Cloud computing allows for shared resources and data to be provided over the internet. Cloud security aims to protect this data and infrastructure through policies, technologies, and controls. There are security concerns both for cloud providers in maintaining infrastructure integrity and user data safety, and for users in ensuring strong authentication. Nine notable security threats are identified: data breaches, data loss, account hijacking, insecure interfaces, denial of service attacks, malicious insiders, abuse of cloud services, insufficient due diligence, and shared technology vulnerabilities. The document outlines preventative measures for each threat and discusses related privacy and data protection laws in India.

1. CLOUD
SECURITY
BY-UTKARSH
KUM
AR

2. CLOUD COMPUTING SECURITY….???
Cloud computing, also known as on-demand computing,
is a kind of internet-based computing, where shared resources and
information are provided to computers and other devices on-demand.
Cloud Security is an evolving sub-domain of computer
security, network security, and, more broadly, information security. It
refers to a broad set of policies, technologies, and controls deployed to
protect data, applications, and the associated infrastructure of cloud
computing.

3. SECURITY CONCERNS
SECURITY ISSUES
*faced by Cloud Providers-(providing SaaS,PaaS,IaaS)
*faced by Cloud Users-(using host applications,storing data on
cloud)
FOR PROVIDER-Provider must ensure that their Infrastructure is
good enough to provide service and to ensure user data is safe.
FOR USERS-Users should ensure that they use strong passwords
and other authentication measures.

5. SECURITY THREATS- NOTORIOUS 9 THREATS
1- DATA BREACHES- A virtual machine could use side channel
timing information to extract private cryptographic keys being
used in other virtual machines on the same physical server.
PREVENTIVE MEASURES-
Encrypting the data might result into some extent of control to
DATA Breach but it might lead to DATA Loss if the Encryption Key
is lost.
For this- *Proper Cloud deployment,*Encryption Key
Management,*Remote User Multi Factor Authentication.

6. CLOUD THREATS
2- DATA LOSS- Data can be lost due to malicious attacker as well
as naturally occuring calamities such as fire hazards, earthquake
etc.
PREVENTIVE MEASURES- *provider taking proper steps for
backup of data,*location and environmental
research,*encryption key.

7. CLOUD THREATS
3- ACCOUNT HIJACKING- Attack methods such as
phishing,fraud, and exploitation of software vulnerabilities still
achieve results.Credentials and passwords are often reused,
which amplifies the impact of such attacks.
PREVENTIVE MEASURES- *prohibiting sharing of account
credentials,*2-factor authentication technique,*Intrusion
detection.

8. CLOUD THREATS
4-INSECURE INTERFACES AND APIs- Cloud computing
providers expose a set of software interfaces or APIs that
customers use to manage and interact with cloud services.Weak
security of interfaces and APIs results into a big threat malicious
attack.
PREVENTIVE MEASURES- *application security,*trusted
download links.

9. CLOUD THREATS
5- DENIAL OF SERVICE-Denial-of-service attacks are attacks
meant to prevent users of a cloud service from being able to
access their data or their applications.
PREVENTIVE MEASURES- *application security,*equipment
power failure management,*resource planning,*intrusion
detection.

10. CLOUD THREATS
6-MALICIOUS INSIDERS- A malicious insider threat to an
organization is a current or former employee, contractor, or other
business partner who has or had authorized access to an
organization's network, system, or data and intentionally
exceeded or misused that access in a manner that negatively
affected the confidentiality, integrity, or availability of the
organization's information or information systems.
PREVENTIVE MEASURES- *background checks of
employees,*prohibiting Unauthorised access to locations and
informations.

11. CLOUD THREATS
7-ABUSE OF CLOUD SERVICES- It might take an attacker years
to crack an encryption key using his own limited hardware, but
using an array of cloud servers, he might be able to crack it in
minutes. Alternately, he might use that array of cloud servers to
stage a DDoS attack, serve malware or distribute pirated
software.
PREVENTIVE MEASURES- Difficult for Cloud providers to identify
Malicious idealogy users.
*incident response legal actions

12. CLOUD THREATS
8-INSUFFICIENT DUE DILIGENCE- Without a complete
understanding of the CSP environment, applications or services
being pushed to the cloud, and operational responsibilities such
as incident response, encryption, and security monitoring,
organizations are taking on unknown levels of risk in ways they
may not even comprehend, but that are a far departure from
their current risks.
PREVENTIVE MEASURES-*Industry knowledge,*Risk
Assesment,*Cloud Service Provider Environment,*Good
Deployment.

13. CLOUD THREATS
9-SHARED TECHNOLOGY VULNERABILITIES-Cloud service
providers deliver their services in a scalable way by sharing
infrastructure, platforms, and applications. The key is that a
single vulnerability or misconfiguration can lead to a compromise
across an entire provider’s cloud.
PREVENTIVE MEASURES-*Vulnerability
Management,*Segmentation,*Encryption.

14. RELATED LAWS IN INDIA
Basically Cloud Security deals with the Protection of Users data and maintaining
users privacy so the Law dealing with Privacy,Data Loss,Access can be Cloud
Security Related Laws.
In Information Technology Act,2000 following -
The Information Technology (Reasonable security practices and
procedures and sensitive personal data or information) Rules of
2011.
Section 72 Information Technology Act, 2000 lays down the penalty
for breach of confidentiality and privacy. This section is one of the few
provisions which are applicable in mitigating the breach of privacy with an
imprisonment up to 2 years and fine up to Rupees 1 lakh.
Section 43A IT Act Amendment 2008- Compensation for failure to
protect data. - not exceeding five crore rupees, to the person so affected.

15. THANK YOU!!!!
Sources of Study Content-
*CSA Survey Report
*IT Act 2000