**5. Conclusion**

*Cloud Computing Security - Concepts and Practice*

behaviors.

users or these resources can be used for some illegitimate use for illicit purpose like mining crypto-currency, automated click trailing, brute-force attacks for security breach by intruders and while the customer foots the bill. The bill could be substantially high as activities like mining requires huge resources. Attackers may use the clouds exceptional storage capacity to store and propagate malware and illicit activities like sharing of pirated software, books, videos or music and invites legal consequences in intellectual copyright fines and settlements which can be even more cost prohibitive. Furthermore, complexity of cloud service implementation aids intruders to hide and remain undercover for prolonged period of time and such unnoticed threats, risks and vulnerabilities poses more challenges for legitimate service provider and user. To restrain the nefarious use and abuse of cloud services and mitigate the risks posed by cloud service usage one must have to procuring security technology for actively monitoring cloud infrastructure usage and devise proper security guidelines which define what are the legitimate and appropriate behavior and what leads to abuses and methods of detecting such

It is imperative to formulate a strong cloud security strategy, regulations and risk management policy should be devise before making mind to migrating to cloud provider for various services instead of simply lift and shift without any due diligence. Mostly many organizations are bound by and force to comply with certain rules, regulations and law of land of origin and these compliances should be center point for overall security policy. Sensitive health data, private student data, personal financial data, proprietary intellectual property data, research data and confidential business logics constitutes different category of data which are typically migrated to cloud for various services and mostly protections of these data are cover under respective apex authorities or commission and infringement of any kind will invite the formidable fine and penalties. Security architectures and framework must be aligns with the underlying business goals and objectives. Cloud provider being third party, upon agreeing to provide the services, also become liable for extending the appropriate security measures as weak security can lead to

The moment organization decides to migrate the assets and operation to the cloud, it starts losing the overall visibility and control over those assets. The ability to decide, visualize and analyze whether the services offered by clouds are safe or malicious, decides the degree of visibility of cloud usage. Even though organizations are hiring the services of cloud provider, still it is imperative on their part to perform analysis and run time monitoring. To enhance the cloud visibility and thus mitigate the risk, it is crucial to develop comprehensive solution that brings people, process and technology at one common place and elucidate accepted cloud usage policies to each and every stack holder. Otherwise lack of awareness about organizations governance controls and policies may results in placing sensitive data in public access and compromising the cloud containers by inappropriate setup of cloud services. Thus lack of governance, lack of security and lack of awareness leads to catastrophic risk. Installing firewall, implementing organization wide zero-trust model, run time analysis of outbound activities and keeping track of anomalies are some of the measures which will be helpful in restraining the suspicious behaviors

**4.11 Lack of cloud security strategy/regulatory violations**

financial loss, reputational damage, legal repercussions, and fines.

**4.12 Limited cloud usage visibility**

and mitigating the overall risk.

**10**

Cloud is new buzzword and evolving at a phenomenal speed, even in the context of the fast-moving IT sector and becoming increasingly in demand around the world. As it evolves, lack of faith in the security features imparted by cloud is cited as main barriers and concerns which discourage users putting their confidential data into this faceless nebulous and intangible entity known as the cloud. Information security and data protection are the two main concerns which stand in the way of a wider deployment and acceptance of cloud. Over a passage of time, most powerful security standards are emerging and constantly evolving aiming to overcome many of these challenges. Clearly, there are both challenges and opportunities with the cloud and due to the economics of scale, a cloud provider are opting for a dedicated team of security specialists and cloud data centers have physical protection on par with military installations thus able to provide vastly better security procedures, physical protection than any small or medium-sized enterprise. In summary, as with each new technology, Cloud is a double-edge sword and clearly there are both challenges and opportunities with the cloud.
