Fortifying the Cloud: A Case Study on Best Practices for Securing Cloud Infrastructure

Varsha P. Desai¹ , Priyanka P. Shinde² , Kavita S. Oza³ , Rajanish K. Kamat⁴

Section:Survey Paper, Product Type: Journal-Paper
Vol.11 , Issue.6 , pp.53-60, Dec-2023

Online published on Dec 31, 2023

Copyright © Varsha P. Desai, Priyanka P. Shinde, Kavita S. Oza, Rajanish K. Kamat . This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
 

View this paper at   Google Scholar | DPI Digital Library

XML View     PDF Download

How to Cite this Paper

Abstract :
Cloud infrastructure is the current trend and need of the organization for agile business continuity and digital transformation. Scalability, remote work enablement, availability, cost efficiency, instant data backup and recovery are the foremost benefits of cloud deployment for organizations. The significant challenges in cloud adoption are the selection of cloud providers to identify security measures, performance metrics, compliance, and Service level agreement. CIS (Center for internet Security) controls enhance cloud security by providing security benchmarks, guidelines and best practices for cloud security management. Proper configuration and implementation of CIS control helps to mitigate cloud threats and security risks. This paper elaborates recommendations of CIS controls to secure cloud infrastructure from cyber threats for improving cloud security scores for organizations.

Key-Words / Index Term :
Cloud Security, IaaS, PaaS, Cloud Risks, Cloud Threats, Cloud Infrastructure, Cloud Computing, CIS Controls

References :
[1] A. B. Nassif, M. A. Talib, Q. Nasir, H. Albadani and F. M. Dakalbab, "Machine Learning for Cloud Security: A Systematic Review," in IEEE Access, vol. 9, pp. 20717-20735, 2021, doi: 10.1109/ACCESS.2021.3054129,..
[2] S. Sengupta, Kaulgud V., V. S. Sharma “Cloud computing security—Trends and research directions” in Proceedings of the 2011 IEEE World Congress on Services (SERVICES), Washington, DC, USA, pp. 524–531, 2011.
[3] Michael, Katina. “Securing the Cloud: Cloud Computer Security Techniques and Tactics.” Computers & Security, vol. 31, no. 4, , pp. 633 ,2012, https://doi.org/10.1016/j.cose.2012.03.00 6
[4]Mathkunti, Nivedita M. “Cloud Computing: Security Issues.” International Journal of Computer and Communication Engineering, vol. 3, no. 4, pp. 259–263, , 2014.
[5] Morshedi, Roya, et al. “Security Requirements and Security Threats in Layers Cloud and Security Issues Open Source Cloud.” International Journal of Computer Applications Technology and Research, vol. 5, no. 3, pp. 115–125, 2016, https://doi.org/10.7753/ijcatr0503.1001.
[6] Subashini, S., and V. Kavitha. “A Survey on Security Issues in Service Delivery Models of Cloud Computing.” Journal of Network and Computer Applications, vol. 34, no., pp. 1–11, 2011, https://doi.org/10.1016/j.jnca.2010.07.006.
[7] Rasheed, Hassan. “Data and Infrastructure Security Auditing in Cloud Computing Environments.” International Journal of Information Management, vol. 34, no. pp. 364–368, 2022, https://doi.org/10.1016/j.ijinfomgt.2013.11.002.
[8] Gonzales, Dan, et al. “Cloud-Trust—a Security Assessment Model for Infrastructure as a Service (IaaS) Clouds.” IEEE Transactions on Cloud Computing, vol. 5, no. 3, pp. 523–536, 2017, https://doi.org/10.1109/tcc.2015.2415794.
[9] Zissis, Dimitrios, and Dimitrios Lekkas. “Addressing Cloud Computing Security Issues.” Future Generation Computer Systems, vol. 28, no. 3, pp. 583–592, 2012, https://doi.org/10.1016/j.future.2010.12.006.
[10] Subashini, S., and V. Kavitha. “A Survey on Security Issues in Service Delivery Models of Cloud Computing.” Journal of Network and Computer Applications, vol. 34, no. 1, pp. 1–11, 2021, https://doi.org/10.1016/j.jnca.2010.07.006..
[11] Ahmed E Youssef, “A Framework for Cloud Security Risk Management based on the Business Objectives of Organizations” International Journal of Advanced Computer Science and Applications (IJACSA), Vo.10, Isuee: (12), 2019, http://dx.doi.org/10.14569/IJACSA.2019.0101226.
[12] Spanaki, K., Gürgüç, Z., Mulligan, C. and Lupu, E., "Organizational cloud security and control: a proactive approach", Information Technology & People, Vol. 32 No. 3, pp. 516-537, 2019, https://doi.org/10.1108/ITP-04-2017-0131.
[13] Zhao, Tiange, Tiago Gasiba, Ulrike Lechner, and Maria Pinto-Albuquerque. "Raising Awareness about Cloud Security in Industry through a Board Game" Information Vol. 12, Issue: 11,pp. 48, 2021, https://doi.org/10.3390/info12110482.
[14]Vaquero, L.M., Rodero-Merino, L. & Morán, D. Locking the sky: a survey on IaaS cloud security. Computing, PP. 93–118,2011. https://doi.org/10.1007/s00607-010-0140-x
[15] B. Hay, K. Nance and M. Bishop, "Storm Clouds Rising: Security Challenges for IaaS Cloud Computing," 2011 44th Hawaii International Conference on System Sciences, Kauai, HI, USA, 2011, pp. 1-7, doi: 10.1109/HICSS.2011.386.
[16] Dikaiakos, Marios D., et al. “Cloud Computing: Distributed Internet Computing for IT and Scientific Research.” IEEE Internet Computing, vol. 13, no. 5, pp. 10–13, 2019, https://doi.org/10.1109/mic.2009.103.
[17] Karadsheh, Louay. “Applying Security Policies and Service Level Agreement to IaaS Service Model to Enhance Security and Transition.” Computers & Security, vol. 31, no. 3, May 2012, pp. 315–326, 2012, https://doi.org/10.1016/j.cose.2012.01.003.
[18] I. K. Sahu and M. J. Nene, "Model for IaaS Security Model: MISP Framework," 2021 International Conference on Intelligent Technologies (CONIT), Hubli, India, pp. 1-6, , doi: 10.1109/CONIT51480.2021.9498375, 2021
[19] Ariffin, M. a. M., Ibrahim, M. F., & Kasiran, Z.. “API Vulnerabilities in Cloud Computing Platform: Attack and Detection. International Journal of Engineering Trends and Technology”,Vol.14,.202,2020,https://doi.org/10.14445/22315381/cati1pp
[20] Juliadotter, N. V., & Choo, K. R. (2015) ”Cloud attack and Risk Assessment Taxonom”. IEEE Cloud Computing, 2(1), 14–20, 2015, https://doi.org/10.1109/mcc.2.
[21] CIS Critical Security Controls (cisecurity.org) Implementation_Guide_for_ICS_using_the_CIS_Controls Accessed Accessed 11 March. 2023.