CHAPTER-6

CLOUD SECURITY

CLOUD SECURITY FUNDAMENTALS:-

Cloud Security is defending the confidentiality(C), integrity(I)
and availability(A) of enterprise assets (data, application,
infrastructure), using cloud services, from an outside or inside
threat.
The implementation of cloud security is unique per cloud provider.
Each cloud provider has their own security products/services which
can be used to apply relevant security guardrails in your cloud
environment.

CLOUD SECURITY SERVICES: -

 Vulnerability assessment tools-
Vulnerability assessment tools are designed to automatically scan for new
and existing threats that can target your application. Types of tools include:

1. Web application scanners that test for and simulate known attack
patterns.
2. Protocol scanners that search for vulnerable protocols, ports and
network services.
3. Network scanners that help visualize networks and discover warning
signals like stray IP addresses, spoofed packets and suspicious packet
generation from a single IP address.

CLOUD SECURITY SERVICES-

Cloud security services are a set of services designed to mitigate risk and improve
compliance of cloud environments. Since these environments can be quite
complex, involving a wide range of technologies and processes and, at the same
time, exposed to a variety of threats, they can’t be protected by a one-size-fits-all
solution. Rather, most of these services tackle specific areas. We’ll elaborate on
that in a moment.
Technically speaking, these services are actually managed cloud-security services,
meaning, they’re managed and operated by third parties. Offloading security
operations to a third party has several benefits, including:
  Threats can be monitored, detected, and responded to by experts who
actually know what to do. This ensures threats are dealt with properly
and completely.
 Managed cloud security services providers are usually also trained to
help organizations achieve regulatory compliance—an area that’s
normally also outside of an organization’s expertise.
 Your IT staff no longer have to handle cyber incidents and can focus
instead on supporting your core business operations.

Data Loss Prevention-

With so much data being uploaded to and generated by cloud
services, and with so many applications and devices accessing that
data, the chance of data loss is enormous. DLP services are built to
detect the presence of sensitive data—credit card data, electronic
Protected Health Information (ePHI), social security numbers, etc.—
and prevent them from falling into the wrong hands.

Identity and Access Management-

IAM services ensure that users adhere to the principle of least
privilege, meaning they force users to access cloud resources and
perform actions that are permissible to their designated role or
function. For instance, an ordinary user shouldn’t be able to create
instances or delete snapshots. An IAM service can enforce that
policy. By using an IAM service, administrators can create
permission policies and then associate them with a user or group of
users.

Email Security-
As the weakest link in the security chain, users are often the
targets in cyberattacks. And because practically all users use
email, many of these attacks—such as phishing and Trojans—are
carried out through that medium. Some of these attacks may
compromise your cloud environment. For instance, a spear phishing
attack may be aimed at acquiring cloud administrator credentials.
One way to mitigate these threats is by employing a capable email
security service that can detect phishing emails and malicious
attachments.
Web Security-
Increased usage of cloud services is an added burden to IT
administrators, who now have to deal with a much larger attack
surface. Users access cloud services from different locations—in
their headquarters, at home, in branch offices, or just about
anywhere. Web security solutions, which sit between users
(regardless of location) and the internet in typical scenarios,
provide administrators the means to secure these connections and
protect them against cyber threats.

Intrusion Detection-
Intrusion-detection solutions monitor inbound and outbound traffic
for suspicious activities and detect potential threats. Usually,
detection is done through pattern recognition mechanisms that
identify specific signatures and behaviours. Traditional intrusion
detection is usually applied to the network layer. However, we’re
now seeing more solutions applying this kind of protection to the
host layer (i.e., to the virtual machines themselves). By detecting
threats before they can exploit vulnerabilities, businesses can
prevent threat actors from establishing a beachhead in the targeted
system.

DESIGN PRINCIPLES-
1. Governance Framework: A governance framework is a set of policies,
processes, and controls that guide the implementation and management
of cloud security. This includes establishing security roles and
responsibilities, conducting regular risk assessments, and implementing
security controls to manage risk.
2. Disaster Recovery: Disaster recovery is the ability to recover from a
disruptive event and restore operations to normal as quickly as possible.
This includes creating a disaster recovery plan, implementing backup and
recovery procedures, and conducting regular testing and simulation
exercises to ensure the plan is effective.
3. Authenticated Access: Authenticated access involves implementing
strong authentication mechanisms to ensure that only authorized users
have access to cloud resources. This includes using multi-factor
authentication (MFA), implementing least privilege access, and managing
user access through Identity and Access Management (IAM) policies.
 4. Data in Transit Protection: Data in transit protection involves
implementing security measures to protect data as it travels between
cloud resources, such as through encryption and the use of secure
transport protocols like HTTPS and SSL/TLS.
5. Asset Protection: Asset protection involves implementing security
measures to protect cloud resources, such as data, applications, and
infrastructure, from unauthorized access and misuse. This includes
implementing access controls, monitoring for unauthorized access, and
implementing encryption and other security measures to protect
sensitive data.
6. Separation between Users: Separation between users involves
ensuring that users and their data are isolated from one another to
prevent unauthorized access and data leakage. This includes
implementing network segmentation and access controls, as well as
implementing virtualization technologies to isolate users and resources.
7. Personal Security: Personal security involves implementing measures
to protect user data and privacy. This includes implementing encryption,
monitoring for unauthorized access, and implementing data retention
and disposal policies.
8. Audit Record Maintenance: Audit record maintenance involves
maintaining detailed records of cloud activity, such as log files and event
records. This is important for detecting and responding to security
incidents, as well as for compliance purposes.
9. Secure Development: Secure development involves implementing
security measures throughout the development lifecycle of cloud-based
applications, from design to deployment. This includes implementing
secure coding practices, conducting code reviews and testing, and
ensuring that applications are patched and updated regularly to address
security vulnerabilities.
SECURE CLOUD SOFTWARE REQUIREMENTS-
Secure cloud software should meet certain requirements to ensure the
protection and confidentiality of data stored on the cloud. Some of the
important requirements for secure cloud software are:
Encryption: Cloud software should encrypt all data, both at rest and in transit,
using industry-standard encryption algorithms. This ensures that data is
protected even if it falls into the wrong hands.
Access control: Access to the cloud software and the data it contains should be
strictly controlled through strong authentication mechanisms, such as multi-
factor authentication.
Data backup and recovery: Cloud software should have robust backup and
recovery mechanisms in place to ensure that data can be easily restored in case
of loss or damage.
Vulnerability management: Cloud software should be regularly updated and
patched to address any known vulnerabilities that could be exploited by
attackers.
Compliance with regulations: Cloud software should comply with relevant data
privacy and security regulations, such as GDPR, HIPAA, and PCI DSS.
Auditing and logging: Cloud software should provide detailed logs and audit
trails of all activity on the system, to enable effective monitoring and incident
response.
Disaster recovery: Cloud software should have a well-defined disaster recovery
plan in place to ensure that services can be restored quickly in case of an
outage or other disruptive event.
Physical security: Cloud software should be hosted in secure data centers that
have physical security measures in place, such as biometric access controls and
surveillance cameras.
Service level agreements (SLAs): Cloud software providers should provide clear
SLAs that outline their commitments to availability, performance, and security,
and should provide regular reports on their performance against these SLAs.
Continuous monitoring: Cloud software should be continuously monitored for
security threats and vulnerabilities, using tools such as intrusion detection
systems, vulnerability scanners, and security information and event
management (SIEM) systems.
POLICY IMPLEMENTATION-
Policy implementation is a critical aspect of cloud security, as it helps to ensure
that organizational policies and regulations are adhered to in the cloud
environment. The following are some key steps involved in policy
implementation in cloud security:
Define policies: The first step in policy implementation is to define the policies
that need to be implemented in the cloud environment. This includes
identifying the specific security measures that need to be put in place, such as
access controls, encryption, and monitoring.
Select a cloud provider: Once the policies have been defined, it is important to
select a cloud provider that meets the security requirements outlined in the
policies. The cloud provider should be evaluated based on factors such as
security certifications, compliance with regulations, and security controls.
Communicate policies to the cloud provider: The policies need to be
communicated to the cloud provider, along with any specific requirements that
need to be implemented. This ensures that the cloud provider understands the
security requirements and can implement them effectively.
Monitor policy compliance: It is important to monitor compliance with the
policies on an ongoing basis. This can be done using tools such as security
information and event management (SIEM) systems, which can detect and alert
on security incidents in real-time.
Review and update policies: Policies need to be reviewed and updated
periodically to ensure that they remain effective in addressing the changing
security landscape. This includes reviewing the policies in light of new threats,
vulnerabilities, and regulations.
Conduct regular security assessments: Regular security assessments can help
to identify any weaknesses in the cloud environment and ensure that policies
are being implemented effectively. This includes conducting vulnerability
assessments, penetration testing, and compliance audits.
CLOUD COMPUTING SECURITY CHALLENGES-
Cloud computing security challenges can arise from a variety of factors,
including the shared responsibility model, the dynamic nature of cloud
environments, and the increased attack surface presented by cloud systems.
Some of the key challenges facing cloud computing security include:
Data breaches: Cloud systems can be vulnerable to data breaches, which can
result in the theft or exposure of sensitive data. This can occur due to weak
access controls, insecure APIs, or vulnerabilities in the underlying
infrastructure.
Misconfiguration: Misconfiguration of cloud services can lead to security
vulnerabilities, such as exposed data or services, insecure network
configurations, and unauthorized access to cloud resources.
Insider threats: Insider threats, such as malicious or negligent employees, can
pose a significant risk to cloud security. This includes the risk of data theft or
unauthorized access to cloud resources.
Compliance: Cloud systems must comply with a range of regulatory
requirements, such as GDPR, HIPAA, and PCI DSS. Compliance can be
challenging due to the complexity of cloud systems and the need to
demonstrate adherence to specific security standards.
Cloud service provider security: Cloud service providers are responsible for
securing their own infrastructure, but customers are responsible for securing
their own data and applications. This shared responsibility model can result in
confusion and gaps in security coverage.
Lack of visibility: The dynamic nature of cloud environments can make it
difficult to maintain visibility into the security posture of cloud resources. This
can make it challenging to detect and respond to security incidents in a timely
manner.
Shadow IT: Shadow IT refers to the use of unauthorized cloud services by
employees or departments. This can increase the attack surface of the
organization and create security risks, such as the exposure of sensitive data or
the use of insecure services.