Unit 5

1. Shared Responsibility Model::

Introduction:

The shared responsibility model in cloud security divides security tasks between the
cloud service provider (CSP) and the customer.

This helps both parties to understand their roles in maintaining security and compliance.

Cloud Service Provider Responsibilities

1. Physical Security:

Secure facilities with surveillance, access controls, and environmental controls.

2. Network Security:

Use firewalls, intrusion detection systems, and network segmentation to protect

the network.

3. Hardware Security:

Protect physical hardware components.

4. Virtualization Security:

Manage security of the virtualization layer.

5. Cloud Services and Platforms:

Secure operating systems, databases, and middleware provided as part of the

service.

6. Compliance:

Maintain compliance with industry standards and regulation

Customer Responsibilities

1. Data Security:

Encrypt data at rest and in transit, and manage encryption keys.

2. Access Controls:

Set user access permissions, roles, and authentication, including multi-factor

authentication (MFA).

3. Application Security:

Use secure coding practices, application testing, and vulnerability management.

4. Network Security:

Manage network security settings like firewalls and security groups.

5. Operating System and Software:

Keep systems and applications up to date with security patches.

6. Compliance:

Ensure cloud-stored data complies with regulations and standards.

Examples of Responsibility Distribution

1. Infrastructure as a Service (IaaS):

- Provider: Secures physical hardware, network, virtualization, and infrastructure.

- Customer: Manages operating systems, applications, data, and access controls on

virtual machines.

2. Platform as a Service (PaaS):

- Provider: Secures infrastructure, operating systems, and runtime environment.

- Customer: Manages applications, data, and access controls.

3. Software as a Service (SaaS):

- Provider: Secures the entire infrastructure, including applications.

- Customer: Manages user access, data within the application, and specific
configurations.

Importance of the Shared Responsibility Model

1. Clear Accountability:

Helps both parties know their specific responsibilities, reducing security and
compliance gaps.

2. Effective Security Management:

Encourages cooperation to address security challenges and implement measures.

3. Compliance Assurance:

Helps organizations comply with regulations by understanding shared

responsibilities.

4. Risk Mitigation:

Allows providers to focus on infrastructure security while customers secure their

applications and data.
2. IAM::

IAM:

Identity and Access Management (IAM) strengths MFA by requiring users to verify their
identity through multiple factors (e.g., password, OTP, biometrics). It enhances security,
reduces risks of credential-based attacks, and ensures compliance with regulatory
standards.

Something you know: Passwords or PINs.

Something you have: Physical devices like smartphones, smart cards, or security tokens.
Something you are: Biometric identifiers, such as fingerprints, facial recognition, or
retinal scans.

Significance of IAM:

Improved Security: Adds a layer of protection, even if passwords are compromised.

Prevention of Attacks: Stops phishing, credential stuffing, and brute-force attacks.

Regulatory Compliance: Meets security requirements for sensitive data access.

Situations to Enforce IAM in Cloud Applications:

Sensitive Data Access: Protects confidential files like financial or patient records.

Administrative Accounts: Secures elevated privileges to prevent misuse.

Remote Access: Ensures safe logins from outside trusted networks.

High-Risk Transactions: Verifies identity for actions like financial transfers or permission
changes.

Untrusted Locations: Requires IAM (MFA) for logins from unknown devices or IPs.
Examples:

AWS: IAM for console and API access.

Microsoft 365: Secures emails and admin tasks.

Google Workspace: IAM for shared document access.

Salesforce: Protects CRM data with IAM.

IAM is essential for securing cloud applications, safeguarding sensitive data, and
preventing unauthorized access.
3. Strategies for managing costs and optimizing cloud resources::

Managing Costs and Optimizing Cloud Resources:

Effectively managing costs and optimizing resources in a cloud environment is crucial to

achieving high performance while maximizing return on investment. Here are key
strategies to balance cost and performance:

1. Right-Sizing Resources

 Track metrics (CPU, memory, storage) to find underutilized resources.

 Adjust resource size based on actual usage.
 Use auto-scaling to match resources to its demand, reducing costs in low-usage
periods.

2. Cost Management Tools

 Use tools like AWS Cost Explorer or Azure Cost Management to analyze spending.
 Set budgets and alerts to prevent exceeding cost limits.

3. Choosing Cost-Effective Pricing Models

 Choose between on-demand, reserved, and spot instances based on workload

needs.
 Use for predictable workloads to save costs.
 Leverage spot instances for flexible tasks to gain discounts.

4. Optimizing Storage

 Move infrequently accessed data to lower-cost storage.

 Compress data to save storage costs.
 Regularly remove unnecessary data to reduce expenses

5. Serverless Architecture
  Use serverless options like AWS Lambda, paying only for usage.
 Execute functions on events to optimize resources and reduce idle costs.

6. Application Performance

 Use CDNs to reduce latency and improve performance.

 Use performance tools to identify areas for optimization.

7. Governance Policies

 Restrict access to prevent unauthorized cost-incurring actions.

 Tag resources to track and allocate costs accurately.

8. Regular Reviews and Optimization

 Regularly review cloud usage for optimization opportunities.

 Align resource use with current needs and business goals.

9. Training and Awareness

 Train teams on cost management and optimization best practices.

 Promote best practices in architecture and code to reduce resource use.
4. Metrics and Checklists for Evaluating Cloud Security::

1. Governance and Compliance

- Follow industry regulations like GDPR, PCI-DSS, SOX.

- Use frameworks like CSA Cloud Controls Matrix or NIST Cybersecurity Framework.

2. Data Protection

- Encrypt data at rest and in transit.

- Use secure key management solutions, such as HSMs.

3. Identity and Access Management (IAM)

- Implement Multi-Factor Authentication (MFA).

- Assign permissions based on roles.

- Monitor and manage high-level access accounts.

4. Security Monitoring and Incident Response

- Track and analyze security events continuously.

- Use Security Information and Event Management (SIEM) tools.

- Develop and test a response plan for breaches.

5. Network Security

- Use firewalls, intrusion detection systems and network segmentation to protect the
system.

6. Data Backup and Recovery

- Ensure automated and regular data backups.

- Develop and test plans for major disruptions.

7. Application Security

- Follow secure coding practices in development.

 - Regularly scan and fix vulnerabilities.

8. Vendor and Third-Party Risk Management

- Evaluate security of vendors and service providers.

- Include security requirements in service level agreements (SLAs).

9. Security Policies and Training

- Enforce comprehensive security policies.

- Provide ongoing security awareness and training programs.

Security Monitoring for Cloud Environments

Tools and Techniques: Use tools like AWS CloudTrail, SIEM, and EDR solutions.

Key Areas: Monitor IAM, network traffic, applications, and data access.

Log Management: Collect, store, and analyze logs using machine learning.

Threat Detection: Identify anomalies and integrate threat intelligence.

Alerts and Reporting: Automate alerts, prioritize issues, and generate reports.

Incident Response: Automate workflows and maintain response plans.

Security Metrics: Track MTTD, MTTR, and incident resolutions.

By systematically evaluating and monitoring, organizations ensure robust cloud security

and mitigate risks effectively.
5. Importance of Network Segmentation and Isolation in Cloud Security

1. Limiting Attack Surface

2. Protecting Critical Assets
3. Containing Malware and Threats
4. Compliance and Regulatory Requirements
5. Enhanced Monitoring and Control
6. Enabling Multi-Tenancy Security