CHAPTER 4: PART 1

Security in Cloud Computing

- Access and Control Vulnerabilities: Includes data exposure due to

misconfigurations, credential theft, insider threats, and unauthorized
access.
- Infrastructure and Service Attacks:
- Data Security Risks
- Compliance and Regulatory Challenges
- Operational and Systemic Weaknesses
- Human Factor and Management Oversights

Real Life Cases

Capital One Data Breach: A hacker gained unauthorized access to the personal
information of over 100 million Capital One customers. The attacker, a former
AWS employee, utilized a server-side request forgery (SSRF) vulnerability to
obtain credentials. Compromised data included names, addresses, credit scores,
social security numbers, and bank account numbers. Capital One faced
reputational damage, customer trust issues, and a fine of $80 million for failing
to implement adequate cloud security measures.

Physical Security in Cloud Data Centers

Protection of sensitive data: Data centers house vast amounts of sensitive and
confidential information. Physical security measures are crucial to protect this
data from unauthorized access or theft.

Prevention of Unauthorized Access: Robust physical security prevents

unauthorized individuals from physically accessing critical infrastructure, ensuring
that only authorized personnel can access sensitive areas.

Safeguarding Against Physical Threats: Physical security measures protect against

threats like natural disasters, fire, or vandalism, ensuring the integrity and
availability of crucial IT resources.
Compliance with Regulatory Standards: Many industries have strict regulations for
data protection. Physical security is a key aspect of compliance with standards like
HIPAA, GDPR, and PCI-DSS.

Maintaining Service Continuity: Strong physical security contributes to the

reliability and uptime of cloud services, preventing disruptions that can result
from physical breaches or damages.

Building Trust and Reputation: Demonstrating robust physical security practices is

essential for cloud providers like Google, Amazon, and Microsoft to build trust
with clients and maintain their reputations as secure service providers.

Compliance and Security Protocols

Crucial Role of Compliance Standards: Compliance with standards like SAS 70,
HIPAA, and SOX is essential in cloud computing to ensure data protection,
maintain privacy, and uphold financial integrity.

SAS 70 (service organization control reports): Vital for demonstrating the

effectiveness of a cloud provider’s control environment.

HIPAA (health insurance portability and accountability act): Ensures the

protection and confidentiality of patient health information in the cloud.

SOX (sarbanes-oxley act): Critical for maintaining the accuracy and integrity of
financial reporting in cloud environments.

Influencing Cloud Architecture: Compliance requirements directly influence the

architectural choices of cloud providers, necessitating specific designs and
configurations to meet various compliance and regulatory standards.

Architectural Adaptations for Compliance: Cloud providers often need to modify

their architecture, such as implementing enhanced encryption or isolated storage,
to comply with different regulations
Definition of Private Cloud: A private cloud is a cloud computing environment
dedicated exclusively to one organization, offering greater control and privacy.

Contrast with Public and Hybrid Clouds: Unlike public clouds, which are shared
among multiple organizations, private clouds are reserved for a single entity.
Hybrid clouds combine elements of both private and public clouds, offering a
balance between control and scalability.

Key Benefits of Private Clouds

Enhanced Control: Organizations have complete authority their cloud

environment, including hardware and software choices.

Improved Security: Tailored security measures that align with the specific needs
and policies of the organization.

Customization and Flexibility: Ability to customize the cloud environment to fit

unique business requirements and workflows.

Resource Optimization: Efficient use of resources tailored to the organization’s

specific workload and performance needs.

Compliance and Data Sovereignty: Easier to meet specific industry regulations and
data residency requirements.

Data Access and Management Control:

- Centralized control over data access, essential for maintaining patient
confidentiality.
- The private cloud offers the organization the ability to finely tune access
controls and data management practices.
Integration with Healthcare System
- Seamless integration with existing healthcare IT systems, such as Electronic
Health Records (EHR ) and diagnostic tools.
Fundamental Role of VPN’s in Cloud Computing

- Secure Connectivity: VPN’s establish secure and encrypted connections,

enabling remote users to access cloud services safely from any location.
- Privacy in Data Transmission: By encrypting data, VPNs ensure that
information transmitted between remote users and cloud services remains
confidential and protected from potential eavesdropping.
- Enhanced Security Posture: The use VPNs in cloud computing significantly
strengthens the overall security posture by safeguarding data in transit,
particularly importans in public or unsecured networks.
- Integration with Cloud Infrastructure: VPNs integrate seamlessly with cloud
infrastructures, offering a reliable solution for organizations to extend their
networks into the cloud environment.

Enhancing Security and Privacy with VPNs

- Boosting Cloud Security and Privacy: VPNs enhance security and privacy in
cloud interactions by encrypting all data transmitted between users and
cloud services.
- Protection Against Data Interception: VPNs play a crucial role in
safeguarding sensitive data from potential interception and unauthorized
access during transmission.
- Enabling Secure Remote Access: VPNs provide secure and reliable to cloud
resources, critical for remote employees, partners and clients in today’s
distributed work environment.
- Facilitating Flexible Work Arrengements: The use of VPNs is instrumental in
supporting flexible and mobile work arrangements, allowing secure access
to cloud services from any location.
- Advanced Data Encryption Techniques: Detailing encryption protocols used
by VPNs such as SSL/TLS and IPSec, to ensure the confidentiality and
integrity of data from origin to destination.
- Operational Impact of VPN Security: Highlighting how VPN encryption
contributes to operational security, aiding in compliance with data
protection regulations and maintaining client trust.
CHAPTER 4: PART 2

Major Cloud Data Center Security: Security of the main cloud data centers begins
with the physcal security of the data centers that providers use to house their
computing equipment.

How can you control physical access?

- Property entrance
- Building entrance
- Security staff
- Cameras
- Intrusion detection systems
- Security staff has to do at least 3 times 2 factor
- Visitors have to show ID cards and are followed by the security staff

Billing Validation: The billing address isn’t listed on the credit card. So e-
commerce companies use it to authenticate their customers. The shared secret is
the billing address.

Identity Verification via Phone: out of band meaning not using the same browser
interface being used for sign-up. A user gets a PIN sent to the phone that he has
to enter on the desktop. Shared secret is the phone number.

Sign-In-Credentials: You are in complete control of your sign-in credentials, and

the password needs to be strong. Alternatively you can use multifactor
authentication such as RSA’s SecurID.

Access Keys: Every API call to do anything with the cloud requires an access key.
As part of the initiation process, you are given a generetad secret key.

X.509 Certificates: Based on the idea of public key cryptography.

Key Pairs: The most important access credential for dealing with instances in the
cloud. You have to use different key pairs for each time you launch an instance.
Discretionary Access Control (DAC): Controls access based on the identity of the
requestor and on access rules stating what requestors are and are not allowed to
do entity with access rights can permit.

Mandatory Access Control (MAC): Controls access based on comparing security

labels.

Role Based Access Control (RBAC): Controls access based on attributes of the user,
the resource to be accessed.

Security Advantages of the cloud:

- Cloud is more secure, then most data centers
- Centralizing data opposed to having distributed all data means less leakage.
- Its easier to monitor access and usage, but if a breach happens the damage
theft will be significantly higher.
- If an incident happens the cloud provider can respond faster
- Cloud providers are providing better built in verification.

Operating Systerm Security:

- System-level security in public clouds operates an multiple layers
- These security measures work in tandem to ensure the confidentiality and
integrity of data stored in the public cloud.
- For instance, Amazon’s approach to securing the host OS involves the use
of strong SSH keys.

Network Security:
- Network security is a fundamental aspect of public cloud environments
- Firewalls control traffic by protocol, service port, and source IP address.

Co-Mingling Security:
- Co-Mingling refers to the simultaneous operation of multiple virtual
instances in the same cloud environment.

System Control Security:

- System control security in the public cloud involves access management
and authentication.
Data Storage Security:
- Data storage is a key concern when utilizing cloud storage services.
- Access control lists are used to control write and delete permissions for
large-granularity storage containers.

A private cloud comprises three of the main principle:

- Virtualization- high utilization of assets
- Elasticity- dynamis scale without CAPEX
- Automation – building, deployins, configuring, provisioning, and moving, all
without manual intervention.

Definition Private Cloud: A computing architecture that provides hosted services

to a specific group of people behind a firewall. A private cloud uses virtualization,
automation, and distributed computing to provide on-demand elastic computing
capacity to internal users.

Economies of Scale:
- Public cloud providers gain economic advantages over private cloud
operators due to their buying power for hardware and resources.
- Public cloud providers can purchase servers and hosting resources at scale,
benefiting from long-term relationships with suppliers and existing
hardware investments.

Eucalyptus
- Eucalyptus is a Linux-based open-source software architecture for cloud
computing and storage platform implementing infrastructure as a Service
(IaaS)
- Designed for compatibility with Amazon’s EC2 and S3, it offers quick and
efficient computing services.

Advantages of Eucalyptus
- Can be used for both private and public clouds.
- Supports running Amazon or Eucalyptus machine images
- API is similar to all Amazon Web Services
- Potential alternatives to OpenStack and CloudStack
- Enables the creation of hybrid, public, and private clouds and extends
services to other organizations.
 Virtual Private Cloud
- A PVC is a secure and seamless bridge between an organization's existing IT
infrastructure and a provider’s public cloud.
- The idea is to use instances within VPC to add additional web-facing servers
to your application when the traffic exceeds your on-premise capacity.
- The back-end of your application, database servers, authentication servers,
and so forth, remains within the walls of your data centers.

Chapter 6:

Distributed Systems
- Distributed web architectures typically fall into one of several basic
categories:
- Client- server architectures are two- tier
- Three-tier architectures add a business logic middle tier.
- N-tier architectures usually refer to web applications that utilize more
services.
- Tightly couples (clustered) architectures are a form of parallel processing.
- Peer-to-peer is clientless and has no single point of failure that can cause
total failure.

Loose Coupling
- In computer science, coupling refers to the degree of direct knowledge that
one component has of another. It’s the degree to which components
depend on one another.
- Loose coupling is important for reliability in the cloud because components
can be more easily handled individually.
- Web applications benefit from loose coupling, ensuring reliability as one
site doesn’t depend too much on another.
Service Oriented Architectures (SOAS):
- SOA is a set of principles used in systems development and integration.
- İt packages functionality into compatible services for diverse business
domains, allowing different organizations to use these services with
different client systems.
- Instead of API, SOA defines interfaces in terms of protocols and
functionality.
- Deployed SOA provides a loosely coupled suite of services, promoting
flexibility and reusability across multiple business domains.

SOA and Cloud Computing

- Pairing SOA with cloud computing allows enterprises to benefit from
service deployments and the scale and economics of the cloud.
- SOA and cloud computing are complementary, not competitive.
- Most cloud solutions are defined through SOA
- Cloud computing is a deployment architecture, while SOA is an
architectural approach for organizing enterprise.

Redundancy
- Redundancy is a critical factor in building reliable applications, especially in
the cloud.
- Techniques like triple modular redundancy with spares, used by NASA,
involve having three live copies of a critical system.
- While redundancy can be complex and costly, cloud providers help by
handling some of the challenges.
- Despite the benefits of redundancy caution is needed to avoid common
errors that multiple development teams might inadvertently introduce.

Map Reduce
- MapReduce is a software framework invented by Google to solve the
massive search problem it has across all content on the web, which, by the
end of 2008, exceeded one trillion unique URLs.
- MapReduce is loosely coupled distributed computing on a massive scale,
working on large data sets operated on by clusters of commodity (cheap)
computers.
- The name MapReduce has its roots in functional programming.
- A reduce combines all the elements of a sequence using a binary operation.
The Problem MapReduce Solves
 The master does the following:
- Initializes the array and splits it into tasks according to the number of
available workers
- Sends each worker its subarray task
- Receives the result from each worker
 The worker does the following:
- Receives the subarray task from the master
- Performs processing on the subarray task
- Returns the result to the master

The Map Step

- Map, written by a user of the MapReduce library, takes an input pair and
produces a set of intermediate key-value pairs.
- It is grouped all into intermediate values.
- A master node takes the input, chops it up into smaller subproblems, and
distributes those subproblems to worker nodes.

The Reduce Step

- The reduce function, also written by the user, accepts an intermediate key I
and a set of values for that key.
- It merges these values to form a possibly smaller set of values.
- The master node takes the answers to all subproblems it spawned and
combines them appropriately to produce an answer to the problem it was
handed in the first place.

Open Source Map Reduce

- Apache Hadoop MapReduce
- Amazon: A9 product search, Elastic MapReduce
- Apache Spark: Although Spark is not a pure MapReduce framework, it
provides a more general- purpose data processing engine with support for
in- memory processing.
Cloud management software —> In the context of cloud architecture, the
component responsible for managing software interfaces and databases

In cloud computing, multi-tenancy refers to —> sharing of resources among

multiple clients

A key characteristic of cloud scalability —> Adapting to changing workloads by

provisioning and de-provisioning resources

A Content Delivery Network (CDN) in cloud services helps to —> Reduce latency
by caching content closer to users

The concept of scalability in cloud computing refers to —> The ability to increase
or decrease resources as needed

The pay-as-you-go model in cloud computing is beneficial because —> It reduces

upfront costs and pays only for used resources

Cloud compliance primarily deals with —> Adhering to legal and regulatory
standards

A primary concern in cloud security is —> Data protection and privacy

A key advantage of using public cloud service is —> Cost-effectiveness due to

shared resources

A primary feature of cloud governance is —> Ensuring policies for effective cloud
resource usage

IaaS —> Infrastructure as a Service

The following best describes private cloud —> A cloud infrastructure operated
solely for a single organization

The process of cloud migration typically involves —> Moving data and
applications from on-premises to the cloud
The term cloud bursting is used to describe—> using public cloud resources to
manage excess demand

Disaster recovery in cloud computing is important for —> Ensuring data

availability and business continuity in case of incidents

SaaS —> A service delivering software applications over the internet

Virtualization in cloud computing is used to —> Create multiple simulated

environments from a single physical hardware system

PaaS —> Platforms and tools for applications development

A common use case for cloud analytics is —> Big data processing and analysis

Fans (Function as a Service) is used for —> Running individual functions or pieces
of business logic

The public cloud deployment model is characterized by —> Availability to the

general public over the internet

Best represent cloud service models —> IaaS, PaaS, SaaS

Hybrid cloud solutions are best suited for scenarios where —> There is a need for
both private and public cloud features

The primary purpose of cloud computing --> to provide scalable and efficient
computing resources

The primary benefit of cloud storage —> Access to data from any location with
internet connectivity