Unit 7: Security in Cloud Computing

Cloud Computing- Pokhara University

1. Cloud Security
● Cloud security refers to the practices, technologies, and measures implemented to
protect data, applications, and infrastructure in cloud computing environments.

● Key elements of cloud security include data protection, access control, threat detection
and prevention, encryption, and compliance with regulations and standards.

● Cloud providers implement security measures at the physical, network, and virtualization
layers to ensure the integrity and confidentiality of customer data.

● Customers have the responsibility to implement proper security configurations, manage

access controls, and apply encryption for their cloud resources.
1. Cloud Security
● Security features such as identity and access management (IAM), firewalls, help protect
against unauthorized access and cyber threats.

● Regular security assessments, vulnerability scanning, and penetration testing are essential
to identify and mitigate potential ris ks and vulnerabilities.

● Backup and disaster recovery strategies are crucial for data protection and business
continuity.

● Compliance with industry regulations and standards, such as GDPR, HIPAA, or PCI DSS, is
essential for ensuring the privacy and security of sensitive data.
1. Cloud Security
● Cloud security is a shared responsibility between the cloud provider and the customer.
1.1. Cloud SecurityThreats
● It refer to the ris ks and vulnerabilities that can compromise the security and integrity
of data, applications, and infrastructure in cloud computing environments.

● Common cloud security threats include DDoS, unauthorized access, insider threats,
insecure APIs, insecure configurations, account hijacking, and more.

● Data breaches occur when sensitive data is accessed or exposed without

authorization, leading to privacy violations and potential misuse of information.

● Unauthorized access refers to unauthorized individuals gaining access to cloud

resources, leading to data manipulation, theft, or disruption of services.
1.1. Cloud SecurityThreats
● Insider threats involve malicious or negligent actions by individuals with authorized
access to cloud resources, leading to data leaks, sabotage, or unauthorized access to
sensitive information.

● Insecure APIs (Application Programming Interfaces) can expose vulnerabilities in the

interface between cloud services and applications, allowing attackers to exploit
weaknesses and gain unauthorized access.

● Insecure configurations occur when cloud resources are not properly configured,
leaving them vulnerable to attacks. Misconfigurations can include weak access
controls, open ports, or default settings that could be exploited by attackers.
1.1. Cloud SecurityThreats
● Account hijacking involves unauthorized access to user accounts, which can result in
data theft, service disruption, or unauthorized control over cloud resources.

● A DDoS (Distributed Denial of Service) attack involves multiple compromised devices,

often forming a botnet.

● Which are orchestrated to flood the targeted cloud infrastructure with a high volume
of traffic, exceeding its capacity to handle requests and overloading the system.

● This can render cloud services inaccessible or significantly degrading their

performance.
 1.1. Cloud SecurityThreats
● To mitigate cloud security threats, organizations
can implement:

● strong access controls,

● regular vulnerability assessments,
● encryption of data at rest and in transit,
● continuous monitoring,
● employee awareness and training programs.
2. SecurityasaService
● Security as a Service (SECaaS) refers to the delivery of security services through a
cloud computing model.

● It involves outsourcing security functions to a third-party provider who delivers

security solutions and manages security controls remotely.

● SECaaS is an increasingly popular data security solution for corporations because it is

easier to scale as the business grows.

● It also makes it possible to circumvent the expense of establishing an elaborate on-

premises security architecture.
2. SecurityasaService

● Bene fits of Security-as-a-Service (SECaaS):

● Cost Savings
● Because you are subscribing to a cloud-based service, you can choose the subscription
tier that fits your needs.
● In this way, you avoid overspending on security services that carry little or no benefit for
your organization.

● Access to Security Experts

● With SECaaS, you get experienced, knowledgeable security experts.
● Whereas if you use your in-house team, they may lack specific knowledge or be
stretched so thin with other initiatives that they cannot focus on cybersecurity the way
you need them to.
2. SecurityasaService

● Latest Security Tools and Updates

● With a subscription to a SECaaS provider, you do not have to worry updates because
the provider constantly installs the most recent iterations of security software.
● In addition, if a new tool appears on the landscape, they are more likely to be aware
of it than an internal cybersecurity team.

● Faster Provisioning
● With a SECaaS offering, you can scale up or down quickly, deploying security
measures according to your needs at will.
● You simply tell the provider which security services you need, and they can roll
them out.
2. SecurityasaService

● Simpler In-house Management

● With SECaaS, you can manage who has access to which areas of your network and
which applications.

● This way, people can be limited to using only what they need to do their jobs.

● Free Up Resources
● With SECaaS in place, your I T team, chief information officer (CIO), and chief
technology officer (CTO) can focus on meeting other organizational objectives.
3. Data Security
● Data security refers to the protection of data from unauthorized access, disclosure,
alteration, or destruction.

● Today, we’re living in the era of big data, with companies generating, collecting, and
storing vast amounts of data by the second.

● Ranging from highly confidential business or personal customer data to less sensitive
data like behavioral and marketing analytics.

● With data and applications no longer living inside your data center, companies mu st
solve how to protect data and manage access to that data as it moves across and
through multiple environments.
3. Data Security
● Cloud data security best practices follow the same guiding principles of information
security and data governance:
● Data Confidentiality: Data can only be accessed or modified by authorized people or
processes.
● Data Integrity: The key here is to implement policies or measures that prevent your
data from being tampered with or deleted.
● Data Availability: While you want to stop unauthorized access, data still needs to be
available and accessible to authorized people and processes when it’s needed.

● Often referred to as the CIA triad, these three broad pillars represent the core concepts
that form the basis of strong, effective security infrastructure
4. Dimension of Cloud Security
● Dimensions of cloud security refer to different aspects or areas of concern that need to be
addressed to ensure the security of cloud computing environments. Some of them are:

● Data Security: Protecting data confidentiality, integrity, and availability.

● IAM: Managing user identities and access to cloud resources.

● Network Security: Securing the cloud network infrastructure.

● Application Security: Protecting applications from vulnerabilities and attacks.

● Physical Security: Ensuring physical protection of data centers and facilities.

4. Dimension of Cloud Security

● Compliance and Governance: Meeting regulatory requirements and internal policies.

● Incident Response and Recovery: Handling security incidents and recovering from
breaches.

● Threat Intelligence and Monitoring: Continuous monitoring and threat detection.

● Cloud Provider Security: Evaluating the security practices of cloud service providers.

● Security Awareness and Training: Educating users about security ris ks and best
practices.
5. Cloud Security Mechanism
● Cloud Security Mechanisms refer to the measures and techniques used to protect
cloud computing environments.

● Cloud security mechanisms like SSO, IAM, Hashing and Digital Signatures play vital
roles.

● They help in protecting cloud resources, securing user access, ensuring data integrity,
and enabling secure communication within cloud computing environments.

● Implementing these mechanisms helps mitigate security ris ks and strengthens the
overall security posture of cloud deployments.
5.1. SSO, IAM, Hashing and Digital Signatures
● Single Sign-On (SSO):
● SSO enables users to authenticate once and access multiple cloud services or
applications without the need for separate login credentials.
● It enhances security by reducing password-related ris ks and providing centralized
user access control.

● Identity and Access Management (IAM):

● IAM is a framework that manages user identities, roles, and permissions within a
cloud environment.

● It ensures proper authentication, authorization, and access controls.

● Allow organizations to enforce least privilege principles and prevent unauthorized
access.
5.1. SSO, IAM, Hashing and Digital Signatures
IAM SSO
5.1. SSO, IAM, Hashing and Digital Signatures
● Hashing:
● It’s a cryptographic technique that transforms data into a fixed-size hash value.
● In cloud security, hashing is used to protect passwords or sensitive data by converting
them into unique hashes.
● It helps ensure data integrity and prevents unauthorized retrieval of original values.

● Digital Signatures:
● They provide authenticity, integrity, and non-repudiation of digital documents or
messages.
● They use cryptographic algorithms to create a unique digital fingerprint, which can be
verified to ensure the integrity and origin of the data.
● Often used in cloud environments to validate the authenticity of data and ensure
secure transactions.
5.1. SSO, IAM, Hashing and Digital Signatures
6. SecurityIssuesandRecommendationsof VM

● Security Issues and Recommendations of VM:

● Unauthorized Access: Implement strong access controls and authentication

mechanisms to prevent unauthorized access to VMs.

● Hypervisor Vulnerabilities: Regularly update and patch the hypervisor software to

mitigate vulnerabilities. Apply security hardening practices and isolation
techniques.

● VM Escape Attacks: Implement strict isolation and security measures between VMs
and the host. Keep VM software and operating systems updated.
6. SecurityIssuesandRecommendationsof VM
● Insecure VM Configurations: Follow security best practices and conduct regular
security assessments to identify and remediate misconfigurations.

● Data Breaches: Apply strong encryption to protect data at rest and in transit within
VMs. Implement proper access controls and data classification.

● Insider Threats: Implement least privilege access controls, conduct background

checks, and establish monitoring mechanisms to detect and respond to insider
threats.
7. Securityissuesin cloud servicemodels
● Some security issues in cloud service models:

● Infrastructure as a Service (IaaS):

● Insecure API and Management Interfaces: Vulnerabilities in APIs and management

interfaces can lead to unauthorized access, data breaches, or VM escape attacks.

● Data L oss and Data Residency: Data stored in IaaS environments may be at ris k of loss,
unauthorized access, or non-compliance with data residency regulations.

● Insufficient Network Security: Improperly configured network security controls can

expose IaaS instances to external threats and attacks.
7. Securityissuesin cloud servicemodels
● Platform as a Service (PaaS):

● Insecure Application Development: Inadequate security practices during application

development can result in vulnerabilities and expose PaaS applications to attacks.

● Insecure Data Storage and Access Controls: Weak data storage mechanisms and
improper access controls can lead to unauthorized access, data leakage, or data
integrity issues.

● Limited Control over Security Measures: As the underlying infrastructure is

managed by the cloud provider, organizations may have limited control over security
configurations and measures.
7. Securityissuesin cloud servicemodels
● Software as a Service (SaaS):

● Data Leakage and Privacy: SaaS applications may handle sensitive data, and
inadequate data security measures can lead to data leakage or privacy breaches.

● Lack of Transparency: Limited visibility into the security practices, policies, and
infrastructure of the SaaS provider can raise concerns about compliance and
security controls.

● Insider Threats: Authorized users within the SaaS provider can pose insider threats,
potentially accessing or manipulating customer data.
8. Disaster Managementin cloud computing
● Disaster management in cloud computing involves proactive planning, resource
redundancy, data protection, and well-defined processes.

● These helps to minimi ze the impact of disasters and ensure business continuity.

● Some ways to implement disaster management are:

● Data Backup and Replication: Regularly backup and replicate critical data.

● Disaster Recovery Planning: Develop a comprehensive recovery plan.

● Hi gh Availability Architectures: Design fault-tolerant architectures.

● Load Balancing and Auto-Scaling: Balance workloads and scale resources dynamically.
8. Disaster Managementin cloud computing
● Geographically Distributed Resources: Deploy resources across multiple regions.

● Continuous Data Replication: Replicate and synchronize data in real-time.

● T esti ng and Simulation: Conduct regular recovery tests.

● Communication and Incident Response: Establish clear communication channels.

● Cloud Provider Support: Evaluate provider's disaster recovery capabilities.

● Security and Compliance Considerations: Ensure security and compliance during

recovery.
9. Challengesof Cloud Security

● Some challenges that can be seen in Cloud Security are:

● Data Breaches: Ri sk of unauthorized access and data breaches.

● Lack of Control: Limited control over security configurations and measures.

● Compliance and Regulatory Requirements: Meeting industry-specific compliance

standards and data protection regulations.

● Shared Infrastructure Risks: Vulnerabilities affecting multiple tenants in a shared

environment.
9. Challengesof Cloud Security
● Insider Threats: Potential threats from authorized users within the cloud provider.

● Data Loss and Recovery: Ensuring backup, replication, and recovery mechanisms.

● Identity and Access Management: Managing user identities and access controls.

● Security Monitoring and Incident Response: Timely detection and response to

security incidents.

● Encryption and Data Protection: Implementing strong encryption practices.

● Cloud Service Provider T rust : Establishing trust in the security capabilities of cloud
providers.
T H A N K YOU!