Skip to content

JA7. Cloud Computing Experience

Statement

In this unit, we discussed the various types of cyber threats to cloud computing. To reflect on what you have learned, answer each of the following questions:

  • Describe what was the most interesting facts about cyber threats to cloud computing you learned in this unit.
  • Think about reasons why you noticed these facts, your impression, your plans for further exploration of cyber threats to cloud computing.
  • Describe your personal experience with cloud computing and user data protection.

Solution

Task 1: Describe what was the most interesting facts about cyber threats to cloud computing you learned in this unit.

  • By 2023, the value of the public cloud market is expected to reach +$623.3 billion and 94% of enterprises use cloud (Galov, 2021). The number was surprising to me as it is very big and I was not expecting that, which makes learning about cloud security more important.
  • Private clouds, which are clouds that are owned by a single organization, either by creating its own data centers or renting an entire data centers from a cloud provider. I thought that all clouds are public, but I learned that there are private and hybrid clouds as well.
  • I thought that cloud computing only includes infrastructure as a service (IaaS), but in theory most customers use software as a service (SaaS) and platform as a service (PaaS) as you always spin up a virtual machine with full operating system and the cloud provider software already installed.
  • Some customers build their own platform/software on top of the provider’s default one and sell it to other customers; which created a new business model of provide partners or resellers.
  • Compliance is different from security; an organization can be compliant with all the regulations, but still be vulnerable to attacks (Microsoft Security, 2020).
  • An organization can not declare itself compliant, it has to be audited and certified by a trusted third-party entity.
  • Data is stored on the provider’s premises somewhere, but we don’t know where exactly; this raises the issue of what will happen to the data if the provider goes out of business (Hashmi, Ranjan, & Anand, 2018).
  • Moving to the cloud is like addiction; the more you rely on one provider, the more costly it is to move away; thus most cloud providers have attractive offers at the beginning (for the first year or two of the organization age), and then they increase the price; but there is no way out.

Task 2 + 3: Personal experience with cloud computing and user data protection + Think about reasons why you noticed these facts, your impression, your plans for further exploration of cyber threats to cloud computing

I work extensively with the cloud, I worked as software engineer for 5 years in different organizations (mostly start ups), and all of them were cloud-based. The most popular cloud provider is AWS which I used 30+ of their services, including computing, storage, databases, networking, IAM management, serverless, microservices, and many more.

First of all, during development I need to prove my identity to the cloud provider using my company email using single sing on (SSO) which grant me access to company’s cloud resources on the web or through the command line. I learned that each application is a separate entity and the provider’s Identity Access Management (IAM) service is responsible for managing the relationship between these entities on a role-based access control (RBAC) model which can be configured with a few lines of code. To start deploying anything on the cloud you need create a virtual private cloud (VPC) which is a cloud partition that you only can access; and you can place Subnets and Security Groups within that VPC.

For managing users we use Cognito which is a Federated User Store that saved me from the heavy load of implementing authentication/authorization logic; the user logs in through the Cognito which gives him a JSON Web Token (JWT) that he can use to access the application. When the user interacts with any of our applications; the application sends the JWT to the Cognito to verify the user identity and what access rights do they claim.

Removing a user or an employee is as easy as deleing their record on the federated identify store, all of their access to all applications (even the ones that we forgot about) will be revoked immediately.

I can not imagine life without cloud as it was there since my first day as a software engineer; however, this encourages me to learn more about cloud security and how to protect user data as data leaks are the most common type of cyber attacks on cloud, and they are usually caused by misconfiguration due to human errors.

References