The document outlines cloud security fundamentals, including types of security such as infrastructure, network, host, application, and data security, emphasizing the importance of safeguarding resources against internal and external threats. It details seven key principles and advanced challenges of cloud security, along with crucial components of cloud architecture and the need for robust controls to protect against data exposure and compliance issues. Furthermore, it discusses best practices for implementing security measures in various layers of the cloud environment, including storage, databases, and network security.

1. 18CSE442T CLOUD SECURITY
SRM INSTITUTE OF SCIENCE AND TECHNOLOGY,
CHENNAI.

2. Cloud Security Fundamentals- Infrastructure Security, Network
level security, Host level security, Application-level security,
Data security and Storage, Data privacy and security Issues,
Jurisdictional issues raised by Data location, Identity & Access
Management, Access Control, Trust, Reputation, Risk.
UNIT – I

3. Cloud Security Fundamentals
 What is cloud security and its types?
• Cloud security is a collection of procedures and technology designed to address
external and internal threats to business security.
• Organizations need cloud security as they move toward their digital transformation
strategy and incorporate cloud-based tools and services as part of their infrastructure.
• Cloud security is the set of control-based security measures and technology
protection, designed to protect online stored resources from leakage, theft, and data
loss.
• Protection includes data from cloud infrastructure, applications, and threats.
Security applications use software the same as SaaS (Software as a Service) model.

4.  What are cloud security Fundamentals?
• There are many protective methods that help secure the cloud; these measures
include access control, firewalls, penetration testing, obfuscation, tokenization,
virtual private networks (VPN), and not using public internet connections.
 7 Fundamentals of Cloud Security
• Understand what you’re responsible for
• Control user access
• Data protection
• Secure credentials
• Implement MFA
• Increase visibility
• Adopt a shift-left approach

5.  7 Advanced Cloud Security Challenges
• It becomes more challenging when adopting modern cloud approaches Like
automated cloud integration, continuous deployment (CI/CD) methods,
distributed serverless architecture, and short-term assets for tasks such as a service
and container.
• Some of the advanced cloud-native security challenges are :
 Enlarged Surface
 Lack of visibility and tracking
 Ever-changing workload
 DevOps, DevSecOps, and Automation
 Granular privileges and critical management
 Complex environment
 Cloud Compliance and Governance

6. Infrastructure Security
• Cloud infrastructure security is the practice of securing resources deployed in a cloud
environment and supporting systems.
• Cloud infrastructure is made up of at least 7 basic components, including user
accounts, servers, storage systems, and networks.
• Cloud environments are dynamic, with short-lived resources created and terminated
many times per day. This means each of these building blocks must be secured in an
automated and systematic manner.
 Components of Cloud Infrastructure
• Accounts
• Service accounts in the cloud are typically privileged accounts, which may have
access to critical infrastructure. Once compromised, attackers have access to cloud
networks and can access sensitive resources and data.
• Service accounts may be created automatically when you create new cloud resources,
scale cloud resources, or stand up environments using infrastructure as code (IaC).
• Servers
• While a cloud environment is virtualized, behind the scenes it is made up of physical
hardware deployed at multiple geographical locations. This includes physical servers,
storage devices, load balancers, and network equipment like switches and routers.

7. a. Control inbound and outbound communication
• your server should only be allowed to connect to networks, and specific IP ranges
needed for its operations.
• For example, a database server should not have access to the public internet, or any
other IP, except those of the application instances it serves.
b. Encrypt communications
• whether communications go over public networks or within a secure private network,
they should be encrypted to avoid man-in-the-middle (MiTM) attacks.
• Never use unsecured protocols like Telnet or FTP. Transmit all data over HTTPS, or
other secure protocols like SCP (Secure Copy) or SFTP (Secure FTP).
c. Use SSH keys
• Avoid accessing cloud servers using passwords, because they are vulnerable to brute
force attacks and can easily be compromised.
• Use SSH keys, which leverage public/private key cryptography for more secure
access.
d. Minimize privileges
• Only users or service roles that absolutely need access to a server should be granted
access. Carefully control the access level of each account to ensure it can only access
the specific files and folders, and perform specific operations, needed for its role.
• Avoid using the root user any operation should be performed using identified user
accounts.

8. • Hypervisors
• A hypervisor runs on physical hardware and makes it possible to run several virtual
machines (VMs), each with a separate operating system.
• All cloud systems are based on hypervisors. Therefore, hypervisors are a key
security concern, because compromise of the hypervisor (an attack known as hyper
jacking) gives the attacker access to all hosts and virtual machines running on it.
• In public cloud systems, hypervisor security is the responsibility of the cloud
provider, so you don’t need to concern yourself with it. There is one exception
when running virtualized workloads on a public cloud, using systems like VMware
Cloud, you are responsible for securing the hypervisor.
• In private cloud systems, the hypervisor is always under your responsibility. Here
are a few ways to ensure your hypervisor is secure:
• Ensure machines running hypervisors are hardened, patched, isolated from public
networks, and physically secured in your data center.
• Assign the least privileges to local user accounts, carefully controlling access to the
hypervisor.
• Harden, secure, and closely monitor machines running the virtual machine monitor
(VMM) and virtualization management software, such as Vmware vSphere.

9. • Secure and monitor shared hardware caches and networks used by the hypervisor.
• Pay special attention to hypervisors in development and testing environments to
ensure appropriate security measures are applied when a new hypervisor is
deployed to production.
• Storage
• In cloud systems, virtualization is used to abstract storage from hardware systems.
Storage systems become elastic pools of storage or virtualized resources that can be
provisioned and scaled automatically.
Here are a few ways to secure your cloud storage services:
 Identify which devices or applications connect to cloud storage, which clouds
storage services are used throughout the organization, and map data flows.
 Block access to cloud storage for internal users who don’t need it, and eliminate
shadow usage of cloud services by end-users.
 Classify data into sensitivity levels—a variety of automated tools are available.
This can help you focus on data stored in cloud storage that has security or
compliance implications.
 Remove unused data—cloud storage can easily scale and it is common to retain
unnecessary data, or entire data volumes or snapshots that are no longer used.
Identify this unused data and eliminate it to reduce the attack surface and your
compliance obligations.

10.  Carefully control access to data using identity and access management (IAM) systems,
and applying consistent security policies for cloud and on-premises systems.
 Use cloud data loss prevention (DLP) tools to detect and block suspicious data
transfers, data modification or deletion, or data access, whether malicious or
accidental.
• Databases
• Databases in the cloud can easily be exposed to public networks, and almost always
contain sensitive data, making them an imminent security risk. Because databases are
closely integrated with the applications they serve and other cloud systems, those
adjacent systems must also be secured to prevent compromise of the database.
Here are a few ways to improve security of databases in the cloud:
• Hardening configuration and instances—if you deploy a database yourself in a
compute instance, it is your responsibility to harden the instance and securely
configure the database. If you use a managed database service, these concerns are
typically handled by the cloud provider.
• Database security policies—ensure database settings are in line with your
organization’s security and compliance policies. Map your security requirements and
compliance obligations to specific settings on cloud database systems. Use automated
tools like CSPM to ensure secure settings are applied to all database instances.

11. • Network access—as a general rule, databases should never be exposed to public
networks and should be isolated from unrelated infrastructure. If possible, a database
should only accept connections from the specific application instances it is intended to
serve.
• Permissions—grant only the minimal level of permissions to users, applications, and
service roles. Avoid “super users” and administrative users with blanket permissions.
Each administrator should have access to the specific databases they work on.
• End user device security—security is not confined to the cloud environment. You
should be aware of what endpoint devices administrators are using to connect to your
database. Those devices should be secured, and you should disallow connections from
unknown or untrusted devices, and monitor sessions to detect suspicious activity.
• Network
Here are a few ways you can secure cloud networks:
• Cloud systems often connect to public networks but also use virtual networks to
enable communication between components inside a cloud. All public cloud providers
let you set up a secure, virtual private network for your cloud resources ( called a VPC
in Amazon and a VNet in Azure).
• Use security groups to define rules that define what traffic can flow between cloud
resources. Keep in mind that security groups are tightly connected to compute
instances, and compromise of an instance grants access to the security group
configuration, so additional security layers are needed.

12. • Use Network Access Control Lists (ACL) to control access to virtual private
networks. ACLs provide both allow and deny rules and provide stronger security
controls than security groups.
• Use additional security solutions such as firewalls as a service (FWaaS) and web
application firewalls (WAF) to actively detect and block malicious traffic.
• Deploy Cloud Security Posture Management (CSPM) tools to automatically review
cloud networks, detect non-secure or vulnerable configurations and remediate them.
• Kubernetes
• When running Kubernetes on the cloud, it is almost impossible to separate the
Kubernetes cluster from other cloud computing layers. These include the application
or code itself, container images, compute instances, and network layers.
• Each layer is built on top of the previous layer, and all layers must be protected for
defense in depth.
• The Kubernetes project recommends approaching security from four angles, known
as the “4 Cs”:
 Code—ensuring code in containers is not malicious and uses secure coding practices.
 Containers—scanning container images for vulnerabilities, and protecting containers
at runtime to ensure they are configured securely according to best practices.

13.  Clusters—protecting Kubernetes master nodes and ensuring cluster
configuration is in line with security best practices.
 Cloud—using cloud provider tools to secure the underlying infrastructure,
including compute instances and virtual private clouds (VPC) Compliance with
security best practices, industry standards, and benchmarks, and internal
organizational strategies in a cloud-native environment also face challenges.

14. Network level security
• Network Security protects your network and data from breaches, intrusions, and
other threats. This is a vast and overarching term that describes hardware and
software solutions as well as processes or rules and configurations relating to network
use, accessibility, and overall threat protection.
• IP security (IPSec)
• The IP security (IPSec) is an Internet Engineering Task Force (IETF) standard suite
of protocols between 2 communication points across the IP network that provide data
authentication, integrity, and confidentiality. It also defines the encrypted, decrypted,
and authenticated packets. The protocols needed for secure key exchange and key
management are defined in it.
• Uses of IP Security –
IPsec can be used to do the following things:
 To encrypt application layer data.
 To provide security for routers sending routing data across the public internet.
 To provide authentication without encryption, like to authenticate that the data
originates from a known sender.
 To protect network data by setting up circuits using IPsec tunneling in which all data
being sent between the two endpoints is encrypted, as with a Virtual Private
Network(VPN) connection.

15. • Components of IP Security –
It has the following components:
 Encapsulating Security Payload (ESP) –It provides data integrity, encryption,
authentication, and anti-replay. It also provides authentication for payload.
 Authentication Header (AH) –It also provides data integrity, authentication, and
anti-replay and it does not provide encryption. The anti-replay protection protects
against unauthorized transmission of packets. It does not protect data’s confidentiality.
 Internet Key Exchange (IKE) - It is a network security protocol designed to
dynamically exchange encryption keys and find a way over Security Association (SA)
between 2 devices. The Security Association (SA) establishes shared security
attributes between 2 network entities to support secure communication. The Key
Management Protocol (ISAKMP) and Internet Security Association provides a
framework for authentication and key exchange. ISAKMP tells how the set up of the
Security Associations (SAs) and how direct connections between two hosts that are
using IPsec.

16. • Internet Key Exchange (IKE) provides message content protection and also an open
frame for implementing standard algorithms such as SHA and MD5. The algorithm’s
IP sec users produce a unique identifier for each packet. This identifier then allows a
device to determine whether a packet has been correct or not. Packets that are not
authorized are discarded and not given to the receiver.

17. Working of IP Security –
• The host checks if the packet should be transmitted using IPsec or not. These packet
traffic triggers the security policy for themselves. This is done when the system
sending the packet applies appropriate encryption. The incoming packets are also
checked by the host whether they are encrypted properly or not.
• Then the IKE Phase 1 starts in which the 2 hosts( using IPsec ) authenticate
themselves to each other to start a secure channel. It has 2 modes. The Main mode
provides greater security and the Aggressive mode which enables the host to establish
an IPsec circuit more quickly.
• The channel created in the last step is then used to securely negotiate the way the IP
circuit will encrypt data across the IP circuit.
• Now, the IKE Phase 2 is conducted over the secure channel in which the two hosts
negotiate the type of cryptographic algorithms to use in the session and agree on
secret keying material to be used with those algorithms.
• Then the data is exchanged across the newly created IPsec encrypted tunnel. These
packets are encrypted and decrypted by the hosts using IPsec SAs.
• When the communication between the hosts is completed or the session times out then
the IPsec tunnel is terminated by discarding the keys by both the hosts.

18. Host level security
Host level security" refers to measures implemented to protect individual computers
(hosts) within a network. This type of security focuses on safeguarding the operating
system, applications, and data on each host against unauthorized access, malware, and
other threats. Key components of host level security include:
Antivirus and Antimalware Software: Protects against viruses, worms, trojans, and
other malicious software.
Firewalls: Controls incoming and outgoing network traffic based on predetermined
security rules.
Patch Management: Regularly updates software and operating systems to fix
vulnerabilities.
Intrusion Detection Systems (IDS): Monitors network or system activities for malicious
actions or policy violations.
Access Controls: Manages who can access the system and what they can do.
Encryption: Protects data both at rest and in transit.
Backup and Recovery: Ensures data can be restored in case of a breach or failure.
Security Policies: Establishes rules and procedures for maintaining security

19. Host level security
 SaaS/PaaS
• Both the PaaS and SaaS platforms abstract and hide the host OS from end-users
• Host security responsibilities are transferred to the CSP (Cloud Service Provider)
 You do not have to worry about protecting hosts
• However, as a customer, you still own the risk of managing information hosted in the
cloud services.
 Case study: Amazon's EC2 infrastructure
 “Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party
Compute Clouds”
• Multiple VMs of different organizations with virtual boundaries separating each
VM can run within one physical server
• "virtual machines" still have internet protocol, or IP, addresses, visible to anyone
within the cloud.
• VMs located on the same physical server tend to have IP addresses that are close
to each other and are assigned at the same time

20. • An attacker can set up lots of his own virtual machines, look at their IP
addresses, and figure out which one shares the same physical resources as an
intended target
• Once the malicious virtual machine is placed on the same server as its target, it is
possible to carefully monitor how access to resources fluctuates and thereby
potentially glean sensitive information about the victim
 Local Host Security
• Are local host machines part of the cloud infrastructure?
 Outside the security perimeter
 While cloud consumers worry about the security on the cloud provider’s site,
they may easily forget to harden their own machines
• The lack of security of local devices can
 Provide a way for malicious services on the cloud to attack local networks
through these terminal devices
 Compromise the cloud and its resources for other users
• With mobile devices, the threat may be even stronger
 Users misplace or have the device stolen from them
 Security mechanisms on handheld gadgets are often times insufficient compared
to say, a desktop computer
 Provides a potential attacker an easy avenue into a cloud system.

21.  If a user relies mainly on a mobile device to access cloud data, the threat to
availability is also increased as mobile devices malfunction or are lost.
• Devices that access the cloud should have
 Strong authentication mechanisms
 Tamper-resistant mechanisms
 Strong isolation between applications
 Methods to trust the OS
 Cryptographic functionality when traffic confidentiality is required

23. Application-level security
 What is application-level security?
 Application layer security refers to ways of protecting web applications at the
application layer (layer 7 of the OSI model) from malicious attacks. Since the
application layer is the closest layer to the end-user, it provides hackers with the
largest threat surface.
 DoS
 EDoS (Economic Denial of Sustainability)
• An attack against the billing model that underlies the cost of providing a service
with the goal of bankrupting the service itself.
 End user security
 Who is responsible for Web application security in the cloud?
 SaaS/PaaS/IaaS application security
 Customer-deployed application security
 Some Examples Of Application-level Security Services:
• When an application puts a message on a queue, the message descriptor contains a
user ID associated with the application. However, there is no data present, such as an
encrypted password, that can be used to authenticate the user ID. A security service
can add this data.

24. • When the message is eventually retrieved by the receiving application, another
component of the service can authenticate the user ID using the data that has traveled
with the message. This is an example of an identification and authentication service.
• A message can be encrypted when it is put on a queue by an application and decrypted
when it is retrieved by the receiving application. This is an example of a
confidentiality service.
• A message can be checked when it is retrieved by the receiving application. This
check determines whether its contents have been deliberately modified since it was
first put on a queue by the sending application. This is an example of a data integrity
service.
 Advanced Message Security
Advanced Message Security ( AMS) is a component of IBM MQ that provides a high
level of protection for sensitive data flowing through the IBM MQ network, while not
impacting the end applications.
 Providing your own application-level security
The collection of topics describes how you can provide your own application-level
security services.

26. Data security and Storage
 Several aspects of data security, including:
 Data-in-transit
• Confidentiality + integrity using a secured protocol
• Confidentiality with non-secured protocol and encryption
 Data-at-rest
• Generally, not encrypted , since data is commingled with other users’ data
• Encryption if it is not associated with applications?
 But how about indexing and searching?
 Then homomorphic encryption vs. predicate encryption?
 Processing of data, including multitenancy
• For any application to process data, not encrypted
 Data lineage
• Knowing when and where the data was located w/i cloud is important for
audit/compliance purposes
• e.g., Amazon AWS
Store <d1, t1, ex1.s3.amazonaws.com>
Process <d2, t2, ec2.compute2.amazonaws.com>
Restore <d3, t3, ex2.s3.amazonaws.com>

27.  Data provenance
• Computational accuracy (as well as data integrity)
• E.g., financial calculation: sum ((((2*3)*4)/6) -2) = $2.00 ?
 Correct: assuming US dollar
 How about dollars for different countries?
 Correct exchange rate?
 Data remanence
• Inadvertent disclosure of sensitive information is possible
 Data security mitigation?
• Do not place any sensitive data in a public cloud
• Encrypted data is placed into the cloud?
 Provider data and its security: storage
• To the extent that quantities of data from many companies are centralized,
this collection can become an attractive target for criminals
• Moreover, the physical security of the data center and the trustworthiness of
system administrators take on new importance.

28. Data privacy and security Issues
 Data privacy
• The concept of privacy varies widely among (and sometimes within) countries,
cultures, and jurisdictions.
• It is shaped by public expectations and legal interpretations; as such, a concise
definition is elusive if not impossible.
• Privacy rights or obligations are related to the collection, use disclosure, storage, and
destruction of personal data (or Personally Identifiable Information—PII).
• At the end of the day, privacy is about the accountability of organizations to data
subjects, as well as the transparency of an organization’s practice around personal
information.
 What Are the Key Privacy Concerns?
• Typically mix security and privacy
• Some considerations to be aware of:
 Storage
 Retention
 Destruction
 Auditing, monitoring, and risk management
 Privacy breaches
 Who is responsible for protecting privacy?

29.  Personal information should be managed as
part of the data used by the organization
 Protection of personal information should
consider the impact of the cloud on each
phase
What is the data life cycle?

30.  Storage
 Is it commingled with information from other organizations that use the same CSP?
 The aggregation of data raises new privacy issues
• Some governments may decide to search through data without necessarily
notifying the data owner, depending on where the data resides
 Whether the cloud provider itself has any right to see and access customer data?
 Some services today track user behaviour for a range of purposes, from sending
targeted advertising to improving services
 Retention
 How long is personal information (that is transferred to the cloud) retained?
 Which retention policy governs the data?
 Does the organization own the data or the CSP?
 Who enforces the retention policy in the cloud, and how are exceptions to this policy
(such as litigation holds) managed?
 Destruction
 How does the cloud provider destroy PII at the end of the retention period?
 How do organizations ensure that their PII is destroyed by the CSP at the right point
and is not available to other cloud users?
 Cloud storage providers usually replicate the data across multiple systems and sites—
increased availability is one of the benefits they provide.

31. • How do you know that the CSP didn’t retain additional copies?
• Did the CSP really destroy the data, or just make it inaccessible to the
organization?
• Is the CSP keeping the information longer than necessary so that it can mine the
data for its own use?
 Auditing, monitoring, and risk management
 How can organizations monitor their CSP and provide assurance to relevant
stakeholders that privacy requirements are met when their PII is in the cloud?
 Are they regularly audited?
 What happens in the event of an incident?
 If business-critical processes are migrated to a cloud computing model, internal
security processes need to evolve to allow multiple cloud providers to participate in
those processes, as needed.
• These include processes such as security monitoring, auditing, forensics, incident
response, and business continuity.
 Privacy breaches
 How do you know that a breach has occurred?
 How do you ensure that the CSP notifies you when a breach occurs?
 Who is responsible for managing the breach notification process (and costs associated
with the process)?

32.  If contracts include liability for breaches resulting from the negligence of the CSP?
• How is the contract enforced?
• How is it determined who is at fault?
 Who is responsible for protecting privacy?
 Data breaches have a cascading effect
 Full reliance on a third party to protect personal data?
 In-depth understanding of responsible data stewardship
 Organizations can transfer liability, but not accountability
 Risk assessment and mitigation throughout the data life cycle is critical.
 Many new risks and unknowns
• The overall complexity of privacy protection in the cloud represents a bigger
challenge.

33.  Security Issues in the Cloud
 In theory, minimizing any of the issues would help:
 Third-Party Cloud Computing
 Loss of Control
• Take back control
 Data and apps may still need to be on the cloud
 But can they be managed in some way by the consumer?
 Lack of trust
• Increase trust (mechanisms)
 Technology
 Policy, regulation
 Contracts (incentives): the topic of a future talk
 Multi-tenancy
• Private cloud
 Takes away the reasons to use a cloud in the first place
• VPC: it’s still not a separate system
• Strong separation
 Third Party Cloud Computing
Like Amazon’s EC2, Microsoft’s Azure
 Allow users to instantiate Virtual Machines
 Allow users to purchase required quantity when required
 Allow service providers to maximize the utilization of sunk capital costs
 Confidentiality is very important

34. Jurisdictional Issues raised by Data
location
 Jurisdictional issues are mostly related to the location of data and the specific laws
that apply in that location. Cloud service providers locate their data centers in order
to reduce their operational costs. The placement of data centers is influenced by the
desire to optimally serve customers on a global scale.
 Types Of Jurisdiction
 Jurisdiction may be broken down into two categories: personal jurisdiction and
subject matter jurisdiction. Personal jurisdiction is the requirement that a given
court has power over the defendant, based on minimum contact with the forum.
 What are jurisdictional issues
 Jurisdictional issues are mostly related to the location of data and the specific laws
that apply in that location.
 Cloud service providers locate their data centers in order to reduce their operational
costs.
 The placement of data centers is influenced by the desire to optimally serve customers
on a global scale.

36. Identity & Access Management
Access Management primarily focuses on Authentication and Authorization.
 Authentication
• Any combination of the following 3 factors will be considered as Strong
Authentication:
 What you know
 Password
 Passphrase
 What you are
 Iris
 Fingerprint
 What you have
 Token
 Smartcard
 Authorization
• 2 primary forms of Authorization:
 Coarse-Grain
 High-level and overarching entitlements
 Create, Read, Update, Modify
 Fine-Grain
 Detailed and explicit entitlements
 Based on factors such as time, dept, role and location

38.  Managing Digital Identities: What Are the Challenges?
Challenges to managing digital identities include:
• Multiple identity stores
• Intranet access management
• Extranet access management
 How Can Identity and Access Management Reduce Directory Management Efforts?
• Initiatives that reduce directory management efforts include:
• Automating provisioning and de-provisioning
• Implementing identity aggregation and synchronization
• Establishing directory service and security standards
• Establishing software development and procurement standards
• Reducing TCO
 How Can Identity and Access Management Simplify the End User Experience?
Initiatives that simplify the end-user experience include:
• Consolidating identity stores
• Improving password management
• Enabling SSO
• Improving access for employees, customers, and partners

40.  How Can Identity and Access Management Increase Security?
Initiatives that increase security include:
• Establishing security and access policies
• Improving password management
• Strengthening authentication mechanisms
• Establishing a security audit policy
• Developing identity-aware applications
 Managing Identities: What Are the Challenges?
Challenges related to managing multiple identity stores include:
• Management costs
• Employee productivity
• Security
• Customer service and supply chain integration
 Managing Identity Integration
Approaches to managing identity integration among directory stores include:
• Manual administration
• Custom scripts
• Integration services
• Identity integration products

42.  Understanding Identity Integration Products and Services
 You can implement identity integration by using a number of identity integration
products and services:
• Identity Integration Feature Pack
• Microsoft Identity Integration Server 2003
• Services for UNIX
• Services for NetWare
• Host Integration Server
• Active Directory Connector
• Active Directory to ADAM Synchronizer
 Using the Identity Integration Feature Pack to Manage Identities
 IIFP is a free product that provides connections to only the following directories and
e-mail applications:
• Active Directory for Windows 2000 Server and later
• Active Directory Application Mode (ADAM)
• GAL synchronization for Exchange 2000 Server and Exchange Server 2003

44.  Using Microsoft Identity Integration Server to Manage Identities
MIIS 2003 provides the following set of features:
• Identity aggregation and synchronization
 Support for over 20 repositories
 Provides a single enterprise view of a user
 Uses SQL Server as the information repository
• Account provisioning
 Automated account creation/deletion
 Group & distribution list management
 Workflow
 Password management
 Implementing Account Provisioning
Typical ways of implementing account provisioning include:
• HR-driven provisioning
• Web-driven provisioning
• Complex workflow provisioning using Microsoft BizTalk Server 2004 orchestration

45. Access Control
• Access control is a method of limiting access to a system or to physical or virtual
resources. It is a process by which users can access and are granted certain
prerogative to systems, resources, or information.
• Access control is a security technique that has control over who can view different
aspects, what can be viewed, and who can use resources in a computing
environment. It is a fundamental concept in security that reduces risk to the business
or organization.
• Access control systems perform identification, authentication, and authorization of
users and entities by evaluating required login credentials that may include
passwords, pins, biometric scans, or other authentication factors.
• There is multi-factor authentication which requires two or more authentication
factors which is often an important part of the layered defense to protect access
control systems.
 Authentication Factors:
 Password or PIN
 Bio-metric measurement (fingerprint & retina scan)
 Card or Key
• Different access control models are used depending on the compliance requirements
and the security levels of information technology that is to be protected.

46.  Types of Access Control
• Physical Access Control:
Physical access control restricts entry to campuses, buildings, rooms, and
physical IT assets.
• Logical Access Control:
Logical access control limits connections to computer networks, system files,
and data.
 Access Control Models
 Attribute-based Access Control (ABAC):
In this model, access is granted or declined by evaluating a set of rules, policies,
and relationships using the attributes of users, systems, and environmental
conditions.
 Discretionary Access Control (DAC):
In DAC, the owner of data determines who can access specific resources.
 History-Based Access Control (HBAC):
Access is granted or declined by evaluating the history of activities of the
inquiring party that including behavior, the time between requests, and the
content of requests.

47.  Identity-Based Access Control (IBAC):
By using this model network administrators can more effectively manage activity
and access based on individual requirements.
 Mandatory Access Control (MAC):
A control model in which access rights are regulated by a central authority based on
multiple levels of security. Security-Enhanced Linux is implemented using MAC on
the Linux operating system.
 Organization-Based Access control (OrBAC):
This model allows the policy designer to define a security policy independently of
the implementation.
 Role-Based Access Control (RBAC):
RBAC allows access based on the job title. RBAC eliminates discretion on a large
scale when providing access to objects. For example, there should not be permitted
for human resources specialists to create network accounts.
 Rule-Based Access Control (RAC):
RAC method is largely context-based. An example of this would be only allowing
students to use the labs during a certain time of day.

48. Access Control Principles

49. Access Control Policies

50. Role-based access control (RBAC)
 Services may classify their clients into named roles
e.g.
 login service: logged-in-user (after authentication)
 patient monitoring service: surgeon, doctor, nurse, patient
 online exam service: candidate, examiner, chief examiner
 digital library service: reader, librarian, administrator
 Access rights (privileges) are assigned to roles for use of services (method
invocation) or more fine-grained access to individual objects or broad categories of
objects managed by a service
 Scope of role names may be the local domain of the service or some role names may
be organization-wide, across federated domains
e.g.
 sales-manager used in all branches of a worldwide company
 police-sergeant used in all of the 52 UK county police forces
 NHS-doctor used throughout the UK NHS
Administration: note the separation:
principals –> roles, roles –> privileges

51.  Service developers need only specify authorization in terms of roles,
independently of the administration of principals
e.g. annual student cohort, staff leaving and joining
 Principals are authenticated, as always, and must also prove their right to
acquire/activate a role. They thus prove they are authorized to use a service
 Compare with ACLs – like ACLs containing only group names.
 Compare with capabilities – can a capability that proves role membership be
engineered?
 RBAC seems promising for fast authorization checking.
 (RBAC) Parametrised roles
 Roles may be parametrized for fine-grained access control to capture
relationships between principals:
 Policy: “only the doctor treating a patient may access the medical record”
e.g. treating-doctor ( hospital-ID, doctor-ID, patient-ID )
 patients and others may express exclusions asauthorizationn policy
e.g. doctor (doctor-ID)
 Policy: “where doctor is not Shipman”, “where doctor is not <x> (a relative)”
 Compare with ACLs containing only groups, with exclusions of individual
members- semantics of precedence of evaluation in ACLs has always been a
difficult area.

52.  (RBAC) Role hierarchies
 Some RBAC systems define role hierarchies with privilege inheritance up the
hierarchy.
 The hierarchy may mirror organizational structure, which reflects power and
responsibility rather than functional competence.
 Privilege inheritance is even less defensible for functional roles.
 Also: privilege inheritance violates the principle of minimum necessary privilege
and makes reasoning about privileges difficult
 Role hierarchies are defined in the later NIST RBAC standards.
 (RBAC) Inter-domain authorization
RBAC eases authorization outside principals’ home domains, because:
 Roles change less frequently than principals leave and join them
 Administration of users and role membership is separate from service
development and use.
 Negotiation on the use of services external to domains can be in terms of roles,
e.g. payment for a role to use a service
 Federated domains may contain agreed role names in each domain.
Makes policy easier to negotiate and express.
e.g. sales-department-staff, sales manager, salesman

53.  (RBAC) Authorisation context
 Authorisation policy could include other constraints on the use of a role
e.g. time of day, as well as relationships and exclusions.
 The privileges associated with a role might not be static.
e.g. student ( course-ID, student-ID) may read solutions to exercises only after
marked work has been returned.
e.g. Conference management system – a small-scale example follows of use of an
external service from a number of domains.
Access Control Architecture

54. Trust
 What is trust in cloud computing?
• Trust based on the service provider: by trust in performance, a user trusts a cloud
service with respect to performance, security, and privacy, based on the identity
of the provider. If the user trusts that the provider gives trustworthy cloud services,
then the cloud service is trusted.
 Trust Models
• Service provider’s perspective (SPP)
Trust from the provider’s POV
• Service requester’s perspective (SRP)
Trust from the consumer POV

55.  Techniques
• Policy as a Trust Management technique
• Recommendation as a TM technique
• Reputation as a TM technique
• Prediction as a TM technique
 Policy as a TM Technique
 Uses a set of policies to control the authorization and specify minimum trust levels
• Trust thresholds based on trust results or credentials
 A cloud service consumer x, has policies Px, credentials Cx, and minimum trust
threshold Tx
 Provider has all the same attributes (as y)
 Relationship is considered trusted if Tr(x,y) = 1
 Recommendation as a TM Technique
 Use prior experiences to determine trust
• Can use either explicit recommendation or transitive recommendation
 Consumer x, trust relation with cloud z, service provider y

56.  Reputation as a TM Technique
 Use consumer feedback to rate the service provider
• Amazon, eBay, Epinions
 Consumer x, trust threshold Tx, service provider y, set of trusted relations Tr(y)
which give trust feedback T f(y)
 Prediction as a TM Technique
 Useful when there is no prior information
 Similarly, minded entities are more likely to trust one another
 Consumer x has interests ix (as a vector) and minimum trust threshold Tx (service
provider is y)

57.  Trust Management Analytical Framework
 Trust Feedback Sharing Layer
• Different parties give trust feedback to each other
 Trust Assessment Layer
• Determining the level of trust for each party, potentially using multiple metrics
 Trust Results Distribution Layer
• Different parties requesting the trust level for other parties

59. Reputation
 Reputation management is the practice of influencing stakeholder perceptions and
public conversations about an organization and its brands. It includes monitoring
perceptions and conversations, responding to reputation threats, and proactively
seizing opportunities to boost reputation.
 Reputation management is part of a comprehensive organizational strategy that
implicates most business functions in some capacity, including:
• Communications
• Marketing
• Legal
• Customer experience
• Sales and loyalty.
 Reputation-reality gap.
 Reputation is distinct from the actual character or behavior of the company and may
be better or worse.
 When the reputation of a company is more positive than its underlying reality, this
gap poses a substantial risk.
 Eventually, the failure of a firm to live up to its billing will be revealed, and its
reputation will decline until it more closely matches the reality.

60.  Phases Of Reputation Management
• There are three phases of brand reputation maintenance including building,
maintaining, and recovering reputation.
 Reputation Building
• This is a key developmental stage in any reputation management strategy. At this
point, your main goal is to monitor your online reputation and develop a strong,
positive presence. A new business trying to own a bigger share of brand visibility
usually start with:
 Reputation monitoring
 Website
 Basic social media profiles
 Review management program
 Reputation Maintenance
• Maintenance is the stage you will focus most of your reputation management efforts
on once your company is mature.
 Make sure your site is optimized to appeal to search engines. That means a strong
mobile site, quick loading pages, and lots of relevant, quality content that is refreshed
and added to regularly.

61.  Build relationships with websites that can boost your reputation within your
industry. Since you already have your social media profiles set up, add to them by
offering to be a guest contributor on an industry website. Try to get the name of your
brand in the headline of any articles you write for another website because they’ll
perform better in Google.
 Put efforts into SEO. Appropriate use of tags, keywords, image descriptions, etc. will
all go a long way toward convincing search engines your content belongs at the top.
 Keep up your review management efforts.
 Reputation Recovery
• If you’ve built and maintained a comprehensive reputation program recovery will be
much easier when the inevitable storm hits. Unfortunately, most companies don’t
engage in a reputation campaign until something bad has happened.
 Bad reviews.
• Customers complain publicly because they want their complaints acknowledged.
Always respond to negative reviews on sites where the reviewer can change their
review or delete it – try to fix the problem.
• Hopefully, they will change their review. If you get a negative review on an
attack site where the person who posted it cannot retract it, a response in writing
may actually make things worse. This is because Google rewards content that is
refreshed.

62.  Bad rankings.
• If you don’t show up high enough in the search rankings, or if the first page or
two of results for your name bring up too many negative results, you’ll need to
take active measures toward improving the situation.
• Increase the amount of positive content that’s associated with you by amping up
your efforts for the steps listed above in “reputation maintenance.”
 Direct attacks.
• In the fight for clicks, bloggers and competitors may seek to harm you directly. A
common tactic of bloggers is to write something negative to get clicks.
• Clicks often translate to more advertising money for the blogger. While you do
have legal recourse in cases of libel, most of the time you’ll either have to ask
(politely) for the content to be removed, or you’ll have to focus on boosting
enough positive content about yourself that it drowns out the negative.
• Unfortunately, the structure of the web today rewards people by leveraging
negativity bias for personal rewards.

64. Risk
 Cloud computing provides various advantages, such as improved collaboration,
excellent accessibility, Mobility, Storage capacity, etc. But there are also security risks
in cloud computing.
a) Data Loss -
 Data loss is the most common cloud security risk of cloud computing. It is also known
as data leakage.
 Data loss is the process in which data is being deleted, corrupted, and unreadable by a
user, software, or application. In a cloud computing environment, data loss occurs
when our sensitive data is in somebody else's hands, one or more data elements can
not be utilized by the data owner, the hard disk is not working properly, and the
software is not updated.
b) Hacked Interfaces and Insecure APIs –
 Cloud computing completely depends on Internet, so it is compulsory to protect
interfaces and APIs that are used by external users.
 APIs are the easiest way to communicate with most cloud services. In cloud
computing, few services are available in the public domain. These services can be
accessed by third parties, so there may be a chance that these services are easily
harmed and hacked by hackers.

65. c) Data Breach
 Data Breach is the process in which confidential data is viewed, accessed, or stolen by
a third party without any authorization, so an organization's data is hacked by the
hackers.
d) Vendor lock-in
 Vendor lock-in is the of the biggest security risks in cloud computing. Organizations
may face problems when transferring their services from one vendor to another. As
different vendors provide different platforms, that can cause difficulty moving one
cloud to another.
e) Increased complexity strains IT, staff
 Migrating, integrating, and operating cloud services is complex for the IT staff. IT
staff must require the extra capability and skills to manage, integrate, and maintain the
data in the cloud.
f) Spectre & Meltdown
 Spectre & Meltdown allows programs to view and steal data that is currently
processed on the computer. It can run on personal computers, mobile devices, and the
cloud. It can store the password, and your personal information such as images,
emails, and business documents in the memory of other running programs.

66. g) Denial of Service (DoS) attacks
 Denial of service (DoS) attacks occur when the system receives too much traffic to
buffer the server. Mostly, DoS attackers target web servers of large organizations such
as banking sectors, media companies, and government organizations. To recover the
lost data, DoS attackers charge a great deal of time and money to handle the data.
h) Account Hijacking
 Account hijacking is a serious security risk in cloud computing. It is the process in
which an individual user's or organization's cloud account (bank account, e-mail
account, and social media account) is stolen by hackers. The hackers use the stolen
account to perform unauthorized activities.

68. THANK YOU