Securing Cloud Infrastructure: Best Practices for Protecting Data and Applications |
||
|
|
|
© 2023 by IJCTT Journal | ||
Volume-71 Issue-6 |
||
Year of Publication : 2023 | ||
Authors : Anirudh Mustyala | ||
DOI : 10.14445/22312803/IJCTT-V71I6P113 |
How to Cite?
Anirudh Mustyala, "Securing Cloud Infrastructure: Best Practices for Protecting Data and Applications," International Journal of Computer Trends and Technology, vol. 71, no. 6, pp. 73-78, 2023. Crossref, https://doi.org/10.14445/22312803/IJCTT-V71I6P113
Abstract
Leveraging the cloud infrastructure allows businesses to access unlimited storage and innovative technology services. However, the prevalent cloud data and application security risks often cause financial losses, damaged reputation, data loss, and other unwanted consequences. This abstract provides an overview of cloud security infrastructure and examines recent cloud breaches. Also, it discusses the top cloud threats facing businesses today and presents best practices for securing cloud applications and data. The identified top cloud threats include misconfigurations, supply chain and third-party risks, multi-cloud sprawl, and granting users excessive permissions. To mitigate these risks, organizations need to adhere to various best practices. These include implementing identity and access management technologies, maintaining a comprehensive cloud security framework, and reducing cloud attack risks. Furthermore, securing cloud data requires effectively managing access privileges, encrypting all cloud data, ensuring compliance with necessary regulations, and conducting frequent security audits. Adopting these best practices enables businesses to enhance cloud security and protect sensitive data from potential breaches and unauthorized access.
Keywords
Cloud security, Cloud data security, Cloud data breaches, Cloud security best practices, Cloud application security, Cloud infrastructure security.
Reference
[1] Gartner Forecasts Worldwide Public Cloud End-User Spending to Reach Nearly $600 Billion in 2023. [Online]. Available: https://www.gartner.com/en/newsroom/press-releases/2023-04-19-gartner-forecasts-worldwide-public-cloud-end-user-spending-to-reach-nearly-600-billion-in-2023#:~:text=All%20segments%20of%20the%20cloud,%25%20(see%20Table%201).
[2] Ariel (Eli) Levite, and John Pendleton. Cloud Reassurance Project: Interim Report, 2023. [Online]. Available: https://carnegieendowment.org/publications/89927?utm_source=rss&utm_medium=rss
[3] Shaikh Ashapakh Sattar, “Security Issues in Cloud Services,” International Journal of New Technology and Research, vol. 2, no. 6, pp. 8-10, 2016.
[Publisher Link]
[4] Asif Iqbal et al., “Secure Data in Cloud on the Basis of Sensitivity,” Journal of Applied Environmental and Biological Sciences,”
[Google Scholar] [Publisher Link]
[5] Yunusa Simpa Abdulsalam, and Mustapha Hedabou, “Security and Privacy in Cloud Computing: Technical Review,” Future Internet, vol. 14, no. 1, pp. 1-27, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[6] Omar Ali et al., “Assessing Information Security Risks in the Cloud: A Case Study of Australian Local Government Authorities,” Government Information Quarterly, vol. 37, no. 1, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[7] What is Cloud Security? [Online]. Available: https://www.checkpoint.com/cyber-hub/cloud-security/what-is-cloud-security/
[8] Rakesh Kumar, and Rinkaj Goyal, “On Cloud Security Requirements, Threats, Vulnerabilities and Countermeasures: A Survey,” Computer Science Review, vol. 33, pp. 1-48, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[9] [Online]. Available: https://blog.leakix.net/2022/07/what-we-know-about-the-china-leak/
[10] Medibank Hackers Announce ‘Case Closed’ and Dump Huge Data File on Dark Web. [Online]. Available: https://www.theguardian.com/australia-news/2022/dec/01/medibank-hackers-announce-case-closed-and-dump-huge-data-file-on-dark-web
[11] [Online]. Available: https://ago.vermont.gov/wp-content/uploads/2022/02/2022-02-03-PUMA-North-America-Data-Breach-Notice-to-Consumers-ID-269612.pdf
[12] [Online]. Available: https://apps.web.maine.gov/online/aeviewer/ME/40/10394643-6f4e-49ff-884a-9977602932a9.shtml
[13] James Guffey, and Yanyan Li, “Cloud Service Misconfigurations: Emerging Threats, Enterprise Data Breaches and Solutions,” In 2023 IEEE 13th Annual Computing and Communication Workshop and Conference (CCWC), pp. 0806-0812, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[14] [Online]. Available: https://www.helpnetsecurity.com/2019/09/25/cloud-misconfiguration-incidents/
[15] 12K Misconfigured Elasticsearch Buckets Ravaged by Extortionists. [Online]. Available: https://www.darkreading.com/cloud/12k-misconfigured-elasticsearch-buckets-extortionists
[16] Investigation Regarding Misconfigured Microsoft Storage Location. [Online]. Available: https://msrc-blog.microsoft.com/2022/10/19/investigation-regarding-misconfigured-microsoft-storage-location-2/
[17] Zack Whittaker, Amazon Accidentally Exposed an Internal Server Packed with Prime Video Viewing Habits. [Online]. Available: https://techcrunch.com/2022/10/27/amazon-prime-video-server-exposed/
[18] ISBuzz Staff , Tequivity Cloud Server Compromise Leads to Uber Breached, Experts Reacted. [Online]. Available: https://informationsecuritybuzz.com/tequivity-cloud-server-compromise-leads-to-uber-breached-experts-reacted/
[19] [Online]. Available: https://thecyberexpress.com/uber-data-leak-cyber-attack-vendor-teqtivity/
[20] Josh Dreyfuss, How to Protect Your Cloud Environment from Supply Chain Attacks. [Online]. Available: https://www.wiz.io/blog/how-to-protect-your-cloud-environment-from-supply-chain-attacks
[21] Theresa Sobb et al., “Supply Chain 4.0: A Survey of Cyber Security Challenges, Solutions and Future Directions,” Electronics, vol. 9, no. 11, 1864.
[CrossRef] [Google Scholar] [Publisher Link]
[22] [Online]. Available: https://blog.neterra.cloud/en/%D0%B2%D0%BE%D0%B4%D0%B5%D1%89%D0%B8%D1%82%D0%B5- %D0%B7%D0%B0%D0%BF%D0%BB%D0%B0%D1%85%D0%B8-%D0%B7%D0%B0- %D0%BA%D0%BB%D0%B0%D1%83%D0%B4%D0%B0-%D1%81-%D0%BA%D0%BE%D0%B8%D1%82%D0%BE- %D1%82%D1%80%D1%8F/
[23] [Online]. Available: https://www.flexera.com/about-us/press-center/flexera-releases-2021-state-of-the-cloud-report
[24] [Online]. Available: https://www.sdxcentral.com/articles/news/nutanix-report-64-of-orgs-will-adopt-multi-cloud-within-3- years/2022/01/
[25] Rory Duncan, “A Multi-Cloud World Requires a Multi-Cloud Security Approach,” Computer Fraud & Security, vol. 2020, no. 5, pp. 11-12, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[26] Aamir Syed, Keerthana Purushotham, and Ganeshayya Shidaganti, “Cloud Storage Security Risks, Practices and Measures: A Review,” In 2020 IEEE International Conference for Innovation in Technology (INOCON, pp. 1-4, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[27] [Online]. Available: https://www.paloaltonetworks.com/resources/research/unit42-cloud-with-a-chance-of-entropy
[28] Mariana Carroll, Alta van der Merwe, and Paula Kotzé, “Secure Cloud Computing: Benefits, Risks and Controls,” 2011 Information Security for South Africa, pp. 1-9, 2011.
[CrossRef] [Google Scholar] [Publisher Link]