CLOUD COMPUTING.

SANUSI ABDUL SULE

HOW TO SECURE CLOUD.

Securing cloud environments is a critical aspect of modern IT infrastructure,

and it involves a multi-layered approach to protect data, applications, and the
associated infrastructure from threats.
 Basic Terms and Concepts
 Confidentiality: Ensuring that data is accessible only to authorized
parties.
 Integrity: Guaranteeing that data has not been altered by unauthorized
parties.
 Authenticity: Verifying that a piece of data or interaction is from an
authorized source.
 Authenticity: Authenticity is the characteristic of something having been
provided by an authorized source.
CONT. HOW TO SECURE CLOUD.

 Availability: Availability is the characteristic of being accessible and

usable during a specified time period.
 Threat: A threat is a potential security violation that can challenge
defenses in an attempt to breach privacy and/or cause harm.
 Vulnerability: A vulnerability is a weakness that can be exploited
either because it is protected by insufficient security controls, or
because existing security controls are overcome by an attack.
 Risk: is typically measured according to its threat level and the number
of possible or known vulnerabilities.
CONT. HOW TO SECURE CLOUD.

 Security Controls: Security controls are countermeasures used to

prevent or respond to security threats and to reduce or avoid risk.
 Security Mechanisms: Countermeasures are typically described in
terms of security mechanisms, which are components comprising a
defensive framework that protects IT resources, information, and
services.
 Security Policies: A security policy establishes a set of security rules
and regulations. Often, security policies will further define how these
rules and regulations are implemented and enforced.
CONT. HOW TO SECURE CLOUD.

 Risk Assessment and Vulnerability Management

Assessing levels of risk and recent vulnerabilities that apply to cloud
services is a continuous process. This helps in designing a simple cloud
service and selecting appropriate security measures to protect it.
Hands-on Experience
Engaging in hands-on labs and real-world scenarios is vital. This practical
approach helps you learn more about cloud environments and how to
deploy servers and applications securely.
 Building a Security-Aware Culture
Changing behavior and building a culture where security empowers the
business to succeed is a long-term goal. This involves making sense of
different cloud-based services, understanding and analyzing risk, and
interacting with cloud environments effectively.
CONT. HOW TO SECURE CLOUD.

 1. Understand the Shared Responsibility Model

Cloud security is a partnership between the service provider and the
customer. Providers like AWS, Azure, and GCP manage the security of the
cloud infrastructure, while customers are responsible for securing their data
and applications within the cloud.
 2. Secure the Perimeter
Implement strong perimeter defenses with firewalls, intrusion detection
systems, and intrusion prevention systems to protect your cloud resources .
 3. Monitor for Misconfigurations
Regularly scan for misconfigurations in your cloud environments, as these can
be exploited by attackers. Use automated tools to detect and rectify
misconfigurations promptly.
CONT. HOW TO SECURE CLOUD.

 4. Use Identity & Access Management (IAM)

Control who has access to your cloud resources with IAM
policies. Implement least privilege access, multi-factor authentication, and
regular audits of permissions.
 5. Enable Security Posture Visibility
Gain visibility into your cloud security posture with tools that provide
insights into your cloud environment’s security state.
 6. Implement Cloud Security Policies
Develop and enforce security policies that dictate how data is handled and
protected in the cloud
CONT. HOW TO SECURE CLOUD.

 7. Secure Your Containers

If you’re using containerized applications, ensure they are securely
configured and isolated from one another.
 8. Perform Vulnerability Assessment and Remediation
Regularly assess your cloud resources for vulnerabilities and apply patches
and updates to mitigate risks.
 9. Implement Zero Trust
Adopt a zero-trust security model where trust is never assumed and
verification is required from everyone trying to access resources in your
cloud environment
CONT. HOW TO SECURE CLOUD.

 11. Use Log Management & Monitoring

Implement comprehensive logging and monitoring to detect and respond to
security incidents quickly.
 12. Conduct Penetration Testing
Regularly test your cloud systems with simulated attacks to identify and fix
security weaknesses.
 13. Encrypt Your Data
Protect your data by encrypting it both in transit and at rest. Use strong
encryption standards and manage your encryption keys securely.
16 advanced cloud security
techniques.
 1. Multi-Factor Authentication (MFA)
MFA adds an additional layer of security by requiring users to provide two or more verification
factors to gain access to cloud resources. This could include something the user knows (like a
password), something the user has (like a smartphone), or something the user is (like a
fingerprint).
 2. Advanced Encryption Techniques
Utilizing advanced encryption methods, such as AES-256 for data at rest and TLS 1.3 for data
in transit, ensures that sensitive data is protected from unauthorized access
 3. Intrusion Detection and Prevention Systems (IDPS)
IDPS are deployed to monitor network and system activities for malicious activities or policy
violations, helping in early detection and prevention of breaches.
 4. Security Audits and Assessments
Regular security audits and assessments are conducted to evaluate the effectiveness of
security measures and identify areas for improvement
CONT.16 advanced cloud security
techniques.
 Network Segmentation
Dividing your network into smaller segments can limit an attacker’s ability to move
laterally within your network and access sensitive information.
 6. Cloud Access Security Brokers (CASBs)
CASBs enforce security policies across multiple cloud services, providing visibility
into cloud application usage and offering data security and threat protection .
 7. Continuous Security Monitoring
Implementing continuous monitoring solutions keeps track of security events and
changes in your cloud environment in real-time.
 8. Secure Software Development Lifecycle (SDLC)
Integrating security practices throughout the SDLC, from initial design to
deployment, ensures that applications are secure by design.
CONT.16 advanced cloud security
techniques.
 9. Compliance Automation
 Automating compliance checks ensures continuous adherence to industry
standards and regulations, reducing the risk of non-compliance and
associated penalties
 10. Threat Intelligence
 Leveraging threat intelligence platforms keeps you informed about
emerging threats and vulnerabilities, allowing for proactive defense
measures.
 11. Endpoint Protection
 Securing all endpoints accessing the cloud with up-to-date antivirus
software, personal firewalls, and other endpoint protection tools is crucial.
CONT.16 advanced cloud security
techniques.
 12. Data Loss Prevention (DLP)
DLP strategies monitor and control data transfer, preventing sensitive data
from leaving the cloud environment without authorization .
 13. API Security
Securing all APIs associated with your cloud services prevents unauthorized
access and data breaches
 14. Identity Governance
Managing user identities and access rights ensures that only authorized
users can access certain data or systems.
CONT.16 advanced cloud security
techniques.
 15. Secure Configuration Management
Maintaining secure configurations for your cloud resources and automating
the enforcement of configuration policies prevents misconfigurations
 16. Advanced Threat Protection
Advanced threat protection tools use machine learning and behavioral
analysis to detect and respond to sophisticated cyber threats
VERIFYING COMPUTATIONS IN CLOUD.

 Verifying computations in cloud computing is a critical aspect of

ensuring the integrity and trustworthiness of outsourced computational
tasks.
 The concept revolves around the ability to confirm that the results
provided by a cloud service are correct, without having to execute the
entire computation. This is particularly important as cloud services are
often provided by third parties, which may not always be completely
reliable.
CONT.VERIFYING COMPUTATIONS IN
CLOUD.
 Computations: In the cloud refer to the processing of data and
execution of applications that take place on remote servers, rather than
on local computers or on-premises servers.
 Cloud computing enables users to access computing resources such as
servers, storage, databases, networking, software, analytics, and
intelligence over the internet (the cloud) to offer faster innovation,
flexible resources, and economies of scale
CONT.VERIFYING COMPUTATIONS IN
CLOUD. Approaches to verifying
computations in cloud computing:
 Proof-Based Verifiable Computation: This method involves the
service provider returning a proof along with the computation
results. The proof is designed to be inexpensive to check, compared to
redoing the computation.
 Replication: This approach assumes that by replicating the
computation across multiple service providers, the likelihood of all
providers returning incorrect results is reduced. However, this assumes
that failures are uncorrelated, which may not always be the case .
 Auditing: Checking a sample of the responses to ensure they are
correct. This method assumes that incorrect outputs, if they occur, are
relatively frequent.
CONT.VERIFYING COMPUTATIONS IN
CLOUD. Approaches to verifying
computations in cloud computing:
 Cryptographically Enforced Verifiable Computing: This involves the
service provider returning not only the computation results but also a
cryptographic proof that can be used to verify the soundness,
completeness, and freshness of the results.
 The verification process in cloud computing is crucial for maintaining
data integrity, especially when the computation is outsourced to
potentially untrusted third parties. It’s a field that’s continuously
evolving with new methods and technologies to ensure that the
computations performed in the cloud can be trusted.
 CLOUD FORENSICS.
 Cloud forensics is a specialized field within digital forensics that focuses on the
investigation of cloud computing environments. It involves applying forensic
techniques to collect, analyze, and interpret digital evidence stored in cloud
platforms.
 Digital Evidence in the Cloud: This includes user data, communication logs, files,
system logs, network traffic, configuration settings, and metadata stored across
various cloud services like IaaS, PaaS, and SaaS.
 Investigative Process: Investigators follow a series of steps such as evidence
identification, acquisition, preservation, analysis, and reporting. They use
specialized tools to handle digital evidence from cloud storage and infrastructure .
 Challenges: Cloud forensics presents unique challenges due to jurisdictional issues,
data privacy concerns, multi-tenancy, dynamic resource allocation, data encryption,
and the lack of direct physical access to hardware.
CONT. CLOUD FORENSICS.