Cloud-Based Vulnerabilities | CompTIA Security+ SY0-601 | 1.6a

In this video you will learn about the basics of cloud-based computing such as: cloud services & cloud delivery models. In addition you will be learning about cloud-based vulnerabilities and how to mitigate cloud-based security issues.

Cloud Computing

Cloud computing is the on-demand availability of computer system resources, especially data storage and computing power, without direct active management by the user.[1]  Large clouds often have functions distributed over multiple locations, each location being a data center.  Cloud computing relies on sharing of resources to achieve coherence and typically using a “pay-as-you-go” model which can help in reducing capital expenses but may also lead to unexpected operating expenses for unaware users.[2]

Cloud Services

Cloud computing can be broken down into 3 main services:

  • Infrastructure as a Service (IaaS):  a form of cloud computing in which IT infrastructure is provided to end users through the Internet.  The IaaS vendor provides virtualization, storage, network, servers, & allows for customers to utilize/pay for resources when needed.
  • Software as a Service (SaaS):  a form of cloud computing that uses a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted.  SaaS applications are also known as web-based software, on-demand software and hosted software.
  • Platform as a Service (PaaS):  a form of cloud computing that provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching applications.

Cloud Delivery Models

Cloud computing comes in 4 general categories:

  • Private Cloud:  Defined as computing services offered over the Internet or a private internal network & only to select users instead of the general public.  Private cloud computing is considered to be more secure than public cloud computing.
  • Public Cloud:  Defined as computing services offered by 3rd-party providers over the public Internet, making them available to anyone who wants to use or purchase them.  They may be free or sold on-demand, allowing customers to pay only per usage for the CPU cycles, storage, or bandwidth they consume.
  • Hybrid Cloud:  A computing environment that combines public cloud & a private cloud by allowing data and applications to be shared between them.  When computing and processing demand fluctuates, hybrid cloud computing gives organizations the ability to seamlessly scale their on-premises infrastructure up to the public cloud to handle any overflow — without giving 3rd-party data centers access to the entirety of their data.
  • Community Cloud:  A collaborative effort in which infrastructure is shared between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc), whether managed internally or by a 3rd-party and hosted internally or externally.  This is controlled and used by a group of organizations that have shared interest.  The costs are spread over fewer users than a public cloud (but more than a private cloud), so only some of the cost savings potential of cloud computing are realized.

Cloud-Based Vulnerabilities

There are a myriad of vulnerabilities that can impact cloud computing such as:[3]

  • Lack of privacy
  • Lack of accountability
  • Improper authentication
  • Lack of administrative control
  • Data sensitivity & integrity problems
  • Data segregation issues
  • Location of data & data recovery problems
  • Malicious insider attacks
  • Bug exploitation
  • Lack of investigative support when there is a problem
  • Questionable long-term viability

Ways to Mitigate Cloud-Based Security Issues

Way to mitigate cloud-based security issues include the following:[3]

  • Complex passwords:  apply standard password best practices such as:  a minimum of 10 characters, upper & lower case, numbers & special characters.
  • Powerful authentication methods:  utilize multi-factor authentication (MFA).
  • Strong cloud data access policies:  define which users have access to exactly what resources and when they are allowed to have access to them.
  • Encryption:  apply encryption on individual files & full disk encryption.
  • Standardization of programming:  the way applications are planned, designed, programmed, & run on the cloud should all be standardized from one platform to the next, from one programmer to the next, in addition to standardizing how testing is conducted in regards to input validation, fuzzing, and known, unknown, & partially known environments.
  • Protect the data:  protect all data on SANs (storage area networks), general cloud storage & big data.  Keep detailed documentation up to date of what is stored and where it is stored.  Implement cloud-based security controls such as:  deterrent controls to prevent tampering, preventative controls to increase security strength of system, corrective controls to reduce effects of data tampering, & detective controls to detect attacks in real time.

References

  1. Montazeroghaem, A.; Yaghmaee, M.H.; Leon-Garcia, A. (2020). Green Cloud Multimedia Networking: NFV/SDN Based Energy-Efficient Resource Allocation. IEEE.
  2. Wray, J. (2014). Where’s The Rub: Cloud Computing’s Hidden Costs. Forbes.
  3. Santos, O.; Taylor, R.; Mlodziannowski, J. CompTIA Security+ SY0-601 Cert Guide.