Cloud computing- risks, security

Unit 4
• Crucial aspects in maintaining cloud security

• Types of security – infrastructure security, network level

security, data security

• Ethical considerations in data warehousing, application of cloud

techniques

• Application of laws in security of data under cloud computing

Cloud security refers to the set of practices, technologies,
policies, and controls put in place to protect data,
applications, services, and infrastructure in cloud computing
environments.
Cloud security is a critical aspect of using cloud services as it
ensures the confidentiality, integrity, and availability of
data and resources stored and processed in the cloud.
Information in a cloud environment has much more
dynamism and fluidity than information that is static on a
desktop or in a network folder.
We need to start to view data security as a
dictionary of choices, as opposed to an on/off
technology. Perhaps we should be viewing the
application of data security as less of a walled and
impassable fortress and more of a sliding series of
options that are more appropriately termed “risk
mitigation.”
Here are some key aspects of cloud security:
1.Data Protection: Cloud service providers implement data encryption and access
controls to safeguard data stored
2.on their servers. Encryption helps in securing data both at rest (stored in databases
or storage systems)
3.and in transit (while being transferred between the user and the cloud provider).
Access controls ensure that only authorized users have the appropriate permissions
to access sensitive information.
2.Identity and Access Management (IAM): IAM is a fundamental part of cloud
security. It involves managing user identities, roles, and access rights to cloud
resources. Proper IAM ensures that users only have access to the resources they
need, and it helps prevent unauthorized access.
3.Compliance and Regulatory Standards: Cloud providers often adhere to various
industry-specific compliance standards, such as GDPR, HIPAA, or PCI DSS. They may
also undergo independent audits to demonstrate their compliance with these
regulations. This helps businesses ensure that their data is handled in accordance
with applicable laws and industry requirements.
• The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
is a federal law that required the creation of national standards to
protect sensitive patient health information from being disclosed
without the patient's consent or knowledge.
• General Data Protection Regulation (GDPR)
• Payment Card Industry Data Security Standard.”
4.Network Security: Cloud providers deploy security measures to protect their networks and
data centers from unauthorized access, distributed denial of service (DDoS) attacks, and
other network-based threats.
5.Security Monitoring and Logging: Cloud providers typically offer tools for monitoring and
logging events in the cloud environment. This includes tracking user activities, resource usage,
and potential security incidents. Real-time monitoring helps detect suspicious activities and
potential security breaches.
6.Incident Response and Forensics: In the event of a security incident, cloud providers may
have predefined incident response procedures to mitigate the impact and recover from the
attack. Additionally, forensic analysis helps in understanding the root cause of the incident
and prevents similar attacks in the future.
7.Shared Responsibility Model: In most cloud environments, there is a shared responsibility
model between the cloud provider and the customer. The provider is responsible for securing
the underlying infrastructure, while the customer is responsible for securing their data,
applications, and configurations within the cloud environment.
8.Data Backup and Disaster Recovery: Cloud providers often offer data backup and
disaster recovery services.
Regular backups of data ensure that it can be restored in case of data loss or
corruption, and disaster recovery solutions
help restore services and data in the event of a catastrophic failure.
9.Secure APIs: Application Programming Interfaces (APIs) are used to interact with
cloud services. Ensuring the security of
these APIs is vital to prevent unauthorized access and data breaches.
Cloud security is an ongoing process that requires continuous monitoring, updates, and
proactive measures to address
emerging threats and vulnerabilities. It is essential for organizations using cloud
services to understand their responsibilities,
implement best security practices, and work in collaboration with their cloud providers
to ensure a robust and secure cloud environment.
Challenges In cloud security

Challenges In cloud security
Data Breaches: unauthorized users might gain access to sensitive data, leading to
potential data leaks, identity theft, or financial loss.
Data Loss: Service outages or errors during data migration can result in data
loss.
Insider Threats: An authorized user intentionally or unintentionally misuses their
access to sensitive data or resources.
Insecure APIs: Cloud services rely heavily on APIs to enable interaction
between different applications
Lack of Control: Customer has limited control over the underlying
infrastructure
Shared Infrastructure : a multi-tenant cloud environment
Compliance and Legal Issues
Data Encryption and Privacy
Inadequate Security Practices: weak password management, leaving
resources open to potential attacks.
 Shadow IT: Employees might use unauthorized cloud services
Challenges In cloud security without the knowledge of IT departments, increasing the risk of
data exposure and security breaches.

Security Monitoring and Incident Response: Effective security

monitoring and timely incident response are essential to detect
and mitigate potential threats. Cloud environments can be
complex, making it challenging to monitor activities across all
resources.

Supply Chain Risks: Cloud providers often rely on a network of

third-party services and vendors. A security breach in any of
these partners can have a cascading effect on the overall
security of the cloud environment..
1.Data Breaches: Data breaches are one of the most significant
concerns in the cloud. If a cloud provider's security measures are
insufficient, unauthorized users might gain access to sensitive data,
leading to potential data leaks, identity theft, or financial loss.
2.Data Loss: Cloud service outages or errors during data migration can
result in data loss. While cloud providers usually have backup and
redundancy measures, it is crucial for users to implement their data
backup and disaster recovery strategies.
3.Insider Threats: Insider threats can be particularly concerning, where
an authorized user intentionally or unintentionally misuses their access
to sensitive data or resources.
4.Insecure APIs: Cloud services rely heavily on APIs to enable interaction
between different applications. If APIs are not adequately secured, they
can be exploited to gain unauthorized access to cloud resources.
5.Lack of Control: When using a cloud service, the customer has limited
control over the underlying infrastructure. This lack of control can make it
challenging to implement certain security measures or audit the
environment fully.
6.Shared Infrastructure: In a multi-tenant cloud environment, multiple
customers share the same physical infrastructure. If one customer's data
or application is compromised, there is a risk of other tenants' data being
affected as well.
7.Compliance and Legal Issues: Depending on the industry and
geographical location, businesses may have specific compliance
requirements for data handling and storage. Ensuring that cloud
providers meet these compliance standards can be a challenge.
8.Data Encryption and Privacy: While encryption helps protect data,
managing encryption keys securely can be a complex task. Additionally,
ensuring data privacy and compliance with data protection laws can be
challenging when data is stored and processed in the cloud.
9.Inadequate Security Practices: Some cloud users might not follow
best security practices, such as weak password management, leaving
resources open to potential attacks.
10.Shadow IT: Employees might use unauthorized cloud services
without the knowledge of IT departments, increasing the risk of data
exposure and security breaches.
11.Security Monitoring and Incident Response: Effective security
monitoring and timely incident response are essential to detect and
mitigate potential threats. Cloud environments can be complex, making
it challenging to monitor activities across all resources.
12.Supply Chain Risks: Cloud providers often rely on a network of third-
party services and vendors. A security breach in any of these partners
can have a cascading effect on the overall security of the cloud
environment.
Addressing these security challenges requires a comprehensive approach,
including understanding the shared responsibility model, implementing robust
access controls, encrypting data, conducting regular security audits, and
staying informed about the latest security threats and best practices.
Businesses should also establish a strong security culture, ensuring that all
employees are educated about security risks and adhere to security policies
and procedures.
Data security risks are compounded by the open nature of cloud computing.

Access control becomes a much more fundamental issue in cloud-based

systems because of the accessibility of the data therein.

If you use a system that provides improved accessibility and opens up the
platform to multi-node access, then you need to take into account the risks
associated with this improvement.
One way this can be done is by adding an element of control, in the form of
access control, to afford a degree of risk mitigation. Information-centric
access control (as opposed to access control lists) can help to balance
improved accessibility with risk, by associating access rules with different
data objects within an open and accessible platform, without losing the
inherent usability of that platform.
The cloud computing model opens up old and new data
security risks. By its very definition, Cloud computing is a
development that is meant to allow more open
accessibility and easier and improved data sharing. Data
are uploaded into a cloud and stored in a data center, for
access by users from that data center; or in a more fully
cloud-based model, the data themselves are created in
the cloud and stored and accessed from the cloud (again
via a data center). The most obvious risk in this scenario
is that associated with the storage of that data. A user
uploading or creating cloud-based data include those
data that are stored and maintained by a third-party
cloud provider such as Google, Amazon, Microsoft, and
so on.
Data security has several risks associated with it:
• Firstly, it is necessary to protect the data during upload into the
data center to ensure that the data do not get hijacked on the
way into the database.
• Secondly, it is necessary to the stores the data in the data
center to ensure that they are encrypted at all times.
• Thirdly, and perhaps less obvious, the access to those data
need to be controlled; this control should also be applied to
the hosting company, including the administrators of the data
center. In addition, an area often forgotten in the application of
security to a data resource is the protection of that resource
during its use—that is, during a collaboration step as part of a
document workflow process.
Other issues that complicate the area of hosted data
include ensuring that the various data security acts and
rules are adhered to; this becomes particularly
complicated when you consider the cross border
implications of cloud computing and the hosting of data
in a country other than that originating the data.
The Internet and mobile devices have effectively opened
up new points at which data can leak; and as new
methods of communicating emerge, they will open up
even more potential for information loss
The Internet and mobile devices have effectively opened up
new points at which data can leak; and as new methods of
communicating emerge, they will open up even more
potential for information loss.
Cloud data security is the practice of protecting data and
other digital information assets from security threats,
human error, and insider threats. It leverages technology,
policies, and processes to keep your data confidential and
still accessible to those who need it in cloud-based
environments.
What is breach of data ??
A data breach is a confirmed incident in which
sensitive, confidential or otherwise protected data
has been accessed and/or disclosed in an
unauthorized fashion. Data breaches may involve
personal health information (PHI), personally
identifiable information (PII), trade secrets or
intellectual property.
Data breach is one of the biggest issues in both
government and corporate information security
today.
In India , one cyber crime takes place every 8
minutes.
These include phishing, scanning or probing, site
intrusions, defacements, virus or malicious code,
ransomware and denial-of-service attacks.
There has to be a concerted effort to treat cyber
security seriously... The vast majority of
organizations are looking at cyber security as a
compliance task and thus do the minimum
possible to achieve that.
organizations are facing these days .
Cloud Vulnerability..
Top cybersecurity threats that
AI-Enhanced Cyberthreats.

AI Fuzzing.

Machine Learning Poisoning.

Smart Contract Hacking

Social Engineering Attacks.

Deep-fake.
Cyber attackers have:-
1. Motive / Objective
2. Method
3. Vulnerability
Threat Possible event that can harm an
information system. Can lead to the risk
to the organization.

Vulnerability Degree of exposure in view of a threat.

Anything weak.

Countermeasure A set of actions implemented to prevent

threats. An action taken to reduce risk.
Data privacy as a discipline
Data privacy analysis implies analysis of data protection policies and
procedures of a company for risk assessment. Data privacy means ensuring
that the transmission of data by means of technological system and networks
is protected at all times from unauthorized parties.

“The legal ability to ensure that the privacy of communications practices

is preserved “ --- Electronic communications Privacy Act (ECPA)

DP is concern with proper handling , processing, storage and usage of

personal information. Rights of individuals with respect to their
personal information and an understanding of how their personal
information is collected, used , stored and shared.
• Information security and data privacy are very closed
related to each other , they deal with protection data
from unauthorized users / use.
• International laws that deal with the above topics are :-
• Data protection regulation
• E-commerce directive
• Information technology transfer agreement
• Trade related aspect of IPR

The International Standard Organization for standardisation

(ISO) deals with many rules and regulations governing data
privacy
• Information constantly being
shared
• Data is dissemination and used
for unlawful purpose
• If data leaked, it can create huge
problem for organizations and
individual
• Hence data privacy is mandatory

Importance of
data privacy
 Malicious
insider
Insider Negligent
Threat insider
Accidental
insider
Insider Threat Defence and Response Plan
Monitor all files, emails and activity on core data sources

Identify and discover where your sensitive files live

Determine who has access to that data, why? And time allotted?

Implement and maintain privilege model (eliminate global access

group, put data owners in charge of managing permissions )

Apply security analytics to alert abnormal behaviour

 Cyber Warefare
• Usually defined as a cyber – attack or series of attacks that target a
country. It has the potential to create havoc on government and
civilian infrastructure and disrupt critical systems, resulting in damage
to the state and even loss of life.
• Sometimes the attacks are carried out by terrorist organizations
(cyber terrorism)
 Automotive Hacking
• Automotive hacking is the exploitation of vulnerabilities
withing the software, hardware and communication
system of automobiles
• As automotive vehicles use Bluetooth , Wi-Fi , AI
technologies to communicate, this makes them more
prone to cyber attacks. This attack ranges from logical to
physical.
• Car hacking involves manipulation of the code in a car’s
Electronic Control Unit (ECU) to exploit a vulnerability and
gain control of other ECU units in the vehicle.
 Techniques to prevent cyber attacks in automobiles

Update car software

Limit the use of wireless systems

Use Virtual Private Network (VPN)

Turn off GPS (GPS spoofing)

Give priority to security

Vulnerability Valuation Management

A single cyber security technology will not be able
to prevent a cyber attack, hence organizations
should have a layered approach to reduce the
number of attacks and lessen their impact.
Network security technologies should include
web security, malware protection, user behaviour
monitoring and access control
 Cloud Service Vulnerability
• Cloud computing is a technology that uses the internet for storing and
managing data on remote servers and then access data via the
internet. This system allows users to work on the remote.
Companies are rapidly using the cloud to alter their digital
transformation.
Social Media Crimes
 Types of Social Media
Crimes

Online Threats,
Hacking and Buying Illegal Vacation Creation of fake
Stalking, Cyber
fraud things Robberies profile
bullying
 Hardware
Software
Classification of
Vulnerability
Network
Personnel
Physical site
Organizational
 Complexity

Familiarity

Connectivity

Password Management Flaw

Reasons of
Vulnerabilities Fundamental OS Flaw

Internet Web Browsing

Software Bugs

Unchecked User Input

Not learning from past mistakes

Threats
 Malware

Denial of Service (DoS)

Types of cyber security Man in the Middle (MiTM)

threats

Virus

Computer Worm

Spyware / Trojan Horse

Viruses spread to different systems through executable files,
whereas worms use computer networks to spread themselves.
The main objective of a computer virus is to modify the
information. On the other hand, the main objective of a
computer worm is to consume system resources, such as
bandwidth, memory, etc
 Cyber Security -- Controls
Cyber security professionals handle huge amount of data and
systems, they are responsible to protect, it makes us wonder
what kind of safeguards could possibly be put in place to carry
out this task.
These safeguards are called controls, and they take several forms
from securing the physical locations of server rooms to
implementing technical controls to keep bad actors out of the
network, and even writing policies so employees and co-workers
can do their part.
Confidentiality relates to permitting authorized access to information, while at the same time
protecting information from improper disclosure. It is security professional’s
obligation is to regulate access—protect the data that needs protection, yet permit
access to authorized individuals.

Integrity is the property of information whereby it is recorded, used and maintained in a

way that ensures its completeness, accuracy, internal consistency and usefulness
for a stated purpose.
Data integrity is the assurance that data has not been altered in an unauthorized
manner. This requires the protection of the data in systems and during processing
to ensure that it is free from improper modification, errors or loss of information
and is recorded, used and maintained in a way that ensures its completeness.

Availability means that systems and data are accessible at the time users need them. It can be
defined as (1) timely and reliable access to information and the ability to use
it, and (2) for authorized users, timely and reliable access to data and information
services.
 Why do we need information / cyber
security?
• Too many users exchange information
• Every individual holds the right to his/her own privacy
• The dark web can cause serious damage
• Need arises to protect data from hackers
• Immense growth of IOT devices
 Internet risks
• Inappropriate content
• Ignoring age restrictions
• Friending or communicating with people they don’t
know
• Sharing personal information
• Gambling
 Information Warfare
• "Information Warfare is any action to Deny, Exploit, Corrupt or
Destroy the enemy's information and its functions; protecting
ourselves against those actions and exploiting our own military
information functions".
• Information warfare can take many forms: Television, internet
and radio transmission(s) can be jammed. Television, internet
and radio transmission(s) can be hijacked for a disinformation
campaign.
 Deny, corrupt, destroy, or exploit an
adversary's information, or influence the
Offensive adversary's perception. Acquiring
dominance , launching attack against
enemy’s computer network and destruct
information

Protection of critical information

infrastructure of nation – like public
Information Warfare Defensive telephone lines, bridges, routers ,
Bluetooth etc

timely fashion

Exploit available information in a timely

timely fashion

fashion to enhance our decision/action

Exploitative cycle and disrupt the adversary's cycle.
 Tools of information warfare
Malware attacks
Viruses
Worms
Trojan Horse
Spyware – Adware
Hacking
DoS / DDoS
Social engineering attack
Backdoor attack
DNS attack
Packet Sniffing
Elements of Defensive Information Warfare
• Protection to critical information infra-structure
• Communication security
• Information management control
• Understanding threats and Vulnerabilities
• Understanding capability to detect, investigate and
respond to attacks
Elements of Offensive Information Warfare
• Capability to identify the target
• Capability to attack the target
• Malware
• Hacking and logic bomb
• Destructive attack against computer system and its
resources.
Top 10 Security Issues in Cloud Computing
• Data Loss.
• Malware Injections.
• Restricted Access to Network Operations.
• Insecure APIs.
• Insufficient Due Diligence.
• Abuse of Cloud Services.
• Hijacking of Accounts.
• Insider Threat. Although an attack from within your company may seem
unlikely, the insider threat does occur.
Seven principles of data security :-
If your company handles personal data, it's important to
understand and comply with the 7 principles of the GDPR. The
principles are:
1.Lawfulness,
2.Fairness, and Transparency;
3.Purpose Limitation;
4. Data Minimisation;
5.Accuracy;
6.Storage Limitations;
7.Integrity and Confidentiality; and Accountability.
 Points to Ponder
• Cybersecurity is a global problem, vulnerabilities existing
everywhere
• Investing a lot on strengthening infra-structure and personnel
• Using a lot AI to identify whether packets are generated / coming
from good or malicious origins
• Attacks and attackers have become sophisticated, tools are
easily available and easy to use
• Data is big today ----- Big Data
• Internet of things
• Cloud popularity
 Honeypot
The honeypot looks like a real computer system, with
applications and data, fooling cybercriminals into thinking
it's a legitimate target. For example, a honeypot could mimic
a company's customer billing system - a frequent target of
attack for criminals who want to find credit card.
A honeypot is a network-attached system set up as a decoy
to lure cyber attackers and detect, deflect and study
hacking attempts to gain unauthorized access to
information systems.
 Can hackers detect honeypot?
The “honeypot hacking” term refers to the
tools and techniques used by attackers to
detect honeypots so they can avoid them and
hack into poorly secured systems. Attackers
can use a variety of tools to help them detect
honeypots, such as: Send-safe Honeypot
Hunter
Difference between firewall and honeypot
A firewall is designed to keep the attackers out of
the network whereas honeypots are designed to
attract the hackers to attack the system. This is
done so that a security researcher can know how
hackers operate and can know which systems and
ports the hackers are most interested in.
 Cyber Grooming
• Cyber grooming is when someone (often an adult) befriends a
child online and builds an emotional connection with future
intentions of sexual abuse, sexual exploitation or trafficking.
• Perpetrators often take on fake identities of a child or teen and
approach their victims in child-friendly websites, leaving children
vulnerable and unaware of the fact that they have been approached
for purposes of cyber grooming. Perpetrators often start
conversations with ordinary and general questions about age,
hobbies, school, family. They also attract children with gifts, offers
for gift or guidance and favors to children.
Security of information and information
system is affected by:-
• Destruction
• Deletion
• Bugs infection
• Theft
• Corruption
Security challenges needs to be met in the following fronts :-
• Prevention
• Limitation
• Protection
Cyber Forensics
The science of collecting, inspecting, interpreting,
reporting, and presenting computer-related electronic
evidence is known as cyber forensics. Evidence can be
found on the hard drive or in deleted files.

It is the process of examining, acquiring, and analyzing

data from a system or device so that it can be
transcribed into physical documentation and
presented in court.
How We Protect Information?
People
Training, education, awareness, repetition

Process
Governance, oversight, policy, reporting

Technology
Firewalls, IDS/ISP, SIEM, anti-malware
Strong passwords, Logging/monitoring

Which is the weakest link?

DarkWeb
 Hobby Hackers
Hobby hackers, also known as ethical hackers or white hat hackers,
are individuals who engage in hacking activities as a hobby or for
personal interest. Unlike malicious hackers (black hat hackers) who
exploit computer systems for personal gain or to cause harm, hobby
hackers follow ethical guidelines and legal boundaries.
Hobby hackers often possess a strong interest in technology,
computer systems, and cybersecurity.
They enjoy exploring and understanding the inner workings of
computer networks, software, and hardware.
They may study various hacking techniques and security
vulnerabilities to gain knowledge and improve their skills.
Hobby hackers typically use their skills and knowledge to identify
security weaknesses in systems and applications.
They may voluntarily assist organizations, friends, or online
communities in identifying vulnerabilities and suggesting
improvements to enhance security. Some hobby hackers participate
in bug bounty programs, where they are rewarded for responsibly
disclosing vulnerabilities to companies.
It's important to note that while hobby hackers may engage in
hacking activities, they do so with the intention of improving security
and helping others. They adhere to legal and ethical guidelines,
respecting privacy and obtaining proper authorization before testing
systems.
 Cloud Security Policy Implementation

Cloud security policy implementation is a critical

aspect of ensuring the security of your cloud
infrastructure and data. It involves translating high-
level security policies into concrete technical
controls and procedures
• Key Steps in Cloud Security Policy Implementation:
1. Policy Creation and Approval:
o Develop comprehensive security policies that cover areas like access
control, data protection, incident response, and vulnerability management.
o Involve key stakeholders, including IT, security, and business teams, in
the policy creation and approval process.
2. Policy Communication and Training:
o Clearly communicate the policies to all relevant personnel, including
employees, contractors, and third-party vendors.
o Conduct regular security awareness training to educate employees about
their responsibilities and potential security threats.
3. Technical Control Implementation:

o Access Control: Implement strong access controls, such as multi-factor authentication (MFA), role-based access
control (RBAC), and least privilege principles.

o Data Protection: Encrypt sensitive data both at rest and in transit. Implement data loss prevention (DLP) measures to
prevent unauthorized data transfer.

o Network Security: Configure firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) to
protect network traffic.

o Vulnerability Management: Regularly scan systems for vulnerabilities and patch them promptly.

o Incident Response: Establish incident response plans and procedures to respond effectively to security incidents.

4. Policy Enforcement and Monitoring:

o Use security information and event management (SIEM) tools to monitor network traffic and system logs for suspicious
activity.

o Regularly audit systems and processes to ensure compliance with security policies.

o Implement continuous monitoring and automated security tools to detect and respond to threats in real-time.
 Best Practices for Effective Cloud Security Policy Implementation:

• Tailor Policies to Your Specific Environment: Consider your organization's unique

needs and risk profile when developing policies.
• Prioritize Risk Management: Identify and prioritize the most critical security risks to
your organization.
• Incorporate Cloud-Specific Security Controls: Address the unique security
challenges of cloud environments, such as shared responsibility models and data
privacy regulations.
• Leverage Cloud Provider Security Features: Utilize the built-in security features and
tools provided by your cloud provider.
• Regularly Review and Update Policies: Keep your security policies up-to-date to
address evolving threats and changes in your organization.
By following these steps and best practices, you can effectively implement cloud
security policies and protect your organization's valuable assets in the cloud.