UNIT

Cloud Security
6
6.1 Cloud Security Fundamentals
6.2 Privacy and Security in Cloud
6.3 Cloud Security Architecture
6.4 Identity Management and Access Control
6.5 Cloud Computing Security Challenges
6.6 Case Study based on Cloud Computing Concepts
6.7 Shared Responsibility Model
6.8 Introduction to Docker Container

Introduction:
It refers to a broad set of policies, technologies, and controls deployed to protect data, applications,
and the associated infrastructure of cloud computing.

Cloud computing and storage solutions provide users and enterprises with various capabilities to
store and process their data in third-party data centers. Organizations use the Cloud in a variety of
different service models (SaaS, PaaS, and IaaS) and deployment models (Private, Public, Hybrid,
and Community). There are a number of security concerns associated with cloud computing.

These issues fall into two broad categories: security issues faced by cloud providers
(organizations providing software-, platform-, or infrastructure-as-a-service via the cloud) and
security issues faced by their customers (companies or organizations who host applications or
store data on the cloud).

The responsibility is shared, however. The provider must ensure that their infrastructure is secure
and that their clients’ data and applications are protected, while the user must take measures to
fortify their application and use strong passwords and authentication measures.

6.1 Cloud Security Fundamentals:

When an organization elects to store data or host applications on the public cloud, it loses its ability
to have physical access to the servers hosting its information. As a result, potentially sensitive data
is at risk from insider attacks.

According to a recent Cloud Security Alliance Report, insider attacks are the sixth biggest threat
in cloud computing. Therefore, Cloud Service providers must ensure that thorough background

Page | 61
checks are conducted for employees who have physical access to the servers in the data center.
Additionally, data centers must be frequently monitored for suspicious activity.

Security in cloud computing is a major concern. Data in cloud should be stored in encrypted form.
To restrict client from accessing the shared data directly, proxy and brokerage services should be
employed.
A) Security Planning:
Before deploying a particular resource to cloud, one should need to analyze several aspects of
the resource such as:
 Select resource that needs to move to the cloud and analyze its sensitivity to risk.
 Consider cloud service models such as IaaS, PaaS, and SaaS. These models require
customer to be responsible for security at different levels of service.
 Consider the cloud type to be used such as public, private, community or hybrid.
 Understand the cloud service provider's system about data storage and its transfer into and
out of the cloud.
 The risk in cloud deployment mainly depends upon the service models and cloud types.

B) Understanding Data Security:

Since all the data is transferred using Internet, data security is of major concern in the cloud.
Here are key mechanisms for protecting data.
 Access Control
 Auditing
 Authentication
 Authorization
All of the service models should incorporate security mechanism operating in all above-
mentioned areas.

C) Cloud security controls:

Cloud security architecture is effective only if the correct defensive implementations are in
place. An efficient cloud security architecture should recognize the issues that will arise with
security management. The security management addresses these issues with security
controls. These controls are put in place to safeguard any weaknesses in the system and
reduce the effect of an attack. While there are many types of controls behind a cloud security
architecture, they can usually be found in one of the following categories:
a) Deterrent controls: These controls are intended to reduce attacks on a cloud system.
Much like a warning sign on a fence or a property, deterrent controls typically reduce the
threat level by informing potential attackers that there will be adverse consequences for
them if they proceed. (Some consider them a subset of preventive controls.)
b) Preventive controls: Preventive controls strengthen the system against incidents,
generally by reducing if not actually eliminating vulnerabilities. Strong authentication of
cloud users, for instance, makes it less likely that unauthorized users can access cloud
systems, and more likely that cloud users are positively identified.
c) Detective controls: Detective controls are intended to detect and react appropriately to
any incidents that occur. In the event of an attack, a detective control will signal the
preventative or corrective controls to address the issue. System and network security
monitoring, including intrusion detection and prevention arrangements, are typically

Page | 62
 employed to detect attacks on cloud systems and the supporting communications
infrastructure.
d) Corrective controls: Corrective controls reduce the consequences of an incident, normally
by limiting the damage. They come into effect during or after an incident. Restoring system
backups in order to rebuild a compromised system is an example of a corrective control.

D) Fundamental security terms relevant to cloud computing:

a) Confidentiality: Confidentiality is the characteristic of something being made
accessible only to authorized parties. Within cloud environments, confidentiality
primarily pertains to restricting access to data in transit and storage.
b) Integrity: Integrity is the characteristic of not having been altered by an unauthorized
party. An important issue that concerns data integrity in the cloud is whether a cloud
consumer can be guaranteed that the data it transmits to a cloud service matches the
data received by that cloud service. Integrity can extend to how data is stored,
processed, and retrieved by cloud services and cloud-based IT resources.
c) Authenticity: Authenticity is the characteristic of something having been provided by
an authorized source. This concept encompasses non-repudiation, which is the inability
of a party to deny or challenge the authentication of an interaction. Authentication in
non-repudiable interactions provides proof that these interactions are uniquely linked to
an authorized source. For example, a user may not be able to access a non-repudiable
file after its receipt without also generating a record of this access.
d) Availability: Availability is the characteristic of being accessible and usable during a
specified time period. In typical cloud environments, the availability of cloud services
can be a responsibility that is shared by the cloud provider and the cloud carrier. The
availability of a cloud-based solution that extends to cloud service consumers is further
shared by the cloud consumer.
e) Threat: A threat is a potential security violation that can challenge defenses in an
attempt to breach privacy and/or cause harm. Both manually and automatically
instigated threats are designed to exploit known weaknesses, also referred to as
vulnerabilities. A threat that is carried out results in an attack.
f) Vulnerability: Vulnerability is a weakness that can be exploited either because it is
protected by insufficient security controls, or because existing security controls are
overcome by an attack. IT resource vulnerabilities can have a range of causes,
including configuration deficiencies, security policy weaknesses, user errors, hardware
or firmware flaws, software bugs, and poor security architecture.
g) Risk: Risk is the possibility of loss or harm arising from performing an activity. Risk is
typically measured according to its threat level and the number of possible or known
vulnerabilities. Two metrics that can be used to determine risk for an IT resource are:
 The probability of a threat occurring to exploit vulnerabilities in the IT resource
 The expectation of loss upon the IT resource being compromised
h) Security Controls: Security controls are countermeasures used to prevent or respond
to security threats and to reduce or avoid risk. Details on how to use security
countermeasures are typically outlined in the security policy, which contains a set of
rules and practices specifying how to implement a system, service, or security plan for
maximum protection of sensitive and critical IT resources.

Page | 63
 i) Security Mechanisms: Countermeasures are typically described in terms of security
mechanisms, which are components comprising a defensive framework that protects IT
resources, information, and services.
j) Security Policies: A security policy establishes a set of security rules and regulations.
Often, security policies will further define how these rules and regulations are
implemented and enforced. For example, the positioning and usage of security controls
and mechanisms can be determined by security policies.

Vulnerability Assessment Tool for Cloud:

a) Antimalware: Antimalware tools are specifically designed to detect and remove harmful
viruses and Trojans from infected machines. Malware is used to either steal personal
information from the owner or to take control of certain aspects of the machine and utilize
the resources.
b) Rootkit detectors: Rootkit detectors are designed to find rootkits, which are programs,
which by nature hide themselves from the operating system and by extension the user.
Rootkits can intentionally leave openings through which malware can enter and corrupt the
machine.
c) Vulnerability exploitation tools: Vulnerability exploitation tools are made to systematically
seek out and attack vulnerabilities on a target machine. This means they will attempt to use
potential vulnerabilities to take control of a machine and give control to an attacker.
d) Vulnerability scanners: Vulnerability scanners search machines for potentially harmful
vulnerabilities where an attacker or program could potentially attack and exploit the
machine. They are designed to alert the user as to where they need to patch in order to
best protect their resources.
e) Tested Technologies: NetRecon, BindView Corp.'s HackerShield, eEye Digital Security's
Retina, Internet Security Systems' Internet Scanner, Network Associates' CyberCop
Scanner, and two open-source products: Nessus Security Scanner and Security
Administrator's Research Assistant (SARA) on five platforms (Hewlett-Packard Co. HP-UX,
Microsoft Windows NT, Novell NetWare, Red Hat Linux and Sun Microsystems Solaris).

Cloud Vulnerability and Protection:

A) Cloud Vulnerability Examples
 Obama Twitter Account
o Attacker observed Obama (and other celebrities). Noted things like sayings Obama
liked, such as name of his dog bo.
o Guess twitter account password based on that
 Sony Play station Attack
o 77 Million user accounts compromised
o A lot of user data was unencrypted
o Main criticism of Sony was lack of transparency and delay informing users
 CEO Aaron Barr stated he would reveal Anonymous member.
 A custom written CMS application was exploited and the usernames/passwords were
dumped from the users table.
 The passwords were hashed with MD5 but not salted so simple rainbow tables cracked
some of the passwords.
 The CEO and COO had passwords were six lower-case letters and two numbers.

Page | 64
  Same passwords were used in Google, Twitter, and LinkedIn. Now the attackers had
access to the CMS plus other applications like email.
 The CEO's was the admin for their Google Apps Mail services. By resetting users
passwords, could gain access.

B) Vulnerability Vs Protection:
Vulnerability Protection
SQL Injection: Attacker runs own SQL Parameterized queries
XSS: Attacker exploits no escaping of Escape all entrusted data
input parameters to run script in user's
browser, e.g. Send session Id to attacker
Broken authentication and session Use hardened and centralized
management authentication system. Step up
authentication
Indirect Object Reference: Attacker Map indirect to direct values on
changes a parameter to object the server. Access control checks.
attacker isn’t authorized for.

Insecure API Access: Attacker exploits Use trusted security protocols

flaws in API access possibly through
partner application
Malware: Attacker exploits public cloud Detection software
to distribute malware
Password protection: Weak password Consider user in password policy.
policy and flawed password reset
Security Patches: Attacker exploits un Ensure patches applied in provider
patched security vulnerabilities

6.2 Cloud Security Architecture:

Security in cloud computing is a major concern. Proxy and brokerage services should be
employed to restrict a client from accessing the shared data directly. Data in the cloud should be
stored in encrypted form.

Security Planning:
Before deploying a particular resource to the cloud, one should need to analyze several aspects of
the resource, such as:
 A select resource needs to move to the cloud and analyze its sensitivity to risk.
 Consider cloud service models such as IaaS, PaaS,and These models require the customer to
be responsible for Security at different service levels.
 Consider the cloud type, such as public, private, community, or
 Understand the cloud service provider's system regarding data storage and its transfer into and
out of the cloud.
 The risk in cloud deployment mainly depends upon the service models and cloud types.

Page | 65
 Fig.6.1: Cloud Security Architecture (CSA) model
Security Boundaries: The Cloud Security Alliance (CSA) stack model defines the boundaries
between each service model and shows how different functional units relate. A particular service
model defines the boundary between the service provider's responsibilities and the customer. The
following diagram shows the CSA stack model:

Key Points to Cloud Security Architecture Model:

 IaaS is the most basic level of service with PaaS and SaaS next two above levels of
services.
 Moving upwards, each of the service inherits capabilities and security concerns of the
model beneath.
 IaaS provides the infrastructure, PaaS provides platform development environment, and
SaaS provides operating environment.
 IaaS has the least level of integrated functionalities and integrated security while SaaS has
the most.
 This model describes the security boundaries at which cloud service provider's
responsibilities end and the customer's responsibilities begin.
 Any security mechanism below the security boundary must be built into the system and
should be maintained by the customer.

Although each service model has security mechanism, the security needs also depend upon
where these services are located, in private, public, hybrid or community cloud.

Cloud security architecture describes all the hardware and technologies designed to protect data,
workloads, and systems within cloud platforms.
Page | 66
Cloud Security Core Capabilities:
Secure cloud computing architecture encompasses three core capabilities: confidentiality, integrity,
and availability.

1. Confidentiality is the ability to keep information secret and unreadable to the people who
shouldn’t have access to that data, such as attackers or people inside an organization without
the proper access level. Confidentiality also includes privacy and trust, or when a business
pledges secrecy in handling their customers’ data.

2. Integrity is the idea that the systems and applications are exactly what you expect them to be,
and function exactly as you expect them to function. If a system or application has been
compromised to produce an unknown, unexpected, or misleading output, this can lead to
losses.

3. Availability is the third capability and is generally the least considered by cloud architects.
Availability speaks to denial-of-service (DoS) attacks.

Secure Cloud Computing in Practice:

 Encryption protects text and data by translating it into ciphers that only authorized parties have
the ability to decipher, access, and edit.
 Firmware resilience is about helping to prevent attacks to the firmware layer but also includes
recovering from an attack and restoring the system back to a known good state.
 Establishing a root of trust includes boot integrity, which helps protect the system from malware
injections during system startup.
 Secure systems are designed to isolate virtual machines (VMs), containers, data, and
applications from each other as a key best practice.

6.3 Privacy and Security in Cloud:

A) Good Security Practices in Cloud Computing Environment
a) Protection against Internal and External Threats: Security monitoring services help to
improve the effectiveness of the security infrastructure of a customer by actively analyzing
logs and alerts from infrastructure devices around the clock and in real time.
b) Early Detection: An early detection service detects and reports new security vulnerabilities
shortly after they appear. Generally, the threats are correlated with third party sources, and
an alert or report is issued to customers. Security vulnerability reports, aside from
containing a detailed description of the vulnerability and the platforms affected.
c) Platform, Control, and Services Monitoring: Platform, control, and services monitoring is
often implemented as a dashboard interface and makes it possible to know the operational
status of the platform being monitored at any time. It is accessible from a web interface,
making remote access possible. This service aids in determining which elements may be
operating at or near capacity or beyond the limits of established parameters. By detecting
and identifying such problems, preventive measures can be taken to prevent loss of
service.
d) Intelligent Log Centralization and Analysis: Intelligent log centralization and analysis is a
monitoring solution based mainly on the correlation and matching of log entries. Such
analysis helps to establish a baseline of operational performance and provides an index of
security threat. Alarms can be raised in the event an incident moves the established
baseline parameters beyond a stipulated threshold. These types of sophisticated tools are
used by a team of security experts who are responsible for incident response once such a

Page | 67
 threshold has been crossed and the threat has generated an alarm or warning picked up by
security analysts monitoring the systems.
e) Vulnerabilities Detection and Management: Vulnerabilities detection and management
enables automated verification and management of the security level of information
systems.
f) Continuous System Patching/Upgrade and Fortification: Security posture is enhanced
with continuous system patching and upgrading of systems and application software. New
patches, updates, and service packs for the equipment’s operating system are necessary to
maintain adequate security levels and support new versions of installed products.
g) Intervention, Forensics, and Help Desk Services: Quick intervention when a threat is
detected is crucial to mitigating the effects of a threat. This requires security engineers with
ample knowledge in the various technologies and with the ability to support applications as
well as infrastructures on a 24/7 basis.
B) Ensuring Privacy in Cloud Computing Environment
Privacy protection in cloud computing environment is less of a technical issue and more of a
policy and legal issue. Policies are required to be framed to conform to the legal framework
protecting the privacy of individual and organizations. Policies have to empower people to
control the collection, use, and distribution of their personal information. A very good framework
on privacy protection is given by the Safe Harbor privacy principles5 developed by the U.S.
Department of Commerce and the European Commission. It is based on 7 principles. These
principles must provide:
 Notice - Individuals must be informed that their data is being collected and about how it will
be used.
 Choice - Individuals must have the ability to opt out of the collection and forward transfer of
the data to third parties.
 Onward Transfer - Transfers of data to third parties may only occur to other organizations
that follow adequate data protection principles.
 Security - Reasonable efforts must be made to prevent loss of collected information.
 Data Integrity - Data must be relevant and reliable for the purpose it was collected for.
 Access - Individuals must be able to access information held about them, and correct or
delete it if it is inaccurate.
 Enforcement - There must be effective means of enforcing these rules.
These tenets provide a framework for the development of privacy principles developed by
major organizations across the world, which guide the use and management of customer and
partner information. Therefore, some of the key issues while framing a suitable policy could be
as given below-
a) Accountability – In handling personal information by the cloud provider and with the
vendors and partners
b) Notice – to individuals about how the personal information is collected, used, retained and
disclosed to third parties.
c) Collection – of personal information from the individuals only for the purposes specified in
the privacy notice and acceptable to the individual.
d) Choice and consent - for individuals regarding how the cloud provider collects, uses, and
discloses their personal information. The individual should be given a choice to accept or
opt out.
e) Use and retention - of personal information in accordance with the privacy notice and
consent that individuals have provided. Individuals should be given adequate information
on how the data will be used and for how long it will be retained.
f) Disclosure or onward transfer – of personal information to vendors and partners only for
purposes that are identified in the privacy notice, and in a secured manner to avoid
leakage in transit.
Page | 68
 g) Quality assurance - steps to ensure that personal information in the records is accurate
and relevant to the purposes for which it was collected.
h) Access - for individuals who want to inquire about and, when appropriate, review and
update their personal information in the cloud provider’s possession. Individuals should
have the choice to correct the information in case of errors.
i) Enhanced security - of personal information to help protect against unauthorized access
and use. Only authorized users to have access to the data and also to ensure that they
are adequately isolated from each other.
j) Monitoring and enforcement – of compliance with the privacy policies, both internally
and with the vendors and partners, along with established processes to address inquiries,
complaints, and disputes.
6.4 Identity Management and Access Control:
A) Managing Identities in Cloud: General Identity Management considerations
 Initial identity verification, federated identities: Decide which makes sense
 Password complexity rules, expiration period, password reuse
 User roles defined with access entitlements: Some users should have less privileged
access based on role
 System access granted, periodically reviewed, and revoked based on business need
 Access is logged, accountability maintained: Required to trace for any anomalies
 Identify and resolve separation of duties conflicts:
 Strong authentication and encryption of remote administration
 Monitor privileged access: Should ensure business need for this and access regularly
B) Different Approaches for providing Cloud identity
 Users get new Identity for each Cloud Provider
 Users login to their intranet and identity passed to cloud provider (federated identity)
 User identity passed between Cloud providers
 User provides other services with access to Cloud Provider resources e.g. Flickr photos
shared with facebook account.
 Federating Identity and Single Sign On

6.5 Cloud Computing Security Challenges:

Cloud computing, an emergent technology, has placed many challenges in different aspects of
data and information handling. Some of these are shown in the following diagram:

Security and
Privacy

Reliability and
Availability Portability

Security
Challenges

Computing
Performance Interoperability

Fig.6.2: Cloud computing security challenges

Page | 69
1. Security and Privacy: Security and Privacy of information is the biggest challenge to cloud
computing. Security and privacy issues can be overcome by employing encryption, security
hardware and security applications.
2. Portability: This is another challenge to cloud computing that applications should easily be
migrated from one cloud provider to another. There must not be vendor lock-in. However, it is
not yet made possible because each of the cloud provider uses different standard languages
for their platforms.
3. Interoperability: It means the application on one platform should be able to incorporate
services from the other platforms. It is made possible via web services, but developing such
web services is very complex.
4. Computing Performance: Data intensive applications on cloud requires high network
bandwidth, which results in high cost. Low bandwidth does not meet the desired computing
performance of cloud application.
5. Reliability and Availability: It is necessary for cloud systems to be reliable and robust
because most of the businesses are now becoming dependent on services provided by third-
party.

6.6 Case Study based on Cloud Computing Concepts

Real-World Success Stories Using SaaS:
Case Study 1: Food Manufacturer
Scenario
 Needed to find more economical HR and payroll applications
 Wanted additional functionality and better customer service
Initial concerns
 Security (particularly data privacy)
 Uptime/performance
 Newness of vendor/newness of technology
Results
 IT believes data is more secure than ever.
 Good uptime, performance, and customer service
 Agility and rapid upgrade cycles
Remaining concerns
 Some integration issues
 Developers are getting pulled in many directions.
Pricing model
 Quarterly subscription fees based on headcount

Case Study 2: Financial Services Provider

Scenario
 Looking to get everything on a single platform with enterprise resource planning
(ERP) solution
 Looking for better reporting capabilities
 Wanted reduced IT dependence
Initial concerns
Page | 70
  Disaster recovery/business continuity
 Uptime Initial concerns
Results
 Lower upfront costs
 Greater end user visibility and usability
 Better customization of workflows and processes
Remaining concerns
 Organizational change has been a challenge.
 Disaster recovery/business continuity is still a concern.
Pricing model
 Ongoing subscription pricing model; three-year contract

Case Study 3: Retail Company

Scenario
 Needed support from an integration standpoint
 Wanted quick implementation
Initial concerns
 Financial backing and resources of small vendors
Results
 Satisfied with cost savings
 Strong customer service and relationship management
 Strong analytical capabilities
Remaining concerns
 Will the vendor have enough resources for integration support?
Pricing model
Fixed price based on number of integrations; one-year contract

Case Study: Deploying SaaS-Based ERP

Organization: Koji Motoyoshi
This research summarizes how Olympus implemented a software as a service (SaaS)-
based enterprise resource planning (ERP) system provided by NetSuite. Organizations
that need to establish a management foundation quickly in overseas subsidiaries, while
reinforcing IT governance, should pay attention to the approach, key success factors
and lessons learned.
Key Findings
If an organization needs a management foundation that supports ERP functions, such
as finance and purchasing, in a situation where time and resources are extremely
limited, and if basic features for small or midsize businesses (SMBs) are sufficient, then
a SaaS-based ERP could prove effective. But, in such a situation, localization
requirements based on local laws and regulations could be a risk factor that could delay
the planned schedule. Since multi-tenant SaaS-based ERP is based on a single global
system accessed through the Internet, it can be used to strengthen an organization's IT
governance if planning, implementation and management at each location are driven by

Page | 71
the organization's headquarters.
Recommendations
Enterprises that need to build a management foundation promptly, without local IT
infrastructure professionals, as part of preparation for a global business rollout while
reinforcing IT governance should consider implementing a SaaS-based ERP system.
To maximize the benefits from a SaaS-based ERP system for an SMB — that is, a
shorter time to delivery and lower initial capital investment — it is important to be
prepared to be satisfied with restricted functionalities and minimum vendor support.
Actively consider the responsibilities associated with the choice made by users. Perform
independent planning and take the necessary steps driven by the user organization.
Localization requirements based on local laws and regulations which need additional
customization should be examined with scrupulous care in advance.

6.7 Shared Responsibility Model:

Security and Compliance is a shared responsibility between AWS and the customer.
AWS responsibility “Security of the Cloud” - AWS is responsible for protecting the infrastructure
that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the
hardware, software, networking, and facilities that run AWS Cloud services.
Customer responsibility “Security in the Cloud” – Customer responsibility will be determined by
the AWS Cloud services that a customer selects. This determines the amount of configuration work
the customer must perform as part of their security responsibilities. For example, a service such as
Amazon Elastic Compute Cloud (Amazon EC2) is categorized as Infrastructure as a Service (IaaS)
and, as such, requires the customer to perform all of the necessary security configuration and
management tasks.

Fig: Shared Responsibility Model

Page | 72
6.8 Introduction to Docker Container:

A container is a standard unit of software that packages up code and all its dependencies so the
application runs quickly and reliably from one computing environment to another.

A Docker container image is a lightweight, standalone, executable package of software that

includes everything needed to run an application: code, runtime, system tools, system libraries and
settings.

Use containers to Build, Share and Run your applications

Fig. Docker Container

Available for both Linux and Windows-based applications, containerized software will always run
the same, regardless of the infrastructure. Containers isolate software from its environment and
ensure that it works uniformly despite differences for instance between development and staging.

Docker containers that run on Docker Engine:

1. Standard: Docker created the industry standard for containers, so they could be portable
anywhere
2. Lightweight: Containers share the machine’s OS system kernel and therefore do not require
an OS per application, driving higher server efficiencies and reducing server and licensing
costs
3. Secure: Applications are safer in containers and Docker provides the strongest default
isolation capabilities in the industry
Virtual Machines Containers

Heavyweight Lightweight
Startup times in minutes In milliseconds
Each VM runs in its own OS All Containers share host OS

Page | 73
 Hardware level virtualization OS virtualization
Allocates required memory Requires less memory space
Isolate Systems Isolates Applications
Difficult to maintain Easy to maintain
Ex. Vmware, VirtualBox, KVM Ex. Linux container, Docker, Windows

Experts predict that Containers are not replacing virtual machines, but rather
complementing them

Page | 74
 Review Questions

Q.1. Answers the following questions: (2 Marks)

a. Define the Cloud Security.
b. Define the Cloud Vulnerability
c. What are the Vulnerability Assessment Tools for cloud
d. What is Cloud Security Architecture

Q.2. Answers the following questions: (5 Marks)

Write a short note on
a. Docker Container
b. Cloud Security Control
c. Cloud Computing Security Challenges
d. Cloud Security Architecture
e. Cloud Privacy and Security
f. Identity and Access Control

Q.3. Answers the following questions: (10 Marks)

1. Define the Cloud Security? Explain the Cloud Fundamentals in details.
2. Define the Cloud Vulnerability and Protection.
3. Explain Cloud Security Architecture and Features in detail.
4. Define the Cloud Security? Explain Cloud Security challenges.

Page | 75