Cloud Computing Security

Cloud Security Threats

• Compliance weakness attacks target vulnerabilities in the legal, regulatory, and security standards applied to data stored and processed in the cloud.
• Man-in-the-Middle (MitM) Attacks occur when an attacker intercepts communication between two parties without their knowledge.
• Denial-of-Service (DoS) Attacks aim to make a network resource unavailable to its intended users.
• Zero-day Exploits threaten software vulnerabilities that are unknown to the software developer or vendor.

Cloud Security Risks

• Physical theft is not considered a cloud security risk.
• Misconfigurations make it difficult to gain oversight into all cloud assets.
• Malware, data breaches, and phishing are cloud security risks.

Cloud Service Models

• Understanding specific needs and requirements is a key consideration when selecting a cloud deployment and service model.

Cloud Security Controls

• Cloud Auditors conduct an impartial evaluation of cloud services and assess performance, security, and operations of the cloud implementation.
• Identity and access management, data loss prevention tools are technologies used to secure cloud environments.
• Zero-trust security models are recommended for enhanced protection in hybrid and multi-cloud environments.

Cloud Security Goals

• The main purpose of applying security policies, practices, and controls in cloud security is to prevent breaches and unauthorized access.
• The main goal of cloud architecture is to ensure reliability, scalability, and security.
• Cloud architecture best practices can ensure cost-effectiveness by optimizing computing resources.

Cloud Security Attacks

• Phishing Attacks are a common method used by attackers to trick individuals into providing sensitive information.
• Account compromise in cloud computing attacks can be carried out by exploiting vulnerabilities to gain access.
• Attackers can more easily gain authorized resources with compromised credentials or improper access control in cloud deployments.