CLOUD SECURITY

21CS3287R

Course Description (Description about the subject):

To successful cloud adoption is dependent on putting in place adequate countermeasures to
defend against modern-day cyber-attacks. Regardless of whether our organization operates in a
public, private, or hybrid cloud environment, cloud security solutions and best practices are a
necessity when ensuring business continuity
Chapter 2: Extension of Security Concepts

Session 4-Availability, Access control, Defense in depth

4.1 Aim

To introduce students to the Extension concepts of Security.

Familiarize students with important concepts such as Availability, Access control, Defense in
depth.

4.2 Instructional Objectives

The basic objective is to provide security to our data available in the cloud. Identifying common
threats to availability and develop strategies for enhancing system availability and discussing
access control best practices and design defense in depth strategy. Explain the concept of least
privilege and its importance in cloud security.

4.3 Learning Outcomes

At end of the session, Students are expected to know the importance of security concepts of
cloud security i.e Availability, Access Control, Defense in Depth, least privilege.

4.4 Module Description

The objective of a cloud security course is to provide students with the knowledge and skills
necessary to secure cloud environments. This includes understanding the unique security
challenges of the cloud, as well as the best practices for mitigating those challenges.
4.5 Session Introduction

Availability is one of the key pillars of cloud security, alongside confidentiality and integrity. In
the context of cloud computing, availability refers to the assurance that cloud services and
resources are accessible and operational when needed. Ensuring high availability is essential for
maintaining the reliability and performance of cloud-based applications, data, and services. In
cloud security, availability focuses on protecting against threats and incidents that can disrupt
or impair the availability of cloud resources.

Access control is a fundamental concept in cloud security that revolves around the
management of permissions and restrictions to control who can access, use, and manage cloud
resources and data. It plays a critical role in safeguarding sensitive information, preventing
unauthorized access, and protecting against security breaches and data leaks in cloud
computing environments. Access control mechanisms are designed to enforce the principle of
least privilege, ensuring that users and entities have the minimum level of access necessary to
perform their tasks.

Defense in depth is a comprehensive and multi-layered security strategy designed to protect

cloud environments from a wide range of threats and vulnerabilities. It recognizes that no
single security measure is foolproof and that a combination of security mechanisms and
practices should be employed to create a robust defense posture. In the context of cloud
security, defense in depth is crucial for safeguarding data, applications, and infrastructure from
various cyber threats and ensuring the resilience of cloud-based systems.

4.6 Session description

4.6.1 Availability

Availability is one of the key principles in cloud security, and it focuses on ensuring that cloud
services and resources are accessible and operational when needed. It involves protecting
against threats, errors, and failures that can disrupt the availability of cloud systems.

Availability is an important part of service-level agreements in cloud computing to ensure that

infrastructure can continue to function even if a component fails. If there is poor availability, a
business is unable to access its data or applications -- and potentially loses revenue.

Availability addresses points of failure within systems, databases and applications. High
availability, sometimes referred to as HA, better protects companies from disruptions, and it
supports productivity and reliability.
Follow these three best practices to achieve high availability in cloud computing.

a) Determine how much uptime we need

Uptime is a measurement of how long a system properly functions. A service-level agreement

(SLA) between a cloud service provider and a customer will state the cloud's expected
availability and potential consequences for failing to meet it.

Large providers, such as AWS, Microsoft Azure and Google Cloud, have SLAs of at least 99.9%
availability for each paid service. The provider promises its customers that they will experience
less than nine hours of downtime over the course of a year. The more nines in the number, the
less downtime the customer can expect to experience in a year.

Application complexity can affect uptime. For example, simple websites could see availability of
99.9999% -- approximately 31.6 seconds of downtime each year -- because there are very few
points of failure. On the other hand, a more complex monolithic web application that has more
components, such as caching servers or object storage, creates more points of failure and may
make high availability difficult. Enterprises can employ additional redundancies to ensure
uptime, but that increases costs.

The required amount of uptime an application needs largely depends on how important it is.
For example, users visiting a lawn care e-commerce giant's site may be more forgiving if
downtime occurs than users of an emergency services provider. When negotiating an SLA with
a cloud service provider, a business should weigh the consequences of downtime for its users
and what it can afford. Not everything needs 99.999999% availability.

b) Understand core high availability components

High availability may cost a lot of time and money, but it is essential for mission-critical
applications. However, the key to high availability is to apply the right amount of resources to a
workload. There are many tools to ensure that workloads remain accessible during internal or
external disruptions. Organizations should apply the right resources and availability
requirements to a given workload to balance reliability and performance with costs.
There are several components to a public cloud platform that organizations should understand
to weigh the benefits and costs of high availability

Physical locations. Organizations achieve high availability through finding and eliminating single
points of failure and by distributing redundant instances across availability zones.

Networking. A good network connection is essential when transferring data between the cloud
and local storage. Some workloads require dedicated connectivity.

Compute instances. In public clouds, servers take the form of compute instances. A cloud
customer can organize those instances into clusters or create backup instances for failover,
which can cost more.

Storage instances. Data from applications is kept in storage instances, and cloud storage
services are highly available. This removes the need for replication. However, be wary of
storage becoming a single point of failure for applications.

Load balancing. Load balancing is how organizations direct traffic to multiple compute
instances to accommodate for more load on the instances. Load balancers are often the first
component to discover, report and modify an instance failure.

IP cutover. When an instance fails, the IP address of the failed instance must be remapped to
the alternate instance to redirect traffic.

Monitoring. In terms of SLAs, monitoring can help to validate uptime availability. It also serves
to reveal availability complications as well as track cloud resource usage.

c)Assess application needs before adding HA

It's easy to apply services such as load balancing and IP addressing schemes to the cloud. But
every application is different, and cloud users should assess their needs before applying high
availability. Before adding high availability to an application, ask these questions:
Does the workload benefit from HA? High availability isn't always the best fit, in terms of cost
and complexity. An admin might select a high availability workload type even when it is not
necessary.

Does cloud HA justify the cost? Consider the amount of expected downtime and how users will
react to this. Then determine the maximum allowable downtime and implement the right high
availability strategies to make certain that requirement is met. Monitoring and recording cloud
availability and downtime is a way to know the acceptable performance.

Is HA applied to the right assets? Figure out what the organization's goals are, such as optimal
performance and workload availability. Evaluate what is the most valuable aspect for the cloud
workload and how uptime requirements will benefit these goals.

Is HA more complex than necessary? High availability comes from a wide range of technologies
and procedures that can be used or combined. Evaluate whether there is a simpler way to
achieve protection from downtime that would cost less money.

Does cloud HA work as intended? Evaluate the high availability setup to make certain the
deployment was successful. Review performance against disruption from physical events, such
as natural disasters. Audit the infrastructure to ensure the established requirements are being
met. If instances fail, they should bounce back within a justifiable time frame and without data
loss, as specified in the SLA.

4.6.1.1 Issues affecting cloud security availability

a)Human Error

Misconfiguration: Incorrectly configuring cloud resources can unintentionally expose

vulnerabilities or disrupt service availability.

Unauthorized access: Accidental sharing of login credentials or weak access controls can grant
unauthorized users access to resources, potentially leading to outages or data breaches.

Shadow IT: The use of unsanctioned cloud services outside of IT control can bypass security
measures and create unmanaged vulnerabilities.
b)Technical Challenges

Distributed Denial-of-Service (DDoS) attacks: These attacks can overwhelm cloud servers with
traffic, causing outages and preventing legitimate users from accessing resources.

System failures: Hardware or software failures within the cloud provider's infrastructure can
lead to service disruptions.

Data loss: Accidental deletion, corruption, or ransomware attacks can result in data
loss, hindering access and impacting operations.

c)Security Threats

Advanced persistent threats (APTs): These targeted attacks employ sophisticated techniques to
compromise cloud systems and steal sensitive data or disrupt operations.

Insider threats: Malicious insiders with authorized access can abuse their privileges to cause
damage or disrupt services.

Zero-day exploits: Newly discovered vulnerabilities in cloud platforms or applications can be

exploited before patches are available, potentially leading to widespread outages.

4.6.1.2 Solutions for improving cloud security availability

a)Preventing Human Error

Implement least privilege access control: Grant users only the minimum permissions required
for their work.

Use multi-factor authentication (MFA): Add an extra layer of security beyond passwords to
prevent unauthorized access.

Educate users on cloud security best practices: Train employees on safe cloud usage and how
to identify phishing attempts.

Monitor and audit access logs: Regularly review access logs to detect suspicious activity.

b)Mitigating Technical Challenges

Utilize DDoS protection services: Invest in DDoS mitigation solutions to defend against these
attacks.

Implement redundant infrastructure: Design our cloud infrastructure with redundancy to

ensure availability in case of hardware or software failures.
Backup and disaster recovery: Regularly back up our data and have a disaster recovery plan in
place to quickly restore operations in case of an outage.

c)Enhancing Security Posture

Use Cloud Security Posture Management (CSPM) tools: These tools help us continuously
monitor and assess our cloud environment for security risks and misconfigurations.

Patch vulnerabilities promptly: Regularly update our operating systems, applications, and
cloud platform configurations with the latest security patches.

Conduct penetration testing: Simulate cyberattacks to identify and address vulnerabilities

before real attackers can exploit them.

Implement threat detection and response: Deploy security tools and processes to detect and
respond to security incidents quickly and effectively.

4.6.2 Access control

Access control is a fundamental aspect of cloud security that focuses on managing and
restricting access to cloud resources and data. It plays a critical role in safeguarding sensitive
information and preventing unauthorized users from compromising the confidentiality,
integrity, and availability of cloud systems.

Best practices of access control in the context of cloud secure include

a)Identity and Access Management (IAM)

IAM is a core component of access control in the cloud. It involves the management of user
identities, roles, and permissions. Cloud providers typically offer IAM services that enable
organizations to define and enforce access policies for their resources. IAM allows organizations
to control who can access what, and what actions they can perform within the cloud
environment.

b)Role-Based Access Control (RBAC)

RBAC is a method of access control that assigns permissions to roles, which are then associated
with users or groups. This approach simplifies access management and ensures that users have
the appropriate level of access based on their roles and responsibilities.
c)Multi-Factor Authentication (MFA)

MFA enhances access security by requiring users to provide two or more types of
authentication factors before gaining access to cloud resources. These factors often include
something the user knows (e.g., password) and something the user has (e.g., a smartphone for
a one-time code).

d) Employ Multi-Factor Authentication (MFA)

Require a second factor of authentication beyond a password to verify user identity. This
significantly reduces the risk of unauthorized access.

e)Leverage Strong Password Policies

Enforce minimum password complexity, length, and rotation requirements. Consider password
managers and avoid reusing passwords across different accounts.

f)Utilize a Zero-Trust Security Model

Don't assume trust based on identity or location. Verify every access request before granting
permission, even for internal users and devices.

g)Train Employees on Cloud Security

Educate the staff on cyber security best practices to prevent accidental data breaches and
phishing attacks.

4.6.3 Defense in depth

Defense in depth, often referred to as layered security, is a comprehensive strategy for cloud
security that involves the implementation of multiple layers of security measures to protect
cloud resources and data from various threats and vulnerabilities. This approach is designed to
provide redundancy and multiple lines of defense, making it more challenging for attackers to
breach an organization's cloud environment.

Best practices for defense in depth in the context of cloud security

a)Multiple Security Layers

Defense in depth involves establishing multiple layers of security controls at different levels of
the cloud infrastructure. These layers can include network security, application security, data
security, and user access controls.
b)Perimeter Defense

The outermost layer typically includes perimeter defenses like firewalls and intrusion detection
systems (IDS) to filter and monitor incoming and outgoing traffic, identifying and blocking
malicious activity.

c)Shared responsibility model: Understand that cloud providers manage certain security
aspects, while we're responsible for others. Clearly define and fulfill our own security
obligations.

d)Identity and access management (IAM): Implement least privilege access control, multi-
factor authentication (MFA), and strict password policies to prevent unauthorized access.

e)Network segmentation: Divide our cloud environment into separate segments based on
sensitivity and functionality, limiting the spread of breaches and malware.

f)Encryption: Encrypt data at rest and in transit to ensure confidentiality even if attackers gain
access to certain segments.

4.7 Activities/ Case studies/ Important facts related to the session

Cloud service providers (CSPs) typically offer robust infrastructure and redundancy measures to
ensure high availability of cloud services. This includes data replication across multiple data
centers and load balancing techniques.

CSPs often provide Service Level Agreements (SLAs) that define the level of availability they
guarantee. It is important for organizations to understand these SLAs and assess if they meet
their specific requirements.

DDoS (Distributed Denial of Service) attacks pose a threat to availability in the cloud. CSPs
employ various mitigation strategies to prevent and mitigate such attacks, including traffic
analysis, rate limiting, and intelligent filtering techniques.

Organizations should also consider their own availability requirements and implement
measures such as application redundancy, disaster recovery plans, and regular backups to
ensure business continuity.
Access:

Access control is crucial in cloud security to prevent unauthorized users from accessing
sensitive data and resources. Identity and Access Management (IAM) systems are used to
manage user authentication, authorization, and access privileges.

Strong authentication mechanisms, such as multi-factor authentication (MFA), are

recommended to enhance access security. This ensures that even if a password is
compromised, an additional factor (such as a code sent to a mobile device) is required for
authentication.

Role-based access control (RBAC) is commonly used to assign permissions based on job roles or
responsibilities. It helps ensure that users have access only to the resources they need to
perform their tasks.

4.8 Table Numbering: NA

4.9 Figures with captions: NA

4.10 Self Assessment Questions

1) What is availability interms of cloud security?

2) What is access control interms of cloud security?

3) What is defense in depth in terms of cloud security?

4.11 Summary

In the world of cloud security ensuring Availability is paramount to guarantee uninterrupted

access to resources. This is achieved through strategies like redundancy, load balancing, and
robust disaster recovery mechanisms, all geared towards minimizing downtime and sustaining
seamless service delivery. Access Control is another critical facet, focusing on managing user
permissions and authentication to prevent unauthorized entry. Identity management, role-
based access control, and multi-factor authentication are key components that enhance
security by adhering to the principle of least privilege. Meanwhile, the concept of Defense in
Depth emphasizes the importance of layered security measures. This approach involves the
integration of multiple security strategies such as network security protocols, encryption
mechanisms, intrusion detection systems, and regular audits. By employing a comprehensive
defense strategy, organizations can fortify their cloud infrastructure against a wide array of
potential threats, establishing a resilient and robust security posture.

4.12 Terminal Questions

 Explain the availability in terms of cloud security

 Explain access control in terms of cloud security
 Explain defense in depth in terms of cloud security

4.13 Case Study: NA

4.14 Answer Key

Self Assessment Questions

1A)

Availability is one of the key pillars of cloud security, alongside confidentiality and integrity. In
the context of cloud computing, availability refers to the assurance that cloud services and
resources are accessible and operational when needed. Ensuring high availability is essential for
maintaining the reliability and performance of cloud-based applications, data, and services. In
cloud security, availability focuses on protecting against threats and incidents that can disrupt
or impair the availability of cloud resources.

2A)

Access control is a fundamental concept in cloud security that revolves around the
management of permissions and restrictions to control who can access, use, and manage cloud
resources and data. It plays a critical role in safeguarding sensitive information, preventing
unauthorized access, and protecting against security breaches and data leaks in cloud
computing environments. Access control mechanisms are designed to enforce the principle of
least privilege, ensuring that users and entities have the minimum level of access necessary to
perform their tasks.

3A)

Defense in depth is a comprehensive and multi-layered security strategy designed to protect

cloud environments from a wide range of threats and vulnerabilities. It recognizes that no
single security measure is foolproof and that a combination of security mechanisms and
practices should be employed to create a robust defense posture. In the context of cloud
security, defense in depth is crucial for safeguarding data, applications, and infrastructure from
various cyber threats and ensuring the resilience of cloud-based systems.

4.15 Glossary
Availability- Availability is an important part of service-level agreements in cloud computing to
ensure that infrastructure can continue to function even if a component fails. If there is poor
availability, a business is unable to access its data or applications -- and potentially loses
revenue.
Access control- Access Control in Cloud Computing refers to the ability to restrict access to
information stored on the cloud. This allows companies to ensure their information is secured
and helps minimize risk. Access Control is done through authentication processes which can
include passwords, PINs, and multi-factor authentications. There are also various types of
Access Control that can be implemented at an organization which authorize the verified
employees to access company resources; authorization to access can be restricted depending
on factors like one’s role, attributes, and more.

4.16 References of books, sites, links

Reference Books:

1. Ellis Horowitz, SartajSahni and Sanguthevar Rajasekaran, “Fundamentals of Computer

Algorithms”, 2nd Edition, University Press, 2008.

Cormen, Leizerson&Rivest, “Introduction to algorithms”, 3rd Edition, Prentice-Hall, 200

3. Jon Kleinberg and Eva Tardos, “Algorithm Design”, Pearson Education, 2006.

Sites and Web links:

1. Linkedin, Cybersecurity with Cloud Computing, Malcolm Shore

https://www.linkedin.com/learning/cybersecurity-with-cloud-computing-2.

Linkedin, Cloud Security Architecture for the Enterprise, Karl Ots

https://www.linkedin.com/learning/cloud-security-architecture-for-the-enterprise.

3. Ourtube Cloud Security for Dummies Serge Borso

https://www.ourtube.com/watch?v=8OC0lj53KKI

4.17 Keywords: Least privilege, Security Management.

 Session 5- Least privilege, Importance of security in the cloud

5.1 Aim

To introduce students to the Extension concepts of Security.

Familiarize students with important concepts such as Least privilege, Importance of security in
the cloud.

5.2 Instructional Objectives

The basic objective is to provide security to our data available in the cloud. Identifying common
threats to availability and develop strategies for enhancing system availability and discussing
access control best practices and design defense in depth strategy. Explain the concept of least
privilege and its importance in cloud security.

5.3 Learning Outcomes

At end of the session, Students are expected to know the importance of security concepts of
cloud security i.e Availability, Access Control, Defense in Depth, least privilege.

5.4 Module Description

The objective of a cloud security course is to provide students with the knowledge and skills
necessary to secure cloud environments. This includes understanding the unique security
challenges of the cloud, as well as the best practices for mitigating those challenges.

5.5 Session Introduction

Least privilege, often referred to as the principle of least privilege (POLP), is a foundational
concept in cloud security that focuses on restricting access rights and permissions to the
minimum necessary for users, systems, or applications to perform their tasks. This security
principle is based on the idea that by reducing access privileges to the bare minimum,
organizations can mitigate the risk of unauthorized access, privilege abuse, and potential
security breaches in cloud computing environments.

5.6 Session description

5.6.1 Least Privilege

The concept of least privilege is a critical security practice in cloud computing that aims to
reduce the risk of security breaches, unauthorized access, and privilege abuse by ensuring that
users, systems, and applications are granted only the minimum level of access and permissions
necessary to perform their specific functions. This approach is founded on the principle that
individuals or entities should have the least amount of privilege required to accomplish their
tasks effectively.

Best practices of least privilege for cloud security

a) Access Restriction: Least privilege involves a systematic approach to access control in cloud
environments. It means that every user, whether human or machine, is granted the smallest
possible level of access needed to carry out their job responsibilities or functions. Any
additional access is seen as unnecessary and potentially risky.

b) Granularity: Implementing least privilege often involves a granular approach to defining

access rights and permissions. Rather than providing broad, all-encompassing permissions,
organizations specify precise permissions for each user or role. This fine-grained approach
minimizes the potential for unintended access to sensitive resources.

c) User and Role-Based Access Control: To enforce least privilege effectively, cloud service
providers offer Identity and Access Management (IAM) solutions that enable organizations to
define and manage access rights based on user roles and responsibilities. Roles and
responsibilities are clearly defined, and permissions are assigned accordingly.

d) Audit and Monitoring: Regular monitoring and auditing of access rights and permissions are
vital to maintaining least privilege. Continuous monitoring helps ensure that access privileges
remain aligned with the established security model and policies. If access rights change, it can
be detected and addressed promptly.
e) Privilege Escalation Mitigation: Organizations should actively prevent and mitigate privilege
escalation, which occurs when users or systems gain more access than initially granted. This
requires strategies and controls that limit the potential for unauthorized privilege escalation.

f) Data Access Control: Least privilege extends to data access as well. Organizations should
ensure that data is only accessible by those individuals or systems that genuinely require it for
their designated roles or functions. Sensitive data should be adequately protected to prevent
unauthorized access.

g)Risk Reduction: The implementation of least privilege is a proactive risk reduction strategy.
By limiting access to the minimum necessary, organizations reduce their attack surface and
minimize the potential impact of security incidents, data breaches, and privilege misuse.

h)Compliance and Auditing: In regulated industries, adherence to the least privilege principle
aligns with compliance requirements and makes it easier to demonstrate compliance with data
protection regulations and industry standards. Audit trails and compliance reports help validate
adherence to least privilege practices.

i) Least Privilege in DevOps: Least privilege can also be applied to DevOps practices and cloud
automation processes. Automation scripts and tools should be designed to have minimal
privileges to limit the potential damage caused by misconfigurations or breaches.

5.6.1.1 ISSUES AND SOLUTIONS for LEAST PREVILEGE in the CLOUD

a)Complexity and Scale

Issue: Cloud environments are often complex and large-scale.

Solution: Use automated tools for role creation and management. Leverage Infrastructure as
Code (IaC) to define and manage access policies in a scalable and consistent manner.

b)Role Explosion

Issue: The number of roles can increase significantly, leading to role explosion.

Solution: Implement role hierarchies and group-based access control. Regularly review and
consolidate roles to avoid unnecessary proliferation.

c) Human Error

Issue: Human errors in administering permissions.

Solution: Provide comprehensive training for administrators and users. Implement approval
workflows and use automation to reduce the likelihood of manual errors. Regularly review and
audit permissions.

d) Integration Challenges

Issue: Challenges in integrating least privilege with existing workflows.

Solution: Work closely with development and operations teams to integrate least privilege into
existing processes. Use APIs and automation to facilitate seamless integration with other
systems and applications.

e)Educational Gaps

Issue: Lack of understanding of least privilege principles.

Solution: Conduct regular training sessions for administrators and users. Create documentation
and guidelines to promote best practices. Foster a culture of security awareness within the
organization.

f) Vendor-specific Challenges

Issue: Different cloud providers have unique IAM approaches.

Solution: Implement a consistent approach to IAM using industry standards. Use abstraction
layers or IAM abstraction tools to simplify management across different cloud providers

5.6.2 Importance of security in the cloud

Security is supreme in the cloud, as organizations increasingly rely on cloud computing to store
and process sensitive data. Cloud security is the practice of protecting data, applications, and
infrastructure in the cloud. It encompasses a wide range of measures, including access control,
data encryption, and security monitoring.

There are several reasons why cloud security is so important:

Data is valuable. Cloud-based applications and services often contain sensitive customer
data, such as names, addresses, credit card numbers, and Social Security numbers. This data is a
valuable target for cybercriminals.
Cloud computing is complex. Cloud computing environments are complex and can be difficult to
secure. There are many different components to a cloud environment, including
infrastructure, applications, and data. Securing each of these components is essential.

Compliance is required. Many industries have regulations that require organizations to protect
customer data. For example, the healthcare industry must comply with HIPAA, and the financial
industry must comply with PCI DSS. Cloud security helps organizations meet these compliance
requirements.

Benefits of cloud security

Cloud security offers a number of benefits to organizations, including:

Data protection: Cloud security helps protect data from unauthorized

access, use, disclosure, disruption, modification, or destruction.

Compliance: Cloud security helps organizations meet industry regulations and standards.

Business continuity: Cloud security helps organizations maintain business continuity in the
event of a security breach or other disruption.

Reputation protection: Cloud security helps protect organizations from the reputational
damage that can result from a security breach.

Best practices for cloud security

There are a number of best practices that organizations can follow to improve their cloud
security posture. These include:

Use a shared responsibility model. Cloud providers and cloud customers share responsibility for
cloud security. Cloud providers are responsible for the security of the underlying
infrastructure, while cloud customers are responsible for the security of their data and
applications.

Implement a security framework. A security framework provides a structured approach to cloud

security. It can help organizations identify and mitigate security risks.

Use strong passwords and multi-factor authentication. Strong passwords and multi-factor
authentication can help prevent unauthorized access to cloud accounts.

Encrypt data at rest and in transit. Encrypting data at rest and in transit helps protect it from
unauthorized access.
Monitor cloud activity for suspicious activity. Cloud security monitoring can help organizations
detect and respond to security threats quickly.

By following these best practices, organizations can improve their cloud security posture and
protect their data, applications, and infrastructure.

5.7 Table Numbering: NA

5.8 Figures with captions: NA

5.9 Self Assessment Questions

1) What is least privilege in terms of cloud security?

5.10 Summary

Least privilege is a core principle in cloud security, restricting user access rights to the minimum
necessary for their roles, mitigating risks associated with unauthorized access. This approach
minimizes the attack surface and bolsters overall security by limiting potential misuse of
privileges.

Security is crucial in cloud computing to safeguard sensitive data and applications. The shared
responsibility model underscores the need for collaborative efforts in implementing robust
security measures. Proactive measures, including encryption and access controls, are vital for
maintaining trust, compliance, and the uninterrupted operation of cloud services. Security is
foundational for the successful adoption of cloud technologies.

5.11 Terminal Questions

 Explain least privilege in terms of cloud security

 Discuss importance of Security in the cloud

5.12 Case Study: NA

5.13 Answer Key

5.14 Self Assessment Questions

1A)

Least privilege, often referred to as the principle of least privilege (POLP), is a foundational
concept in cloud security that focuses on restricting access rights and permissions to the
minimum necessary for users, systems, or applications to perform their tasks. This security
principle is based on the idea that by reducing access privileges to the bare minimum,
organizations can mitigate the risk of unauthorized access, privilege abuse, and potential
security breaches in cloud computing environments.

5.15 Glossary
References of books, sites, links:

Reference Books:

1. Ellis Horowitz, SartajSahni and Sanguthevar Rajasekaran, “Fundamentals of Computer

Algorithms”, 2nd Edition, University Press, 2008.

Cormen, Leizerson&Rivest, “Introduction to algorithms”, 3rd Edition, Prentice-Hall, 200

3. Jon Kleinberg and Eva Tardos, “Algorithm Design”, Pearson Education, 2006.

Sites and Web links:

1. Linkedin, Cybersecurity with Cloud Computing, Malcolm Shore

https://www.linkedin.com/learning/cybersecurity-with-cloud-computing-2.

Linkedin, Cloud Security Architecture for the Enterprise, Karl Ots

https://www.linkedin.com/learning/cloud-security-architecture-for-the-enterprise.

3. Ourtube Cloud Security for Dummies Serge Borso

https://www.ourtube.com/watch?v=8OC0lj53KKI

5.16 Keywords: Availability, Access control, defense in depth.