Shri Vaishnav Vidyapeeth Vishwavidyalaya, Indore

Shri Vaishnav Institute of Information Technology

Department of Information Technology

Subject Notes

Subject: Mobile and Cloud Security

Semester: VII

Subject Code: BTICS701

Session July-Dec 2023

 Mobile and Cloud Security (BTICS701)

UNIT-I
UNIT I: Cloud Computing Security Architectural Framework:
Cloud Benefits, Business scenarios, Cloud Computing Evolution, cloud vocabulary, Essential
Characteristics of Cloud Computing, Cloud deployment models, Cloud Service Models, Multi-
Tenancy, approaches to create a barrier between the Tenants, cloud computing vendors, Cloud
Computing threats, Cloud Reference Model, The Cloud Cube Model, Security for Cloud Computing,
How Security Gets Integrated.

Cloud Benefits

Cloud computing offers a wide range of benefits to individuals and businesses. Some of the key
advantages include:

1. Scalability: Cloud services provide the ability to easily scale up or down based on demand.
This allows businesses to quickly adjust their computing resources to match their needs, which is
particularly useful for handling traffic spikes or seasonal fluctuations.
2. Cost Efficiency: Cloud computing eliminates the need for upfront investment in hardware
and infrastructure. Instead, users pay for the resources they actually use on a pay-as-you-go basis.
This reduces capital expenditure and allows for better budget management.
3. Flexibility: Cloud platforms offer a variety of services and tools that cater to different
business needs, such as computing power, storage, databases, networking, and more. Users can
choose the specific services that best fit their requirements.
4. Accessibility: Cloud services are accessible from anywhere with an internet connection. This
facilitates remote work, collaboration among geographically dispersed teams, and easy access to
applications and data.
5. Reliability: Reputable cloud providers offer high levels of uptime and reliability. They often
have redundant data centers and backup systems to ensure that services remain available even in the
event of hardware failures or other issues.
6. Security: Cloud providers invest heavily in security measures, including encryption, access
controls, firewalls, and monitoring. They often have dedicated security teams that focus on
safeguarding customer data and infrastructure.
7. Automatic Updates: Cloud providers manage the underlying infrastructure, including
hardware and software updates. This reduces the burden on businesses to constantly maintain and
update their systems.
8. Disaster Recovery: Cloud services often include built-in backup and disaster recovery
solutions. This ensures that data is backed up and can be quickly restored in case of data loss or
system failures.
9. Collaboration: Cloud-based tools enable easy collaboration among team members. Multiple
users can access, edit, and share documents and resources in real time, enhancing productivity and
teamwork.
10. Environmental Impact: Cloud computing can be more environmentally friendly compared
to traditional on-premises data centers. Cloud providers can optimize resource usage, leading to
higher energy efficiency and reduced carbon footprint.
11. Global Reach: Cloud services are accessible globally, making it easier for businesses to
expand their operations to new regions without the need for physical infrastructure setup.
12. Innovation: Cloud computing allows businesses to rapidly experiment with and deploy new
applications and services. This accelerates innovation by providing a flexible and agile environment
for development and testing.

SVIIT, SVVV INDORE 2

 Mobile and Cloud Security (BTICS701)

13. Easier Maintenance: Cloud platforms simplify the process of maintaining and managing IT
systems. This is particularly beneficial for small businesses that may not have the resources to handle
complex IT infrastructure.

Overall, cloud computing offers the potential for increased efficiency, reduced costs, improved
collaboration, and the ability to focus on core business activities while leaving infrastructure
management to the experts. However, it's important to carefully assess your specific needs and choose
the right cloud services and providers to maximize these benefits.

Business scenarios

Cloud computing can be applied to a wide range of business scenarios to address various needs and
challenges. Here are some common cloud business scenarios:

1. Data Storage and Backup:

o Cloud Storage: Businesses can store their data, files, and documents in the cloud,
providing easy access and collaboration from anywhere.
o Backup and Disaster Recovery: Cloud services offer automated backup solutions,
ensuring data is regularly backed up and can be restored in case of data loss or system failures.
2. Application Hosting and Development:
o Application Deployment: Businesses can deploy their applications in the cloud,
making them accessible to users over the internet.
o DevOps and Continuous Integration/Continuous Deployment (CI/CD): Cloud
platforms facilitate agile development processes by providing tools for automated testing, building,
and deploying applications.
3. Scalable Web and Mobile Apps:
o Web and Mobile App Hosting: Cloud platforms offer scalable infrastructure to host
web and mobile applications, allowing businesses to handle variable user loads.
o Content Delivery: Cloud-based Content Delivery Networks (CDNs) accelerate the
delivery of web content to users around the world.
4. Data Analytics and Business Intelligence:
o Big Data Processing: Cloud services provide resources for processing and analyzing
large datasets, enabling data-driven insights and decision-making.
o Machine Learning and AI: Cloud platforms offer tools and frameworks for building
and deploying machine learning models and AI applications.
5. E-Commerce and Online Retail:
o Online Stores: Businesses can set up and manage online stores using cloud-based e-
commerce platforms, handling inventory, transactions, and customer interactions.
o Scalable Resources: Cloud services ensure that e-commerce sites can handle
increased traffic during peak shopping seasons.
6. Collaboration and Communication:
o Cloud-Based Productivity Suites: Businesses can use cloud-based tools for email,
document collaboration, video conferencing, and project management.
o Remote Work Enablement: Cloud services facilitate remote work by providing
secure access to company resources from anywhere.
7. Internet of Things (IoT):
o Data Collection and Processing: Cloud platforms can process and analyze data from
IoT devices, enabling real-time insights and automation.
o Device Management: Cloud services offer tools for managing and monitoring a large
number of connected devices.

SVIIT, SVVV INDORE 3

 Mobile and Cloud Security (BTICS701)

8. Testing and Development Environments:

o Dev/Test Environments: Cloud resources can be quickly provisioned for testing and
development purposes, eliminating the need for on-premises infrastructure.
9. Media and Entertainment:
o Streaming Services: Cloud platforms enable the delivery of streaming media content,
such as music, videos, and live broadcasts.
o Digital Content Distribution: Cloud services provide a platform for distributing
digital media content to a global audience.
10. Healthcare and Life Sciences:
o Secure Data Storage: Cloud solutions offer HIPAA-compliant storage for healthcare
data and electronic medical records.
o Data Sharing and Collaboration: Cloud platforms facilitate secure sharing of patient
information among healthcare providers.

These scenarios showcase how cloud computing can be tailored to various industries and business
needs. It's important to evaluate your specific requirements and choose the appropriate cloud
services and providers to meet your goals effectively.

Cloud Computing Evolution

Cloud computing has evolved significantly over the years, transforming the way businesses and
individuals use and manage technology resources. Here's an overview of the key stages in the
evolution of cloud computing:

1. Early Internet and Hosting Services (1990s):

o The concept of remotely hosting applications and services started with early web
hosting providers. Websites and applications were hosted on servers managed by third-party
providers.
o This laid the groundwork for the idea of accessing resources and services over the
internet rather than relying solely on local infrastructure.
2. Utility Computing and Grid Computing (2000s):
o Researchers and technologists explored the concept of utility and grid computing,
where computing resources were treated as utilities similar to electricity.
o Utility computing allowed users to pay for computing resources on-demand, similar
to how utilities are billed.
o Grid computing focused on distributing computation tasks across a network of
interconnected machines to solve complex problems.
3. Virtualization and Infrastructure as a Service (IaaS) (Mid-2000s):
o Virtualization technologies enabled the creation of virtual machines (VMs) on a
single physical server. This technology paved the way for more efficient resource utilization.
o Infrastructure as a Service (IaaS) emerged, allowing users to rent virtualized
computing resources, such as virtual machines and storage, from cloud providers.
o Amazon Web Services (AWS) introduced its Elastic Compute Cloud (EC2) service
in 2006, a key milestone in the development of cloud computing.
4. Platform as a Service (PaaS) and Software as a Service (SaaS) (Late 2000s - Early
2010s):
o Platform as a Service (PaaS) offered a higher-level abstraction, providing tools and
frameworks for developers to build, deploy, and manage applications without worrying about
underlying infrastructure.

SVIIT, SVVV INDORE 4

 Mobile and Cloud Security (BTICS701)

o Software as a Service (SaaS) delivered applications over the internet, eliminating the
need for local installations. Examples include Google Apps and Salesforce.
5. Hybrid Cloud and Multi-Cloud (2010s):
o Hybrid cloud environments emerged, allowing organizations to integrate on-
premises infrastructure with public and private cloud resources.
o Multi-cloud strategies gained popularity, where businesses utilized multiple cloud
providers to avoid vendor lock-in and leverage specialized services.
6. Serverless Computing and Microservices (Mid-2010s - Present):
o Serverless computing abstracted server management even further, enabling
developers to focus solely on writing code without managing the underlying infrastructure.
o Microservices architecture gained prominence, breaking applications into smaller,
modular services that can be independently developed, deployed, and scaled.
7. Edge Computing and AI/ML in the Cloud (Recent Trends):
o Edge computing emerged to process data closer to the data source, reducing latency
and enabling real-time decision-making for IoT and other applications.
o Cloud providers integrated advanced AI and machine learning capabilities into their
platforms, making it easier for businesses to leverage these technologies.
8. Security and Compliance Focus (Ongoing):
o Cloud providers have invested heavily in security measures to address concerns
related to data protection, compliance, and privacy.
o Regulations such as GDPR and HIPAA have influenced how cloud providers handle
customer data, leading to improved security practices.

Cloud Computing Life Cycle

The evolution of cloud computing continues with ongoing advancements in areas like quantum
computing, edge AI, containerization, and more. As technology evolves, cloud computing is likely
to play an even more pivotal role in shaping the way businesses and individuals use and benefit
from computing resources.

SVIIT, SVVV INDORE 5

 Mobile and Cloud Security (BTICS701)

Cloud Vocabulary

Certainly! Here's a list of common cloud computing vocabulary and terms:

1. Cloud Computing: The delivery of computing resources (such as processing power,

storage, and networking) over the internet, providing on-demand access to scalable and shared
resources.
2. Public Cloud: A cloud infrastructure that is owned and operated by a third-party cloud
service provider and is available for use by the general public.
3. Private Cloud: A cloud infrastructure that is dedicated to a single organization and is hosted
either on-premises or by a third-party provider.
4. Hybrid Cloud: A combination of public and private cloud environments, allowing data and
applications to be shared between them.
5. Multi-Cloud: The use of multiple cloud service providers to avoid vendor lock-in and take
advantage of different services and features.
6. Infrastructure as a Service (IaaS): Cloud services that provide virtualized computing
resources over the internet, such as virtual machines, storage, and networking.
7. Platform as a Service (PaaS): Cloud services that offer a platform and tools for developers
to build, deploy, and manage applications without managing the underlying infrastructure.
8. Software as a Service (SaaS): Cloud services that deliver software applications over the
internet, eliminating the need for local installations.
9. Serverless Computing: A cloud computing model where developers write code in the form
of functions, and the cloud provider automatically manages the infrastructure required to run those
functions.
10. Containers: Lightweight, portable units that package application code and dependencies
together, allowing consistent deployment across different environments.
11. Microservices: An architectural approach where applications are composed of small,
independent services that communicate with each other to perform specific tasks.
12. Virtualization: The technology that enables the creation of virtual machines or virtual
environments on a physical server, allowing better resource utilization.
13. Elasticity: The ability of cloud resources to automatically scale up or down based on
demand, ensuring optimal performance and cost efficiency.
14. Scalability: The ability of a system to handle increased workloads or users by adding more
resources without compromising performance.
15. Cloud Security: Measures and practices to ensure the protection of data, applications, and
infrastructure in a cloud environment.
16. Data Center: A facility that houses servers, storage, and networking equipment, providing
the necessary infrastructure for cloud computing.
17. Data Migration: The process of transferring data from one location to another, often
involving moving data from on-premises systems to the cloud.
18. API (Application Programming Interface): A set of rules and protocols that allows
different software applications to communicate with each other.
19. Cloud Provider: A company that offers cloud services, infrastructure, and resources to
customers over the internet.
20. SLA (Service Level Agreement): A contract that defines the level of service a customer
can expect from a cloud provider, including performance metrics and guarantees.
21. Latency: The time delay between the initiation of a request and the response from the
system.
22. Data Encryption: The process of converting data into a code to prevent unauthorized
access, ensuring data security and privacy.

SVIIT, SVVV INDORE 6

 Mobile and Cloud Security (BTICS701)

23. Data Backup and Recovery:

23. Strategies and processes to ensure that data is regularly backed up and can be restored in
case of data loss or system failures.
24. Cloud Governance: The framework and policies that organizations implement to manage
and control their cloud resources effectively.
25. Compliance: Adhering to legal and industry regulations related to data privacy, security,
and usage in a cloud environment.

These terms should give you a good foundation to understand and discuss various aspects of cloud
computing.

Essential Characteristics of Cloud Computing

Cloud computing is characterized by several key features that distinguish it from traditional IT
infrastructure. These essential characteristics define the nature and benefits of cloud computing:

1. On-Demand Self-Service: Users can provision and manage computing resources, such as
virtual machines, storage, and networks, without human intervention from the service provider. This
allows for instant access and control over resources.
2. Broad Network Access: Cloud services are accessible over the internet through a variety
of devices, including laptops, smartphones, and tablets. Users can access resources from anywhere
with an internet connection.
3. Resource Pooling: Cloud providers pool resources, such as processing power, memory, and
storage, to serve multiple customers. These pooled resources are dynamically allocated based on
demand, leading to efficient utilization.
4. Rapid Elasticity: Cloud resources can be quickly scaled up or down to accommodate
changes in workload. This elasticity enables applications to handle traffic spikes and variations in
demand.
5. Measured Service: Cloud usage is metered, and customers are billed based on their
consumption of resources. This pay-as-you-go model allows users to pay only for the resources they
actually use, promoting cost efficiency.

These essential characteristics collectively define the flexibility, scalability, and cost-effectiveness
that cloud computing offers to individuals and businesses. They enable organizations to quickly
deploy and manage applications, respond to changing demands, and optimize resource utilization.

Cloud Components
It has three components.
➢ Client computers
➢ Distributed Servers
➢ Datacentres

SVIIT, SVVV INDORE 7

 Mobile and Cloud Security (BTICS701)

Schematic Sketch of Interconnection of Cloud Components

Cloud deployment models

Cloud computing offers different deployment models that cater to varying business needs and
preferences. These deployment models define how cloud resources are provisioned and accessed.
The four primary cloud deployment models are:

1. Public Cloud:
o In a public cloud, cloud services and resources are owned and operated by third-party
providers and are made available to the general public over the internet.
o Resources are shared among multiple customers, resulting in cost efficiency due to
economies of scale.
o Public clouds offer scalability, flexibility, and accessibility, making them suitable for
a wide range of applications and organizations.
2. Private Cloud:
o A private cloud is dedicated to a single organization and can be hosted either on-
premises or by a third-party provider.
o Private clouds provide greater control, customization, and security, making them
suitable for organizations with specific compliance requirements or sensitive data.
o They can be more costly to set up and maintain compared to public clouds but offer
enhanced privacy and isolation.

Schematic Sketch of Private Cloud

SVIIT, SVVV INDORE 8

 Mobile and Cloud Security (BTICS701)

3. Hybrid Cloud:
o A hybrid cloud combines elements of both public and private clouds, allowing data
and applications to be shared between them.
o Organizations use a hybrid cloud to leverage the benefits of both deployment models.
For instance, they might run sensitive workloads in a private cloud while utilizing the scalability of
a public cloud for less critical tasks.
o Hybrid clouds offer flexibility, scalability, and the ability to optimize costs based on
workload demands.

Schematic Sketch of Hybrid Cloud

4. Multi-Cloud:
o Multi-cloud refers to the practice of using services and resources from multiple cloud
providers.
o Organizations adopt a multi-cloud strategy to avoid vendor lock-in, take advantage
of specialized services from different providers, and distribute workloads for redundancy and
disaster recovery.
o Managing multiple cloud environments requires careful coordination and
integration.

Each deployment model has its own advantages and challenges. Choosing the appropriate
deployment model depends on factors such as security requirements, data sensitivity, scalability
needs, budget constraints, and business objectives. It's important to assess your organization's
unique needs and goals when deciding on a cloud deployment strategy.

SVIIT, SVVV INDORE 9

 Mobile and Cloud Security (BTICS701)

Cloud Service Models

Cloud computing offers different service models that define the level of control, responsibility, and
management provided to users. These service models cater to various IT needs and preferences. The
three primary cloud service models are:

1. Infrastructure as a Service (IaaS):

o IaaS provides virtualized computing resources over the internet, including virtual
machines, storage, and networking components.
o Users have control over the operating systems, applications, and configurations
running on the virtual machines.
o IaaS offers the most flexibility and control compared to other service models, making
it suitable for businesses that require custom configurations and complete control over their
infrastructure.
2. Platform as a Service (PaaS):
o PaaS offers a platform and environment for developers to build, deploy, and manage
applications without managing the underlying infrastructure.
o Users focus on writing and deploying code while the cloud provider handles the
underlying platform, including runtime, middleware, and operating system.
o PaaS promotes faster development and deployment cycles and is suitable for
developers who want to focus on coding rather than infrastructure management.
3. Software as a Service (SaaS):
o SaaS delivers software applications over the internet on a subscription basis. Users
access the application through a web browser without needing to install or maintain software locally.
o The cloud provider manages the entire infrastructure, including maintenance,
updates, and security.
o SaaS is user-friendly and accessible from anywhere, making it ideal for non-
technical users and businesses seeking hassle-free access to software applications.

Each service model offers a different balance of control and convenience. The choice of service
model depends on factors such as the level of customization needed, the technical expertise of the
users, the speed of development required, and the resources available to manage the infrastructure.

SVIIT, SVVV INDORE 10

 Mobile and Cloud Security (BTICS701)

Aspect Infrastructure as a Platform as a Software as a

Service (IaaS) Service (PaaS) Service (SaaS)
Description Provides virtualized Provides a platform Delivers software
computing resources and environment applications over the
(servers, storage, for developers to internet on a
networking) on- build, deploy, and subscription basis.
demand. Users manage Users access and
manage the OS, applications. Users use the software
middleware, and focus on coding without worrying
applications. and application about infrastructure
development. or development
tasks.
Control High control over Moderate control Limited control over
infrastructure and over the the software. Users
OS. Users are application and can configure
responsible for data. Users manage settings but have no
managing and the application and control over the
maintaining their data, but the infrastructure or
virtual machines underlying code.
(VMs). infrastructure is
abstracted away.
Responsibility User is responsible User is responsible Cloud provider is
for managing and for managing the responsible for
maintaining the application, data, managing and
operating system, and configuration. maintaining the
middleware, runtime, The cloud provider entire software
and applications. manages the stack, including
underlying infrastructure,
infrastructure. application code,
and updates.
Scalability Users can scale up or Easily scalable, Scalability is
down by adding or allowing handled entirely by

SVIIT, SVVV INDORE 11

 Mobile and Cloud Security (BTICS701)

removing virtual developers to focus the cloud provider.

machines and on coding and Users typically have
resources as needed. deploying limited control over
applications, while scalability options.
the platform
manages resources.
Development Infrastructure and Application No development
Focus application development. required; users only
development. need to configure
and use the
software.
Use Cases Best suited for Ideal for Suitable for end-
scenarios where developers and users and
users require control teams building and organizations
over the operating deploying looking for ready-
system, middleware, applications made software
and applications. without worrying solutions without
Commonly used for about infrastructure the need for
hosting virtual management. development or
servers, databases, Commonly used maintenance.
and custom for web and mobile Commonly used for
applications. app development. email, productivity
suites, and
collaboration tools.
Examples Amazon Web Heroku, Google Salesforce, Google
Services (AWS), App Engine, Workspace,
Microsoft Azure, Microsoft Azure Dropbox, Zoom.
Google Cloud App Service.
Platform (GCP),
DigitalOcean.

Keep in mind that the specific features and capabilities of cloud services may vary between
providers and can change over time, so it's essential to consider your specific requirements when
choosing the right cloud service model and provider for your needs.

Multi- Tenancy

Multi-tenancy is a software architecture and deployment model where a single instance of an

application, database, or system serves multiple clients, referred to as "tenants." Each tenant is
isolated from one another, meaning they can use the system independently and securely without
being aware of each other's presence or data.

In the context of multi-tenancy:

1. Tenants: Tenants are distinct entities (usually organizations or users) that share a common
application or system. Each tenant has its own isolated space within the system, including separate
data storage, configurations, user accounts, and customization options.
2. Isolation: One of the key features of multi-tenancy is isolation. Tenants are kept separate
from each other to prevent data leakage, security breaches, and performance issues. This isolation
is achieved through mechanisms like separate databases, separate data schemas, or virtualization.

SVIIT, SVVV INDORE 12

 Mobile and Cloud Security (BTICS701)

3. Resource Sharing: Multi-tenancy allows efficient resource sharing, as a single instance of

the application serves multiple tenants. This can lead to better resource utilization and cost savings,
especially in cloud-based environments.
4. Customization: Each tenant can customize the application to suit their specific needs, even
though they are sharing the same underlying infrastructure. Customization might include branding,
user interface configurations, workflows, and more.
5. Scalability: Multi-tenant systems need to be designed for scalability to accommodate the
varying needs of multiple tenants. This can involve horizontal scaling (adding more servers) or
vertical scaling (upgrading existing servers).
6. Security: Ensuring the security and privacy of each tenant's data is crucial in multi-tenant
environments. Access controls, encryption, and strong authentication mechanisms are implemented
to prevent unauthorized access to other tenants' data.
7. Updates and Maintenance: Handling updates, patches, and maintenance in a multi-tenant
system requires careful planning. Changes must be rolled out without disrupting the service for all
tenants.
8. Deployment Models: There are various deployment models for multi-tenancy, including:
o Single Instance, Multi-database: Each tenant has its own dedicated database within
a shared instance of the application.
o Single Instance, Shared Database: All tenants share a single database within the
application instance, with data segregation achieved through schema or table partitioning.
o Virtualization: Tenants are hosted in virtualized environments, providing stronger
isolation and resource allocation.

Multi-tenancy is commonly used in various software-as-a-service (SaaS) applications, where

multiple customers or organizations access the same software over the internet while maintaining
their individual data and configurations. It's a popular approach for achieving economies of scale,
efficient resource utilization, and reduced operational costs in cloud computing environments.

Approaches to create a barrier between the Tenants

Creating barriers between tenants in a shared space, such as an apartment building or office
complex, can be essential to maintain privacy and a harmonious environment. There are various
approaches you can take to achieve this:

1. Physical Barriers:
o Walls and Partitions: Constructing walls, partitions, or dividers between different
units can physically separate tenants and reduce noise and visual distractions.
o Room Dividers and Screens: Temporary room dividers or screens can be placed
strategically to create visual separation between areas.
2. Noise Reduction:
o Soundproofing: Incorporate soundproofing materials in walls, floors, and ceilings
to minimize sound transfer between units.
o Noise-Canceling Systems: Install noise-canceling systems that emit counteractive
sound waves to cancel out noise from adjacent units.
3. Privacy Enhancements:
o Window Treatments: Use blinds, curtains, or frosted glass to prevent visual contact
between units while still allowing light in.
o Balcony or Patio Enclosures: Enclose balconies or patios with screens or partitions
to create private outdoor spaces.
4. Shared Space Management:

SVIIT, SVVV INDORE 13

 Mobile and Cloud Security (BTICS701)

o Designated Common Areas: Clearly designate common areas and private areas to
prevent unintentional encroachment on others' space.
o Shared Schedule: Implement a shared schedule for amenities like laundry rooms,
gyms, or conference rooms to ensure fair access.
5. Communication and Guidelines:
o Tenant Agreements: Include clauses in tenant agreements that outline expectations
for noise levels, common area usage, and respect for others' privacy.
o Community Rules: Develop and distribute a set of community rules that promote
respectful behavior and consideration for neighbors.
6. Digital Barriers:
o Network Segmentation: If applicable, set up separate Wi-Fi networks for each unit
to prevent unauthorized access to others' devices and information.
o Virtual Meeting Spaces: Implement virtual meeting rooms for shared spaces,
ensuring each tenant's privacy during video conferences.
7. Landscaping and Exterior Design:
o Landscaping: Use landscaping elements like hedges, trees, or fences to create
natural barriers between units.
o Separate Entrances: Design the building layout to include separate entrances for
different units, minimizing interactions in common areas.
8. Security Measures:
o Access Control: Install key card or keypad access systems to restrict entry to specific
units and shared areas.
o Security Cameras: Place security cameras in common areas to deter misconduct
and provide a sense of security.
9. Mediation and Conflict Resolution:
o Designated Mediators: Appoint or hire mediators who can help resolve conflicts
between tenants and address privacy-related concerns.
10. Community Building:
o Social Events: Organize events that encourage positive interactions among tenants,
fostering a sense of community and cooperation.

Remember that while these approaches can help create barriers and boundaries, open
communication between tenants, clear rules, and a respectful attitude are fundamental to
maintaining a peaceful and harmonious living or working environment.

Cloud Computing Vendors

As of my last knowledge update in September 2021, several major cloud computing vendors
dominate the industry. Please note that the cloud computing landscape is dynamic, and there might
have been changes or new entrants since then. Here are some of the prominent cloud computing
vendors:

1. Amazon Web Services (AWS): AWS is one of the largest and most well-established cloud
providers, offering a wide range of services, including computing power, storage, databases,
analytics, machine learning, and more.
2. Microsoft Azure: Microsoft's cloud platform, Azure, provides a comprehensive suite of
cloud services, including virtual machines, databases, AI, analytics, and developer tools.
3. Google Cloud Platform (GCP): Google Cloud offers services such as computing, storage,
machine learning, data analytics, and networking, leveraging Google's infrastructure and
technology.

SVIIT, SVVV INDORE 14

 Mobile and Cloud Security (BTICS701)

4. IBM Cloud: IBM's cloud services encompass infrastructure as a service (IaaS), platform as
a service (PaaS), and software as a service (SaaS), along with AI, analytics, and blockchain
capabilities.
5. Oracle Cloud: Oracle Cloud provides a range of cloud solutions, including infrastructure,
databases, applications, and development tools, targeting both enterprises and developers.
6. Alibaba Cloud: Alibaba Cloud is a leading cloud provider in Asia, offering a wide range of
services, including computing, storage, databases, and AI, primarily targeting businesses in the
Asia-Pacific region.
7. Salesforce: Known for its customer relationship management (CRM) software, Salesforce
also offers a cloud platform that provides tools for building and deploying applications without the
need for extensive coding.
8. DigitalOcean: DigitalOcean is popular among developers and startups, offering scalable
cloud computing solutions, including virtual machines (droplets) and managed databases.
9. VMware Cloud: VMware's cloud offerings include solutions for virtualization, networking,
and hybrid cloud management, catering to both on-premises and cloud-based environments.
10. Red Hat OpenShift: Red Hat's OpenShift is a container platform that enables organizations
to develop, deploy, and manage containerized applications.
11. Tencent Cloud: Tencent Cloud is a major cloud provider in China, offering a wide array of
cloud services, including computing, storage, databases, and AI.
12. HP Helion: Hewlett Packard Enterprise's (HPE) cloud services offer a range of
infrastructure, storage, and development tools.

These are just some of the notable cloud computing vendors. When selecting a cloud provider, it's
important to consider factors such as the specific services they offer, pricing, data center locations,
security features, compliance offerings, and the suitability of their services for your organization's
needs. Always refer to the latest information from these vendors or consult with a cloud expert to
make informed decisions based on your requirements.

Cloud Computing threats

Cloud computing offers numerous benefits, but like any technology, it also comes with its own set
of security and privacy threats.

SVIIT, SVVV INDORE 15

 Mobile and Cloud Security (BTICS701)

Some common cloud computing threats include:

1. Data Breaches: Unauthorized access to sensitive data stored in the cloud can lead to data
breaches. Weak authentication, improper access controls, or vulnerabilities in the cloud provider's
infrastructure can be exploited by attackers.
2. Insecure APIs: Cloud services often provide Application Programming Interfaces (APIs)
for interaction. Insecure APIs can be targeted by attackers to gain unauthorized access or manipulate
data.
3. Data Loss: Data loss can occur due to accidental deletion, hardware failures, or software
glitches in the cloud provider's infrastructure. Users should ensure they have proper backup and
recovery strategies in place.
4. Insider Threats: Malicious or negligent actions by employees, contractors, or other
authorized users can lead to data breaches or unauthorized access.
5. Shared Technology Vulnerabilities: If multiple tenants share the same underlying
hardware and software resources in a cloud environment, vulnerabilities in these resources could
potentially be exploited to breach the security of other tenants.
6. Account Hijacking: Attackers might gain control of user accounts through various means,
such as phishing attacks or weak passwords, and then use these compromised accounts to access
sensitive data.
7. Denial of Service (DoS) Attacks: Cloud services can be targeted with DoS attacks,
overwhelming the resources and rendering the service unavailable.
8. Malware Injection: Malicious software can be injected into cloud services, potentially
spreading across multiple tenants' environments.
9. Loss of Governance: Organizations might lose control over their data and processes if
they're heavily reliant on third-party cloud services.
10. Lack of Transparency: Cloud providers may not always provide detailed information about
their security practices and infrastructure, making it challenging for users to assess the actual
security level.

SVIIT, SVVV INDORE 16

 Mobile and Cloud Security (BTICS701)

11. Data Interception: Data in transit between a user and the cloud provider could be
intercepted by attackers, compromising confidentiality.
12. Insecure Data Handling: Inadequate encryption, insecure storage practices, and improper
data handling can lead to unauthorized access and data exposure.
13. Non-Compliance: Storing sensitive data in the cloud might raise compliance concerns if
the cloud provider's infrastructure doesn't meet regulatory requirements.
14. Vendor Lock-In: Organizations can face difficulties when switching cloud providers due
to differences in architecture and proprietary technologies.

To mitigate these threats, organizations should adopt a comprehensive cloud security strategy that
includes the following:

• Strong Authentication and Access Controls: Implement multi-factor authentication,

strong password policies, and role-based access controls.
• Data Encryption: Encrypt data both at rest and in transit using strong encryption
algorithms.
• Regular Audits and Monitoring: Regularly audit and monitor access logs and activity to
detect unusual behavior.
• Vendor Due Diligence: Choose reputable cloud providers with a strong track record in
security.
• Security Policies and Training: Develop and enforce security policies, and provide training
to employees to raise awareness about cloud security best practices.
• Data Backups: Regularly backup critical data to ensure data recovery in case of a breach or
data loss.
• Incident Response Plan: Have a well-defined plan in place to respond to security incidents
swiftly and effectively.

Remember that cloud security is a shared responsibility between the cloud provider and the
customer. Organizations must understand their role in securing their data and applications in the
cloud environment.

Cloud Reference Model

The Cloud Reference Model provides a conceptual framework for understanding the different
components and aspects of cloud computing. It doesn't specify technologies or implementations but
rather outlines the fundamental functions and relationships that constitute a cloud computing
environment. The National Institute of Standards and Technology (NIST) has developed a widely
recognized Cloud Reference Model that includes five essential components:

1. Cloud Service Models:

o Infrastructure as a Service (IaaS): Provides virtualized computing resources over
the internet, including virtual machines, storage, and networking components. Users have control
over the operating systems and applications running on the infrastructure.
o Platform as a Service (PaaS): Offers a platform and environment for developers to
build, deploy, and manage applications without worrying about the underlying infrastructure. It
provides tools and services for application development, such as databases, development
frameworks, and runtime environments.
o Software as a Service (SaaS): Delivers software applications over the internet on a
subscription basis. Users can access and use the software without having to install or manage it
locally.

SVIIT, SVVV INDORE 17

 Mobile and Cloud Security (BTICS701)

2. Cloud Deployment Models:

o Public Cloud: Resources are provided by a third-party cloud provider and are
accessible to multiple customers over the internet. Customers share the same infrastructure but
maintain separate data and configurations.
o Private Cloud: Resources are dedicated to a single organization and are hosted
either on-premises or by a third-party provider. Private clouds offer more control and customization
but may require more maintenance.
o Hybrid Cloud: Combines elements of both public and private clouds, allowing data
and applications to move between them. This model provides flexibility and optimization of
resources.
3. Cloud Service Lifecycle:
o Service Creation: Developing and configuring cloud services based on customer
requirements.
o Service Deployment: Making the cloud services available to users through
provisioning and setup.
o Service Operation: Managing and maintaining the services, including monitoring,
scaling, and troubleshooting.
o Service Termination: Decommissioning and removing services that are no longer
needed.
4. Cloud Essential Characteristics:
o On-Demand Self-Service: Users can provision and manage resources without
human intervention from the service provider.
o Broad Network Access: Services are accessible over the network through standard
mechanisms.
o Resource Pooling: Computing resources are pooled and shared among multiple
users to achieve economies of scale.
o Rapid Elasticity: Resources can be quickly scaled up or down to meet demand.
o Measured Service: Resource usage is automatically monitored, controlled, and
billed based on consumption.
5. Cloud Management Plane:
o Cloud Orchestration: Automating the provisioning, configuration, and
management of cloud resources through scripts or workflows.
o Resource Management: Monitoring and managing the allocation and utilization of
cloud resources.
o Service Catalog: Providing a repository of available services, along with their
descriptions and pricing.
o Policy and Governance: Defining and enforcing rules and policies to ensure
security, compliance, and efficient resource usage.

The Cloud Reference Model serves as a conceptual foundation for discussing and designing cloud
computing environments, helping both technical and non-technical stakeholders understand the
various components and interactions involved in cloud services.

The Cloud Cube Model

The Cloud Cube Model, also known as the 3-Dimensional Cloud Model or the Cloud Service Model,
Deployment Model, and Responsibility Model, is a conceptual framework used to describe the
various dimensions of cloud computing. This model provides a way to categorize and understand
the different aspects of cloud computing based on three key dimensions: Service Models,
Deployment Models, and Responsibility Models.

SVIIT, SVVV INDORE 18

 Mobile and Cloud Security (BTICS701)

Here's a breakdown of each dimension within the Cloud Cube Model:

1. Service Models: The Service Models dimension categorizes cloud computing offerings
based on the level of service provided to users. There are three primary service models:
o Infrastructure as a Service (IaaS): This model provides virtualized computing
resources over the internet. Users can rent virtual machines, storage, and networking components.
They have control over the operating systems, applications, and configurations on the provided
infrastructure.
o Platform as a Service (PaaS): PaaS offers a development and deployment platform
that includes tools, libraries, and runtime environments for building, deploying, and managing
applications. Users can focus on application development without worrying about underlying
infrastructure.
o Software as a Service (SaaS): SaaS delivers complete software applications over
the internet on a subscription basis. Users can access and use the software without needing to install
or manage it locally.

2. Deployment Models: The Deployment Models dimension classifies cloud environments

based on where the cloud infrastructure is located and who controls it. There are three main
deployment models:
o Public Cloud: Resources are provided by a third-party cloud service provider and
are accessible to multiple customers over the internet. Customers share the same infrastructure, and
the provider manages it.
o Private Cloud: Resources are dedicated to a single organization and can be hosted
on-premises or by a third-party provider. Private clouds offer more control and customization.
o Hybrid Cloud: Hybrid clouds combine elements of public and private clouds,
allowing data and applications to move between them. This model offers greater flexibility and
optimization of resources.
3. Responsibility Models: The Responsibility Models dimension defines the division of
responsibilities between the cloud service provider and the cloud consumer (user). There are two
main responsibility models:
o Cloud Provider Responsibilities: In this model, the cloud service provider is
responsible for managing the underlying infrastructure, including hardware, networking, and data
center operations.
o Cloud Consumer Responsibilities: Cloud consumers are responsible for managing
their applications, data, configurations, and security settings within the cloud environment.

SVIIT, SVVV INDORE 19

 Mobile and Cloud Security (BTICS701)

The Cloud Cube Model helps individuals and organizations better understand the complexities and
nuances of cloud computing by visualizing how different cloud service models, deployment models,
and responsibility models intersect. It also aids in making informed decisions when selecting the
appropriate cloud solutions based on an organization's needs, preferences, and levels of control.

Security for Cloud Computing

Security is a critical consideration in cloud computing due to the shared nature of resources and the
potential exposure of sensitive data. Cloud providers and customers share the responsibility for
maintaining a secure environment. Here are key security practices to ensure the security of cloud
computing:

1. Data Encryption:
o Data at Rest: Encrypt data stored in cloud storage to protect it from unauthorized
access in case of breaches.
o Data in Transit: Use encryption protocols (e.g., TLS/SSL) to secure data transferred
between users and the cloud.
2. Identity and Access Management (IAM):
o Implement strong authentication mechanisms such as multi-factor authentication
(MFA) for user access.
o Use role-based access control (RBAC) to ensure users have appropriate permissions.
3. Security Auditing and Logging:
o Regularly monitor and log activities in the cloud environment to detect and respond
to suspicious behavior.
o Analyze logs to identify potential security incidents or policy violations.
4. Vulnerability Management:
o Regularly scan for vulnerabilities in cloud resources and applications.
o Apply security patches and updates promptly to mitigate known vulnerabilities.
5. Network Security:
o Implement firewalls and network segmentation to isolate different parts of the cloud
environment.
o Use intrusion detection and prevention systems to monitor and block malicious
activities.
6. Cloud Provider Evaluation:
o Select reputable cloud providers with strong security practices, compliance
certifications, and transparent security policies.
o Understand the shared responsibility model to know what security measures the
provider is responsible for.
7. Data Segregation and Isolation:
o Ensure that data from different customers is logically separated to prevent
unauthorized access.
o Implement isolation mechanisms to prevent data leakage between tenants.
8. Incident Response Plan:
o Develop a clear incident response plan to address security breaches or incidents
promptly and effectively.
o Define roles, responsibilities, and communication channels for responding to
incidents.
9. Backup and Recovery:
o Regularly back up critical data and ensure there's a well-defined recovery strategy in
case of data loss or breaches.

SVIIT, SVVV INDORE 20

 Mobile and Cloud Security (BTICS701)

10. Security Compliance:

o Comply with industry regulations and standards relevant to your organization's
operations.
o Regularly assess and document compliance with security policies.
11. Secure Development Practices:
o Apply secure coding practices when developing applications for the cloud to prevent
vulnerabilities.
o Implement regular security testing, including code reviews and vulnerability
assessments.
12. User Education and Training:
o Educate users and employees about cloud security best practices, phishing
awareness, and data protection.
o Foster a security-conscious culture within the organization.
13. Physical Security and Environmental Controls:
o Ensure that the physical data centers used by the cloud provider have robust security
measures in place.
14. Legal and Compliance Considerations:
o Address legal and compliance issues related to data protection, privacy, and cross-
border data transfers.

Remember that cloud security is an ongoing effort that requires collaboration between cloud
providers and customers. Regular assessments, audits, and continuous improvement are essential to
maintain a secure cloud computing environment.

How Security Gets Integrated

Security is integrated into cloud computing through a combination of measures, practices, and
technologies aimed at ensuring the confidentiality, integrity, and availability of data and resources
within the cloud environment. The integration of security in cloud computing involves both the
cloud service provider and the cloud customer, following a shared responsibility model. Here's how
security is integrated:

1. Secure Infrastructure:
o Cloud providers deploy and maintain secure data centers with physical security
measures, such as access controls, surveillance, and environmental monitoring.
o Network security is enforced with firewalls, intrusion detection/prevention systems,
and network segmentation.
2. Authentication and Authorization:
o Cloud providers implement strong authentication mechanisms for users accessing
cloud services.
o Role-based access controls (RBAC) ensure that users have appropriate permissions
based on their roles.
3. Encryption:
o Data encryption is used to protect data at rest and in transit. Cloud providers often
offer encryption options for data storage.
o Transport Layer Security (TLS) protocols secure data during transmission.
4. Identity and Access Management (IAM):
o Cloud providers offer IAM services to manage user identities and access rights.
o Users are granted the least privilege necessary to perform their tasks.
5. Vulnerability Management:

SVIIT, SVVV INDORE 21

 Mobile and Cloud Security (BTICS701)

o Cloud providers regularly assess and patch their infrastructure to address

vulnerabilities.
o Customers are responsible for keeping their virtual machines and applications up to
date.
6. Security Auditing and Monitoring:
o Cloud providers offer logging and monitoring services to track user activities and
system events.
o Auditing helps detect and respond to suspicious behavior and security incidents.
7. Incident Response and Recovery:
o Cloud providers have incident response plans to address security breaches.
o Customers should also have incident response plans tailored to their applications and
data.
8. Compliance and Certifications:
o Cloud providers often undergo third-party audits and obtain certifications to
demonstrate compliance with security standards.
9. Shared Responsibility Model:
o Cloud security is a shared responsibility between the provider and the customer.
o Cloud providers secure the underlying infrastructure, while customers secure their
applications and data.
10. Security Services and Tools:
o Cloud providers offer security services such as web application firewalls (WAFs),
intrusion detection, and data loss prevention (DLP).
o Customers can utilize these services to enhance their application and data security.
11. Secure Development Practices:
o Both cloud providers and customers should follow secure coding practices to prevent
vulnerabilities in applications and services.
12. User Education:
o Cloud providers offer educational resources to help customers understand and
implement security best practices.
o Customers educate their users about phishing, data handling, and security awareness.
13. Continuous Improvement:
o Security measures should be regularly assessed, and improvements should be made
based on evolving threats and technology.

The integration of security in cloud computing requires a holistic approach that addresses various
layers of the cloud environment. By leveraging a combination of technical controls, security
practices, and collaboration between providers and customers, cloud computing can provide a secure
and trustworthy environment for hosting applications and managing data.

SVIIT, SVVV INDORE 22