CLOUD COMPUTING

MODULE:5

Security: Vulnerability Issues and Security Threats, Application-level Security, Data level
Security, and Virtual Machine level Security, Infrastructure Security, and Multi-tenancy
Issues.

📘Security in Cloud Computing

✅ 1. Cloud Security Overview
🔹 Definition (English):
Cloud security involves protecting data, applications, and services hosted in the cloud from
threats like unauthorized access, data breaches, and cyberattacks.

🔹 Definition (Hinglish):
Cloud security ka matlab hai cloud mein data, apps aur services ko unauthorized access,
cyber attacks, aur data breaches se protect karna.
✅ 2. Importance of Cloud Security
✔️ Protects data confidentiality 🔒​
✔️ Ensures data integrity (no unauthorized changes) ✔️​
✔️ Ensures data availability (access when needed) ✔️​
✔️ Prevents unauthorized access/attacks 🚫​
✔️ Supports regulatory compliance 📝

✅ 3. Types of Cloud Security Threats

Threat Description

🛑 Data Breaches Unauthorized access to sensitive data.

🔓 Data Loss Data is lost, corrupted, or inaccessible.

🕵️ Account Hijacking Attackers steal user credentials to access cloud services.

⚠️ Insecure APIs Vulnerabilities in cloud APIs can lead to unauthorized

access.

🔒 Denial of Service (DoS) Attacks that overload the cloud service, causing it to shut
down.

👾 Malware & Ransomware Malicious software that damages or locks data for ransom.

✅ 4. Cloud Security Measures

🔹 (i) Data Encryption 🔑
●​ Definition: Encryption involves scrambling data so that only authorized users can
decrypt and access it.​

●​ Example: Encrypting sensitive customer data in an e-commerce cloud storage service.​

🔹 (ii) Identity and Access Management (IAM) 🛂

●​ Definition: IAM is a framework for managing user identities and controlling their
access to cloud resources.​

●​ Example: Google Cloud IAM allows setting permissions for users to access specific
cloud services.​

🔹 (iii) Multi-Factor Authentication (MFA) 🔐

●​ Definition: MFA requires more than just a password to access cloud systems. Users
must provide two or more forms of verification.​

●​ Example: Logging into Amazon Web Services (AWS) requires both a password and a
unique code sent to the phone.​

🔹 (iv) Security Monitoring and Auditing 📊

 ●​ Definition: Continuous monitoring and auditing to detect suspicious activities in cloud
environments.​

●​ Example: Cloud providers like Azure have built-in tools that monitor traffic and usage
patterns for abnormal activities.​

✅ 5. Security Challenges in Cloud Computing

Challenge Description

🌐 Shared Resources Multiple users share the same cloud resources, which can lead
to security vulnerabilities.

🧩 Data Sovereignty Data might be stored in locations with different legal

requirements, creating compliance risks.

🔑 Access Control Managing user permissions across multiple users and platforms
can be complex.

🛡️ Compliance and Compliance with laws like GDPR is difficult when data is stored
Legal Risks globally.

📶 Network Security Cloud services are connected over the internet, which makes
them vulnerable to network-based attacks.

✅ 6. Cloud Security Models

🔹 (i) Shared Responsibility Model
●​ Definition: Both the cloud provider and the cloud customer share security
responsibilities.​

○​ Provider: Physical infrastructure, network security​

○​ Customer: Data, access management, etc.​

Example:
 ●​ AWS: AWS ensures physical security (data centers), while the customer is responsible
for securing their data and configurations.​

🔹 (ii) Defense in Depth

●​ Definition: Using multiple layers of security (firewalls, encryption, access control) to
protect cloud data.​

Example:

●​ A cloud service encrypts data, uses IAM for user access, and has intrusion detection
systems to monitor suspicious activity.​

✅ 7. Cloud Security Tools and Standards

●​ Tools:​

○​ AWS Shield: Protection against DDoS attacks​

○​ Google Cloud Security Command Center: Monitoring and threat detection​

○​ Microsoft Azure Security Center: Security management and threat protection​

●​ Standards:​

○​ ISO/IEC 27001: International standard for information security management

systems.​

○​ SOC 2: Standard for managing and securing sensitive customer data.​

✅ 8. Cloud Security Best Practices

●​ Regularly update and patch systems: Ensure cloud infrastructure is up-to-date.​

●​ Implement strong encryption: Always encrypt data at rest and in transit.​

 ●​ Use MFA and IAM: Protect against unauthorized access with Multi-Factor Authentication
and strong access management.​

●​ Monitor and audit continuously: Regularly review logs to identify suspicious activities.​

●​ Have a data backup strategy: Ensure that data can be recovered if lost or
compromised.​

✅ 9. Real-life Example
Example: Target's Data Breach (2013)

●​ What happened: Hackers gained access to Target's network via compromised

credentials of a third-party vendor, leading to a massive data breach.​

●​ Lesson: Importance of securing vendor access and regularly auditing third-party

connections.​

✅ 10. Memory Trick for Security Measures

"I DM You – Save My Security!"

●​ I = Identity & Access Management​

●​ D = Data Encryption​

●​ M = Multi-Factor Authentication​

●​ Y = You (User Awareness)​

●​ S = Security Monitoring​

●​ M = Malware Protection​

●​ S = Shared Responsibility​
✍️ Exam Writing Tips
📌 2 Marks Example Question:
Q: What is Data Encryption in Cloud Security?​
A: Data encryption is the process of converting data into an unreadable format using a key, so
that only authorized users with the correct key can decrypt and read it. This protects sensitive
data from unauthorized access.

📌 5 Marks Answer Format:

1.​ Define Cloud Security​

2.​ Mention at least 3 types of threats (Data Breaches, DoS, Account Hijacking)​

3.​ List 3 security measures (IAM, Encryption, MFA)​

4.​ Add real-life example​

5.​ Optional: Diagram or model like Shared Responsibility​

📘 Security: Vulnerability Issues and

Security Threats

✅ 1. Vulnerability Issues in Cloud Security

🔹 Definition (English):
Vulnerability refers to a weakness in the cloud system, infrastructure, or software that can be
exploited by attackers to gain unauthorized access or cause harm.

🔹 Definition (Hinglish):
Vulnerability ka matlab hai cloud system ya software mein koi weakness jo attackers ko
unauthorized access dene ya harm karne ka mauka deti hai.

✅ 2. Types of Vulnerabilities in Cloud Computing

Type of Vulnerability Description

🔓 Data Breach Weaknesses that allow attackers to steal sensitive data

Vulnerabilities from the cloud.

⚠️ Insufficient Identity Poor user authentication and access control, leading to

Management unauthorized access.

🛑 Insecure APIs APIs with security flaws can give attackers access to cloud
services.

🔓 Lack of Encryption If data is not encrypted, attackers can intercept and read it
during transmission or at rest.

🕵️ Misconfigured Cloud Incorrect configurations in cloud systems can expose data

Settings and services to attacks.

✅ 3. Real-life Example of Vulnerabilities

Example: AWS S3 Data Breach

●​ What happened: In 2017, an exposed AWS S3 bucket led to data leakage for various
companies, revealing sensitive information.​
 ●​ Cause: Misconfigured cloud storage settings were the root cause, leaving data
publicly accessible.​

●​ Lesson: Misconfigurations in cloud services can lead to severe vulnerabilities if not

properly managed.​

✅ 4. Cloud Security Threats

🔹 Definition (English):
Security threats refer to any potential attack or action that could exploit vulnerabilities in the
cloud to harm the system, steal data, or disrupt services.

🔹 Definition (Hinglish):
Security threats ka matlab hai koi bhi attack ya action jo cloud system ki vulnerabilities ka
fayda utha kar data chura sakta hai, service ko disrupt kar sakta hai, ya harm kar sakta
hai.

✅ 5. Types of Security Threats in Cloud Computing

Type of Threat Description

🔓 Data Breaches Unauthorized access to sensitive cloud data.

🕵️ Account Hijacking Attackers steal user credentials to access cloud accounts

and services.

🚫 Denial of Service (DoS) Attacks that overwhelm cloud services with excessive
requests, making them unavailable.

⚠️ Insecure APIs Flawed APIs that allow attackers to access cloud

resources without permission.

🦠 Malware/Ransomware Malicious software designed to damage or hold cloud data

Attacks for ransom.

🔍 Internal Threats Employees or insiders intentionally or unintentionally

compromising cloud security.
✅ 6. Common Vulnerability Issues and Threats in Cloud
Security
🔹 (i) Data Breach Threats
●​ Description: Attackers breach cloud systems and steal sensitive data like credit card
numbers, personal information, or business secrets.​

●​ Example: In 2019, the Capital One data breach exposed personal and financial
information of over 100 million customers.​

🔹 (ii) Account Hijacking

●​ Description: Attackers steal login credentials (username and password) to gain
unauthorized access to cloud accounts, affecting cloud services and user data.​

●​ Example: Hackers using phishing emails to steal login credentials and take control of
cloud services.​

🔹 (iii) Insecure APIs

●​ Description: APIs, which allow different applications to communicate, may have
vulnerabilities that attackers exploit to bypass security measures and access data.​

●​ Example: A vulnerable API in a cloud storage system could allow attackers to read,
modify, or delete files stored in the cloud.​

🔹 (iv) Data Loss

●​ Description: If data is not backed up or is corrupted due to hardware failure, malicious
attacks, or accidental deletion, it can lead to data loss.​

●​ Example: A company's cloud backup server crashes and causes the loss of critical
business data.​

🔹 (v) Denial of Service (DoS)

 ●​ Description: Attackers overwhelm cloud servers with excessive requests, making the
services slow or unavailable.​

●​ Example: A cloud service provider experiences a DoS attack, causing users to be

unable to access their data or applications for hours.​

✅ 7. Mitigation Strategies for Vulnerabilities and Threats

🔸 (i) Regular Security Audits 🔍
●​ Explanation: Conducting regular security audits helps identify vulnerabilities and threats
before they are exploited.​

●​ Example: A company schedules quarterly audits to detect potential vulnerabilities in its

cloud infrastructure.​

🔸 (ii) Strong Encryption 🔒

●​ Explanation: Encrypting data both in transit and at rest helps protect sensitive
information from unauthorized access.​

●​ Example: Using SSL/TLS encryption for secure communication between users and
cloud servers.​

🔸 (iii) Identity and Access Management (IAM) 🛂

●​ Explanation: Implementing strong IAM policies, including multi-factor authentication
(MFA), helps secure cloud accounts and resources from unauthorized access.​

●​ Example: A user must provide a password and a one-time code sent to their phone to
access cloud data.​

🔸 (iv) Security Patches and Updates 🛠️

●​ Explanation: Regularly updating cloud systems with security patches helps protect
against known vulnerabilities.​
 ●​ Example: A cloud service provider applies critical security patches to its platform,
preventing potential exploits.​

✅ 8. Common Security Tools in Cloud Computing

●​ AWS Security Tools: AWS GuardDuty (threat detection), AWS Shield (DDoS protection)​

●​ Google Cloud Security: Google Cloud Armor (DDoS protection), Cloud Security
Command Center (security insights)​

●​ Azure Security Center: Continuous security monitoring, vulnerability management, and

compliance tracking.​

✅ 9. Real-life Example of a Cloud Security Threat

Example: The 2017 Uber Data Breach

●​ What happened: Hackers gained access to sensitive data, including personal and
financial details of 57 million Uber customers and drivers.​

●​ Cause: Uber stored sensitive data insecurely, which allowed attackers to gain access
through a poorly protected cloud server.​

●​ Lesson: Insecure cloud configurations and poor access control can lead to
significant data breaches.​

✅ 10. Memory Trick to Remember

"DIA-DA"

●​ D = Data Breaches​

●​ I = Insecure APIs​
 ●​ A = Account Hijacking​

●​ D = Denial of Service​

●​ A = Access Control Issues​

✍️ Exam Writing Tips

📌 2 Marks Sample Question:
Q: What are common security threats in cloud computing?​
A: Common threats include data breaches, account hijacking, insecure APIs, Denial of Service
(DoS), and malware/ransomware attacks.

📌 5 Marks Answer Format:

1.​ Define security threats in the cloud​

2.​ List and explain 3-4 threats (e.g., Data Breaches, DoS)​

3.​ Provide examples to make the explanation clear​

4.​ Optionally, add a real-life case study​

5.​ Wrap up with mitigation strategies for these threats​

📘 Application-Level Security
✅ 1. Definition of Application-Level Security
🔹 Definition (English):
Application-level security focuses on protecting applications running in the cloud from
potential threats such as unauthorized access, data breaches, and malicious attacks. It ensures
that the application itself, along with its components and user interactions, is secure.

🔹 Definition (Hinglish):
Application-level security ka matlab hai cloud mein jo bhi applications chal rahe hote hain
unko unauthorized access, data breach aur malicious attacks se protect karna. Yeh ensure
karta hai ki application aur uske components secure rahe.

✅ 2. Importance of Application-Level Security

●​ Protects Sensitive Data: Ensures data handled by the application is safe from
unauthorized access.​

●​ Prevents Malicious Attacks: Safeguards against attacks like SQL injection, cross-site
scripting (XSS), etc.​

●​ Maintains User Privacy: Ensures personal and financial information of users remains
confidential.​

●​ Prevents Data Corruption: Secures against data modification and ensures integrity.​
✅ 3. Key Aspects of Application-Level Security
Aspect Description

🔒 Authentication & Ensures that only authorized users can access certain parts
Authorization of the application.

💻 Input Validation Ensures all user input is validated and sanitized to prevent
attacks like SQL injection.

🛡️ Encryption Encrypts sensitive data within the application, both at rest

and in transit.

⚠️ Session Management Manages user sessions securely to prevent session

hijacking or fixation attacks.

🔐 Access Control Restricts access to sensitive parts of the application based

on user roles and permissions.

🧩 Error Handling Handles application errors in a way that doesn't expose

sensitive information to attackers.

✅ 4. Common Security Threats at the Application Level

🔸 (i) SQL Injection
●​ Definition: SQL Injection occurs when an attacker inserts malicious SQL queries into
an input field, allowing them to interact with the database and extract, modify, or delete
data.​

●​ Example: A login page that accepts username and password could be vulnerable if it
doesn't properly validate inputs, allowing an attacker to run SQL commands like OR
1=1.​

🔸 (ii) Cross-Site Scripting (XSS)

●​ Definition: XSS allows attackers to inject malicious scripts into web applications, which
then run on the user's browser.​

●​ Example: An attacker injects a malicious script in a comment section of a website. When

another user views the comment, the script runs, stealing their session cookies.​
🔸 (iii) Cross-Site Request Forgery (CSRF)
●​ Definition: CSRF tricks the user’s browser into making unwanted requests on their
behalf to a web application where the user is authenticated.​

●​ Example: A user is logged into their bank account, and a malicious link sent via email
requests a fund transfer from their account.​

🔸 (iv) Insecure APIs

●​ Definition: APIs that are not securely designed or implemented can expose sensitive
data to unauthorized users or attackers.​

●​ Example: An API endpoint that allows users to update their email address but doesn't
properly authenticate the user might let an attacker change someone else's email.​

✅ 5. Best Practices for Application-Level Security

🔸 (i) Secure Authentication and Authorization
●​ Explanation: Use strong authentication methods (e.g., Multi-Factor Authentication
(MFA)) to verify users. Implement strict authorization to ensure users can only access
resources they are allowed to.​

●​ Example: Implementing MFA on cloud applications like AWS, where users must provide
a password and a code sent to their phone.​

🔸 (ii) Input Validation and Sanitization

●​ Explanation: Always validate and sanitize user input to prevent malicious data from
entering the system.​

●​ Example: If a user is submitting their name, ensure that only alphabetical characters
are accepted and numeric inputs are rejected.​

🔸 (iii) Data Encryption

 ●​ Explanation: Encrypt sensitive data in transit (using HTTPS) and at rest (using
encryption algorithms like AES-256).​

●​ Example: A payment gateway encrypts user credit card information before storing it in
the cloud.​

🔸 (iv) Use Secure APIs

●​ Explanation: Secure your APIs with proper authentication (OAuth, API keys) and ensure
data is encrypted.​

●​ Example: Google Cloud uses API keys and OAuth 2.0 to secure access to its Cloud
Storage APIs.​

🔸 (v) Regular Security Testing

●​ Explanation: Continuously test for vulnerabilities using automated tools and manual
penetration testing.​

●​ Example: Use tools like OWASP ZAP (Zed Attack Proxy) to scan web applications for
common vulnerabilities like XSS and SQL injection.​

✅ 6. Tools for Application-Level Security

●​ OWASP (Open Web Application Security Project): Provides resources and tools for
securing web applications.​

○​ OWASP ZAP: A penetration testing tool for identifying vulnerabilities in web

applications.​

○​ OWASP Top 10: A list of the top 10 most critical web application security risks.​

●​ Burp Suite: A security testing platform for web applications, widely used for manual and
automated security testing.​

●​ Web Application Firewalls (WAFs): Used to filter and monitor HTTP traffic between a
web application and the Internet.​
 ○​ Example: AWS WAF helps protect applications against common web exploits like
SQL injection and XSS.​

✅ 7. Real-life Example
Example: The Facebook Data Breach (2018)

●​ What happened: Attackers exploited a vulnerability in Facebook’s authentication

mechanism to gain unauthorized access to millions of accounts.​

●​ Cause: The vulnerability was related to the "View As" feature, which allowed attackers
to steal access tokens.​

●​ Lesson: Proper authentication and access control are essential to protect user data.​

✅ 8. Memory Trick for Application-Level Security

"SIIE – SECURE"

●​ S = Secure Authentication​

●​ I = Input Validation​

●​ I = Insecure APIs (avoid)​

●​ E = Encryption​

✍️ Exam Writing Tips

📌 2 Marks Sample Question:
Q: What is SQL Injection?​
A: SQL Injection is an attack where malicious SQL queries are inserted into input fields,
allowing attackers to manipulate the database and access sensitive data.
📌 5 Marks Answer Format:
1.​ Define application-level security​

2.​ Explain 2-3 common threats (e.g., SQL Injection, XSS)​

3.​ List best practices to mitigate these threats​

4.​ Provide a real-life example (e.g., Facebook Data Breach)​

5.​ Optionally: Diagram showing secure authentication flow or input validation.​

📘 Data-Level Security and Virtual

Machine-Level Security

✅ 1. Data-Level Security in Cloud Computing

🔹 Definition (English):
Data-level security refers to the protection of data stored in the cloud and during its
transmission, ensuring that sensitive information is encrypted, access is controlled, and
unauthorized access or loss is prevented.

🔹 Definition (Hinglish):
Data-level security ka matlab hai cloud mein store ki gayi data ko aur transmission ke
dauran protect karna, taki sensitive information ko encrypt kiya jaa sake, access control ho,
aur unauthorized access ya loss na ho.

✅ 2. Types of Data-Level Security

Type of Data Description
Security
🔒 Data Encrypting sensitive data at rest (in storage) and in transit (while
Encryption moving between systems) to protect it from unauthorized access.

🛡️ Access Implementing strict access controls using authentication and

Control authorization mechanisms to restrict data access to authorized users
only.

🔐 Data Masking Replacing sensitive data with anonymized or scrambled values to

prevent exposure of real data.

⚠️ Data Integrity Ensuring that the data is not altered or tampered with during storage or
transmission.

🧩 Backup and Ensuring regular backups and implementing disaster recovery plans to
Recovery protect data from loss or corruption.

✅ 3. Key Techniques for Data-Level Security

🔸 (i) Data Encryption
●​ Explanation: Encrypt data both at rest (while stored) and in transit (when moving
between networks). This ensures that even if unauthorized parties access the data, they
cannot read or alter it without the decryption key.​

●​ Example: AWS S3 bucket uses AES-256 encryption to secure stored data.​

🔸 (ii) Access Control and Authentication

●​ Explanation: Use role-based access control (RBAC) to assign permissions based on
the user’s role. Implement multi-factor authentication (MFA) for stronger security.​

●​ Example: A user with only read access can view data but cannot modify it.​

🔸 (iii) Data Masking and Tokenization

●​ Explanation: Data masking involves substituting real data with anonymized data, while
tokenization replaces sensitive information with randomly generated tokens.​

●​ Example: In a payment system, instead of storing credit card numbers, tokens

representing the card numbers are stored.​
🔸 (iv) Data Backup and Disaster Recovery
●​ Explanation: Regularly back up data and have a plan in place for data recovery in case
of corruption, loss, or disasters.​

●​ Example: Cloud services like Google Cloud offer automated backup solutions and rapid
data recovery options to protect against data loss.​

✅ 4. Real-life Example of Data-Level Security

Example: Capital One Data Breach (2019)

●​ What happened: An exposed misconfigured firewall in Amazon Web Services (AWS)

led to a breach of 106 million customers' data.​

●​ Cause: Poor data access control and misconfiguration allowed the attacker to access
sensitive data, including personal and financial information.​

●​ Lesson: Proper data encryption, access controls, and security configurations are
critical to prevent unauthorized access.​

✅ 5. Virtual Machine-Level Security in Cloud Computing

🔹 Definition (English):
Virtual machine (VM)-level security focuses on the protection of the virtual machines running
in the cloud environment. It involves securing the VM from attacks, ensuring its isolation from
other VMs, and preventing unauthorized access to the underlying physical hardware.

🔹 Definition (Hinglish):
Virtual Machine (VM)-level security ka matlab hai cloud environment mein chal rahe virtual
machines ki protection. Isme VM ko attacks se bachana, VMs ke beech isolation maintain
karna, aur physical hardware tak unauthorized access ko rokna shamil hai.
✅ 6. Key Aspects of Virtual Machine-Level Security
Aspect Description

🔒 VM Isolation Ensuring each VM operates independently and is isolated from other

VMs, preventing malicious activity from spreading.

🛡️ VM Access Restricting access to the virtual machine using authentication and

Control authorization mechanisms.

🔐 Hypervisor Securing the hypervisor (virtual machine monitor) that manages the
Security VMs to prevent unauthorized access and attacks.

⚠️ VM Monitoring Continuously monitoring VMs for signs of malicious activity or

performance issues.

🧩 Patch Regularly updating the virtual machine software and underlying

Management hypervisor to mitigate vulnerabilities.

✅ 7. Techniques for Securing Virtual Machines

🔸 (i) VM Isolation
●​ Explanation: VMs should be isolated from one another to prevent a security
compromise in one VM from affecting others. This is typically achieved using hypervisor
technology.​
 ●​ Example: If one VM is compromised, it cannot directly attack or access data in another
VM due to the isolation.​

🔸 (ii) Access Control and Authentication

●​ Explanation: Restrict who can access the VM and the hypervisor, using strong
authentication mechanisms like SSH keys for Linux VMs or Windows credentials for
Windows-based VMs.​

●​ Example: Only authorized administrators with MFA can access the VM management
interface.​

🔸 (iii) Hypervisor Security

●​ Explanation: The hypervisor, responsible for creating and managing VMs, must be
secured to prevent unauthorized access that could compromise all VMs hosted on it.​

●​ Example: Using security patches and updates on hypervisors like VMware vSphere or
Microsoft Hyper-V to close vulnerabilities.​

🔸 (iv) VM Monitoring
●​ Explanation: Continuously monitor the VMs for performance and security issues, such
as signs of malicious activity or resource hogging.​

●​ Example: Using tools like Amazon CloudWatch to monitor the health and security of
EC2 instances in real-time.​

✅ 8. Real-life Example of Virtual Machine-Level Security

Example: VM Escape Attack

●​ What happened: A VM escape attack occurs when an attacker breaks out of a virtual
machine and gains access to the host hypervisor, compromising all VMs running on it.​

●​ Cause: VM escape can happen if the hypervisor has vulnerabilities that allow
unauthorized access or manipulation.​
 ●​ Lesson: Always update hypervisors, isolate VMs properly, and ensure strong security
measures at the VM and hypervisor levels.​

✅ 9. Best Practices for VM-Level Security

●​ Secure Hypervisor: Regularly update and patch the hypervisor software to close
security vulnerabilities.​

●​ Use VM Encryption: Encrypt the data in the virtual machine to ensure that even if
unauthorized access occurs, data remains secure.​

●​ Implement Strong Access Controls: Use strong authentication mechanisms to restrict

who can create, manage, and access VMs.​

●​ Continuous Monitoring: Monitor VMs and hypervisors for signs of malicious activity or
security breaches.​

✅ 10. Memory Trick for Data and VM-Level Security

"DIVE"

●​ D = Data Encryption​

●​ I = Input Validation (Data)​

●​ V = VM Isolation​

●​ E = Encryption (VM)​

✍️ Exam Writing Tips

📌 2 Marks Sample Question:
Q: What is VM Isolation?​
A: VM isolation refers to ensuring that each virtual machine operates independently and is
isolated from other VMs to prevent one compromised VM from affecting others.

📌 5 Marks Answer Format:

1.​ Define Data-Level Security and VM-Level Security​

2.​ Explain 2-3 key techniques for both types of security​

3.​ Provide real-life examples (e.g., Capital One breach for Data-Level, VM Escape attack
for VM-Level)​

4.​ Wrap up with best practices to secure data and virtual machines.​

📘 Infrastructure Security
✅ 1. Definition of Infrastructure Security
🔹 Definition (English):
Infrastructure security in cloud computing refers to the protection of the physical and virtual
components of the cloud infrastructure, including hardware, networks, and data centers. It
ensures that these underlying resources are secure from attacks, breaches, or other malicious
activities that could disrupt the cloud service.

🔹 Definition (Hinglish):
Infrastructure security ka matlab hai cloud ke physical aur virtual components (jaise
hardware, networks, aur data centers) ko protect karna. Yeh ensure karta hai ki ye resources
attacks, breaches, ya kisi bhi dusre malicious activities se bachche rahein, jo cloud service
ko disrupt kar sakti hain.
✅ 2. Key Components of Cloud Infrastructure Security
Component Description

🖥️ Physical Protection of the physical data center (servers, storage, etc.) from
Security unauthorized access, theft, and natural disasters.

🌐 Network Securing the cloud network infrastructure to prevent unauthorized

Security access, data breaches, and attacks like DDoS (Distributed Denial of
Service).

🔐 Access Control Managing who can access the cloud infrastructure and what actions
they can perform.

🛡️ Virtualization Securing virtual machines and hypervisors, ensuring isolation, and

Security preventing unauthorized access or attacks.

🔒 Encryption Encrypting sensitive data at rest and in transit to prevent

unauthorized access.

✅ 3. Types of Infrastructure Security

 Type of Security Description

🔒 Physical Security Ensures that physical access to data centers is controlled.

Only authorized personnel can access the infrastructure.

🧑‍💻 Network Security Involves securing network traffic using firewalls, intrusion
detection systems (IDS), and encryption protocols (VPN,
SSL/TLS).

🔑 Identity and Access Controls who can access cloud resources and services based
Management (IAM) on roles and permissions.

🔐 Data Security Ensures that sensitive data is stored and transmitted

securely, often using encryption and tokenization.

🛠️ Infrastructure Continuously monitors the cloud infrastructure for

Monitoring vulnerabilities, performance issues, and signs of malicious
activity.

✅ 4. Techniques for Securing Cloud Infrastructure

🔸 (i) Physical Security Measures
●​ Explanation: This involves controlling physical access to cloud data centers to prevent
unauthorized individuals from gaining access to critical hardware.​

●​ Example: Use of biometric scanning, video surveillance, and security guards at

data centers.​

🔸 (ii) Network Security

●​ Explanation: Protects the cloud network by using various tools and protocols to
safeguard data in transit and prevent malicious attacks like DDoS or man-in-the-middle
attacks.​

●​ Example: Firewalls to block unauthorized traffic, intrusion detection systems (IDS) to

detect suspicious activities, and virtual private networks (VPNs) to encrypt
communications.​

🔸 (iii) Identity and Access Management (IAM)

 ●​ Explanation: IAM systems ensure that only authorized users have access to the
infrastructure and limit what actions they can perform based on their roles.​

●​ Example: Implementing Multi-Factor Authentication (MFA) for cloud admin accounts,

using role-based access control (RBAC) for restricting user actions.​

🔸 (iv) Encryption
●​ Explanation: Encrypting data both at rest (stored data) and in transit (data being
transferred) to ensure that unauthorized users cannot read it.​

●​ Example: AES-256 encryption is used for storing sensitive data in cloud storage and
TLS (Transport Layer Security) for securing data during transmission over the network.​

🔸 (v) Continuous Monitoring

●​ Explanation: Constantly monitor the cloud infrastructure for vulnerabilities and
anomalies that may indicate security breaches.​

●​ Example: Cloud service providers like AWS CloudTrail or Azure Security Center
provide tools to track infrastructure usage and identify suspicious activity.​

✅ 5. Common Threats to Cloud Infrastructure Security

🔸 (i) Distributed Denial of Service (DDoS) Attacks
●​ Explanation: DDoS attacks overwhelm cloud infrastructure with excessive traffic,
causing service disruptions or making systems unavailable.​

●​ Example: An attacker sends a flood of traffic to a cloud server, causing it to crash or

become unresponsive.​

🔸 (ii) Data Breaches

●​ Explanation: Unauthorized access to sensitive data stored in the cloud, usually due to
weak access controls or vulnerabilities.​
 ●​ Example: If an attacker gains access to poorly secured cloud storage, they could leak
customer data or intellectual property.​

🔸 (iii) Insider Threats

●​ Explanation: Employees or contractors with authorized access to cloud infrastructure
could misuse their access to steal or damage sensitive data.​

●​ Example: A disgruntled employee may leak confidential data stored in a cloud

environment.​

🔸 (iv) Insecure APIs

●​ Explanation: Vulnerabilities in cloud APIs can allow attackers to gain unauthorized
access or execute malicious actions on cloud resources.​

●​ Example: An attacker exploits a vulnerability in a public-facing API that allows them to

modify or delete data in a cloud database.​

✅ 6. Best Practices for Securing Cloud Infrastructure

🔸 (i) Implement Strong Authentication and Access Controls
●​ Use MFA (multi-factor authentication) to ensure that only authorized individuals can
access the infrastructure.​

●​ Implement RBAC (Role-Based Access Control) to limit access to sensitive resources

based on user roles.​

🔸 (ii) Encrypt Sensitive Data

●​ Encrypt sensitive data at rest (while stored) and in transit (while being transferred) using
strong encryption algorithms (e.g., AES-256, RSA).​

🔸 (iii) Use Firewalls and Intrusion Detection Systems

 ●​ Use cloud-based firewalls to block malicious traffic and IDS/IPS (Intrusion
Detection/Prevention Systems) to detect and prevent attacks.​

🔸 (iv) Monitor and Audit Infrastructure

●​ Regularly monitor cloud infrastructure for unusual activity, vulnerabilities, or unauthorized
access attempts.​

●​ Use tools like AWS CloudTrail or Azure Monitor to track and audit activities.​

🔸 (v) Backup and Disaster Recovery Plans

●​ Regularly back up critical data and have a disaster recovery plan in place in case of
infrastructure failure or attacks.​

✅ 7. Real-life Example of Infrastructure Security Breach

Example: Amazon Web Services (AWS) S3 Data Breach (2017)

●​ What happened: A misconfigured S3 bucket exposed millions of sensitive files,

including personal information and company data, to the public internet.​

●​ Cause: The S3 bucket lacked proper access control policies and was left publicly
accessible.​

●​ Lesson: Always ensure that cloud storage and other infrastructure services are
properly secured with access control and encryption.​

✅ 8. Memory Trick for Infrastructure Security

"PINE"

●​ P = Physical Security​
 ●​ I = Identity & Access Management (IAM)​

●​ N = Network Security​

●​ E = Encryption​

✍️ Exam Writing Tips

📌 2 Marks Sample Question:
Q: What is network security in cloud infrastructure?​
A: Network security involves protecting cloud networks using firewalls, intrusion detection
systems, and encryption protocols to ensure that unauthorized access and attacks are
prevented.

📌 5 Marks Answer Format:

1.​ Define Infrastructure Security​

2.​ Explain 2-3 key components (e.g., Network Security, IAM, Encryption)​

3.​ Describe common threats to infrastructure security (e.g., DDoS, data breaches)​

4.​ Provide a real-life example (e.g., AWS S3 breach)​

5.​ Wrap up with best practices (e.g., firewalls, backup plans, monitoring).​

📘 Multi-Tenancy Issues
✅ 1. Definition of Multi-Tenancy
🔹 Definition (English):
Multi-tenancy in cloud computing refers to an architecture where a single instance of a
software application serves multiple tenants. A tenant is typically a customer or organization
using the cloud service, and each tenant's data and configuration are logically isolated from
others.

🔹 Definition (Hinglish):
Multi-tenancy ka matlab hai ek aise architecture jahan ek hi software application ka instance
multiple tenants (alag-alag customers ya organizations) ko serve karta hai. Har tenant ka data
aur configuration ek dusre se logically isolated hota hai.

✅ 2. Types of Multi-Tenancy Architectures

Type of Multi-Tenancy Description

🏢 Shared Application, The application is shared by all tenants, but each tenant’s data
Isolated Data is kept separate and isolated.

🔒 Shared Application, Both the application and the data are shared among tenants.
Shared Data This is the most efficient model but requires careful data
management.

🛠️ Dedicated Each tenant has its own instance of the application, providing
Application for Each more control but sacrificing efficiency and increasing costs.
Tenant
✅ 3. Key Issues with Multi-Tenancy
🔸 (i) Data Isolation and Security
●​ Explanation: One of the most significant issues in multi-tenancy is ensuring that tenants'
data is properly isolated. If not, unauthorized access or leakage of data between tenants
could occur, violating privacy and security principles.​

●​ Example: A hacker gaining access to one tenant's database could potentially access all
other tenants' data if isolation isn't properly enforced.​

🔸 (ii) Data Integrity

●​ Explanation: Ensuring the integrity of data across different tenants is vital. If tenants are
not properly isolated, one tenant’s actions may inadvertently corrupt or affect the data of
others.​

●​ Example: A misconfigured database could cause one tenant's data to overwrite another
tenant's data.​

🔸 (iii) Performance Contention

●​ Explanation: In a multi-tenant cloud system, resources like CPU, memory, and
bandwidth are shared. If one tenant consumes too many resources, it can cause
performance degradation for other tenants.​

●​ Example: One tenant running resource-heavy processes may slow down services for
other tenants who are sharing the same physical server.​

🔸 (iv) Compliance and Legal Issues

●​ Explanation: Different tenants may be subject to different compliance regulations, which
can complicate data handling and security practices. Ensuring that all tenants comply
with relevant laws is a significant challenge.​

●​ Example: One tenant may need to comply with GDPR (General Data Protection
Regulation) while another might be subject to HIPAA (Health Insurance Portability and
Accountability Act), making it difficult to manage privacy requirements in a shared
environment.​
🔸 (v) Customization and Configuration Management
●​ Explanation: Providing customized configurations for each tenant, while maintaining the
integrity and performance of the shared environment, can be a complex challenge.​

●​ Example: One tenant may require custom security configurations, while another may
require specific features. Balancing these demands while ensuring system stability is
tricky.​

✅ 4. Strategies for Mitigating Multi-Tenancy Issues

🔸 (i) Data Encryption and Isolation
●​ Explanation: Encrypting data for each tenant ensures that even if the data is accessed
by unauthorized users, it remains unreadable. Logical isolation of data and access
control ensures that tenants cannot access each other’s data.​

●​ Example: Encrypting sensitive data using AES-256 encryption ensures that even if
data is accessed by an unauthorized tenant, it will be unreadable without the decryption
key.​

🔸 (ii) Quality of Service (QoS) and Resource Allocation

●​ Explanation: Implementing proper resource management and prioritization ensures that
tenants' services do not affect each other’s performance. Resource quotas and traffic
shaping can help prevent performance degradation.​

●​ Example: Using container orchestration tools like Kubernetes to allocate specific

resource limits (CPU, memory) to each tenant, preventing one tenant from overloading
the system.​

🔸 (iii) Role-Based Access Control (RBAC)

●​ Explanation: Implementing RBAC ensures that each tenant only has access to their
own data and services, preventing cross-tenant access or data leaks.​

●​ Example: For a cloud service like AWS, setting up roles and permissions ensures that
each tenant can access only their resources and configurations, minimizing the risk of
 unauthorized access.​

🔸 (iv) Compliance Auditing and Logging

●​ Explanation: Continuous auditing and logging of cloud infrastructure help ensure that
multi-tenancy environments are compliant with relevant regulations. These tools track
user activity, data access, and configuration changes.​

●​ Example: Tools like AWS CloudTrail can help in auditing tenant-specific access logs,
ensuring compliance with various laws and regulations.​

🔸 (v) Resource Monitoring and Load Balancing

●​ Explanation: Monitoring the system’s performance and implementing load balancing
techniques helps in managing resource contention and ensuring that no tenant’s
workload impacts others.​

●​ Example: Cloud services like Azure Load Balancer or AWS Elastic Load Balancer
can be used to ensure fair distribution of incoming traffic among tenants, preventing
resource monopolization.​

✅ 5. Real-life Example of Multi-Tenancy Issues

Example: Salesforce Data Breach (2019)

●​ What happened: In 2019, a misconfiguration in the multi-tenant architecture of

Salesforce led to a data breach, allowing unauthorized access to the data of one tenant.​

●​ Cause: Inadequate data isolation and misconfigured access controls allowed

attackers to access sensitive information across multiple tenants.​

●​ Lesson: Proper data isolation and access control mechanisms are essential in
multi-tenant environments to prevent cross-tenant data breaches.​

✅ 6. Best Practices for Managing Multi-Tenancy Issues

🔸 (i) Use Strong Data Encryption
●​ Encrypt both data at rest and in transit to ensure that each tenant’s data is protected and
cannot be accessed by other tenants.​

🔸 (ii) Implement RBAC and Fine-Grained Access Control

●​ Use Role-Based Access Control (RBAC) to ensure that each tenant can only access
their data and resources, thus maintaining data confidentiality.​

🔸 (iii) Establish Resource Quotas and Monitoring

●​ Use resource quotas to allocate a certain amount of cloud resources to each tenant
and monitor resource usage to avoid contention.​

🔸 (iv) Regular Audits and Compliance Checks

●​ Regularly audit tenant activities and ensure compliance with relevant regulations (GDPR,
HIPAA, etc.) to prevent legal complications.​

🔸 (v) Use of Virtualization and Containerization

●​ Virtualization and containerization technologies, such as Docker or VMware, help
isolate tenants' workloads, providing better control and security.​

✅ 7. Memory Trick for Multi-Tenancy Issues

"DIRTY"

●​ D = Data Isolation​

●​ I = Integrity (Data Integrity)​

●​ R = Resource Contention (Performance Issues)​

●​ T = Tenant Customization​
 ●​ Y = Yielding Compliance​

✍️ Exam Writing Tips

📌 2 Marks Sample Question:
Q: What is a multi-tenancy issue in cloud computing?​
A: A multi-tenancy issue occurs when tenants' data or resources are not properly isolated in a
shared environment, leading to risks like unauthorized access, data leakage, or performance
degradation.

📌 5 Marks Answer Format:

1.​ Define Multi-Tenancy​

2.​ Explain 2-3 major issues (e.g., data isolation, resource contention, compliance issues)​

3.​ Provide a real-life example (e.g., Salesforce data breach)​

4.​ Suggest strategies for mitigating these issues (e.g., encryption, RBAC, monitoring).​

📘 Difference Table for Security Types in Cloud

Computing
Security Type Scope Focus Security Example
Measures

🛡️ Protects Ensuring that the - Input validation- - OWASP Top 10

Application-L applications software or Authentication & vulnerabilities-
evel Security hosted on the application is Authorization- SQL Injection
cloud. free from Encryption- prevention
vulnerabilities Secure coding
that attackers practices
can exploit.
🔐 Data-Level Protects the Ensures that - Encryption - End-to-end
Security data stored and sensitive data is (AES, RSA)- encryption for
transferred in encrypted, stored Data Masking- banking
the cloud. securely, and Data transactions-
access is Tokenization- Data loss
controlled. Access Controls prevention
(DLP) tools in
cloud storage

🖥️ Virtual Protects the Prevents - Hypervisor - VM snapshots

Machine-Level virtual unauthorized security- for quick
Security machines access and Isolation of VMs- recovery- VM
running on the compromises of Patch isolation to
cloud. virtual machines Management- prevent
and their Access Control cross-tenant
underlying breaches
hypervisors.

🏢 Protects the Ensures that the - Physical - AWS Shield for

Infrastructure physical and resources Security DDoS protection-
Security virtual (hardware and (biometric Physical locks
infrastructure of network) are access, video and surveillance
the cloud secured against surveillance)- in cloud data
(servers, unauthorized Network centers
networks, data access, Security
centers). breaches, or (Firewalls, IDS)-
attacks. Access Control

Explanation of Key Differences:

1.​ Application-Level Security focuses on securing applications running on the cloud.

This involves practices like secure coding, authentication, and protection from common
attacks like SQL Injection or Cross-Site Scripting (XSS).​

2.​ Data-Level Security focuses on protecting data itself, whether at rest or in transit. The
focus is on ensuring encryption, preventing data leakage, and controlling access to
sensitive information.​

3.​ Virtual Machine-Level Security ensures that the virtual machines (VMs) running in
the cloud are secured. This involves isolating VMs, securing the hypervisor (the
software managing VMs), and ensuring that VMs don't interfere with each other,
especially in a multi-tenant environment.​
 4.​ Infrastructure Security protects the underlying hardware and network that hosts the
cloud services. This includes securing physical access to data centers, protecting the
network with firewalls and intrusion detection systems (IDS), and ensuring access to
resources is restricted and monitored.​

Real-life Example for Each Security Type:

●​ Application-Level Security:​
Example: A cloud-based application using OAuth for secure authentication and
preventing unauthorized access to sensitive user data.​

●​ Data-Level Security:​
Example: A healthcare service using end-to-end encryption to protect patient data
stored on cloud servers, ensuring only authorized users can access it.​

●​ Virtual Machine-Level Security:​

Example: In a cloud platform like AWS, virtual machines are isolated using security
groups and access control lists (ACLs), ensuring tenants cannot access each other's
VMs.​

●​ Infrastructure Security:​
Example: Google Cloud implements strict physical security measures at its data
centers, including biometric access and 24/7 surveillance to prevent unauthorized
access.​