Cloud computing security


Cloud computing security or cloud security refers to a broad set of policies, technologies, applications, and controls used to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing. It is a sub-domain of computer security, network security and, more broadly, information security.

Security issues associated with the cloud

and storage provide users with the capability to store and process their data in third-party data centers. Organizations use the cloud in a variety of service models and deployment models.
Security concerns associated with cloud computing are typically divided into issues faced by cloud providers and those faced by their customers. The responsibility is shared and is often described in a vendor's "shared responsibility model". The provider must secure its infrastructure, while customers must secure their applications, identities, and configuration settings.
Analyses of large-scale cloud incidents indicate that many breaches result from misconfigurations and long-unremediated exposures rather than solely from zero-day vulnerabilities.
When an organization stores data or hosts applications on the public cloud, it loses physical access to the hardware. As a result, potentially sensitive data may be at risk from insider attacks. According to a 2010 Cloud Security Alliance report, insider attacks rank among the top threats in cloud computing. Cloud service providers must ensure that thorough background checks are conducted for employees with physical access to data centers.
To conserve resources and reduce cost, cloud providers often store multiple customers' data on the same server. As a result, one user's private data might be viewable by another without proper isolation. Providers implement data isolation and logical segregation to mitigate these risks.
The extensive use of virtualization in cloud infrastructure brings unique security concerns. Virtualization introduces an additional layer—the hypervisor—that must be secured and correctly configured. A compromise of the hypervisor management system can impact an entire data center.

Cloud security controls

Cloud security architecture is effective only if the correct defensive implementations are in place. An efficient cloud security architecture should recognize the issues that will arise with security management and follow all the best practices, procedures, and guidelines to ensure a secure cloud environment. Security management addresses these issues with security controls. These controls protect cloud environments and are put in place to safeguard any weaknesses in the system and reduce the effect of an attack.
;Deterrent controls
;Preventive controls
;Detective controls
;Corrective controls

Dimensions of cloud security

Cloud security engineering is characterized by the security layers, plan, design, programming, and best practices that exist inside a cloud security arrangement. Cloud security engineering requires the composed and visual model to be characterized by the tasks inside the Cloud. This cloud security engineering process includes such things as access to the executives, techniques, and controls to ensure applications and information. It also includes ways to deal with and keep up with permeability, consistency, danger stance, and by and large security. Processes for imparting security standards into cloud administrations and activities assume an approach that fulfills consistent guidelines and essential foundation security parts.
Though the idea of cloud computing is not new, organizations are increasingly adopting it because of its flexible scalability, relative trustability, and cost-effectiveness of services. However, despite its rapid adoption in some sectors and disciplines, research and statistics indicate that security-related pitfalls remain a major barrier to its full adoption.
It is generally recommended that information security controls be selected and implemented in proportion to the risks, typically by assessing the threats, vulnerabilities and impacts. Cloud security concerns can be grouped in various ways; Gartner identified seven, while the Cloud Security Alliance identified twelve areas of concern. Cloud access security brokers are software that sits between cloud users and cloud applications to provide visibility into cloud application usage, data protection and governance to monitor all activity and enforce security policies.

Security and privacy

Any service without a "hardened" environment is considered a "soft" target. Virtual servers should be protected just like a physical server against data leakage, malware, and exploited vulnerabilities. "Data loss or leakage represents 24.6 % and cloud-related malware 3.4 % of threats causing cloud outages".

Identity management

Every enterprise will have its own identity management system to control access to information and computing resources. Cloud providers either integrate the customer's identity management system into their own infrastructure, using federation or SSO technology or a biometric-based identification system, or provide an identity management system of their own.

Physical security

Cloud service providers physically secure the IT hardware against unauthorized access, interference, theft, fire, flood etc., and ensure that essential supplies are sufficiently robust to minimise the possibility of disruption.

Personnel security

Various information security concerns relating to personnel involved in cloud services are typically handled through screening, security-awareness training, and role-based access controls.

Privacy

Providers ensure that all critical data are masked or encrypted and that only authorised users have access to data in its entirety. Moreover, digital identities and credentials must be protected as must any data that the provider collects or produces about customer activity in the cloud.

Penetration testing

ing is the process of performing offensive security tests on a system, service, or computer network to find security weaknesses in it. Since the cloud is a shared environment with other customers or tenants, following penetration-testing rules of engagement step-by-step is a mandatory requirement. Scanning and penetration-testing from inside or outside the cloud should be authorised by the cloud provider.

Cloud vulnerability and penetration testing

Scanning the cloud from outside and inside using free or commercial tools is crucial. Without a hardened environment, your service is considered a soft target. Virtual servers should be hardened just like a physical server against data leakage, malware, and exploited vulnerabilities. "Data loss or leakage represents 24.6 % and cloud-related malware 3.4 % of threats causing cloud outages".

Legal issues

Privacy legislation often varies by country. By having information stored via the cloud it is difficult to determine under which jurisdiction the data falls. Trans-border clouds are popular given that the largest companies transcend several countries. Legal dilemmas from the ambiguity of the cloud refer to how there is a difference in data-sharing law between and inside organisations.

Unauthorized Access to Management Interface

Due to the autonomous nature of the cloud, consumers are often given management interfaces to monitor their databases. By having controls in one central location and by having the interface be easily accessible for user convenience, there is a possibility that a single actor could gain access to the cloud's management interface; giving them control over much of the system.

Data Recovery Vulnerabilities

The cloud's use of resource pooling means memory or storage resources may be recycled to another user. It is possible for current users to access information left by previous ones.

Internet Vulnerabilities

Cloud services require internet connectivity and use internet protocols, making them subject to attacks such as man-in-the-middle attacks. Furthermore, heavy reliance on internet connectivity means service disruptions or outages can cut off users entirely.

Encryption Vulnerabilities

As encryption algorithms age, vulnerabilities arise. Cloud providers must stay current with encryption standards and transition older systems before they become compromised.

Misconfiguration Risks

Cloud environments are extremely vulnerable, particularly when it comes to hackers and attackers, due to cloud misconfigurations, which are one of the most prevalent and dangerous security flaws. Cloud platforms are complicated; even a minor configuration error, like excessively permissive access or inappropriate storage, can provide attackers with entry points. Cloud breaches are frequently caused by misconfigurations because attackers can obtain unauthorized access by taking advantage of incorrectly configured settings.
Security misconfigurations occur when security settings are not fully implemented or are set up incorrectly. Weak passwords, misconfigured databases, unprotected cloud storage, incorrectly configured firewalls or network settings, and out-of-date software or firmware are just a few of the many possible causes. These errors frequently result from system design flaws, human error, or gaps in knowledge regarding security procedures. As the article Security Misconfiguration Vulnerabilities: Risks, Impacts, and Prevention explains, "Security misconfigurations are errors that occur when security settings are not configured or implemented properly. Misconfigurations can arise from a range of sources, including weak passwords, improperly configured databases, unsecured cloud storage, misconfigured firewalls or network settings, and outdated software or firmware. They can happen due to various reasons, including poor design, lack of understanding of security concepts, and human error". This quote highlights the variety of ways misconfigurations can occur and emphasizes why organizations must identify and correct them to protect against potential security breaches.
The article "The Common Cloud Misconfigurations That Lead to Cloud Data Breaches" explains: "Cloud misconfigurations — the gaps, errors and vulnerabilities that occur when security settings are poorly chosen or neglected entirely — provide adversaries with an easy path to infiltrate the cloud. Multi-cloud environments are complex, and it can be difficult to tell when excessive account permissions are granted, improper public access is configured or other mistakes are made".  The article also emphasizes that "cloud security posture management should be a key component of your security strategy if you want to avoid becoming the next victim of a cloud data breach"., showing why strong security measures and backups are essential.
Additionally, another article, 8 Common Cloud Misconfiguration Types, offers practical solutions: "Access to storage buckets should be granted only within the organization… Security teams should enable strong encryption by default for crucial data in storage buckets, monitor all storage nodes labeled as public, and eliminate unnecessary permissions or exposed access".  This highlights how businesses can lower the risk of misconfiguration by implementing simple, doable measures like restricting access, encrypting private information, keeping an eye on public resources, and eliminating superfluous permissions. To safeguard data and stop breaches, cloud settings must be actively managed.