UNIT 3 (Mid 1)
UNIT 3 (Mid 1)
UNIT 3 (Mid 1)
• Data Encryption:
• A huge amount of data is stored in the cloud systems by enterprises and this data is crucial for the survival of
the enterprise itself. If the data get stolen, it can be sold to the competitive company and they can make use of
this data to develop products making market competition worse. Considering the data that is no longer used in
the daily activities, we can call this Data at rest. It is good to encrypt the data at rest as this data will have all
the charts and studies about the market trends and the upcoming products of the same company. This data at
rest encryption is important in Cloud Security Services as it alerts the users when hackers try to access the
data at rest.
• Firewall Protection:
• When the user initially tries to access any cloud system from the system, they will be prevented to do so as
per firewall protection. The device must be registered in the firewall security settings after which the user can
access the data in the cloud system. This internal and external firewall protection is configured by cloud
systems so that any unauthorized sign-ins are prevented by the firewall. When data is sent across the same IP
address, the source and destination of the packet are verified by the firewall. Also, the stability of the packet is
checked to ensure the authenticity of the data packet. Some firewalls will check the content of the data packet
to establish that there are no viruses or malware attached to it. External and internal firewalls are important to
verify that the data is not compromised to outsiders in any form.
• Monitoring:
• All the IDs that are being logged into the system are monitored and noted in the cloud logging
system so that when any security threat occurs and if it is from inside, this tracking helps to identify
the individual who logged in at a particular time. Even firewall rules are updated to prevent
suspicious logging attempts thus making the data secure in the cloud storage. Monitoring usually
checks for the authentication rules and IP addresses so that if any suspicious logins are detected, they
are prevented from accessing the data in the storage. This is done at the granular level so that
permissions are not given to an individual directly but to a group of people where the responsibilities
are shared. This helps in monitoring the activities of other people and notifying the security team of
any unauthorized data modulation.
•
• Security at Data centers:
• If all the ways to access data via the system is failed, there is a way for hackers to access data via
server directly. This does not check for firewall protection and there are no authentication rules. This
is why all the physical servers are monitored closely by physical security and watched using CCTV
cameras 24 hours a day. Biometrics are also present in the server rooms where only authorized
security personnel and maintenance officials can enter and check the servers working. Also, logs are
enabled for those who enter and leave the room and the time taken inside the server room. When the
concerned personnel proceeds with more time than permitted, alerts are sent to the security so that
they can check the server rooms for unauthorized personnel.
• Isolated networks:
• When there is an important deployment in the cloud system and the data must be kept
hidden from the corresponding resource group members, it is good to do the deployment
in virtually isolated networks. Security policies should be implemented in all the
networking systems and the system itself should be protected from malicious threats and
virus attacks. The accesses and authentications should be customized and dedicated
network links must be used to transfer the data to higher environments.
• Anomaly detection:
• When the logs are huge, it is difficult to manage the logs manually for which cloud
vendors utilize AI-based algorithms to describe the anomaly in the logging pattern. This
helps to manage the logging details and monitor the discrepancies in the logs. Also,
vulnerability can be scanned and thus made to know which computing service has less
security systems. This makes the system improve security and protect the data to the core.
The location of the databases can be kept under surveillance so that we can be sure that
data is not stored in unauthenticated databases. Checkpoints are installed in all the
deployment of data into the cloud and higher environments to ensure that the data is kept
in the proper cloud storage and in the proper format of folder details.
•
• Protection through APIs:
• To protect data from the hands of unauthorized personnel, cloud users can
employ APIs and web apps for the security of data. This helps in protecting
the containers and virtual machines from unsecured logins. Auto incidents
can be raised for unofficial logins which helps to protect the systems and
thus the cloud-stored data. And if the threats pose heavy risks, real-time
alerts can be set in the cloud storage to prevent them to access the data.
• All our data in our systems, mobile devices, and storage disks are becoming
cloud storage data and hence it is crucial to have good cloud security
services arranged for these devices. Cloud providers offer cloud security
and if one is not satisfied with the same, users can sort out the help of
private software to achieve the security level intended.
•
Relevant Cloud Security Design Principles
• There are six design principles for security in the cloud: