SEMINAR ON CLOUD SECURITY ...CHALLENGES AND SOLUTION ..Final! 2

CHAPTER ONE
1.0 INTRODUCTION TO CLOUD COMPUTING
Cloud computing is the delivery of shared computing services – including servers, storage,
databases, networking, software, analytics, and intelligence over the Internet (“the cloud”) to
offer faster innovation, flexible resources, and economies of scale. To simplify, Cloud computing
is on-demand delivery of IT resources. Cloud computing is a computing platform for sharing
resources that include infrastructures, software, applications, and business processes. Cloud
Computing is a virtual pool of computing resources. There are three service models of Cloud
computing namely Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure
as a service (IaaS). As per National Institute of Standards and Technology (NIST’s)
recommendations, four deployment models of Cloud Computing have been proposed, namely
Private Cloud, Public Cloud, Hybrid Cloud and Community Cloud. However, despite cloud
computing being seen as a major business avenue, it can be seen that migration to cloud
paradigm is barriered by concerns with data security and privacy protection. For example, with
rise of digital banking, the financial institutions are attracted towards the cloud. Owing to the
security concerns, they are trading with cautious steps to adopt this technology. Since users’
sensitive data is presented in unencrypted forms to remote machines owned and operated by third
party service providers, the risks of unauthorized disclosure of the user’s sensitive data by
service providers may be quite high. There have been numerous cases of breaches in security
resulting in the leakage or unauthorized access of information worth a fortune. In order to keep
the information system free from threats, analysts employ both network and data security
technologies. There are many techniques for protecting data from outside attackers. For
protecting the confidentiality of users’ data from service providers, it is ensured that the service
providers do not collect users’ confidential data while data is being processed. Cloud provides
Page | 1
various Internet based storages and services. More often than not, the same resource is used by
more than one user simultaneously. The storages are virtually split to make up space for multiple
users on the same service. This implies that multiple user data exists on the same storages more
often than not. This means that the user data needs to be protected from not only the service
providers and external attackers, but also from the peer users accessing the same resource on the
cloud. The data needs to be strictly differentiated to avoid data exchanges. In order for cloud
computing to be seen as a viable alternative, it must provide (at least) the same level of security
as traditional IT systems. In this seminar report, we explore through the recognized challenges
and threats experienced by cloud computing and also, we discuss some recognized solutions and
some measures for top identified threats to cloud computing.
1.2 Cloud Computing Architecture
When discussing cloud computing settings, the term "cloud architecture" refers to how different
cloud technology elements, such as hardware, virtual resources, software capabilities, and virtual
network systems, interact and communicate. It serves as a roadmap for the most effective
approach to strategically integrate resources to create a cloud environment for a particular
business purpose. The cloud architecture is separated into two sections:
i. Front end: This category includes all endpoint hardware, software, and services such
web servers, client-side interfaces, mobile devices, laptops, and networks. For instance,
front-end cloud services include Google, Firefox, and Microsoft Edge.
ii. Back end: The back end includes everything else not included in the front end, such as
servers, big storage devices, managing applications and services, security, etc. Back-end
cloud services include, for instance, Microsoft Azure, Google Cloud, and Amazon Web
Services
Page | 2
Figure 1: Cloud Computing Architecture
Source: Sashikumari Ramayan Singh. May, 2023
1.2.1 Elements of Cloud Computing Architecture
The elements for the cloud computing are as follows:
i. Management
Resources must be handled in real time in accordance with user needs for cloud service models.
To organize communication between the backend and frontend cloud architecture components
and distribute resources for certain activities, management software, sometimes referred to as
middleware, is crucial. In addition to middleware, management software will provide features for
data integration, application deployment, use monitoring, and disaster recovery.
ii. Application
This might be anything, from the platform to software. System and application software are both
successfully and efficiently managed through the cloud. Clients and end users can get the
information they require with the aid of the application. Users may immediately engage with the
program and complete required activities thanks to cloud computing design.
Page | 3
iii. Storage
Data storage is a significant challenge. Data storage frequently becomes a taxing process, even
with so many enormous physical storage devices and specialized storage units. This issue 12 has
been substantially overcome by cloud computing. As long as you're connected the internet, it's
incredibly simple to access data like files, movies, and documents that are saved in the cloud.
Microsoft Azure Storage, Amazon S3, Oracle Cloud Storage, and others are some of the most
used cloud storage systems.
iv. Services
The service, which manages all the actions carried out on a cloud computing system, is the brains
of the cloud architecture. It controls which resources, such as storage, application development
environments, and web applications, you have access to. It is divided into three different services
such as:
 IAAS (Infrastructure as a Services)
 PAAS (Platform as a Services)
 SAAS (Software as a Services)
v. Security
One of the most crucial parts of the cloud computing architecture, especially in the present, is
this one. Security plays a significant role in the shift that many small, medium, and large
enterprises are making to entirely cloud-based services. The following are a few of the most
fundamental and common measures used by cloud service providers:
 Data with limited client access
 Ongoing security examinations
 Advanced authentication
 Multiple forms of permission.
Page | 4
1.3 Types of Cloud Computing
Depending upon the suitability and exact purpose of the user, Cloud is divided into four types of
deployment models based upon location. They are:
1.3.1 Public Cloud
The term "public cloud" describes a cloud computing architecture in which a cloud service
provider makes cloud resources like processing capacity, storage, and applications accessible to
the general public via the internet. Users can access and use the resources on a pay-per-use basis,
and they are shared among many users.
Figure 2: Public Cloud Model

1.3.1.1 Benefits of Public Cloud
1. Less server management
If an organization adopts the public cloud service, the internal teams do not have to
manage servers – as they are doing for legacy on-premises data centers or internal private
clouds.
Page | 5
1. Security
Many startups might not have an accurate set of resources to implement strong security
practices and measures. By adopting public cloud services, they will outsource some
aspects of cyber security to a more significant provider with more resources.
2. Location Independent
If we discuss one more essential advantage of the public cloud, it is location-independent
because its services are provided through the web portal of the cloud provider.
3. Access to new technologies
Organizations adopted cloud get instant access to the latest technologies, from
automatically updated applications to machine learning and AI. Many cloud customers
lack the resources to obtain such permits on their own.
4. Virtually unlimited scalability
Cloud capacity and resources rapidly expand to satisfy user demands and traffic spikes.
Because of the various, logically separated cloud locations, users will experience higher
redundancy and availability in Cloud Computing.
5. Flexibility
Public cloud storage enables users to store high volumes of knowledge and access them
easily. Many organizations believe in the cloud for disaster recovery, creating multiple
data copies and applications in case of emergency or outage. It’s tempting to store all data
indefinitely. Still, users should find a knowledge retention policy that often deletes old
data from storage to avoid long-term storage costs and take care of privacy.
6. Analytics
Public cloud services allow the users to perform analytics on high volumes of data and
reside multiple data types to deliver business insights.
Page | 6
7. Costing effective
The cost of Public Cloud is cheaper as compared to private or hybrid Cloud as it shares
the same resources with a massive amount of customers. Public Cloud is location-free
because it can deliver its services with the help of the internet.
8. Save Time
Cloud service providers grab the responsibility to manage and maintain the data centers.
In these data centers, data is stored, and cloud users can save their time to initiate
connectivity. Also, it helps in deploying new services, releasing product updates,
configuring and management of servers.
9. Quick and Easy Setup
Users or companies can purchase public Cloud with the help of the internet. They have
the facility to deploy and configure it from a remote location through a cloud service
provider in some hours.
10. Business Agility
Public Cloud is capable of resizing computing resources depending upon the
requirements.
11. Scalability and Reliability
Public Cloud provides scalability and means easy to add and remove resources. And
Public Cloud is reliable as it allows for 24*7 services at affordable pricing.
1.3.1.2 Drawbacks of Public Cloud
1. Security and compliance concerns
It is a very difficult task to deploy equivalent security policies for an organization’s
internal resources and for a public cloud.
Page | 7
2. Vendor lock-in
This is often always a priority with cloud technology. An organization that uses the cloud
will economize and become more flexible as they are reliant upon the cloud vendor’s
services – the virtual machines, storage, applications, and technologies they supply to
take care of the operations.
3. Runaway costs
The increase in complex cloud costs and pricing models makes it difficult for
organizations to track IT spending.
4. Scarce cloud expertise
The second most main challenge is the skills gap among IT professionals within the cloud
computing industry. Companies struggle to rent and retain staff expertly in building and
managing modern cloud applications. Without an expert team, organizations face
difficulties in handling the complexities.
5. Limited controls
Control challenges include data separation problems, latency issues for remote end-users,
and adherence to industry- and country-specific regulations.
6. Low Security
Public Cloud is less secure than private and hybrid Cloud as its resources are shared with
multiple clients.
7. Performance
The speed of the internet is a deciding factor for performance in Public Cloud.
8. Less Customizable
Public Cloud is not much as customizable as the Private Cloud.
Page | 8
1.3.2 Private Cloud
The private cloud refers to any cloud solution dedicated for use by a single organization. In the
private cloud, you’re not sharing cloud computing resources with any other organization. The
datacenter resources may be located on-premise or operated by a third-party vendor off-site. The
computing resources are isolated and delivered via a secure private network, and not shared with
other customers. Private cloud is customizable to meet the unique business and security needs of
the organization.
Figure 3: Private Cloud Model

1.3.2.1 Benefits of Private Cloud
1. More Control
The private Cloud offers more control over the resources and hardware than the public
Cloud. This is because only authorized users have access.
2. Security and Privacy
The main advantage of the Private Cloud is its security and privacy. It consists of
improved and additional security levels compared to Public Cloud.
Page | 9
3. Improved Performance
Users adopting Private Cloud experience better performance with improved speed and
space capacity.
4. Customization
Private Cloud offers a complete configuration to the organization. A private cloud is built
under the guidance of an experienced on-site cloud architect, which means organizations
can specify the exact required environment to run applications.
5. Enhanced Data Protection
Since the infrastructure is devoted to a single organization, private clouds offer a better
level of data protection and privacy, lowering the danger of unauthorized access or data
breaches.
1.3.2.2 Drawbacks of Private Cloud
1. High Cost
Private Cloud is costlier than Public Cloud as the setup cost, and maintenance cost are
expensive.
2. The restricted area of Operations
In a Private Cloud, the operations are finite within an organization, so the functions are
finite.
3. Limited Scalability
Scaling in Private Cloud can be hosted within the internal resources capacity of an
organization.
4. Skilled People
Skilled People are significant for an organization to manage and operate cloud services.
Page | 10
5. Up-Front Cost
Fully Private Clouds are hosted on-site and require heavy capital. In a Private Cloud, the
hardware requirements can be costly, and an expert cloud architect is necessary for
setting up, maintaining, and managing the environment.
6. Capacity Utilization
Organization is responsible for maximizing the utilization capacity in Private Cloud.
1.3.3 Community Cloud
Community cloud is a cloud infrastructure that allows systems and services to be accessible by a
group of several organizations to share information. It is owned, managed, and operated by one
or more organizations in the community, a third party, or a combination of them. In a community
cloud, multiple organizations with similar interests and requirements share the same cloud
infrastructure. These organizations collaborate to define and manage the community cloud,
allowing them to pool resources and access shared
Figure 4: Community Cloud Model

Page | 11
1.3.3.1 Benefits of Hybrid Cloud
1. Cost effective
Community cloud is cost effective because the whole cloud is shared between several
organizations or a community.
2. Flexible and Scalable
The community cloud is flexible and scalable because it is compatible with every user. It
allows the users to modify the documents as per their needs and requirement.
3. Security
Community cloud is more secure than the public cloud but less secure than the private
cloud.
4. Sharing infrastructure
Community cloud allows us to share cloud resources, infrastructure, and other
capabilities among various organizations.
1.3.3.2 Drawbacks of Hybrid Cloud
1. Relatively high cost
Compared to the public cloud model, community cloud models have a high initial cost
and can be somewhat costly to maintain, depending on the number of partners involved.
2 Limited bandwidth and storage
With multiple organizations sharing the same resources, bandwidth, and storage capacity
can be a concern.
3 Sharing responsibilities among organizations is difficult.
4. Community cloud is not a good choice for every organization.
Page | 12
1.3.4 Hybrid Cloud
A hybrid cloud is a composition of two or more distinct cloud infrastructures (private,
community, or public) that remain unique entities, but are bound together by standardized or
proprietary technology that enables data and application portability. Utilizing the advantages of
each kind of cloud model enables organizations to meet their own demands and wants.
Figure 5: Hybrid Cloud Model

1.3.4.1 Benefits of Hybrid Cloud
1. Flexibility
Organisations may be more flexible and responsive to changing business needs using
hybrid cloud technology. While maintaining the security of sensitive data and
applications in a private cloud environment, they can quickly deploy new applications or
workloads in the public cloud.
2. Cost Reduction
Businesses can reduce their IT spending by utilizing the public cloud's cost advantages
for less-important tasks while storing their more crucial and sensitive data and apps in a
private cloud environment.
Page | 13
3. Scalability
With a hybrid cloud, resources may be scaled up or down as needed without the need for
extra on-premises infrastructure investments.
4. Security
By retaining sensitive data and apps in a private cloud environment and utilizing the
security features offered by public cloud providers, the hybrid cloud enables
organizations to maintain a high level of protection for these assets.
1.3.4.2 Drawbacks of Hybrid Cloud
1. Complexity
Managing hybrid cloud environments can be challenging, particularly when combining
several cloud environments, networking, and security.
2. Challenges with Integration
Integrating several cloud environments can be difficult, particularly when integrating data
and applications.
3. Vendor Lock-In
When employing hybrid cloud systems, organizations need to take care to prevent vendor
lock-in. To ensure mobility and prevent vendor lock-in, they should pick cloud providers
that offer open standards and APIs
4. Increased cost
A hybrid cloud can be expensive due to the cost of building an enterprise cloud, the need
for on-premises hardware, and the need for qualifies IT staff.
Page | 14
1.4 Cloud Computing Service Models
Cloud Computing is on-demand service delivery model which provides computing capabilities
as much as we want per requirement automatically and this service delivery system is utilized
through different devices, machines such as laptop, desktop, PDA, mobiles, tablets etc. NIST
classified Cloud into three service models that provide services at different layers of a business
model. The services provided by cloud computing can be mainly classified into three:
1.4.1 Software as a Service (SaaS)
SaaS is also known as "On-Demand Software." describes a cloud service where consumers are
able to access software applications running on a cloud infrastructure, over the internet. SaaS not
only incurs no initial setup cost or underlying infrastructure maintenance cost but also automates
all the updates. This service is platform independent and you don’t have to install software on
your device which means it’s not like licensed bought programs. Example, Google apps (Email,
Games, Google Docs, etc) which are accessible via different devices such as computers, laptops,
smart phones etc. another example of SaaS is Office 365 which is provided by Microsoft and this
application offer an online platform including Word, PowerPoint, Excel and these are available
through internet web and mobile applications.
Figure 6: SaaS Diagram

Source: https://vectormine.b-cdn.net/wp-content/uploads/saas_diagram_outline-1.jpg
Page | 15
Features of SaaS
 It is run out of one main site.
 Directly hosted on a distant server.
 It may be reached via the Internet.
 Updates to hardware and software are not the responsibility of SaaS users.
 Pay-per-use is the method of payment for the services.
1.4.1.1 Popular SaaS Providers
Figure 7: SaaS Providers

Source: https://www.javatpoint.com/software-as-a-service
The below table shows some popular SaaS providers and services that are provided by
them
Provider Services
Salseforce.com On-demand CRM solutions
Microsoft Office 365 Online office suite
Google Apps Gmail, Google Calendar, Docs, and sites
Page | 16
NetSuite ERP, accounting, order management, CRM, Professionals
Services Automation (PSA), and e-commerce applications.
GoToMeeting Online meeting and video-conferencing software (eg. Zoom,

Skype, Google Meet, etc.)
Constant Contact E-mail marketing, online survey, and event marketing
Oracle CRM CRM applications (a software system that helps business

owners easily track all communications and nurture
relationships with their leads and clients.)
Workday, Inc Human capital management, payroll, and financial

management.
Table 1: SaaS Providers and Services

Source: https://www.javatpoint.com/software-as-a-service
Advantages of SaaS Solutions
i. Accessibility of applications is from anywhere via different devices connected to the
internet.
ii. Rapid scalability of resources depending on service requests.
iii. Remove infrastructure concerns the users do not have to worry about the infrastructure of
SaaS that is handled by the provider.
iv. Data is secure and it provides a package of support and maintenance
1.4.2 Platform as a Service (PaaS)
PaaS is an abstracted and integrated cloud-based computing environment that allows
programmers to easily create, test, run, and deploy web applications supports the. It is a delivery
of a computing platform over the web. Control on the underlying cloud infrastructure including
network, servers, operating systems, or storage, lies within the hands of the Cloud Service
Provider (CSP) whereas consumers are allowed to have certain controls over the deployed
applications and possibly configuration settings for the application-hosting environment. PaaS
Page | 17
model offers greater extensibility and greater customer control on security than SaaS but less
than that of IaaS. Examples: Google App Engine, Force.com, Joyent, Azure.
Figure 8: PaaS Diagram

Source: https://vectormine.b-cdn.net/wp-content/uploads/saas_diagram_outline-1.jpg
Features of PaaS
 Builds on virtualization technology, making it simple to scale up (Auto-scale) or down
computer resources in accordance with the requirements of the enterprise.
 Support a variety of frameworks and programming languages.
 Connects to databases and online services.
1.4.2.1 Popular PaaS Providers
Figure 9: PaaS Providers

Source: https://www.javatpoint.com/platform-as-a-service
Page | 18
The below table shows some popular SaaS providers and services that are provided by
them
Providers Services
Google App Engine (GAE) App Identity, URL Fetch, Cloud storage client
library, Logservice
Salesforce.com Faster implementation, Rapid scalability, CRM

Services, Sales cloud, Mobile connectivity, Chatter.
Windows Azure Compute, security, IoT, Data Storage.
AppFog Justcloud.com, SkyDrive, GoogleDocs
Openshift RedHat, Microsoft Azure.
Cloud Foundry from Data, Messaging, and other services.

VMware
Table 2: SaaS Diagram

Source: https://vectormine.b-cdn.net/wp-content/uploads/paas_diagram_outline-1.jpg
Advantages of PaaS Solutions
ii. Organizations need not to care about the underlying infrastructure they can easily focus on
their development.
iii. Update or upgrade are not required for the infrastructure software. Where the provider of
PaaS handles all updates or upgrades and routine maintenance.
iv. Lower cost, PaaS reduces organizational costs where companies do not have to make an
investment in hardware and software. PaaS platform provides tools to develop, test and
host applications.
1.4.3 Infrastructure as a Service (PaaS)
Iaas is also known as Hardware as a Service (HaaS); it is a cloud computing service that provides
on-demand access to networking, storage, and computing resources. Typically, it operates on a

Page | 19
pay-as-you-go system. Instead of purchasing the hardware entirely, businesses may acquire
resources as they are needed. The fundamental building elements for web application are
contained in this Model. It offers total control over the hardware (storage, servers, virtual
machines, networks, & operating systems) that powers your application.
Figure 10: PaaS Diagram

Source: https://images.javatpoint.com/cloudpages/images/iaas.png
Features of IaaS
 The resources are offered as a service.
 Service scalability is quite high.
 vibrant and adaptable API-based access and GUI for cloud service models
 Automate administrative employment opportunities
1.4.3.1 Popular IaaS Providers
Page | 20
Figure 11: IaaS Providers
The below table shows some popular IaaS providers and services that are provided by
Source: https://www.javatpoint.com/infrastructure-as-a-service
them
Providers Services
Amazon Web Services Offers a broad set of global cloud-based products

including compute, storage, databases, analytics,
networking, mobile, developer tools, management tools,
IoT, security, and enterprise applications: on-demand,
available in seconds, with pay-as-you-go
Net Magic Solutions Offers managed colocation, hosting, multi-cloud

connectivity, infrastructure monitoring and management,
managed security and disaster recovery.
Racksplace Offers services such as servers, storage, databases,

networking, analytics and software over the internet
Reliance Offers scalability, world class datacenter facilities,

Communication provides media technology consulting, systems design and
solutions that enable the creation, storage and delivery of
content on the Amazon Web Services (AWS) Cloud.
Sifty Technologies Sify's public cloud powered by VMware offers seamless

migration, uninterrupted access, optimized operations and
impenetrable security.
Table 3: IaaS Diagram

Source: https://vectormine.b-cdn.net/wp-content/uploads/iaas_diagram_outline-1.jpg
Advantages of IaaS Solutions
Page | 21
i. The services are pay per use; users can pay what service they want.
ii. Cost saving while IaaS model has lower infrastructure costs.
iii. Scalable and flexible the resources can be scale up and scale down quickly based on user’s
requirements at any time.
iv. Access to a pool of resources or infrastructure and high availability.
v. Better on business growth.
CHAPTER TWO
2.0 CLOUD SECURITY
Cloud security, also known as cloud computing security, is a collection of security measures
(policies, controls, procedures, and technologies) designed to protect cloud-based infrastructure,
applications, and data. The goal is to establish control over data and resources, prevent
unauthorized access, protect data privacy, prevent malicious attacks by external hackers or
insider threats, and protect cloud workloads from accidental or malicious disruption. It is crucial
as more businesses transition their resources to cloud environments, making them vulnerable to
new types of threats. Cloud security ensures data integrity, confidentiality, and availability,
mitigating risks associated with data breaches and unauthorized access. Cloud computing
encompasses network security, firewalls, encryption, identity management, and compliance. It
also involves protecting both the physical hardware and the virtual machines operating in
datacenters. Given the complexity of cloud setups, security strategies are essential for defending
against potential data leaks, service interruptions, and compliance violations.
Another objective of cloud security is to extend an organization’s compliance policies to the
cloud.
Page | 22
2.1 Cloud Security Challenges
All the major benefits of cloud computing – improved IT efficiency, flexibility and scalability,
come with one major challenge: “security”.
Cloud security challenges are the difficulties and obstacles organizations face in protecting their
cloud-based systems, data, and applications from unauthorized access, data breaches, and other
security threats.
2.2 Cloud Security Challenges and their Proposed Solutions
Organizations are bound to face the following common cloud security challenges:
Cloud computing has

transformed the way
businesses operate, offering
unparalleled scalability,
flexibility, and cost-
effectiveness. However, with
this innovation comes a host
of security challenges that
organizations must navigate
to
Page | 23
safeguard their data and
operations. This introduction
sets the stage for
understanding the importance
of addressing these
security concerns in cloud
computing environments. It
highlights the growing
reliance on cloud services,
the unique
security threats posed by the
cloud model, and the critical
need for robust security
measures. By framing the
discussion
within this context, the
introduction prepares readers
to delve into the specific
Page | 24
security challenges and
proposed solutions
outlined in the subsequent
sections of the paper.
Cloud computing has
transformed the way
to
sets the stage for
of addressing these
Page | 25
the unique
discussion
proposed solutions
2.2.1 Data Breaches
Page | 26
Data breaches are a top cloud security concern -- and for good reason. Many data breaches have
been attributed to the cloud over the past years, one of the most notable being Capital One's
cloud misconfigurations in 2019 that led to exposed customer data.
A data breach can bring a company to its knees, causing irreversible damage to its reputation,
financial woes due to regulatory implications, legal liabilities, incident response cost and
decreased market value.
Solution:
 Conduct data risk assessments.
 Protect data with cloud encryption.
 Maintain an incident response plan.
 Follow the principle of least privilege.
 Establish policies for secure data removal and disposal.
2.2.2 Misconfigurations
Cloud assets are vulnerable to attack if set up incorrectly. For example, the Capital One breach
was traced back to a web application firewall misconfiguration that exposed Amazon Simple
Storage Service buckets. In addition to insecure storage, excessive permissions and the use of
default credentials are two other major sources of cloud vulnerabilities. Ineffective change
control can also cause cloud misconfigurations.
Solution:
 Conduct data risk assessments.
 Maintain an incident response plan.
 Monitor which data is accessible via the internet.
 Ensure external partners adhere to change management, release and testing procedures
used by internal developers.
Page | 27
 Use automated change control to support rapid changes.
 Hold regular security awareness trainings with employees, contractors and third-party
users.
2.2.3 Insecure APIs
CSP UIs and APIs that customers use to interact with cloud services are some of the most
exposed components of a cloud environment. The security of any cloud service starts with how
well UIs and APIs are safeguarded -- a responsibility of both customers and their CSPs. CSPs
must ensure security is integrated, and customers must be diligent in managing, monitoring and
securely using cloud services.
Solution:
 Practice good API hygiene.
 Avoid API key reuse.
 Use standard and open API frameworks.
 Vet all CSPs and cloud applications before use.
2.2.4 Limited visibility
Cloud visibility has long been a concern of enterprise admins. Limited visibility of cloud
infrastructure and applications across various IaaS, PaaS and SaaS offerings can lead to cloud
sprawl, shadow IT, misconfigurations and improper security coverage, which could result in
cyberattacks, data loss and data breaches.
Multi-cloud environments have exacerbated visibility challenges as security teams have
difficulty finding tools that effectively maintain visibility across two or more CSPs.
Solution:
 Mandate and enforce a cloud security policy.
 Hold regular security awareness trainings.
Page | 28
 Conduct regular cloud security assessments.
 Perform continuous, real-time monitoring.
2.2.5 Identity, credential, access and key management
The majority of cloud security threats and cyber security threats in general are linked to identity
and access management (IAM) issues. These threats include the following:
 Improper credential protection.
 Lack of automated cryptographic key, password and certificate rotation.
 Identity and access management (IAM) scalability challenges.
 Lack of Multi-factor authentication (MFA).
 Poor password hygiene.
Solution:
 Use MFA.
 Extend key management best practices to the cloud.
 Monitor user accounts regularly.
 Remove unused and unnecessary credentials and access privileges.
 Follow password best practices.
2.2.6 Account hijacking attacks
Cloud account hijacking is when an employee's cloud account is taken over by an attacker. The
attacker then uses the employee's cloud account to gain unauthorized access to an organization's
sensitive data and systems.
Cloud account compromise can result from phishing attacks, credential stuffing attacks, attackers
guessing weak passwords or using stolen credentials, improper coding, accidental exposure and
cloud misconfigurations. If successful, cloud account hijacking attacks can lead to service
disruptions and data breaches.
Page | 29
Solution:
 Use MFA.
 Disallow as much access as the CSP supports.
 Segregate cloud environments whenever possible.
 Perform regular user access reviews.
2.2.7 Insider threats
Insiders, including current and former employees, contractors and partners, can cause data loss,
system downtime, reduced customer confidence and data breaches.
Insider threats fall into three categories:
i. Compromised insiders -- for example, an employee who clicks a phishing link and has
their credentials stolen or downloads malware onto the company network.
ii. Negligent insiders -- for example, an employee who loses a device containing company
data or from which an attacker can steal their credentials.
iii. Malicious insiders -- for example, an employee who steals data to commit fraud.
Solution:
 Hold regular security awareness trainings.
 Address cloud misconfigurations.
 Segregate cloud environments whenever possible.
 Perform regular access reviews.
 Authorize and revalidate user access controls regularly.
Page | 30
2.2.8 Cyberattacks
Cloud environments and cloud accounts are subject to the same attacks that target on-premises
environments. These include DoS, DDoS, account hijacking, phishing, ransomware and other
malware attacks, as well as cloud vulnerabilities and insider threats.
Some cyberattacks are specific to the cloud, such as the nefarious use of clouds services.
Attackers use legitimate SaaS, PaaS and IaaS offerings, disguising themselves as CSPs to attack
cloud customers who assume the attacker is a legitimate source.
Cloud-specific malware that uses the cloud for command and control, as well as malware that
targets cloud assets and accounts is also an issue. For example, malicious cryptomining, known
as cryptojacking, is an attack in which threat actors steal a victim device's resources, including
energy and computing power, to verify transactions within a blockchain.
Cloud cyberattacks can lead to performance degradation, downtime, customers unknowingly
hosting malware, data loss and more.
Solution:
 Use MFA.
 Encrypt all data stored in the cloud.
 Monitor employee cloud use.
 Back up cloud workloads and data.
 Segment cloud networks.
 Use data loss prevention technologies.
 Implement allowlists and blocklists.
Page | 31
2.2.9 Shadow IT
Shadow IT is hardware or software used by employees that isn't allowed or supported by their
organization's IT team. Shadow IT use can result in network bandwidth issues, compliance risks
and security threats, such as data loss and data breaches.
Cloud shadow IT, specifically, is the use of unsupported cloud software, such as Google
Workspace, Slack or Netflix.
Solution:
 Hold regular security awareness trainings that highlight shadow IT and its effects.
 Use tools to detect cloud shadow IT apps.
 Create and implement a shadow IT policy.
 Use a cloud access security broker to detect, monitor and manage cloud shadow IT.
 Implement allowlists and blocklists.
2.2.10 Skills shortage and staffing issues
The IT industry has faced a skills gap and staffing shortages for years, especially in security
personnel. This well-known issue is prevalent when it comes to cloud expertise and even more so
when it comes to cloud security, which requires specific skills and tool sets.
The cyber security skills gap can be attributed to the following five main causes:
i. The demand for cyber security talent keeps increasing.
ii. The pool of cyber security talent lacks diversity.
iii. Employers have unrealistic expectations.
iv. Employees aren't keeping their skills up to date.
v. Burnout is increasing, and cyber security experts are leaving the profession.
Staffing shortages and lack of skilled cloud security professionals can lead to cloud
vulnerabilities, data exposures and data breaches.
Page | 32
Solution:
 Upskill existing workers.
 Sponsor cloud security certifications and trainings for employees.
 Support existing security teams to ease stress and mitigate burnout.
 Recruit and hire from a diverse pool of employees.
 Automate tasks where possible.
2.2.11 Compliance
Achieving compliance with internal, government and industry regulations and specifications was
challenging before cloud use was ubiquitous. It has only become more challenging since its
widespread adoption.
Maintaining cloud compliance with regulations such as HIPAA, PCI DSS and GDPR is a shared
responsibility between customers and CSPs. Customers must do their part to comply and also vet
their CSPs to ensure they're meeting requirements. Noncompliance can result in legal action,
fines, business disruptions, data loss and data breaches.
Solution:
 Use MFA.
 Define and implement strong access controls.
 Perform a compliance audit.
 Follow cloud frameworks.
 Mandate and enforce a cloud security policy.
 Regularly update and patch systems.
2.3 Types of Cloud Security Solution Packages

Page | 33
The following are common types of solutions packages you can use to secure your cloud.
2.3.1 Cloud Access Security Broker (CASB)
CASB is a security policy enforcement point deployed between cloud service consumers and
cloud service providers. It is responsible for enforcing corporate security policies when users
access cloud-based resources. CASB can handle several types of security policies, including:
 Authentication and authorization
 Single sign-on
 Credential mapping
 Device analysis
 Encryption
 Tokenization
 Logging and alerting
 Malware detection and prevention
2.3.2 Cloud Workload Protection Platform (CWPP)
CWPP is a workload-centric security product that protects workloads, applications or other
resources running on one or more virtual machines (VMs), containers, or serverless functions.
The unique aspect of CWPP is that it sees and protects a workload as a single unit, even if it runs
on multiple servers or cloud instances across multiple clouds or datacenters.
CWPP capabilities typically include:
 System hardening and system integrity monitoring
 Vulnerability management
 Host-based segmentation
 Application control
 Visibility of workload security across hybrid environments
Page | 34
 Central control of workload security from a single console
2.3.3 Cloud Security Posture Management (CSPM)
CSPM solutions continuously manage cloud security risks. They can detect, log, and report
security issues, and in some cases, automatically remediate them. These issues can include
misconfiguration of cloud services, improper security settings, resource governance issues, and
compliance violations.
A CSPM solution focuses on four main areas:
 Asset inventory and classification
 Identity, security and compliance
 Monitoring and analysis
 Cost management and resource organization
2.3.4 Cloud Infrastructure Entitlement Management (CIEM)
CIEM is an extension of cloud-based Identity and Access Management (IAM). IAM is the basis
for managing identity and access in all public cloud platforms, however, it quickly becomes too
complex to manage using first-party cloud provider tools.
CIEM solutions can address this complexity by providing centralized identity and access
governance controls. The goal is to reduce privileges to minimum on critical cloud infrastructure,
and simplify least privilege access control in dynamic distributed environments.
2.3.5 Cloud-Native Application Protection Platform (CNAPP)
CNAPP is a new category that converges CSPM and CWPP solutions into one platform. A
CNAPP solution secures workloads and hosts such as VMs, containers, and serverless functions,
allowing organizations to remediate vulnerabilities and misconfigurations, detect threats in
production environments, investigate, and actively respond to them.
Page | 35
curity strategies to mitigate
risks and ensure
the resilience of their cloud
infrastructures. Cloud
computing connects many
computing resources, storage
resources, and
software resources to form a
vast shared virtual resource
pool, from which users can
purchase corresponding
services,
such as hydropower. With the
rapid popularization of cloud
computing applications, cloud
computing has penetrated
various fields, such as
scientific research, production,
education, consumption,
Page | 36
entertainment, etc. Improve
the security
and compliance posture of
your organization and
leverage the controls inside of
cloud assurance to build
stronger value
in your business systems.
Cloud computing has
transformed the way
to
Page | 37
sets the stage for
of addressing these
the unique
discussion
Page | 38
proposed solutions
Cloud computing has
transformed the way
to
sets the stage for
of addressing these
Page | 39
the unique
discussion
proposed solutions
Cloud computing has
transformed the way
Page | 40
to
sets the stage for
of addressing these
the unique
Page | 41
discussion
proposed solutions
Cloud computing has
transformed the way
Page | 42
to
sets the stage for
of addressing these
the unique
discussion
Page | 43
proposed solutions
Cloud computing has
transformed the way
to
Page | 44
sets the stage for
of addressing these
the unique
discussion
proposed solutions
Page | 45
Cloud computing has
transformed the way
to
sets the stage for
of addressing these
Page | 46
the unique
discussion
proposed solutions
Cloud computing has
transformed the way
Page | 47
to
sets the stage for
of addressing these
the unique
Page | 48
discussion
proposed solutions
Cloud computing has
transformed the way
Page | 49
to
sets the stage for
of addressing these
the unique
discussion
Page | 50
proposed solutions
2.4 Security Case Studies and their Solutions (Real-World Examples)
Multiple real-world cases where cloud computing were compromised and the ways the company
mitigated the incident is presented here. For each case the attack type is described, the details of
the case are presented and the prevention methods are discussed.
2.4.1 XML Signature Wrapping Attack
Wrapping attacks aim at injecting a faked element into the message structure so that a valid
signature covers the unmodified element while the faked one is processed by the application
logic. As a result, an attacker can perform an arbitrary Web Service request while authenticating
as a legitimate user.
Detail of attack
In 2011, researchers lead by Dr. Jorg Schwenk from Ruhr-University Bochum found a
cryptographic hole in Amazon’s EC2 and S3 services. The flaw was located in the web services
security protocol and enabled attackers to trick servers into authorizing digitally signed SOAP
messages that have been altered. The attackers hijacked control interfaces used to manage cloud
computing resources, which would allow attackers to create, modify, and delete machine images,
and change administrative passwords and settings.
Solution
Page | 51
A proposed solution is to use the Simple Object Access Protocol (SOAP) message during
message passing from the web server to the web browser. A redundant bit (STAMP bit) will be
added onto the signature value when it is appended in the SOAP header. This bit will be
transmitted when the message is interfered with by a third party during the transfer. When the
message reaches its destination the STAMP bit is checked. If the STAMP BIT has been changed,
then a new signature value is generated by the browser and the new value is sent back to the
server as recorded to modify the authenticity checking.
2.4.2 Malware Injection
In a malware-injection attack an adversary attempts to inject malicious code into a system. This
attack can appear in the form of code, scripts, active content, and/or other software. When an
instance of a legitimate user is ready to run in the cloud server, the respective service accepts the
instance for computation in the cloud. The only checking done is to determine if the instance
matches a legitimate existing service. However, the integrity of the instance is not checked. By
penetrating the instance and duplicating it as if it is a valid service, the malware activity succeeds
in the cloud.
Detail of attack
i. Case one occurred in May 2009. The United States Treasury Department moved four
public websites offline for the Bureau of Engraving and Printing after discovering
malicious code was added to the parent side. The third- party cloud service provider
hosting the company’s website was victim to an intrusion attack. As a result numerous
websites (BEP and non-BEP) were affected. Roger Thompson, chief research officer for
Anti-Virus Guard (AVG) Technologies, discovered malicious code was injected into the
affected pages. Hackers added a tiny snippet of a virtually undetectable iFrame HTML
code that redirected visitors to a Ukrainian website. IFrame (Inline Frame) is an HTML
Page | 52
document embedded inside another HTML document on a website. From there, a variety
of web-based attacks were launched using an easy-to-purchase malicious toolkit called
the Eleonore Exploit Pack.
Solution
To prevent this type of attack server operators need to check for and exploit iFrame code. Firefox
users should install NoScript and set “Plugins Forbid iFrame” option. Window users should
make sure they have installed all security updates and have an active anti-malware guard
running.
ii. Case two occurred in June 2011. The cyber criminals from Brazil who first launched their
attacks as spam/phishing campaigns, where users were sent spoofed emails with links
that took them to one of the malicious domains, created some major problems in Amazon
Web Services. The attackers installed a variety of malicious files on the victims’
machines. One component acted as a rootkit (a type of malicious software that is
activated each time a user’s system boots up) and attempted to disable installed anti-
malware applications. Additional components that were downloaded during the attack
attempted to retrieve login information from a list of nine Brazilian banks and two other
international banks, steal digital certificates from eTokens stored on the machine, and
collect unique data about the PC itself that is used by some banks as part of an
authentication routine.
Solution
A proposed solution is to utilize the File Allocation Table (FAT) system architecture. The FAT
table identifies the code or application that a customer is going to run. It checks with the previous
instances that have already executed from the customer’s machine to determine the validity and
integrity of the new instance. A secure and unbreakable hypervisor would be needed on the
Page | 53
provider’s end. The hypervisor would be responsible for scheduling all instances, but not before
checking the integrity of the instance from the FAT table of the customer’s virtual machine.
2.4.3 Social Engineering Attack
A social engineering attack is an intrusion that relies heavily on human interaction and often
tricking other people to break normal security procedures. It can happen in cloud computing.
Detail of attack
In August 2012, hackers used a social engineering attack to completely destroy technical writer
Mat Honan’s digital life by remotely deleting the information from his iPad, MacBook, and iPod.
The heart of the story revealed the dangerous blind spot between the identity verification systems
used by Amazon and Apple. The hackers found the victim’s @me.com address online which
informed them that there was an associated AppleID account. The hacker called Amazon
customer service wanting to add a credit card number to the victim’s account. The representative
asked the hacker for the name, billing address, and an associated email address (all information
the hacker found on the internet) on the victim’s account. Once the hacker answered these
questions successfully the representative added the new credit card onto the account. Once
ending the call, the hacker called Amazon customer service back and explained to the
representative that he had lost access to his account. The Amazon representative asked the
hacker for his billing address and a credit card associated with the account; the hacker used the
new credit card information he provided from the previous phone call. Once the hacker gave the
representative the information they added a new email address to the victim’s account. Upon
logging onto Amazon’s website the hacker requested a password reset the from the email address
he just created. The hacker now had access to the victim’s Amazon account and credit card
information on file. The hacker then called Apple technical support and requested a password
Page | 54
reset on the victim’s @me.com email account. The hacker could not answer any of the victim’s
account security questions, but Apple offered him another option. The Apple representative only
needed a billing address and the last four digits of the victim’s credit card and issued the hacker a
temporary password. Once the hacker had access to the victim’s Apple iCloud account all the
information from the victim’s iPad, MacBook, and iPod account was remotely erased.
Solution
Apple temporarily disabled its customers’ ability to reset an AppleID password over the phone.
Instead, customers have to use Apple’s online “iForgot” system. In the process they will work on
a much stronger authentication method that proves customers are who they say they are. Amazon
customer service representatives will no longer change account settings like credit card or email
addresses by phone.
2.4.4 Account Hijacking
Account hijacking is usually carried out with stolen credentials. Using the stolen credentials,
attackers can access sensitive information and compromise the confidentiality, integrity, and
availability of the services offered. Examples of such attacks include: eavesdropping on
transactions/sensitive activities, manipulation of data, returning falsified information, and
redirection to illegitimate sites.
Detail of attack
i. In July 2012, the hacker group, UGNazi, exploited a major flaw in Google’s gmail
password recovery process and AT&T’s voicemail system which in turned allowed the
group to access the CEO of CloudFare’s personal gmail account. The hacker deceived
AT&T’S system into redirecting the victim’s cell phone to a fraudulent voicemail box.
The hacker visited gmail and initiated the account recovery feature for the victim’s
Page | 55
personal email address. A voicemail message was recorded on the compromised
voicemail box to sound like someone was answering the phone. A call was placed to the
victim from Google, but the victim did not recognize the number and let the call go to
voicemail. Google’s system was tricked by the fraudulent voicemail and a temporary PIN
was left (which allowed the password to be reset) in the voicemail. The hacker logged
into the victim’s gmail account and added his email address to the ‘account recovery
control’ feature. The victim’s linked Cloudfare account received an email informing him
that the recent password was changed. The victim initiated the account recovery process
and changed the password back. An email is sent to the hacker informing him that the
victim changed passwords, but immediately the hacker changed the password. Both users
continue going back and forth to get control over the account. Soon, the hacker is able to
remove the victim’s mobile phone and email addresses authorized for account recovery
preventing the victim from resetting the gmail password. The team at CloudFare is called
to investigate the situation. A flaw in Google’s account recovery system allowed two-
factor authentication setup on the victim’s Cloudfare account to be bypassed and the
hacker now had access to the account. The victim’s administrative privileges were used
by the hacker to change passwords on other administrative accounts. Cloudfare’s
operations team suspended the victim’s account, reset all CloudFare employee email
passwords, and cleared all web mail sessions, which terminated the hacker’s access to the
email system.
Solution
Google fixed the flaw in the Google Enterprise Application account recovery process by no
longer allowing a user to get around two-factor authentication. CloudFlare has stopped emailing
blind copies of password resets and other transactional messages to administrative accounts.
Page | 56
ii. Another case occurred in July 2012. Dropbox, the cloud storage service, confirmed that
hackers used usernames and passwords stolen from third-party sites to access Dropbox
users’ accounts. It was altered after users complained about Spam they were receiving to
email address used only for the Dropbox accounts. One stolen password was used to
access an employee account that contains a file that included user email addressed. The
company believed users who use the same password on multiple websites make it easier
for hackers to access their accounts on other websites.
Solution
In order to prevent a repeat attack, Dropbox has implemented two-factor authentication into the
company’s security controls. Two-factor authentication (also called strong authentication) is
defined as a user entering in two of the following three properties to prove his/her identity:
something the user knows (e.g, password, PIN), something the user has (e.g., ATM card) and/or
something the user is (e.g., biometric characteristic, such as a fingerprint). The company
launched new automated mechanisms to identify suspicious activities and a new page to show all
logins.
2.4.5 Traffic Flooding
Traffic flooding attacks bring a network or service down by flooding it with large amounts of
traffic. Traffic flooding attacks occur when a network or service becomes so weighed down with
packets initiating incomplete connection requests it cannot process genuine connection requests.
Eventually, the host’s memory buffer becomes full and no further connections can be made, and
the result is a Denial of Service.
Detail of attack
In May 2011, LastPass, a cloud-based password storage and management company, announced a
possible successful hack against its servers. There were no reports of any data leakage, but the
Page | 57
company insisted that customer’s take a few measures to ensure that their information is safe.
Security experts discovered unusual behavior in the database servers that had more traffic going
out compared to incoming data. The company presumed this was hacking activity related to
siphoning stored login credentials and other sensitive user data.
Solution
To prevent this problem from happening again Lastpass enhanced its encryption algorithms used
in protecting customers’ data and introduced additional measures to secure sensitive data on its
servers. Master passwords (passwords that protect lists of passwords to access other websites and
online services in the cloud) were immediately changed to protect customers from possible data
leakage.
2.4.6 Wireless Local Area Network Attack
In a wireless local area network attack a hacker breaks into an authorized user’s wireless local
area network to perform attacks such as man-in-the-middle, accidental association, identify theft,
denial of service, network injection attacks, etc.
Detail of attack
In January 2011, German security researcher Thomas Roth used cloud computing to crack
wireless networks that relied on pre-shared passphrases, such as those found in homes and small
businesses. The results of the attack revealed that wireless computing that relies on the pre-
shared key (WPA-PSK) system for protection is fundamentally insecure. Roth’s program was
run on Amazon’s Elastic Cloud Computing (EC2) system. Using the massive power of
Amazon’s cloud the program was able to run through 400,000 possible passwords per
Solution
Page | 58
It is suggested that up to 20 characters are enough to create a passphrase that cannot be cracked,
but the more characters included, the stronger the passphrase will be. A good variety of symbols,
letters, and numbers should be included in the passphrase and it should be changed regularly.
Dictionary words and letter substitution (i.e. “n1c3” instead of “nice”) should be avoided.
CHAPTER THREE
3.0 CONCLUSION
Every new technology has its pros and cons, similar is the case with cloud computing. Although
cloud computing provides easy data storage and access, there are several issues related to storing
and managing data on cloud which is not controlled by owner of the data. A generalized view of
the cloud computing architecture, types and service models have been presented here to enhance
the importance of understanding the security flaws of the Cloud computing framework and
devising suitable countermeasures for them.
This paper discussed security challenges for cloud along with some defence strategies; including
data breaches, mmisconfigurations, insecure APIs, limited visibility, identity, credential, access
and key management, account hijacking attacks, insider threats, cyber attacks, shadow IT, skills
shortage and staffing issues and Compliance issues. As discussed, defence strategies include a
combination of proactive measures, including robust authentication and access controls,
encryption, network security, compliance frameworks, incident response protocols, and
continuous monitoring, organizations can strengthen their security posture in the cloud
Finally, various cloud security solution packages have been discussed on a comparative
framework. On a whole, this paper aims at constructing a proper snapshot of the present scenario
and future prospects of Cloud security: challenges and solutions.

Page | 59
Here I conclude that, even though it has several benefits, I suggest that one adopt cloud
computing services only after analyzing all the major security issues in cloud computing.
3.1 Our Current Research
One of the severe types of attacks, that interrupt cloud computing normal functions, is a SYN
flood attack which is simply a type of Denial of Service. An attacker sends a succession of SYN
requests to a victim system in an attempt to consume system resources and make the system
unresponsive to legitimate traffic. There are a number of existing countermeasures against SYN
flood attacks such as Filtering, Firewalls and Proxies, etc. In cloud computing all servers work in
a service specific manner with internal communication among them. When a server is
overloaded or has reached the threshold, it transfers some of its jobs to similar service-specific
server to offload tasks. If an adversary successfully attacks one server with SYN flood and
causes the denial-of-service, the victim server will transfer upcoming tasks to other servers in
order to offload jobs. Thus, the same thing will occur on other servers and the attacker is
successful in engaging the whole cloud system by just interrupting the usual processing of one
server, in essence flooding the cloud. Based on the characteristics of cloud computing there has
been a development to effectively detect and prevent SYN flood attacks. The first part of this
approach is to design an algorithm to discover the malicious packets. The detecting algorithm
will check some parameters of incoming IP packets to decide to filter an incoming packet out or
not. The second part is to develop an algorithm to stop SYN flood to spread over cloud
computing. Once a server is overloaded the preventing algorithm will check current situation,
compare with normal cases, then decide it is SYN flood or normal overloaded work. If it is SYN
Page | 60
flood it will keep the victim server from transferring upcoming jobs to other servers. These
algorithms will run on the hypervisor of the provider side.
3.2 Future Work
Cloud computing security involves different areas and issues. Many security mechanisms have
been developed to prevent various attacks and protect cloud computing systems. Researchers
continue to develop new technologies to improve the security of cloud computing.
In this paper several real-world cases where companies’ clouds were infiltrated by attacks are
presented. Social engineering attack, XML signature wrapping attack, malware injection, data
manipulation, account hijacking, SYN flood, and wireless local area network attack are
discussed. The solutions that the companies developed to prevent similar attacks in the future are
discussed. In order to protect cloud computing technologies, solutions for detection, prevention
and responding various attacks must be developed. Our current research focuses on detecting and
preventing SYN flood in cloud computing by implementing one detecting algorithm and one
preventing algorithm.
Page | 61
References
A. Chonka and J. Abawajy, “Detecting and mitigating HX-DOS attacks against cloud Web
services”, 15 th Int. Conference on Network-Based Information Systems, 2012.
A. Hickey, “Researchers uncover 'massive security flaws' in Amazon cloud”, Available:

http://www.crn.com/news/cloud/231901911/researchers-uncover-massive-security-flaws-
in- amazon-cloud.htm
Ahmed, A., Kumar, S., Shah, A. A., & Bhutto, A. (2023). CLOUD COMPUTING SECURITY
ISSUES AND CHALLENGES. Tropical Scientific Journal, 2(1), 1-8.
Albugmi, A., Alassafi, M. O., Walters, R., & Wills, G. (2016). Data security in cloud computing.
5th International Conference on Future Generation Communication Technologies, FGCT
2016, October 2017, 55–59. https://doi.org/10.1109/FGCT.2016.7605062
A. Verma and S. Kaushal, “Cloud computing security issues and challenges: A survey,” in
Advances in Computing and Communications - First International Conference, ACC
2011, Kochi, India, July 22-24, 2011, Proceedings, Part IV, ser. Communications in
Computer and Information Science, A. Abraham, J. L. Mauri, J.
Bhadauria R., Sanyal S.: ‘Survey on security issues in cloud computing and associated mitigation
techniques’. arXiv, 2012.
B. S. Shirole and L. K. Vishwamitra, "Review Paper on Data Security in Cloud Computing

Environment”, 2020 9th International Conference System Modeling and Advancement in
Research Trends (SMART), 2020, pp. 79-84, doi: 10.1109/SMART50582.2020.9337115.
Cloud Computing," 2012 International Conference on Computer Science and Electronics

Engineering, Hangzhou, 2012, pp. 647-651.
Page | 62
Cloud Computing. Journal of Computer Science and Technology. 5. 6094-6097.
C. Pedigo “The Biggest Cloud Breaches of 2019 and How to Avoid them for 2020” Available:
https://www.lacework.com/top-cloud-breaches-2019/
Cloud Security Alliance, “Top threats to cloud computing”, Cloud Security Alliance, March
2010.
D. Fisher, “Attackers using Amazon cloud to host malware”, Available:
http://threatpost.com/en_us/blogs/attackers-using-amazon-cloud-host-malware-060611
D. Kerr, “Dropbox confirms it was hackers, offers users help”, Available:

http://news.cnet.com/8301-1009_3-57483998-83/dropbox-confirms-it-was-hacked-ffers-
users-help/
F. Buford, J. Suzuki, and S. M. Thampi, Eds., vol. 193. Springer, 2011, pp. 445–454. Goyal S.
(2014). Public vs Private vs Hybrid vs Community - Cloud Computing: A Critical
Review. International Journal of Computer Network and Information Security. 6. 20-29.
10.5815/ijcnis.2014.03.03.
F. Sabahi, "Cloud computing security threats and responses," 2011 IEEE 3rd International
Conference on Communication Software and Networks, 2011, pp. 245-249, doi:
10.1109/ICCSN.2011.6014715.
F. Shahzad, "State-of-the-art Survey on Cloud Computing Security Challenges, Approaches and

Solutions", Procedia - Procedia Comput. Sci., vol. 37, pp. 357-362, 2014.
H. Tabrizchi and M. K. Rafsanjani, “A survey on security challenges in cloud computing: issues,

threats, and solutions,” J. Supercomput., vol. 76, no. 12, pp. 9493–9532, 2020. Available:
https: //doi.org/10.1007/s11227-020-03213-1
H. Poston “Lessons learned: The Capital One breach” Available:

https://resources.infosecinstitute.com/lessons-learned-the-capital-one-breach/#gref.
Oct,2019.
I. Kotenko, M. Stepashkin, and E. Doynikova, “Security analysis of information systems taking

into account social engineering attacks”, IEEE 19th International Eurimicro Conference
on Parallel, Distributed, and Network-Based Processing, 2011.
Page | 63
J. P. Barrowclough and R. Asif, “Securing cloud hypervisors: A survey of the threats,
vulnerabilities, and countermeasures,” Secur. Commun. Networks, vol.2018, pp. 1 681
908:1–1 681 908:20, 2018. Available: https://doi.org/10.1155/2018/1681908
J. Pepitone, “Hack attack exposes major gap in Amazon and Apple security”, Available:
http://money.cnn.com/2012/08/07/technology/mat-honan-hacked/index.htm
Kalluri, Ramakrishna & Rao, Chakunta. (2014). Addressing the Security, Privacy and Trust
Challenges of
Kazi Z & S.V V. (2017). Security Attacks and Solutions in Clouds
Kiril, “LassPass possibly hacked, cloud security concerns on the rise”, Available:
http://www.cloudtweaks.com/2011/05/lastpass-possibly-hacked-cloud-security-concerns-
on-the-rise/
K. Muhammad, and Y. Z. Shao, “A survey on top security threats in cloud computing”,

International Journal of Advanced Computer Science and Applications (IJACSA), Vol. 6,
no. 3, pp.109-113, 2015. DOI: 10.14569/IJACSA.2015.060316
L. Tung, “CloudFare boss’s Gmail hacked in redirect attack on 4Chan”, Available:

http://www.cso.com.au/article/426515/cloudflare_boss_gmail_hacked_redirect_attack_4c
ha/
M. Ali, S. U. Khan, and A. V. Vasilakos, “Security in cloud computing: Opportunities and

challenges,” Inf. Sci., vol. 305, pp. 357–383, 2015. Available:
https://doi.org/10.1016/j.ins.2015.01.025
Mell P.M. and Grance.T. 2011. “The NIST Definition of Cloud Computing.” In Computer
Security Publications from the National Institute of Standards and Technology (NIST) SP
800145.Gaithersburg: National Institute of Standards & Technology.
M. Jensen, C. Meyer, J. Somorovsky, and J. Schwenk, “On the effectiveness of XML schema
validation for countering XML signature wrapping attacks”, International Workshop on
Securing Services on the Cloud – IWSSC, 2011.
M. Kronfield, “Treasury Dept. has cloud hacked“, Available:

http://www.gsnmagazine.com/article/20691/treasury_dept_has_cloud_hacked
Page | 64
N.Hazut “Capital One Breach: How It Could Have Been Prevented” Available:
https://www.securitymagazine.com/articles/90832-capital-one-breach-how-it-could-have-
been-prevented Aug,2019
PC World Staff, “Cloud computing used to hack wireless passwords”, Available:

www.pcworld.com/article/216434/cloud_computing_used_to_hack_wireless_passwords.
html
R. Kumar and R. Goyal, “On cloud security requirements, threats, vulnerabilities and
countermeasures: A survey,” Comput. Sci. Rev., vol. 33, pp. 1–48, 2019. Available:
https://doi.org/10.1016/j.cosrev.2019.05.002
S. Gajek, M. Jensen, L. Lioa and J. Schneck, “Analysis of signature wrapping attacks and
countermeasures”, IEEE International Conference on Web Services, 2009.
Singh, Sashikumari Ramayan, "SECURITY CHALLENGES IN CLOUD COMPUTING"

(2023). Masters Theses. Available: https://digitalcommons.tamusa.edu/masters_theses/15
Tim Mather, Subra Kumaraswamy, and S. L. (2009). Cloud Privacy and Security. Governance
An International Journal Of Policy And Administration, 336.
Turab N.M., Abu A., Shadi T.: ‘Cloud computing challenges and solutions’, Int. J. Comput.
Netw. Commun., 2013, 5, (5), pp. 209–216
Websites
https://vectormine.b-cdn.net/wp-content/uploads/saas_diagram_outline-1.jpg
https://www.javatpoint.com/software-as-a-service
https://vectormine.b-cdn.net/wp-content/uploads/saas_diagram_outline-1.jpg
https://www.javatpoint.com/platform-as-a-service
https://vectormine.b-cdn.net/wp-content/uploads/paas_diagram_outline-1.jpg
https://www.javatpoint.com/infrastructure-as-a-service
https://vectormine.b-cdn.net/wp-content/uploads/iaas_diagram_outline-1.jpg
https://images.javatpoint.com/cloudpages/images/iaas.png
Page | 65

SEMINAR ON CLOUD SECURITY ...CHALLENGES AND SOLUTION ..Final! 2

Uploaded by

Copyright:

Available Formats

SEMINAR ON CLOUD SECURITY ...CHALLENGES AND SOLUTION ..Final! 2

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SEMINAR ON CLOUD SECURITY ...CHALLENGES AND SOLUTION ..Final! 2

Uploaded by

Copyright:

Available Formats

CHAPTER ONE

1.0 INTRODUCTION TO CLOUD COMPUTING

is on-demand delivery of IT resources. Cloud computing is a computing platform for sharing

as a service (IaaS). As per National Institute of Standards and Technology (NIST’s)

some measures for top identified threats to cloud computing.

1.2 Cloud Computing Architecture

approach to strategically integrate resources to create a cloud environment for a particular

business purpose. The cloud architecture is separated into two sections:

front-end cloud services include Google, Firefox, and Microsoft Edge.

1.2.1 Elements of Cloud Computing Architecture

The elements for the cloud computing are as follows:

data integration, application deployment, use monitoring, and disaster recovery.

program and complete required activities thanks to cloud computing design.

used cloud storage systems.

 IAAS (Infrastructure as a Services)

 PAAS (Platform as a Services)

 SAAS (Software as a Services)

fundamental and common measures used by cloud service providers:

 Data with limited client access

 Ongoing security examinations

 Multiple forms of permission.

deployment models based upon location. They are:

1.3.1 Public Cloud

and they are shared among many users.

Figure 2: Public Cloud Model

1.3.1.1 Benefits of Public Cloud

1. Less server management

aspects of cyber security to a more significant provider with more resources.

If we discuss one more essential advantage of the public cloud, it is location-independent

3. Access to new technologies

lack the resources to obtain such permits on their own.

4. Virtually unlimited scalability

redundancy and availability in Cloud Computing.

reside multiple data types to deliver business insights.

connectivity. Also, it helps in deploying new services, releasing product updates,

configuring and management of servers.

9. Quick and Easy Setup

provider in some hours.

10. Business Agility

Public Cloud is capable of resizing computing resources depending upon the

11. Scalability and Reliability

Public Cloud is reliable as it allows for 24*7 services at affordable pricing.

1.3.1.2 Drawbacks of Public Cloud

1. Security and compliance concerns

It is a very difficult task to deploy equivalent security policies for an organization’s

internal resources and for a public cloud.

take care of the operations.

organizations to track IT spending.

4. Scarce cloud expertise

managing modern cloud applications. Without an expert team, organizations face

difficulties in handling the complexities.

and adherence to industry- and country-specific regulations.

Public Cloud is not much as customizable as the Private Cloud.

Figure 3: Private Cloud Model

1.3.2.1 Benefits of Private Cloud

Cloud. This is because only authorized users have access.

2. Security and Privacy

improved and additional security levels compared to Public Cloud.

can specify the exact required environment to run applications.

5. Enhanced Data Protection