Cloud Computing

UNIT 4: CLOUD SECURITY

¤ Cloud Security
Cloud security refers to the cybersecurity policies, best practices, controls, and technologies
used to secure applications, data, and infrastructure in cloud environments. In particular, cloud
security works to provide storage and network protection against internal and external threats,
access management, data governance and compliance, and disaster recovery.
Cloud security is the set of cybersecurity measures used to protect cloud-based applications,
data, and infrastructure. This includes applying security policies, practices, controls, and other
technologies like identity and access management and data loss prevention tools to help secure
cloud environments against unauthorized access, online attacks, and insider threats.
Benefits of cloud security

Although cloud security has often been framed as a barrier to cloud adoption, the reality is
that cloud is no more or less secure than on-premises security. Cloud computing security
offers many advantages for businesses that can improve your overall security posture.

The top cloud providers have the secure-by-design infrastructure and layered security built
directly into the platform and its services, including everything from zero-trust network
architecture to identity and access management to multi-factor authentication, encryption,
and continuous logging and monitoring. Plus, the cloud helps you to automate and manage
security at an enormous scale. Other common cloud security benefits include:
1. Greater visibility
Only an integrated cloud-based security stack is capable of providing the centralized
visibility of cloud resources and data that is vital for defending against breaches and other
potential threats. Cloud security can provide the tools, technologies, and processes to log,
monitor, and analyze events to understand exactly what’s happening in your cloud
environments.
2. Centralized security
Cloud security allows you to consolidate the protection of cloud-based networks for
streamlined, continuous monitoring and analysis of numerous devices, endpoints, and
systems. It also enables you to centrally manage software updates and policies from one place
and even implement and action disaster recovery plans.
3. Reduced costs
With cloud security, you don’t have to pay for dedicated hardware to upgrade your security
or use valuable resources to handle security updates and configurations. CSPs provide
advanced security features that allow for automated protection capabilities with little to no
human intervention.
4. Data protection

PRIYANKA PATIL 1
Cloud Computing

The best cloud computing providers will provide data security by design, offering strong
access controls, encryption for data at rest and in transit, and data loss prevention (DLP) to
secure your cloud data wherever it’s located or managed.
5. Cloud compliance
Cloud providers go to great lengths to comply with both international and industry
compliance standards, often undergoing rigorous independent verifications of their security,
privacy, and compliance controls.
6. Advanced threat detection
Reputable CSPs also invest in cutting-edge technologies and highly skilled experts to provide
real-time global threat intelligence that can detect both known and unknown threats in the
wild and your networks for faster remediation.

¤ Infrastructure Security- Network-level security, Host level security, Application-

level security
Cloud infrastructure security, as the name implies, involves the protection of assets based in
the cloud. Rather than existing as one of the distinct levels of infrastructure security outlined
above, cloud infrastructure security spans a multitude of security levels, including the network,
application, and data levels. Only the physical security level, by definition, is exempted.

Cloud infrastructure security can be complex because many organizations fail to properly
understand where the provider’s responsibility ends and their responsibility begins. In general,
many cloud providers are responsible for the security “of” the cloud, meaning that they must
ensure cloud infrastructure — which incorporates security of storage, compute, and network
layers — is inherently secure and reliable. Cloud providers outline these responsibilities in
great detail in their terms of service, yet these environments are often so nebulous that
confusion about who is responsible for what often persists — especially if an attack is detected.

While responsibilities vary from one provider to another, in general, the customer is always
responsible for several cloud security tasks, including user management and access
control, data encryption in the cloud, proper configuration of vendor-provided security tools,
and adherence to relevant privacy laws. This is known as the shared responsibility model.

With the cloud everywhere, cloud security is of critical importance — largely due to the rise in
attacks against cloud infrastructure. But securing cloud infrastructure is difficult for many
reasons:

• An increase in the size of the attack surface

• A lack of complete visibility into how cloud services are operating during runtime
• The dynamic and often temporary nature of cloud-based workloads
• The general complexity of a cloud environment, particularly when multiple cloud
services are involved

PRIYANKA PATIL 2
Cloud Computing

Infrastructure security is the practice of protecting critical systems and assets against physical
and cyber threats. From an IT standpoint, this typically includes hardware and software assets
such as end-user devices, data center resources, networking systems, and cloud resources.
Infrastructure security is all about securing your organization's infrastructure. That
infrastructure certainly can include permanent assets like real estate, but "infrastructure
security" is most commonly used to refer to technology assets, including:

• Computers and endpoints/devices

• Networking systems
• Cloud resources — both hardware and software

The concept of infrastructure security includes not only protection from a traditional
cyberattack, but also protection from natural disasters and other calamities. It concerns the
topic of resilience, which considers how an enterprise recovers from an attack or other
disruption. The ultimate goal of infrastructure security is to:

• Boost security measures and your overall posture.

• Minimize the amount of downtime and associated customer attrition, loss of brand and
reputation, and compliance costs that businesses face.

Fundamentally, infrastructure security describes a high-level way of thinking about the

protection of the entirety of the organization’s technology perimeter. More tactical security
plans — how will we protect the data on our workers’ laptops — may be developed as subsets
beneath that overarching strategy.
IT Infrastructure Security is a broad term used for the collective actions, tools, and methods
used to protect the IT technology assets, that are supporting business processes.

Technology infrastructure can be threatened in many ways:

• Attackers can exploit vulnerabilities on publicly accessible services, such as email,

websites, remote access, etc.
• Attackers can gain access internally, through inadequate Wifi security, or by receiving
sensitive data from employees.
• Authorized users can cause harm to the infrastructure, either unintentionally or
purposefully.
• Ransomware and malware may exploit security weaknesses.
• Lack of backups, or inadequate backups.
• Service outages due to outdated technology.
Establishing a good security strategy for IT infrastructure demands constant progress and
effort. To stay up to date with new online threats, and other vulnerabilities of an IT
infrastructure, companies should consider a variety of approaches, maintain vigilance over
possible errors and sources of attack.

PRIYANKA PATIL 3
Cloud Computing

Different levels of infrastructure security

Many enterprise IT infrastructure security frameworks will address four types, or levels, of
security. There is no universal definition of the various levels or categories of infrastructure
security, but in the enterprise, one common way to look at security includes securing the
following four levels:

• Physical Level:

Infrastructure needs physical protection in the form of locked doors, fences, backup
generators, security cameras, and the like. Failover plans that locate backup equipment
in another part of the world are also part of a physical security strategy. Physical
security is just as important as cybersecurity. Your IT infrastructure needs to be
physically protected. This includes things like fences, security cameras, backup
generators, and closed doors. Failure prevention techniques are also a part of physical
security. This step involves placing backup equipment in a different region of the world.

Cybersecurity doesn’t shield your digital assets against physical theft. Or even
vandalism and natural catastrophes. Thus, a physical security plan should include data
recovery procedures. And it’s recommended that they use offsite backups situated in
several geographical regions.

The most robust cyber protection cannot protect your technology assets from physical
theft, vandalism, or natural disasters. Data recovery plans that incorporate offsite
backups located in different geographies are also part of a physical security strategy.

• Network Level:

At its core, network security protects data as it travels into, out of, and across the
network. This includes traffic encryption, whether it is on-premises or in the cloud,
proper firewall management, and the use of authentication and authorization systems.
A firewall is frequently the primary defense mechanism in terms of corporate network
security. It creates a barrier between the secure network of your business and the
suspicious ones (e.g., open Wi-Fi).

PRIYANKA PATIL 4
Cloud Computing

The protection of data as it enters, leaves, and moves within the network is the main
goal of network security. This involves identity and authorization systems, effective
firewall management, and traffic encryption. It can be on-premises or in the cloud (in
this case, we deal with cloud security).

IT infrastructure security policies are crucial for network security. They define the
network traffic that can access trusted network resources. You can manage it by
controlling inbound and outgoing network traffic. Also, multi-factor authentication
(MFA) safeguards your network. It requires two (or more) forms of verification before
allowing the use of network resources.

A firewall typically provides the first line of defense in network security. It serves as a
barrier between an enterprise’s trusted network and other untrusted networks, such as
public Wi-Fi. By monitoring incoming and outgoing network traffic based on a set of
rules, it only allows network traffic that has been defined in the security policy to access
resources on the trusted network. Multi-factor authentication (MFA) also protects the
enterprise network by requiring two or more forms of verification before allowing
access to network resources.

• Application Level:

Security also needs to be considered at the application level. This includes the
protection of databases against attacks such as SQL injections as well as the hardening
of other applications against unauthorized use or malicious exploits. Security at the
application level involves safeguarding databases from incidents like SQL injections.
This also means fortifying other programs against unauthorized access or harmful
activity.

Hackers can enter your IT system through flaws in outdated software. Patching is one
good method to address this problem. It guarantees your software and firmware
upgrades are distributed throughout a corporate network. The strategy deals with
security gaps and offers extra functionality. Patching also improves performance and
fixes bugs for corporate applications.

Outdated software can contain vulnerabilities that cyber attackers can exploit to gain
access to IT systems. Ensuring software and firmware updates are distributed and
applied across the enterprise network, known as patching, helps close security holes as
well as provide new functionality, performance improvements, and bug fixes for
enterprise applications.

• Data Level:

At the lowest level of infrastructure security, data protection must be considered, no

matter where or how it is stored. This includes data encryption, backups, and

PRIYANKA PATIL 5
Cloud Computing

anonymization tactics where they are appropriate. The more data you have, the harder
it is to secure it across your corporate network. This means more endpoints to keep an
eye on.

As more data is generated and stored in more locations (core data centers, colocations,
multiple clouds, and edges), protecting this data becomes more complex. The
increasing number of devices connected to enterprise networks due to bring-your-own-
device (BYOD) policies, IoT adoption, and more, meaning that a growing number of
endpoints, or entry points into enterprise networks, must be protected. Some common
enterprise endpoint security measures include URL filtering, anti-virus tools,
sandboxing, secure email gateways, and endpoint detection and response (EDR) tools.
Data encryption technologies also help protect data by encoding it so that only users
with the correct decryption key may access it.

Benefits of Infrastructure Security

Naturally, the biggest benefit of infrastructure security is simply that it protects all of your
business’s technology assets from attack. For most enterprises, infrastructure security is the
first line of defense against cyberattacks or other types of exploits.
Of course, there are numerous benefits to the enterprise. With proper infrastructure security,
you will:

• Protect data from being stolen or otherwise compromised, minimizing financial risk
incurred with steep fines.
• Ensure compliance with evolving data privacy rules that mandate consumer
information be kept safe from attack.
• Minimize the risk of damage due to user carelessness.

Most malware doesn’t end up on the corporate network because an internal user intentionally
put it there (although insider attacks like these do happen). More often, this happens because a
user unthinkingly clicks on an email attachment or a malicious link. Infrastructure security
systems and protocols help to mitigate risk when these mistakes inevitably occur.

Protecting infrastructure with cybersecurity solutions

IT security solutions are the key tools used to protect infrastructure. It is not a question of
whether you can protect your infrastructure with cybersecurity solutions --- it's a question of
how you best protect your infrastructure with them. Cybersecurity solutions can be used to:

• Ensure access is granted only to authorized users.

• Prevent malware from successfully being installed on infrastructure devices.
• Assess the overall security of the network, via both offensive and defensive approaches.
• Encrypt data in transit and at rest to protect it in the event of a successful attack.

PRIYANKA PATIL 6
Cloud Computing

Best practices for securing infrastructure

Several recommended best practices should be incorporated into an organization's security
policies that protect infrastructure, including:

1. Smart Cybersecurity Policy

Understanding and addressing all the hazards is crucial for cyber security management.
Establishing security standards should be your first step. They must be relevant to your
company’s operations, your niche, and the skills of your personnel.

You should also clearly define the regulations for employee and administrative access to your
systems. These include passwords, other end-user credentials, and content-filtering procedures.
This will put IT infrastructure security policies in place.

Password security should be taken very seriously. Create strong passwords for every login and
use two-factor authentication. Also, specify who handles what while handling cyber risks.

2. User Access Review

Regularly check user permissions. Remove those that are no longer required, as well as any
that are granted to users who leave the company to prevent unauthorized access. It’s best to use
privileged access and access management technologies to limit the number of users who can
obtain information.

Additionally, one of the greatest practices for network security is efficient password
management. The rule is as follows: at least 10 characters in a password and periodical updates.
You can use systems for managing passwords or include multi-factor authentication.

3. Secure Protocols

PRIYANKA PATIL 7
Cloud Computing

Security protocols rely on the cryptography technique. This helps them protect sensitive data,
financial data, and file transmission. They provide information on the data structure and data
representation, as well as how the algorithm functions.

Make sure your web assets are using secure protocols. For example, Safe Socket Layer (SSL)
and Secure Shell (SSH) offer a secure path for communication even across unsecured networks.

4. Validated Software and Hardware

Choosing hardware and software, available at a price or even free, is attractive. But making
such a decision has certain unspoken dangers. You may select solutions that already have an
efficient security mechanism built in. Yet this usually comes at a cost.

Besides, it’s crucial to refrain from obtaining software from unreliable sites. They could include
malicious software in them. It can infiltrate your system and provide others with access to the
private information of your enterprise.

5. Robust Firewall System

A key component of any cybersecurity strategy should include firewalls. Make sure they are
set up correctly because a poorly set firewall poses just as much risk as none at all.

Yet, a lot of businesses struggle with network-level firewall installation. Each employee’s
gadget must have a firewall, but the overall systems should also be secured. Thus, it is strongly
advised to set up hardware and packet-filtering firewalls. They add another layer of network
infrastructure security.

6. Code Aligning with Safe Development Rules

A framework like DevSecOps might help protect your technological infrastructure. It can
establish a security-focused attitude within the development team. Ensure the code complies to
secure development principles.

7. Data Encryption

Whenever possible, rely on data encryption. For hackers who successfully breach the system
but lack the keys’, encrypted files are generally worthless.

IT firms must regularly test data categorization and use encryption where necessary. Besides,
VPNs can add another degree of cybersecurity. This concerns your employees who may need
to access sensitive information from faraway locations.

8. Backup Copies
Back up all your systems regularly. Offsite backups are your best line of security against
ransomware assaults. Back up both highly sensitive and operationally significant data. This is
essential when dealing with cybercrime.

PRIYANKA PATIL 8
Cloud Computing

9. Regular System Testing

Conduct frequent system stress tests for the ultimate security resilience in your organization.
To find vulnerabilities, conduct security scans and penetration testing.

10. Hiring Cybersecurity Expert

Even the finest practices for IT infrastructure protection might not always help. Companies still
struggle to manage their time and resources to set cybersecurity in motion. Working with a
cybersecurity specialist can help you avoid this hazard.

Build a Secure IT Infrastructure

Attackers have long targeted infrastructure because it represents a potential gold mine for their
efforts. Unfortunately, because of its expansive size and complexity, it also presents a challenge
for security operations teams to secure.
With the rise of IoT devices and the proliferation of cloud services, the typical enterprise now
finds itself with a daunting attack surface that is increasingly vulnerable to both organized
attackers and the threat of natural disasters. Only through careful infrastructure protection can
you truly mitigate threats and keep your infrastructure environment — and data — safe from
attack.
Companies start recognizing the threat that poor cybersecurity strategy represents to their
business. More specifically, their productivity, goodwill, and bottom line. If you want to be
genuinely safe, you need a clear plan for how to handle any future security needs.

These steps will strengthen your cybersecurity strategy:

1. Conduct A Security Risk Assessment

Security risk assessment is carried out to evaluate, analyze, and improve your company’s cyber
resilience. This process involves cooperation from many groups and data owners. The
management’s commitment helps allot resources and execute the necessary cybersecurity
solutions.

PRIYANKA PATIL 9
Cloud Computing

The value of different data created and kept within the company is likewise determined by
cyber risk management. Thus, allocating tech resources where they are most required would
be impossible without this step. Your management team must perform an IT infrastructure
audit to determine the data sources that are most important to the firm. This can also indicate
where the storage is situated and data vulnerabilities to properly assess risk.

2. Set Your Security Goals

Business goals must be aligned with your cybersecurity strategy. This is a golden role for
success in critical infrastructure protection. Once your corporate goals are clear, it’s easier to
start integrating the cybersecurity framework into it.

Focusing on different areas might help in developing security goals:

• Establish reasonable expectations;

• Assess your security maturity;
• Comprehend your company’s risk appetite;
• Take immediate action on simple tasks;
• Deal with security issues as they arise.

3. Embrace Cybersecurity Best Practices

Cybercriminals use cutting-edge tactics to attack modern businesses. This includes companies
of all sizes, geographies, and industrial sectors. So, you must have a solid plan for managing
physical and cybersecurity across crucial systems and assets. This will help you operate in the
present business climate.

The cybersecurity practices mentioned above will help protect your crucial technology
infrastructure. As a result, your team can enhance its cyber security resilience. It will also
prevent malevolent behavior of any sort that can threaten your information system resources.

4. Implement Your Cybersecurity Strategy

The strategy assessments and policy plans are almost finished. This is the time to allocate tasks
to teams and prioritize remedial efforts. To internal teams, assign cybersecurity tasks according
to their priority. Also, make use of the Project Management team inside your company, if one
exists. Provide leadership, interact with the internal teams, and plan the activities if there is no
project team available. Set realistic deadlines: it’s best to plan for more time than you think.

5. Pay attention to password security.

PRIYANKA PATIL 10
Cloud Computing

All logins must be protected by strong passwords (i.e. long passwords that use a hard-to-
remember combination of uppercase and lowercase letters, numbers and symbols, passwords
that don’t spell a word, etc..) as well as two-factor authentication when possible.

6. Audit user permissions frequently.

To avoid unauthorized access, remove permissions to services when users no longer need them
as well as immediately when they leave the organization.

7. Apply patches regularly.

Patches should generally be installed the day they are released, particularly if they include a
security fix.

8. Ensure internet-based assets use secure protocols

like Secure Shell (SSH) and Secure Socket Layer (SSL). These protocols provide a secure
channel for communication, even over an insecure network.

9. Remove unused services and software.

These idle but active systems can create an unnecessary security risk. This is part of the process
known as network hardening.

10. Properly configure firewalls.

A misconfigured firewall is just as dangerous as having no firewall at all.

11. Make sure the code adheres to secure development practices.

Shift left and DevSecOps approaches can be useful in instilling a security-focused mindset
within the development team.

12. Encrypt wherever possible.

Encrypted files are largely useless to attackers who successfully enter the system but don’t hold
the keys.

13. Regularly back up all systems.

Offsite backups are the best defense against ransomware attacks.

14. Stress-test systems regularly.

PRIYANKA PATIL 11
Cloud Computing

Run security scans and penetration tests to hunt down vulnerabilities.

Tools & solutions for infrastructure security

To protect your infrastructure data, consider implementing these types of tools and security
controls to protect the business’s infrastructure, including:

• Firewall: This is the first line of defense against all manner of threats, preventing
malicious traffic from ever accessing your internal networks.
• Antivirus or antimalware systems: Malware is introduced into the enterprise through
several means. Antimalware systems scan email messages, web traffic, and hardware
devices to ensure that they are not infected.
• Penetration testing and network vulnerability analysis tools: These types of tools
are set to run periodically — or continuously — constantly scanning the network for
potential security problems.
• Intrusion detection system: An intrusion detection tool monitors the network in real-
time, watching for behavior that is out of the ordinary or that indicates an attacker has
breached the infrastructure.
• Authentication software: Authentication software monitors the behavior of users with
network access. AI detects unusual activity that may imply a user’s credentials have
been compromised.
• Password auditing tools: Passwords should be regularly audited to ensure that users
are not relying on insecure or hackable login credentials.
• Encryption tools: Encrypted data has limited to no value to attackers, providing an
extra layer of protection to your organization in the event of an attack.
• SIEM tools: Security information and event management (SIEM) tools automate much
of the grunt work of monitoring infrastructure security and provide real-time analysis
of the security alerts generated by various applications in the enterprise.

¤ Data Security and Storage

Security Issues in Cloud Computing:
There is no doubt that Cloud Computing provides various Advantages but there are also
some security issues in cloud computing. Below are some following Security Issues in
Cloud Computing as follows.
1. Data Loss –
Data Loss is one of the issues faced in Cloud Computing. This is also known as
Data Leakage. As we know our sensitive data is in the hands of Somebody else,
and we don’t have full control over our database. So, if the security of cloud
service is broken by hackers, then it may be possible that hackers will get access
to our sensitive data or personal files.
2. Interference of Hackers and Insecure API –
As we know, if we are talking about the cloud and its services it means we are
talking about the Internet. Also, we know that the easiest way to communicate
with Cloud is by using API. So, it is important to protect the Interface and APIs

PRIYANKA PATIL 12
Cloud Computing

that are used by an external user. But also in cloud computing, few services are
available in the public domain which is the vulnerable part of Cloud Computing
because it may be possible that some third parties access these services. So, it
may be possible that with the help of these services, hackers can easily hack or
harm our data.
3. User Account Hijacking –
Account Hijacking is the most serious security issue in Cloud Computing. If
somehow the Account of a User or an Organization is hijacked by a hacker then
the hacker has full authority to perform Unauthorized Activities.
4. Changing Service Provider –
Vendor lock-in is also an important Security issue in Cloud Computing. Many
organizations will face different problems while shifting from one vendor to
another. For example, if an organization wants to shift from AWS
Cloud to Google Cloud Services, then they face various problems like shifting
all data, also both cloud services have different techniques and functions, so they
also face problems regarding that. Also, it may be possible that the charges
of AWS are different from Google Cloud, etc.
5. Lack of Skill –
While working, shifting to another service provider, needing an extra feature,
how to use a feature, etc. are the main problems caused by IT Companies that
don’t have skilled Employees. So, it requires a skilled person to work with
Cloud Computing.
6. Denial of Service (DoS) attack –
This type of attack occurs when the system receives too much traffic. Mostly
DoS attacks occur in large organizations such as the banking sector, government
sector, etc. When a DoS attack occurs, data is lost. So, to recover data, it
requires a great amount of money as well as time to handle it.
7. Shared Resources –
Cloud computing relies on a shared infrastructure. If one customer’s data or
applications are compromised, it may potentially affect other customers sharing
the same resources, leading to a breach of confidentiality or integrity.
8. Compliance and Legal Issues –
Different industries and regions have specific regulatory requirements for data
handling and storage. Ensuring compliance with these regulations can be
challenging when data is stored in a cloud environment that may span multiple
jurisdictions.
9. Data Encryption –
While data in transit is often encrypted, data at rest can be susceptible to breaches.
It’s crucial to ensure that data stored in the cloud is properly encrypted to prevent
unauthorized access.
10. Insider Threats –

PRIYANKA PATIL 13
Cloud Computing

Employees or service providers with access to cloud systems may misuse their
privileges, intentionally or unintentionally causing data breaches. Proper access
controls and monitoring are essential to mitigate these threats.
11. Data Location and Sovereignty –
Knowing where your data physically resides is important for compliance and
security. Some cloud providers store data in multiple locations globally, and this
may raise concerns about data sovereignty and who has access to it.
12. Loss of Control –
When using a cloud service, you are entrusting a third party with your data and
applications. This loss of direct control can lead to concerns about data ownership,
access, and availability.
13. Incident Response and Forensics –
Investigating security incidents in a cloud environment can be complex.
Understanding what happened and who is responsible can be challenging due to
the distributed and shared nature of cloud services.
14. Data Backup and Recovery –
Relying on cloud providers for data backup and recovery can be risky. It’s
essential to have a robust backup and recovery strategy in place to ensure data
availability in case of outages or data loss.
15. Vendor Security Practices –
The security practices of cloud service providers can vary. It’s essential to
thoroughly assess the security measures and certifications of a chosen provider to
ensure they meet your organization’s requirements.
16. IoT Devices and Edge Computing –
The proliferation of IoT devices and edge computing can increase the attack
surface. These devices often have limited security controls and can be targeted to
gain access to cloud resources.
17. Social Engineering and Phishing –
Attackers may use social engineering tactics to trick users or cloud service
providers into revealing sensitive information or granting unauthorized access.
18. Inadequate Security Monitoring –
Without proper monitoring and alerting systems in place, it’s challenging to detect
and respond to security incidents promptly.

Here are a few principles you can follow:

1. Never leave the default settings unchanged. Using the default settings gives a
hacker front-door access. Avoid doing this to complicate a hacker’s path into your
system.
2. Never leave a cloud storage bucket open. An open bucket could allow hackers to
see the content just by opening the storage bucket's URL.
3. If the cloud vendor gives you security controls that you can switch on, use them.
Not selecting the right security options can put you at risk.

PRIYANKA PATIL 14
Cloud Computing

Basic cyber security tips should also be built into any cloud implementation. Even if you are
using the cloud, standard cyber security practices shouldn’t be ignored. So, it is worth
considering the following if you want to be as secure as possible online:
• Use strong passwords. Including a mix of letters, numbers, and special characters
will make your password more difficult to crack. Try to avoid obvious choices, like
replacing an S with a $ symbol. The more random your strings are, the better.
• Use a password manager. You will be able to give each application, database, and
service you use separate passwords, without having to remember them all. However,
you must make sure you protect your password manager with a strong primary
password.
• Protect all the devices you use to access your cloud data, including smartphones and
tablets. If your data is synchronized across numerous devices, any one of them could
be a weak link putting your entire digital footprint at risk.
• Back up your data regularly so that in the event of a cloud outage or data loss at
your cloud provider, you can restore your data fully. That backup could be on your
home PC, on an external hard drive, or even cloud-to-cloud, as long as you are certain
the two cloud providers don't share infrastructure.
• Modify permissions to prevent any individual or device from having access to all
your data unless it is necessary. For instance, businesses will do this through database
permission settings. If you have a home network, use guest networks for your children,
for IoT devices, and your TV. Save your 'access all areas' pass for your usage.
• Protect yourself with anti-virus and anti-malware software. Hackers can access
your account easily if malware makes its way into your system.
• Avoid accessing your data on public Wi-Fi, particularly if it doesn't use strong
authentication. However, use a virtual private network (VPN) to protect your gateway
to the cloud.

¤ Data privacy and security Issues: Identity and Access Management, Access
Control, Trust, Reputation, Risk
Any service without a "hardened" environment is considered a "soft" target. Virtual
servers should be protected just like physical servers against data leakage, malware, and
exploited vulnerabilities. "Data loss or leakage represents 24.6% and cloud-related
malware 3.4% of threats causing cloud outages”.
Identity management
Every enterprise will have its identity management system to control access to
information and computing resources. Cloud providers either integrate the customer's
identity management system into their infrastructure,
using federation or SSO technology or a biometric-based identification system or
provide an identity management system of their own. CloudID, for instance, provides
privacy-preserving cloud-based and cross-enterprise biometric identification. It links
the confidential information of the users to their biometrics and stores it in an encrypted
fashion. Making use of a searchable encryption technique, biometric identification is

PRIYANKA PATIL 15
Cloud Computing

performed in the encrypted domain to make sure that the cloud provider or potential
attackers do not gain access to any sensitive data or even the contents of the individual
queries.
1. Physical security
Cloud service providers physically secure the IT hardware (servers, routers, cables,
etc.) against unauthorized access, interference, theft, fires, floods, etc., and ensure that
essential supplies (such as electricity) are sufficiently robust to minimize the possibility
of disruption. This is normally achieved by serving cloud applications from
professionally specified, designed, constructed, managed, monitored, and maintained
data centers.
2. Personnel security
Various information security concerns relating to the IT and other professionals
associated with cloud services are typically handled through pre-, para- and post-
employment activities such as security screening potential recruits, security awareness
and training programs, and proactive.
3. Privacy
Providers ensure that all critical data (credit card numbers, for example) are masked or
encrypted and that only authorized users have access to data in its entirety. Moreover,
digital identities and credentials must be protected as should any data that the provider
collects or produces about customer activity in the cloud.
4. Penetration testing
Penetration testing is the process of performing offensive security tests on a system,
service, or computer network to find security weaknesses in it. Since the cloud is a
shared environment with other customers or tenants, following penetration testing rules
of engagement step-by-step is a mandatory requirement. Scanning and penetration
testing from inside or outside the cloud should be authorized by the cloud provider.
Violation of acceptable use policies can lead to termination of the service.
5. Cloud vulnerability and penetration testing
Scanning the cloud from outside and inside using free or commercial products is crucial
because, without a hardened environment, your service is considered a soft target.
Virtual servers should be hardened just like a physical server against data leakage,
malware, and exploited vulnerabilities. "Data loss or leakage represents 24.6% and
cloud-related malware 3.4% of threats causing cloud outages”
Scanning and penetration testing from inside or outside the cloud must be authorized
by the cloud provider. Since the cloud is a shared environment with other customers or
tenants, following penetration testing rules of engagement step-by-step is a mandatory
requirement. Violation of acceptable use policies can lead to the termination of the
service. One key terminology to grasp when discussing penetration testing is the
difference between application and network layer testing. Understanding what is asked
of you as the tester is sometimes the most important step in the process. The network-

PRIYANKA PATIL 16
Cloud Computing

layer testing refers to testing that includes internal/external connections as well as the
interconnected systems throughout the local network. Oftentimes, social engineering
attacks are carried out, as the most vulnerable link in security is often the employee.
6. White-box testing
Testing under the condition that the “attacker” has full knowledge of the internal
network, its design, and implementation.
7. Grey-box testing
Testing under the condition that the “attacker” has partial knowledge of the internal
network, its design, and implementation.
8. Black-box testing
Testing under the condition that the “attacker” has no prior knowledge of the internal
network, its design, and implementation.
9. Data security
There are numerous security threats associated with cloud data services. This includes
traditional threats and non-traditional threats. Traditional threats include network
eavesdropping, illegal invasion, and denial of service attacks, but also specific cloud
computing threats, such as side-channel attacks, virtualization vulnerabilities, and
abuse of cloud services. To mitigate these threats security controls often rely on
monitoring the three areas of the CIA triad. The CIA Triad refers to confidentiality
(including access controllability which can be further understood from the following.),
integrity, and availability.
It is important to note that many effective security measures cover several or all of the
three categories. Encryption for example can be used to prevent unauthorized access,
and also ensure the integrity of the data). Backups on the other hand generally cover
integrity and availability and firewalls only cover confidentiality and access
controllability.
10. Confidentiality
Data confidentiality is the property in that data contents are not made available or
disclosed to illegal users. Outsourced data is stored in a cloud and out of the owners'
direct control. Only authorized users can access the sensitive data while others,
including CSPs, should not gain any information about the data. Meanwhile, data
owners expect to fully utilize cloud data services, e.g., data search, data computation,
and data sharing, without the leakage of the data contents to CSPs or other adversaries.
Confidentiality refers to how data must be kept strictly confidential to the owner of said
data
An example of security control that covers confidentiality is encryption so that only
authorized users can access the data. Symmetric or asymmetric key paradigm can be
used for encryption.
11. Access controllability

PRIYANKA PATIL 17
Cloud Computing

Access controllability means that a data owner can perform the selective restriction of
access to their data outsourced to the cloud. Legal users can be authorized by the owner
to access the data, while others cannot access it without permission. Further, it is
desirable to enforce fine-grained access control to the outsourced data, i.e., different
users should be granted different access privileges about different data pieces. The
access authorization must be controlled only by the owner in untrusted cloud
environments.
Access control can also be referred to as availability. While unauthorized access should
be strictly prohibited, access for administrative or even consumer uses should be
allowed but monitored as well. Availability and Access control ensure that the proper
number of permissions is granted to the correct persons.
12. Integrity
Data integrity demands maintaining and assuring the accuracy and completeness of
data. A data owner always expects that her or his data in a cloud can be stored correctly
and trustworthy. It means that the data should not be illegally tampered with,
improperly modified, deliberately deleted, or maliciously fabricated. If any undesirable
operations corrupt or delete the data, the owner should be able to detect the corruption
or loss. Further, when a portion of the outsourced data is corrupted or lost, it can still
be retrieved by the data users. Effective integrity security controls go beyond protection
from malicious actors and protect data from unintentional alterations as well.
An example of security control that covers integrity is automated backups of
information.

7 Privacy Challenges in Cloud Computing

The cloud paradigm revolves around convenience and easy the provision of a huge pool of
shared computing resources.
The rapid development of the cloud has led to more flexibility, cost-cutting, and scalability of
products but also faces an enormous amount of privacy and security challenges. Since it is a
relatively new concept and is evolving day by day, there are undiscovered security issues that
creep up and need to be taken care of as soon as discovered. Here we discuss the top 7 privacy
challenges encountered in cloud computing:

1. Data Confidentiality Issues

Confidentiality of the user’s data is an important issue to be considered when externalizing and
outsourcing extremely delicate and sensitive data to the cloud service provider. Personal data
should be made unreachable to users who do not have proper authorization to access it and one
way of making sure that confidentiality is by the usage of severe access control policies and
regulations. The lack of trust between the users and cloud service providers or the cloud
database service provider regarding the data is a major security concern and holds back a lot of
people from using cloud services.

PRIYANKA PATIL 18
Cloud Computing

2. Data Loss Issues

Data loss or data theft is one of the major security challenges that cloud providers face. If a
cloud vendor has reported data loss or data theft of critical or sensitive material data in the past,
more than sixty percent of the users would decline to use the cloud services provided by the
vendor. Outages of the cloud services are very frequently visible even from firms such as
Dropbox, Microsoft, Amazon, etc., which in turn results in an absence of trust in these services
during a critical time. Also, it is quite easy for an attacker to gain access to multiple storage
units even if a single one is compromised.

3. Geographical Data Storage Issues

Since the cloud infrastructure is distributed across different geographical locations spread
throughout the world, it is often possible that the user’s data is stored in a location that is out
of the legal jurisdiction which leads to the user’s concerns about the legal accessibility of local
law enforcement and regulations on data that is stored out of their region. Moreover, the user
fears that local laws can be violated due to the dynamic nature of the cloud makes it very
difficult to delegate a specific server that is to be used for trans-border data transmission.

4. Multi-Tenancy Security Issues

Multi-tenancy is a paradigm that follows the concept of sharing computational resources, data
storage, applications, and services among different tenants. This is then hosted by the same
logical or physical platform at the cloud service provider’s premises. While following this
approach, the provider can maximize profits but puts the customer at risk. Attackers can take
undue advantage of the multi-residence opportunities and can launch various attacks against
their co-tenants which can result in several privacy challenges.

5. Transparency Issues

In cloud computing security, transparency means the willingness of a cloud service provider to
reveal different details and characteristics of its security preparedness. Some of these details
compromise policies and regulations on security, privacy, and service level. In addition to the
willingness and disposition, when calculating transparency, it is important to notice how
reachable the security readiness data and information are. It will not matter the extent to which
the security facts about an organization are at hand if they are not presented in an organized
and easily understandable way for cloud service users and auditors, the transparency of the
organization can then also be rated relatively small.

6. Hypervisor Related Issues

PRIYANKA PATIL 19
Cloud Computing

Virtualization means the logical abstraction of computing resources from physical restrictions
and constraints. But this poses new challenges for factors like user authentication, accounting,
and authorization. The hypervisor manages multiple Virtual Machines and therefore becomes
the target of adversaries. Different from the physical devices that are independent of one
another, Virtual Machines in the cloud usually reside in a single physical device that is managed
by the same hypervisor. The compromise of the hypervisor will hence put various virtual
machines at risk. Moreover, the newness of the hypervisor technology, which includes
isolation, security hardening, access control, etc. provides adversaries with new ways to exploit
the system.

7. Managerial Issues

There are not only technical aspects of cloud privacy challenges but also non-technical and
managerial ones. Even on implementing a technical solution to a problem or a product and not
managing it properly is eventually bound to introduce vulnerabilities. Some examples are lack
of control, security and privacy management for virtualization, developing comprehensive
service level agreements, going through cloud service vendors and user negotiations, etc.

Identity and access management (IAM):

IAM services and tools allow administrators to centrally manage and control who has access
to specific cloud-based and on-premises resources. IAM can enable you to actively monitor
and restrict how users interact with services, allowing you to enforce your policies across your
entire organization.

Identity and access management (IAM) products track who a user is and what they are allowed
to do, and they authorize users and deny access to unauthorized users as necessary. IAM is
critical in cloud computing because a user's identity and access privileges determine whether
they can access data, not the user's device or location.

IAM helps reduce the threats of unauthorized users gaining access to internal assets and
authorized users exceeding their privileges. The right IAM solution will help mitigate several
kinds of attacks, including account takeover attacks and insider threats (when a user or
employee abuses their access to expose data).

IAM may include several different services, or it may be a single service that combines all of
the following capabilities:

• Identity providers (IdP) authenticate user identity

• Single sign-on (SSO) services help authenticate user identities for multiple
applications so that users only have to sign in once to access all their cloud services

PRIYANKA PATIL 20
Cloud Computing

• Multi-factor authentication (MFA) services strengthen the user authentication

process

• Access control services allow and restrict user access

Access management

Cloud deployments can be accessed directly using the public internet, which enables
convenient access from any location or device. At the same time, it also means that attackers
can more easily gain authorized resources with compromised credentials or improper access
control.

While cloud computing is on the cutting edge of information technology there are risks and
vulnerabilities to consider before investing fully in it. Security controls and services do exist
for the cloud but as with any security system they are not guaranteed to succeed. Furthermore,
some risks extend beyond asset security and may involve issues in productivity and even
privacy as well.
1. Privacy Concerns
Cloud computing is still an emerging technology and thus is developing in relatively new
technological structures. As a result, all cloud services must undertake Privacy Impact
Assessments or PIAs before releasing their platform. Consumers as well that intend to use
clouds to store their customers' data must also be aware of the vulnerabilities of having non-
physical storage for private information.
2. Unauthorized Access to Management Interface
Due to the autonomous nature of the cloud, consumers are often given management interfaces
to monitor their databases. By having controls in such a congregated location and by having
the interface be easily accessible for convenience for users, there is a possibility that a single
actor could gain access to the cloud's management interface; giving them a great deal of control
and power over the database.
3. Data Recovery Vulnerabilities
The cloud's capabilities to allocate resources as needed often result in resources in memory and
otherwise being recycled to another user at a later event. For these memory or storage
resources, it could be possible for current users to access information left by previous ones.[27]
4. Internet Vulnerabilities
The cloud requires an internet connection and therefore internet protocols to access. Therefore,
it is open to many internet protocol vulnerabilities such as man-in-the-middle attacks.
Furthermore, by having a heavy reliance on internet connectivity, if the connection fails
consumers will be completely cut off from any cloud resources.
5. Encryption Vulnerabilities
Cryptography is an ever-growing field and technology. What was secure 10 years ago may be
considered a significant security risk by today's standards. As technology continues to advance
PRIYANKA PATIL 21
Cloud Computing

and older technologies grow old, new methods of breaking encryptions will emerge as well as
fatal flaws in older encryption methods. Cloud providers must keep up to date with their
encryption as the data they typically contain is especially valuable.
6. Legal issues
Privacy legislation often varies from country to country. By having information stored via the
cloud it is difficult to determine under which jurisdictions the data falls under. Transborder
clouds are especially popular given that the largest companies transcend several countries.
Other legal dilemmas from the ambiguity of the cloud refer to how there is a difference in
privacy regulation between information shared between and information shared inside of
organizations.
7. Attacks
There are several different types of attacks on cloud computing, one that is still very much
untapped is infrastructure compromise. Though not completely known it is listed as the attack
with the highest amount of payoff. What makes this so dangerous is that the person carrying
out the attack can gain a level of privilege of having essentially root access to the machine. It
is very hard to defend against attacks like these because they are so unpredictable and unknown,
attacks of this type are also called zero-day because they are difficult to defend against since
the vulnerabilities were previously unknown and unchecked until the attack has already
occurred.

Cloud Security Safety Tips

Using cloud computing systems might seem inherently secure. But this misconception couldn’t
be further from the truth. Both individuals and organizations should employ cloud security tips
and best practices to protect their assets against attacks and data breaches.

Some of the most reliable tips from cloud security resources include:
• Implement a strong password policy and multi-factor authentication.

• Encrypt data both in transit and at rest.

• Regularly back up data and test the recovery process.
• Implement security monitoring and logging to detect and respond to threats.
• Keep systems and software current with the latest patches and updates.
• Limit access to sensitive data and applications to only authorized personnel.
• Conduct regular security audits and risk assessments.
• Establish a clear security incident response plan.
• Train employees on security best practices and make them aware of potential threats.
• Choose a reliable cloud service provider with a good security track record.

PRIYANKA PATIL 22
Cloud Computing

In addition to the procedures that organizations implement internally, using the support of
CASB can be an invaluable investment to reinforce cloud protection.

A CASB service provides four key types of cloud security system management:
• Visibility. This is a consolidated view of an organization’s cloud service landscape,
including details about users accessing data in cloud services from any device or
location.
• Data Security. Some CASBs provide the ability to enforce data security policies to
prevent unwanted activity. Policies are applied through data loss prevention (DLP)
controls such as audit, alert, block, quarantine, delete and view only.
• Threat Protection. CASBs provide adaptive access controls to prevent unwanted
devices, users, and certain versions of apps from accessing cloud services. Cloud
app access can be changed based on signals observed during and after login.
• Compliance. CASBs help organizations demonstrate that they are governing the use
of cloud services. CASBs assist efforts to conform to data residency and
regulatory compliance requirements.

Cloud Security Threats & Vulnerabilities

Cyber criminals often exploit vulnerabilities and weaknesses in cloud security to gain access
to valuable data and assets. Once attackers get their hands on cloud account credentials, they
impersonate legitimate users. They can trick your people into wiring money to them or
releasing corporate data. They can also hijack email accounts to distribute spam and phishing
emails.

A study of more than 1,000 cloud service tenants with over 20 million user accounts found
over 15 million unauthorized login attempts in the first half of 2019 alone. More than 400,000
of these attempts resulted in successful logins. About 85% of tenants were targeted by cyber-
attacks, and 45% had at least one compromised account in their environment.

Cyber criminals tend to target popular SaaS applications like Microsoft Office 365 and Google
G Suite. Just about everyone at your company uses these applications, which hold the key to
business communication and vital data. Attackers use a variety of techniques and exploit
several vulnerabilities to compromise cloud account credentials and take advantage of
vulnerable users, including:

• Intelligent Brute-Force Attacks: Brute-force attacks are a trial-and-error

technique in which the attacker submits many username and password combinations
until something works. What makes such attacks intelligent is using automated tools
to expose multiple combinations of usernames with passwords in large credential
dumps.

PRIYANKA PATIL 23
Cloud Computing

• Advanced Phishing Campaigns: Otherwise known as credential phishing, these

targeted and well-crafted campaigns come in various forms and deceive people into
revealing their authentication credentials. Attackers usually carry out phishing via
socially engineered emails.
• Password Recycling: This common cloud security threat is characterized by the
same password used across multiple accounts. If an attacker gets their hands on an
account’s credentials from an unrelated data breach, they can leverage password
recycling to breach other sensitive accounts and data.
• Data Loss and IP Theft: On any typical business day, people share information
with colleagues, partners, and others via cloud-based collaboration or messaging
tools. However, lack of employee training on cloud security or worker malice could
result in sharing sensitive data with those who shouldn’t be able to see it.
• Malicious File Shares: Phishing links, credential stealers, and downloaders are
typically used in these types of attacks. Threat actors also distribute malware via
cloud services such as Dropbox.
• Data Breaches: One of the most significant risks associated with cloud security is
the potential for a data breach. Hackers can gain access to cloud-based systems and
steal sensitive information, such as financial data, personal information, or
intellectual property.
• Shadow IT: People and departments within an enterprise often deploy new cloud
apps and services without the approval, or even awareness, of IT security managers.
These services may result in data loss, data oversharing, compliance issues, and
more.
• Insider Threats: Employees or contractors with access to cloud-based systems can
intentionally or unintentionally cause data breaches, steal data, or leak sensitive
information.
• Distributed Denial of Service (DDoS) Attacks: Cloud-based systems can be
targeted by DDoS attacks that overload the system and prevent legitimate users from
accessing cloud resources.
• Insecure APIs: Application programming interfaces (APIs) used to access cloud-
based services can be vulnerable to attacks, such as injection attacks or man-in-the-
middle attacks.
• Shared Infrastructure Vulnerabilities: Cloud-based systems often use shared
infrastructure, which means a vulnerability in one customer’s system could
potentially expose data for all customers on the same infrastructure.
• Compliance Risks: Cloud-based systems must comply with various regulations and
standards, such as HIPAA, PCI-DSS, and GDPR. Failure to comply with these
regulations can result in legal and financial penalties.

PRIYANKA PATIL 24
Cloud Computing

¤ Authentication In cloud computing

Authentication is the process of determining the identity of a client. The details of

authentication vary depending on how you are accessing Cloud Storage. Authentication is the
initial checkpoint in the realm of cloud security. Its primary purpose is to verify the identity of
users, systems, or entities attempting to access a cloud service or resource. Just as keys unlock
doors, authentication serves as the digital key that grants or denies entry to the cloud kingdom.

• Definition: Authentication is the process of verifying the identity of a user, system,

or entity to ensure that they are who they claim to be.

• Objective: The primary goal of authentication is to confirm the identity of the

entity trying to access a system, application, or resource.

• Methods: Authentication involves the use of credentials such as usernames,

passwords, tokens, biometric data, or other authentication factors to validate the
identity of the user or system.

• Example: Logging into a cloud service with a username and password is a form of
authentication.

Authentication is a key procedure for ensuring the security of information. To improve

authentication in cloud computing, a lot of research has been done. Remote authentication is a
method commonly used to determine the identity of a remote client. In this chapter, we
proposed an effective method for authenticating clients, namely: the use of passwords, OTP,
and access control based on biometric data. The proposed system includes user
identification/password, biometric functions, and a mobile phone for generating a unique
password. A multifactor authentication method uses more than one factor, so it is not easy to
do it than single-factor authentication. Therefore, correctly developed and applied methods of
multifactor authentication are more reliable and stronger limitations of fraud

Existing authentication methodologies involve three basic factors:

• Something the user knows (e.g., password, PIN)

• Something the user has (e.g., ATM card, smart card)
• Something the user is (e.g., biometric characteristic, such as a fingerprint).

Traditional Authentication Techniques:

The combined user authentication method and password is a method that is often used for
authentication but can be hacked using existing hacker tools. OTP means "Password once." In
the OTP method, a password is provided upon request. OTP can disrupt the possibility of theft
and re-use of the password. The assigned password is only valid for a login session or a
transaction timeout and can only be used once. The most important error solved by OTP is that,
PRIYANKA PATIL 25
Cloud Computing

compared to static passwords, they are not vulnerable to repeated attacks. These systems are
not cheap and reliable to protect the system. Users of OTP systems are still sensitive to the type
of attack in the system known as the attacks of people in the middle.

Common Multi-Factor Authentication Methods:

1. Biometric Authentication
Biometric security mechanisms acquire biometric data from an individual, extract a set
of characteristics from the data, compare established functions with sets of functions
stored in the database, and perform an action based on the result of the comparison.
Identification became complicated in a highly interconnected cloud network. The need
for an agreed method based on cloud security has increased as a result of greater concern
for security. Biometric recognition is a reliable and adequate methodology for identifying
people based on their biometric characteristics. It can be defined as an automated
methodology that makes it possible to uniquely identify people using their physiological
or behavioral characteristics. The introduction of biometric recognition requires serious
protection of confidentiality from possible misuse, loss, or theft of biometric data.
Existing biometric identification methods and methodologies that preserve
confidentiality are based primarily on conventional cryptographic primitives, such as
homomorphism encryption and unconscious transmission. These primitives inevitably
bring enormous costs to the system and do not apply to large-scale practical applications.
Data leaks and security leaks may be caused by inadequate authentication. Cloud services
are paid services, so identifying an authorized user is a serious problem in cloud
computing. At present, biometrics is the security system most used in various
organizations, academics, and different societies. This helps overcome many of the
disadvantages of the authentication methods mentioned above. To solve the problem of
authentication in cloud computing, there are various traditional methods, as indicated
below, but they bring a lot of inconveniences.
2. SMS-Based One-Time Multi-Factor Authentication
This type of authentication technology uses mobile phones as a relatively inexpensive
factor. During registration in the system, the user provides his mobile phone number so
that they can be provided with an additional one-time password with a limited term or
PIN when they want to log in or authenticate their credentials. During the logon process,
they provide the user ID and password. They request an authentication server to send
them OTP to their pre-registered mobile phone to complete the authentication process.
The advantage of this technology is that it uses the second factor and minimizes the cost
3. Software-Based (Certificate) Authentication
This scheme is less preferable for multifactor authentication methods. They do not
provide one of the factors, regardless of the computer from which the user accesses the
resource, which requires multifactor authentication. It can be easily copied or stolen.
4. Internet Protocol Address (IPA) Location and Geo Location
In this structure, users can recognize their geographic location. For example, if a user has
made his transactions in the country, it is assumed that their next transactions will be
conducted only in that country. Tokens generate a random number used together with a

PRIYANKA PATIL 26
Cloud Computing

PIN or password. Smart cards are delivered to the reader. Then they are unlocked using
a one-time PIN or password, limited time codes sent by SMS.

¤ Client access in the cloud

In simpler terms, cloud data access refers to accessing data that has been stored on the
cloud, instead of a local or physical server in your organization (or home). In essence, the
data is stored physically somewhere, but you can access it from anywhere in the world, and
someone else maintains the infrastructure for you. It is also an integral reason why
companies can conduct their operations much more smoothly all over the world.

All you need to gain access to data in the cloud is a computer, or a mobile device, such as
a smartphone or tablet, and a stable internet connection. This makes it particularly useful
for organizations to serve their clients better since all of their information and critical data
is stored in a centralized location that can be accessed from anywhere

How Do Clients Access Their Cloud Data?

Hundreds of thousands of businesses have already migrated their data infrastructure and
operations to the cloud. This means that the public cloud providers are now in charge of
some of the aspects of their data access and security. Moreover, this makes it much easier
for clients to gain access to their data in real time.

Data that is stored in the cloud can be accessed by visiting the website or mobile application
of the cloud services provider, and some of the popular names in this industry include
Google Drive, Apple iCloud, Gmail, Dropbox, and several others. Organizational data in
the cloud is often analyzed with cloud-based BI tools.

Your data is hosted on physical servers by these companies, and you get to access them
through the internet by using any device. So, you can see that cloud storage providers aren’t
the only companies that make use of data access tools to provide services to their clients.

Similarly, any business that has clients with access to their cloud can cater to them rapidly.
The client simply has to enter their credentials and log in, following which they will
continue to see the content or data that is stored in the cloud. It is important to mention that
a data consumer should not be able to access the entire data you store in a cloud data store,
but only what they’re authorized to access.

This is where cloud access control comes into play. Consider Netflix, one of the pioneers
in video streaming services. When you log on to your Netflix account in the US, you are
only shown the movies and TV series that are in the US catalog. However, when you open
the same account overseas, you will be shown titles from their localized catalog.

Regardless of whether this is an effective authorization strategy or not, in the same way, an
organization needs to have clear security policies about which users can access what data
and under which conditions.
PRIYANKA PATIL 27
Cloud Computing

Examples of Cloud Data Access

The example that we have shared in the previous section is only a general representation of
how cloud data access works and there are several ways in which clients can access data in
the cloud.

1. Cloud-based Access Through RDBMS

RDBMS refers to the Relational Database Management System, which is deployed in
several cloud services and allows users or clients to access data through commands written
in Structured Query Language, or SQL. The RDBMS is deployed in the SQL server for
several cloud services, including Amazon Web Services (AWS).

2. Cloud-based Data Warehousing

A cloud data warehouse refers to a database that is stored in a public cloud as a managed
service. It is optimized for business intelligence and analytics and contains unstructured
and unified data. This makes it suitable for various business applications and also allows
organizations to meet the ever-changing requirements of their clients. Moreover, it enables
clients to access their data much faster. Examples of cloud-based data warehouses include
Snowflake (read our dedicated Snowflake Security guide here), Redshift (read our
dedicated Redshift security guide here), BigQuery, and Azure Synapse.

3. Cloud Data Lake

Cloud data lake is an effective way for clients to access their cloud-based data. It refers to
a centralized repository hosted on the cloud, on which companies can store their structured
and unstructured data. Moreover, organizations can use it for a variety of applications,
including analytics and reporting. This also enhances data security for clients.

What is Cloud Data Access Governance?

For any organization, cloud data access security is nothing without a mechanism to protect
and strengthen it, and this is known as cloud data access governance. It involves the use of
automated tools to implement access controls according to the ‘least privilege’ policy, since
IT is rapidly evolving and more organizations are switching to the cloud for more flexibility
and smooth operations.

However, when critical IT resources and assets are migrated to the cloud, sensitive data
resides on it too, which means that it lies out of the scope of the organization to protect that
data. Therefore, it becomes all the more important for companies to enforce stricter access
control policies to ensure that not everyone has access to the data on the cloud.

PRIYANKA PATIL 28