UNIT-4
Cloud Security:
➢ Cloud Security Architecture (CSA),
➢Authentication,
➢Authorization,
➢ Identity,
➢Access Management,
➢ Data Security,
➢Key Management.
� Cloud Security Challenges
➢ Authentication
➢Authorization
➢Security of data at rest
➢Security of data in motion
➢Data Integrity
➢Auditing
�➢ Authentication
➢ Authentication refers to digitally confirming the identity of
the entity requesting access to some protected information.
➢ In a traditional in-house IT environment authentication
polices are under the control of the organization. However, in
cloudcomputing environments, where applications and data
are accessed over the internet, the complexity of digital
authentication mechanisms increases rapidly.
➢ Authorization
➢ Authorization refers to digitally specifying the access rights to
the protected resources using access policies.
➢ In a traditional in-house IT environment, the access policies
are controlled by the organization and can be altered at their
convenience.
➢ Authorization in a cloud computing environment requires the
use of the cloud service providers services for specifying the
access policies.
�➢ Security of data at rest
➢ Due to the multi-tenant environments used in the cloud, the
application and database servers of different applications belonging
to different organizations can be provisioned side-by-side increasing
the complexity of securing the data.
➢ Appropriate separation mechanisms are required to ensure the
isolation between applications and data from different organizations
➢ Security of data in motion
➢ In traditional in-house IT environments all the data exchanged
between the applications and users remains within the
organization’s control and geographical boundaries.
➢ With the adoption of the cloud model, the applications and the
data are moved out of the in-house IT infrastructure to the cloud
provider.
➢ Therefore, appropriate security mechanisms are required to ensure
the security of data in, and while in, motion.
�➢ Data Integrity
➢ Data integrity ensures that the data is not altered in an
unauthorized manner after it is created, transmitted or
stored. Due to the outsourcing of data storage in cloud
computing environments, ensuring integrity of data is
important.
➢ Auditing
➢ Auditing is very important for applications deployed in cloud
computing environments.
➢ In traditional in-house IT environments, organizations have
complete visibility of their applications and accesses to the
protected information.
➢ For cloud applications appropriate auditing mechanisms are
required to get visibility into the application, data accesses
and actions performed by the application users, including
mobile users and devices such as wireless laptops and smart
phones.
� CSA Cloud Security Architecture
➢Cloud Security Alliance (CSA) provides a
Trusted Cloud Initiative (TCI) Reference
Architecture.
➢ TCI is a methodology and a set of tools that
enable cloud application developers and
security architects to assess where their
internal IT and their cloud providers are in
terms of security capabilities, and to plan a
roadmap to meet the security needs of their
business.
�➢ Security and Risk Management (SRM) domain provided by the
TCI Reference.
➢ Security Risk Management is the ongoing process of identifying
these security risks and implementing plans to address them.
Risk is determined by considering the likelihood that known
threats will exploit vulnerabilities and the impact they have on
valuable assets.
➢ Security and Risk Management (SRM) is the passwords,
firewalls, and encryption that protect computer systems and
data.
➢ SRM includes:
➢ Governance, Risk Management, and Compliance
➢ Information Security Management
➢ Privilege Management Infrastructure
➢ Threat and Vulnerability Management
➢ Infrastructure Protection Services
➢ Data Protection
➢ Policies and Standards
��[Link], Risk Management, and
Compliance
➢Compliance is a adherence to a Standard or Set of
Guidelines or proper consistent practices
➢Governance means to promote corporate Fairness,
Transparency & Accountability IT Governance is an
integral part of enterprise/corporate governance &
it ensures that organization's IT is in alignment
with Strategies & Objectives
➢It includes key components
➢Compliance management
➢Policy management
➢Vendor management
�➢Audit management
➢It risk management
➢Technical awareness and training
2. Information Security Management
➢Information security management is the process
of protecting an organization's data and assets
against potential threats. One of the primary
goals of these processes is to protect
➢Data confidentiality,
➢Data integrity, and
➢availability.
�➢Data Confidentiality: Protecting data confidentiality
requires restricting access to data to only authorized
users.
➢Data Integrity: Ensuring data integrity requires the
ability to ensure that data is accurate and complete.
➢Availability: Data and the services that rely upon it
must be available to authorized users, whether inside
or outside of the company
➢It includes:
➢Capability mapping
➢Risk portfolio management
➢Residual risk management
➢Risk dashboard
�[Link] Management Infrastructure
➢Privilege management infrastructures (PMIs)
are to authorization what public key
infrastructures (PKIs) are to authentication.
PMIs use attribute certificates (ACs) to hold user
privileges, in the form of attributes, instead of
public key certificates (PKCs) to hold public keys.
➢It includes
➢Identity management
➢Authorization services
➢Authentication services
➢Privilege usage management
�[Link] and Vulnerability Management
➢Threat and vulnerability management is a proactive
way to protect your organization's devices and data.
It helps you identify vulnerabilities and check if
your security settings are weak. By using this
approach, you can fix any weaknesses before they
become a security breach.
➢It includes:
➢Compliance testing
➢Penetration testing
➢Vulnerability management
➢Threat management
�[Link] Protection Services
➢ Use of these methodologies is critical for
successful, ongoing operations in the cloud
Infrastructure protection is a key part of an
information security program. It ensures that
systems and services within your workload
are protected against unauthorized access,
and potential vulnerabilities.
➢Server
➢Network
➢End point
➢Application
�[Link] Protection
➢ Cloud data security protects company's data in
a cloud environment , that is stored (at rest) or moving
in and out of the cloud (in motion) from security
threats, unauthorized access, theft, and corruption
➢ Data life cycle management
➢ Data loss prevention
➢ Cryptographic services
[Link] and Standards
Cloud security standards provide a roadmap for
businesses transitioning from a traditional approach to
a cloud-based approach by providing the right tools,
configurations, and policies required for security in
cloud usage. It helps to devise an effective security
strategy for the organization.
�It includes:
➢Operational security baselines
➢Information security policies
➢Job and guide lines
➢Best practices and regulatory correlation
➢Role based awareness
➢Technical security standards
� Authentication
• Authentication refers to confirming the digital
identity of the entity requesting access to some
protected information.
• The process of authentication involves, but is not
limited to, validating the at least one factor of
identification of the entity to be authenticated.
• A factor can be something the entity or the user
knows (password or pin), something the user has
(such as a smart card), or something that can
uniquely identify the user (such as fingerprints).
• In multifactor authentication more than one of
these factors are used for authentication.
�➢ There are various mechanisms for authentication
including:
➢ SSO (Single Sign-on)
➢ SAML-Token(Security Assertion Markup Language)
➢ OTP(One Time Password)
➢ SSO (Single Sign-on)
➢ Single Sign-on (SSO) enables users to access
multiple systems or applications after signing in
only once, for the first time.
➢ When a user signs in, the user identity is
recognized and there is no need to sign in again and
again to acces srelated systems or applications
�➢Since different systems or applications may be
internally using different authentication
mechanisms, SSO upon receiving initial
credential translates to different credentials for
different systems or applications.
➢ The benefit of using SSO is that it reduces
human error and saves time spent in
authenticating with different systems or
applications for the same identity.
➢ There are different implementation
mechanisms:
• SAML-Token
• Kerberos
�➢ SAML-Token(Security Assertion Markup Language)
➢ Security Assertion Markup Language (SAML) is an XML-based
open standard data format for exchanging security information
(authentication and authorization data) between an identity
provider and a service provider.
➢ SAML-token based SSO authentication
➢ When a user tries to access the cloud application, a SAML
request is generated and the user is redirected to the identity
provider.
➢ The identity provider parses the SAML request and
authenticates the user. A SAML token is returned to the user,
who then accesses the cloud application with the token.
➢ SAML prevents man-in-the-middle and replay attacks by
requiring the use of SSL encryption when transmitting
assertions and messages.
➢ SAML also provides a digital signature mechanism that enables
the assertion to have a validity time range to prevent replay
attacks.
�SAML-token based SSO authentication
�Kerberos
➢Kerberos is an open authentication protocol that
was developed At MIT.
➢ Kerberos uses tickets for authenticating client to
a service that communicate over an un-secure
network.
➢ Kerberos provides mutual authentication, i.e.
both the client and the server authenticate with
each other
��One Time Password (OTP)
One time password is another authentication
mechanism that uses passwords which are valid for
single use only for a single transaction or session.
• Authentication mechanism based on OTP tokens are
more secure because they are not vulnerable to
replay attacks.
• Text messaging (SMS) is the most common delivery
mode for OTP tokens.
• The most common approach for generating OTP
tokens is time synchronization.
• Time-based OTP algorithm (TOTP) is a popular time
synchronization based algorithm for generating OTPs.
� Authorization
➢ Authorization refers to specifying the access rights to the
protected resources using access policies.
➢ Authorization is an open standard for authorization that allows
resource owners to share their private resources stored on one
site with another site without handing out the credentials.
➢ In the Authorization model, an application (which is not the
resource owner) requests access to resources controlled by the
resource owner (but hosted by the server).
➢ The resource owner grants permission to access the resources
in the form of a token and matching shared-secret.
➢ Tokens make it unnecessary for the resource owner to share its
credentials with the application.
➢ Tokens can be issued with a restricted scope and limited
lifetime, and revoked independently.
�� Identity & Access Management
➢Identity management provides consistent
methods for digitally identifying persons and
maintaining associated identity attributes for
the users across multiple organizations.
➢ Access management deals with user
privileges.
➢ Identity and access management deal with
user identities, their authentication,
authorization and access policies.
�➢ Identity and Access Management (IAM) is a combination
of policies and technologies that allows organizations to
identify users and provide the right form of access as and
when required. There has been a burst in the market with
new applications, and the requirement for an organization
to use these applications has increased drastically.
➢ The services and resources you want to access can be
specified in IAM. IAM doesn’t provide any replica or
backup. IAM can be used for many purposes such as, if
one want’s to control access of individual and group
access for your AWS resources.
➢ With IAM policies, managing permissions to your
workforce and systems to ensure least-privilege
permissions becomes easier. The AWS IAM is a global
service.
��Components of IAM:
➢Users
➢Roles
➢Groups
➢Policies
A system that identifies individuals within a system
2) Ways to identify role as well as assign roles of
individuals within the system
3) Managing roles for need based updation, creation,
deletion within the system
4) Assigning levels of access to multiple users at once
5) Scrutinizing internal as well as external system
security
� IMPORTANCE OF IAM
LIST OF FEATURES:
[Link]
[Link] ANALYTICS
[Link] INTELLIGENCE
�Services By IAM
➢Identity management
➢Access management
➢Federation
➢RBAC/EM
➢Multi-Factor authentication
➢Access governance
➢Customer IAM
➢API Security
➢IDaaS – Identity as a service
➢Granular permissions
➢Privileged Identity management – PIM (PAM or PIM
is the same)
�➢ Identity management is purely responsible for
managing the identity lifecycle.
➢ Access management is responsible for the
access to the resources,
➢access governance is responsible for access
request grant and audits.
➢PIM or PAM is responsible for managing all the
privileged access to the resources.
➢ The remaining services either help these
services or help in increasing the productivity
of these services.
� Data Security
[Link] Data at Rest
[Link] Data in Motion
Securing Data at Rest
➢ Data at rest is the data that is stored in database in the form
of tables/records, files on a fileserver or raw data on a
distributed storage or storage area network (SAN).
➢ Data at rest is secured by encryption.
➢ Encryption is the process of converting data from its original
form (i.e., plaintext) to a scrambled form (cipher text) that is
unintelligible. Decryption converts data from ciphertext to
plaintext.
➢ Encryption can be of two types:
➢ Symmetric Encryption (symmetric-key algorithms)
➢ Asymmetric Encryption (public-key algorithms
�Symmetric Encryption
➢ Symmetric encryption uses the same secret key for both
encryption and decryption.
➢ The secret key is shared between the sender and the
receiver.
➢ Symmetric encryption is best suited for securing data at
rest since the data is accessed by known entities from
known locations.
➢ Popular symmetric encryption algorithms include:
➢ Advanced Encryption Standard (AES)
➢ Twofish
➢ Blowfish
➢ Triple Data Encryption Standard (3DES)
➢ Serpent
➢ RC6
➢ MARS
�Asymmetric Encryption
➢ Asymmetric encryption uses two keys, one for
encryption (public key) and other for decryption (private
key).
➢ The two keys are linked to each other such that one key
encrypts plaintext to ciphertext and other decrypts
ciphertext back to plaintext.
➢ Public key can be shared or published while the private
key is known only to the user.
➢ Asymmetric encryption is best suited for securing data
that is exchanged between two parties where symmetric
encryption can be unsafe because the secret key has to
be exchanged between the parties and anyone who
manages to obtain the secret key can decrypt the data.
➢ In asymmetric encryption a separate key is used for
decryption which is kept private.
��Encryption Levels:
Encryption can be performed at various levels:
➢ Application
➢ Host
➢ Network
➢ Device
➢ Application
➢ Application level encryption involves encrypting application data right at the
point where it originates i.e. within the application.
➢ Application level encryption provides security at the level of both the
operating system and from other applications.
➢ An application encrypts all data generated in the application before it flows to
the lower levels and presents decrypted data to the user.
➢ Host
➢ In host-level encryption, encryption is performed at the file-level for all
applications running on the host.
➢ Host level encryption can be done in software in which case additional
computational resource is required for encryption or it can be performed with
specialized hardware such as a cryptographic accelerator card.
�➢ Network
➢ Network-level encryption is best suited for cases where
the threats to data are at the network or storage level
and not at the application or host level.
➢ Network-level encryption is performed when moving the
data form a creation point to its destination using a
specialized hardware that encrypts all incoming data in
real-time.
➢ Device
➢ Device-level encryption is performed on a disk controller
or a storage server.
➢ Device level encryption is easy to implement and is best
suited for cases where the primary concern about data
security is to protect data residing on storage media.
��[Link] Data in Motion
➢ Securing data in motion, i.e., when the data flows between a
client and a server over a potentially insecure network, is
important to ensure data confidentiality and integrity.
➢ Data confidentiality means limiting the access to data so that
only authorized recipients can access it.
➢ Data integrity means that the data remains unchanged when
moving from sender to receiver.
➢ Data integrity ensures that the data is not altered in an
unauthorized manner after it is created, transmitted or stored.
➢ Transport Layer Security (TLS) and Secure Socket Layer (SSL) are
the mechanisms used for securing data in motion.
➢ TLS and SSL are used to encrypt web traffic using Hypertext
Transfer Protocol (HTTP).
➢ TLS and SSL use asymmetric cryptography for authentication of
key exchange, symmetric encryption for confidentiality and
message authentication codes for message integrity.
�� Key Management
➢Key management forms the basis of all data security.
➢Data is encrypted and decrypted via the use of
encryption keys, which means the loss or compromise
of any encryption key would invalidate the data
security measures put into place.
➢ Keys also ensure the safe transmission of data across
an Internet connection
➢Keys provide compliance with certain standards and
regulations to ensure companies are using best
practices when protecting cryptographic keys. Well
protected keys are only accessible by users who need
�• Types of Keys
• There are two types of cryptographic
keys, symmetric and asymmetric keys.
• Symmetric keys deal with data-at-rest, which is data stored in
a static location, such as a database. Symmetric key encryption
uses the same key for both encryption and decryption. Using
data in a database as an example, while the data is stored in
the database, it is encrypted with the symmetric key.
• Once an authorized user attempts to access the data, the
information is decrypted with the same symmetric key and
made accessible to the user.
• The other type of cryptographic key is an asymmetric key.
• Asymmetric keys focus on encrypting data-in-motion. Data-in-
motion is data sent across a network connection, whether it
be a public or private connection. When transporting sensitive
data, most encryption processes use both symmetric and
asymmetric keys to encrypt data.
�How Key Management Works:
• Key management follows a lifecycle of operations which
are needed to ensure the key is created, stored, used,
and rotated securely. Most cryptographic keys follow a
lifecycle which involves key
• Generation
• Distribution
• Use
• Storage
• Rotation
• Backup/Recovery
• Revocation
• Destruction
�Generation
➢ The generation of a key is the first step in ensuring that key is
secure.
➢ If the key in question is generated with a weak encryption
algorithm, then any attacker could easily discover the value of the
encryption key. Also, if the key is generated in an insecure location,
the key could be compromised as soon as it is created, resulting in a
key that cannot be safely used for encryption.
➢ Key generators, AES encryption algorithms, or random number
generators tend to be used for secure key generation.
Distribution
➢ The next step of the key lifecycle is ensuring the safe distribution of
the keys. Keys should be distributed to the required user via a
secure TLS or SSL connection, to maintain the security of the keys
being distributed.
➢ If an insecure connection is used to distribute the cryptographic
keys, then the security of any data encrypted by these keys is in
question, as an attacker could execute a man-in-the-middle attack
and steal the keys.
�➢ After distribution of the key, it is used for cryptographic operations. As
previously noted, the key should only be used by authorized users, to
make certain the key is not misused, copied, etc.
➢ The most secure method is via a Hardware Security Module (HSM) or
CloudHSM.
➢ If an HSM is not used, then the keys can either be securely stored on the
client’s side, or, if the keys are used on the Cloud, then the Cloud Service
Provider’s Key Management Service can be used.
➢ Once a key’s cryptoperiod, or time period the key is usable, passes, the
key must be rotated.
➢ When the key of an encrypted set of data expires, the key is retired and
replaced with a new key.
➢ First the data is decrypted by the old key or key pair and then encrypted
by the new key or key pair.
➢ Rotation is necessary because the longer a key is in rotation, the more
chance there is for someone to steal or find out the key.
➢ Rotation of keys can happen before the cryptoperiod expires in cases
where the key is suspected to be compromised.
�➢Two other ways of dealing with a compromised key are
revoking or destroying the key in question.
➢ Revoking a key means the key can no longer be used to
encrypt or decrypt data, even if its cryptoperiod is still
valid.
➢ Destroying a key, whether that is due to compromise or
due to it no longer being used, deletes the key
permanently from any key manager database or other
storage method.
➢ This makes it impossible to recreate the key, unless a
backup image is used.
➢ NIST standards require that deactivated keys be kept in
an archive, to allow for reconstruction of the keys if
data encrypted in the past must now be decrypted by
that key or key pair.
