Exploring

CLOUD
SECURITY
&
its concepts

Introduction to Cloud Computing

Sem-IV
 g e n d a
A
1. What is Cloud Security?
2. Why Cloud Security?
3. How does it work?
4. Types of Cloud Security
Options
5. Cloud Security Practices
What is Cloud Security?

Cloud security refers to the safety guidelines, technology, and best practices used to protect
sensitive data stored within the cloud from unauthorized access. In particular, cloud security
works to provide storage and network protection against internal and external threats, access
management, data governance and compliance, and disaster recovery.

Cloud computing has become the technology of choice for companies looking to gain the
agility and flexibility needed to accelerate innovation and meet the expectations of today’s
modern consumers. But migrating to more dynamic cloud environments requires new
approaches to security to ensure that data remains secure across online infrastructure,
applications, and platforms.
Why is cloud security important?
It’s imperative to rethink security approaches as more companies move to the cloud from on-
premises environments, especially with data governance and compliance under the regulatory
microscope.
In an increasingly hybrid and multicloud world, you have more freedom than ever to build where
and when you want. But it also means, security is a lot more complicated than stopping someone
from accessing your network. Unfortunately, many organizations tend to treat security as an
afterthought and may forgo best practices in favor of chasing after faster digital transformation. As
a result, attackers see cloud-based targets as a potentially easy path to big gains and are adapting
their tactics to exploit vulnerabilities accordingly.
While cloud security can never guarantee complete prevention of attacks and vulnerabilities, a well-
designed cloud security strategy can go a long way toward preventing breaches or mitigating
damage, improving compliance, and building stronger customer trust.
 y o st s
b i l i t y we rC es
Vis
i
e cu
r i t Lo r i t y r e d u c
O )
t e r t a s t o s ec u
p ( T C
re a d d a
y ou e u d d at a
n e r sh i
an d
G ou t h Clo o w ve
cl
g low a l to i n c o s t o f
i n i s t r at i
cl o ud
t r o n
u r e s
i l i t y o ur total he adm rden of
S a s s i b f y n d t t b u
m e v i s o a m e n r i ty
a i n in g n ag e s ec u
i n t o r k m a da t a
m a r w u d
n e c l o
in
Benefits
of
ry p t i o n y
ta E n c cloud ups & Re c ove r
Da to p r o t e ct Easy Back
be a b l e
it
z a t i o n s n e e d t o
an d w he r e v e r
security Cloud d a t a s e c u r i t y c a n
Organi ta w h e n e ver
s h e lp y ou
a r
offer a number of
i v e d o v i d e
sensit d se r v ic e pr
r a n s f er,
C l ou a ta t re s t o
go es . u d d nd s a n d f e a t u
l e s ec u r e c l o
h i n tra n s it a solution
ta c k o t
help automate and
a r i n g b
, an d sh
storag e
at rest. d a r d i z e b a c k u ps
st a n
how does cloud security work?
A cloud environment is only as secure as its weakest point, so effective cloud security means multiple
technologies working together to protect data and applications from all angles. This often includes
firewalls, identity and access management (IAM), segmentation, and encryption.
Rather than protecting a perimeter, cloud security protects resources and data individually. This means
implementing more granular security measures, such as cloud security posture management (CSPM),
data protection, data security, disaster recovery, and compliance tools.
Cloud environments, especially hybrid clouds that combine public clouds with private data centers,
can have many internal and external vulnerabilities. That’s why it’s critical to leverage access
controls, multifactor authentication, data protection, encryption, configuration management, and more
to keep them accessible and secure.
how does cloud security work?

Cloud service providers (CSPs) typically follow a

shared responsibility model,
which means implementing cloud computing secur
ity is both the responsibility of the cloud provider
and you—the customer.
It is a responsibility framework that defines whic
h security tasks belong to the cloud provider and
which are the duty of the customer. Understanding
where your provider’s security responsibilities en
d and yours begin is critical for building a resilien
t cloud security strategy.
 Cloud security options available

Firewall IAM HTTP/HTTPS

VPC SSL
Virtual private cloud (vpc)
• A virtual private cloud (VPC) is a secure, isolated private cloud
hosted within a public cloud.

• VPC customers can run code, store data, host websites, and do
anything else they could do in an ordinary private cloud, but the
private cloud is hosted remotely by a public cloud provider.

• VPCs combine the scalability and convenience of public cloud

computing with the data isolation of private cloud computing.
.
Virtual private cloud (vpc)
• A VPC isolates computing resources from the other computing resources available in the public cloud.
Following technologies are used to isolate a VPC from public cloud:

1. Subnets
2. VLAN
3. VPN

ADVANTAGES OF A VPC:

• Scalability
• Easier Hybrid Cloud Development
• Better Performance
• Better Security
 Firewall
• A cloud firewall is a security product that, like a traditional firewall, filters out potentially malicious
network traffic.

• Unlike traditional firewalls, cloud firewalls are hosted in the cloud. This cloud-delivered model for
firewalls is also called firewall-as-a-service (FWaaS).

• Cloud-based firewalls form a virtual barrier around cloud platforms, infrastructure, and applications, just
as traditional firewalls form a barrier around an organization's internal network. Cloud firewalls can also
protect on-premise infrastructure.
Firewall
• BENEFITS OF FIREWALL:
1. Malicious web traffic is blocked, including malware and bad bot activity. Some FWaaS
products can also block sensitive data from going out.

2.Traffic does not have to be funneled through a hardware appliance, so no

network choke points are created.

3.Cloud firewalls integrate easily with cloud infrastructure.

4.Cloud firewalls scale up rapidly to handle more traffic.

5 Organizations do not need to maintain cloud firewalls themselves; the vendor handles all
updates.
 identity access management (IAm)

• Identity and Access Management (IAM) lets administrators authorize who can
take action on specific resources, giving you full control and visibility to
manage Cloud resources centrally.

• Identity and access management is a way to tell who a user is and what they are
allowed to do. IAM is like the bouncer at the door of a nightclub with a list of
who is allowed in, who isn't allowed in, and who is able to access the VIP area .

• IAM is also called identity management (IdM).

identity access management (IAm)
• COMPONENTS OF IAM:
Authentication
Module through which a user provides sufficient credentials to
gain initial access to an application system of a particular
resource.
Authorisation
module that determines whether a user is permitted to access a
particular resource.
User Management
This area is comprised of user management, password
management, role/group management and user/group
provisioning
Central User Repository
stores and delivers identity information to other services, and
provides service to verify credentials submitted from clients.
SSL/
TLS:
• SSL/TLS stands for secure sockets layer and transport layer security
• It is a protocol or communication rule that allows computer systems to talk to
each other on the internet safely.
• SSL and TLS are not the same thing SSL is the direct predecessor of another
protocol called TLS (Transport Layer Security).
• SSL/TLS certificates allow web browsers to identify and establish encrypted
network connections to web sites using the SSL/TLS protocol.
SSL Certificate:
An SSL certificate is like an ID card or a badge that proves someone is who they
say they are. SSL certificates are stored and displayed on the Web by a website's or
application's server.
HTTP & HTTPS:
1. HTTP
• stands for Hypertext Transfer Protocol, and it is a protocol – or a prescribed order and syntax for
presenting information – used for transferring data over a network. Most information that is sent over
the Internet, including website content and API calls, uses the HTTP protocol. There are two main
kinds of HTTP messages: requests and responses.
• Transmits data in plain text.
• Vulnerable to interception and tampering.
2. HTTPS
• The S in HTTPS stands for "secure." HTTPS uses TLS (or SSL) to encrypt HTTP requests and
responses.
• Uses SSL/TLS encryption.
• Ensures integrity of data.

.
best Cloud Security Practices :
1.Choose a reliable cloud service provider
• The provider should offer secure data storage, encryption, and access controls. Look for providers that
are compliant with relevant security standards and regulations, such as ISO 27001, HIPAA, and PCI
DSS.

2. Understand your security responsibilities

• In most cases, the cloud provider is responsible for securing the infrastructure, while the customer is
responsible for securing the data stored on that infrastructure.

3.Use strong authentication

• Authentic methods such as multifactor authentication, can significantly reduce the risk of unauthorized
access to data.

4.Implement encryption
• It involves encoding data in such a way that only authorized users can access it.
best Cloud Security Practices :
5.Implement access control
• Implementing access controls can help limit access to sensitive data in cloud services. Access controls
should be based on the principle of least privilege, where users are granted the minimum access
required to perform their tasks.

6.Monitor cloud activity and know your security posture

• can help detect and prevent unauthorized access to data. Cloud service providers offer monitoring
services that can alert administrators when suspicious activity is detected.

7.Use secure APIs

• Secure APIs should be implemented with strong authentication and encryption to prevent unauthorized
access to cloud services.

8.Conduct regular security assessments

• can help identify security vulnerabilities and assess the effectiveness of security measures.
Thank you