Cloud Computing Unit: 5 Subject Code:4360709

Unit – V
Security and Privacy Issues in Cloud Computing

5.1.1 Infrastructure Security

 The Network level
 The Host level
 The Application Level

The aim of cloud infrastructure security is to protect cloud-based assets from cyber security
threats.
Infrastructure security is the practice of protecting critical systems and assets against physical
and cyber threats.

Security Issues in Cloud Computing :

There is no doubt that Cloud Computing provides various Advantages but there are also some
security issues in cloud computing. Below are some following Security Issues in Cloud
Computing as follows.

1) Data Loss –
 Data Loss is one of the issues faced in Cloud Computing. This is also known as Data
Leakage.
 As we know that our sensitive data is in the hands of Somebody else, and we don’t have
full control over our database.
 So, if the security of cloud service is to break by hackers then it may be possible that
hackers will get access to our sensitive data or personal files.

2) Interference of Hackers and Insecure API’s –

 As we know, if we are talking about the cloud and its services it means we are talking
about the Internet.
 Also, we know that the easiest way to communicate with Cloud is using API. So it is
important to protect the Interface’s and API’s which are used by an external user.
 But also in cloud computing, few services are available in the public domain which are
the vulnerable part of Cloud Computing because it may be possible that these services are
accessed by some third parties.
 So, it may be possible that with the help of these services hackers can easily hack or harm
our data.

3) User Account Hijacking –

 Account Hijacking is the most serious security issue in Cloud Computing.
 If somehow the Account of User or an Organization is hijacked by a hacker then the
hacker has full authority to perform Unauthorized Activities.

4) Changing Service Provider –

 Vendor lock-In is also an important Security issue in Cloud Computing.

Prepared By: Department of Computer Engineering Page 1

Cloud Computing Unit: 5 Subject Code:4360709

 Many organizations will face different problems while shifting from one vendor to
another.
 For example, An Organization wants to shift from AWS Cloud to Google Cloud Services
then they face various problems like shifting of all data, also both cloud services have
different techniques and functions, so they also face problems regarding that.
 Also, it may be possible that the charges of AWS are different from Google Cloud, etc.

5) Lack of Skill –

 While working, shifting to another service provider, need an extra feature, how to use a
feature, etc. are the main problems caused in IT Company who doesn’t have skilled
Employees.
 So it requires a skilled person to work with Cloud Computing.

6) Denial of Service (DoS) attack –

 This type of attack occurs when the system receives too much traffic.
 Mostly DoS attacks occur in large organizations such as the banking sector, government
sector, etc.
 When a DoS attack occurs, data is lost. So, in order to recover data, it requires a great
amount of money as well as time to handle it.

The Network level

There are no new attacks, vulnerabilities, or changes that need to be considered in this specific
topology by the information security personnel, beside that our organization’s IT infrastructure
might be affected by the implementation of a private cloud but our current network topology
probably will not get affected. whereas if we used the services of public clouds any changes in
the security requirements will require a change in the network topology. Therefore, we must
define some ways through which our existing network topology will interact with the topology of
the cloud provider.

User can reduce their cloud security challenges in many ways, which is why it is essential.

1. Reduces Business Risk

Network security provides enterprise-level protection for cloud resources. It means operating
remotely becomes more secure and more manageable. It helps company teams collaborate better
and improve productivity.

2. Reduces Costs

The cloud infrastructure is not expensive for customers because they don’t have to buy them.
You only use cloud services offered by a provider and pay through a subscription model.
Implementing cloud computing or network security will safeguard you from cyber-attacks and
reduce the cost of data recovery.

Prepared By: Department of Computer Engineering Page 2

Cloud Computing Unit: 5 Subject Code:4360709

3. Data Protection

Cloud computing network security helps protect user data from cyber-attacks and shields against
misconfigurations and human errors.

4. Increases Reliability and Availability

Cloud services need to be available to customers around the clock. To ensure this availability,
you must first employ network security measures to prevent downtime due to a breach. In
addition, network security helps build customer trust because it shows commitment to protecting
their data.

5. Ensures Regulatory Compliance

How you implement your private cloud environment is the critical element in meeting cloud
security compliance. A compliance management platform can help you leverage solutions while
connecting them to your business risk and regulatory requirements. For example, in the
healthcare industry.

Different Types of Network Security

You can use some tools in your line of service for data protection. Some of the common ones
include:

1. Antivirus and Antimalware Tools

A common form of cyber attack is malware, which infiltrates and corrupts user files. When a
user experiences a malware attack, the best way to counter it is by installing an antivirus like
Kerperskey. It scans your file system and removes all threats.

2. Application Security

Updating your system security can be the first step in protecting your data from attack.
Combining antiviruses and best practices can help patch security gaps in a platform.

3. Behavioral Analytics

Creating a system that monitors user behavior is crucial to an organization, and here is why.
When staff or devices access a cloud system, monitoring use and behavior is easy. If they’re
irregular behavior like unauthorized access, it can indicate a system breach. Having such systems
can help to prevent any threat early.

4. Data Loss Prevention

They are company measures that protect its sensitive data from breaches by staff. These
networks prevent rogue employees from downloading, printing, or sharing company information
and sensitive data.

Prepared By: Department of Computer Engineering Page 3

Cloud Computing Unit: 5 Subject Code:4360709

5. Access Control

It’s when a company limits access to sensitive information to only authorized people. Companies
accomplish it by applying security policies restricting access to specific networks or system
sections.

The Challenges Faced in Cloud Network Security:

Any business needs to understand the top cloud data security network challenges they can face.
Common ones include:

1. Errors in the Cloud

Most cloud failures are because of some human error. It is a constant risk, especially when
building business apps. It gets amplified when these business apps get hosted in a public cloud.
The reason is the ease of use by multiple users without proper controls. Ways you can manage
this challenge is by building strong controls.

2. DDoS Attack

When your environment gets exposed, it’s called a DDoS attack. It happens when you
continuously add microservices to your caseload. Small data leaks can build up to a full-blown
attack. A user can manage the attack surface by managing their cloud resources.

3. Shadow IT

When an organization’s employee illegally gets access to the cloud servers without approval, it’s
called shadow IT. The risks associated with it are compliance violations, breaches, and more. In
addition, they can implement cloud usage policies. Not only that but also monitor cloud usage
and provide staff with approved cloud services and applications.

4. Scaled Vulnerabilities

The cloud needs more advanced security protocols than on-premise servers. That’s why an
admin needs to learn a new cloud security strategy that adheres to modern standards. So,
businesses need the proper knowledge and expertise to know cloud security challenges.

The Host level

Host level security in cloud computing about safeguarding the individual servers or virtual
machines (VMs) that run applications and store data in the cloud.
Host-level security in cloud computing refers to the security measures and practices implemented
at the level of individual virtual or physical machines (hosts) within a cloud environment.
These measures are crucial for protecting data, applications, and resources from unauthorized
access, malicious attacks, and other potential threats. Here are some key aspects of host-level
security in cloud computing:

Prepared By: Department of Computer Engineering Page 4

Cloud Computing Unit: 5 Subject Code:4360709

1. Hypervisor Security: The hypervisor, also known as a virtual machine monitor (VMM), is
responsible for managing and allocating computing resources among virtual machines (VMs) on
a physical host. Ensuring the security of the hypervisor is critical to prevent vulnerabilities that
could be exploited to compromise multiple VMs running on the same host.

2. Secure Boot and Firmware Integrity: Secure boot mechanisms ensure that only trusted
firmware and operating system components are loaded during the boot process, guarding against
unauthorized modifications and boot-time attacks. Maintaining the integrity of firmware and
keeping it up to date is essential for host security.

3. Access Control: Implement strong access control mechanisms to regulate who can access and
manage host systems. This includes using role-based access control (RBAC), least privilege
principles, and multi-factor authentication (MFA) to restrict unauthorized access.

4. Patch Management: Regularly update and patch the host operating systems, applications, and
libraries to address known vulnerabilities and mitigate the risk of exploitation by attackers.
Automated patch management solutions can help streamline this process.

5. Network Security: Employ network security measures such as firewalls, intrusion

detection/prevention systems (IDS/IPS), and network segmentation to protect host systems from
unauthorized network access, traffic sniffing, and other network-based attacks.

6. Antivirus and Malware Protection: Install and maintain up-to-date antivirus and anti-malware
software on host systems to detect and remove malicious software that could compromise the
integrity and security of the environment.

7. Encryption: Use encryption protocols (e.g., TLS for network communications, BitLocker for
data-at-rest encryption) to protect data both in transit and at rest on host systems, reducing the
risk of unauthorized data access and interception.

8. Logging and Monitoring: Enable logging and monitoring mechanisms to track and analyze
host-level activities, including login attempts, system changes, and security events. Security
information and event management (SIEM) tools can help centralize and correlate logs for better
threat detection and response.

9. Backup and Disaster Recovery: Implement robust backup and disaster recovery strategies to
ensure data resilience and continuity of operations in case of host failures, data corruption, or
cyber incidents.

10. Security Best Practices: Follow industry best practices and security guidelines provided by
cloud service providers (CSPs) and security standards bodies (e.g., NIST, ISO) to enhance host-
level security posture and compliance with regulatory requirements.

Prepared By: Department of Computer Engineering Page 5

Cloud Computing Unit: 5 Subject Code:4360709

The Application Level

Application-level security in cloud computing refers to the security measures and practices
implemented to protect the software applications and services hosted in a cloud environment.
These measures are crucial for ensuring the confidentiality, integrity, and availability of data, as
well as protecting against various cyber threats. Here are some key aspects of application-level
security in cloud computing:

1. Authentication and Authorization: Implement strong authentication mechanisms, such as

multi-factor authentication (MFA) and OAuth, to verify the identity of users and ensure that only
authorized users have access to the application and its resources. Role-based access control
(RBAC) should be used to enforce least privilege access principles.

2. Data Encryption: Use encryption techniques to protect data both at rest and in transit. Encrypt
sensitive data before storing it in databases or file systems, and ensure that communication
channels between clients and servers are encrypted using protocols like TLS (Transport Layer
Security).

3. Input Validation: Implement thorough input validation mechanisms to prevent common

security vulnerabilities such as SQL injection, cross-site scripting (XSS), and command
injection. Validate and sanitize user input to mitigate the risk of malicious input causing
application-level attacks.

4. Session Management: Employ secure session management practices, such as session tokens
with limited lifespan and session timeout mechanisms, to reduce the risk of session hijacking and
unauthorized access to user sessions.

5. Secure Coding Practices: Follow secure coding guidelines and best practices, such as those
provided by organizations like OWASP (Open Web Application Security Project), to develop
secure and resilient applications. Conduct regular code reviews and security testing (e.g., static
analysis, dynamic analysis) to identify and mitigate vulnerabilities early in the development
lifecycle.

6. API Security: If your application exposes APIs (Application Programming Interfaces), ensure
that API endpoints are secure and protected against unauthorized access, abuse, and attacks such
as API key leakage, parameter manipulation, and injection attacks. Implement rate limiting,
authentication, and authorization mechanisms for API endpoints.

7. Web Application Firewall (WAF): Deploy a WAF to monitor and filter incoming and
outgoing traffic to the application, providing protection against common web application attacks
such as XSS, SQL injection, and CSRF (Cross-Site Request Forgery).

8. Logging and Monitoring: Enable comprehensive logging of application activities, events, and
security-related incidents. Implement real-time monitoring and alerting mechanisms to detect
and respond to suspicious activities, anomalies, and potential security breaches promptly.

Prepared By: Department of Computer Engineering Page 6

Cloud Computing Unit: 5 Subject Code:4360709

9. Patch Management: Keep application components, frameworks, libraries, and dependencies

up to date with the latest security patches and updates. Regularly apply patches to mitigate
known vulnerabilities and reduce the attack surface of the application.

10. Incident Response Planning: Develop and maintain an incident response plan that outlines
procedures for responding to security incidents, including data breaches, unauthorized access
attempts, and service disruptions. Conduct regular security drills and exercises to test the
effectiveness of the plan and improve incident response capabilities.

By addressing these application-level security considerations, organizations can enhance the

resilience of their cloud-hosted applications and mitigate the risks associated with evolving cyber
threats. Collaboration between development teams, security teams, and cloud service providers is
essential to implement effective security controls throughout the application lifecycle.

5.2.1 Data Security and storage

 Data security and storage in cloud computing are critical aspects that involve
safeguarding sensitive information, ensuring data integrity, availability, and
confidentiality.
 Cloud computing offers various services and deployment models, each with its own data
security considerations.
 Here are key aspects of data security and storage in cloud computing:

1. Data Encryption: Encrypt data both at rest (stored data) and in transit (data being transmitted
over networks). Use strong encryption algorithms (e.g., AES-256 for data at rest, TLS for data in
transit) to protect data from unauthorized access and interception.

2. Access Control: Implement robust access control mechanisms to regulate who can access data
and resources in the cloud environment. Use identity and access management (IAM) tools to

Prepared By: Department of Computer Engineering Page 7

Cloud Computing Unit: 5 Subject Code:4360709

enforce least privilege principles, role-based access control (RBAC), and multi-factor
authentication (MFA) to authenticate and authorize users.

3. Data Masking and Tokenization: Use data masking techniques to obfuscate sensitive
information in non-production environments, reducing the risk of exposure during development
and testing. Tokenization can also be used to replace sensitive data with non-sensitive
equivalents (tokens) to protect sensitive data in storage and transit.

4. Backup and Disaster Recovery: Implement regular data backups and disaster recovery
strategies to ensure data resilience and continuity of operations. Use cloud-based backup
solutions and replication mechanisms to create redundant copies of data in geographically
diverse locations.

5. Data Loss Prevention (DLP): Deploy DLP solutions to monitor, detect, and prevent
unauthorized access, leakage, or misuse of sensitive data. DLP tools can identify and enforce
policies to protect data based on content, context, and user behavior.

6. Secure Data Sharing: Use secure methods for sharing data within and outside the
organization, such as encrypted file sharing platforms, secure APIs, and data access controls.
Implement data governance policies to manage data sharing permissions and track data access
and usage.

7. Compliance and Regulatory Requirements: Ensure that data storage and handling practices
comply with relevant regulatory requirements, industry standards, and data protection laws (e.g.,
GDPR, HIPAA, PCI DSS). Cloud providers may offer compliance certifications and tools to
help meet these requirements.

8. Data Lifecycle Management: Implement data lifecycle management strategies to manage

data from creation to deletion efficiently. This includes data classification, retention policies,
archiving, and secure data disposal or deletion when no longer needed.

9. Monitoring and Auditing: Enable logging, monitoring, and auditing capabilities to track data
access, modifications, and security events in the cloud environment. Use security information
and event management (SIEM) tools to centralize logs, analyze threats, and generate real-time
alerts.

10. Vendor Security Assurance: Evaluate the security practices and certifications of cloud
service providers (CSPs) regarding data security, storage, and privacy. Understand the shared
responsibility model to clarify which security responsibilities are managed by the CSP and which
remain the customer's responsibility.

By addressing these data security and storage considerations in cloud computing, organizations
can enhance data protection, reduce security risks, and maintain compliance with regulatory
requirements, ultimately fostering trust and confidence in their cloud-based operations. Regular
security assessments, training, and collaboration between stakeholders are essential for effective
data security management in the cloud.

Prepared By: Department of Computer Engineering Page 8

Cloud Computing Unit: 5 Subject Code:4360709

5.2.2 Privacy issue

 Privacy issues in cloud computing revolve around concerns related to the collection,
storage, processing, and sharing of personal and sensitive data in cloud environments.
 These issues stem from the distributed nature of cloud infrastructure, shared resources,
potential lack of transparency, and varying levels of control over data.
 Here are some key privacy issues in cloud computing:

1. Data Confidentiality Issues

 Confidentiality of the user’s data is an important issue to be considered when
externalizing and outsourcing extremely delicate and sensitive data to the cloud service
provider.
 Personal data should be made unreachable to users who do not have proper authorization
to access it and one way of making sure that confidentiality is by the usage of severe
access control policies and regulations.
 The lack of trust between the users and cloud service providers or the cloud database
service provider regarding the data is a major security concern and holds back a lot of
people from using cloud services.

2. Data Loss Issues

 Data loss or data theft is one of the major security challenges that the cloud providers
face.
 If a cloud vendor has reported data loss or data theft of critical or sensitive material data
in the past, more than sixty percent of the users would decline to use the cloud services
provided by the vendor. Outages of the cloud services are very frequently visible even
from firms such as Dropbox, Microsoft, Amazon, etc., which in turn results in an absence
of trust in these services during a critical time.
 Also, it is quite easy for an attacker to gain access to multiple storage units even if a
single one is compromised.

3. Geographical Data Storage Issues

 Since the cloud infrastructure is distributed across different geographical locations spread
throughout the world, it is often possible that the user’s data is stored in a location that is
out of the legal jurisdiction which leads to the user’s concerns about the legal
accessibility of local law enforcement and regulations on data that is stored out of their
region.
 Moreover, the user fears that local laws can be violated due to the dynamic nature of the
cloud makes it very difficult to delegate a specific server that is to be used for trans-
border data transmission.

4. Multi-Tenancy Security Issues

 Multi-tenancy is a paradigm that follows the concept of sharing computational resources,
data storage, applications, and services among different tenants.
 This is then hosted by the same logical or physical platform at the cloud service
provider’s premises. While following this approach, the provider can maximize profits
but puts the customer at a risk.

Prepared By: Department of Computer Engineering Page 9

Cloud Computing Unit: 5 Subject Code:4360709

 Attackers can take undue advantage of the multi-residence opportunities and can launch
various attacks against their co-tenants which can result in several privacy challenges.

5. Transparency Issues
 In cloud computing security, transparency means the willingness of a cloud service
provider to reveal different details and characteristics on its security preparedness.
 Some of these details compromise policies and regulations on security, privacy, and
service level.
 In addition to the willingness and disposition, when calculating transparency, it is
important to notice how reachable the security readiness data and information actually
are.
 It will not matter the extent to which the security facts about an organization are at hand
if they are not presented in an organized and easily understandable way for cloud service
users and auditors, the transparency of the organization can then also be rated relatively
small.

6. Hypervisor Related Issues

 Virtualization means the logical abstraction of computing resources from physical
restrictions and constraints.
 But this poses new challenges for factors like user authentication, accounting, and
authorization. The hypervisor manages multiple Virtual Machines and therefore becomes
the target of adversaries.
 Different from the physical devices that are independent of one another, Virtual
Machines in the cloud usually reside in a single physical device that is managed by the
same hypervisor.
 The compromise of the hypervisor will hence put various virtual machines at risk.
Moreover, the newness of the hypervisor technology, which includes isolation, security
hardening, access control, etc. provides adversaries with new ways to exploit the system.

7. Managerial Issues
 There are not only technical aspects of cloud privacy challenges but also non-technical
and managerial ones.
 Even on implementing a technical solution to a problem or a product and not managing it
properly is eventually bound to introduce vulnerabilities.
 Some examples are lack of control, security and privacy management for virtualization,
developing comprehensive service level agreements, going through cloud service vendors
and user negotiations, etc.

8. Cloud Service Agreements and Terms:

 Privacy concerns also arise from the terms and conditions outlined in cloud service
agreements.
 Organizations must carefully review and negotiate contractual terms related to data
privacy, security, compliance, data retention, and data access rights to protect their
interests and privacy obligations.

Prepared By: Department of Computer Engineering Page 10

Cloud Computing Unit: 5 Subject Code:4360709

5.2.3 Data Life Cycle

The data lifecycle is the process in which data is created, used, and then destroyed. The data
lifecycle changes slightly whether that data is stored on-premise or in the cloud.
 Create
 Storage
 Usage
 Sharing
 Archive
 Destruction

Different Phases of Cloud Data Lifecycle

1. Data Creation:
 Data is gathered from various sources, including sensors, devices, applications, human
interactions, social media posts, and IoT temperature readings.
 The raw material for the data lifecycle passes through the ingestion, processing, storage,
and analysis phases to produce insightful information.
 Creating data is the first step in turning unactionable information into knowledge that can
be used.

2. Data Storage:
 Data finds a secure place in cloud storage infrastructure, encompassing object, block, and
database storage options.
 These choices have diverse features to suit various data types and use cases.
 Cloud storage ensures accessibility, scalability, and resilience while allowing
organizations to pick the ideal storage method.
 This stage is pivotal in the data lifecycle, where data is protected and prepared for future
use and retrieval.

Prepared By: Department of Computer Engineering Page 11

Cloud Computing Unit: 5 Subject Code:4360709

3. Data Processing:
 Processing transforms data into a usable format, making tasks like data analysis, machine
learning, and artificial intelligence applications feasible.
 This process converts unstructured data into structured data that can power automation
and insights.
 Data processing is essential for deriving value and understanding from data, whether
combining numbers for analytics or developing AI algorithms.
 It bridges the gap between unactionable insight and raw data.

4. Data Sharing:
 Data is accessible to approved users and programs for collaboration and utilization.
 This phase entails securely distributing it inside a restricted framework to ensure only
authorized parties can interact with the data.
 Sharing data is crucial to data management as it promotes collaboration, decision-
making, and the ability to derive insights from the data.
 Strong access controls and permissions are needed to maintain data security and
compliance.

5. Data Archival:
 Data is archived to meet compliance requirements and to ensure long-term storage.
 Data is transferred at this phase to cost-effective, secure storage options built for long-
term retention.
 Archiving ensures that previous data is still available when needed and reduces storage
expenses for data utilized less often.
 It is essential for ensuring data integrity and compliance with legal requirements.

6. Data Destruction:
 When data no longer serves a purpose or when required by laws and regulations, it is
destroyed.
 Information must be securely deleted or removed at this step to ensure that data cannot be
accessed or retrieved.
 Data deletion is crucial for preserving data privacy and compliance, especially when
keeping data is useless or illegal.
 It adheres to data governance standards and protects sensitive information.

5.2.4 Key Privacy concern in the cloud

Addressing privacy issues in cloud computing requires a comprehensive approach that combines
technical controls, legal compliance, transparency, user education, and ongoing risk
management. Organizations should conduct privacy impact assessments, adopt privacy-
enhancing technologies, implement strong data protection measures, and engage in transparent
communication with stakeholders to mitigate privacy risks and protect individuals' privacy rights
in the cloud.
1. Data Ownership and Control: One of the primary concerns is determining who owns the
data stored in the cloud and how much control individuals or organizations have over their data.

Prepared By: Department of Computer Engineering Page 12

Cloud Computing Unit: 5 Subject Code:4360709

Cloud service providers (CSPs) may assert certain rights over data stored on their platforms,
leading to questions about data ownership and sovereignty.

2. Data Location and Jurisdiction: Data stored in the cloud may be replicated across multiple
geographical locations for redundancy and performance reasons. This raises concerns about data
residency, compliance with local data protection laws, and the jurisdictional issues that arise
when data crosses international borders.

3. Data Security and Breaches: The security of data in the cloud is a major privacy concern.
Breaches, unauthorized access, data leaks, or vulnerabilities in cloud services can lead to the
exposure of sensitive information, compromising individuals' privacy rights and potentially
resulting in financial or reputational damage.

4. Data Access and Sharing: Cloud environments often involve sharing data with third parties,
such as cloud service providers, partners, or subcontractors. Privacy risks arise when data is
accessed, processed, or shared without proper authorization, encryption, or contractual
safeguards in place.

5. Compliance and Regulatory Challenges: Compliance with data protection regulations and
privacy laws (e.g., GDPR, CCPA, HIPAA) presents challenges in cloud computing.
Organizations must ensure that cloud providers adhere to relevant privacy requirements, provide
transparency about data handling practices, and offer data protection assurances.

6. Data Minimization and Purpose Limitation: The principle of data minimization, which
advocates for collecting only necessary data, and purpose limitation, which restricts data use to
specified purposes, can be challenging to enforce in cloud environments where data may be
stored or processed for various purposes without clear consent or control.

7. Vendor Lock-in and Portability: Organizations may face vendor lock-in issues when
migrating data between cloud providers or transitioning from cloud to on-premises
environments. Lack of data portability standards, interoperability challenges, and contractual
limitations can hinder data mobility and control.

8. Cloud Service Agreements and Terms: Privacy concerns also arise from the terms and
conditions outlined in cloud service agreements. Organizations must carefully review and
negotiate contractual terms related to data privacy, security, compliance, data retention, and data
access rights to protect their interests and privacy obligations.

9. Data Analytics and Profiling: Cloud-based data analytics, machine learning, and profiling
techniques raise privacy concerns related to the aggregation, analysis, and use of personal data to
derive insights, make decisions, or create targeted advertising, posing risks to individual privacy
and autonomy.
10. Transparency and Accountability: Transparency about data practices, security measures,
data breaches, and incident response capabilities is crucial for building trust and accountability in
cloud computing. Organizations should demand transparency from cloud providers and maintain
transparency with users regarding data handling practices and privacy policies.

Prepared By: Department of Computer Engineering Page 13

Cloud Computing Unit: 5 Subject Code:4360709

5.2.5 Protecting Privacy

 You can protect your business data in the cloud from unauthorized access.
 All you need is a sharp eye and an extra effort.
 Here are few practical tips to keep your cloud data safe and secure.

1. Always keep backup locally

 Always have a backup for your data.
 It is always good to create hard copies of your business data and keep it with yourself so
that you can have access them even if you lost the original one.
 You can use any cloud storage solutions to store your data.
 You can set up a cloud account & can keep the backup copies.
 You have another option of keeping the backup data in an external storage device also
like a hard disk or a thumb drive. This will allow you to access the information even if
without the internet.

2. Don’t store sensitive data

 Data is playing an important role in businesses today. So, data privacy is one of the
primary aspects of any business.
 But if something is there on the internet, it is hard to trust it is safe.
 So, one should avoid storing the most sensitive files or information in the cloud.
 Identity theft is on rising and you can’t take any risk.
 You should keep those files in cloud platform which you access frequently and should
avoid putting information related to financial details, competitor details, client details,
contact details like phone number/address etc.
 If you are keeping these files, make sure you encrypt them before uploading.

3. Data encryption
 One of the best ways to protect your data while using cloud storage is to do data
encryption.
 This is the best form of security because you need decryption before accessing the data.
 This will protect data against service providers and users also.
 To make it more protected, you can also ensure cloud encryption during uploading and
downloading phases.
 But, this will make data sharing and sync in the cloud platform little slow.

4. Encrypted cloud service

 There are few cloud services which provide local encryption and decryption of your files
and information inside that other than storage and backup.
 This means the service takes care of both encrypting your files and storing them safely in
the cloud.
 This will ensure that no one including the service provider or the administrators can have
the access to your data files.
 There are many free versions and also trial versions available in the market. You can use
them to learn how it works and later can upgrade to enjoy more space.

5. Using password

Prepared By: Department of Computer Engineering Page 14

Cloud Computing Unit: 5 Subject Code:4360709

 The first thing which can be done is to put strong password which can stand a hacking.
 You can take the help of internet to learn how to create a strong password.
 It is very important to change your password frequently and never use the same password
for all the accounts or folders.
 You can opt for 2-step verification for login if your cloud service offers that option.
 Google drive use 2 phase log in option, consist of password & code sent to the registered
number.
 This added security will make your data much safer.

6. Keep an eye on what you do online

 The security of your cloud data largely depends on your online behaviour.
 While using a public computer, never save your password, and always ensure that you
logged out properly.
 Another biggest concern is accessing cloud data in unsecured or open Wi-Fi hotspots.
Such connections are unencrypted, hackers can target your data easily.
 Never save your password in any of the public forum or social media.
 Change Wi-Fi passwords frequently.

7. Anti-virus is a must
 Sometimes the weakest link happens to be the computer or device you use for cloud data
access.
 You need to put proper protection in your system/device.
 It will help in securing your business data. If you expose yourself to bugs and viruses,
hackers can access your system easily.
 You need to choose a very effective and robust anti-virus system for your system, which
will protect all the files and information inside that.
 If your system isn’t well protected, and if the system is not encrypted and secured from
bugs, hackers can get hold of your information.

8. Read your user agreement

 If you are new to the world of cloud computing and not sure what cloud storage to choose
or how it really work, you have to read the user agreement of the service you are going to
sign up for.
 Initially, it will be difficult to understand and at times it will test your patience, but you
need to face this.
 User agreements always carry essential information which can help you understand
things in detail.

9. Access limitation
 Give access to those users who really need.
 Internal users and third party vendors should only get access to those files which will
help them to do their jobs.
 Use encryption keys if required. Make sure to evaluate the users and vendors regularly
and add/remove users as per the requirement.

Prepared By: Department of Computer Engineering Page 15