Securing Applications in the Cloud: Approaches & Tools

Instructor: Giorgos-Nektarios Panayotidis

George-Nektarios has worked as a tutor and student consultant for five years and has a 4-year university degree in Applied Informatics.

Is it completely safe for Cloud Service Providers (CSPs) to give consumer control over their resources? In this lesson, we will look into the possible Cloud app security threats and explain how Cloud app vulnerabilities are handled.

Ways to give up control over Cloud

Think of a person or legal entity which offers houses for rental. Any person with a few formalities - and (most importantly) the required cash - could go out and rent a house and then use it for illegal and/or unethical activities. These activities could inflict damage onto the property's walls or furniture or even - in an extreme case - cause the police to arrest the renter of the premises due to actions of nefarious intent.

Now, let the malicious tenant be replaced with the Cloud service consumer, the owner becomes the CSP and the premises is the Cloud infrastructure. In this way, we behold the conundrum faced by the Cloud Service Provider. Upping the pre-requisites for housing Cloud services isn't really an option for the CSP. Therefore, in this lesson, we will look into the basic threats related to this Cloud app problem and see how Cloud app vulnerabilities are tackled by the CSPs.

Cloud application threats

The most notorious Cloud application threats when passing control onto consumers are thought to be the following four ones.

Shadow IT

Shadow IT on the Cloud would be described as Cloud applications which have been deployed without the knowledge or the approval of the organization's Information Technology (IT) department; in the context of Cloud computing, this may imply all types of Cloud services, IaaS, PaaS and SaaS. The mere existence of Shadow IT is linked to security risks, which include the following:

  • Data security/encryption hazards
  • Data mobility (and lack of control on it)
  • Lack of appropriate specifications (service availability may be influenced)

Sensitive information

Sensitive information is a permanent nuisance in the context of the Cloud. In some architectures, the risk is even greater. Some of the dangers faced by CSPs concerning sensitive data security on the cloud are:

  • Sensitive data flow security

The use of strong encryption, such as Transport Layer Security (SSL/TLS) is advised.

  • Loss or leakage of sensitive enterprise data

A backup is required to store sensitive data and powerful encryption is needed in order to prevent sensitive data leaks.

  • Authorization breaches

Authorization breaches imply access without authorization to sensitive info. A proper user account management system should be established in order to avoid it. Research suggests an identity Management mechanism, which transcends traditional password protection.

Cyber threats and anomalies

Cyber threats are defined as conscious attempts by an individual of malicious intent to cause a breach to an organization's information security. In reality, cyber threats may be manifested as cyber theft of sensitive data, conduction of brute force attacks, installation of malware of all kinds and many more. To properly tackle such threats mean to establish a ''need-to-know'' basis for information access, to clearly establish roles and responsibilities, to avoid keeping grave application vulnerabilities unfixed etc.

Anomalies or anomalous events in an organization's vast column of everyday events (logins, edits, uploads etc.) are hard to trace; the events and transactions may exceed a few billions per month. Therefore, to perform such a task, that is, to detect and prevent such situations, one needs to use advanced techniques, such as machine learning (User and Entity Behavior Analytics).

Compliance assessment

Compliance is quite a tough issue these days. Compliance assessment can make it better though. Essentially, a CSP, apart from its own enterprise policy, needs to abide to a certain set of external rules imposed by law. Various types of legislation may restrict or completely prohibit a specific type of application to be deployed outside of the enterprise's cloud or in certain regions or countries. This is particularly frequent, when SaaS is to be used. To counter compliance failure, a CSP may use specific tools; pieces of software which are able to display whether cloud applications fulfill the criteria in order to be deployed. The assessment is carried out with regard to a specific (e.g., Europe's GDPR) or a multitude of regulations (HIPAA, PCI, SOC2, etc.).

To unlock this lesson you must be a Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use

Become a member and start learning now.
Become a Member  Back
What teachers are saying about
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account