Unit 5: Cloud Security Risks and

Best Practices
 Overview of Cloud Security

• Definition: Protection of data, applications, and infrastructure in

cloud environments.

• Cloud security refers to the set of policies, technologies, and

controls used to protect data, applications, and services hosted in
the cloud.

• Since the cloud is accessed over the internet, strong security is

needed to prevent unauthorized access, data loss, and cyber
attacks.

• Importance: Critical due to multi-tenancy, remote access, and

shared resources. Ensures confidentiality, integrity, and
availability (CIA triad).
 Real-World Cloud Security Example

• Vulnerability: You forgot to enable multi-factor

authentication (MFA) on your cloud account.

• Threat: A cybercriminal tries to guess your password.

• Risk: If they succeed, they could access your account,

steal data, or lock you out.

• Attack: The hacker successfully logs into your account

and deletes your files.
 Protocol to stay safe
• Reduce vulnerabilities by enabling MFA,
monitor for threats using security tools,
assess risks regularly, and prevent attacks by
staying vigilant.
 Vulnerability

• A vulnerability is a weakness or flaw in a system

that can be exploited. Think of it as a "hole" in your
defenses.

• Example in Cloud Security:

Imagine you’re using a cloud storage service (like

Google Drive or Dropbox) to store sensitive files. If
you accidentally set the file permissions to "public"
instead of "private," that misconfiguration is
a vulnerability. It makes your files accessible to
anyone on the internet.
 Threat
• A threat is a potential danger that could exploit
a vulnerability. It’s the "bad thing" that could
happen.
• Example in Cloud Security:

A hacker (the threat actor) might scan the

internet for publicly accessible cloud storage files.
If they find your misconfigured files, they could
steal or delete them. The hacker is the threat.
 Risk
• Risk is the likelihood that a threat will exploit a
vulnerability and the impact it would have. It’s the
combination of "what could go wrong" and "how bad it
would be.“

– Example in Cloud Security:

If your sensitive files are exposed (vulnerability) and a hacker

finds them (threat), the risk is that your data could be stolen,
leading to financial loss, reputational damage, or legal issues.

• The risk depends on how likely the hacker is to find your

files and how damaging the consequences would be.
 Attack
• An attack is the actual attempt to exploit a
vulnerability. It’s when the threat becomes
real.
• Example in Cloud Security:

If the hacker successfully accesses your

misconfigured cloud storage and steals your
files, that’s an attack. The attack is the action
taken to exploit the vulnerability.
Understanding security risks in the cloud

• Crucial because cloud environments are

widely used but come with unique challenges.
 Common Cloud Security Risks

• 1. Data Breaches
• What it is: Unauthorized access to sensitive
data stored in the cloud.
• Example: A hacker exploits weak passwords or
misconfigured access controls to steal customer
data from a cloud database.
• How to Mitigate:
– Encrypt data at rest and in transit.
– Use strong access controls and multi-factor
authentication (MFA).
– Regularly audit permissions and configurations.
 Misconfiguration

• What it is: Incorrectly setting up cloud services,

leaving them exposed to attacks.
• Example: A developer accidentally sets a cloud
storage bucket to "public," allowing anyone on
the internet to access sensitive files.
• How to Mitigate:
– Use automated tools to detect misconfigurations.
– Follow cloud provider best practices for configuration.
– Train employees on secure cloud practices.
 Insider Threats

• Malicious or accidental actions by employees or

contractors that compromise cloud security.
• Example: An employee with access to cloud resources
accidentally deletes critical data or shares credentials
with an attacker.
• How to Mitigate:
– Implement the principle of least privilege (only give access
to what’s needed).
– Monitor user activity and set up alerts for suspicious
behavior.
– Conduct regular security training for employees.
 Account Hijacking

• What it is: Attackers gain access to cloud

accounts by stealing credentials.
• Example: A hacker uses phishing to steal an
employee’s login credentials and accesses the
company’s cloud environment.
• How to Mitigate:
– Enforce strong passwords and MFA.
– Educate employees about phishing attacks.
– Monitor for unusual login activity.
 Insecure APIs
• What it is: API (Application Programming
Interface) as a messenger that allows two
apps or systems to talk to each other. If these
APIs are insecure, attackers can exploit them.

• Example: In the cloud, APIs are used all the

time. For example, if you upload a photo to a
cloud storage app (like Google Drive), the app
uses an API to send that photo to the cloud
server.
• What’s the Problem?
• If the API is insecure (like a messenger who
doesn’t check IDs), hackers can trick it into
giving them access to things they shouldn’t see
or do. For example:
• A hacker could use a poorly secured API
to steal your files, delete your data or
even take control of your account.
– Use strong authentication and encryption for APIs.
– Regularly test APIs for vulnerabilities.
– Follow secure coding practices.
 How to stop hackers from exploiting APIs

• Use Strong Authentication: Make sure only the right

people (or apps) can use the API. For example, require
a password or a special key (like a digital fingerprint) to
access it.
• Encrypt Data: Scramble the data sent through the API
so hackers can’t understand it even if they intercept it.
• Test for Vulnerabilities: Regularly check the API for
weaknesses, just like you’d check your bike for loose
screws.
• Follow Secure Coding Practices: Developers should
write the API code carefully to avoid mistakes that
hackers can exploit.
 Real life example
• Imagine you have a cloud-based photo album
app. The app uses an API to let you upload
and view photos. But if the API is insecure:
• A hacker could exploit it to view your personal
photos without your permission.
• Or they could delete all your photos or
even upload their own photos to your
account.
 Denial of Service (DoS) Attacks
• What it is: Attackers overwhelm cloud services,
making them unavailable to legitimate users.
• Example: A hacker floods a cloud-hosted
website with traffic, causing it to crash.
• How to Mitigate:
– Use cloud provider DDoS (Distributed Denial of
Service) protection services.
– Scale resources dynamically to handle traffic spikes.
– Monitor for unusual traffic patterns.
 Shared Technology Vulnerabilities

• What it is: Cloud providers use shared infrastructure (e.g.,

servers, storage). If one customer is compromised, others
could be affected.

• Example: A vulnerability in a hypervisor (software that

manages virtual machines) allows an attacker to access
other customers’ data.

• How to Mitigate:
– Choose a reputable cloud provider with strong security measures.
– Isolate sensitive workloads using private clouds or dedicated
instances.
– Stay informed about vulnerabilities and apply patches promptly.
 Data Loss

• What it is: Permanent loss of data due to

accidental deletion, malicious attacks, or provider
outages.
• Example: A ransomware attack encrypts your
cloud data, and you don’t have backups to
restore it.
• How to Mitigate:
Regularly back up data and test restoration processes.
Use versioning to recover previous versions of files.
Implement strong anti-malware and ransomware
protections.
 CVE (Common Vulnerabilities and
Exposures)
• The CVE (Common Vulnerabilities and
Exposures) list is a publicly available database
of known security vulnerabilities in software
and hardware.
• When it comes to cloud computing, many
vulnerabilities are specific to cloud services,
platforms, or configurations.
 Common CVE vulnerabilities in cloud
computing

• What is a CVE?
• A CVE is a unique identifier for a specific
vulnerability. It helps security professionals
share information about vulnerabilities and
coordinate fixes.
• For example, CVE-2021-34527 (also known
as PrintNightmare) was a critical vulnerability
in Windows Print Spooler that affected cloud-
hosted virtual machines.
 1. CVE-2021-34527 (PrintNightmare)

• What it is: A vulnerability in the Windows Print Spooler

service that allows attackers to execute arbitrary code
with system privileges.
• Cloud Impact: Affects cloud-hosted Windows virtual
machines (VMs) or services relying on Windows servers.
• Risk: Attackers can take full control of the VM or cloud
server.
• Associated Attack: A hacker exploits the vulnerability to
install ransomware on a cloud-hosted VM, encrypting all
data and demanding payment.
 CVE-2021-44228 (Log4Shell)
• What it is: A critical vulnerability in the Log4j logging library
used by many cloud applications.

• Cloud Impact: Affects cloud services and applications that use

Log4j for logging.

• Risk: Attackers can execute arbitrary code and take control of

the application or server.

• Associated Attack: A hacker exploits Log4Shell to compromise

a cloud-based application and steal user data.
 The Cloud as a Playground

• Imagine the cloud is like a big

playground where companies can build and
run their apps and websites.

• Instead of swings and slides, this playground

has computers and servers that do all the
work.
 The Example in Simple Terms
• AWS EC2 (The Playground Equipment)

– AWS EC2 is like the playground equipment (e.g.,

swings, slides, monkey bars) that the company uses to
build its website. It’s where the website "lives" and
runs.

• Kubernetes (The Playground Supervisor)

– Kubernetes is like the playground supervisor who
makes sure all the equipment (apps and services) is
working properly and helps kids (users) play safely.
The Problem: CVE-2020-8558 (A Broken Lock)

• CVE-2020-8558 is like a broken lock on the

playground gate. It’s a small mistake that lets
someone sneak into the playground without
permission.

• Risk: A hacker (a bad guy) finds the broken

lock and sneaks into the playground.
 The Attack: Hacker Causes Trouble

• Once inside, the hacker doesn’t just play nicely.

• Instead, they start mining cryptocurrency (like
digging holes in the sandbox to find hidden
treasure).
• This makes the playground super slow for
everyone else.
• The swings (APPS) don’t swing (RUN) fast, the
slides get stuck (HANGING / HALTING), and the
kids (users) get frustrated.
 PIPELINE
• Cloud: A big playground for apps and websites.
• AWS EC2: The playground equipment.
• Kubernetes: The playground supervisor.
• CVE-2020-8558: A broken lock that lets a hacker
sneak in.
• Attack: The hacker mines cryptocurrency, slowing
everything down.
• Mitigation: Fix the lock, add a guard, and watch
for trouble.
 How to Mitigate Cloud-Related CVEs
1. Patch Management: Regularly update and patch cloud
software, platforms, and services to fix known
vulnerabilities.
2. Vulnerability Scanning: Use tools to scan cloud
environments for vulnerabilities and misconfigurations.
3. Least Privilege: Limit access to cloud resources to only
those who need it.
4. Monitoring and Logging: Monitor cloud environments
for suspicious activity and log events for analysis.
5. Encryption: Encrypt sensitive data at rest and in transit to
protect it from unauthorized access.
6. Incident Response: Have a plan in place to respond to
security incidents quickly and effectively.
Principal Security Dangers in Cloud Computing

• Understanding Security Risks in Cloud

Computing
– Loss of control: Data and applications are stored on
third-party servers.
– Unauthorized access: Hackers may target cloud
accounts.
– Data leakage: Sensitive information may be
accidentally exposed.
– Service outages: If the cloud server fails, services go
offline.
– Compliance issues: Data must meet legal regulations
like GDPR, HIPAA, etc.
 Example:

• Imagine a company stores customer credit

card details on the cloud. If hackers gain
access, they could steal financial data,
harming the company’s reputation.
 ⚠️Principal Security Dangers to Cloud
Computing
Threat Description Example
• Unauthorized access to
Data Breaches confidential data. Hacking into cloud storage.

Weak interfaces that allow

Insecure APIs attackers to exploit services. Poorly secured login APIs.
Overloading a system to Flooding a server with fake
Denial of Service (DoS) make services unavailable. traffic.
Employees misusing access Cloud admin stealing
Malicious Insiders rights. company data.
Unauthorized control of user Stolen login credentials via
Account Hijacking accounts. phishing.
Permanent loss of data due
to accidental deletion or
Data Loss attacks. No backups of critical files.
Multiple users share the One user’s actions may affect
Shared Technology Risks same infrastructure. others.
 🔒 Internal Security Breaches
• Internal breaches happen when insiders
(employees, contractors) with authorized access
intentionally or accidentally cause harm.
• Causes:
• Disgruntled employees.
• Poor access controls.
• Lack of monitoring.
• Example:
• A system administrator copies sensitive company
files before leaving the job.
 Prevention:

• Use role-based access control (RBAC).

• Monitor user activities.
• Revoke access immediately when employees
leave.
User Account and Service Hijacking
• This occurs when attackers steal a legitimate
user's credentials to gain control over cloud
accounts or services.
• How it happens:
– Phishing emails trick users into giving passwords.
– Brute force attacks crack weak passwords.
– Session hijacking captures active session tokens.
 Dangers

• Attackers can delete data.

• Run expensive cloud services, increasing bills.
• Access other connected services.
• Prevention:
• Enable Multi-Factor Authentication (MFA).
• Regularly change passwords.
• Use strong, unique passwords.
 Measures to Reduce Cloud Security
Breaches
Measure Explanation
Data Encryption Encrypt data in transit and at rest.
Limit access based on roles and
Access Control responsibilities.
Regular Audits Review and analyze cloud activities.
Keep regular backups to avoid data
Backups loss.
Firewalls Block unauthorized traffic.
Detect suspicious activities in real-
Intrusion Detection Systems (IDS) time.
Update software to fix known
Security Patches vulnerabilities.
Educate users to recognize phishing
User Training
and scams.
 🌐 SAML in Cloud Computing
• SAML (Security Assertion Markup Language) is an open
standard that allows identity providers (IdPs) to pass
authorization credentials (like login info) to service
providers (SPs).
•
It is used widely in cloud environments to enable Single
Sign-On (SSO) between multiple cloud applications securely.

• Format: XML-based
• Purpose: Securely exchange authentication and
authorization data between parties.
Understanding the IAM Model in the Cloud

• IAM (Identity and Access Management) is a

framework of policies and technologies that
ensures the right individuals have the right
access to cloud resources.
Component Purpose
People who log in (employees,
Users admins).
Set of permissions (admin,
Roles viewer).
Rules defining what a user can
Policies do.
Collections of users with similar
Groups roles.
• In cloud platforms (like AWS IAM, Azure AD,
Google IAM), SAML integrates into the IAM
model to manage authentication and give
users seamless, secure access.
 What is an Assertion Token?

• When using SAML, an assertion token is a

digital message that carries authentication
and authorization data from the Identity
Provider (IdP) to the Service Provider (SP).
 How it works
1. User tries to access a cloud app (SP).
2. SP redirects the user to the IdP (like Google
Workspace or Azure AD).
3. IdP verifies the user's identity.
4. IdP creates a SAML Assertion (token).
5. The assertion contains:
1. User ID
2. Authentication time
3. User roles
6. Assertion is sent to the SP, which grants access.
 How is PII (Personally Identifiable
Information) Secured?
• SAML protects PII during authentication and
transmission with:
– Encryption: Assertion tokens can be encrypted so
only the SP can read sensitive data.
– Signing: Tokens are digitally signed to prevent
tampering.
– Secure transport: SAML uses HTTPS/TLS to transmit
data safely.
– Minimal data sharing: Only necessary user details
are shared, reducing exposure.
 What is SSO (Single Sign-On)?

• SSO allows users to log in once and access

multiple cloud applications without logging in
again for each app.
• Why is SSO helpful in cloud security?
Benefit Explanation
Reduces risk of weak
Fewer Passwords passwords.
Easy to manage who has
Centralized Control access.
Users don’t have to
Improved User Experience remember multiple logins.
Users enter credentials only
Reduced Phishing Risk at trusted IdP.