| Security in Cloud 24 |

CLOUD SECURITY

CLOUD SECURITY
• It refers to the set of policies, technologies, controls and services which
protect data, applications and infrastructures in cloud computing
from threats (threat attacks)
• It is also called as cloud computing security
• It can be done without the cost of maintaining facilities and hardware
Goals
• Ensure the privacy of data across networks
• Control the access of users, devices and software
• Handle the unique cybersecurity concerns of businesses using multiple
cloud service providers (CSP)
General Security Concerns
• Trusting CSP’s security model
• Indirect administrator responsibility
• Loss of physical control
• Proprietary implementations can’t be examined
Shared Responsibility Model (SRM)
• Several organizations use 3rd party CSP like Google Cloud Platform
(GCP), Microsoft Azure, Amazon Web Services (AWS)
• This SRM model outlines the security responsibilities of cloud providers
and customers based on each type of cloud service – Software as a
Service (SaaS), Platform as a Service (PaaS), Infrastructure as a
Service (IaaS)
S.N Service Provider Responsibility User Responsibility
Type
1. SaaS Application security Users and network security
2. Pass Platform security including all - Security of applications
hardware and software developed on the platform
1
| Security in Cloud 24 |

- User and network security

3. IaaS Security of all components of - Security of any application
cloud infrastructure installed on the cloud
infrastructure.
- Users, network security,
workloads and data
Ex.
OS, applications, middleware
IMPORTANCE OF CLOUD SECURITY
• Increasing usage of cloud services in non-traditional sectors
• Rise in cloud service specific attacks
• Growing usage of cloud services for critical data storage
• Rise in employee mobility
BENEFITS OF CLOUD SECURITY
• Trusted CSP model
• Data protection
• Advanced threat protection
• Lower costs
• Increased reliability and availability
• Cloud compliance
• Greater ease of scaling
• Centralized security
CHALLENGES IN CLOUD SECURITY
• Logging challenges
• Encryption needs for cloud computing
• Data ownership issues
• Handling compliance

2
| Security in Cloud 24 |

THREE TYPES OF CLOUD SECURITY

• Cloud security can be classified as many types. Here three types are
mainly listed below
1. Cloud Data Security
2. Cloud Application Security
3. Cloud Virtual Machine Security.
1. CLOUD DATA SECURITY
• Way to protect data stored in cloud environments from threats,
unauthorized access, theft and corruption
Main Elements of Data Security
• The data security has three main elements. They are
▪ Confidentiality
▪ Integrity
▪ Availability
Confidentiality
• This ensures that data is accessed only by authorized user with the
proper credentials
• Here data can be only be accessed or modified by authorized people
Integrity
• This ensures that all data stored is reliable and accurate (data is
trustworthy).
Availability
• It ensures that data is accessible and available for ongoing business
needs.

3
| Security in Cloud 24 |

COMMON CHALLENGES OF DATA SECURITY IN CLOUD

• There are some challenges are still rising in cloud data security. They
are
1. Less control
2. Lack of visibility
3. Confusion over shared responsibility
4. Inconsistent coverage
5. Distributed data storage
6. Growing cyber security threats
1. Less control
• We have less control, as data and applications are stored on 3rd party
CSPs
2. Lack of visibility
• Companies they don’t know about where data and applications live
and what assets are in their inventory
3. Confusion over shared responsibility
• Companies and CSP share cloud security responsibilities that can lead
to gabs in the coverage if duties and tasks are not defined or
understood.
4. Inconsistent coverage
• Several companies / businesses are finding better cloud solutions like
multi cloud and hybrid cloud for better business needs but different
providers offer varying level of coverage and capabilities which can
deliver inconsistent protection
5. Distributed data storage
• Storing data on the international server can deliver lower latency and
more flexibility
• So better use distributed system for the data storage
6. Growing cybersecurity threats
• Online criminals are mainly targeting cloud database and data storage
for a big payday.
4
| Security in Cloud 24 |

• So CSPs have to increase their security measures about how to

handle and manage data efficiently in the cloud.
Benefits of Cloud Data Security
1. Greater Visibility
2. Easy Backups and recovery
3. Cloud data compliance
4. Data encryption
5. Advanced incident detection and response
6. Lower costs
1. Data encryption
• Companies are able to protect sensitive data via encryption based
on demand
• By implementing several layers of advanced encryption, CSP help you
to store, access, share, transfer data in cloud
2. Advanced incident detection and response
• Cloud providers help you automatically scan for suspicious activity to
identify and respond to security incidents quickly by investing in edge-
cutting AI technologies and built-in security analytics
3. Lower Costs
• Cloud data security reduces total cost of ownership and administrative
and management burden of data security in cloud
• In addition, CSP offers latest security features and tools for their
customers to do their jobs with automation, streamlined integration and
continuous alerting
4. Cloud data compliance
• The following things are done in cloud with help of strong cloud data
security programs
▪ knowing where data is stored
▪ who can access it?
▪ how it is processed?
▪ how it is protected?
5
| Security in Cloud 24 |

5. Greater Visibility (Strong security measures)

• With help of strong security measures, you can maintain the data
visibility in cloud like what data assets you have and where they live,
who is using your cloud services and the kind of data they are accessing.
6. Easy backups and recovery
• Cloud data security offers number of solutions and features to help you
to automate, easy backups and recovery.
Data Security Lifecycle

Create Store Use

Classify Access Control Activity Monitoring

Assign Rights Encryption & Enforcement
Rights Management Rights
Management

Share Archive Destroy

Encryption Encryption Secure Deletion

Logical controls Asset Management Content Discovery
Application security

6
| Security in Cloud 24 |

2. CLOUD APPLICATION SECURITY (PROTECTION OF APPLICATION

& DATA)
• It is a system of policies, processes and controls that protects data and
applications in cloud environments from threat attacks
• It is also called as cloud app security
• This security is important for organizations that are operating in multi
cloud environment hosted by 3rd party CSP like amazon AWS,
microsoft Azure Cloud, google GCP.
• Typically, it involves authentication, access control, data encryption,
identity and user management.
ISSUES OF CLOUD APPLICATION SECURITY
• Unauthorized access to the application or data
• Data loss or leakage from insecure APIs or other infrastructure
endpoints
▪ Data loss refers to the unwanted removal of sensitive information
either due to a system error or theft by cybercriminals
▪ Data leakage can happen when unauthorized individuals gain
access to data through hacking or malware.
• Distributed denial of service (DDOS) attacks related to poorly managed
resources
• Hijacking of user accounts because of poor encryption and identity
management
• Application services are exposed due to misconfigurations
• Software vulnerabilities
▪ Cybercriminals constantly discover how to exploit tens of
thousands of vulnerabilities to gain unauthorized access to
applications and systems in cloud
• Inexperienced staff
▪ Several companies lack the skilled people to stay on the top of
rapid developments in the threat landscape.
▪ As a result, inexperienced IT staff can expose the organization to
cyber threats
7
| Security in Cloud 24 |

• Insecure data sharing

▪ Storing important data in either on-prem servers (private
servers) or cloud servers encourages employees to exchange
greater volumes of data at a high much frequency.
▪ The secure way of handling data sharing between employees are
not followed which result in cloud vulnerabilities
KEY ASPECTS OF CLOUD APPLICATION SECURITY
1. Identity and Access Management (IAM)
• This ensures that only authorized individuals can access the cloud
resources and applications by implementing strong authentication
mechanisms, access control and user permission
2. Data Encryption
• Encrypt data to avoid unauthorized access
▪ Encryption in transit – protect data while sharing b/w user or
computer systems
▪ Encryption at rest – protect data can’t be read by unauthorized
users while it is stored in cloud
▪ Encryption in use – protect data that is currently being
processed
3. Application Security
• This is used to identify and migrate vulnerabilities in cloud-based
applications by implementing secure coding practices and security
testing like penetration testing
4. Network Security
• Secure the network infrastructure within the cloud environment
through firewalls, intrusion detection systems and other security
measures to avoid unauthorized access
5. Logging and Monitoring
• Establishing detailed logging
• Track user activities, detect potential security incidents and
respond promptly to security threats using monitoring mechanisms.

8
| Security in Cloud 24 |

6. Compliance and Governance

• Ensuring compliance with relevant regulatory requirements
• Implementing governance policies to maintain security standards and
practices.
BEST PRACTICES FOR CLOUD APPLICATION SECURITY
• This is the list of best practices for cloud application security
1. Monitor the web applications accessed
2. Enforce multi-factor authentication
3. Block unsanctioned cloud applications
4. Implement API security measures
5. Ensure cloud data encryption
6. Update cloud apps and servers
7. Manage user browser sessions
8. Perform periodic vulnerability testing
9. Implementing strong access controls
Implementing strong access controls (Multifactor Authentication)
• Multi factor authentication system is needed to block vast percentage of
threats
• Allow multi factor authentication for all users accessing cloud
applications to give an additional layer of security beyond login details.
Build Awareness
• Prepare security training awareness for employees which help to reduce
the human error (Conducting security training programs for employees).
Implement policies for strong passwords
• Following strong passwords policies for the cybersecurity
Data encryption
• Data encryption plays a crucial role in cloud security
• Through this, sensitive data can be securely stored and accessed

9
| Security in Cloud 24 |

Block unsanctioned cloud applications

• Through cloud protection, assess cloud applications by calculating
their risk score, and block all the high-risk web app requests.
Monitor the web applications accessed
• Unrestricted web traffic often allows the use of malicious websites or
web applications involving sensitive data, e-commerce, entertainment,
gaming content, etc,.
• So better to use cloud app discovery to get insights on the different
categories of web applications accessed in the organization
Implement a risk-based approach
• Follow a risk-based approach to prioritize security efforts and
investments.
Secure data both at rest and in transit
• Use encryption, tokenization and data masking techniques to
protect sensitive data both at rest and in transit
Data privacy and Compliance
• Data privacy and compliance along with application security are crucial
for protecting end users of cloud native applications.
Manage user browser sessions
• Through session hijacking, hackers can impersonate user sessions
to gain access to data.
• Ensure safe browser session with secure cookies and HTTPS-based
data transmission.
Threat Monitoring
• Continuous monitoring is required for cyber threats in real time after
applications are deployed to the cloud
Automated Security Testing
• By automatically scanning for vulnerabilities throughout the continuous
integration and continuous delivery (CI/CD) process, development
teams can ensure every new software build is secure before
deploying to the cloud.

10
| Security in Cloud 24 |

Secure APIs and 3rd party integrations

• Ensure that APIs and 3rd part integrations used in cloud applications
are secure by implementing proper authentication, authorization and
data validation mechanisms
Implementing cloud access security broker
• One of the most powerful way to ensure the cloud application security
is with a cloud access security broker (CASB)
• CASB impact cloud application security in four ways. They are
▪ Improving visibility
▪ Enhancing data security
▪ Defending against threats
▪ Ensuring compliance.
DIFFERENCE BETWEEN CLOUD DATA SECURITY AND CLOUD
APPLICATION SECURITY
S.N Aspect Cloud data security Cloud application
security
1. Focus Its main focus is to protect It is mainly focus on
data stored in cloud securing applications
environments hosted in the cloud
2. Scope Securing data at rest, in Securing the entire
transit, in use within the cloud application stack
infrastructure including code, APIs,
user interfaces and
integration points
3. Concerns Data encryption, access Authentication, User
controls, data classification, identity (authorization),
data loss prevention (DLP), API security, identity
backup and recovery and access
mechanisms management (IAM)
4. Examples of Multi-factor authentication Implementing secure
measures (MFA), role-based access coding guidelines,
controls, data encryption (at penetration testing, web
rest and in transit)
11
| Security in Cloud 24 |

application firewalls,
API gateways
5. Technologies Encryption algorithms – Authentication
(AES, RSA), SSL/TSL protocols, IAM
protocols protocols, API security
tools, web application
firewalls.

3. CLOUD VM SECURITY

Virtual Machines (VM)

• It is a computer file or application, typically called an image which
behaves like an actual computer
• Virtual computers within computers (Single physical resource can
appear as multiple logical resources)
• Like physical computer, it has a CPU, memory, disk to store files and
can connect internet if needed.

12
| Security in Cloud 24 |

• It is also called as virtual computers or software defined computers

or guest machines within physical servers.

Virtualization
• Process of creating a software-based or virtual version of a computer
with dedicated amounts of CPU, memory, disk storage that are
accessed from a physical host computer
▪ Here host computer can be your personal computer or remote
server (like a server in a CSPs data center)
Virtualization Machine
• Process of creating a virtual version of something or software based –
whether that can be compute, networking, storage, servers or apps is
called virtualization
• Virtualization is actually a process. So, machines made using
virtualization is called as virtual machines or VMs.
Importance of Hypervisor
• Generally multiple virtual machines can run simultaneously on a single
physical computer.
• These virtual machines are controlled and managed by a hypervisor
• It is a software which is used to integrate the physical hardware and
the VM’s virtual hardware.
13
| Security in Cloud 24 |

BEST PRACTICES FOR VM SECURITY

1. Data encryption
• Use encryption to protect data stored on the VM
• This includes encryption for data at rest and in transit
• We can use encryption protocols like HTTPS, SSL/TLS and SSH to
protect data in transit
• Common methods for encryption at rest includes
▪ Disk encryption
▪ File level encryption
▪ Database level encryption
2. Access controls
• Implement strong access controls for VMs using multi-factor
authentication (MAF), strong passwords, role based access control
(RBAC) to ensure only authorized users can access the VM
3. Security monitoring
• Use security monitoring regularly for any unusual activities or
vulnerabilities
• Monitor the VM and detect any security incidents using the tools like
below
▪ Intrusion detection systems (ITS)
▪ Security information and event management (SIEM)
4. Training and awareness
• Conduct regular security awareness training programme for employees
to prevent security incidents regarding VM
5. Vulnerability management and patching
• Use vulnerability management and patching to regularly update
software and operating systems with the latest security patches and
updates.
• This will help to close any known vulnerabilities in the system.

14
| Security in Cloud 24 |

6. Machine learning and AI-based threat detection

• use machine learning and AI-driven solutions to enhance threat
detection capabilities within virtual machines.
7. Data loss prevention (DLP)
• Implement DLP solutions to avoid accidental or intentional data leaks
from VMs
8. Identity and access management
• This ensures that users have access only to necessary resources.
9. Data backups
• Use regular data backups can help protect against data loss due to
security incidents or other disasters.
Benefits of VM security
• Protection of sensitive data
• Compliance requirements
• Business continuity
• Reputation management
• Resource optimization and efficiency

15