CLOUD

SECURITY
FAWAZ ALASMARI – 443235719

OPERATING SYSTEMS SECURITY

CONTENTS
Contents................................................................................................................................................................................... 0
Introduction.............................................................................................................................................................................. 1
How Cloud Security Works ? …………………………………………………………………………………………….2
why is cloud security important ?...........................................................................................................................................3
Cloud Security risks and challenges:...............................................................................................................................4
Types of cloud security solutions ............................................................................................................................................5
Cloud Security Vs Network Security ………………………………………………………………………………6
Benefits of Cloud Security …………………………………………………………………………………..7

Types of Cloud Security Services ……………………………………………………………………8

Cloud Environments ……………………………………………………………………………………9

How To Secure The Cloud ………………………………………………………………………..10

Conclusion ………………………………………………………………………………………11

References ………………………………………………………………………………………12
INTRODUCTION

WHAT IS CLOUD SECURITY?

Cloud security refers to the cybersecurity policies, best practices, controls, and technologies used to secure
applications, data, and infrastructure in cloud environments. In particular, cloud security works to provide
storage and network protection against internal and external threats, access management, data governance and
compliance, and disaster recovery.

Cloud computing has become the technology of choice for companies looking to gain the agility and flexibility
needed to accelerate innovation and meet the expectations of today’s modern consumers. But migrating to more
dynamic cloud environments requires new approaches to security to ensure that data remains secure across
online infrastructure, applications, and platforms.

At its core, cloud security is composed of the following categories:

 Data security

 Identity and access management (IAM)

 Governance (policies on threat prevention, detection, and mitigation)

 Data retention (DR) and business continuity (BC) planning

 Legal compliance

PAGE 1
how does cloud security work

Cloud security mainly focuses on how to implement policies, processes, and technologies together so they
ensure data protection, support regulatory compliance, and provide control over privacy, access, and
authentication for users and devices.

Cloud service providers (CSPs) typically follow a shared responsibility model, which means implementing
cloud computing security is both the responsibility of the cloud provider and you—the customer. Think of it as a
responsibility framework that defines which security tasks belong to the cloud provider and which are the duty
of the customer. Understanding where your provider’s security responsibilities end and yours begin is critical
for building a resilient cloud security strategy.

Broadly speaking, the CSP is always responsible for the cloud and its core infrastructure, while the customer is
expected to secure anything that runs “in” the cloud, such as network controls, identity and access management,
data, and applications. Shared responsibility models vary depending on the service provider and the cloud
computing service model you use—the more the provider manages, the more they can protect.

Here’s a look at how this typically works:

PAGE 2
WHY IS CLOUD SECURITY IMPORTANT ?

Data privacy and leak. This is where cloud security comes into play. It protects all your data and resources on
the cloud from unauthorized access and cyber-attacks. It means all businesses that are using the cloud need
cloud security. Here are five reasons why:
#1. PROVIDES PROTECTION AGAINST SECURITY BREACHES

We know that every technology connected to the internet has a threat of security breaches. According to the
study, organizations keep around 66% of their sensitive data in the cloud. The most important asset of any
organization is its data and information which must be kept safe and secure. However, 40% of
organizations experience cloud-based data breaches. This depicts that you can’t compromise on cloud security
whatsoever.

#2. CLOUD SECURITY HELPS IN DISASTER RECOVERY MANAGEMENT

Disasters can happen anywhere at any time and all the data of your company can be wiped out. You can’t
overlook the fact that disasters are unpredictable, and you need a recovery plan if any such situation occurs.
Cloud security is the most viable solution for disaster recovery that preserves your data.

#3. CLOUD SECURITY HELPS YOU COMPLY WITH REGULATIONS

If you want to keep operating your company or business within legal boundaries, then you need to comply with
data privacy and protection regulations. HIPAA and GDRP are the two most common examples of data
protection standards. Especially companies that store their customer’s data and information in the cloud are
required to comply with these standards and cloud security helps you adhere to these regulations.

#4. CLOUD SECURITY IS MUCH MORE COST-EFFECTIVE

Do you know that on average data breaches in the cloud can cost around $3.8 million? Instead of putting
everything at risk, you can implement cloud security solutions that can save you from cyber-attacks and are
cost-effective as well. You won’t need any overhead or maintenance costs for cloud security.

#5. ENSURES RISK-FREE REMOTE WORK MANAGEMENT

The biggest upside of cloud computing is the ease of remote work. As an employee, you can gain access to the
resources and applications of your company from anywhere around the world through the internet. This has also
helped companies to hire remote employees. A remote employee might not follow best security practices and
use public Wi-Fi to access the cloud while sitting in a coffee shop or café. This creates a major security threat
and cloud security can help prevent this risk.

PAGE 3
CLOUD SECURITY RISKS AND CHALLENGES

Cloud suffers from similar security risks that you might encounter in traditional environments, such as insider
threats, data breaches and data loss, phishing, malware, DDoS attacks, and vulnerable APIs.

However, most organizations will likely face specific cloud security challenges, including:

Lack of visibility

Cloud-based resources run on infrastructure that is located outside your corporate network and owned by a third
party. As a result, traditional network visibility tools are not suitable for cloud environments, making it difficult
for you to gain oversight into all your cloud assets, how they are being accessed, and who has access to them.

Misconfigurations

Misconfigured cloud security settings are one of the leading causes of data breaches in cloud environments.
Cloud-based services are made to enable easy access and data sharing, but many organizations may not have a
full understanding of how to secure cloud infrastructure. This can lead to misconfigurations, such as leaving
default passwords in place, failing to activate data encryption, or mismanaging permission controls.

Access management

Cloud deployments can be accessed directly using the public internet, which enables convenient access from
any location or device. At the same time, it also means that attackers can more easily gain authorized resources
with compromised credentials or improper access control.

Dynamic workloads

Cloud resources can be provisioned and dynamically scaled up or down based on your workload needs.
However, many legacy security tools are unable to enforce policies in flexible environments with constantly
changing and ephemeral workloads that can be added or removed in a matter of seconds.

Compliance

The cloud adds another layer of regulatory and internal compliance requirements that you can violate even if
you don’t experience a security breach. Managing compliance in the cloud is an overwhelming and continuous
process.
PAGE 4
TYPES OF CLOUD SECURITY SOLUTIONS

Cloud security is constantly evolving and adapting as new security threats emerge. As a result, many different
types of cloud security solutions are available on the market today, and the list below is by no means
exhaustive.

 Identity and access management (IAM): IAM services and tools allow administrators to centrally
manage and control who has access to specific cloud-based and on-premises resources. IAM can enable
you to actively monitor and restrict how users interact with services, allowing you to enforce your
policies across your entire organization.

 Data loss prevention (DLP): DLP can help you gain visibility into the data you store and process by
providing capabilities to automatically discover, classify, and de-identify regulated cloud data.

 Security information and event management (SIEM): SIEM solutions combine security information
and security event management to offer automated monitoring, detection, and incident response to
threats in your cloud environments. Using AI and ML technologies, SIEM tools allow you to examine
and analyze log data generated across your applications and network devices—and act quickly if a
potential threat is detected.

 Public key infrastructure (PKI): PKI is the framework used to manage secure, encrypted information
exchange using digital certificates. PKI solutions typically provide authentication services for
applications and verify that data remains uncompromised and confidential through transport. Cloud-
based PKI services allow organizations to manage and deploy digital certificates used for user, device,
and service authentication.

PAGE 5
CLOUD SECURITY VS NETWORK SECURITY
Difference Between Cloud Security and Network Security:

Cloud Security Network Security

It is a subset of network security. It is a subset of cyber security.

It provides centralized cloud-based security solutions It comprises both hardware and software-based
with a strong emphasis on software. security systems.

Infrastructure investment is minimal. It reduces the Infrastructure costs are extremely high.
cost parameter significantly.

It protects target systems from illegal data access, It guards against unauthorized access, malfunctions,
DDoS attacks, and viruses. and modifications, among other things. It is
concerned with DDoS protection.

It uses cryptography, machine learning, analytics, It detects security threats by installing firewalls,
and other techniques to identify security threats. maintaining network visibility, and conducting
penetration testing.

It protects the company’s cloud-based network It focuses on protecting the networks of

services, apps, containers, and other assets from organizations from cyber-attacks.
cyber threats.

It protects data on the platform by working with web It has numerous layers of security checks at every
apps, firewalls, encryption, identity access, and step with its protection and policy control.
management products.

It has greater scalability. It has lower scalability.

PAGE 6
BENEFITS OF CLOUD SECURITY

 Improved DDoS protection: A DDoS attack is designed to overwhelm website servers so it can no
longer respond to legitimate user requests. If a DDoS attack is successful, it renders a website useless for
hours, or even days. This can result in a loss of revenue, customer trust and brand authority.

 High Availability: DLP can help you gain visibility into the data you store and process by providing
capabilities to automatically discover, classify, and de-identify regulated cloud data.

 Reduced Costs: With cloud security, you don’t have to pay for dedicated hardware to upgrade your
security or use valuable resources to manage security updates and configurations. CSPs provide
advanced security features that allow for automated protection capabilities with little to no human
intervention.

 Greater visibility: Only an integrated cloud-based security stack is capable of providing the centralized
visibility of cloud resources and data that is vital for defending against breaches and other potential
threats. Cloud security can provide the tools, technologies, and processes to log, monitor, and analyze
events for understanding exactly what’s happening in your cloud environments.

 Centralized security: Cloud security allows you to consolidate protection of cloud-based networks for
streamlined, continuous monitoring and analysis of numerous devices, endpoints, and systems. It also
enables you to centrally manage software updates and policies from one place and even implement and
action disaster recovery plans.

PAGE 7
CLOUD SECURITY SERVICE TYPES
Cloud service types: are offered by third-party providers as modules used to create the cloud environment.
Depending on the type of service, you may manage a different degree of the components within the service:

 The core of any third-party cloud service ---involves the provider managing the physical network,
data storage, data servers, and computer virtualization frameworks. The service is stored on the
provider’s servers and virtualized via their internally managed network to be delivered to clients to be
accessed remotely. This offloads hardware and other infrastructure costs to give clients access to their
computing needs from anywhere via internet connectivity.

 Software-as-a-Service (SaaS): cloud services provide clients access to applications that are purely
hosted and run on the provider's servers. Providers manage the applications, data, runtime, middleware,
and operating system. Clients are only tasked with getting their applications. SaaS examples include
Google Drive, Slack, Salesforce, Microsoft 365, Cisco WebEx, Evernote.

 Platform-as-a-Service (PaaS): cloud services provide clients a host for developing their own
applications, which are run within a client’s own “sandboxed” space on provider servers. Providers
manage the runtime, middleware, operating system. Clients are tasked with managing their applications,
data, user access, end-user devices, and end-user networks. PaaS examples include Google App Engine,
Windows Azure.

 Infrastructure-as-a-Service (IaaS): cloud services offer clients the hardware and remote connectivity
frameworks to house the bulk of their computing, down to the operating system. Providers only manage
core cloud services. Clients are tasked with securing all that gets stacked atop an operating system,
including applications, data, runtimes, middleware, and the OS itself. In addition, clients need to manage
user access, end-user devices, and end-user networks. IaaS examples include Microsoft Azure, Google
Compute Engine (GCE), Amazon Web Services (AWS).

PAGE 8
CLOUD ENVIRONMENTS
It’s a deployment models in which one or more cloud services create a system for the end-users and
organizations. These segments the management responsibilities — including security — between clients and
providers.

The currently used cloud environments are:

 Public cloud environments are composed of multi-tenant cloud services where a client shares a
provider’s servers with other clients, like an office building or coworking space. These are third-party
services run by the provider to give clients access via the web.

 Private third-party cloud environments are based on the use of a cloud service that provides the client
with exclusive use of their own cloud. These single-tenant environments are normally owned, managed,
and operated offsite by an external provider.

 Private in-house cloud environments also composed of single-tenant cloud service servers but
operated from their own private data center. In this case, this cloud environment is run by the business
themselves to allow full configuration and setup of every element.

 Multi-cloud environments include the use of two or more cloud services from separate providers.
These can be any blend of public and/or private cloud services.

 Hybrid cloud environments consist of using a blend of private third-party cloud and/or onsite private
cloud data center with one or more public clouds.

By framing it from this perspective, we can understand that cloud-based security can be a bit different based on
the type of cloud space users are working in. But the effects are felt by both individual and organizational
clients alike.

PAGE 9
HOW TO SECURE THE CLOUD
Fortunately, there is a lot that you can do to protect your own data in the cloud. Let’s explore some of the
popular methods.

Encryption is one of the best ways to secure your cloud computing systems. There are several different ways of
using encryption, and they may be offered by a cloud provider or by a separate cloud security solutions
provider:

 Communications encryption with the cloud in their entirety.

 Particularly sensitive data encryption, such as account credentials.

 End-to-end encryption of all data that is uploaded to the cloud.

Within the cloud, data is more at risk of being intercepted when it is on the move. When it's moving between
one storage location and another, or being transmitted to your on-site application, it's vulnerable. Therefore,
end-to-end encryption is the best cloud security solution for critical data. With end-to-end encryption, at no
point is your communication made available to outsiders without your encryption key.

You can either encrypt your data yourself before storing it on the cloud, or you can use a cloud provider that
will encrypt your data as part of the service. However, if you are only using the cloud to store non-sensitive data
such as corporate graphics or videos, end-to-end encryption might be overkill. On the other hand, for financial,
confidential, or commercially sensitive information, it is vital.

If you are using encryption, remember that the safe and secure management of your encryption keys is crucial.
Keep a key backup and ideally don't keep it in the cloud. You might also want to change your encryption keys
regularly so that if someone gains access to them, they will be locked out of the system when you make the
changeover.

Configuration is another powerful practice in cloud security. Many cloud data breaches come from basic
vulnerabilities such as misconfiguration errors. By preventing them, you are vastly decreasing your cloud
security risk. If you don’t feel confident doing this alone, you may want to consider using a separate cloud
security solutions provider.

Here are a few principles you can follow:

1. Never leave the default settings unchanged. Using the default settings gives a hacker front-door
access. Avoid doing this to complicate a hacker’s path into your system.

2. Never leave a cloud storage bucket open. An open bucket could allow hackers to see the content just
by opening the storage bucket's URL.

3. If the cloud vendor gives you security controls that you can switch on, use them. Not selecting the
right security options can put you at risk

PAGE 10
 Conclusion

 Ensure cloud data, users, and underlying systems are sufficiently secured against threats such as bot-
driven distributed denial-of-service (DDoS) attacks, API exploitation, and data corruption
vulnerabilities.

 Support regulatory compliance requirements with applicable statutes, like those governing where cloud
data can be stored and what levels of user privacy cloud providers must respect.

 Provide visibility across the cloud environment, so security teams know what requests are being made
via APIs and user interfaces, while also being able to view related analytics.

 Enforce access controls and authentication for cloud users and their devices, no matter their locations;
this is often done via a zero-trust security model

 Assign responsibilities to the cloud service provider and to the subscriber, as appropriate for the cloud
service and deployment model(s) in question.

PAGE 11
 References

https://www.citrix.com/solutions/secure-access/what-is-cloud-
security.html#:~:text=The%20high%2Dlevel%20objectives%20of,exploitation%2C
%20and%20data%20corruption%20vulnerabilities

https://me-en.kaspersky.com/resource-center/definitions/what-is-cloud-security

https://www.cdnetworks.com/cloud-security-blog/what-is-cloud-security-and-what-
are-the-benefits/

https://www.phddirection.com/cloud-security-research-topics/

https://www.box.com/en-in/resources/what-is-cloud-security

https://cloud.google.com/learn/what-is-cloud-security#section-6

https://www.lucidchart.com/blog/reliability-availability-in-cloud-computing

https://ieeexplore.ieee.org/document/8462745

PAGE 12
 Report Assessment Page

Operating systems security Final (LAB)

Name: ID:

‫الدرجة الدرجة‬ ‫عناصر التقرير‬

‫ المستحقة‬Grade
Gained Elements of Report
Grade

6 Cover- Index- Introduction- Conclusion- References

‫ المراجع‬-‫ الخاتمة‬- ‫ المقدمة‬-‫ الفهرس‬-‫الغالف‬

Research elements
8
‫عناصر البحث‬

Writing style
3
‫اسلوب الكتابة واللغة‬

Rules for coordination

3
‫قواعد التنسيق‬

‫المجموع‬
20
Total

PAGE 13