CC PPT6 PDF

SECURITY
IN
CLOUD
COMPUTING
S U B J E C T T E A C H E R : S H AV E T A K A L S I , A S S I S T A N T P R O F E S S O R ( C S E )
DAV INSTITUTE OF ENGINEERING & TECHNOLOGY, JALANDHAR

CLOUD COMPUTING SECURITY
• Cloud Computing Security consists of a set of policies, controls, procedures and
technologies that work together to protect cloud-based systems, data, and infrastructure
from threats.
• From authenticating access to filtering traffic, cloud security can be configured to the
exact needs of the business. Cloud computing is the delivery of hosted services,
including software, hardware, and storage, over the Internet.
• With cloud web security; traffic gets to the cloud instead of being routed to the servers
directly. The cloud analyses the traffic and only allow the legitimate users to gain
access. Any traffic that the cloud does not approve, it blocks it from getting to the
server.
• Cloud providers host services on their servers through always-on internet connections.
Since their business relies on customer trust, cloud security methods are used to keep
client data private and safely stored. However, cloud security also partially rests in the
client’s hands as well. Understanding both facets is pivotal to a healthy cloud security
solution.
DAV INSTITUTE OF ENGINEERING & TECHNOLOGY, JALANDHAR Shaveta Kalsi, CSE Deptt
WHAT ALL TO SECURE
• Physical networks — routers, electrical power, cabling, climate controls, etc.
• Data storage — hard drives.
• Data servers — core network computing hardware and software.
• Computer virtualization frameworks — virtual machine software, host machines,
and guest machines.
• Operating systems (OS) — software that houses.
• Middleware — Application Programming Interface (API) management.
• Runtime environments — execution and upkeep of a running program.
• Data — all the information stored, modified, and accessed.
• Applications — traditional software services (emails).
• End-user hardware — computers, mobile devices, Internet of Things (IoT) devices.
WHAT MAKES CLOUD SECURITY
DIFFERENT
• Data storage: The biggest distinction is that older models of IT relied heavily upon onsite data storage.
Organizations have long found that building all IT frameworks in-house for detailed, custom security
controls is costly and rigid. Cloud-based frameworks have helped offload costs of system development
and upkeep, but also remove some control from users.
• Scaling speed: Cloud security demands unique attention when scaling organization IT systems. Cloud-
centric infrastructure and apps are very modular and quick to mobilize. While this ability keeps systems
uniformly adjusted to organizational changes, it does poses concerns when an organization’s need for
upgrades and convenience outpaces their ability to keep up with security.
• End-user system interfacing: For organizations and individual users alike, cloud systems also interface
with many other systems and services that must be secured. Access permissions must be maintained from
the end-user device level to the software level and even the network level. Beyond this, providers and
users must be attentive to vulnerabilities they might cause through system access behaviors.
• Proximity to other networked data and systems: Since cloud systems are a persistent connection
between cloud providers and all their users, this substantial network can compromise even the provider
themselves. In networking landscapes, a single weak device or component can be exploited to infect the
rest. Cloud providers expose themselves to threats from many end-users that they interact with, whether
they are providing data storage or other services.
Data Breaches
Hijacking of Accounts & Services
Insider Threat
CLOUD
Malware Injection
SECURITY
RISKS & Insecure APIs
CHALLENGES Denial of Service Attacks
Shared Vulnerabilities
Data Loss
Vendor Lock-in
1. Data Breaches
A data breach exposes confidential, sensitive, or protected information to an unauthorized person.
The files in a data breach are viewed and shared without permission. Anyone can be at risk of
a data breach from individuals to high-level enterprises and governments. Examples of
a breach might include loss or theft of hard copy notes, USB drives, computers or mobile devices.
An unauthorized person gaining access to your laptop, email account or computer network can
send an email with personal data to the wrong person. Since cloud computing is the technology
that delivers on-demand services pertaining to infrastructure, software and platforms, it is
vulnerable to various kinds of data breaches. Unless there is assurance to have security
mechanisms in place, data owners express security concerns to outsource their data to public
cloud.
2. Hijacking of Accounts & Services
The growth and implementation of the cloud in many organizations has opened a whole new set
of issues in account hijacking. Attackers now have the ability to use your login information to
remotely access sensitive data stored on the cloud. Additionally, attackers can falsify and
manipulate information through hijacked credentials. Other methods of hijacking include reused
passwords, which allow attackers to easily and often steal credentials without detection. Phishing,
keylogging are all present similar threats. However, the most notable new threat known as
the Man In Cloud Attack.
• Keylogger attacks are one of the oldest forms of cyber threats. It reads and logs
keystrokes and can recognize patterns to make finding passwords easier. Keyloggers are
spread through malware, USB sticks, and software and hardware bugs. A software
keylogger is put on a computer when the user downloads an infected application. Once
installed, the keylogger monitors the keystrokes on the operating system you are using,
checking the paths each keystroke goes through. In this way, a software keylogger can
keep track of your keystrokes and record each one.
• Phishing attacks are the practice of sending fraudulent communications that appear to
come from a reputable source. It is usually done through email. The goal is to steal
sensitive data like credit card and login information, or to install malware on the victim's
machine.
• In Man-in-the-cloud attack, hackers are able to steal data, as well as control access to
user’s whole drives and all the documents inside. One example of a MITM attack is active
eavesdropping, in which the attacker makes independent connections with the victims and
relays messages between them to make them believe they are talking directly to each other
over a private connection, when in fact the entire conversation is controlled by the attacker.
3. Insider Threat
An attack from inside your organization may seem unlikely, but the insider threat does exist.
Employees can use their authorized access to an organization’s cloud-based services to misuse or
access information such as customer accounts, financial forms, and other sensitive information.
This occurs when an insider intentionally or unintentionally misuses access to negatively affect
the confidentiality, integrity, or availability of the organization's critical information or systems.
An insider threat is the misuse of information through malicious intent, accidents or malware. E.g.
The employee who sold company data for financial gain or the employee who stole trade secrets.
4. Malware Injection
Malware injection attacks are done to take control of a user's information in the cloud. The most
common forms of malware injection attacks are cross-site scripting attacks and SQL injection
attacks. In Cloud Malware Injection Attack, an attacker tries to inject malicious service or virtual
machine into the cloud. In this type of attack attacker creates its own malicious service
implementation module (SaaS or PaaS) or virtual machine instance (IaaS) and try to add it to
the Cloud system. Malware injections are scripts or code embedded into cloud services that act as
“valid instances” and run as SaaS to cloud servers. This means that malicious code can be injected
into cloud services and viewed as part of the software or service that is running within the cloud
servers themselves. Once an injection is executed and the cloud begins operating in tandem with
it, attackers can eavesdrop, compromise the integrity of sensitive information, and steal data.
5. Insecure APIs
Application Programming Interfaces give users the opportunity to customize their cloud
experience. However, APIs can be a threat to cloud security because of their very nature. Not only
do they give companies the ability to customize features of their cloud services to fit business
needs, but they also authenticate, provide access, and effect encryption. As the infrastructure of
APIs grows to provide better service, so do its security risks. The vulnerability of an API lies in
the communication that takes place between applications. While this can help programmers and
businesses, they also leave exploitable security risks. APIs give programmers the tools to build
their programs to integrate their applications with other job-critical software. A popular and simple
example of an API is YouTube, where developers have the ability to integrate YouTube videos
into their sites or applications.
6. Denial of Service Attacks
In cloud computing, a DoS attack can be described as an attack designed to prevent some cloud
computing service or network resource unavailable to its intended users temporarily. Unlike other
kind of cyberattacks, DoS assaults do not attempt to breach your security perimeter. Rather, they
attempt to make your website and servers unavailable to legitimate users. DoS attacks typically
function by overwhelming or flooding a targeted machine with requests until normal traffic is
unable to be processed, resulting in denial-of-service to addition users. A DoS attack is
characterized by using a single computer to launch the attack. DDoS (Distributed Denial of
Service) is a cloud-specific attack in which attack source is always more than one; multiple
machines attacks on a user by sending packets with large data overhead. Such attacks make the
resources unavailable to the user by overwhelming the network with unwanted traffic.
7. Shared Vulnerabilities
Cloud security is a shared responsibility between the provider and the client. This partnership
between client and provider requires the client to take preventative actions to protect their data.
While major providers like Dropbox, Microsoft, and Google do have standardized procedures to
secure their side, fine grain control is up to you, the client.The bottom line is that clients and
providers have shared responsibilities and omitting any can result in data being compromised.
8. Data Loss
Data loss is a process or event that results in data being corrupted, deleted and/or made unreadable
by a user or software/ application. It occurs when one or more data elements can no longer be
utilized by the data owner or requesting application. Data loss is also known as data leakage.
Cloud data can be lost by accidental deletion/user error, overwriting data, malicious actions,
natural disaster, or a data wipe by the service provider. Securing your data means carefully
reviewing your provider’s back up procedures as they relate to physical storage locations, physical
access, and physical disasters. Losing vital information can be devastating to businesses that don’t
have a recovery plan. Amazon is an example of an organization that suffered data loss by
permanently destroying many of its own customers data in 2011. Google also lost data when its
power grid was struck by lightning four times in 2015. Backup power kicked in automatically and
quickly, but a small fraction of data were temporarily unrecoverable.
9. Vendor Lock-in
Vendor lock-in is the of the biggest security risks in cloud computing. Organizations may face
problems when transferring their services from one vendor to another. As different vendors
provide different platforms, that can cause difficulty moving one cloud to another. Vendor lock-in
can become an issue in cloud computing because it is very difficult to move databases once they're
set up, especially in a cloud migration, which involves moving data to a totally different type of
environment and may involve reformatting the data. Also, once a third party's software is
incorporated into a business's processes, the business may become dependent upon that software.
TECHNOLOGIES FOR SECURING CLOUD
1. Encryption: Encryption is a way of scrambling data so that only authorized parties can
understand the information. If an attacker hacks into a company's cloud and finds unencrypted
data, they are able to do any number of malicious actions with the data: leak it, sell it, use it to
carry out further attacks, etc. However, if the company's data is encrypted, the attacker will only
find scrambled data that cannot be used unless they somehow discover the decryption key (which
should be almost impossible). In this way, encryption helps prevent data leakage and exposure,
even when other security measures fail. Data can be encrypted both at rest (when it is stored), or
in transit (while it is sent from one place to another) so that attackers cannot intercept and read it.
Encrypting data in transit should address both data traveling between a cloud and a user, and data
traveling from one cloud to another, as in a multi-cloud or hybrid cloud environment.
Additionally, data should be encrypted when it is stored in a database or via a cloud
storage service. If the clouds in a multi-cloud or hybrid cloud environment are connected at the
network layer, a VPN can encrypt traffic between them. If they are connected at the application
layer, SSL/TLS encryption should be used. Secure Sockets Layer/Transport Layer Security should
also encrypt traffic between a user and a cloud (HTTPS). TLS is just an updated, more secure,
version of SSL. HTTPS (Hyper Text Transfer Protocol Secure) appears in the URL when a
website is secured by an SSL certificate.
2. Identity and Access management (IAM): IAM products track who a user is and what they
are allowed to do, and they authorize users and deny access to unauthorized users as necessary.
IAM is extremely important in cloud computing because a user's identity and access privileges
determine whether they can access data, not the user's device or location. IAM helps reduce the
threats of unauthorized users gaining access to internal assets and authorized users exceeding their
privileges. The right IAM solution will help mitigate several kinds of attacks, including account
takeover and insider attacks. IAM may include several different services with the following
capabilities: Identity providers authenticate user identity, Single sign-on (SSO) services help
authenticate user identities for multiple applications, so that users only have to sign in once to
access all their cloud services, Multi-factor authentication (MFA) services strengthen the user
authentication process, Access control services allow and restrict user access.
IAM is crucial to protecting sensitive enterprise systems, assets, and information from
unauthorized access or use. This represents the systematic management of any single identity and
provides authentication, authorization, privileges, and roles of the enterprise boundaries.
Identity access management in cloud computing covers all types of users who can work with
defined devices under unlike circumstances. In a cloud system, the storage and processing of data
are performed by organizations or with the help of third-party vendors. The service provider has to
ensure that data and applications stored in the cloud are protected as well as the infrastructure is
an insecure environment. Further, users need to verify that their credentials for authentication are
secure.
There are many security issues that compromise data in the process of data access and storage in
the cloud environment, especially in the case of data storage with the help of third-party vendors
who themselves may be a malicious attacker. Though standards and best practices are available
for overcoming such security problems, cloud service providers are reluctant in securing their
network with the updated set of security standards.
IAM systems also help to manage access rights by checking if the right person with the right
privileges is accessing information that is stored in cloud systems.
Currently, many organizations use Identity and Access Management systems to provide more
security for sensitive information that is stored in the cloud environment.
3. Firewall: The cloud has scattered resources and stores data and computational power.
Authorized users can connect to the cloud from anywhere and on almost any network.
Applications that run in the cloud can be running anywhere, and that also applies to
cloud platforms and infrastructure.
A cloud firewall provides a layer of protection around cloud assets by blocking malicious web
traffic and cyber attacks. Unlike traditional firewalls, which are hosted on-premises and defend
the network perimeter, cloud firewalls are hosted in the cloud and form a virtual security barrier
around cloud infrastructure. Cloud firewalls block DDoS attacks, malicious bot activity, and
vulnerability exploits. This reduces the chances of a cyber attack crippling an organization's cloud
infrastructure.
OTHER PRACTICES FOR KEEPING
CLOUD SECURE
• Proper configuration of security settings for cloud servers: When a company does not set up their
security settings properly, it can result in a data breach. Misconfigured cloud servers can expose data
directly to the wider Internet. Configuring cloud security settings properly requires team members who are
experts in working with each cloud and may also require close collaboration with the cloud vendor.
• Consistent security policies across all clouds and data centers: Security measures must apply across a
company's infrastructure, including public clouds, private clouds, and on-premises infrastructure. If one
aspect of a company's cloud infrastructure say, public cloud service for big data processing is not protected
by encryption and strong user authentication, attackers are more likely to find and target the weak link.
• Backup plans: To prevent data from getting lost or tampered with, data should be backed up in another
cloud or on-premises. There should also be a failover plan in place so that business processes are not
interrupted if one cloud service fails. One of the advantages of multi-cloud and hybrid cloud deployments
is that different clouds can be used as backup.
• User and employee education: A large percentage of data breaches occur because a user was victimized
by a phishing attack, unknowingly installed malware, used an outdated and vulnerable device, or practiced
poor password hygiene (reusing the same password, writing their password down in a visible location,
etc.). By educating the internal employees about security, businesses that operate in the cloud can reduce
the risk of these occurrences.
WHY CLOUD SECURITY IS IMPORTANT
Cloud security has become more essential for two key reasons:
1.Convenience over security. Cloud computing is exponentially growing as a primary
method for both workplace and individual use. Innovation has allowed new technology
to be implemented quicker than industry security standards can keep up, putting more
responsibility on users and providers to consider the risks of accessibility.
2.Centralization and multi-tenant storage. Every component from core infrastructure
to small data like emails and documents can now be located and accessed remotely on
24/7 web-based connections. All this data gathering in the servers of a few major
service providers can be highly dangerous. Threat actors can now target large multi-
organizational data centers and cause immense data breaches.
INTERNAL SECURITY BREACHES IN
CLOUD COMPUTING
1. Social engineering and hijacking accounts
Many people are not only unaware of the dangers of internal threats, but also, the means in which hackers
attack. Many employees are more than willing to reveal just enough information over the phone. Some even
offer their passwords upon falling for the phishing phone call made by a cyber attacker. They fail to
recognize phishing emails too. If all the employers aren’t aware of the many ways in which hackers
manipulate and attain information from the inside, then your company is inevitably at risk. Sometimes a
hacker gains access to a staff account. Once they make that step, the likelihood of them gaining access to all
the secure data at your business increases significantly. Every employee account should only be given access
to what they need to do their jobs.
2. Malicious cyber attacks
Sometimes, the most likely perpetrator is someone with privileged system access, such as IT or other system
administrators. A skilled and malicious administrator can leave a back door open or leave programs on the
network so that information gets stolen. Some might even plant the malware themselves, causing millions of
dollars in damage. The only way to protect against this kind of attack is to monitor your employees and
always stay alert in case an employee becomes disgruntled or unhappy. Anytime someone leaves the
company, cancel all their network access and passwords, to avoid any potential for remote access. Be sure
not to give anyone access to programs or data they don’t need access to.
3. Leaked information
Employees take information both knowingly and unknowingly on cameras, USB data sticks, and their
phones. Every company should use software to specify its policies about what devices can be connected to
the network, what data can be downloaded, and when. It’s crucial to educate workers on the policies and the
reasoning behind the policies. You might want to consider blocking access to data-storage services and web-
based email, like Gmail. If employees store confidential documents to their online accounts, then an internal
security threat is out of your control. Some businesses also opt to lock down networks to prevent wireless
access, except for authorized users on their authorized devices. If you lose any data over Bluetooth, it can be
very hard to detect.
4. Downloading malicious content
Employees spend work time on the internet for personal reasons. They might take a break from their duties
and play a quick game or check their social media accounts. Malware and virus threats occur through same
channels, and employees often welcome them inadvertently onto the network. Update and correct your IT
systems regularly to make sure your business is protected. You must update your software regularly and layer
your antivirus software.
5. Insecure applications
It’s possible that your system is very secure, but that your external applications are bringing you down. Make
sure that your team takes the time to carefully discuss and consider whether or not every application is right
for your network before they install it. Don’t let your staff download any and every application they deem to
be useful for your organization. Rather, make it a policy that the IT team has to approve all applications
before they’re installed on the network.
MEASURES TO REDUCE CLOUD
SECURITY BREACHES
1. Authenticate the people who have access to the network: Your data on the cloud is safe as you keep it.
If you give your network access to all, you are going to end up compromising your data security. It is wiser
to authenticate the person whom you are giving access to your cloud database. A proper authentication of
each of the users will not only help you keep a tab on the access log for each user but also reduce the chances
of unauthorized access. Whether you run cloud-based software or a premium accounting application, such
authentication can save you from several security breaches.
2. Frame user-specific access permissions: If you are responsible for the maintenance of the cloud database
of the organization, quite obviously you don’t need to know what marketing strategy the organization is
adopting for the next month’s campaign. Similarly, there’s no need to give an all-access pass to the database
to everyone in the organization. While issuing the network access to each of the individuals frame their
access permission as per their job role. This may just help you reduce the data breach.
3. Authenticate all the software that runs on the system: The software other users used on the system can
be responsible for the security breach in the cloud database. Since the software, especially the cloud-based
ones, are run by the third party, you need to make each one of them carry no threat to your cloud database.
Get the software patches authenticated by the cloud providers. Also, manage the security patches with more
firmness. You may be aware of the fact that a lot of service outages are caused by configuration errors.
4. Formalize the permission requesting process: In order to make sure all the requests for permission to
access the data or applications are proceeding properly, you need to streamline the process. Unless you
formalize the requesting process, you leave a room for error which will be enough for the opportunists to
breach the security of your network. Whether you are sharing the system with a third party or you have given
the access to the members of the organizations only, a streamlined requesting process will help you maintain
a safe and secure network.
5. Encrypt your data for an extra layer of security: Encryption adds an extra layer of protection on the
data by transforming it into something else. So, it is always better to keep the crucial data encrypted while
uploading it to the cloud. Keep the keys to encrypt and decipher the information with you. Also, when you
keep the keys to encrypt and decipher with you, no one will be able to make use of that data except you.
6. Monitor the user activities and analyze them for unexpected behavior: Majority of the security
breaches are done by someone inside the organization. Without any assistance from the inside, no outsider
can breach the security and steal data from the network. Keeping a tab on the activities of the users can help
you prevent the security breach to a great extent. Just monitor all the unexpected activities that are done by
the members and follow them up regarding the issue. If you find even the smallest of vulnerability in the
cloud network’s security, you should notify the service provider and tell them to fix it.
7. Regularly check the network for vulnerabilities in all software exposed to the Internet or any
external users: Given the importance of security in the cloud environment, you might assume that a major
cloud services provider would have a set of comprehensive service level agreements for its customers. In
fact, many of the standard agreements are intended to protect the service provider and not the customer.
USER ACCOUNT & SERVICE HIJACKING
• Cloud account hijacking is a process in which an individual or organization’s cloud account is
stolen or hijacked by an attacker. It is a common tactic in identity theft schemes in which the
attacker uses the stolen account information to conduct malicious or unauthorized activity.
When cloud account hijacking occurs, an attacker typically uses a compromised email account
or other credentials to impersonate the account owner.
• While cloud computing carries with it a wealth of benefits to organizations, including reduced
capital costs and on-demand resources, it also provides cyber criminals with an environment
ripe for attack, since huge amounts of data are housed in one place. Because the data is stored
and accessed on devices and resources often shared across many different users, the risks
presented by cloud account hijacking are plentiful.
• Typically, account hijacking is carried out through phishing, sending spoofed emails to the user,
password guessing or a number of other hacking tactics. In many cases, an email account is
linked to a user’s various online services, such as social networks and financial accounts. The
hacker can use the account to retrieve the person's personal information, perform financial
transactions, create new accounts, and ask the account owner's contacts for money or help with
an illegitimate activity.
HOW TO PROTECT FROM USER
ACCOUNT & SERVICE HIJACKING
• Check with your service provider to make sure they have conducted background checks on
employees who have physical access to the servers in their data centers.
• Have a strong method of authentication for cloud app users.
• Make sure all of your data is securely backed up in the event that your data is lost in the cloud.
• Restrict the IP addresses allowed to access cloud applications. Some cloud apps provide tools to
specify allowable IP ranges, forcing users to access the application only through corporate
networks or VPNs.
• Require multi-factor authentication. Several tools exist that require users to enter static
passwords as well as dynamic one-time passwords, which can be delivered via SMS, hardware
tokens, biometrics, or other schemes.
• Encrypt sensitive data before it goes to the cloud.
THANK YOU!!

CC PPT6 PDF

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CC PPT6 PDF

Uploaded by

Copyright:

Available Formats

SECURITY

DAV INSTITUTE OF ENGINEERING & TECHNOLOGY, JALANDHAR

Hijacking of Accounts & Services

CHALLENGES Denial of Service Attacks

You might also like