•Cloud security•

● Introduction:-
Cloud computing provides the capability to use computing and storage resources
on a metered basis and reduce the investments in an organization’s computing
infrastructure. The spawning and deletion of virtual machines running on physical
hardware and being controlled by hypervisors is a cost-efficient and flexible
computing paradigm. In addition, the integration and widespread availability of
large amounts of “sanitized" information such as health care records can be of
tremendous benefit to researchers and practitioners. However, as with any
technology, the full potential of the cloud cannot be achieved without
understanding its capabilities, vulnerabilities, advantages, and trade-offs. This text
provides insight into these areas and describes methods of achieving the maximum
benefit from cloud computation with minimal risk.

● Introduction to Cloud Computing and Security:-

Despite the efficiency and potential of cloud computing, security threats are
higher prioritized indicators for adopting cloud computing, and
vulnerabilities are increasing day by day, i.e. hardware and software that
determine controls over the data residing in the cloud environment. These
aspects have been utilized for the last two decades by vendors so that
consumers cannot recognize the gaps and how sensitive data is residing on
the cloud network. With a growing number of services and service providers,
a growing number of new approaches are developed and proposed to protect
sensitive data in both PaaS and IaaS business models. Nevertheless,
the imminent nature of security risk remains a top inhibitor of wider
adoption of the cloud computing model.
Along with the aforementioned security issues, features like the risk of data
loss and long-term goals for both compliance and legal implications in the
cloud computing model also need to be resolved as these are also

1
 incompatible with the cloud model. As we see the trend of cloud computing
model advancement in the last decade and we explore the festival view that
on-demand access to almost elastic computing and storage available to
consumers and the inherent property of distribution of data actively, those
are providing the security as a defining factor. Such security properties bring
important potential advantages for data that could attract interested
customers in infrastructure cloud computing models in different domains of
application, so the infrastructure cloud computing can be adopted as a
business model. Thus, it is possible to achieve cloud computing data security
by services that users cannot get satisfaction from.
Cloud computing is a sophisticated, benefit-based computing model. Here, the
traditional network and information technology is provided as a service over the
internet where consumers do not require technical infrastructure building, and
computing resources are maintained in a remote data center. This computing model
basically works on the idea of virtualization technology, on-demand services that
can be accessed globally over the internet, and are provided by both IAAS
(Infrastructure as a Service), PAAS (Platform as a Service), and SAAS (Software
as a Service). There are many advantages of a cloud computing model over the
traditional computing model. It provides infinite computing storage and processing
power at a lower cost to the consumer; services are charged metered rates, so users
only pay for services used. Furthermore, cloud computing services can easily add
new capabilities or services, which obviate the need to install hardware, software,
and spend the working time of technical personnel to deploy and maintain new
components when they require. Due to these advantages, they are largely adopted
by small to large-scale enterprises and vendors.
● Historical background on the security of the

Companions:-
Some accounts trace the birth of the term to 2006, when large companies such
as Google and Amazon began using “cloud computing” to describe the new
paradigm in which people are increasingly accessing software, computer
power, and files over the Web instead of on their desktops.

2
 But Technology Review tracked the coinage of the term back a decade earlier,
to late 1996, and to an office park outside Houston. At the time, Netscape’s
Web browser was the technology to be excited about and the Yankees were
playing Atlanta in the World Series. Inside the offices of Compaq Computer, a
small group of technology executives was plotting the future of the Internet
business and calling it “cloud computing.”

Their vision was detailed and prescient. Not only would all business software
move to the Web, but what they termed “cloud computing-enabled
applications” like consumer file storage would become common. For two men
in the room, a Compaq marketing executive named George Favaloro and a
young technologist named Sean O’Sullivan, cloud computing would have
dramatically different outcomes. For Compaq, it was the start of a
$2-billion-a-year business selling servers to Internet providers. For
O’Sullivan’s startup venture, it was a step toward disenchantment and
insolvency.

Cloud 1.0: Entrepreneur Sean O’Sullivan filed a trademark on “cloud

computing” in 1997. He poses at the offices of NetCentric, in Cambridge,
Massachusetts during the late 1990s.
At the time, O’Sullivan’s startup was negotiating a $5 million investment from
Compaq, where Favaloro had recently been chosen to lead a new Internet
services group. The group was a kind of internal “insurgency,” recalls
Favaloro, that aimed to get Compaq into the business of selling servers to
Internet service providers, or ISPs, like AOL. NetCentric was a young
company developing software that could help make that happen.

3
 In their plans, the duo predicted technology trends that would take more than a
decade to unfold. Copies of NetCentrics business plan contain an imaginary bill
for “the total e-purchases” of one “George Favaloro,” including $18.50 for 37
minutes of video conferencing and $4.95 for 253 megabytes of Internet storage
(as well as $3.95 to view a Mike Tyson fight). Today, file storage and video are
among the most used cloud-based applications, according to consultancy CDW.
Back then, such services didn’t exist. NetCentrics software platform was meant
to allow ISPs to implement and bill for dozens, and ultimately thousands, of
“cloud computing-enabled applications,” according to the plan.

Exactly which of the men—Favaloro or O’Sullivan—came up with the term

cloud computing remains uncertain. Neither recalls precisely when the phrase
was conceived. Hard drives that would hold emails and other electronic clues
from those precloud days are long gone.

Favaloro believes he coined the term. From a storage unit, he dug out a paper
copy of a 50-page internal Compaq analysis titled “Internet Solutions Division
Strategy for Cloud Computing” dated November 14, 1996. The document
accurately predicts that enterprise software would give way to Web-enabled
services, and that in the future, “application software is no longer a feature of
the hardware—but of the Internet.”

O’Sullivan thinks it could have been his idea—after all, why else would he
later try to trademark it? He was also a constant presence at Compaq’s Texas
headquarters at the time. O’Sullivan created a daily planner, dated October 29,
1996, in which he had jotted down the phrase “Cloud Computing: The Cloud

4
 has no Borders” following a meeting with Favaloro that day. That handwritten
note and the Compaq business plan, separated by two weeks, are the earliest
documented references to the phrase “cloud computing” that Technology
Review was able to locate.

“There are only two people who could have come up with the term: me, at
NetCentric, or George Favaloro, at Compaq … or both of us together,
brainstorming,” says O’Sullivan.

Both agree that “cloud computing” was born as a marketing term. At the time,
telecom networks were already referred to as the cloud; in engineering
drawings, a cloud represented the network. What they were hunting for was a
slogan to link the fast-developing Internet opportunity to businesses Compaq
knew about. “Computing was bedrock for Compaq, but now this messy cloud
was happening,” says Favaloro. “And we needed a handle to bring those things
together.”

Their new marketing term didn’t catch fire, however—and it’s possible others
independently coined the term at a later date. Consider the draft version of a
January 1997 Compaq press release, announcing its investment in NetCentric,
which described the deal as part of “a strategic initiative to provide ‘Cloud
Computing’ to businesses.” That phrase was destined to be ages ahead of its
time, had not Compaq’s internal PR team objected and changed it to “Internet
computing” in the final version of the release.

5
 In fact, Compaq eventually dropped the term entirely, along with its plans for
Internet software. That didn’t matter to Favaloro. He’d managed to point
Compaq (which later merged with HP) toward what became a huge business
selling servers to early Internet providers and Web-page hosters, like UUNet.
“It’s ridiculous now, but the big realization we had was that there was going to
be an explosion of people using servers not on their premises,” says Favaloro.
“I went from being a heretic inside Compaq to being treated like a prophet.”

For NetCentric, the cloud-computing concept ended in disappointment.

O’Sullivan gave up using the term as he struggled to market an Internet fax
service—one app the spotty network “cloud” of the day could handle.
Eventually, the company went belly up and closed its doors. “We got drawn
down a rathole, and we didn’t end up launching a raft of cloud computing apps
… that’s something that sticks with me,” says O’Sullivan, who later took a
sabbatical from the tech world to attend film school and start a nonprofit to
help with the reconstruction of Iraq.

Favaloro now heads an environmental consulting firm in Waltham,

Massachusetts. What is remarkable, he says, is that the cloud he and O’Sullivan
imagined 15 years ago has become a reality. “I now run a 15-person company
and, in terms of making us productive, our systems are far better than those of
any big company. We bring up and roll out new apps in a matter of hours. If we
like them, we keep them, if not, we abandon them. We self-administer,
everything meshes, we have access everywhere, it’s safe, it’s got great uptime,
it’s all backed up, and our costs are tiny,” says Favaloro. “The vision came
true.”hide

6
 by Antonio Regalado
​ Share story on linkedin
​ Share story on twitter
​ Share story on facebook

•Background study in cloud security:-

In general, the education sector has witnessed tremendous development after
relying on cloud computing, which has enabled students and teachers to
access and share information and resources at any time and in any place,
with high levels of security and efficiency. Therefore, cloud computing has
changed the educational landscape and the way teachers and learners interact
in the classroom. Academic and beyond, and in the lines of this article we
explain the concept of cloud computing in education, its benefits,
components and characteristics, and how to employ it in this field.
•Cloud computing in education:-
Cloud computing is a model that allows users to access and share
computing resources over the Internet, without having to own or manage
them locally. It offers many benefits to education, such as:
Cost Effectiveness: Cloud computing reduces the need for expensive
hardware, software, and maintenance costs for educational institutions
and learners. They also enable pay-as-you-go models, where users pay
only for the resources they use, rather than a fixed fee.

Scalability: Cloud computing can easily accommodate changes in

demand, such as peak periods in enrollment, course offerings, or
assignments. It also gives users access to a variety of services and
applications, such as storage, analytics, artificial intelligence, and more,
depending on their needs and preferences.

7
 Accessibility: Cloud computing enables users to access educational
materials and services anytime, anywhere, from any device, as long as
they have an Internet connection. This increases the flexibility and
comfort of learning, especially for distance or disadvantaged learners.

Collaboration: Cloud computing facilitates collaboration between

teachers, learners, and other stakeholders, by allowing them to share,
edit, and comment on documents, presentations, and projects in real
time. It also supports synchronous and asynchronous communication,
such as video conferencing, chat, and email.

Innovation: Cloud computing fosters innovation in education, by

enabling users to create, trial, and deploy new solutions and methods,
such as personalized learning, gaming, and flipped classrooms. It also
supports the integration of emerging technologies, such as virtual reality,
augmented reality, and blockchain technology, into the educational
context.

To illustrate these benefits, let's consider some examples of how

cloud computing can enhance collaboration in education:

A group of students from different countries can work together on a

global project, using cloud-based tools such as Google Docs, Google
Slides, and Google Meet, to create and present their findings.

A teacher can use cloud platforms like Moodle, Canvas, or Coursera

to design and deliver online courses, tests, and assignments, and monitor
and provide feedback to learners.

A researcher can use cloud services, such as Amazon Web Services,

Microsoft Azure, or IBM Cloud, to store, process, and analyze large
amounts of data, and to access advanced capabilities such as machine
learning, natural language processing, and computing. Vision.

8
 A school can use cloud-based solutions such as Microsoft 365,
Google Workspace or Dropbox to manage and simplify its administrative
and operational tasks, such as email, calendaring, file sharing and
backup.

•The concept of cloud computing:-

Cloud computing: “It is a technology that depends on transferring the
processing and storage space of the computer to what is called the cloud,
which is a server device that is accessed via the Internet. Thus,
information technology programs are transformed from products to
services, and the cloud computing infrastructure depends on advanced
data centers. It provides large storage spaces for users and also provides
some programs as services to users, and in doing so it relies on the
capabilities provided by Web 2.0 technologies.

The National Center for Standards and Technology defines “the cloud”
as: “a model for providing convenient and permanent access at any time to
the network, to share a large group of computing resources that can be
deployed and provided with minimal effort or interaction with the service
provider.”

•The concept of cloud computing in education:-

Cloud computing in education is defined as the use of off-site cloud-based
technology to transfer school system data and IT resources to a cloud server.
A third-party provider manages this server, allowing appropriate users
to access the data from anywhere at any time.

Cloud computing has provided a more interactive learning experience,

because it enables students to access materials from any device connected to
the
Internet, and it also allows teachers to quickly and easily access and store
learning materials.

9
 *What are the different types of cloud computing services:-
There are three main types of clouds: public, private, and mixed:-
Public Clouds: Public clouds are owned and operated by third-party service
providers and available to the general public. Examples of public cloud
providers include Amazon Web Services (AWS), Microsoft Azure, and
Google Cloud Platform.

Private clouds: Owned and managed by one organization and used

exclusively by that organization. Private clouds can be hosted on-premises or
in a third-party data center.

Hybrid Clouds: Hybrid clouds combine public and private clouds to

provide a more flexible and scalable computing environment. Organizations
can use a hybrid cloud to leverage the benefits of both public and private
clouds while keeping sensitive data and applications on-premises.

•Theoretical Background of Cloud Security:-

Introduction to Cloud Computing:-
The cloud service supplier comprehends and controls the cloud computing
providers and cloud-based computing systems. The correct choice of security
enforcement is the last implement of a cloud service client. Broadly speaking,
cloud possession can be characterized into three normal gaining models. A
community of different clients can use public cloud services while the
encouraged environment, security of resources, provisions, and client's
arrangements along with built-in/advertised service integrity, such as intrusion
inspection, application security, is the accountability of the cloud service
provider. These recommendations are not reachable to the network security
company. A customer fundamental area like a VPN can bring the essential
safety record to the facilitated setting.
•Definition:-
It is widely recognized that the concepts of confidentiality, integrity, and
availability present the fundamental security terms in computing. For an

10
 effective security system, ways of administering identities or accesses should
be well specified. Security implementation generally enhances control based on
MAC, RBAC, or ACL. Technically, hardware and software protections of
traditional responsibilities become the liability of cloud service suppliers in a
cloud computing environment. Therefore, a considerable rise in
domain-dependent risk makes sensitive demands of cloud security
management. Sensitive information should be shared with the proper cluster to
prevent business as well as financial loss.
•Theoretical Background Cloud Security
Organizations have been seeking environments offering potentiality against the
strain of stiff budgets as well as meeting demands of rapid business changes.
Cloud computing has received vital consideration due to its capability of
offering efficient computing services in a flexible fashion. Traditionally,
Information Technology (IT) services are supplied by the cloud using different
models such as Software as a Service (SaaS), Platform as a Service (PaaS), and
Infrastructure as a Service (IaaS).
•introduction to Cloud Computing:-
•Definition and Characteristics:-
Characteristic 1: On-demand self-service. A consumer can unilaterally
provision computing capabilities, such as server time and network storage, as
needed automatically without requiring human interaction with each service
provider.
Characteristic 2: Broad network access. Capabilities are available over the
network and accessed through standard mechanisms that promote use by
heterogeneous thin or thick client platforms (e.g., mobile phones, tablets,
laptops, and workstations).
Characteristic 3: Resource pooling. The provider's computing resources are
pooled to serve multiple consumers using a multi-tenant model, with different
physical and virtual resources dynamically assigned and reassigned according
to consumer demand.
Cloud computing is the product of the evolution and convergence of several
technologies. According to the U.S. National Institute of Standards and
Technology (NIST), cloud computing is a model for enabling convenient,
on-demand network access to a shared pool of configurable computing

11
 resources (e.g., networks, servers, storage, applications, and services) that can
be rapidly provisioned and released with minimal management effort or service
provider interaction. This model promotes a number of common characteristics
compared to other computing approaches. Specifically, cloud computing
exhibits five essential characteristics, three service models, and four
deployment models.

•Contextual background:-

What Is Context in Relation to Cloud Security?

So what does “context” mean in terms of cloud security? According to the standard
definition, context is a collection of information about potential threats,
vulnerabilities and misconfigurations that could lead to a security breach in a cloud
environment. Context gives you a complete picture of the events and situations
taking place in the background of your cloud environment as seen through the eyes
of an attacker. In addition to strengthening the security posture of their cloud
environments, this provides security teams with contextual security intelligence
and unified visibility across their cloud estate, allowing them to improve security
operations more efficiently.

Contextual security intelligence systems use software and hardware to

automatically collect and analyze data from deep inside the workload along with
cloud configuration details, thereby providing unified information about surface
risks and their root cause. This context and the ability to surface critical attack
paths enables organizations to put security issues into perspective to effectively
eliminate risks and maximize productivity in cloud environments.

How Context Helps with Cloud Security:-

Cloud native environments face a variety of security risks, including human-caused
misconfigurations, compromised and unprotected assets, poorly encrypted data,
dangerous default settings from the cloud service, risky permissions and common

12
vulnerabilities and exposures (CVEs). These provide attackers with a broad attack
surface from which to devise various attack paths to critical assets. This is where
context comes into play. Context helps organizations paint a complete picture of
potential risks and prioritize the remediation of the most critical threats.

Prioritizing Cloud Security Risks:-

Context helps reduce false positive security alerts, thus lowering alert fatigue
among teams. When security tools are equipped with contextual information about
potential threats, they are able to analyze that contextual data to help prioritize
risks. To do so, they should consider three crucial factors: the severity of the threat
if a breach were to occur, the accessibility of the underlying assets to an attacker
and the potential impact on the business. Once the identified risks have been
prioritized, teams can focus on resolving the most important threats first for faster
remediation.

Conclusion: Adopting Context-Aware Cloud Security:-

For any cloud security efforts to bear fruit, risks must be viewed in context with the
intelligence required to prioritize threats based on severity, visualize potential
attacks from an attacker’s perspective, and identify, analyze and score multiple
exploitable attack paths to valuable cloud assets. Context-based security
intelligence also provides supplemental information to improve security decisions
and reduce alert fatigue.

Organizations must invest in a reliable cloud security platform that uses a unified
data model to gather and correlate contextual data on each asset, including details
on potential risks in the workload and configuration of the cloud as well as
information on external and internal cloud connectivity.

Orca Security does exactly that (among other things) by scanning a real-world
cloud deployment for potential vulnerabilities, visualizing attackers’ potential
paths and prioritizing risk remediation. Orca’s CSPM is enhanced with
context-aware security data to aid in the security of cloud native, Kubernetes and
microservices in a multi-cloud environment.

13
Contextual background about the industry, company,or case
study in cloud security:-

into a real-world case study that highlights the importance of cloud security.
(Accenture), a global consulting and professional services company, embarked on a
cloud journey six years ago. Their move to the cloud necessitated a robust security
strategy. Here's how they approached it:

1. Security-First Mindset: Accenture recognized that security and compliance risk

were top concerns in cloud adoption. They committed to being secure from the
start, reframing their security practices to align with cloud capabilities.

2. Cloud-Native Solutions: Instead of directly translating on-premise security

practices, Accenture reimagined their approach. They evolved core security
principles to fit the cloud environment, considering infrastructure, applications,
data, and code.

3. Zero Trust Approach: Accenture centered their strategy around a (zero-trust

model). They treated everything as untrusted, following an identity-centric
approach where every access request is explicitly verified.

4. Multi-Layered Defense: To enhance security, they relied on multiple layers of

defense: cloud, network, access, data, and endpoints. They also infused analytics
driven by automated AI behavioral analysis.

5. Cost Savings: Accenture's IT infrastructure now runs in a hybrid cloud, costing

significantly less than legacy models.

This case study underscores the benefits of a security-first, zero-trust approach to

cloud security¹.

Case Study for It Industry

14
 CASB solution for IT Industry
Introduction:-

Based in Hong Kong, a leading IT company that provides Primary Source Verification

solutions, background screening and immigration compliance services worldwide, to

both public and private sector, had deployed G Suite and was very satisfied with the

same. Shortly after this transition, its IT team learnt that G Suite’s advantage of free

and easy data access to its users may pose a threat to the company’s data security,

hence having a close vigilance and control over data access was vital for the company.

Challenges:-

G Suite’s rollout throughout the company led to a faster turnaround time, better

team collaboration and efficient process flow. However, the IT team soon started

facing issues related to data governance; like the inability to gauge unrestricted

user access from unrecognized machines, untrusted devices, unmanaged IPs,

geographies, browsers, etc. It became impossible for the enterprise to determine

whether this access was authorized or unauthorized, such inadequacy of the

security controls was raising concerns of data leakage, data theft and data loss and

required immediate action for ensuring none of these negative events occurred.

15
This organization was also looking for a way to restrict their users from accessing

their personal gMail in order to ensure no corporate data is transferred for personal

use. In addition, this enterprise also wanted to align their company’s theme, culture

and practices, as well as improve user experience, and promote employer branding

among all its users.

Solution:-

While in search for a solution, the IT team of the company took several demos,

from the most recognized CASB vendors to the not so renowned ones, to zero in

on a solution that would not just suffice their need but also provide one single

console to handle all its security needs and be there to assist them at any hour of

the day.

After a demo and a few trials of CloudCodes for G Suite, a CASB solution, this

enterprise gave a green light to it. With our tailored to need Access Control

solution, the enterprise could very well monitor, report and control unauthorized

access to its data. With IP restriction, Device restriction and Browser restriction

features of our Access Control solution, they were able to implement just the right

policies to their respective users and OUs (organizational units) as well - all

through One Integrated Console = hassle free management.

CloudCodes for Business enabled the IT team of the company to:

16
 ● Whitelist, i.e, selectively authorize pre defined network IPs, ensuring
controlled access to data

● Restrict access from untrusted devices in real time, by authorizing

whitelisted devices only, identifying them with their device MAC ID
● Enable access from pre defined browsers in the network, that ensured no
data was left open or accessed from unauthorized sources
● Restrict personal or commercial gMail access to protect valuable data from
personal use

Additionally, with our Value Add - Ons, this company could easily brand their

landing and login page, which helped them band together their company objective

and culture, broadcast announcements, and get user agreements accepted - all from

one platform.

● Companies that use cloud security:-

Utilizing cloud computing has become more essential than ever as companies look

to scale up their remote operations.

Along with the convenience and flexibility cloud tech provides comes the need to

secure the cloud, especially for businesses in industries with strict regulations.

Here are some examples of how companies are working with cybersecurity

providers to implement cloud security solutions:-

17
Qlik And Palo Alto Networks Prism
Cloud:-

OneLink provides management consulting, outsourcing services, and

custom integration solutions for clients in Latin America.

With over 14,000 employees spread across 16 locations, OneLink’s

business model requires reliable network connections and cloud

infrastructure.

As they shifted the majority of their service agents into remote work,

OneLink engaged in a massive deployment of virtual private networks

(VPNs) to all of its employees to allow them to safely connect to the

network.

18
“We chose FortiGSLB Cloud to improve the stability of the VPN connections

of all our ‘incredibles’ working from, due to its ease of integration with our

network architecture and cybersecurity,” says Alejandro Mata, director of IT

operations at OneLink.

Industry: Technology

Cloud Security Products: FortiGSLB Cloud, FortiGate, and FortiAuthenticator

Outcomes:

● Secure and reliable remote access to company systems and

applications

● Stable connection for over 3,000 remote employees

● Scalable, growth-friendly solutio’

19
 Mercedes-AMG And CrowdStrike
Falcon Complete:-

Mercedes-AMG is an engineering company that contracts manufacturers

and engineers to customize Mercedes-Benz AMG vehicles.

They collect a continuous stream of data from 18,000 channels from their

racing cars, measuring variables from over 300 sensors, and generating 1

TB of data each race weekend.

Mercedes-AMG needed a way to protect their intellectual property and data

flowing in from cars, while continuously monitoring the landscape for

potential threats. However, they also wanted to eliminate the burden of

having to manage a cybersecurity program in its entirety.

20
They selected CrowdStrike’s Falcon Complete Managed Endpoint Security as

a cloud security solution.

“As a team, we generate, process and analyze significant amounts of data,

very quickly — we must ensure our information systems are an enabler for

performance, not a blocker. But conversely, we also need to ensure they are

secure,” says Michael Taylor, IT director at Mercedes-AMG.

Industry: Motorsports and engineering

Cloud Security Product: CrowdStrike Falcon Complete Managed Endpoint

Security

Outcomes:

● 24/7 threat-hunting support team

● Access to globally sourced threat intelligence in over 20 countries

● Real-time data analysis for threat detection and mitigation

21
Akamai And OneTrust
PreferenceChoice:-

Akami is a provider of edge security, web and mobile performance, and enterprise

access and video-delivery solutions and services globally.

Due to the nature of their work, Akamai’s platform processes 250,000 edge servers

deployed in thousands of locations worldwide each day.

This reliance on long-distance connectivity makes cloud security and data

protection a priority.

“OneTrust PreferenceChoice is run by our marketing team, and the nice thing

about the tool is we have had to do very little on the legal side,” says Jim Casey,

associate general counsel and chief data protection officer at Akamai.

“That’s a really powerful aspect of the tool — it doesn’t require a team of lawyers

and can be used cross-functionally throughout the business.”

Industry: Technology

22
Cloud Security Product: OneTrust PreferenceChoice and Website Scanning

Outcomes:

● Gaining customer trust

● Tool and management flexibility
● Direct support through implementation, scaling, and upgrading

Corix And FireEye:-

Corix is a utility and energy solutions provider.

They harness natural resources and provide sustainable water, wastewater,

electricity generation, and gas distribution solutions for districts and

communities in the U.S. and Canada.

Corix also stores, manages, and analyzes massive volumes of customer

and business data, ranging from individual consumers and business

partners to municipalities and military installations.

“It became very apparent how incredibly difficult it would be for our small

team to respond to a major incident at Corix,” says Carol Vorster, CIO at

Corix.

23
“Deploying FireEye was more cost-effective than paying for the eight separate,

independent security products we had deployed at the time.”

Industry: Utility and energy

Cloud security products: FireEye Email Security Cloud Edition, FireEye Helix,

and Mandiant Managed Defense

Outcomes:

● Saved money by cutting personnel costs and independent products

● Streamlined security operations
● Increased visibility across threat vectors
● Fortified security posture with Mandiant experts on call

● Statement of problems in cloud security:-

Cloud security issues have risen dramatically as a lot of life's activities have moved
online as the malicious activities of hackers have begun to highlight many of the
drawbacks of the cloud in the wake of recent events, prompting many IT teams
around the world to take notice. Although cybersecurity threats have risen across
the digital landscape during the outbreak, cloud security concerns are quickly
coming to the fore.

Some of the most significant cloud security threats today include:

24
• Remote access enterprise systems lack secure setup and security checks due to
unpreparedness for the mandatory transition regarding working from home.

• Social engineering training for end users is still necessary, as user credentials are
stolen via fake emails and other deceptive means.

• Personal smart home security currently lacks user awareness of secure

configuration practices. Previously, non-networked devices (such as thermostats)
were equipped as potential penetration points for hackers to enter private home
networks.

● The following are the research objectives and purpose of the

study in cloud security:-

● research aims:-

1.Identifying security threats and risks: Understanding the threats and

risks facing cloud environments.

2.Develop effective security solutions: Propose and evaluate techniques

and tools to improve cloud security.

25
 3.Analysis of current security strategies: Evaluate the efficiency of current
strategies and identify weak points.

4. *Improve security protocols*: Provide recommendations to improve cloud

security protocols and standards.

5. *Raising awareness of cloud security*: Spreading awareness of the

importance of security in cloud environments among users and
organizations.

● Purpose of the study:-

1.Protect sensitive data: Ensure the integrity and confidentiality of data

stored and processed in the cloud.

2.Achieving Regulatory Compliance: Helping organizations comply with

laws and regulations related to data security.

3.Enhancing confidence in cloud services: Increasing users’ confidence in

using cloud services by improving security.

26
 4.Reduce financial losses: Avoid financial losses resulting from security
breaches and cyber attacks.

5.Supporting technical innovation: Enabling continuous innovation in the

field of cloud computing by enhancing security.

These goals and the purpose of the study contribute to enhancing the
security of cloud computing and achieving greater benefit from its
technologies.

● The general goal in cloud security:-

1.Data Protection:-

- Encryption: Ensuring data is encrypted at rest (in storage) and in

transit (during network communication) using strong encryption
algorithms and key management practices.

- Access Controls: Implementing fine-grained access controls,

including role-based access, to restrict unauthorized access to
sensitive data and resources.

- Backup and Disaster Recovery: Maintaining regular backups of

cloud data and having a robust disaster recovery plan to ensure
business continuity in the event of a security incident or system
failure.

27
 2.Identity and Access Management:-

- Authentication: Utilizing strong authentication mechanisms, such

as multi-factor authentication, to verify the identity of users, devices,
and applications accessing cloud resources.

- Authorization: Defining and enforcing least-privilege access

policies to ensure users and entities can only perform the necessary
actions on cloud resources.

- Identity Federation: Integrating cloud identity management with

on-premises or external identity providers to simplify user
management and access controls.

3.Network Security:-

- Virtual Private Networks (VPNs): Establishing secure, encrypted

connections between users, devices, and cloud services to protect data
in transit.

- Firewalls and Network Access Control Lists: Configuring firewall

rules and network ACLs to restrict unauthorized access to cloud
resources and monitor network traffic.

- Secure Protocols: Ensuring all communication between users,

devices, and cloud services is encrypted using secure protocols, such
as HTTPS, SFTP, or SSH.

28
 4.Compliance and Regulatory Requirements:-

- Regulatory Compliance: Aligning cloud infrastructure and

operations with applicable industry regulations and standards, such as
HIPAA, PCI-DSS, or GDPR, to mitigate legal and financial risks.

- Auditing and Reporting: Implementing robust auditing and

reporting mechanisms to demonstrate compliance with regulatory
requirements and facilitate regular security assessments.

- Cloud Provider Certifications: Verifying that the cloud service

provider has obtained relevant certifications and complies with
industry-recognized security standards, such as ISO 27001 or SOC 2.

5.Incident Response and Disaster Recovery:-

- Incident Response Plan: Developing a comprehensive incident

response plan that outlines the procedures for detecting, analyzing,
containing, and recovering from security incidents.

- Disaster Recovery Plan: Establishing a robust disaster recovery

plan that ensures the timely restoration of critical cloud services and
data in the event of a major disruption or disaster.

- Regular Testing: Regularly testing the incident response and

disaster recovery plans to ensure their effectiveness and identify areas
for improvement.

6.Monitoring and Logging:-

29
 - Cloud Monitoring: Implementing comprehensive monitoring
solutions to track user activities, system performance, and security
events across the cloud infrastructure.

- Centralized Logging: Aggregating and analyzing logs from various

cloud services and components to detect anomalies, investigate
security incidents, and ensure compliance.

- Security Information and Event Management (SIEM): Leveraging

SIEM tools to correlate and analyze security-related data from
multiple sources, enabling real-time threat detection and response.

7.Vulnerability Management:-

- Vulnerability Scanning: Regularly scanning the cloud

environment, including virtual machines, containers, and cloud
services, to identify and address known vulnerabilities.

- Patch Management: Ensuring that all components of the cloud

infrastructure, including operating systems, applications, and
third-party libraries, are kept up-to-date with the latest security
patches.

- Penetration Testing: Conducting periodic penetration testing, either

internally or by engaging with ethical hackers, to uncover and address
potential security weaknesses.

8.Shared Responsibility Model:-

30
 - Cloud Provider Responsibilities: The cloud service provider is
responsible for the security and availability of the underlying cloud
infrastructure, such as physical data centers, network, and
virtualization.

- Customer Responsibilities: The cloud customer is responsible for

securing their own data, applications, and configurations within the
cloud environment, as well as managing user identities and access
controls.

- Collaboration and Communication: Establishing clear

communication and collaboration channels between the cloud
provider and customer to ensure a comprehensive and effective
security posture.

9.Security Governance and Risk Management:-

- Security Governance Framework: Implementing a robust security

governance framework that defines policies, procedures, and roles and
responsibilities for cloud security management.

- Risk Assessment: Regularly assessing the security risks associated

with the cloud environment, including third-party dependencies and
emerging threats, and developing mitigation strategies.

- Continuous Improvement: Continuously reviewing and updating

the cloud security strategy, policies, and controls to adapt to changing
business requirements, regulations, and threat landscapes.

10.Data Lifecycle Management:-

- Data Classification: Classifying data based on its sensitivity and

importance to implement appropriate security controls.

31
 - Data Retention and Deletion: Establishing policies for the
retention and secure deletion of data to comply with regulatory
requirements and minimize the risk of data breaches.

- Data Sovereignty: Ensuring that data is stored and processed in

locations that comply with relevant data sovereignty laws and
regulations.

11.Container and Serverless Security:-

- Container Security: Securing containerized applications by

implementing image scanning, runtime protection, and network
segmentation.

- Serverless Security: Addressing the unique security challenges of

serverless architectures, such as managing function permissions,
securing event triggers, and monitoring serverless function execution.

- Infrastructure as Code (IaC) Security: Ensuring the security of

cloud infrastructure provisioned through IaC by integrating security
checks and validations into the IaC deployment process.

12.DevSecOps and Secure Software Development:-

- Secure Software Development Lifecycle (SDLC): Integrating

security practices, such as threat modeling, secure coding, and
automated security testing, into the software development lifecycle.

- Infrastructure as Code (IaC) Security: Ensuring the security of

cloud infrastructure provisioned through IaC by integrating security
checks and validations into the IaC deployment process.

32
 - Continuous Security Monitoring: Implementing continuous
security monitoring and automated remediation processes to address
vulnerabilities

13.Emerging Cloud Security Technologies:-

and security issues throughout the software development and

deployment lifecycle.

- Cloud Security Posture Management (CSPM): Leveraging CSPM

tools to continuously assess the security posture of the cloud
environment and identify misconfigurations or deviations from
security best practices.

- Cloud Workload Protection Platforms (CWPP): Deploying CWPP

solutions to provide runtime protection, behavioral analysis, and threat
detection for cloud-based workloads.

- Zero Trust Security: Adopting a zero trust security model that

verifies the identity, context, and security posture of users, devices,
and applications before granting access to cloud resources.

● Specific objectives in cloud security:-

1.Data Protection and Privacy:-

- Ensure sensitive data is encrypted both at rest and in transit.

33
 - Implement robust access controls and identity management to
prevent unauthorized access.

- Comply with relevant data privacy regulations (e.g., GDPR,

HIPAA) in the handling and storage of sensitive information.

2.Network Security:-

- Secure network communication with strong encryption and access

controls.

- Implement network segmentation and micro-segmentation to

isolate different parts of the cloud environment.

- Continuously monitor network traffic and detect anomalies or

potential threats.

3.Identity and Access Management:-

- Establish a centralized identity management system to control and

audit user access.

- Enforce multi-factor authentication for all user and service

accounts.

- Implement the principle of least privilege to ensure users and

services only have the necessary permissions.

4.Threat and Vulnerability Management:-

- Regularly scan the cloud environment for known vulnerabilities

and misconfigurations.

34
 - Patch and update all cloud components, including operating
systems, applications, and third-party libraries, in a timely manner.

- Implement robust security monitoring and incident response

capabilities to detect and respond to security incidents.

5.Compliance and Governance:-

- Ensure the cloud environment and operations align with relevant

industry regulations and standards (e.g., SOC 2, ISO 27001,
PCI-DSS).

- Establish a comprehensive security governance framework with

clearly defined policies, roles, and responsibilities.

- Regularly audit the cloud environment and provide reports to

demonstrate compliance.

6.Secure Software Development and DevSecOps:-

- Integrate security practices, such as secure coding, threat

modeling, and automated testing, into the software development
lifecycle.

- Implement Infrastructure as Code (IaC) security to ensure the

secure provisioning and configuration of cloud resources.

- Automate security checks and controls throughout the CI/CD

pipeline to detect and remediate vulnerabilities early.

35
 7.Resilience and Business Continuity:-

- Implement robust backup and disaster recovery strategies to ensure

the availability and integrity of cloud data and resources.

- Test and validate the incident response and disaster recovery plans
to ensure their effectiveness.

- Maintain a high level of service availability and minimize the

impact of security incidents or system failures.

8.Cloud Architecture and Design Security:-

- Design the cloud architecture with security in mind, incorporating

principles like defense-in-depth, least privilege, and zero trust.

- Ensure the secure deployment and configuration of cloud services,

resources, and connectivity.

- Leverage cloud-native security services and controls provided by

the cloud provider.

9.Shared Responsibility Model Optimization:-

- Clearly define and document the security responsibilities between

the cloud provider and the customer.

36
 - Continuously review and update the shared responsibility model as
the cloud environment and service offerings evolve.

- Establish effective communication and collaboration ‫ة‬

channels with the cloud provider to ensure a unified security

approach.

10.Security Automation and Orchestration:-

- Implement security automation to streamline processes like

provisioning, configuration management, and incident response.

- Leverage Infrastructure as Code (IaC) to manage the deployment

and maintenance of secure cloud resources.

- Integrate security controls and checks into the CI/CD pipeline to

ensure security is embedded throughout the software development
lifecycle.

11.Cloud Security Monitoring and Analytics:-

- Implement comprehensive monitoring and logging across the

cloud environment to detect and respond to security incidents.

37
 - Leverage Security Information and Event Management (SIEM)
and Cloud Security Posture Management (CSPM) tools to centralize
and analyze security data.

- Establish clear incident response and threat hunting procedures to

investigate and mitigate security threats.

12.Third-Party Risk Management:-

- Assess the security posture and risk profile of all third-party cloud
service providers and integrations.

- Establish vendor risk management processes to ensure third-party

services and applications meet the organization's security
requirements.

- Continuously monitor and re-evaluate third-party risks as the

cloud ecosystem evolves.

13.Security Awareness and Training:-

- Develop and implement comprehensive security awareness and

training programs for all cloud stakeholders, including IT, developers,
and end-users.

- Educate employees on cloud security best practices, such as

secure access, data handling, and incident reporting.

- Foster a security-conscious culture that empowers employees to

be active participants in cloud security.

38
 ● Research questions about cloud security:-

The 10 most important questions and answers in cloud security

research:-

1)What are the advantages of using cloud computing?

The advantages of using cloud computing are:
● Data backup and data storage
● Powerful server capabilities
● SaaS (Software as a Service)
● IT sandbox capabilities
● Increase in productivity
● Cost effective and time saving
2) Mention the platforms used for large-scale cloud computing?
The platforms used for large-scale cloud computing are:
● Apache Hadoop
● MapReduce

3) Explain the different models of deployment in cloud

computing?
The different deployment models in cloud computing are:
● Private cloud
● Public cloud
● Unity Cloud Communications
● Hybrid Cloud

4) What is the difference between cloud computing and mobile

computing?
Mobile computing uses the same concept as cloud computing. Cloud computing
becomes active with data with the help of the Internet rather than an individual
device. It provides users with the data they need to retrieve on demand. In mobile,

39
applications run on the remote server and give the user access to storage and
management.

5) How can the user benefit from assistive computing?

Utility computing allows a user to pay only for what they use. It is an add-on that is
managed by an organization and decides what services should be deployed from
the cloud.
Most organizations prefer a mixed strategy.

6) For cloud transfer, how do you secure your data?

To secure your data while it is being transferred from one place to another, make
sure that there is no leakage of the encryption key implemented with the data you
are sending.

7) What security aspects does the cloud provide?

● Identity Management: Authorizes application services
● Access Control Authority: Users must be given permission to be able to
control the access of another user entering the cloud environment.
● Authentication and Authorization : Only authorized and authenticated
users are allowed to access data and applications.

8) List the different layers that define cloud architechnology?

The different layers used by the cloud archistructure are:
● CLC or Cloud Console
● Walrus
● Cluster Control read
● SC or storage controller
● NC or Node Controller

40
9) What are the systems integration companies in cloud
computing?
In cloud computing, systems integration provides the strategy for the complex
process used to design a cloud platform. Integrator allows creating a more precise
hybrid and private cloud network, as integrators have all the knowledge about
setting up the data center.

10) What is the meaning of "Eucalyptus"?

“EUCALYPTUS” stands for Archi Flexible Utility Computing, a technology for
connecting your software to useful systems.

● Conceptual framework in cloud security:-

Conceptual Framework Cloud Security includes several key concepts
and components aimed at protecting data and systems residing in
cloud computing environments. These concepts can be summarized as
follows:-

1.Identity and Access Management (IAM):-

- Ensure that individuals and users have appropriate access to cloud
resources.
- Implement strong identity verification and access control policies.

2.Data encryption:-
- Protect data during transmission and at rest using encryption
techniques.
- Manage encryption keys securely.

3.Security in applications:-
- Secure cloud applications by designing and developing secure
applications.
- Conduct penetration tests and security assessments regularly.

41
 4.Incident management and response:-
- Develop security incident response plans.
- Monitor the system to detect threats and respond quickly.

5.Security in infrastructure:-
- Secure cloud infrastructure including servers, networks, and storage.
- Implementing firewalls and intrusion detection systems.

6.Compliance and standards:-

- Comply with legal standards and regulations such as GDPR,
HIPAA, and ISO 27001.
- Conduct security audits regularly.

7. Education and awareness:-

- Educating users and workers about good cloud security practices.
- Organizing training courses and safety awareness programmes.

8.Threat management:-

- Use threat management tools for threat detection and analysis.

- Develop strategies to deal with advanced and changing threats.

NB:-
These concepts integrate to form a comprehensive cloud security
framework, with each component contributing to enhancing the level
of security and protection in cloud computing environments.

● Study in cloud security:-

Studying cloud security is crucial for several reasons:-

42
 1.Data protection: Companies are increasingly relying
on the cloud to store and process sensitive data.
Therefore, it becomes necessary to ensure that this data
is protected from hacks and cyber threats.

2.Regulatory Compliance: There are many regulations

and standards that govern how data is stored and
processed. Studying cloud security helps ensure
compliance with these standards and avoid legal
penalties.

3.Trust: By ensuring cloud security, companies can

enhance customer confidence in their services and
products, which contributes to building a strong
reputation.

4.Cost savings: Good security in the cloud can help

avoid high costs that may result from security breaches,
such as data losses, financial compensation, or system
recovery costs.

5.Technological development: Cybersecurity and cloud

are rapidly evolving fields. Therefore, staying up to date
with the latest developments and threats helps improve
defense and protection strategies.

6.Business continuity: A good study in cloud security

contributes to ensuring business continuity even in the
event of a cyber attack, by providing emergency plans
and rapid response.

NB:-
These reasons make studying cloud security an urgent
necessity for any individual or organization that relies on
cloud technology in its daily operations.

43
 ● Scope of study in cloud security:-

The scope of study in cloud security includes several main areas, all of
which aim to provide a comprehensive understanding of potential
threats and how to deal with them. Here are some of the basic aspects
covered in this field:-

1.Concepts and principles of cloud security: It includes studying the

basics of the cloud, its types (such as public, private, and hybrid
clouds) and their importance in the IT infrastructure.

2.Encryption: Studying methods for encrypting data during

transmission and storage to protect it from unauthorized access.

3.Identity and Access Management: This study is about controlling

who can access cloud resources and how to secure these accesses
through technologies such as two-factor authentication (2FA) and
identity management.

4.Cloud physical security: includes protecting the physical data

centers where cloud servers are located.

5.Audit and Compliance: This includes understanding data

protection standards and regulations such as GDPR and HIPAA, and
how to ensure compliance with them.

6.Threat detection and response: It includes studying the tools and

techniques used to detect and respond to malicious activities in the
cloud environment.

7.Cloud application security: Studying how to secure applications

and services that operate on the cloud from vulnerabilities and attacks.

44
 8.Advanced threat management: This includes understanding
complex cyber attacks such as DDoS attacks, malware, and
ransomware, and how to confront them.

9.Incident Management: Includes the procedures and plans followed

to respond quickly and effectively to cybersecurity incidents in the
cloud.

10.Education and training: Developing training programs to

increase security awareness among employees and users.

NB:-
By studying these areas, cloud security professionals can develop
effective strategies to protect cloud data and applications from
increasing cyber threats.

● Scope of content in cloud security:-

The scope of content in Cloud Security includes a range of
topics and areas that aim to provide a comprehensive
understanding of how to secure cloud environments. This
content can be divided into the following modules:

1.Introduction to cloud security:

- Basic concepts: Definition of cloud, types of cloud (public,
private, hybrid).
- *The importance of security in the cloud*: Benefits of using
the cloud, risks and potential threats.

2.Cloud infrastructure and security:

- Cloud infrastructure components: servers, networks, storage.
- Secure virtual networks**: virtual private networks (VPNs),
firewalls.

3.Data encryption:

45
 - Basics of encryption: symmetric and asymmetric encryption.
- Data encryption during transmission and storage*.
- Manage encryption keys.

4.Identity and Access Management (IAM):

- *Access Control*: Manage user identities, permissions.
- *Multi-Factor Authentication (MFA)*: How to apply it and
its importance.

5.Compliance and audit:

-Standards and regulations: such as GDPR, HIPAA, PCI DSS.
- Audit reports and compliance tools.

6.Detect threats and respond to them

Types of cyber threats: viruses, malware, DDoS attacks.
- Threat detection tools and techniques.
- Incident response strategies.

7.Cloud application security:

- Secure programming practices.
- Managing security vulnerabilities.
- Application Firewalls (WAF).

8. Incident management and business continuity:

- Business continuity and disaster recovery plans.
- Data backup and recovery procedures.
- Continuity tests and emergency drills.

9.Protection against malware:

Types of malware and how they work.
- Malware detection tools.
- Protection strategies against malware.

10. Recent developments and trends in cloud security:

46
 -For artificial intelligence and machine learning in cloud
security.
- Cloud security in the Internet of Things (IoT).
- Edge computing and security.

11. Security training and awareness:

- Security awareness programmes.
- Cybersecurity training for employees.
- Security policies and procedures.

12.Case studies and practical analysis:

- Analysis of real security incidents.
- Applying theoretical concepts in practical situations.
- Projects and applied research in cloud security.

13. Cloud Security Tools and Technologies:

- Cloud Security Management (CSPM) tools.
- Performance and security monitoring tools.
- Compliance and audit tools.
NB:-
These modules cover a comprehensive range of topics that any
cloud security professional needs to understand how to protect
and secure data and applications in different cloud
environments.

● Timescale in cloud security refers to the period of time

over which data, systems and services in a cloud

computing environment are monitored and protected.

This includes several elements, including:-

1.Continuous monitoring: Cloud systems are continuously monitored to
detect any threats or suspicious activity.

47
 2. Incident Management: There are plans and measures to respond to
security incidents in a timely manner.
3. Regular updates: Update systems and applications on a regular basis to
ensure protection from security vulnerabilities.
4. Penetration testing: Conduct periodic tests to simulate potential attacks
and identify vulnerabilities.
5. Data backup and recovery: Ensuring the availability of data backups and
data recovery in the event of a security breach or disaster.

NB:-

The timeline of cloud security requires continuity and precision in all of

these aspects to ensure that a high level of security is maintained and
sensitive data is protected.
Send feedback

● Limitations of studying cloud security:-

Shared Responsibility Model: Cloud providers handle the security of

the underlying infrastructure, but the responsibility for securing your
data and applications on the cloud falls on you
https://www.crowdstrike.com/cybersecurity-101/cloud-security/shared
-responsibility-model/. This can make it complex to understand where
your responsibility ends and the cloud provider's begins.

Limited Visibility: Unlike on-premises systems where you have full

control, cloud environments offer less visibility into the inner
workings of the infrastructure. This can make it challenging to
monitor for security threats or troubleshoot issues.

Evolving Threats: Cloud security is an ongoing battle against

constantly evolving cyber threats. Keeping up-to-date on the latest
vulnerabilities and attack vectors requires continuous learning.

48
 Vendor Lock-in: Migrating your data and applications between
different cloud providers can be complex and expensive. This can lead
to vendor lock-in, where you're stuck with a particular provider due to
the cost and effort of switching.

Compliance Challenges: Meeting specific industry regulations for

data privacy and security can be complex in a cloud environment.
You'll need to understand how the cloud provider's security practices
align with your compliance requirements.

Despite these limitations, studying cloud security remains a

worthwhile pursuit. The demand for skilled cloud security
professionals is high, and a deep understanding of this domain can
position you for a successful career in cybersecurity.

● Literature references in cloud security:-

● Introduction:-

Cloud computing has revolutionized how we store data and access applications.
However, this convenience comes with security concerns. A thorough
understanding of existing research in cloud security is crucial for anyone looking
to:

● Identify and mitigate security risks: By analyzing past research, you can
gain insights into common cloud security vulnerabilities and the latest
techniques to address them.
● Develop new security solutions: Examining existing literature helps you
identify gaps in knowledge and areas where further research is needed. This
can pave the way for innovative approaches to cloud security.
● Stay up-to-date on the latest trends: The cloud security landscape is
constantly evolving. A literature review helps you stay informed about
emerging threats and defensive strategies.

49
Here's what a typical literature review in cloud security might explore:

● Cloud Security Fundamentals: This section would define key concepts

like cloud service models (IaaS, PaaS, SaaS), security threats (data breaches,
DDoS attacks), and security controls (encryption, access management).
● Security Challenges in the Cloud: This section would delve into specific
security risks associated with cloud environments, such as data privacy
concerns, shared security responsibility, and insider threats.
● Existing Security Solutions: This section would explore various security
mechanisms and frameworks employed to safeguard cloud data and
applications.
● Future Research Directions: This section would identify areas where
further research is needed to address evolving security challenges in the
cloud domain.

● What other literature has said and what the study failed

to say regarding cloud security:-

● What other literature has said:-

Many studies and research papers have addressed various

aspects of cloud computing security, including:

Risks and Threats: Studies have identified the different types

of risks and threats that cloud computing faces, such as
unauthorized access, malicious data, and malware.

Security controls: Studies discussed various security controls

that can be used to mitigate cloud computing risks, such as
access control, identity, encryption, and network protection.

50
 Compliance: Studies have addressed various compliance
requirements that apply to cloud computing, such as HIPAA,
PCI DSS, and SOC 2.

Technical solutions: The studies reviewed different technical

solutions that can be used to improve cloud computing security,
such as firewalls, VPNs, intrusion detection and prevention
tools (IDS/IPS), and backup and recovery solutions.

Best Practices: Studies have provided various best practices

for cloud computing security management, such as creating a
strong cloud security policy, regularly assessing risks,
conducting penetration tests, training employees on security
awareness, and constantly monitoring the cloud environment.

● What the study failed to say:-

Despite the many contributions made by studies and research

papers in the field of cloud computing security, there are some
areas that still need further research, such as:

Human influence: Many studies have not adequately

considered human influence on cloud computing security, such
as human error and social engineering.

Supply chain: Studies often neglect cloud computing supply

chain security risks, such as cloud service providers and
sub-vendors.

Dynamic compliance: Not many studies have addressed the

challenges related to dynamic compliance in the ever-evolving
cloud computing environment.

51
 Artificial Intelligence and Machine Learning: Many studies
have not fully explored the use of AI and machine learning to
improve cloud computing security and detect and respond to
threats.

Hybrid and multi-cloud computing: Many studies have not

adequately considered the security risks of hybrid cloud,
multi-cloud and distributed cloud computing environments.

•Cloud security summary in the literature review in the

knowledge study:-

Cloud security concept: A set of practices and technologies aimed at protecting

data, applications, and infrastructure from unauthorized access, modification, and
destruction.

The importance of cloud security: Cloud computing has become an integral part
of many businesses and organizations, making it an attractive target for hackers
and cybercriminals.

A cloud computing security breach can be very costly, as it can result in data
loss, exposure to financial liability, and damage to a company's reputation.

Key topics in cloud security: Key concepts: cloud computing models, security
engagement responsibilities in the cloud, common risks and threats in the cloud.
Security controls: access and identity control, data encryption, network
protection, incident management and response.

Compliance: Common compliance standards, risk management and compliance,

privacy safeguards.

52
 Technology solutions: firewalls and VPNs, intrusion detection and prevention
systems (IDS/IPS), cloud threat management tools, backup and recovery solutions.

Best practices: Create a strong cloud security policy, regularly assess risks,
conduct penetration tests, train employees on security awareness, and constantly
monitor the cloud environment.

Notes on the literature review: Many studies and research papers have addressed
different aspects of cloud computing security.

There are some areas that still need more research, such as human impact, supply
chain, dynamic compliance, artificial intelligence and machine learning, and hybrid
and multi-cloud computing.

Additional Resources:

•Amazon Web Services Cloud Computing Security Center

•Microsoft Azure Security Center

•Google Cloud Platform Security Center

•Cloud Computing Security Alliance (CSA)

•National Institute of Standards and Technology (NIST)

• International Information Security Forum (ISF)

53
54