UNIT-III

Cloud Deployment Model:

Today, organizations have many exciting opportunities to reimagine, repurpose and
reinvent their businesses with the cloud. The last decade has seen even more
businesses rely on it for quicker time to market, better efficiency, and scalability. It
helps them achieve lo ng-term digital goals as part of their digital strategy.

It would ensure your business is equipped with the performance, scalability,

privacy, security, compliance & cost-effectiveness it requires. It is important to
learn and explore what different deployment types can offer - around what
particular problems it can solve.

Different Types Of Cloud Computing Deployment Models

Most cloud hubs have tens of thousands of servers and storage devices to enable
fast loading. It is often possible to choose a geographic area to put the data "closer"
to users. Thus, deployment models for cloud computing are categorized based on
their location. To know which model would best fit the requirements of your
organization, let us first learn about the various types.
1.Public Cloud

The name says it all. It is accessible to the public. Public deployment models in the
cloud are perfect for organizations with growing and fluctuating demands. It also
makes a great choice for companies with low-security concerns. Thus, you pay a
cloud service provider for networking services, compute virtualization & storage
available on the public internet.
Benefits of Public Cloud

● Minimal Investment - As a pay-per-use service, there is no large upfront cost

and is ideal for businesses who need quick access to resources

● No Hardware Setup - The cloud service providers fully fund the entire
Infrastructure

Limitations of Public Cloud

● Data Security and Privacy Concerns - Since it is accessible to all, it does not
fully protect against cyber-attacks and could lead to vulnerabilities.

● Reliability Issues - Since the same server network is open to a wide range of
users, it can lead to malfunction and outages

● Service/License Limitation - While there are many resources you can

exchange with tenants, there is a usage cap.

2. Private Cloud

Now that you understand what the public cloud could offer you, of course, you are
keen to know what a private cloud can do. Companies that look for cost efficiency
and greater control over data & resources will find the private cloud a more
suitable choice.
It means that it will be integrated with your data center and managed by your IT
team. Alternatively, you can also choose to host it externally.

Benefits of Private Cloud

● Data Privacy - It is ideal for storing corporate data where only authorized
personnel gets access

● Security - Segmentation of resources within the same Infrastructure can help

with better access and higher levels of security.

● Supports Legacy Systems - This model supports legacy systems that cannot
access the public cloud.

Limitations of Private Cloud

● Higher Cost - With the benefits you get, the investment will also be larger
than the public cloud. Here, you will pay for software, hardware, and
resources for staff and training.
 ● Fixed Scalability - The hardware you choose will accordingly help you scale
in a certain direction

● High Maintenance - Since it is managed in-house, the maintenance costs

also increase.

3.Community Cloud

The community cloud operates in a way that is similar to the public cloud. There's
just one difference - it allows access to only a specific set of users who share
common objectives and use cases. This type of deployment model of cloud
computing is managed and hosted internally or by a third-party vendor. However,
you can also choose a combination of all three.

Benefits of Community Cloud

 ● Smaller Investment - A community cloud is much cheaper than the private
& public cloud and provides great performance

● Setup Benefits - The protocols and configuration of a community cloud must

align with industry standards, allowing customers to work much more
efficiently.

Limitations of Community Cloud

● Shared Resources - Due to restricted bandwidth and storage capacity,

community resources often pose challenges.

● Not as Popular - Since this is a recently introduced model, it is not that

popular or available across industries

4.Hybrid Cloud

As the name suggests, a hybrid cloud is a combination of two or more cloud

architectures. While each model in the hybrid cloud functions differently, it is all
part of the same architecture. Further, as part of this deployment of the cloud
computing model, the internal or external providers can offer resources.

Let's understand the hybrid model better. A company with critical data will prefer
storing on a private cloud, while less sensitive data can be stored on a public cloud.
Benefits of Hybrid Cloud

● Cost-Effectiveness - The overall cost of a hybrid solution decreases since it

majorly uses the public cloud to store data.

● Security - Since data is properly segmented, the chances of data theft from
attackers are significantly reduced.
Limitations of Hybrid Cloud

● Complexity - It is complex setting up a hybrid cloud since it needs to

integrate two or more cloud architectures

● Specific Use Case - This model makes more sense for organizations that
have multiple use cases or need to separate critical and sensitive data.

What is a virtual private cloud (VPC)?

A virtual private cloud (VPC) is a secure, isolated private cloud hosted within a
public cloud. VPC customers can run code, store data, host websites, and do
anything else they could do in an ordinary private cloud, but the private cloud is
hosted remotely by a public cloud provider.
Features
VPCs are a “best of both worlds” approach to cloud computing. They give
customers many of the advantages of private clouds, while leveraging public cloud
resources and savings. The following are some key features of the VPC model:

1. Agility: Control the size of your virtual network and deploy cloud resources
whenever your business needs them. You can scale these resources dynamically
and in real-time.

2. Availability: Redundant resources and highly fault-tolerant availability

zone architectures mean your applications and workloads are highly available.

3. Security: Because the VPC is a logically isolated network, your data and
applications won’t share space or mix with those of the cloud provider’s other
customers. You have full control over how resources and workloads are accessed,
and by whom.
4. Affordability: VPC customers can take advantage of the public cloud’s
cost-effectiveness, such as saving on hardware costs, labor times, and other
resources.

benefits of Virtual Private Cloud Works?

1. Agility
A VPC gives users full control over the network size along with automation to
scale resources up or down whenever required. These resources can be scaled
dynamically in real-time.

2. Security
Even though the VPC is part of the public cloud, it is logically isolated so a user’s
data and space don’t mix with a cloud provider’s other customers. Users have full
control of how resources and workloads are accessed and by whom.

3. Hybrid clouds are easy to deploy

It’s relatively easy to connect a VPC to a public cloud – or to on-premises cloud
architecture via a VPN.

4. Improved performance
Cloud-hosted websites and apps generally perform better than those hosted on
on-premises servers.

VPCs enable a hybrid cloud environment where an organisation can use a VPC
as an extension of their own data centre, without having to deal with the
complexity of building an on-premises private cloud.
5. Availability
Redundant resources and architectures that are highly fault-tolerant mean that pass
and workloads are highly available which means VPC environments can provide
close to 100% uptime expectations.

What Does Vertical Cloud Mean?

A vertical cloud, also referred to as an industry cloud, is a cloud computing service
that is designed to meet the needs of a unique customer base. Vertical cloud service
providers tailor their cloud offerings to meet the needs of a specific industry and its
business requirements.

Cloud Migration
Cloud migration is the procedure of transferring applications, data, and other
types of business components to any cloud computing platform. There are several
parts of cloud migration an organization can perform. The most used model is the
applications and data transfer through an on-premises and local data center to
any public cloud.

But, a cloud migration can also entail transferring applications and data from a
single cloud environment or facilitate them to another- a model called
cloud-to-cloud migration.
Pros of Cloud Migration
Organizations migrate to a cloud for various reasons, but, normally when faced
with many challenges of developing IT infrastructure within the most secure and
cost-effective way possible.

Some of the advantages of migrating to a cloud are as follows:

1. Flexibility: No organization facilitating experiences a similar demand

level by a similar number of users every time. If our apps face fluctuations in
traffic, then cloud infrastructure permits us to scale down and up to meet the
demand. Hence, we can apply only those resources we require.

2. Scalability: The analytics grow as the organization grows with

databases, and other escalates workloads. The cloud facilitates the ability to
enhance existing infrastructure. Therefore, applications have space to raise
without impacting work.
3. Agility: The part of the development is remaining elastic enough for
responding to rapid modifications within the technology resources. Cloud
adoption offers this by decreasing the time drastically it takes for procuring
new storage and inventory.

4. Productivity: Our cloud provider could handle the complexities of

our infrastructure so we can concentrate on productivity. Furthermore, the
remote accessibility and simplicity of most of the cloud solutions define that
our team can concentrate on what matters such as growing our business.

5. Security: The cloud facilitates security than various others data

centers by centrally storing data. Also, most of the cloud providers give
some built-in aspects including cross-enterprise visibility, periodic updates,
and security analytics.

6. Profitability: The cloud pursues a pay-per-use technique. There is no

requirement to pay for extra charges or to invest continually in training on,
maintaining, making, and updating space for various physical servers.
Cloud Migration Strategies Types
Migrating to a cloud can be a good investment for our business. We might be
admiring where to start like several companies.

1. Rehosting (lift-and-shift)
The most general path is rehosting (or lift-and-shift), which implements as it
sounds. It holds our application and then drops it into our new hosting platform
without changing the architecture and code of the app. Also, it is a general way for
enterprises unfamiliar with cloud computing, who profit from the deployment
speed without having to waste money or time on planning for enlargement.

2. Re-platforming
Re-platforming is called "lift-tinker-and-shift". It includes making some cloud
optimizations without modifying our app's core architecture. It is the better strategy
for enterprises that are not ready for configuration and expansion, or those
enterprises that wish to improve trust inside the cloud.
3. Re-factoring
It means to rebuild our applications from leverage to scratch cloud-native abilities.
We could not perform serverless computing or auto-scaling. A potential
disadvantage is vendor lock-in as we are re-creating on the cloud infrastructure. It
is the most expensive and time-consuming route as we may expect. But, it is also
future-proof for enterprises that wish to take benefit from more standard cloud
features.

It covers the most common three approaches for migrating our existing
infrastructure.

4. Re-purchasing
It means replacing our existing applications along with a new SaaS-based and
cloud-native platform (such as a homegrown CRM using Salesforce). The
complexity is losing the existing training and code's familiarity with our team over
a new platform. However, the profit is ignoring the cost of the development.

5. Retiring
When we don't find an application useful and then simply turn off these
applications. The consequencing savings may boost our business situation for
application migration if we are accessible for making the move.

6. Re-visiting
Re-visiting may be all or some of our applications must reside in the house. For
example, applications that have unique sensitivity or handle internal processes to
an enterprise. Don't be scared for revisiting cloud computing at any later date. We
must migrate only what makes effects to the business.
Cloud Migration Tools
Third-party vendors and cloud providers facilitate a lot of automated, cloud-based,
and open-source services and tools designed to:

● Certify post-migration success

● Manage and monitor its progress

● Help develop for cloud migration

1. APM (Application Performance Management)

Bear in mind that during cloud vendors offer access to the metric's rich set for
acknowledging modifications in our cloud environment. Usually, these metrics
aren't in the overall application context.

We will need an isolated monitoring solution for the visibility level. We can create
real-time correlations among end-user experience, application performance, and
cloud service utilization with a solution that includes AppDynamics APM.

2. Unified Monitoring

It is an emerging ability that gives full visibility into our whole application
supporting components, infrastructure, database, application, end-user, and
ecosystem. These are running in the cloud and on-premises. We can easily find the
issues of cloud migration that will usually cause war-room calls.
3. Business Intelligence Monitoring

It is a kind of tool we will need to verify cloud migration profits. Check for a tool
same as AppDynamics Business iQ, that can compare post and pre-move
performance baselines through a business and technical perspective. Accordingly,
optimize enterprise performance simulates the experience of the user during all the
phases of our migration project, and track enterprise transactions for revealing the
true effect on our bottom line.

What is cloud security?

Cloud security is the set of control-based security measures and technology
protection, designed to protect online stored resources from leakage, theft, and
data loss. Protection includes data from cloud infrastructure, applications, and
threats. Security applications uses a software the same as SaaS (Software as a
Service) model.
How to manage security in the cloud?

Cloud service providers have many methods to protect the data.

Firewall is the central part of cloud architecture. The firewall protects the network
and the perimeter of end-users. It also protects traffic between various apps stored
in the cloud.

Access control protects data by allowing us to set access lists for various assets.
For example, you can allow the application of specific employees while restricting
others. It's a rule that employees can access the equipment that they required. We
can keep essential documents which are stolen from malicious insiders or hackers
to maintaining strict access control.

For example, we are putting intelligence information at risk in order of the

importance of security. It helps to protect mission-critical assets from threats.
Disaster recovery is vital for security because it helps to recover lost or stolen data.

Benefits of Cloud Security System

We understand how the cloud computing security operates to find ways to benefit
your business.

Cloud-based security systems benefit the business by:

 ● Protecting the Business from Dangers

● Protect against internal threats

● Preventing data loss

● Top threats to the system include Malware, Ransomware, and

● Break the Malware and Ransomware attacks

● Malware poses a severe threat to the businesses.

What is Cloud Computing Reference Model?

The cloud computing reference model is an abstract model that divides a cloud

computing environment into abstraction layers and cross-layer functions to

characterize and standardize its functions.

cloud Computing reference model is divided into 3 major service models:

1. Software as a Service (SaaS)

2. Platform as a Service (PaaS)

3. Infrastructure as a Service (IaaS)

The below diagram explains the cloud computing reference model:

Let us have a look at the layers of cloud computing reference model.

1. SaaS
Software as a Service (SaaS) is a form of application delivery that relieves users of

the burden of software maintenance while making development and testing easier

for service providers.

The cloud delivery model's top layer is where applications are located. End

customers get access to the services this tier offers via web portals.
2. PaaS

Platform as a Service is a strategy that offers a high level of abstraction to make a

cloud readily programmable in addition to infrastructure-oriented clouds that offer

basic compute and storage capabilities (PaaS). Developers can construct and

deploy apps on a cloud platform without necessarily needing to know how many

processors or how much memory their applications would use.

3. IaaS

Infrastructure as a Service (IaaS) offers storage and computer resources that

developers and IT organizations use to deliver custom/business solutions. IaaS

delivers computer hardware (servers, networking technology, storage, and data

center space) as a service. It may also include the delivery of OS and virtualization

technology to manage the resources.

The service models involved in this architecture are:

1. Software as a Service (SaaS)

2. Platform as a Service (PaaS)

3. Infrastructure as a Service (IaaS)

NIST Cloud computing also has 4 deployment models, which are as follows:
1. Public

This is the model where cloud infrastructure and resources are given to the public

via a public network. These models are generally owned by companies that sell

cloud services.

2. Private

This is the model where cloud infrastructure and resources are only accessible by

the cloud consumer. These models are generally owned by cloud consumers

themselves or a third party.

3. Community

This is the model where a group of cloud consumers might share their cloud

infrastructure and resources as they may have the same goal and policies to be

achieved. These models are owned by organizations or third-party.

4. Hybrid

This model consists of a mixture of different deployment models like public,

private, or community. This helps in the exchange of data or applications between

various models.
What are the Security Risks of Cloud Computing
Cloud computing provides various advantages, such as improved collaboration,
excellent accessibility, Mobility, Storage capacity, etc. But there are also security
risks in cloud computing.

Some most common Security Risks of Cloud Computing are given below-

Data Loss

Data loss is the most common cloud security risks of cloud computing. It is also
known as data leakage. Data loss is the process in which data is being deleted,
corrupted, and unreadable by a user, software, or application. In a cloud computing
environment, data loss occurs when our sensitive data is somebody else's hands,
one or more data elements can not be utilized by the data owner, hard disk is not
working properly, and software is not updated.

Hacked Interfaces and Insecure APIs

As we all know, cloud computing is completely depends on Internet, so it is

compulsory to protect interfaces and APIs that are used by external users. APIs are
the easiest way to communicate with most of the cloud services. In cloud
computing, few services are available in the public domain. These services can be
accessed by third parties, so there may be a chance that these services easily
harmed and hacked by hackers.
Data Breach

Data Breach is the process in which the confidential data is viewed, accessed, or
stolen by the third party without any authorization, so organization's data is hacked
by the hackers.

Vendor lock-in

Vendor lock-in is the of the biggest security risks in cloud computing.

Organizations may face problems when transferring their services from one vendor
to another. As different vendors provide different platforms, that can cause
difficulty moving one cloud to another.

Increased complexity strains IT staff

Migrating, integrating, and operating the cloud services is complex for the IT staff.
IT staff must require the extra capability and skills to manage, integrate, and
maintain the data to the cloud.

Spectre & Meltdown

Spectre & Meltdown allows programs to view and steal data which is currently
processed on computer. It can run on personal computers, mobile devices, and in
the cloud. It can store the password, your personal information such as images,
emails, and business documents in the memory of other running programs.
Account hijacking

Account hijacking is a serious security risk in cloud computing. It is the process in

which individual user's or organization's cloud account (bank account, e-mail
account, and social media account) is stolen by hackers. The hackers use the stolen
account to perform unauthorized activities.

Internal Security Breaches in cloud computing

1. Social engineering and hijacking accounts

One of the most common methods for making an internal security threat is by
playing on the vulnerability of your employees. Many people are not only unaware
of the dangers of internal threats, but also, the means in which hackers attack.

for example. Some even offer their passwords upon falling for the phishing phone
call made by a cyber attacker. They fail to recognise phishing emails too,
especially those that might refer to specific members on the team or details about a
current project.

2. Malicious cyber attacks

No one wants to believe their employees have it out for them, but it’s an
unfortunate truth that causes a significant number of cyber-attacks every year.

Sometimes, the most likely perpetrator is someone with privileged system access,
such as IT or other system administrators. A skilled and malicious administrator
can leave a back door open or leave programs on the network so that information
gets stolen. Some might even plant the malware themselves, causing millions of
dollars in damage.

3. Leaked information
Employees take information both knowingly and unknowingly on cameras, USB
data sticks, and their phones.

Every company should use software to specify its policies about what devices can
be connected to the network, what data can be downloaded, and when. It’s crucial
to educate workers on the policies and the reasoning behind the policies.

4. Downloading malicious content

Employees spend work time on the internet for personal reasons. They might take a
break from their duties and play a quick game or check their social media accounts.

Malware and virus threats occur through those same channels, and employees often
welcome them inadvertently onto the network.

Update and correct your IT systems regularly to make sure your business is
protected.
5. Insecure applications
It’s possible that your system is very secure, but that your external applications are
bringing you down.

Third-party services can seriously hinder internal website security. Make sure that
your team takes the time to carefully discuss and consider whether or not every
application is right for your network before they install it.

What is Data Corruption?

Data corruption refers to any unwanted change that happens to a file during
storage, transmission, or processing. A corrupted file can become unusable,
inaccurate, unreadable, or in some way inaccessible to a user or a related app.

Most data corruptions occur when a file somehow flips or mixes its binary code
(bits of 0s and 1s). Bits are mixed up for many reasons, including hardware
problems, software-based issues, and human mistakes.

Common Causes of Data Loss

The major causes of data loss are outlined below:

1. Human error
Human error is the root cause of most data loss in business as humans are, by
nature, not perfect. The day-to-day running of a business involves a lot of data
manipulation through typing, editing, updating, and deletions, processes that are
prone to error by users.
2. Theft
Losing data through theft usually happens when a data storage device such as a
laptop is stolen. Laptops are stolen at an alarming rate, meaning data loss through
theft can be quite high. Laptops are mobile and are usually taken out of secure
company premises, increasing vulnerability to theft.

3. Software corruption
Software malfunction or crash is another major cause of data loss. Any application
used for requesting data can crash, resulting in data loss or corruption. Software
failure can also occur in file editing software when updating multiple files where
some files fail to save or update and are subsequently deleted. Data can also
become lost in the same way during backup.

4. Computer viruses
Computer viruses can infiltrate and damage data stored in hard drives and company
network systems. Viruses can steal, corrupt, encrypt or delete important data. They
can also infiltrate an entire organization’s network system and affect the
functioning of computer hardware.

5. Hardware impairment
Hardware containing or maintaining data can easily malfunction, leading to
irretrievable data loss. The reasons for hardware impairment can be internal or
external. Data storage devices such as hard drives are prone to destruction through
physical or mechanical faults. The faults can be a result of misuse or mishandling
of the devices.
6. Natural disasters
Natural disasters assume a lower prevalence rate as a cause of data loss because of
their rare occurrence. Natural disasters that can lead to data loss include floods,
earthquakes, hurricanes, cyclones, natural fires, and lightning.

Implications of Data Loss

It can be expensive to prevent data loss in terms of resources, training, and
investigating. The cost is worth it, as the implications of experiencing a data loss
event can be catastrophic. Below are some of the costs and consequences of data
loss to organizations.

1. Business functions can be destroyed

Data is the backbone of the business, making day-to-day operations seamless. Data
loss can affect the functionality of an entity or certain parts of it due to bottlenecks
and resource allocation. Time and resources will have to be diverted to address the
data loss incident in terms of recovery leading to serious operational challenges.

2. Damaged business reputation

The reputation of a business may suffer due to data loss. It is essential to
communicate a data loss incident to customers, but it can inadvertently result in a
lack of trust and discontentment. It can subsequently lead to other customers taking
their business elsewhere.

3. Financial implications
Data supports the operations of the business, and if lost, it means the company
loses not only its ability to make money but also the means to operate. Since
financial resources are also channeled towards data recovery, business finances can
be stretched to the point of eating into unbudgeted funds and drawing down
reserves. Data loss comes with the potential to bankrupt a business.
4. Effects on productivity
The productivity of employees is severely affected as data used in day-to-day work
is lost. Also, data is needed to make decisions, and the decision-making function is
also curtailed due to data loss.

5. Legal consequences
Data loss exposes a business to various legal actions and lawsuits. The loss of
customer data carries potential fines from the regulator for not adhering to data
protection laws and regulations. Customers can also file lawsuits against a business
in the event of loss of customer data.

A Definition of Cloud Account Hijacking

Cloud account hijacking is a process in which an individual or organization’s cloud
account is stolen or hijacked by an attacker. Cloud account hijacking is a common
tactic in identity theft schemes in which the attacker uses the stolen account
information to conduct malicious or unauthorized activity. When cloud account
hijacking occurs, an attacker typically uses a compromised email account or other
credentials to impersonate the account owner.

Simple Solutions for Cloud Account Hijacking Protection

There are simple, effective steps businesses and organizations can take to keep
their data secure on the cloud. Be sure to:

● Check with your service provider to make sure they have conducted
background checks on employees who have physical access to the servers in
their data centers.
● Have a strong method of authentication for cloud app users.
● Make sure all of your data is securely backed up in the event that your data
is lost in the cloud.
 ● Restrict the IP addresses allowed to access cloud applications. Some cloud
apps provide tools to specify allowable IP ranges, forcing users to access the
application only through corporate networks or VPNs.

Step-by-step: Cloud hijacking in action

Before we dive into how to prevent cloud hijacking, let’s first take a look at what a
cloud hijacking attack looks like contextually. Below, we’re presuming that the
threat actor has already got a hold of your employee’s credentials through one of
the means above.

Step 1: The attacker uses your employee’s stolen credentials to log-in to their
cloud account (something like Slack, Microsoft Outlook or Google Workspace)

Step 2: The attacker goes through your employee’s files, contacts and
information for data that could be lucrative on the Dark Web and/or to build a
picture of the employee so that they can then convincingly impersonate them.

Step 3: Depending on the attacker’s goal, this step tends to go in one of a few
ways. They may simply take what data they’ve found and monetize it.
Alternatively, they may pose as your employee in order to reroute invoices and
receive monetary payment. Some cybercriminals will also spread malware via
email or file upload in order to compromise the organization further.
 Steps to reduce Cloud security breaches:
1. Educate your employees.
For most organizations, there is an easy explanation for the security threats:
uneducated employees. By teaching your employees proper defense practices, you
can minimize risk and prevent cloud security threats.

2. Secure a data backup plan.

As the cloud continues to mature, the possibility of permanent data loss is high.
Make sure that whatever happens, you have a secure backup of that data (this is
more about securing your business than your actual data, but provides the same
peace of mind).

3. Who has access to the data?

the location of your stored data is important — but nowhere near as important as
who has access to it.
IT managers: who is doing what, who has access, and what are they trying to
access? Establish access controls to manage risk. Tie user identities to back-end
directories, even for external identities.

4. Encryption is key.
Cloud encryption is critical for protection. It allows for data and text to be
transformed using encryption algorithms and is then placed on a storage cloud.
Ask your provider how data is managed. To ensure the protection of your data
before it leaves your business, you can encrypt at the network’s edge, ensuring the
movement of data in the cloud is protected. Once the data is encrypted, keep the
keys that both encrypt and decipher your information.
5. Take passwords seriously.
Since files are zipped and encrypted with passwords, it’s important to choose one
wisely. Most passwords — 90%, to be exact — can be cracked within seconds.

6. Test, test, test.

When putting measures in place to protect your cloud, think like a criminal. One of
the best ways to do this is penetration testing: an IT security practice designed to
identify and address vulnerabilities as well as minimize cloud security threats.
A few things to keep in mind:
● A penetration test looks like a real attack, so be sure to inform your cloud
provider before beginning.
● Evaluate what your weaknesses are and create an inventory of what to test
such as servers and applications.

How to Improve Security in Cloud Computing?

Cloud computing centralizes computing services, cloud applications, and data. As

much as the cloud offers flexibility, it is vulnerable to cyber threats.

Failure to protect your data on the cloud can result in data loss or theft.Cloud

security is the process of securing cloud environments. It is a set of measures that

work together to protect cloud systems.Using the right set of technologies,

controls, and policies will enhance your cloud security.

1. Next-Generation Firewall (NGFW):

NGFW is a network security device that provides functions beyond a traditional

firewall. It filters network traffic using a defined set of rules.

Features of an NGFW:

● Block threats at the network edge

● Geolocation

● Reverse proxy/web gateway

● Intrusion detection and prevention systems (IDS/IPS)

● In-line deep packet inspection (DPI)

● Identity and Access Management

2. Multi-Factor Authentication (MFA):

Multifactor authentication (MFA) adds a layer of protection to the sign-in process.

Benefits of MFA:

● High-level protection: Get better protection as compared to 2FA.

● Assures consumer identity: Protects consumer data from identity theft.

● Time-based Codes: Provides your users one time access with time based
codes.

● Risk-based Access Control: Verifies users based on risk factors. Such as:
1. Location
2. Time of access
3. User Device
4. IP address

3. Streamline Identity and Access Management (IAM):

IAM is a cloud service that controls the permissions and access for users and cloud

tools. It helps you give access to tools at fine-grained levels on the cloud.

● Restricted Access: IAM ensures only approved users have access to data
and systems.

● View only Access: Users can access files with only read or view rights.
They cannot make changes.

● Platform-based Access: Limit user access to certain platforms. E.g., users

can access OS but not the testing tools.

● Defined Sharing Rights: Restrict users from sending or receiving data by

limiting their sharing rights.

4. Monitoring & Logging:

Cloud monitoring reviews, observes and manages the cloud systems for security

breaches.Logging empowers cloud users to manage, analyze, and gain insights

from log data in real-time. Cloud logging collects and compares log data from
cloud-based systems.The Logs can tell us ‘who’ accessed ‘what’ on the cloud and

when. From logins to firewall updates, all events are logged in order. The log

events include the signs of potential risks.

5. Cloud Visibility & Control:

Cloud visibility is the ability to view all of your activities in the cloud.It helps you

identify weak performance and potential risks in the cloud deployment. Once you

know what’s harming the process, you can put policies in place to control risks.

Security controls are a set of measures that helps you protect cloud systems.

The process includes:

● Prevention: Address threats in cloud systems.

● Detection: Detect an attack before it turns into a data breach.

● Correction: Reduce the effects of an attack after it has taken place.

6. Use Cloud Automation:

Cloud automation can automate your system processes without human

intervention.

Cloud Automation can:

 ● Increase security controls

● Avoid misconfigurations

● Ensure compliance at all levels

● Limit the impacts of data theft

● Secure deployments in the development process

What is Cloud Identity Management

Identity management in cloud computing is the subsequent step of identity and
access management (IAM) solutions. However, it is a lot more than merely a
straightforward web app single sign-on (SSO) solution. This next generation of
IAM solution is a holistic move of the identity provider right to the cloud.

Known as Directory-as-a-Service (DaaS), this particular service is the advanced

version of the conventional and on-premises solutions, including Lightweight
Directory Access Protocol (LDAP) as well as Microsoft Active Directory (AD).

Features of a Modern Cloud Identity Management

Solution

The following are a few advantages of identity management in cloud computing:

● It offers a consistent access control interface: Applicable for all cloud

platform services; Cloud IAM solutions provide a clean and single access

control interface.

● It offers superior security levels: If needed, we can easily define increased

security levels for crucial applications.

● It lets businesses access resources at diverse levels: Businesses can define

roles and grant permissions to explicit users for accessing resources at

diverse granularity levels.

 UNIT IV

Cloud Computing platforms

What is a cloud platform?

There are a ton of ways in which every individual can state the meaning of the
cloud platform. But in the simplest way it can be stated as the operating system and
hardware of a server in an Internet-based data centre are referred to as a cloud
platform. It enables remote and large-scale coexistence of software and hardware
goods.

Types of Cloud Platforms

Cloud systems come in a range of shapes and sizes. None of them are suitable for
all. To meet the varying needs of consumers, a range of models, forms, and
services are available. They are as follows:

● Public Cloud: Third-party providers that distribute computing services

over the Internet are known as public cloud platforms. A few good examples
of trending and mostly used cloud platform are Google Cloud Platform,
AWS (Amazon Web Services), Microsoft Azure, Alibaba and IBM Bluemix.
● Private Cloud: A private cloud is normally hosted by a third-party service
provider or in an on-site data centre. A private cloud platform is always
dedicated to a single company and it is the key difference between the public
 and private cloud.
Or we can say that a private cloud is a series of cloud computing services
used primarily by one corporation or organization.
● Hybrid Cloud: The type of cloud architecture that combines both the
public and private cloud systems is termed to as a Hybrid cloud platform.
Data and programs are easily migrated from one to the other. This allows the
company to be more flexible while still improving infrastructure, security,
and enforcement.

List of Cloud Computing Platforms

1.) Microsoft Azure

Azure has long been regarded as one of the greatest cloud services platforms

accessible, given to Microsoft's extensive suite of services. The extensive list of

offered services is sufficient to meet the demands of any company in any sector.

You may operate services on the cloud or mix them with any of your current

infrastructures using Azure. Microsoft Azure was first published in 2010, and it

has since shown to be a reliable solution for businesses trying to digitally

change.
2.)Amazon Web Services

Amazon Online Services (AWS) is a popular cloud computing platform for

developing interactive web applications for your company. Elastic Cloud Compute

(EC2), Elastic Beanstalk, Simple Storage Service (S3), and Relational Database

Service are just a few of the IaaS and PaaS options available (RDS).

3.) Google Cloud

Google Cloud is a dependable, user-friendly, and secure cloud computing solution

from one of the world's most powerful IT companies.

Although Google Cloud's service offering isn't as extensive as Azure's, it's still
sufficient to meet all of your IaaS and PaaS requirements. Its headlines include
user-friendliness and security.

Your first 12 months of service are also free, much like Azure. In addition,
Google boasts that its services are less expensive and more budget-friendly than
others.

4.) IBM Cloud

IBM Cloud is another cloud computing platform that focuses on IaaS

(Infrastructure as a Service), SaaS and PaaS (Platform as a Service).It's one of the

more cost-effective pricing plans on the market, and it's totally configurable, so

you may save even more money. Using their APIs, creating an account is a breeze.
5.) Cloud Linux

Cloud Linux is the way to go if you wish to construct your own IT infrastructure

rather than depending on a third-party service. It's not just another cloud provider;

it's a cloud platform for setting up your own infrastructure. It is a Linux-based

operating system, as indicated by its name.

Working with CloudLinux comes with a lot of obstacles, but it also comes with a

lot of benefits and advantages, such as total control, flexibility, security, and deep

customization.
Internal Security
Breaches in Cloud
Computing

Internal Security
Breaches in Cloud
Computing
Internal Security
Breaches in Cloud
Computing
-III

Cloud Deployment Model:

Today, organizations have many exciting opportunities to reimagine, repurpose and
reinvent their businesses with the cloud. The last decade has seen even more
businesses rely on it for quicker time to market, better efficiency, and scalability. It
helps them achieve lo ng-term digital goals as part of their digital strategy.

It would ensure your business is equipped with the performance, scalability,

privacy, security, compliance & cost-effectiveness it requires. It is important to
learn and explore what different deployment types can offer - around what
particular problems it can solve.
Different Types Of Cloud Computing Deployment Models
Most cloud hubs have tens of thousands of servers and storage devices to enable
fast loading. It is often possible to choose a geographic area to put the data "closer"
to users. Thus, deployment models for cloud computing are categorized based on
their location. To know which model would best fit the requirements of your
organization, let us first learn about the various types.

1.Public Cloud

The name says it all. It is accessible to the public. Public deployment models in the
cloud are perfect for organizations with growing and fluctuating demands. It also
makes a great choice for companies with low-security concerns. Thus, you pay a
cloud service provider for networking services, compute virtualization & storage
available on the public internet.
Benefits of Public Cloud

● Minimal Investment - As a pay-per-use service, there is no large upfront cost

and is ideal for businesses who need quick access to resources

● No Hardware Setup - The cloud service providers fully fund the entire
Infrastructure

Limitations of Public Cloud

● Data Security and Privacy Concerns - Since it is accessible to all, it does not
fully protect against cyber-attacks and could lead to vulnerabilities.
 ● Reliability Issues - Since the same server network is open to a wide range of
users, it can lead to malfunction and outages

● Service/License Limitation - While there are many resources you can

exchange with tenants, there is a usage cap.

2. Private Cloud

Now that you understand what the public cloud could offer you, of course, you are
keen to know what a private cloud can do. Companies that look for cost efficiency
and greater control over data & resources will find the private cloud a more
suitable choice.

It means that it will be integrated with your data center and managed by your IT
team. Alternatively, you can also choose to host it externally.

Benefits of Private Cloud

 ● Data Privacy - It is ideal for storing corporate data where only authorized
personnel gets access

● Security - Segmentation of resources within the same Infrastructure can help

with better access and higher levels of security.

● Supports Legacy Systems - This model supports legacy systems that cannot
access the public cloud.

Limitations of Private Cloud

● Higher Cost - With the benefits you get, the investment will also be larger
than the public cloud. Here, you will pay for software, hardware, and
resources for staff and training.

● Fixed Scalability - The hardware you choose will accordingly help you scale
in a certain direction

● High Maintenance - Since it is managed in-house, the maintenance costs

also increase.

3.Community Cloud

The community cloud operates in a way that is similar to the public cloud. There's
just one difference - it allows access to only a specific set of users who share
common objectives and use cases. This type of deployment model of cloud
computing is managed and hosted internally or by a third-party vendor. However,
you can also choose a combination of all three.
Benefits of Community Cloud

● Smaller Investment - A community cloud is much cheaper than the private

& public cloud and provides great performance

● Setup Benefits - The protocols and configuration of a community cloud must

align with industry standards, allowing customers to work much more
efficiently.

Limitations of Community Cloud

● Shared Resources - Due to restricted bandwidth and storage capacity,

community resources often pose challenges.

● Not as Popular - Since this is a recently introduced model, it is not that

popular or available across industries
4.Hybrid Cloud

As the name suggests, a hybrid cloud is a combination of two or more cloud

architectures. While each model in the hybrid cloud functions differently, it is all
part of the same architecture. Further, as part of this deployment of the cloud
computing model, the internal or external providers can offer resources.

Let's understand the hybrid model better. A company with critical data will prefer
storing on a private cloud, while less sensitive data can be stored on a public cloud.

Benefits of Hybrid Cloud

● Cost-Effectiveness - The overall cost of a hybrid solution decreases since it

majorly uses the public cloud to store data.

●
 ● Security - Since data is properly segmented, the chances of data theft from
attackers are significantly reduced.

Limitations of Hybrid Cloud

● Complexity - It is complex setting up a hybrid cloud since it needs to

integrate two or more cloud architectures

● Specific Use Case - This model makes more sense for organizations that
have multiple use cases or need to separate critical and sensitive data.

What is a virtual private cloud (VPC)?

A virtual private cloud (VPC) is a secure, isolated private cloud hosted within a
public cloud. VPC customers can run code, store data, host websites, and do
anything else they could do in an ordinary private cloud, but the private cloud is
hosted remotely by a public cloud provider.
Features
VPCs are a “best of both worlds” approach to cloud computing. They give
customers many of the advantages of private clouds, while leveraging public cloud
resources and savings. The following are some key features of the VPC model:

1. Agility: Control the size of your virtual network and deploy cloud resources
whenever your business needs them. You can scale these resources dynamically
and in real-time.

2. Availability: Redundant resources and highly fault-tolerant availability

zone architectures mean your applications and workloads are highly available.

3. Security: Because the VPC is a logically isolated network, your data and
applications won’t share space or mix with those of the cloud provider’s other
customers. You have full control over how resources and workloads are accessed,
and by whom.
4. Affordability: VPC customers can take advantage of the public cloud’s
cost-effectiveness, such as saving on hardware costs, labor times, and other
resources.

benefits of Virtual Private Cloud Works?

1. Agility
A VPC gives users full control over the network size along with automation to
scale resources up or down whenever required. These resources can be scaled
dynamically in real-time.

2. Security
Even though the VPC is part of the public cloud, it is logically isolated so a user’s
data and space don’t mix with a cloud provider’s other customers. Users have full
control of how resources and workloads are accessed and by whom.

3. Hybrid clouds are easy to deploy

It’s relatively easy to connect a VPC to a public cloud – or to on-premises cloud
architecture via a VPN.

4. Improved performance
Cloud-hosted websites and apps generally perform better than those hosted on
on-premises servers.

VPCs enable a hybrid cloud environment where an organisation can use a VPC
as an extension of their own data centre, without having to deal with the
complexity of building an on-premises private cloud.
5. Availability
Redundant resources and architectures that are highly fault-tolerant mean that pass
and workloads are highly available which means VPC environments can provide
close to 100% uptime expectations.

What Does Vertical Cloud Mean?

A vertical cloud, also referred to as an industry cloud, is a cloud computing service
that is designed to meet the needs of a unique customer base. Vertical cloud service
providers tailor their cloud offerings to meet the needs of a specific industry and its
business requirements.

Cloud Migration
Cloud migration is the procedure of transferring applications, data, and other
types of business components to any cloud computing platform. There are several
parts of cloud migration an organization can perform. The most used model is the
applications and data transfer through an on-premises and local data center to
any public cloud.

But, a cloud migration can also entail transferring applications and data from a
single cloud environment or facilitate them to another- a model called
cloud-to-cloud migration.
Pros of Cloud Migration
Organizations migrate to a cloud for various reasons, but, normally when faced
with many challenges of developing IT infrastructure within the most secure and
cost-effective way possible.

Some of the advantages of migrating to a cloud are as follows:

1. Flexibility: No organization facilitating experiences a similar demand

level by a similar number of users every time. If our apps face fluctuations in
traffic, then cloud infrastructure permits us to scale down and up to meet the
demand. Hence, we can apply only those resources we require.

2. Scalability: The analytics grow as the organization grows with

databases, and other escalates workloads. The cloud facilitates the ability to
enhance existing infrastructure. Therefore, applications have space to raise
without impacting work.
3. Agility: The part of the development is remaining elastic enough for
responding to rapid modifications within the technology resources. Cloud
adoption offers this by decreasing the time drastically it takes for procuring
new storage and inventory.

4. Productivity: Our cloud provider could handle the complexities of

our infrastructure so we can concentrate on productivity. Furthermore, the
remote accessibility and simplicity of most of the cloud solutions define that
our team can concentrate on what matters such as growing our business.

5. Security: The cloud facilitates security than various others data

centers by centrally storing data. Also, most of the cloud providers give
some built-in aspects including cross-enterprise visibility, periodic updates,
and security analytics.

6. Profitability: The cloud pursues a pay-per-use technique. There is no

requirement to pay for extra charges or to invest continually in training on,
maintaining, making, and updating space for various physical servers.
Cloud Migration Strategies Types
Migrating to a cloud can be a good investment for our business. We might be
admiring where to start like several companies.

1. Rehosting (lift-and-shift)
The most general path is rehosting (or lift-and-shift), which implements as it
sounds. It holds our application and then drops it into our new hosting platform
without changing the architecture and code of the app. Also, it is a general way for
enterprises unfamiliar with cloud computing, who profit from the deployment
speed without having to waste money or time on planning for enlargement.

2. Re-platforming
Re-platforming is called "lift-tinker-and-shift". It includes making some cloud
optimizations without modifying our app's core architecture. It is the better strategy
for enterprises that are not ready for configuration and expansion, or those
enterprises that wish to improve trust inside the cloud.
3. Re-factoring
It means to rebuild our applications from leverage to scratch cloud-native abilities.
We could not perform serverless computing or auto-scaling. A potential
disadvantage is vendor lock-in as we are re-creating on the cloud infrastructure. It
is the most expensive and time-consuming route as we may expect. But, it is also
future-proof for enterprises that wish to take benefit from more standard cloud
features.

It covers the most common three approaches for migrating our existing
infrastructure.

4. Re-purchasing
It means replacing our existing applications along with a new SaaS-based and
cloud-native platform (such as a homegrown CRM using Salesforce). The
complexity is losing the existing training and code's familiarity with our team over
a new platform. However, the profit is ignoring the cost of the development.

5. Retiring
When we don't find an application useful and then simply turn off these
applications. The consequencing savings may boost our business situation for
application migration if we are accessible for making the move.

6. Re-visiting
Re-visiting may be all or some of our applications must reside in the house. For
example, applications that have unique sensitivity or handle internal processes to
an enterprise. Don't be scared for revisiting cloud computing at any later date. We
must migrate only what makes effects to the business.
Cloud Migration Tools
Third-party vendors and cloud providers facilitate a lot of automated, cloud-based,
and open-source services and tools designed to:

● Certify post-migration success

● Manage and monitor its progress

● Help develop for cloud migration

1. APM (Application Performance Management)

Bear in mind that during cloud vendors offer access to the metric's rich set for
acknowledging modifications in our cloud environment. Usually, these metrics
aren't in the overall application context.

We will need an isolated monitoring solution for the visibility level. We can create
real-time correlations among end-user experience, application performance, and
cloud service utilization with a solution that includes AppDynamics APM.

2. Unified Monitoring

It is an emerging ability that gives full visibility into our whole application
supporting components, infrastructure, database, application, end-user, and
ecosystem. These are running in the cloud and on-premises. We can easily find the
issues of cloud migration that will usually cause war-room calls.
3. Business Intelligence Monitoring

It is a kind of tool we will need to verify cloud migration profits. Check for a tool
same as AppDynamics Business iQ, that can compare post and pre-move
performance baselines through a business and technical perspective. Accordingly,
optimize enterprise performance simulates the experience of the user during all the
phases of our migration project, and track enterprise transactions for revealing the
true effect on our bottom line.

What is cloud security?

Cloud security is the set of control-based security measures and technology
protection, designed to protect online stored resources from leakage, theft, and
data loss. Protection includes data from cloud infrastructure, applications, and
threats. Security applications uses a software the same as SaaS (Software as a
Service) model.
How to manage security in the cloud?

Cloud service providers have many methods to protect the data.

Firewall is the central part of cloud architecture. The firewall protects the network
and the perimeter of end-users. It also protects traffic between various apps stored
in the cloud.

Access control protects data by allowing us to set access lists for various assets.
For example, you can allow the application of specific employees while restricting
others. It's a rule that employees can access the equipment that they required. We
can keep essential documents which are stolen from malicious insiders or hackers
to maintaining strict access control.

For example, we are putting intelligence information at risk in order of the

importance of security. It helps to protect mission-critical assets from threats.
Disaster recovery is vital for security because it helps to recover lost or stolen data.

Benefits of Cloud Security System

We understand how the cloud computing security operates to find ways to benefit
your business.

Cloud-based security systems benefit the business by:

 ● Protecting the Business from Dangers

● Protect against internal threats

● Preventing data loss

● Top threats to the system include Malware, Ransomware, and

● Break the Malware and Ransomware attacks

● Malware poses a severe threat to the businesses.

What is Cloud Computing Reference Model?

The cloud computing reference model is an abstract model that divides a cloud

computing environment into abstraction layers and cross-layer functions to

characterize and standardize its functions.

cloud Computing reference model is divided into 3 major service models:

1. Software as a Service (SaaS)

2. Platform as a Service (PaaS)

3. Infrastructure as a Service (IaaS)

The below diagram explains the cloud computing reference model:

Let us have a look at the layers of cloud computing reference model.

1. SaaS
Software as a Service (SaaS) is a form of application delivery that relieves users of

the burden of software maintenance while making development and testing easier

for service providers.

The cloud delivery model's top layer is where applications are located. End

customers get access to the services this tier offers via web portals.
2. PaaS

Platform as a Service is a strategy that offers a high level of abstraction to make a

cloud readily programmable in addition to infrastructure-oriented clouds that offer

basic compute and storage capabilities (PaaS). Developers can construct and

deploy apps on a cloud platform without necessarily needing to know how many

processors or how much memory their applications would use.

3. IaaS

Infrastructure as a Service (IaaS) offers storage and computer resources that

developers and IT organizations use to deliver custom/business solutions. IaaS

delivers computer hardware (servers, networking technology, storage, and data

center space) as a service. It may also include the delivery of OS and virtualization

technology to manage the resources.

The service models involved in this architecture are:

1. Software as a Service (SaaS)

2. Platform as a Service (PaaS)

3. Infrastructure as a Service (IaaS)

NIST Cloud computing also has 4 deployment models, which are as follows:
1. Public

This is the model where cloud infrastructure and resources are given to the public

via a public network. These models are generally owned by companies that sell

cloud services.

2. Private

This is the model where cloud infrastructure and resources are only accessible by

the cloud consumer. These models are generally owned by cloud consumers

themselves or a third party.

3. Community

This is the model where a group of cloud consumers might share their cloud

infrastructure and resources as they may have the same goal and policies to be

achieved. These models are owned by organizations or third-party.

4. Hybrid

This model consists of a mixture of different deployment models like public,

private, or community. This helps in the exchange of data or applications between

various models.
What are the Security Risks of Cloud Computing
Cloud computing provides various advantages, such as improved collaboration,
excellent accessibility, Mobility, Storage capacity, etc. But there are also security
risks in cloud computing.

Some most common Security Risks of Cloud Computing are given below-

Data Loss

Data loss is the most common cloud security risks of cloud computing. It is also
known as data leakage. Data loss is the process in which data is being deleted,
corrupted, and unreadable by a user, software, or application. In a cloud computing
environment, data loss occurs when our sensitive data is somebody else's hands,
one or more data elements can not be utilized by the data owner, hard disk is not
working properly, and software is not updated.

Hacked Interfaces and Insecure APIs

As we all know, cloud computing is completely depends on Internet, so it is

compulsory to protect interfaces and APIs that are used by external users. APIs are
the easiest way to communicate with most of the cloud services. In cloud
computing, few services are available in the public domain. These services can be
accessed by third parties, so there may be a chance that these services easily
harmed and hacked by hackers.
Data Breach

Data Breach is the process in which the confidential data is viewed, accessed, or
stolen by the third party without any authorization, so organization's data is hacked
by the hackers.

Vendor lock-in

Vendor lock-in is the of the biggest security risks in cloud computing.

Organizations may face problems when transferring their services from one vendor
to another. As different vendors provide different platforms, that can cause
difficulty moving one cloud to another.

Increased complexity strains IT staff

Migrating, integrating, and operating the cloud services is complex for the IT staff.
IT staff must require the extra capability and skills to manage, integrate, and
maintain the data to the cloud.

Spectre & Meltdown

Spectre & Meltdown allows programs to view and steal data which is currently
processed on computer. It can run on personal computers, mobile devices, and in
the cloud. It can store the password, your personal information such as images,
emails, and business documents in the memory of other running programs.
Account hijacking

Account hijacking is a serious security risk in cloud computing. It is the process in

which individual user's or organization's cloud account (bank account, e-mail
account, and social media account) is stolen by hackers. The hackers use the stolen
account to perform unauthorized activities.

Internal Security Breaches in cloud computing

1. Social engineering and hijacking accounts

One of the most common methods for making an internal security threat is by
playing on the vulnerability of your employees. Many people are not only unaware
of the dangers of internal threats, but also, the means in which hackers attack.

for example. Some even offer their passwords upon falling for the phishing phone
call made by a cyber attacker. They fail to recognise phishing emails too,
especially those that might refer to specific members on the team or details about a
current project.

2. Malicious cyber attacks

No one wants to believe their employees have it out for them, but it’s an
unfortunate truth that causes a significant number of cyber-attacks every year.

Sometimes, the most likely perpetrator is someone with privileged system access,
such as IT or other system administrators. A skilled and malicious administrator
can leave a back door open or leave programs on the network so that information
gets stolen. Some might even plant the malware themselves, causing millions of
dollars in damage.

3. Leaked information
Employees take information both knowingly and unknowingly on cameras, USB
data sticks, and their phones.

Every company should use software to specify its policies about what devices can
be connected to the network, what data can be downloaded, and when. It’s crucial
to educate workers on the policies and the reasoning behind the policies.

4. Downloading malicious content

Employees spend work time on the internet for personal reasons. They might take a
break from their duties and play a quick game or check their social media accounts.

Malware and virus threats occur through those same channels, and employees often
welcome them inadvertently onto the network.

Update and correct your IT systems regularly to make sure your business is
protected.
5. Insecure applications
It’s possible that your system is very secure, but that your external applications are
bringing you down.

Third-party services can seriously hinder internal website security. Make sure that
your team takes the time to carefully discuss and consider whether or not every
application is right for your network before they install it.

What is Data Corruption?

Data corruption refers to any unwanted change that happens to a file during
storage, transmission, or processing. A corrupted file can become unusable,
inaccurate, unreadable, or in some way inaccessible to a user or a related app.

Most data corruptions occur when a file somehow flips or mixes its binary code
(bits of 0s and 1s). Bits are mixed up for many reasons, including hardware
problems, software-based issues, and human mistakes.

Common Causes of Data Loss

The major causes of data loss are outlined below:

1. Human error
Human error is the root cause of most data loss in business as humans are, by
nature, not perfect. The day-to-day running of a business involves a lot of data
manipulation through typing, editing, updating, and deletions, processes that are
prone to error by users.
2. Theft
Losing data through theft usually happens when a data storage device such as a
laptop is stolen. Laptops are stolen at an alarming rate, meaning data loss through
theft can be quite high. Laptops are mobile and are usually taken out of secure
company premises, increasing vulnerability to theft.

3. Software corruption
Software malfunction or crash is another major cause of data loss. Any application
used for requesting data can crash, resulting in data loss or corruption. Software
failure can also occur in file editing software when updating multiple files where
some files fail to save or update and are subsequently deleted. Data can also
become lost in the same way during backup.

4. Computer viruses
Computer viruses can infiltrate and damage data stored in hard drives and company
network systems. Viruses can steal, corrupt, encrypt or delete important data. They
can also infiltrate an entire organization’s network system and affect the
functioning of computer hardware.

5. Hardware impairment
Hardware containing or maintaining data can easily malfunction, leading to
irretrievable data loss. The reasons for hardware impairment can be internal or
external. Data storage devices such as hard drives are prone to destruction through
physical or mechanical faults. The faults can be a result of misuse or mishandling
of the devices.
6. Natural disasters
Natural disasters assume a lower prevalence rate as a cause of data loss because of
their rare occurrence. Natural disasters that can lead to data loss include floods,
earthquakes, hurricanes, cyclones, natural fires, and lightning.

Implications of Data Loss

It can be expensive to prevent data loss in terms of resources, training, and
investigating. The cost is worth it, as the implications of experiencing a data loss
event can be catastrophic. Below are some of the costs and consequences of data
loss to organizations.

1. Business functions can be destroyed

Data is the backbone of the business, making day-to-day operations seamless. Data
loss can affect the functionality of an entity or certain parts of it due to bottlenecks
and resource allocation. Time and resources will have to be diverted to address the
data loss incident in terms of recovery leading to serious operational challenges.

2. Damaged business reputation

The reputation of a business may suffer due to data loss. It is essential to
communicate a data loss incident to customers, but it can inadvertently result in a
lack of trust and discontentment. It can subsequently lead to other customers taking
their business elsewhere.

3. Financial implications
Data supports the operations of the business, and if lost, it means the company
loses not only its ability to make money but also the means to operate. Since
financial resources are also channeled towards data recovery, business finances can
be stretched to the point of eating into unbudgeted funds and drawing down
reserves. Data loss comes with the potential to bankrupt a business.
4. Effects on productivity
The productivity of employees is severely affected as data used in day-to-day work
is lost. Also, data is needed to make decisions, and the decision-making function is
also curtailed due to data loss.

5. Legal consequences
Data loss exposes a business to various legal actions and lawsuits. The loss of
customer data carries potential fines from the regulator for not adhering to data
protection laws and regulations. Customers can also file lawsuits against a business
in the event of loss of customer data.

A Definition of Cloud Account Hijacking

Cloud account hijacking is a process in which an individual or organization’s cloud
account is stolen or hijacked by an attacker. Cloud account hijacking is a common
tactic in identity theft schemes in which the attacker uses the stolen account
information to conduct malicious or unauthorized activity. When cloud account
hijacking occurs, an attacker typically uses a compromised email account or other
credentials to impersonate the account owner.

Simple Solutions for Cloud Account Hijacking Protection

There are simple, effective steps businesses and organizations can take to keep
their data secure on the cloud. Be sure to:

● Check with your service provider to make sure they have conducted
background checks on employees who have physical access to the servers in
their data centers.
● Have a strong method of authentication for cloud app users.
● Make sure all of your data is securely backed up in the event that your data
is lost in the cloud.
 ● Restrict the IP addresses allowed to access cloud applications. Some cloud
apps provide tools to specify allowable IP ranges, forcing users to access the
application only through corporate networks or VPNs.

Step-by-step: Cloud hijacking in action

Before we dive into how to prevent cloud hijacking, let’s first take a look at what a
cloud hijacking attack looks like contextually. Below, we’re presuming that the
threat actor has already got a hold of your employee’s credentials through one of
the means above.

Step 1: The attacker uses your employee’s stolen credentials to log-in to their
cloud account (something like Slack, Microsoft Outlook or Google Workspace)

Step 2: The attacker goes through your employee’s files, contacts and
information for data that could be lucrative on the Dark Web and/or to build a
picture of the employee so that they can then convincingly impersonate them.

Step 3: Depending on the attacker’s goal, this step tends to go in one of a few
ways. They may simply take what data they’ve found and monetize it.
Alternatively, they may pose as your employee in order to reroute invoices and
receive monetary payment. Some cybercriminals will also spread malware via
email or file upload in order to compromise the organization further.
 Steps to reduce Cloud security breaches:
1. Educate your employees.
For most organizations, there is an easy explanation for the security threats:
uneducated employees. By teaching your employees proper defense practices, you
can minimize risk and prevent cloud security threats.

2. Secure a data backup plan.

As the cloud continues to mature, the possibility of permanent data loss is high.
Make sure that whatever happens, you have a secure backup of that data (this is
more about securing your business than your actual data, but provides the same
peace of mind).

3. Who has access to the data?

the location of your stored data is important — but nowhere near as important as
who has access to it.
IT managers: who is doing what, who has access, and what are they trying to
access? Establish access controls to manage risk. Tie user identities to back-end
directories, even for external identities.

4. Encryption is key.
Cloud encryption is critical for protection. It allows for data and text to be
transformed using encryption algorithms and is then placed on a storage cloud.
Ask your provider how data is managed. To ensure the protection of your data
before it leaves your business, you can encrypt at the network’s edge, ensuring the
movement of data in the cloud is protected. Once the data is encrypted, keep the
keys that both encrypt and decipher your information.
5. Take passwords seriously.
Since files are zipped and encrypted with passwords, it’s important to choose one
wisely. Most passwords — 90%, to be exact — can be cracked within seconds.

6. Test, test, test.

When putting measures in place to protect your cloud, think like a criminal. One of
the best ways to do this is penetration testing: an IT security practice designed to
identify and address vulnerabilities as well as minimize cloud security threats.
A few things to keep in mind:
● A penetration test looks like a real attack, so be sure to inform your cloud
provider before beginning.
● Evaluate what your weaknesses are and create an inventory of what to test
such as servers and applications.

How to Improve Security in Cloud Computing?

Cloud computing centralizes computing services, cloud applications, and data. As

much as the cloud offers flexibility, it is vulnerable to cyber threats.

Failure to protect your data on the cloud can result in data loss or theft.Cloud

security is the process of securing cloud environments. It is a set of measures that

work together to protect cloud systems.Using the right set of technologies,

controls, and policies will enhance your cloud security.

1. Next-Generation Firewall (NGFW):

NGFW is a network security device that provides functions beyond a traditional

firewall. It filters network traffic using a defined set of rules.

Features of an NGFW:

● Block threats at the network edge

● Geolocation

● Reverse proxy/web gateway

● Intrusion detection and prevention systems (IDS/IPS)

● In-line deep packet inspection (DPI)

● Identity and Access Management

2. Multi-Factor Authentication (MFA):

Multifactor authentication (MFA) adds a layer of protection to the sign-in process.

Benefits of MFA:

● High-level protection: Get better protection as compared to 2FA.

● Assures consumer identity: Protects consumer data from identity theft.

● Time-based Codes: Provides your users one time access with time based
codes.

● Risk-based Access Control: Verifies users based on risk factors. Such as:
1. Location
2. Time of access
3. User Device
4. IP address

3. Streamline Identity and Access Management (IAM):

IAM is a cloud service that controls the permissions and access for users and cloud

tools. It helps you give access to tools at fine-grained levels on the cloud.

● Restricted Access: IAM ensures only approved users have access to data
and systems.

● View only Access: Users can access files with only read or view rights.
They cannot make changes.

● Platform-based Access: Limit user access to certain platforms. E.g., users

can access OS but not the testing tools.

● Defined Sharing Rights: Restrict users from sending or receiving data by

limiting their sharing rights.

4. Monitoring & Logging:

Cloud monitoring reviews, observes and manages the cloud systems for security

breaches.Logging empowers cloud users to manage, analyze, and gain insights

from log data in real-time. Cloud logging collects and compares log data from
cloud-based systems.The Logs can tell us ‘who’ accessed ‘what’ on the cloud and

when. From logins to firewall updates, all events are logged in order. The log

events include the signs of potential risks.

5. Cloud Visibility & Control:

Cloud visibility is the ability to view all of your activities in the cloud.It helps you

identify weak performance and potential risks in the cloud deployment. Once you

know what’s harming the process, you can put policies in place to control risks.

Security controls are a set of measures that helps you protect cloud systems.

The process includes:

● Prevention: Address threats in cloud systems.

● Detection: Detect an attack before it turns into a data breach.

● Correction: Reduce the effects of an attack after it has taken place.

6. Use Cloud Automation:

Cloud automation can automate your system processes without human

intervention.

Cloud Automation can:

 ● Increase security controls

● Avoid misconfigurations

● Ensure compliance at all levels

● Limit the impacts of data theft

● Secure deployments in the development process

What is Cloud Identity Management

Identity management in cloud computing is the subsequent step of identity and
access management (IAM) solutions. However, it is a lot more than merely a
straightforward web app single sign-on (SSO) solution. This next generation of
IAM solution is a holistic move of the identity provider right to the cloud.

Known as Directory-as-a-Service (DaaS), this particular service is the advanced

version of the conventional and on-premises solutions, including Lightweight
Directory Access Protocol (LDAP) as well as Microsoft Active Directory (AD).

Features of a Modern Cloud Identity Management

Solution

The following are a few advantages of identity management in cloud computing:

● It offers a consistent access control interface: Applicable for all cloud

platform services; Cloud IAM solutions provide a clean and single access

control interface.

● It offers superior security levels: If needed, we can easily define increased

security levels for crucial applications.

● It lets businesses access resources at diverse levels: Businesses can define

roles and grant permissions to explicit users for accessing resources at

diverse granularity levels.

 UNIT IV

Cloud Computing platforms

What is a cloud platform?

There are a ton of ways in which every individual can state the meaning of the
cloud platform. But in the simplest way it can be stated as the operating system and
hardware of a server in an Internet-based data centre are referred to as a cloud
platform. It enables remote and large-scale coexistence of software and hardware
goods.

Types of Cloud Platforms

Cloud systems come in a range of shapes and sizes. None of them are suitable for
all. To meet the varying needs of consumers, a range of models, forms, and
services are available. They are as follows:

● Public Cloud: Third-party providers that distribute computing services

over the Internet are known as public cloud platforms. A few good examples
of trending and mostly used cloud platform are Google Cloud Platform,
AWS (Amazon Web Services), Microsoft Azure, Alibaba and IBM Bluemix.
● Private Cloud: A private cloud is normally hosted by a third-party service
provider or in an on-site data centre. A private cloud platform is always
dedicated to a single company and it is the key difference between the public
 and private cloud.
Or we can say that a private cloud is a series of cloud computing services
used primarily by one corporation or organization.
● Hybrid Cloud: The type of cloud architecture that combines both the
public and private cloud systems is termed to as a Hybrid cloud platform.
Data and programs are easily migrated from one to the other. This allows the
company to be more flexible while still improving infrastructure, security,
and enforcement.

List of Cloud Computing Platforms

1.) Microsoft Azure

Azure has long been regarded as one of the greatest cloud services platforms

accessible, given to Microsoft's extensive suite of services. The extensive list of

offered services is sufficient to meet the demands of any company in any sector.

You may operate services on the cloud or mix them with any of your current

infrastructures using Azure. Microsoft Azure was first published in 2010, and it

has since shown to be a reliable solution for businesses trying to digitally

change.
2.)Amazon Web Services

Amazon Online Services (AWS) is a popular cloud computing platform for

developing interactive web applications for your company. Elastic Cloud Compute

(EC2), Elastic Beanstalk, Simple Storage Service (S3), and Relational Database

Service are just a few of the IaaS and PaaS options available (RDS).

3.) Google Cloud

Google Cloud is a dependable, user-friendly, and secure cloud computing solution

from one of the world's most powerful IT companies.

Although Google Cloud's service offering isn't as extensive as Azure's, it's still
sufficient to meet all of your IaaS and PaaS requirements. Its headlines include
user-friendliness and security.

Your first 12 months of service are also free, much like Azure. In addition,
Google boasts that its services are less expensive and more budget-friendly than
others.

4.) IBM Cloud

IBM Cloud is another cloud computing platform that focuses on IaaS

(Infrastructure as a Service), SaaS and PaaS (Platform as a Service).It's one of the

more cost-effective pricing plans on the market, and it's totally configurable, so

you may save even more money. Using their APIs, creating an account is a breeze.
5.) Cloud Linux

Cloud Linux is the way to go if you wish to construct your own IT infrastructure

rather than depending on a third-party service. It's not just another cloud provider;

it's a cloud platform for setting up your own infrastructure. It is a Linux-based

operating system, as indicated by its name.

Working with CloudLinux comes with a lot of obstacles, but it also comes with a

lot of benefits and advantages, such as total control, flexibility, security, and deep

customization.
Internal Security
Breaches in Cloud
Computing

Internal Security
Breaches in Cloud
Computing
Internal Security
Breaches in Cloud
Computing