Cloud Security Interview Questions and Answers

Cloud security provides multiple levels of controls within the network infrastructure in order to provide continuity and protection for cloud-based assets like websites and web applications. Whether in a public or private cloud, businesses need to balance DDoS protection, high availability, data security, and regulatory compliance in their cloud security provider.

Centralized security: Just as cloud computing centralizes applications and data, cloud security centralizes protection. Cloud-based business networks consist of numerous devices and endpoints. Managing these entities centrally enhances traffic analysis and filtering, streamlines the monitoring of network events and results in fewer software and policy updates. Disaster recovery plans can also be implemented and actioned easily when they are managed in one place.

Reduced costs: One of the benefits of utilizing cloud storage and security is that it eliminates the need to invest in dedicated hardware. Not only does this reduce capital expenditure, but it also reduces administrative overheads. Where once IT teams were fire fighting security issues reactively, cloud security delivers proactive security features that offer protection 24/7 with little or no human intervention.

Reduced Administration: When you choose a reputable cloud services provider or cloud security platform, you can kiss goodbye to manual security configurations and almost constant security updates. These tasks can have a massive drain on resources, but when you move them to the cloud, all security administration happens in one place and is fully managed on your behalf.

Reliability: Cloud services offer the ultimate in dependability. With the right cloud security measures in place, users can safely access data and applications within the cloud no matter where they are or what device they are using.

• Data Breaches
• Weak Identity, Credential and Access Management
• Insecure Application Programming Interfaces (APIs)
• System and Application Vulnerabilities
• Account Hijacking
• Malicious Insiders
• Advanced Persistent Threats (APTs)
• Data Loss
• Insufficient Due Diligence
• Abuse and Nefarious Use of Cloud Services
• Denial of Service
• Shared Technology Issues

Utility computing allows the user to pay only for what they are using. It is a plug-in managed by an organization which decides what type of services has to be deployed from the cloud. Most organizations prefer hybrid strategy.

 EUCALYPTUS stands for Elastic Utility Computing Architecture For Linking Your Programs To Useful Systems”

There are a total of five main security laws that are generally implemented. They are:

• Validation of input: The input data is controlled.
• Backup and security: The data is secured and stored and thus controls data breaches.
• Output reconciliation: The data is controlled which is to be reconciled from input to output.
• Processing: The data which is processed correctly and completely I an application, is controlled.

It is the computing based on the internet. Here, the internet is used to process and deliver the services to the users as and when required. Several companies are resorting to cloud computing now in order to fulfill the needs of the customers, business leaders or providers.

Cloud architecture is the combination of both components along with the subcomponents that are required for cloud computing.

Both the front end and back end platforms are there which include the clients, mobile device, server, and storage in all. Other than these, a network and a cloud-based delivery are also there.

There are five layers of cloud architecture, and they are as follows:

• Cloud Controller (CLC)
• Storage Controller (SC)
• Node Controller (NC)
• Cluster Controller
• Walrus

API is Application Programming Interface. It is a very useful component in cloud platforms. It is used in the following ways:

• It instructs the communication between one or more applications.
• It allows the creation of applications in an easy manner, along with the linking of cloud services with other systems.
• It also eliminates the need for writing the full programs.

A hypervisor is a virtual machine monitor. It helps in the management of virtual machines. Generally, there are two types of hypervisors. They are:

Type 1 – in this case, the guest VM directly runs over the host hardware.

Type 2 – in this case, the guest VM runs over the hardware through a host operating system.

The Windows Azure Operating System is specifically used in order to run the applications on the Windows Azure Platform. The OS consists of all the necessary prerequisites for running the applications and hosting them on the cloud. The operating system is known to provide development of services before they are deployed on the Windows Azure in the cloud.

This infrastructure provides the storage and networking components to cloud networking. It relies heavily on application programming interfaces (APIs) to allow enterprises to manage and interact with the cloud. However, cloud APIs tend to be insecure as they’re open and readily accessible on the network. The CSP handles the security of the infrastructure and the abstraction layers. The enterprise’s security obligations include the rest of the stack, including the applications.

Deploying network packet brokers (NPB) in an IaaS environment provides the visibility into security issues within a cloud network. NPB’s direct traffic and data to the appropriate network performance management (NPM) and security tools.  Along with deploying NPB to gather wire data, enterprises should log wires to view issues occurring at the endpoints in a network.

IaaS cloud computing service models require these additional security features:

• Virtual web application firewalls placed in front of a website to protect against malware.
• Virtual network-based firewalls located at the cloud network’s edge that guards the perimeter.
• Virtual routers
• Intrusion Detection Systems and Intrusion Prevention Systems (IDS/IPS)
• Network segmentation

SaaS centrally hosts software and data that are accessible via a browser. The enterprise normally negotiates with the CSP the terms of security ownership in a legal contract.

Cloud Access Security Brokers (CASB) play a central role in discovering security issues within a SaaS cloud service model as it logs, audits, provides access control, and oftentimes includes encryption capabilities.

Other security features for the SaaS cloud environment include:

• Logging
• IP restrictions
• API gateways

CSA defines PaaS as the “deployment of applications without the cost and complexity of buying and managing the underlying hardware and software and provisioning hosting capabilities.”

The CSP secures a majority of a PaaS cloud service model. However, the security of applications rests with the enterprise. The essential components to secure the PaaS cloud include:

• Logging
• IP restrictions
• API gateways
• CASB

Source: Sdxcentral

Cloud security is now the fastest growing service that provides many functionalities such as IT security models. This helps protect business-critical information from theft, data leakage, and deletion. One of the advantages of cloud services is that you can operate on a scale, but still remain safe and secure. In a similar way to how you manage traditional security, now you have a new style of delivering all security solutions, addressing many areas of concern. Cloud security does not change how to manage data security by preventing detective controls and corrective actions. However, it gives you the ability to make all the activities in the agilest manner. Your data is secured within data centers and some countries may require the data to be saved in their country. Selecting a provider that has different data centers around the world can help satisfy such requirements.

• Security Architecture
• Identity and Access Management
• Data Protection
• Governance
• Risk Management
• Compliance
• Availability

The Cloud Security Alliance Cloud Controls Matrix is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider. The CSA CCM provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. The foundations of the Cloud Security Alliance Controls Matrix rest on its customized relationship to other industry-accepted security standards, regulations, and controls frameworks such as the ISO 27001/27002, ISACA COBIT, PCI, NIST, Jericho Forum and NERC CIP and will augment or provide internal control direction for service organization control reports attestations provided by cloud providers.