The document outlines the fundamentals of cloud computing and its related service and deployment models, highlighting its advantages like high performance and scalability. It emphasizes the importance of cloud security, discussing various threats such as loss of governance, responsibility ambiguity, and data protection. The document also details necessary security measures, including effective governance, independent audits, role management, and ensuring data confidentiality and integrity.

1. CLOUD SECURITY
Nithin Raj
Rahul N

2. Cloud Computing
• Internet-based computing that provides shared processing resources
and data to computers and other devices on demand.
• Provide users and enterprises with various capabilities to store and
process their data in third-party data-centers.
• Availability of high-capacity networks, low-cost computers and
storage devices and hardware virtualization have led to a growth in
cloud computing.
• Advantages are high computing power, cheap cost of services, high
performance, scalability, accessibility and availability.

3. Service Models
• Infrastructure as a service (IaaS)
• Platform as a service (PaaS)
• Software as a service (SaaS)

4. Deployment models
• Private cloud
• Public cloud
• Hybrid cloud

5. Cloud Security
• It refers to a broad set of policies, technologies, and controls
deployed to protect data, applications, and the associated
infrastructure of cloud computing.
• Security issues fall into two categories : security issues faced by cloud
providers and security issues faced by their customers

6. Cloud Computing Threats
• Loss of governance : In a public cloud deployment, customers cede
control to the cloud provider over a number of issues that may affect
security.
• Responsibility ambiguity : Responsibility over aspects of security may
be split between the provider and the customer.
• Authentication and Authorization : Accessing cloud resources from
anywhere heightens the need for better authentication.
• Isolation failure : It covers the failure of mechanisms separating the
usage of storage, memory, routing and even reputation between
tenants.

7. • Compliance and legal risks : The cloud customer’s interest may be
lost if the cloud provider cannot provide evidence of their own
compliance with the relevant requirements.
• Handling of security incidents : If detection, reporting and
subsequent management of security breaches is not done, it may
have impact on customer.
• Data protection : Exposure or release of sensitive data as well as the
loss or unavailability of data.
• Business failure of the provider : Lead to unavailability of data and
application of customer over an extended period.
• Service unavailability : This could be caused by hardware, software or
communication network failures.
• Insecure or incomplete data deletion : The termination of a contract
with a provider may not result in deletion of the customer’s data.

8. Cloud Computing Security
• Ensure effective governance, risk and compliance processes exist
• Verify that agreement between the customer and the provider, along with
associated documents, contain all their requirements(i.e, applications and
data hosted are secured).
• Cloud service providers should notify about the occurrence of any breach of
their system, regardless of the parties or data directly impacted.
• Servers hosting customer data may be located in multiple data centers within
different jurisdictions. This influences the protection of personally identifiable
information (PII) and legal and jurisdictional authority access to this data.

9. • Audit operational & business processes
• Customers should expect to see a report of the cloud provider's operations by
independent auditors.
• Auditors may be employed by the customer or by the provider - but the key
element is that they should be independent.
• Audits should be carried out by appropriately skilled staff typically belonging
to an independent auditing organization.
• Manage people, roles and identities
• Two sets of people : employees of the provider – access to the customer’s
data and applications, and employees of the customer - perform operations
on the provider’s systems.
• Cloud providers must allow the customer to assign and manage the roles and
associated levels of authorization for each of their users in accordance with
their security policies.

10. • Ensure proper protection of data and information
• Data Confidentiality : Outsourced data is stored in a cloud and out of the
owners' direct control. Only authorized users can access the sensitive data
while others.
• Data Access Controllability : Legal users can be authorized by the owner to
access the data, while others can not access it without permissions.
• Data Integrity : Data should not be illegally tampered, improperly modified,
deliberately deleted, or maliciously fabricated. If so, the owner should be able
to detect the corruption or loss.
• Ensure cloud networks and connections are secure
• Provide tools to protect clients from one another, such as VPN, firewall,
hypervisor.
• Monitor for intrusion attempts using activity auditing and logging.

11. • Understand the security requirements of the exit process
• The provider must ensure that any copies of the data are permanently erased
from its environment, wherever they may have been stored.
• The exit process must allow the customer to retrieve their data in a suitably
secure form, backups must be retained for agreed periods before being
eliminated

12. Thank You