Analyze the Data security in cloud computing.

What is cloud data security? Benefits and solutions

Cloud data security is the practice of protecting data and other digital information assets from
security threats, human error, and insider threats. It leverages technology, policies, and processes to
keep your data confidential and still accessible to those who need it in cloud-based environments.

Cloud computing delivers many benefits, allowing you to access data from any device via an internet
connection to reduce the chance of data loss during outages or incidents and improve scalability and
agility. At the same time, many organizations remain hesitant to migrate sensitive data to the cloud
as they struggle to understand their security options and meet regulatory demands.

Understanding how to secure cloud data remains one of the biggest obstacles to overcome as
organizations transition from building and managing on-premises data centers. So, what is data
security in the cloud? How is your data protected? And what cloud data security best practices should
you follow to ensure cloud-based data assets are secure and protected?

Read on to learn more about cloud data security benefits and challenges, how it works, and
how Google Cloud enables companies to detect, investigate, and stop threats across cloud, on-
premises, and hybrid deployments.

Cloud data security defined

Cloud data security protects data that is stored (at rest) or moving in and out of the cloud (in
motion) from security threats, unauthorized access, theft, and corruption. It relies on
physical security, technology tools, access management and controls, and organizational
policies.
Why companies need cloud security

Today, we’re living in the era of big data, with companies generating, collecting, and storing vast
amounts of data by the second, ranging from highly confidential business or personal customer data
to less sensitive data like behavioral and marketing analytics.

Beyond the growing volumes of data that companies need to be able to access, manage, and analyze,
organizations are adopting cloud services to help them achieve more agility and faster times to
market, and to support increasingly remote or hybrid workforces.

The traditional network perimeter is fast disappearing, and security teams are realizing that they need
to rethink current and past approaches when it comes to securing cloud data. With data and
applications no longer living inside your data center and more people than ever working outside a
physical office, companies must solve how to protect data and manage access to that data as it
moves across and through multiple environments.

Data privacy, integrity, and accessibility

Cloud data security best practices follow the same guiding principles of information security
and data governance:
 • Data confidentiality: Data can only be accessed or modified by authorized people or
processes. In other words, you need to ensure your organization’s data is kept private.

• Data integrity: Data is trustworthy—in other words, it is accurate, authentic, and reliable. The
key here is to implement policies or measures that prevent your data from being tampered
with or deleted.

• Data availability: While you want to stop unauthorized access, data still needs to be available
and accessible to authorized people and processes when it’s needed. You’ll need to ensure
continuous uptime and keep systems, networks, and devices running smoothly.

Often referred to as the CIA triad, these three broad pillars represent the core concepts that form the
basis of strong, effective security infrastructure—or any organization’s security program. Any attack,
vulnerability, or other security incident will likely violate one (or more) of these principles. This is why
security professionals use this framework to evaluate potential risk to an organization’s data assets.

What are the challenges of cloud data security?

As more data and applications move out of a central data center and away from traditional security
mechanisms and infrastructure, the higher the risk of exposure becomes. While many of the
foundational elements of on-premises data security remain, they must be adapted to the cloud.

Common challenges with data protection in cloud or hybrid environments include:

• Lack of visibility. Companies don’t know where all their data and applications live and what
assets are in their inventory.

• Less control. Since data and apps are hosted on third-party infrastructure, they have less
control over how data is accessed and shared.

• Confusion over shared responsibility. Companies and cloud providers share cloud security
responsibilities, which can lead to gaps in coverage if duties and tasks are not well
understood or defined.

• Inconsistent coverage. Many businesses are finding multicloud and hybrid cloud to better
suit their business needs, but different providers offer varying levels of coverage and
capabilities that can deliver inconsistent protection.

• Growing cybersecurity threats. Cloud databases and cloud data storage make ideal targets
for online criminals looking for a big payday, especially as companies are still educating
themselves about data handling and management in the cloud.

• Strict compliance requirements. Organizations are under pressure to comply with stringent
data protection and privacy regulations, which require enforcing security policies across
multiple environments and demonstrating strong data governance.

• Distributed data storage. Storing data on international servers can deliver lower latency and
more flexibility. Still, it can also raise data sovereignty issues that might not be problematic if
you were operating in your own data center.
What are the benefits of cloud data security?
Greater visibility
Strong cloud data security measures allow you to maintain visibility into the inner workings of your cloud,
namely what data assets you have and where they live, who is using your cloud services, and the kind of data
they are accessing.
Easy backups and recovery
Cloud data security can offer a number of solutions and features to help automate and standardize backups,
freeing your teams from monitoring manual backups and troubleshooting problems. Cloud-based disaster
recovery also lets you restore and recover data and applications in minutes.
Cloud data compliance
Robust cloud data security programs are designed to meet compliance obligations, including knowing where
data is stored, who can access it, how it’s processed, and how it’s protected. Cloud data loss prevention (DLP)
can help you easily discover, classify, and de-identify sensitive data to reduce the risk of violations.
Data encryption
Organizations need to be able to protect sensitive data whenever and wherever it goes. Cloud service
providers help you tackle secure cloud data transfer, storage, and sharing by implementing several layers of
advanced encryption for securing cloud data, both in transit and at rest.
Lower costs
Cloud data security reduces total cost of ownership (TCO) and the administrative and management burden of
cloud data security. In addition, cloud providers offer the latest security features and tools, making it easier for
security professionals to do their jobs with automation, streamlined integration, and continuous alerting.
Advanced incident detection and response
An advantage of cloud data security is that providers invest in cutting-edge AI technologies and built-in
security analytics that help you automatically scan for suspicious activity to identify and respond to security
incidents quickly.
Who is responsible for securing your data?

Cloud providers and customers share responsibility for cloud security. The exact breakdown of
responsibilities will depend on your deployment and whether you choose IaaS, PaaS, or SaaS as your
cloud computing service model.

In general, a cloud provider takes responsibility for the security of the cloud itself, and you are
responsible for securing anything inside of the cloud, such as data, user identities, and their access
privileges (identity and access management).

At Google Cloud, we follow a shared fate model. That means we are active partners in ensuring our
customers deploy securely on our platform. We can help you implement best practices by offering
secure-by-default configurations, blueprints, policy hierarchies, and advanced security features to help
develop security consistency across your platforms and tools.

What it means to be compliant

Being compliant in the context of the cloud requires that any services and systems protect data
privacy according to legal standards and regulations for data protection, data sovereignty, or data
localization laws. Certain industries, such as healthcare or financial services, will also have an
additional set of laws that come with mandatory guidelines and security protocols that will need to be
followed.

That’s why it’s important to consider cloud service providers and evaluate their cloud security
carefully. Reputable cloud service providers will not only strive to ensure their own services and
platforms are compliant but should also be willing to collaborate with you directly to understand and
address your specific regulatory and risk management needs.
Virtual Machine Security in Cloud
1. The term “Virtualized Security,” sometimes known as “security virtualization,” describes security
solutions that are software-based and created to operate in a virtualized IT environment.
2. This is distinct from conventional hardware-based network security, which is static and is supported
by equipment like conventional switches, routers, and firewalls.
3. Virtualized security is flexible and adaptive, in contrast to hardware-based security. It can be deployed
anywhere on the network and is frequently cloud-based so it is not bound to a specific device.
4. In Cloud Computing, where operators construct workloads and applications on-demand, virtualized
security enables security services and functions to move around with those on-demand-created
workloads.
5. This is crucial for virtual machine security. It’s crucial to protect virtualized security in cloud computing
technologies such as isolating multitenant setups in public cloud settings.
6. Because data and workloads move around a complex ecosystem including several providers,
virtualized security’s flexibility is useful for securing hybrid and multi-cloud settings.

Types of Hypervisors

Type-1 Hypervisors
Its functions are on unmanaged systems. Type 1 hypervisors include Lynx Secure, RTS Hypervisor,
Oracle VM, Sun xVM Server, and Virtual Logic VLX. Since they are placed on bare systems, type 1
hypervisor do not have any host operating systems.

Type-2 Hypervisor
It is a software interface that simulates the hardware that a system typically communicates with. Examples
of Type 2 hypervisors include containers, KVM, Microsoft Hyper V, VMWare Fusion, Virtual Server
2005 R2, Windows Virtual PC, and VMware workstation 6.0.

Type I Virtualization
In this design, the Virtual Machine Monitor (VMM) sits directly above the hardware and eavesdrops on
all interactions between the VMs and the hardware. On top of the VMM is a management VM that handles
other guest VM management and handles the majority of a hardware connections. The Xen system is a
common illustration of this kind of virtualization design.

Type II virtualization
In these architectures, like VMware Player, allow for the operation of the VMM as an application within the
host operating system (OS). I/O drivers and guest VM management are the responsibilities of the host OS.

Service Provider Security

The system’s virtualization hardware shouldn’t be physically accessible to anyone not authorized. Each VM
can be given an access control that can only be established through the Hypervisor in order to safeguard it
against unwanted access by Cloud administrators. The three fundamental tenets of access control, identity,
authentication, and authorization, will prevent unauthorized data and system components from being
accessed by administrators.

Hypervisor Security
The Hypervisor’s code integrity is protected via a technology called Hyper safe. Securing the write-
protected memory pages, expands the hypervisor implementation and prohibits coding changes. By
restricting access to its code, it defends the Hypervisor from control-flow hijacking threats. The only way
to carry out a VM Escape assault is through a local physical setting. Therefore, insider assaults must be
prevented in the physical Cloud environment. Additionally, the host OS and the interaction between the
guest machines need to be configured properly.
Virtual Machine Security
The administrator must set up a program or application that prevents virtual machines from consuming
additional resources without permission. Additionally, a lightweight process that gathers logs from the VMs
and monitors them in real-time to repair any VM tampering must operate on a Virtual Machine. Best
security procedures must be used to harden the guest OS and any running applications. These procedures
include setting up firewalls, host intrusion prevention systems (HIPS), anti-virus and anti-spyware
programmers, online application protection, and log monitoring in guest operating systems.

Guest Image Security

A policy to control the creation, use, storage, and deletion of images must be in place for organizations that
use virtualization. To find viruses, worms, spyware, and rootkits that hide from security software running
in a guest OS, image files must be analyzed.

Benefits of Virtualized Security

Virtualized security is now practically required to meet the intricate security requirements of a virtualized
network, and it is also more adaptable and effective than traditional physical security.
• Cost-Effectiveness: Cloud computing’s virtual machine security enables businesses to keep
their networks secure without having to significantly raise their expenditures on pricey
proprietary hardware. Usage-based pricing for cloud-based virtualized security services can
result in significant savings for businesses that manage their resources effectively.
• Flexibility: It is essential in a virtualized environment that security operations can follow
workloads wherever they go. A company is able to profit fully from virtualization while
simultaneously maintaining data security thanks to the protection it offers across various data
centers, in multi-cloud, and hybrid-cloud environments.
• Operational Efficiency: Virtualized security can be deployed more quickly and easily than
hardware-based security because it doesn’t require IT, teams, to set up and configure several
hardware appliances. Instead, they may quickly scale security systems by setting them up
using centralized software. Security-related duties can be automated when security
technology is used, which frees up more time for IT employees.
• Regulatory Compliance: Virtual machine security in cloud computing is a requirement for
enterprises that need to maintain regulatory compliance because traditional hardware-based
security is static and unable to keep up with the demands of a virtualized network.

Virtualization Machine Security Challenges

• As we previously covered, buffer overflows are a common component of classical network
attacks. Trojan horses, worms, spyware, rootkits, and DoS attacks are examples of
malware.
• In a cloud context, more recent assaults might be caused via VM rootkits, hypervisor malware,
or guest hopping and hijacking. Man-in-the-middle attacks against VM migrations are another
form of attack. Typically, passwords or sensitive information are stolen during passive attacks.
Active attacks could alter the kernel’s data structures, seriously harming cloud servers.
• HIDS or NIDS are both types of IDSs. To supervise and check the execution of code, use
programmed shepherding. The RIO dynamic optimization infrastructure, the v Safe and v
Shield tools from VMware, security compliance for hypervisors, and Intel vPro technology are
some further protective solutions.

Four Steps to ensure VM Security in Cloud Computing

Protect Hosted Elements by Segregation

To secure virtual machines in cloud computing, the first step is to segregate the newly hosted components.
Let’s take an example where three features that are now running on an edge device may be placed in the
cloud either as part of a private subnetwork that is invisible or as part of the service data plane, with
addresses that are accessible to network users.
All Components are Tested and Reviewed
Before allowing virtual features and functions to be implemented, you must confirm that they comply with
security standards as step two of cloud-virtual security. Virtual networking is subject to outside attacks,
which can be dangerous, but insider attacks can be disastrous. When a feature with a backdoor security
flaw is added to a service, it becomes a part of the infrastructure of the service and is far more likely to have
unprotected attack paths to other infrastructure pieces.

Separate Management APIs to Protect the Network

The third step is to isolate service from infrastructure management and orchestration. Because they are
created to regulate features, functions, and service behaviors, management APIs will always pose a
significant risk. All such APIs should be protected, but the ones that keep an eye on infrastructure
components that service users should never access must also be protected.

Keep Connections Secure and Separate

The fourth and last aspect of cloud virtual network security is to make sure that connections between
tenants or services do not cross over into virtual networks. Virtual Networking is a fantastic approach
to building quick connections to scaled or redeployed features, but each time a modification is made
to the virtual network, it’s possible that an accidental connection will be made between two distinct
services, tenants, or feature/function deployments. A data plane leak, a link between the actual user
networks, or a management or control leak could result from this, allowing one user to affect the service
provided to another.