers): Isolation still
enforced by hypervisor but some device/driver boundaries are more
shared—requires secure driver design.
• Hardware-assisted virtualization (Intel VT-x / AMD-V + EPT/NPT):
CPU provides VM support to reduce hypervisor complexity and
improve isolation performance.
• OS-level virtualization (containers): containers share the host kernel
(namespaces + cgroups). Isolation is lighter.
Core technical isolation mechanisms
• Memory isolation:
Guest physical addresses are mapped to host physical addresses via two-level page tables.
The hypervisor controls those mappings and enforces separation.
• CPU / execution isolation

vCPUs are scheduled on host physical CPUs. The hypervisor enforces privilege separation
by trapping privileged operations (VM-exit).
• I/O and device isolation

Virtual devices (emulated or paravirtualized like virtio) keep device access under hypervisor
control.
• Network & virtual switch isolation

vNICs, virtual switches, VLANs, VxLAN, security groups, and microsegmentation control
traffic between guests and to the management plane.
• Storage isolation

Virtual disks (raw, qcow2, VMDK) are allocated per guest; snapshots and shared images
must be access-controlled and encrypted.
Lets try MCQ!
1. In a multi-tenant cloud environment, the primary purpose of secure
isolation strategies is to:
a) Improve application user experience
b) Prevent data leakage and unauthorized access between tenants
c) Increase network bandwidth
d) Reduce the cost of physical hardware
1. Answer: b) Prevent data leakage and unauthorized access between
tenants
2. Which of the following virtualization types relies on the hypervisor trapping
privileged instructions to ensure isolation?
a) Full virtualization
b) Paravirtualization
c) OS-level virtualization
d) Hardware-assisted virtualization
2. Answer: a) Full virtualization
3. In hardware-assisted virtualization, features like Intel VT-x/AMD-V
and EPT/NPT mainly help to:
a) Eliminate the need for a hypervisor
b) Reduce hypervisor complexity and improve isolation performance
c) Allow direct guest-to-guest communication
d) Replace storage isolation mechanisms
3. Answer: b) Reduce hypervisor complexity and improve isolation
performance
4. Which layer enforces memory isolation by controlling the mapping of
guest physical addresses to host physical addresses?
a) Host Operating System
b) Guest Operating System
c) Hypervisor
d) Virtual NIC
4. Answer: c) Hypervisor
5. Containers (OS-level virtualization) provide lighter isolation because:
a) Each container uses its own hypervisor
b) Containers share the host kernel via namespaces and cgroups
c) They run directly on bare-metal without virtualization
d) Containers have independent hardware resources
5. Answer: b) Containers share the host kernel via namespaces and
cgroups
Inter-tenant network segmentation strategies
Inter-tenant network segmentation strategies are the security measures used to keep
one tenant’s network traffic completely separated from another’s.

Without segmentation:
● Traffic from one tenant might “spill over” into another tenant’s space.

● Attackers could launch sniffing attacks, lateral movement, or denial-of-service on

other tenants.

● Compliance (e.g., GDPR, HIPAA, PCI DSS) would be violated.

So, segmentation is the wall that separates different tenants’ network traffic.
 Segmentation
Segmentation means dividing a large system into smaller, separate parts (segments) to
improve security, performance, or management.
In networking/security, segmentation is the practice of splitting a network into smaller,
isolated subnetworks, so that traffic in one segment cannot freely move into another
unless explicitly allowed.
Types of Segmentation
Physical Segmentation
● Different physical devices (switches, routers, servers) separate traffic.

Logical Segmentation
● Achieved using software/network settings on the same hardware.

Micro-Segmentation
● Very fine-grained separation inside a data center or cloud.
 Strategies for Inter-Tenant Segmentation
Physical Segmentation
● Each tenant is placed on separate physical hardware (servers, switches, firewalls).

● Strongest isolation but very expensive.

● Used in dedicated cloud / government or defense workloads.

Logical Segmentation
● Uses network virtualization to keep tenants isolated even if they share the same hardware.

● Examples:

○ VLANs (Virtual LANs): Assign each tenant its own VLAN ID. Traffic tagged with that ID stays isolated.

○ VXLANs / GRE tunnels: Create overlays for large-scale multi-tenant networks. Each tenant gets a unique
tunnel.
Software-Defined Networking (SDN) Segmentation

Programmable control plane defines isolation dynamically.

Example: In OpenStack Neutron or Kubernetes, SDN controllers (like

OpenDaylight, ONOS) can enforce policies so Tenant A’s pods/VMs cannot
talk to Tenant B’s.

Supports micro-segmentation (isolation not only between tenants, but also

between workloads inside the same tenant).
 Data Protection strategies
• It means safeguarding sensitive data throughout its lifecycle (creation, storage, transfer,
use, and deletion) in a cloud environment. Since data in the cloud is stored on shared
infrastructure and accessed remotely, strong protection strategies are essential to prevent
data breaches, unauthorized access, leakage, and compliance violations.
• Data Encryption
• Data retention
• Deletion and archiving procedures for tenant data
• Data Redaction
• Tokenization
• Obfuscation
• PKI and Key
Data retention

• Data Retention refers to the policies, practices, and rules that define
how long data is stored (retained) and when it should be archived or
deleted.
• Data Retention is the process of storing organizational or customer data
for a specified duration.
Importance:
• Regulatory Compliance – Many laws (e.g., GDPR, HIPAA, PCI-DSS, Indian IT Act)
require that certain data be kept for a fixed time (e.g., financial records for 7 years).
• Business Continuity – Keeps records for audits, dispute resolution, or recovery from
failures.
• Security & Privacy – Reducing retention limits exposure. If you keep data unnecessarily, it
increases risk of breaches.
• Cost Optimization – Cloud storage costs money. Retention policies prevent unnecessary
storage expenses.
Key Elements of Data Retention
• Retention Periods – Define how long different types of data
• Archiving – Move older, infrequently used data to cheaper or slower
storage
• Secure Disposal – Data must be permanently deleted after the
retention period.
• Automation in Cloud – Cloud providers (AWS, Azure, GCP) offer
lifecycle policies
Example:
Imagine a university using cloud storage:
• Student admission records → Retain 5 years after graduation.
• Financial transactions → Retain 7 years (per law).
• CCTV recordings → Retain only 30 days (privacy + storage cost).
• After expiry → Data securely deleted.
Deletion and Archiving Procedures for Tenant Data
Data Deletion Procedures
Data deletion ensures that when a tenant no longer needs data (or their contract ends), the data
is permanently removed and unrecoverable.
Logical Deletion
• Mark data as deleted in the system (e.g., flagged in database).
Secure Overwriting (Data Wiping)
• Overwrite storage blocks with random patterns or zeros multiple times.
Cryptographic Erasure
• Data is encrypted with a tenant-specific key.
• When deletion is requested → encryption key is destroyed.
Physical Media Destruction (for hardware decommissioning)
• Hard drives, SSDs, and backup tapes are shredded, melted, or degaussed.
• Compliance-Based Retention Rules
• Some laws (e.g., tax data, healthcare records) require data to be retained for years before
deletion.
 Data Archiving Procedures
Archiving is about moving inactive or less frequently accessed tenant data to
cheaper, long-term storage, instead of deleting it.
• Classification
Identify which tenant data is active (in-use) vs inactive (historical).
• Archival Storage
Move data to cold storage tiers (e.g., Amazon S3 Glacier, Azure Archive Storage,
Google Coldline).
• Indexing & Retrieval
Archived data must remain searchable and retrievable for audits, compliance, or legal
cases.
• Retention & Expiry Rules :Define how long archived data is kept.
• Encryption & Access Control
Archived tenant data is encrypted (at rest and during retrieval).
Data Redaction
• Data Redaction is the process of masking, removing, or obscuring
sensitive information from documents, databases, or files before
sharing or storing them, so that unauthorized users cannot view
confidential details.
Purpose of Data Redaction
• Prevent exposure of Personally Identifiable Information (PII) (e.g.,
names, SSNs, Aadhaar, addresses).
• Protect financial data (e.g., credit card, bank account details).
• Ensure compliance with laws like GDPR, HIPAA, PCI-DSS.
• Reduce risk of data leaks or insider threats.
 Working of Data Redaction
•Identify sensitive fields in data (e.g., Aadhaar number, medical records).
•Apply redaction methods such as:
•Replacing with symbols → XXXX-XXXX-1234
•Masking partially → **** **** **** 4321
•Removing entirely → [REDACTED]
•Control visibility → Different users see different levels of detail depending on their
access rights.

Types of Data Redaction

1.Static Redaction – Permanent masking/removal in stored documents (e.g., legal
files).
2.Dynamic Redaction – Data is hidden in real time depending on the viewer’s access
rights.
Tokenization
Tokenization is a core data protection strategy that is often used alongside encryption and
masking.

Tokenization is the process of replacing sensitive data (like credit card numbers, Aadhaar IDs, or
health records) with a random, non-sensitive placeholder (token).

● The real data is securely stored in a token vault.

● The token has no exploitable meaning or value if stolen.

● Authorized systems can map the token back to the original data when needed.

👉 Example:
● Original: 4111 5678 9876 1234 (credit card)

● Tokenized: TKN-5938471928374650
How it works?
1. Data Capture – Sensitive data (e.g., card number) is sent to a tokenization server.

2. Token Generation – A random token is generated:

a. Format-preserving (looks like the original, e.g., 4111-XXXX-XXXX-1234).

b. Non-format-preserving (completely random string, e.g., TKN-45892ABX).

3. Secure Vault Storage – Original data is stored in a high-security database (vault).

4. Return Token – Token sent back to apps/systems for storage/processing.

5. De-tokenization – Only authorized systems can retrieve the original data by querying
the vault.
Tokenization Architecture
Token Vault: Centralized database that securely stores the mapping of tokens ↔
real data.

Tokenization Engine: Service that generates and manages tokens.

Access Control: IAM policies ensure only authorized apps/users can detokenize.

APIs: Cloud providers often expose REST APIs for tokenization/detokenization.

Types of Tokenization

Vault-Based Tokenization

● Token ↔ Original mapping stored in a secure vault.

● Simple but adds latency (lookups required).

Vaultless Tokenization
● Uses algorithms (like format-preserving encryption) to generate tokens without a central vault.

● Faster and scalable, but more complex to implement.

Format-Preserving Tokenization
● Tokens look similar to original (e.g., 16-digit card → 16-digit token).

● Useful where format compatibility matters (legacy apps, databases).

Use Cases
● Finance / Payments

○ Credit/debit card tokenization (Visa, Mastercard, UPI, Apple Pay, Google Pay).

○ PCI-DSS compliance → merchants don’t store raw card details.

● Healthcare

○ Protecting PHI (Protected Health Information) under HIPAA.

○ Patient records tokenized to preserve privacy during analytics.

● Cloud Applications

○ Cloud databases (AWS, Azure, GCP) tokenize PII before storing.

○ SaaS apps use vaultless tokenization for scalability.

● Data Analytics

○ Analysts work on tokenized datasets without exposing raw sensitive data.

Obfuscation
Obfuscation is the process of making data, code, or communication difficult to
understand or interpret, even if someone gains access to it.
The goal is not necessarily to make data completely unreadable (like encryption)
but to make it confusing, less useful, or harder to exploit by unauthorized users.

How Obfuscation Works

Transformation – Modify the data or code into a form that looks random or
confusing.

Reversibility – Some obfuscation is reversible (authorized users can restore it),

while some is one-way.

Usage Context – Obfuscated data/code is still usable by systems but harder to

interpret by humans or attackers.
Examples of Data Obfuscation
Data-Level Obfuscation

● Replace actual values with scrambled ones during testing.

● Example: Customer name “Ravi Kumar” → “Xavq Ltnes”.

Code Obfuscation (Software Security)

● Modify source code to hide logic while keeping functionality intact.

● Example: Variable salary renamed to x9aB_12.

Database Obfuscation
● Hide sensitive fields when providing sample databases to developers.

Log Obfuscation
● Remove or scramble sensitive info before writing logs (e.g., passwords, tokens).