Cloud security

 Cloud security 

 

What is the cloud? 

The cloud is a collection of servers that host software and infrastructure to people over the internet. It can also be used to access files in file servers across the internet. 

 

Cloud security 

Cloud security is a shared responsibility between the user and provider. Cloud security can be managed by controlling user access rights, encryption, managing security posture and safeguarding account security. 

 

Cloud security challenges 

    • Lack of visibility – It's easy to lose track of how user data is handled and accessed. 
    • Multitenancy – Public cloud environments share resources with other clients. This means that hosted services can get compromised by malicious users and hackers. 
    • Access management and shadow ITAdministrating access management controls can be difficult on a cloud level. 
    • Compliance – Regulatory compliance for cloud-based solutions can be confusing to abide by. 
    • Misconfigurations – Misconfigurations can cause breaches in cloud infrastructure and security. 

 

Robust cloud security factors 

    • Policy-based IAM and authentication controls. 
    • Zero-trust cloud network controls. 
    • Enforcement of virtual server protection policies. 
    • Safeguarding all applications with firewalls. 
    • Enhanced data protection. 
    • Threat intelligence that detects known and unknown threats in real time. 

 

Cloud security solutions 

    • Identity and access management (IAM) - These tools and services allow companies to deploy policy-based enforcement protocols across a cloud. 
    • Data loss prevention (DLP) - A set of tools designed to ensure the security of cloud data. 
    • Security information and event management (SIEM) - This is a threat monitoring and management system for cloud-based solutions. 
    • Business continuity and disaster recoveryIn the event of a data breach, a continuity and disaster recovery plan will be used to continue normal operations and protect data inside the cloud.

API security Code example in Python: 

from flask import Flask, request, jsonify 

from flask_jwt_extended import JWTManager, jwt_required, create_access_token 

from flask_cors import CORS 

from werkzeug.security import generate_password_hash, check_password_hash 

 

app = Flask(__name__) 

CORS(app) 

app.config['JWT_SECRET_KEY'] = 'your_super_secret_key_for_enterprise_app' 

jwt = JWTManager(app) 

 

# Simulated user data stored in a secure manner (e.g., a database) 

users = { 

    'user1': {'password_hash': generate_password_hash('password1')}, 

    'user2': {'password_hash': generate_password_hash('password2')} 

} 

 

# Simulated user roles (you might have a more elaborate role management system) 

user_roles = { 

    'user1': ['read_data'], 

    'user2': ['read_data', 'write_data'] 

} 

 

# Simulated data access control based on user roles 

protected_data = { 

    'data': 'This is sensitive information.' 

} 

 

@app.route('/api/login', methods=['POST']) 

def login(): 

    if not request.is_json: 

        return jsonify({"msg": "Missing JSON in request"}), 400 

 

    username = request.json.get('username', None) 

    password = request.json.get('password', None) 

 

    if username not in users or not check_password_hash(users[username]['password_hash'], password): 

        return jsonify({"msg": "Invalid credentials"}), 401 

 

    access_token = create_access_token(identity=username) 

    return jsonify(access_token=access_token), 200 

 

@app.route('/api/protected', methods=['GET']) 

@jwt_required() 

def protected(): 

    current_user = request.identity 

 

    # Check user roles to determine access to specific resources 

    if 'read_data' in user_roles.get(current_user, []): 

        return jsonify(logged_in_as=current_user, message=protected_data['data']), 200 

    else: 

        return jsonify({"msg": "Insufficient privileges"}), 403 

 

if __name__ == '__main__': 

    app.run(debug=True) 

Comments

Post a Comment

Popular posts from this blog

OSA Assignment 1 - Task 3 GUIDE

Image
  OSA Assignment 1 – Task 3 Guide     Exam parameters   Time length – 5 hours (2x 2 ½ sessions)   Marks available – 28     Task 3: Design – Communication Equipment   In this task you are required to submit :   A technical proposal covering the switches, wireless infrastructure and specifications   Justification of planned network architecture and considerations for security, resilience, performance and redundancy   Evidence print screens   Annotated floor plan/network diagram     Technical Proposal   The technical proposal in task 3 follows a similar format as task 2. It's another large document detailing the requirements and recommendations for the company. In task 3, however , it should discuss communication and other digital equipment such as switches, CCTV and APs.   You should recommend multiple hardware solutions and justify between them.   Here are some examples of tables and information ...
Read more

OSA Assignment 1 - Task 1 GUIDE

  OSA Assignment 1 – Task 1 Guide     Exam parameters   Time length – 3 hours   Marks available – 20     Task 1: Planning   In this task you are required to submit :   A project plan   Gantt chart showing th e critical path   Explanation of legal requirements   Physical and digital threat countermeasures   Annotated floor plan     Gantt Chart   The Gantt Chart is the first document you should create. This details each phase of the project alongside the timescale to complete it.   Ensure you make a note of the deadline for the project along with any pre-requisites such as cabling. This should all be implemented into your Gantt Chart.   You can follow a layout like this:   Project:   Pre considerations (Gathering project timescale, risk assessments, ...)   Planning (Devising project plan, identifying budget, ...)   Design (Research hardware, identify topology, ...)   Pre ...
Read more

OSA Summer 2023 Mock - Task 1, Assignment 1

Image
  OSA Summer 2023 Mock – Task 1           Legal requirements   The company must ensure they are compliant with the correct legislation whilst the project is undertaken.   If any person is working at height, the correct safety measures to prevent injury or death must be imposed under The Work at Height Regulations 2005. They must have an appropriate safety harness on and hazardous areas at height should be i dentified in the risk assessment.   By storing data internally on a local file server, the business is responsible for maintaining the confidentiality, availability and integrity of that data. They must comply with The Data Protection Act 2018 and General Data Protection Regulations.   Display screen equipment regulations (DSE) should be considered when installing workstations. Ergonomic and posture-friendly chairs should be installed and employees given appropriate breaks from working around screens.     Data p...
Read more