R18 B.Tech.

CSE (Cyber Security) III & IV Year JNTU Hyderabad

CLOUD SECURITY (Professional Elective – VI)

B.Tech. IV Year II Sem. L T P C

3 00 3
Pre-requisites: Computer Networks, Cryptography and Network Security, Cloud Computing.

Course Objectives:
1. To understand the fundamentals concepts of cloud computing.
2. To understand the cloud security and privacy issues.
3. To understand the Threat Model and Cloud Attacks.
4. To understand the Data Security and Storage.
5. To analyze Security Management in the Cloud.

Course Outcome
1. Ability to acquire the knowledge on fundamentals concepts of cloud computing.
2. Able to distinguish the various cloud security and privacy issues.
3. Able to analyze the various threats and Attack tools.
4. Able to understand the Data Security and Storage.
5. Able to analyze the Security Management in the Cloud.

UNIT - I
Overview of Cloud Computing: Introduction, Definitions and Characteristics, Cloud Service
Models, Cloud Deployment Models, Cloud Service Platforms, Challenges Ahead.
Introduction to Cloud Security: Introduction, Cloud Security Concepts, CSA Cloud
Reference Model, NIST Cloud Reference Model, NIST Cloud Reference Model.
Note: Laboratory practice will be imparted with the help of relevant case studies as and when
required.

UNIT - II
Cloud Security and Privacy Issues: Introduction, Cloud Security Goals/Concepts, Cloud
Security Issues, Security Requirements for Privacy, Privacy Issues in Cloud.
Infrastructure Security: The Network Level, the Host Level, the Application Level, SaaS
Application Security, PaaS Application Security, IaaS Application Security.
Note: Laboratory practice will be imparted with the help of relevant case studies as and when
required.

UNIT - III
Threat Model and Cloud Attacks: Introduction, Threat Model- Type of attack entities,
Attack surfaces with attack scenarios, A Taxonomy of Attacks, Attack Tools-Network-level
attack tools, VM-level attack tools, VMM attack tools, Security Tools, VMM security tools.
Note: Laboratory practice will be imparted with the help of relevant case studies as and when
required.

UNIT - IV
Information Security Basic Concepts, an Example of a Security Attack, Cloud Software
Security Requirements, Rising Security Threats. Data Security and Storage: Aspects of
Data Security, Data Security Mitigation, Provider Data and Its Security.
Note: Laboratory practice will be imparted with the help of relevant case studies as and when
required.
R18 B.Tech. CSE (Cyber Security) III & IV Year JNTU Hyderabad

UNIT - V
Evolution of Security Considerations, Security Concerns of Cloud Operating Models,
Identity Authentication, Secure Transmissions, Secure Storage and Computation, Security
Using Encryption Keys, Challenges of Using Standard Security Algorithms, Variations and
Special Cases for Security Issues with Cloud Computing, Side Channel Security Attacks in
the Cloud
R18 B.Tech. CSE (Cyber Security) III & IV Year JNTU Hyderabad

Security Management in the Cloud- Security Management Standards, Availability

Management, Access Control, Security Vulnerability, Patch, and Configuration Management.
Note: Laboratory practice will be imparted with the help of relevant case studies as and when
required.

TEXT BOOKS:
1. Cloud Security Attacks, Techniques, Tools, and Challenges by Preeti Mishra,
Emmanuel S Pilli, Jaipur R C Joshi Graphic Era, 1st Edition published 2022 by CRC
press.
2. Cloud Computing with Security Concepts and Practices Second Edition by Naresh
Kumar Sehgal Pramod Chandra, P. Bhatt John M. Acken,2 nd Edition Springer nature
Switzerland AG 2020.
3. Cloud Security and Privacy by Tim Mather, Subra Kumaraswamy, and Shahed Lati
First Edition, September 2019.

REFERENCE BOOKS:
1. Essentials of Cloud Computing by K. Chandrasekaran Special Indian Edition CRC
press.
2. Cloud Computing Principles and Paradigms by Rajkumar Buyya, John Wiley.
 R18 B.Tech. CSE (Cyber Security) III & IV Year JNTU Hyderabad

UNIT – I

Overview of Cloud Computing: Introduction, Definitions and Characteristics, Cloud Service

Models, Cloud Deployment Models, Cloud Service Platforms, Challenges Ahead.
Introduction to Cloud Security: Introduction, Cloud Security Concepts, CSA Cloud Reference
Model, NIST Cloud Reference Model, NIST Cloud Reference Model.

Overview of Cloud Computing:

Cloud-Computing:

Cloud computing is a technology to store, manage, process, and access the data over the
internet instead of a local server or computer hard drives. Here, the term cloud is taken
from the symbol of the internet users in the flowcharts. The remote servers are used in cloud
computing to store the data that can be accessed from anywhere using the internet.

With the help of cloud computing, an organization can save lots of cost of local data storage,
maintenance of data, etc. The information over the cloud can be accessed by anyone, anywhere,
and anytime, with the help of the internet.

Using cloud computing instead of traditional storage helps users with lots of benefits such as
speed, cost-effectiveness, security, global access, etc.

Cloud computing involves two main concepts:

 Vendors who provide the software apps on the clouds.

 Clients who access the software apps via cloud.

Types of Cloud Services

Cloud computing provides IT services through the internet. These services are placed in
different remote places. The services can be divided into three main categories:

1. Software-as-a-Service (SaaS)
2. Platform-as-a-Service (PaaS)
3. Infrastructure-as-a-Service (IaaS)
 R18 B.Tech. CSE (Cyber Security) III & IV Year JNTU Hyderabad

From the above three services, salesforce provides two services: SAAS and PAAS, to its
users.

SAAS(Salesforce.com)

Software-as-a-Service is a way of providing applications as a service over the internet. SaaS

services can be directly accessed using the internet instead of installing each application on the
local drive or system.

Salesforce.com is the SAAS service provider that provides various online applications for
CRM. There is no need to install any software or server on a local machine; instead we can start
the business on this just by singing-up.

PAAS(Force.com)

Platform-as-a-Service or PaaS is a type of cloud computing service where a service provider

such as Salesforce.com provides a platform to their client to work on. On such platforms, the
users or clients can run, develop, test, or manage any business applications without any IT
infrastructure.

It lies between the SaaS and IaaS services, and provides a building block by which we can
create our solutions.

Google App Engine is one of the great examples of PaaS services. Currently, it provides online
Python and Java Runtime platforms to develop web applications without any need for
complicated software & hardware.

Force.com platform also offers PaaS services. It uses its language proprietary.
 R18 B.Tech. CSE (Cyber Security) III & IV Year JNTU Hyderabad

Infrastructure-as-a-Service (IaaS)

IaaS is a type of cloud-computing service that offers the rental computing infrastructures. The
cloud provider provides various infrastructure services such as servers, virtual machines,
network storage, etc.

The services can be scaled up and down as per the client requirements.

Benefits of Cloud-computing

1. Cost-Effective: The cloud computing platform is much cost-effective, as there is no

requirement to save data on local drives or any hardware setup.
2. 24*7 Availability: One of the most significant advantages of cloud computing is that
the data or any service available in the cloud can be accessed any time from anywhere.
3. High-Security: The data stored in the hard drives may be lost, and if the data is highly
confidential, it can highly affect any organization. But with the cloud platforms, the data
is highly secured in the clouds, so the risk of the data lost is reduced with cloud
computing.
4. Easy Access: Cloud applications can be accessed from anywhere and anytime.
5. Fast Implementation: To implement any new application, it may take a long time. But
with cloud applications, this time can be reduced a lot. With most cloud applications, we
just need to sign-up, and we can start working on it.
6. Instant Scalability: Cloud-based applications enable the organization to easily increase
or decrease user's numbers as per the requirement. Hence, we don't need to think about
the availability or running out of capacity.
7. Automated updates: Any application can take up to many days to upgrade, maintain,
or test the application. But with cloud applications, such things are not necessary
because the cloud application has the automated update software that can be updated
automatically.
8. Collaboration: Cloud-computing enhances collaboration. It means that various groups
of an organization can connect virtually and share useful information and data on the
cloud-platforms. It improves the customer services and product development process in
any organization.

Cloud Deployment Models:

In cloud computing, we have access to a shared pool of computer resources (servers, storage,
programs, and so on) in the cloud. You simply need to request additional resources when you
require them. Getting resources up and running quickly is a breeze thanks to the clouds. It is
possible to release resources that are no longer necessary. This method allows you to just pay
for what you use. Your cloud provider is in charge of all upkeep.

What is a Cloud Deployment Model?

Cloud Deployment Model functions as a virtual computing environment with a deployment

architecture that varies depending on the amount of data you want to store and who has access
to the infrastructure.

Types of Cloud Computing Deployment Models

The cloud deployment model identifies the specific type of cloud environment based on
ownership, scale, and access, as well as the cloud’s nature and purpose. The location of the
 R18 B.Tech. CSE (Cyber Security) III & IV Year JNTU Hyderabad

servers you’re utilizing and who controls them are defined by a cloud deployment model. It
specifies how your cloud infrastructure will look, what you can change, and whether you will
be given services or will have to create everything yourself. Relationships between the
infrastructure and your users are also defined by cloud deployment types. Different types of
cloud computing deployment models are described below.

 Public Cloud
 Private Cloud
 Hybrid Cloud
 Community Cloud
 Multi-Cloud

Public Cloud

The public cloud makes it possible for anybody to access systems and services. The public
cloud may be less secure as it is open to everyone. The public cloud is one in which cloud
infrastructure services are provided over the internet to the general people or major industry
groups. The infrastructure in this cloud model is owned by the entity that delivers the cloud
services, not by the consumer. It is a type of cloud hosting that allows customers and users to
easily access systems and services. This form of cloud computing is an excellent example of
cloud hosting, in which service providers supply services to a variety of customers. In this
arrangement, storage backup and retrieval services are given for free, as a subscription, or on a
per-user basis. For example, Google App Engine etc.

Public Cloud

Advantages of the Public Cloud Model

 Minimal Investment: Because it is a pay-per-use service, there is no substantial upfront

fee, making it excellent for enterprises that require immediate access to resources.
 No setup cost: The entire infrastructure is fully subsidized by the cloud service
providers, thus there is no need to set up any hardware.
 Infrastructure Management is not required: Using the public cloud does not
necessitate infrastructure management.
 No maintenance: The maintenance work is done by the service provider (not users).
 Dynamic Scalability: To fulfill your company’s needs, on-demand resources are
accessible.
 R18 B.Tech. CSE (Cyber Security) III & IV Year JNTU Hyderabad

Disadvantages of the Public Cloud Model

 Less secure: Public cloud is less secure as resources are public so there is no guarantee
of high-level security.
 Low customization: It is accessed by many public so it can’t be customized according
to personal requirements.

Private Cloud

The private cloud deployment model is the exact opposite of the public cloud deployment
model. It’s a one-on-one environment for a single user (customer). There is no need to share
your hardware with anyone else. The distinction between private and public clouds is in how
you handle all of the hardware. It is also called the “internal cloud” & it refers to the ability to
access systems and services within a given border or organization. The cloud platform is
implemented in a cloud-based secure environment that is protected by powerful firewalls and
under the supervision of an organization’s IT department. The private cloud gives greater
flexibility of control over cloud resources.

Private Cloud

Advantages of the Private Cloud Model

 Better Control: You are the sole owner of the property. You gain complete command
over service integration, IT operations, policies, and user behavior.
 Data Security and Privacy: It’s suitable for storing corporate information to which
only authorized staff have access. By segmenting resources within the same
infrastructure, improved access and security can be achieved.
 Supports Legacy Systems: This approach is designed to work with legacy systems that
are unable to access the public cloud.
 Customization: Unlike a public cloud deployment, a private cloud allows a company to
tailor its solution to meet its specific needs.

Disadvantages of the Private Cloud Model

 Less scalable: Private clouds are scaled within a certain range as there is less number of
clients.
 Costly: Private clouds are more costly as they provide personalized facilities.

Hybrid Cloud

By bridging the public and private worlds with a layer of proprietary software, hybrid cloud
computing gives the best of both worlds. With a hybrid solution, you may host the app in a safe
 R18 B.Tech. CSE (Cyber Security) III & IV Year JNTU Hyderabad

environment while taking advantage of the public cloud’s cost savings. Organizations can move
data and applications between different clouds using a combination of two or more cloud
deployment methods, depending on their needs.

Hybrid Cloud

Advantages of the Hybrid Cloud Model

 Flexibility and control: Businesses with more flexibility can design personalized
solutions that meet their particular needs.
 Cost: Because public clouds provide scalability, you’ll only be responsible for paying
for the extra capacity if you require it.
 Security: Because data is properly separated, the chances of data theft by attackers are
considerably reduced.

Disadvantages of the Hybrid Cloud Model

 Difficult to manage: Hybrid clouds are difficult to manage as it is a combination of

both public and private cloud. So, it is complex.
 Slow data transmission: Data transmission in the hybrid cloud takes place through the
public cloud so latency occurs.

Community Cloud

It allows systems and services to be accessible by a group of organizations. It is a distributed

system that is created by integrating the services of different clouds to address the specific
needs of a community, industry, or business. The infrastructure of the community could be
shared between the organization which has shared concerns or tasks. It is generally managed by
a third party or by the combination of one or more organizations in the community.

Community Cloud
 R18 B.Tech. CSE (Cyber Security) III & IV Year JNTU Hyderabad

Advantages of the Community Cloud Model

 Cost Effective: It is cost-effective because the cloud is shared by multiple organizations

or communities.
 Security: Community cloud provides better security.
 Shared resources: It allows you to share resources, infrastructure, etc. with multiple
organizations.
 Collaboration and data sharing: It is suitable for both collaboration and data sharing.

Disadvantages of the Community Cloud Model

 Limited Scalability: Community cloud is relatively less scalable as many organizations

share the same resources according to their collaborative interests.
 Rigid in customization: As the data and resources are shared among different
organizations according to their mutual interests if an organization wants some changes
according to their needs they cannot do so because it will have an impact on other
organizations.

Multi-Cloud

We’re talking about employing multiple cloud providers at the same time under this paradigm,
as the name implies. It’s similar to the hybrid cloud deployment approach, which combines
public and private cloud resources. Instead of merging private and public clouds, multi-cloud
uses many public clouds. Although public cloud providers provide numerous tools to improve
the reliability of their services, mishaps still occur. It’s quite rare that two distinct clouds would
have an incident at the same moment. As a result, multi-cloud deployment improves the high
availability of your services even more.

Multi-Cloud

Advantages of the Multi-Cloud Model

 You can mix and match the best features of each cloud provider’s services to suit the
demands of your apps, workloads, and business by choosing different cloud providers.
 Reduced Latency: To reduce latency and improve user experience, you can choose
cloud regions and zones that are close to your clients.
 High availability of service: It’s quite rare that two distinct clouds would have an
incident at the same moment. So, the multi-cloud deployment improves the high
availability of your services.
 R18 B.Tech. CSE (Cyber Security) III & IV Year JNTU Hyderabad

Disadvantages of the Multi-Cloud Model

 Complex: The combination of many clouds makes the system complex and bottlenecks
may occur.
 Security issue: Due to the complex structure, there may be loopholes to which a hacker
can take advantage hence, makes the data insecure.

What is the Right Choice for Cloud Deployment Model?

As of now, no such approach fits picking a cloud deployment model. We will always consider
the best cloud deployment model as per our requirements. Here are some factors which should
be considered before choosing the best deployment model.

 Cost: Cost is an important factor for the cloud deployment model as it tells how much
amount you want to pay for these things.
 Scalability: Scalability tells about the current activity status and how much we can scale
it.
 Easy to use: It tells how much your resources are trained and how easily can you
manage these models.
 Compliance: Compliance tells about the laws and regulations which impact the
implementation of the model.
 Privacy: Privacy tells about what data you gather for the model.

Each model has some advantages and some disadvantages, and the selection of the best is only
done on the basis of your requirement. If your requirement changes, you can switch to any other
model.

Overall Analysis of Cloud Deployment Models

The overall Analysis of these models with respect to different factors is described below.

Factors Public Cloud Private Cloud Community Cloud Hybrid Cloud

Complex, requires a Complex, requires a Complex, requires a
Initial Setup Easy professional team professional team to professional team
to setup setup to setup
Scalability and
High High Fixed High
Flexibility
Cost- Distributed cost Between public and
Cost-Effective Costly
Comparison among members private cloud
Reliability Low Low High High
Data Security Low High High High
Data Privacy Low High High High
 R18 B.Tech. CSE (Cyber Security) III & IV Year JNTU Hyderabad

Cloud Computing Platform:

The operating system and hardware of a server in an Internet-based data center are referred to
as a cloud platform. It enables remote and large-scale coexistence of software and hardware
devices.

The distribution of various services through the Internet is what a cloud computing platform is.
This is a common definition of a cloud computing platform. These resources include data
storage, servers, databases, networking, and software, among other tools and applications.

Types of Cloud Platforms

Cloud platforms come in a variety of shapes and sizes. None of them are suitable for everyone.
To accommodate the different demands of consumers, a variety of models, varieties, and
services are offered. They are as follows:

Public Cloud:

Third-party companies that supply computing resources via the Internet are known as public
cloud platforms. A public cloud is a virtualized environment that extends a company's IT
infrastructure by allowing it to host some components of its infrastructure and services on
virtual servers that are hosted offsite and owned by a third party.

Different capabilities distinguish public cloud service providers, and they provide a
diverse range of services and pricing strategies. Amazon Web Services (AWS), Google
Cloud Platform, Alibaba, Microsoft Azure, and IBM Bluemix are just a few examples.

Private Cloud:

A private cloud platform is dedicated to a single company. It's commonly hosted by a

third-party service provider or in an on-site data centre. A private cloud is a single-tenant
environment, which means that the tenant does not share resources with other users.
Those resources can be handled and hosted in a number of ways.

The private cloud might be built on existing resources and equipment in an organization's
on-premises data centre or on new, distinct infrastructure offered by a third-party
provider.

Hybrid Cloud:

This is a hybrid cloud platform that combines public and private cloud systems. Data and
apps are smoothly transferred from one to the other. The main advantage of a hybrid
cloud is its flexibility.

A basic element of a digital business is the necessity to adapt and shift course fast. To
acquire the agility it requires for a competitive edge, your company may desire (or need)
to integrate public clouds, private clouds, and on-premises resources.
R18 B.Tech. CSE (Cyber Security) III & IV Year JNTU Hyderabad

List of Cloud Computing Platforms

1. Microsoft Azure

Azure has long been regarded as one of the greatest cloud services platforms accessible,
given to Microsoft's extensive suite of services. The extensive list of offered services is
sufficient to meet the demands of any company in any sector.

You may operate services on the cloud or mix them with any of your current
infrastructures using Azure. Microsoft Azure was first published in 2010, and it has since
shown to be a reliable solution for businesses trying to digitally change.

2. Amazon Web Services

Amazon Online Services (AWS) is a popular cloud computing platform for developing
interactive web applications for your company. Elastic Cloud Compute (EC2), Elastic
Beanstalk, Simple Storage Service (S3), and Relational Database Service are just a few of
the IaaS and PaaS options available (RDS).

AWS' architecture is extremely adaptable, allowing you to save expenses by just using
the services you want.

3. Google Cloud

Google Cloud is a dependable, user-friendly, and secure cloud computing solution from
one of the world's most powerful IT companies.

Although Google Cloud's service offering isn't as extensive as Azure's, it's still sufficient
to meet all of your IaaS and PaaS requirements. Its headlines include user-friendliness
and security.

Your first 12 months of service are also free, much like Azure. In addition, Google boasts
that its services are less expensive and more budget-friendly than others.

4. IBM Cloud

IBM Cloud is another cloud computing platform that focuses on IaaS (Infrastructure as a
Service), SaaS (Software as a Service), and PaaS (Platform as a Service).

It's one of the more cost-effective pricing plans on the market, and it's totally
configurable, so you may save even more money. Using their APIs, creating an account
is a breeze.

5. Cloud Linux

CloudLinux is the way to go if you wish to construct your own IT infrastructure rather
than depending on a third-party service. It's not just another cloud provider; it's a cloud
platform for setting up your own infrastructure. It is a Linux-based operating system, as
indicated by its name.

Working with CloudLinux comes with a lot of obstacles, but it also comes with a lot of
benefits and advantages, such as total control, flexibility, security, and deep
customization.
 R18 B.Tech. CSE (Cyber Security) III & IV Year JNTU Hyderabad

Hadoop

Apache Hadoop is a free and open source framework for processing massive amounts of data
on commodity hardware. Hadoop is a Google-developed implementation of MapReduce, an
application programming model. This paradigm includes two basic data processing operations:
map and reduce.

Yahoo! is the Apache Hadoop project's sponsor, and it has invested a lot of work into
making it an enterprise-ready cloud computing platform for data processing.

Hadoop is a key component of the Yahoo! Cloud architecture, supporting a variety of

corporate business activities.

Yahoo! now manages the largest Hadoop cluster in the world, which is also open to
academic institutions.

Force.com and Salesforce.com

Force.com is a cloud computing platform that allows users to create social enterprise
apps. SalesForce.com, a Software-as-a-Service solution for customer relationship
management, is built on the platform.

Force.com enables the creation of applications by assembling ready-to-use blocks: a

comprehensive collection of components covering all aspects of an organization's
operations is accessible.

Force.com assists with everything from data layout design to business rule creation and
user interface design. This platform is entirely hosted in the cloud, and it allows full
access to all of its features, as well as those incorporated in the hosted apps, using Web
services technologies.

In the end, choosing the best public cloud provider is becoming a more sophisticated
conversation that goes beyond size. The leading cloud computing firms are catering to a sizable
and expanding market. As a result, they provide a wide range of cloud-related goods and
services, such as infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), and software-
as-a-service (SaaS).

Cloud Computing Challenges:

1. Data Security and Privacy

Data security is a major concern when switching to cloud computing. User or organizational
data stored in the cloud is critical and private. Even if the cloud service provider assures data
integrity, it is your responsibility to carry out user authentication and authorization, identity
management, data encryption, and access control. Security issues on the cloud include identity
theft, data breaches, malware infections, and a lot more which eventually decrease the trust
amongst the users of your applications. This can in turn lead to potential loss in revenue
alongside reputation and stature. Also, dealing with cloud computing requires sending and
receiving huge amounts of data at high speed, and therefore is susceptible to data leaks.

2. Cost Management

Even as almost all cloud service providers have a “Pay As You Go” model, which reduces the
overall cost of the resources being used, there are times when there are huge costs incurred to
 R18 B.Tech. CSE (Cyber Security) III & IV Year JNTU Hyderabad

the enterprise using cloud computing. When there is under optimization of the resources, let’s
say that the servers are not being used to their full potential, add up to the hidden costs. If there
is a degraded application performance or sudden spikes or overages in the usage, it adds up to
the overall cost. Unused resources are one of the other main reasons why the costs go up. If you
turn on the services or an instance of cloud and forget to turn it off during the weekend or when
there is no current use of it, it will increase the cost without even using the resources.

3. Multi-Cloud Environments

Due to an increase in the options available to the companies, enterprises not only use a single
cloud but depend on multiple cloud service providers. Most of these companies use hybrid
cloud tactics and close to 84% are dependent on multiple clouds. This often ends up being
hindered and difficult to manage for the infrastructure team. The process most of the time ends
up being highly complex for the IT team due to the differences between multiple cloud
providers.

4. Performance Challenges

Performance is an important factor while considering cloud-based solutions. If the performance

of the cloud is not satisfactory, it can drive away users and decrease profits. Even a little latency
while loading an app or a web page can result in a huge drop in the percentage of users. This
latency can be a product of inefficient load balancing, which means that the server cannot
efficiently split the incoming traffic so as to provide the best user experience. Challenges also
arise in the case of fault tolerance, which means the operations continue as required even when
one or more of the components fail.

5. Interoperability and Flexibility

When an organization uses a specific cloud service provider and wants to switch to another
cloud-based solution, it often turns up to be a tedious procedure since applications written for
one cloud with the application stack are required to be re-written for the other cloud. There is a
lack of flexibility from switching from one cloud to another due to the complexities involved.
Handling data movement, setting up the security from scratch and network also add up to the
issues encountered when changing cloud solutions, thereby reducing flexibility.

6. High Dependence on Network

Since cloud computing deals with provisioning resources in real-time, it deals with enormous
amounts of data transfer to and from the servers. This is only made possible due to the
availability of the high-speed network. Although these data and resources are exchanged over
the network, this can prove to be highly vulnerable in case of limited bandwidth or cases when
there is a sudden outage. Even when the enterprises can cut their hardware costs, they need to
ensure that the internet bandwidth is high as well there are zero network outages, or else it can
result in a potential business loss. It is therefore a major challenge for smaller enterprises that
have to maintain network bandwidth that comes with a high cost.

7. Lack of Knowledge and Expertise

Due to the complex nature and the high demand for research working with the cloud often ends
up being a highly tedious task. It requires immense knowledge and wide expertise on the
subject. Although there are a lot of professionals in the field they need to constantly update
themselves. Cloud computing is a highly paid job due to the extensive gap between demand and
supply. There are a lot of vacancies but very few talented cloud engineers, developers, and
professionals. Therefore, there is a need for up skilling so these professionals can actively
 R18 B.Tech. CSE (Cyber Security) III & IV Year JNTU Hyderabad

understand, manage and develop cloud-based applications with minimum issues and maximum
reliability.

Introduction to Cloud Security:

Cloud security is the set of control-based security measures and technology protection,
designed to protect online stored resources from leakage, theft, and data loss. Protection
includes data from cloud infrastructure, applications, and threats. Security applications uses
a software the same as SaaS (Software as a Service) model.

How to manage security in the cloud?

Cloud service providers have many methods to protect the data.

Firewall is the central part of cloud architecture. The firewall protects the network and the
perimeter of end-users. It also protects traffic between various apps stored in the cloud.

Access control protects data by allowing us to set access lists for various assets. For example,
you can allow the application of specific employees while restricting others. It's a rule that
employees can access the equipment that they required. We can keep essential documents
which are stolen from malicious insiders or hackers to maintaining strict access control.

Data protection methods include Virtual Private Networks (VPN), encryption, or masking. It
allows remote employees to connect the network. VPNaccommodates the tablets and
smartphone for remote access. Data masking maintains the data's integrity by keeping
identifiable information private. A medical company share data with data masking without
violating the HIPAA laws.

For example, we are putting intelligence information at risk in order of the importance of
security. It helps to protect mission-critical assets from threats. Disaster recovery is vital for
security because it helps to recover lost or stolen data.

Benefits of Cloud Security System

We understand how the cloud computing security operates to find ways to benefit your
business.

Cloud-based security systems benefit the business by:

 Protecting the Business from Dangers

 Protect against internal threats
 Preventing data loss
 Top threats to the system include Malware, Ransomware, and
 Break the Malware and Ransomware attacks
 Malware poses a severe threat to the businesses.

More than 90% of malware comes via email. It is often reassuring that employee's download
malware without analysingit. Malicious software installs itself on the network to steal files or
damage the content once it is downloaded.

Ransomware is a malware that hijacks system's data and asks for a financial ransom.
Companies are reluctant to give ransom because they want their data back.Data redundancy
provides the option to pay a ransom for your data. You can get that was stolen with minimal
service interruption.
 R18 B.Tech. CSE (Cyber Security) III & IV Year JNTU Hyderabad

Many cloud data protection solutions identify malware and ransomware. Firewalls keep
malicious email out of the inbox.

DDoS Security

Distributed Denial of Service (DDoS)is flooded with requests. Website slows down the
downloading until it crashes to handle the number of requests.

DDoS attacks come with many serious side effects. Most of the companies suffering from
DDoS attacks lose $ 10,000 to $ 100,000. Many businesses damage reputation when customers
lose confidence in the brand. If confidential customer data is lost through any DDoS attack, we
may face challenges.

The severity of these side effects, some companies shut down after the DDoS attacks. It is to be
noted that the last DDoS attack lasted for 12 days.

Cloud security service monitors the cloud to identify and prevent attacks. The cloud service
providers protectthe cloud service users in real time.

Threat to detect

Cloud computing detects advanced threats by using endpoint scanning for threats at the device
level.

Difference between Cloud Security and Traditional IT Security

Cloud security Traditional IT Security

Quick scalable Slow scaling
Efficient resource utilization Lower efficiency
Usage-based cost Higher cost
Third-party data centres In-house data centres
Reduced time to market Longer time to market
Low upfront infrastructure High Upfronts costs
Top 7 Advanced Cloud Security Challenges

It becomes more challenging when adopting modern cloud approaches Like: automated cloud
integration, and continuous deployment (CI/CD) methods, distributed serverless architecture,
and short-term assets for tasks such as a service and container.

Some of the advanced cloud-native security challenge and many layers of risk faced by today's
cloud-oriented organizations are below:

1. Enlarged Surface

Public cloud environments have become a large and highly attractive surface for hackers and
disrupt workloads and data in the cloud. Malware, zero-day, account acquisition and many
malicious threats have become day-to-day more dangerous.

2. Lack of visibility and tracking

Cloud providers have complete control over the infrastructure layer and cannot expose it to
their customers in the IaaS model. The lack of visibility and control is further enhanced in the
 R18 B.Tech. CSE (Cyber Security) III & IV Year JNTU Hyderabad

SaaS cloud models. Cloud customers are often unable to identify their cloud assets or visualize
their cloud environments effectively.

3. Ever-changing workload

Cloud assets are dynamically demoted at scale and velocity. Traditional security tools
implement protection policies in a flexible and dynamic environment with an ever-changing
and short-term workload.

4. DevOps, DevSecOps and Automation

Organizations are adopting an automated DevOps CI/CD culture that ensures the appropriate
security controls are identified and embeddedin the development cycle in code and templates.
Security-related changes implemented after the workload is deployed to production can weaken
the organization's security posture and lengthen the time to market.

5. Granular privileges and critical management

At the application level, configured keys and privileges expose the session to security risks.
Often cloud user roles are loosely configured, providing broad privileges beyond
therequirement. An example is allowing untrained users or users to delete or write databases
with no business to delete or add database assets.

6. Complex environment

These days the methods and tools work seamlessly on public cloud providers, private cloud
providers, and on-premises manage persistent security in hybrid and multi-cloud environments-
it including geographic Branch office edge security for formally distributed organizations.

7. Cloud Compliance and Governance

All the leading cloud providers have known themselves best, such as PCI 3.2, NIST 800-53,
HIPAA and GDPR.

It gives the poor visibility and dynamics of cloud environments. The compliance audit process
becomes close to mission impossible unless the devices are used to receive compliance checks
and issue real-time alerts.

Cloud Computing Security Architecture

Security in cloud computing is a major concern. Proxy and brokerage services should be
employed to restrict a client from accessing the shared data directly. Data in the cloud should be
stored in encrypted form.

Security Planning

Before deploying a particular resource to the cloud, one should need to analyze several aspects
of the resource, such as:

 A select resource needs to move to the cloud and analyze its sensitivity to risk.
 Consider cloud service models such as IaaS, PaaS,and These models require the
customer to be responsible for Security at different service levels.
 Consider the cloud type, such as public, private, community, or
 R18 B.Tech. CSE (Cyber Security) III & IV Year JNTU Hyderabad

 Understand the cloud service provider's system regarding data storage and its transfer
into and out of the cloud.
 The risk in cloud deployment mainly depends upon the service models and cloud types.

Understanding Security of Cloud

Security Boundaries

The Cloud Security Alliance (CSA) stack model defines the boundaries between each service
model and shows how different functional units relate. A particular service model defines the
boundary between the service provider's responsibilities and the customer. The following
diagram shows the CSA stack model:

Key Points to CSA Model

 IaaS is the most basic level of service, with PaaS and SaaS next two above levels of
services.
 Moving upwards, each service inherits the capabilities and security concerns of the
model beneath.
 IaaS provides the infrastructure, PaaS provides the platform development environment,
and SaaS provides the operating environment.
 IaaS has the lowest integrated functionality and security level, while SaaS has the
highest.
 This model describes the security boundaries at which cloud service providers'
responsibilities end and customers' responsibilities begin.
 Any protection mechanism below the security limit must be built into the system and
maintained by the customer.

Although each service model has a security mechanism, security requirements also depend on
where these services are located, private, public, hybrid, or community cloud.

Understanding data security

Since all data is transferred using the Internet, data security in the cloud is a major concern.
Here are the key mechanisms to protect the data.

 access control
 audit trail
 certification
 authority
 R18 B.Tech. CSE (Cyber Security) III & IV Year JNTU Hyderabad

The service model should include security mechanisms working in all of the above areas.

Separate access to data

Since the data stored in the cloud can be accessed from anywhere, we need to have a
mechanism to isolate the data and protect it from the client's direct access.

Broker cloud storage is a way of separating storage in the Access Cloud. In this approach, two
services are created:

1. A broker has full access to the storage but does not have access to the client.
2. A proxy does not have access to storage but has access to both the client and the broker.
3. Working on a Brocade cloud storage access system
4. When the client issues a request to access data:
5. The client data request goes to the external service interface of the proxy.
6. The proxy forwards the request to the broker.
7. The broker requests the data from the cloud storage system.
8. The cloud storage system returns the data to the broker.
9. The broker returns the data to the proxy.
10. Finally, the proxy sends the data to the client.

All the above steps are shown in the following diagram:

Encoding

Encryption helps to protect the data from being hacked. It protects the data being transferred
and the data stored in the cloud. Although encryption helps protect data from unauthorized
access, it does not prevent data loss.

Why is cloud security architecture important?

The difference between "cloud security" and "cloud security architecture" is that the former is
built from problem-specific measures while the latter is built from threats. A cloud security
architecture can reduce or eliminate the holes in Security that point-of-solution approaches are
almost certainly about to leave.
 R18 B.Tech. CSE (Cyber Security) III & IV Year JNTU Hyderabad

It does this by building down - defining threats starting with the users, moving to the cloud
environment and service provider, and then to the applications. Cloud security architectures can
also reduce redundancy in security measures, which will contribute to threat mitigation and
increase both capital and operating costs.

The cloud security architecture also organizes security measures, making them more consistent
and easier to implement, particularly during cloud deployments and redeployments. Security is
often destroyed because it is illogical or complex, and these flaws can be identified with the
proper cloud security architecture.

Elements of cloud security architecture

The best way to approach cloud security architecture is to start with a description of the goals.
The architecture has to address three things: an attack surface represented by external access
interfaces, a protected asset set that represents the information being protected, and vectors
designed to perform indirect attacks anywhere, including in the cloud and attacks the system.

The goal of the cloud security architecture is accomplished through a series of functional
elements. These elements are often considered separately rather than part of a coordinated
architectural plan. It includes access security or access control, network security, application
security, contractual Security, and monitoring, sometimes called service security. Finally, there
is data protection, which are measures implemented at the protected-asset level.

A complete cloud security architecture addresses the goals by unifying the functional elements.

Cloud security architecture and shared responsibility model

The security and security architectures for the cloud are not single-player processes. Most
enterprises will keep a large portion of their IT workflow within their data centers, local
networks, and VPNs. The cloud adds additional players, so the cloud security architecture
should be part of a broader shared responsibility model.

A shared responsibility model is an architecture diagram and a contract form. It exists formally
between a cloud user and each cloud provider and network service provider if they are
contracted separately.

Each will divide the components of a cloud application into layers, with the top layer being the
responsibility of the customer and the lower layer being the responsibility of the cloud provider.
Each separate function or component of the application is mapped to the appropriate layer
depending on who provides it. The contract form then describes how each party responds.

CSA Cloud Reference Model:

The Cloud Security Alliance (CSA) is a non-profit organization whose mission is to "promote
the use of best practices for providing security assurance within Cloud Computing, and provide
education on the uses of Cloud Computing to help secure all other forms of computing."

The CSA’s Security, Trust & Assurance Registry Program (CSA STAR) is designed to help
customers assess a Cloud Service Provider (CSP) through a three-step program of self-
assessment, third-party audit, and continuous monitoring.
 R18 B.Tech. CSE (Cyber Security) III & IV Year JNTU Hyderabad

STAR provides three levels of assurance:

 Level 1: Self-Assessment based on Cloud Controls Matrix (CCM) or Common

Assessment Initiative Questionnaire (CAIQ)
 Level 2: Independent third-party certifications such as CSA STAR Certification and
CSA STAR Attestation
 Level 3: Certifications based on continuous monitoring

As part of the CSA STAR Self-Assessment, CSPs can submit two different types of reports to
indicate their compliance with CSA best practices: a completed CAIQ, or a report documenting
compliance with CCM.

NIST Cloud Reference Model:

Describe in detail the NIST reference architecture of Cloud Computing. Answer: An overview
of the NIST Reference Architecture describes the five key actors along with their roles and
responsibilities using the new developing cloud computing taxonomy. The NIST Cloud
Computing Reference Architecture defines five key actors—cloud consumers, cloud providers,
cloud Auditor, Cloud Broker and Cloud Carrier. These prominent individuals have a major role
to play in the realm of cloud computing. Each actor is an entity (a person or an organization)
that participates in a transaction or process and/or performs a function in cloud computing.

Cloud Consumer:

The cloud consumer is the ultimate stakeholder that the cloud computing service is designed to
support. Cloud consumer represents an individual or organization that has a business
relationship and the cloud consumer receives a service catalog from the cloud provider, requests
the appropriate service, sets up a service contract with the cloud provider and uses the service.
Is. The cloud subscriber may be billed for the provisioned services and payment needs to be
arranged accordingly. Depending on the services requested, activities and usage scenarios may
differ among cloud consumers.

Cloud Provider:

A cloud provider may be an individual, an organization, or an entity responsible for providing a

service to cloud consumers. The cloud provider builds the requested software platform
infrastructure services, manages the technology infrastructure required to provide the services,
provisions the services at the service level, and protects the security and privacy of the
services. Major Activities, Cloud providers perform various functions for the provision of
different service models. The cloud provider for SaaS deploys, configures, maintains, and
updates the operation of software applications on the cloud infrastructure so that services can be
provisioned at the service levels required by cloud consumers. The provider of SaaS assumes
most of the responsibilities in managing and controlling the applications and infrastructure,
while cloud consumers have limited administrative control of the applications. For PaaS, the
cloud provider manages the cloud infrastructure for the platform and provisions the tools and
execution resources for application development and deployment to platform consumers.
Consumers have control over applications and possibly hosting environment settings but cannot
access the underlying infrastructure on the platform, including networks, servers, operating
systems, or storage. For LaaS, the cloud provider provisions the physical processing, storage,
networking, and other core computing resources, as well as manages the hosting environment
and cloud infrastructure for JaaS consumers. Cloud consumers deploy and run applications,
have greater control over, but do not manage or control, the hosting environment and operating
system.
 R18 B.Tech. CSE (Cyber Security) III & IV Year JNTU Hyderabad

Cloud Auditor:

A cloud auditor is a party that can independently evaluate cloud services, information system
operations, performance, and security of a cloud computing implementation. The cloud auditor
may evaluate the services provided by the cloud provider for security controls, privacy impact,
performance, and compliance with the parameters of the service contract agreement. Security
controls are the management, operational, and technical safeguards or safeguards employed
within an organizational information system to protect the confidentiality, integrity, and
availability of the system and its information. For security auditing, a cloud auditor may assess
security controls in an information system to determine whether the controls are properly
implemented, operated as intended and in relation to the security requirements for the system.
produce results. Security auditing should include verification of compliance with regulation and
security policy.

Cloud Broker:

The NIST reference architecture defines a cloud broker as an entity that manages the use,
performance, and delivery of cloud services and negotiates relationships between cloud
providers and cloud consumers. As cloud computing evolves, the integration of cloud services
may become too complex for cloud consumers to manage. In such cases, the cloud consumer
can request cloud services from the cloud broker instead of contacting the cloud provider
directly. Cloud brokers provide a single point of entry for managing multiple cloud services.
The key defining feature that differentiates a cloud broker from a cloud service provider is the
ability to provide a single consistent interface to many different providers, whether that
interface is for business or technical purposes. In general, cloud brokers provide services in
three categories-

1. Intermediation The cloud broker provides a benefit by improving some specific capability
and providing value-added services to cloud consumers. Suchar can manage access to cloud
services, identity management, performance reporting, enhanced security and more.

2. Aggregation-Cloud broker combines and integrates multiple services into one or more new
services. The broker provides data and service integration and ensures secure data movement
between cloud consumers.

3. Arbitrage-Arbitrage is similar to service aggregation except that the services to be

aggregated are not fixed. Service intermediation means that the broker has the facility to choose
services from multiple service providers.

One Cloud broker services can provide-

1. Trade and Relationship Support Services (Trade Intermediation)

2. Technical assistance services (aggregation, arbitration and technical mediation), with a

significant focus on handling interoperability cases between multiple providers.

Cloud Carrier:

A cloud carrier acts as an intermediary that provides connectivity and transport of cloud
services between cloud consumers and cloud providers. Cloud carriers provide consumers with
access through networks, telecommunications, and other access devices. For example, cloud
consumers can receive cloud services through network express devices, such as computers,
laptops, mobile phones, mobile Internet devices (MIDs), etc. Delivery of cloud services is
normally provided by networks and communications carriers or transport agents, where a
 R18 B.Tech. CSE (Cyber Security) III & IV Year JNTU Hyderabad

transport agent refers to a commercial organization that provides physical transportation of

storage media such as high-capacity hard drives. Note that the cloud provider will establish a
tiered service (SLA) with the cloud carrier to provide services consistent with the two outgoing
SLAs for cloud consumers and the cloud provider.