Professional Documents
Culture Documents
6-Module 5 - Cloud Security Challenges and Risks-26-03-2024
6-Module 5 - Cloud Security Challenges and Risks-26-03-2024
Module 5
Cloud Security Risks
You cannot eliminate risk; you can only manage it. Knowing common risks ahead of time
will prepare you to deal with them within your environment.
2.Human Error
3.Misconfiguration
4.Data Breach
Cloud Security Risks
Attack surface can also include subtle information leaks that lead to an attack. For example,
CrowdStrike’s team of threat hunters found an attacker using sampled DNS request data
gathered over public WiFi to work out the names of S3 buckets. CrowStrike stopped the
attack before the attackers did any damage, but it’s a great illustration of risk’s ubiquitous
nature. Even strong controls on the S3 buckets weren’t enough to completely hide their
existence. As long as you use the public Internet or cloud, you’re automatically exposing an
attack surface to the world.
Cloud Security Risks
Human Error
According to Gartner, through 2025, 99% of all cloud security failures will be due to some
level of human error. Human error is a constant risk when building business applications.
However, hosting resources on the public cloud magnifies the risk.
The cloud’s ease of use means that users could be using APIs you’re not aware of without
proper controls and opening up holes in your perimeter. Manage human error by building
strong controls to help people make the right decisions.
One final rule — don’t blame people for errors. Blame the process. Build processes and
guardrails to help people do the right thing. Pointing fingers doesn’t help your business
become more secure.
Cloud Security Risks
Misconfiguration
Cloud settings keep growing as providers add more services over time. Many companies are
using more than one provider.
Providers have different default configurations, with each service having its distinct
implementations and nuances.
Until organizations become proficient at securing their various cloud services, adversaries
will continue to exploit misconfigurations.
Cloud Security Risks
Data Breaches
A data breach occurs when sensitive information leaves your possession without your
knowledge or permission. Data is worth more to attackers than anything else, making it the
goal of most attacks. Cloud misconfiguration and lack of runtime protection can leave it wide
open for thieves to steal.
The impact of data breaches depends on the type of data stolen. Thieves sell personally
identifiable information (PII) and personal health information (PHI) on the dark web to those
who want to steal identities or use the information in phishing emails.
Other sensitive information, such as internal documents or emails, could be used to damage a
company’s reputation or sabotage its stock price.
Cloud Security Threats
A threat is an attack against your cloud assets that tries to exploit a risk.
1.Zero-Day Exploits
3.Insider Threats
4.Cyberattacks
Cloud Security Threats
Zero-day Exploits
Cloud is “someone else’s computer.” But as long as you’re using computers and software, even
those run in another organization’s data center, you’ll encounter the threat of zero-day exploits.
Zero-day exploits target vulnerabilities in popular software and operating systems that the
vendor hasn’t patched.
They’re dangerous because even if your cloud configuration is top-notch, an attacker can
exploit zero-day vulnerabilities to gain a foothold within the environment.
Cloud Security Threats
APTs aren’t a quick “drive-by” attack. The attacker stays within the environment, moving from
workload to workload, searching for sensitive information to steal and sell to the highest bidder.
These attacks are dangerous because they may start using a zero-day exploit and then go
undetected for months.
Cloud Security Threats
Insider Threats
An insider threat is a cybersecurity threat that comes from within the organization — usually
by a current or former employee or other person who has direct access to the company network,
sensitive data and intellectual property (IP), as well as knowledge of business processes,
company policies or other information that would help carry out such an attack.
Cyberattacks
Common cyberattacks performed on companies include malware, phishing, DoS and DDoS,
SQL Injections, and IoT based attacks.
What are four cloud security challenges every company faces when embracing the
cloud?
3.Shadow IT
4.Cloud Compliance
Cloud Security Challenges
Traditional data center security models are not suitable for the cloud. Administrators must
learn new strategies and skills specific to cloud computing.
Cloud may give organizations agility, but it can also open up vulnerabilities for organizations
that lack the internal knowledge and skills to understand security challenges in the cloud
effectively.
Poor planning can manifest itself in misunderstanding the implications of the shared
responsibility model, which lays out the security duties of the cloud provider and the user.
This misunderstanding could lead to the exploitation of unintentional security holes.
Cloud Security Challenges
Begin with a solid role design based on the needs of those using the cloud. Design the roles
outside of any specific IAM system. These roles describe the work your employees do, which
won’t change between cloud providers.
Next, a strategy for privileged access management (PAM) outlines which roles require more
protection due to their privileges. Tightly control who has access to privileged credentials
and rotate them regularly.
Finally, it’s time to implement the designed roles within the cloud provider’s IAM service.
This step will be much easier after developing these ahead of time.
Security Issues in Cloud Computing
Data Loss –
Data Loss is one of the issues faced in Cloud Computing. This is also known as Data Leakage.
As we know that our sensitive data is in the hands of Somebody else, and we don’t have full
control over our database. So, if the security of cloud service is to break by hackers then it may
be possible that hackers will get access to our sensitive data or personal files.
Lack of Skill –
While working, shifting to another service provider, need an extra feature, how to use a
feature, etc. are the main problems caused in IT Company who doesn’t have skilled
Employees. So it requires a skilled person to work with Cloud Computing.
Transparency Issues
In cloud computing security, transparency means the willingness of a cloud service provider to
reveal different details and characteristics on its security preparedness. Some of these details
compromise policies and regulations on security, privacy, and service level.
Security Threats in Implementing SaaS of Cloud Computing
Data Access Risk
Many users worry about who has access because they are providing their information and data
to a third party. They could feel powerless to stop it and worry about its possible spread by
unauthorized individuals through deletion or data corruption.
The policies and practice’s that the SaaS provider has put in place can be reviewed and
discussed by any customer, though. The scope of the access and the recipients are both up to
you. Although that clause must be present in terms of any agreement you get into with a
provider, double-check before you do so that you don’t have any surprises afterwards.
Lack Of Transparency
SaaS companies are frequently covert, yet they guarantee their customers that they are the best
at protecting their data. They at least promise that they will be able to secure data and files
more effectively than the client could.
Security Threats in Implementing SaaS of Cloud Computing
Identity Theft
SaaS suppliers always demand payment via credit cards, which can be done online. Although
it’s a quick and practical solution, some users worry about the possible risk it suggests. To
avoid issues, many security mechanisms have been put in place. Identity management may
take place on the LDAP server of the business, behind its firewall, or on the website of the
SaaS provider. It might differ.
The advantage is that you don’t have to manage, update, upgrade, or configure the
programmed. As a result, you essentially lose some control over your data, which is a
drawback.
Security Governance
Cloud security governance refers to the management model that facilitates effective and
efficient security management and operations in the cloud environment so that an enterprise’s
business targets are achieved.
More and more organisations are investing in cloud deployment infrastructure rather than on-
premise infrastructure. This mobilization of technology introduces new risks associated with
cloud computing, which needs to be treated with foresight.
To manage these risks, risk management plans are implemented by organisations. Risk
management is the process of identifying, assessing, and controlling threats to an organisation's
system security, capital and resources. Effective risk management means attempting to control
future outcomes proactively rather than reactively.
In the context of cloud computing, risk management plans are curated to deal with the risks or
threats associated with the cloud security. Every business and organisation faces the risk of
unexpected, harmful events that can cost the organisation capital or cause it to permanently
close. Risk management allows organisations to prevent and mitigate any threats, service
disruptions, attacks or compromises by quantifying the risks below the threshold of acceptable
level of risks ~ fault tolerance.
Process of Risk Management
Identify the risk - The inception of the risk management process starts with the identification
of the risks that may negatively influence an organisation's strategy or compromise cloud
system security. Operational, performance, security, and privacy requirements are identified.
The organisation should uncover, recognise and describe risks that might affect the working
environment. Some risks in cloud computing include cloud vendor risks, operational risks,
legal risks, and attacker risks.
Analyze the risk - After the identification of the risk, the scope of the risk is analyzed. The
likelihood and the consequences of the risks are determined. In cloud computing, the
likelihood is determined as the function of the threats to the system, the vulnerabilities, and
consequences of these vulnerabilities being exploited
Process of Risk Management
Evaluate the risk - The risks are further ranked based on the severity of the impact they
create on information security and the probability of actualizing. The organisation then
decides whether the risk is acceptable or it is serious enough to call for treatment
Treat the risk - In this step, the highest-ranked risks are treated to eliminate or modified to
achieve an acceptable level. Risk mitigation strategies and preventive plans are set out to
minimise the probability of negative risks and enhance opportunities.
Monitor or Review the risk - Monitor the security controls in the cloud infrastructure on a
regular basis including assessing control effectiveness, documenting changes to the system
and the working environment.
Types of Risks in Cloud Computing
1.Data Breach - Data breach stands for unauthorized access to the confidential data of the
organisation by a third party such as hackers. In cloud computing, the data of the organisation
is stored outside the premise, that is at the endpoint of the cloud service provider(CSP). Thus
any attack to target data stored on the CSP servers may affect all of its customers.
2.Cloud Vendor Security Risk - Every organisation takes services offered by different cloud
vendors. The inefficiency of these cloud vendors to provide data security and risk mitigation
directly affects the organisation's business plan and growth. Also, migrating from one vendor
to another is difficult due to different interfaces and services provided by these cloud vendors.
3.Availability - Any internet connection loss disrupts the cloud provider's services, making
the services inoperative. It can happen at both the user's and the cloud service provider's end.
An effective risk management plan should focus on availability of services by creating
redunadancy in servers on cloud such that other servers can provide those services if one
fails. (DoS)
Types of Risks in Cloud Computing
4. Compliance - The service provider might not follow the external audit process, exposing
the end user to security risks. If a data breach at the cloud service provider's end exposes
personal data, the organisation may be held accountable due to improper protection and
agreements.
Accounts Hijacking - The use of a weak or repetitive password allows attackers to gain
control over multiple accounts using a single stolen password. Moreover, organizations using
cloud infrastructure cannot often identify and respond to such threats.
Security information and event management, SIEM for short, is a solution that helps
organizations detect, analyze, and respond to security threats before they harm business
operations.
SIEM, pronounced “sim,” combines both security information management (SIM) and
security event management (SEM) into one security management system.
SIEM technology collects event log data from a range of sources, identifies activity that
deviates from the norm with real-time analysis, and takes appropriate action.
SIEM tools collect, aggregate, and analyze volumes of data from an organization’s
applications, devices, servers, and users in real-time so security teams can detect and block
attacks. SIEM tools use predetermined rules to help security teams define threats and
generate alerts.
Cloud Security Monitoring
Cloud security monitoring encompasses several processes that allow organizations to review,
manage, and observe operational workflows in a cloud environment.
Cloud security monitoring combines manual and automated processes to track and assess the
security of servers, applications, software platforms, and websites.
Cloud security experts monitor and assess the data held in the cloud on an ongoing basis.
They identify suspicious behavior and remediate cloud-based security threats.
Cloud service providers typically offer native cloud security monitoring tools built into their
infrastructure.
You can also add a third-party monitoring solution to your cloud environment. Alternatively,
you can use on-premise security management solutions to monitor your cloud environment.
Cloud monitoring tools aggregate log data from multiple servers, instances, and containerss.
An advanced cloud monitoring solution correlates and analyzes collected data to identify
anomalous activity and alert the incident response team
How Does Cloud Security Monitoring Work?
Visibility – when you migrate to the cloud, you reduce your visibility across your
organization’s infrastructure. A cloud monitoring tool can centralize monitoring and provide a
unified view of user, file, and application behavior.
Auditing – powerful monitoring and auditing capabilities can help you maintain compliance
with the regulations applying to your organization.
How Does Cloud Security Monitoring Work?
Scalability – a cloud security monitoring tool can monitor large volumes of data distributed in
various locations.
Integration – ideally, the monitoring solution should integrate with your existing tools and
services to provide maximum visibility.
Choose a solution that can work with your existing productivity suites (such as Google
WorkspaceG Suite or Microsoft 365), endpoint security solutions (such as VMware, Carbon
Black, or Crowdstrike), and identity verification and authentication services (such as Okta or
Duo).
Cloud Computing Security Architecture
Security in cloud computing is a major concern. Proxy and brokerage services should be
employed to restrict a client from accessing the shared data directly. Data in the cloud should
be stored in encrypted form.
Cloud security architecture describes all the hardware and technologies designed to protect
data, workloads, and systems within cloud platforms.
Developing a strategy for cloud security architecture should begin during the blueprint and
design process and should be integrated into cloud platforms from the ground up.
Cloud Computing Security Architecture
Security Planning
Before deploying a particular resource to the cloud, one should need to analyze several
aspects of the resource, such as:
A select resource needs to move to the cloud and analyze its sensitivity to risk.
Consider cloud service models such as IaaS, PaaS, and IaaS. These models require the
customer to be responsible for Security at different service levels.
Understand the cloud service provider's system regarding data storage and its transfer into
and out of the cloud.
The risk in cloud deployment mainly depends upon the service models and cloud types.
Cloud Security Alliance (CSA)
The Cloud Security Alliance (CSA) stack model defines the boundaries between each service
model and shows how different functional units relate. A particular service model defines the
boundary between the service provider's responsibilities and the customer.
Broker cloud storage
Cloud security architecture and shared responsibility model
The security and security architectures for the cloud are not single-player processes. Most
enterprises will keep a large portion of their IT workflow within their data centers, local
networks, and VPNs. The cloud adds additional players, so the cloud security architecture
should be part of a broader shared responsibility model.
Each will divide the components of a cloud application into layers, with the top layer being
the responsibility of the customer and the lower layer being the responsibility of the cloud
provider. Each separate function or component of the application is mapped to the appropriate
layer depending on who provides it. The contract form then describes how each party
responds.
Cloud Data Security
Cloud data security is the practice of protecting data and other digital information assets from
security threats, human error, and insider threats. It leverages technology, policies, and
processes to keep your data confidential and still accessible to those who need it in cloud-
based environments.
Cloud data security best practices follow the same guiding principles of information security
and data governance:
Data confidentiality
Data availability
Cloud Application Security
Cloud application security (a.k.a. cloud app security) is a system of policies, processes, and
controls that enable enterprises to protect applications and data in collaborative cloud
environments.
It includes application-level policies, tools, technologies and rules to maintain visibility into all
cloud-based assets, protect cloud-based applications from cyberattacks and limit access only to
authorized users.
Cloud Application Security Framework
3.Cloud Access Security Broker (CASB) works to improve visibility across endpoints that
includes who is accessing data and how it is being used.
Cloud Security Posture Management (CSPM)
The CSPM automates the identification and remediation of risks across cloud infrastructures,
including Infrastructure as a Service (IaaS), Software as a Service (Saas) and Platform as a
Service (PaaS).
CSPM is used for risk visualization and assessment, incident response, compliance
monitoring and DevOps integration, and can uniformly apply best practices for cloud
security to hybrid, multi-cloud and container environments.
Cloud workload protection platforms (CWPPs) protect workloads of all types in any
location, offering unified cloud workload protection across multiple providers.
Cloud access security brokers (CASBs) are security enforcement points placed between
cloud service providers and cloud service customers.
They ensure traffic complies with policies before allowing it access to the network. CASBs
typically offer firewalls, authentication, malware detection, and data loss prevention.
Virtual Machine Security
Hypervisor Security
The Hypervisor’s code integrity is protected via a technology called Hyper safe. Securing the
write-protected memory pages, expands the hypervisor implementation and prohibits coding
changes. By restricting access to its code, it defends the Hypervisor from control-flow
hijacking threats.
Virtual Machine Security