CLOUD SECURITY

AND ITS
INFRASTRUCTUR
E
INTRODUCTION

The word Cloud refers to servers that are accessed over the Internet, and the software and databases that run on those
servers.The term Cloud Computing has emerged recently, one of the simplest definition is, “A network solution for
providing inexpensive, reliable, easy and simple access to IT resources”. A major concern in adaptation of cloud for
data is security and privacy. It is very important for the cloud service to ensure the data integrity, privacy and
protection. For this purpose, several service providers are using different policies and mechanism that depend upon
the nature, type and size of data. One of the advantages of Cloud Computing is that data can be shared among
various organisations. However, this advantage itself poses a risk to data. In order to avoid potential risk to the data,
it is necessary to protect data repositories. When happened, these security problems caused a great loss, even
devastating blow. Therefore, to make the enterprise and the organisation accept cloud computing services, it is
necessary to solve the security problems.
WHY CLOUD SECURITY IS IMPORTANT?
Cloud security is critical since most organisations are already using cloud
computing in one form or another.IT professionals remain concerned about
moving more data and applications to the cloud due to security, governance, and
compliance issues when their content is stored in the cloud. They worry that highly
sensitive business information and intellectual property may be exposed through
accidental leaks or due to increasingly sophisticated cyber threats.A crucial
component of cloud security is focused on protecting data and business content,
such as customer orders, secret design documents, and financial records.
Preventing leaks and data theft is critical for maintaining your customers’ trust
and protecting the assets that contribute to your competitive advantage. Cloud
security's ability to guard your data and assets makes it crucial to any company
switching to the cloud.
CLOUD SECURITY THREATS IN CLOUD INFRASTRUCTURE
Unauthorised Access:

Unlike an organisation’s on-premises infrastructure, their cloud-based deployments are outside the
network perimeter and directly accessible from the public Internet. While this is an asset for the
accessibility of this infrastructure to employees and customers, it also makes it easier for an attacker to
gain unauthorised access to an organisation’s cloud-based resources. Improperly-configured security or
compromised credentials can enable an attacker to gain direct access, potentially without an
organisation’s knowledge.

Hijacking of Accounts:

Many people have extremely weak password security, including password reuse and the use of weak
passwords. This problem exacerbates the impact of phishing attacks and data breaches since it enables
a single stolen password to be used on multiple different accounts.
Cyberattacks:

Cybercrime is a business, and cybercriminals select their targets based upon the expected profitability
of their attacks. Cloud-based infrastructure is directly accessible from the public Internet, is often
improperly secured, and contains a great deal of sensitive and valuable data. Additionally, the cloud is
used by many different companies, meaning that a successful attack can likely be repeated many times
with a high probability of success. As a result, organizations’ cloud deployments are a common target
of cyberattacks.
External Sharing of Data:

The cloud is designed to make data sharing easy. Many clouds provide the option to explicitly invite a
collaborator via email or to share a link that enables anyone with the URL to access the shared
resource.While this easy data sharing is an asset, it can also be a major cloud security issue. The use of
link-based sharing – a popular option since it is easier than explicitly inviting each intended
collaborator – makes it difficult to control access to the shared resource. The shared link can be
forwarded to someone else, stolen as part of a cyberattack, or guessed by a cybercriminal, providing
unauthorized access to the shared resource.
Lack of Visibility:

An organization’s cloud-based resources are located outside of the corporate network and run on
infrastructure that the company does not own. As a result, many traditional tools for achieving network
visibility are not effective for cloud environments, and some organizations lack cloud-focused security
tools. This can limit an organization’s ability to monitor their cloud-based resources and protect them
against attack.
7 BEST PRACTICES TO SECURE DATA IN
INFRASTRUCTURE
1. Secure Access to Cloud
● To reduce the risk of account compromise and credential theft consider below :
● Automate password management and delivery
● Securely store passwords in an encrypted vault
● Manually and automatically rotate passwords
● Provide users with one-time passwords
2. Manage User Access privileges
To avoid this, your organization can regularly reassess and revoke user privileges. Consider following
the principle of least privilege, which states that users should only have access to data necessary to
perform their job.

For Managing user access privileges one must:

● Grant access by request

● Provide users with one-time access
● Limit the period for which access is given
3. Provide Visibility With Employee Monitoring
If an employee is acting suspiciously by using forbidden cloud services or taking undesirable actions
with sensitive data, monitoring can help you promptly detect this behavior and give you some time to
analyse the situation.

Employee Monitoring does:

● Monitor and record employee activity in a video format

● Watch live and recorded user sessions
● Search important episodes of user sessions by various parameters
4. Monitor Privileged Users
Keeping track of privileged users in your cloud infrastructure is particularly important. Usually, system
administrators and top management have more access to sensitive data than regular users.
Consequently, privileged users can cause more damage to the cloud environment, whether maliciously
or inadvertently.

Monitor Privileged Users allows you to:

● Monitor privileged users’ activity in your cloud environment

● Manage access permissions of privileged user accounts
● Export monitored data using a series of customizable reports
5. Educate Employee Against Phishing
Monitoring user activity is not the only way to minimise the influence of the human factor inside your
organisation. To protect your cloud infrastructure even more, you can raise your personnel’s
cybersecurity awareness, with a particular emphasis on phishing.Phishing is a type of online fraud that
involves tricking people into providing sensitive information, such as passwords or credit card
numbers, by masquerading as a trustworthy source.

Protecting cloud infrastructure from phishing by allowing you to:

Watch recorded sessions of your employees to analyse their behaviour during a simulated phishing
attack

Detect and stop unusual behaviour if an employee’s account is compromised due to phishing
6. Ensure You Meet IT Compliance Requirements
Cybersecurity compliance with standards, laws, and regulations aims to protect consumers’ data and
provide general guidance for organisations to better secure sensitive data. Without the right security
controls and tools in your cloud infrastructure for IT compliance, your organisation may lose millions
of dollars in fines in case of a data breach.

Prominent cloud computing providers are aligned with the most known compliance requirements.
However, organisations using these cloud services still have to ensure their own data processes and
security are compliant.

To comply with IT requirements, you must first define which standards pertain to your industry and
which your organisation must meet. To make this process easier, consider hiring a data protection
officer (DPO) who will provide you with expert knowledge in cybersecurity and IT compliance.
7. Efficiently respond to security incidents:
Losses from a data breach can increase if you can’t quickly detect, contain, and eradicate cybersecurity
threats. The longer a threat remains in your cloud environment, the more data an attacker can exfiltrate
or delete.

On the contrary, a fast response to a cybersecurity incident can limit the extent of damage. Consider
developing an incident response plan to ensure your cybersecurity team can act efficiently in an
emergency. This plan must have strict roles and procedures outlined for different scenarios.
SECURING TYPES
OF CLOUDS
Public Cloud Security:

One of the reasons public cloud environments are growing in popularity is because it
requires no capital investment on behalf of the user. With a public cloud, businesses
purchase server space from a third-party provider. The servers are multi-tenant cloud
deployments, meaning other companies’ data may be stored on the same server as your
company’s data. Many businesses use some form of public clouds, whether it’s for email
(i.e. Gmail), sharing documents (i.e. DropBox) or hosting web servers.
Hybrid Cloud Security:

Hybrid cloud is a combination of private cloud with one or more public cloud services.
Garter defines a hybrid cloud service as a cloud computing service that is composed of a
combination of private, public and community cloud services from different providers.
Hybrid cloud offers the flexibility of moving workloads between clouds. It enables
organisations to have full control of sensitive data in a private cloud, while leveraging all
the resources of public cloud services.
Benefits
● Lower Upfront Costs
● Reduced ongoing operational and administrative expenses
● Increased Reliability and availability
● Centralised Security
● Greater ease of Scaling
● Improved DDoS(Distributed Denial Of Service) Protection
According to National Institute of Standards and Technology
 Thank You…

Prepared by :
Abhishek Kumar Choudhary
Rahul Saini
Roshan Bhangare