UNIT-3

SECURING CLOUD SERVICE

What is cloud security?

Cloud security is the set of control-based security measures and technology protection, designed to protect
online stored resources from leakage, theft, and data loss. Protection includes data from cloud infrastructure,
applications, and threats. Security applications uses a software the same as SaaS (Software as a
Service) model.

How to secure your data in the Cloud

Regardless of the type of cloud services your business uses, the security for all is still the same. Here are 7
important factors when looking to secure your data in the cloud.

1. Encryption

The first way to mitigate security breaches is to use a cloud service that encrypts your files both on your
local computer and in the cloud. By having two layers of encryption it protects your data both from service
providers and administrators of the service.

2. Set Strong Passwords

Your password is the key to your house - you would not just leave it anywhere lying out with your address
attached. I suspect we have all written a password on a sticky note at one point in our lives. It is ever
important to break that habit and ensure you are doing your part to not be the cause of a breach. More than
75 percent of attacks are due to weak passwords, which means you must be diligent when creating yours.

Tips for creating a secure password

• Make sure your password is at least eight characters in length

• Avoid using identifying information such as your name, birthday, company name or the names of people
or pets you are close to.
• Never create a password only with letters.
• Mix up the characters you're using - upper and lowercase letters as well as numbers and symbols.
• Avoid using the same one for multiple accounts.
3. Setup Two-Factor Authentication

The two-factor authentication (2FA) tool is an extra layer of security that can prevent hackers from
obtaining your password and accessing your data. When you utilize 2FA, the tool will require you to take
an action on a separate device to grant access to the account after your password is used. This will ensure
that if someone does get access to your password that your data is still protected.

4. Have a Backup

Even when storing data in the cloud it is imperative to have backups. Ideally, both stored locally and in one
or multiple cloud services depending on the type of data. You can work with a cloud expert to determine
the level of redundancy you need and the schedule for those backups. For example, BAASS uses
our Hosted Cloud service which has several levels of backups and redundancies set for our data. By having
backups you reduce any downtime should there be any issues with your data in the primary location.

5. Setup Role-Based Access Control

The cloud solution you are using should be able to provide role-based access control to ensure the correct
user is accessing only the files they need to. By having stringent control of the access levels it can provide
an additional level of protection should a user’s account be breached.

6. Make sure to Read the Fine Print

We have all glossed past the terms and conditions agreements in software before for personal use. It is
extremely important to never sign up for cloud service without reading the user agreement completely.
This document includes vital information about how the service protects your information and whether you
give permission for them to use or sell your information in any way by signing up. Also, ensure to read any
updates when the service provider updates its privacy policies.

7. Educate employees

Cyber-hygiene and security training should be a requirement for all employees. The consequences of data
breaches are higher and higher these days. These risks to your company should be fully discussed to ensure
your employees understand what is at stake. Other topics that are recommended assistance with device
usage, phishing and email scams, standards and protocols for accessing data, and passwords.
8. Brokered cloud storage access
Cloud Broker is an entity that manages the use, performance and delivery of cloud services, and
relationships between cloud providers and cloud consumers.

All the data stored in the cloud. It can be located in the cloud service provider’s system used to
transfer data from sent and received. The cloud computing has no physical system that serves this
purpose. To protect the cloud storage is the way to isolate data from client direct access. They are
two services are created. One service for a broker with full access to storage but no access to the
client, and another service for a proxy with no access to storage but access to both the client and
broker. These important two services are in the direct data path between the client and data stored
in the cloud. Under this system, when a client makes a request for data, here’s what happens:

1. The request goes to the external service interface of the proxy.

2. The proxy using internal interface, forwards the request to the broker.
3. The broker requests the data from the cloud storage system.
4. The storage system returns the results to the broker.
5. The broker returns the results to the

The proxy completes the response by sending the data requested to the client.

Even if the proxy service is compromised, that service does not have access to the trusted key that
is necessary to access the cloud storage. In the multi-key solution, not eliminated all internal
service endpoints, but proxy service run at a reduced trust level is eliminated. The creation of
storage zones with associated encryption keys can further protect cloud storage from
unauthorized access.
Storage zone with encrypted keys
Cloud brokers provide services in three categories:

Aggregation: A cloud broker combines and integrates multiple services into one or more new
services.

Arbitrage: This is similar to service aggregation, except that the services being aggregated are
not fixed.

Intermediation: The cloud broker give service by improving capability and providing value
added services to cloud consumers. The improvement can be managing access to cloud services,
identity management, performance reporting, enhanced security, etc.

9. Storage location and tenancy

Cloud service providers as per their Service Level Agreements, need to contractually store and
process data in locations that are predetermined by their contract. It gets the commitment for
specific data site storage the cloud vendor is under contract to conform to privacy laws.

Because data stored in the cloud is usually stored from multiple tenants the each vendor has its
own unique method for segregating one customer’s data from another. It’s important to
understand how the specific service provider maintains data segregation. Cloud storage provider
provides privileged access to storage. Most cloud service providers store data in an encrypted
form to protect the data used in security mechanism. Hence, data cannot be accessed by the
unauthorized user.
It is important to know what impact a disaster or interruption occur on the stored data. Since data
are stored across multiples sites, it may not be possible to recover data in a timely manner.

10. Audit and Compliance

Audit and compliance refers to the internal and external processes that an organization
implements to:

• Identify the requirements with which it must abide—whether those requirements

are driven by business objectives, laws and regulations, customer contracts, internal
corporate policies and standards, or other factors
• Put into practice policies, procedures, processes, and systems to satisfy such
requirements
• Monitor or check whether such policies, procedures, and processes are
consistently followed

Audit and compliance functions have always played an important role in traditional
outsourcing relationships. However, these functions take on increased importance in the
cloud given the dynamic nature of software-as-a-service (SaaS), infrastructure-as-a-
service (IaaS), and platform-as-a-service (PaaS) environments. Cloud service providers
(CSPs) are challenged to establish, monitor, and demonstrate ongoing compliance with a
set of controls that meets their customers’ business and regulatory requirements.
Maintaining separate compliance efforts for different regulations or standards is not
sustainable. A practical approach to audit and compliance in the cloud includes a
coordinated combination of internal policy compliance, regulatory compliance, and
external auditing.

Steps to ensure security over cloud:

Securing data and applications in the cloud is a critical concern to protect sensitive
information and ensure compliance with various security standards. Here are the steps to
enhance security over the cloud:

1. Understand Cloud Service Models: Understand the differences and security

implications of various cloud service models: Infrastructure as a Service (IaaS),
Platform as a Service (PaaS), and Software as a Service (SaaS).
2. Compliance and Regulations: Ensure compliance with industry-specific regulations
(e.g., GDPR, HIPAA) and security standards (e.g., ISO 27001) that pertain to your
organization's operations and data handling.
3. Risk Assessment and Management: Conduct a thorough risk assessment to identify
potential threats and vulnerabilities specific to your cloud environment. Develop a
risk management plan to mitigate these risks effectively.
4. Data Encryption: Implement strong encryption mechanisms for data at rest and in
transit. Utilize encryption algorithms and protocols to ensure data confidentiality and
integrity.
5. Identity and Access Management (IAM): Utilize IAM solutions to control and
manage user access to cloud resources. Implement strong authentication mechanisms,
role-based access control (RBAC), and least privilege principles to restrict
unauthorized access.
6. Multi-Factor Authentication (MFA): Enforce the use of multi-factor authentication
to add an extra layer of security for accessing critical systems and data.
7. Regular Auditing and Monitoring: Implement continuous monitoring and auditing
of cloud resources and activities. Utilize security information and event management
(SIEM) tools to detect and respond to security incidents promptly.
8. Network Security: Configure firewalls, network segmentation, and secure network
protocols to protect against unauthorized access and network-based attacks.
9. Secure Application Development: Employ secure coding practices and conduct
regular security testing (e.g., penetration testing, vulnerability scanning) for
applications hosted in the cloud.
10. Incident Response Plan: Develop a comprehensive incident response plan that
outlines the steps to be taken in the event of a security incident. Conduct regular drills
to ensure the plan's effectiveness.
11. Secure APIs: Ensure that APIs (Application Programming Interfaces) are securely
designed and managed to prevent unauthorized access and potential data breaches.
12. Data Backup and Recovery: Implement a robust backup and disaster recovery
strategy to ensure data availability and integrity in case of accidental deletion,
hardware failure, or other catastrophic events.
13. Patch Management: Regularly update and patch all software and systems to address
known vulnerabilities and reduce the risk of exploitation.
14. Vendor Security Assessment: Conduct thorough security assessments of cloud
service providers to ensure they meet your security requirements and standards.
15. Employee Training and Awareness: Provide regular training to employees
regarding cloud security best practices, policies, and procedures to reduce the risk of
human error.