**2. Literature review**

Cloud computing security keeps on changing as new technologies emerge. Services provided by the three basic cloud service models, which are infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS), give more outbreak to exploit such state-of-the-art models. As the cloud expands, so does its vulnerabilities [2]. It is the hosting providers or administrators duty to ensure that these vulnerabilities are kept on patching up as new threats arise. One must always be on the look for any threats coming their way towards the cloud servers. If such threats enter the cloud, it could be devastating for the cloud hosting providers and even the cloud servers itself. We as human beings need to keep in mind that a person who wants to get the data for their benefit or even for fun purposes [3] creates those threats. There are certain software programmed and integrated to the cloud server to automatically mitigate a certain level of threat, and an example is a web application firewall (Barracuda).

Stated in the research paper regarding a study on security model in cloud computing, we vastly agree to the statements stated such as the security being a real-time obstacle of the everlasting picture and foundation of cloud computing [4]. Furthermore, this research will now move towards focusing on the security aspect and its services shown by cloud computing itself as keeping in mind the increasing need for security in the cloud as we see a new day moving forward in our daily lives.

This paper starts with cloud identity access management as the first level of cloud computing security service that we identified based on various researches conducted. Whenever a user has established the connection to the cloud, the user will need to login and access the cloud resources in order to drive forward the idea of hosting applications, websites or even doing online sales securely through a secure login tunnel. This has to be fully done by successful authentication and authorization to avoid loss of data and identity being manipulated which could lead to unwanted access to the cloud system [5].

The need to have identified information in this case, which related to identity access management itself, first needs to be synchronized so that there are no conflicts when identifying the cloud user [6]. One needs to keep in mind there are many users who have the same name although their username can differentiate the users and their level of access. For user information to be synced properly, the old user data will need to be checked if there are any, which were used previously, and it should not match with the new data. Such scenarios occur when a user cancels their online subscription to a cloud host provider and comes back after a few years wanting to again host their applications on the cloud [7]. This reflects on mostly public clouds. This can also be hinted at a private cloud when the administrator permanently deletes the user's data, which in this case is the user's login and registration details to focus on. A hacker can pose as a new user and easily gain access to the cloud system if he/she is able to manipulate the registration and other details.

**15**

*Cloud Computing Security Services to Mitigate DDoS Attacks*

rized party, should be allowed to modify data in the cloud [9].

cloud server and deleting the files and folders [10].

its job on the storage server leading to data loss [11].

eventually grow to a virus or Trojan to inflict the damage.

will become the administrator's responsibility.

This can happen when the administrator is adding a new identity to the system, and if the administrator is not careful, the system does not identify old data. This will lead to an identity within the cloud system that will gain access to certain module level-based information because the identity has not been synced and verified with real time updates [8]. Another issue could be confidentiality, which focuses only on authorized access to cloud data; an authentication that is related to checking of the received data to be from a legit source and integrity, which relates to only autho-

Building trust in cloud computing services may help prevent data loss to some extent, but it does not guarantee it. The cloud server needs to be equipped with state-of-the-art hardware and software in order to prevent such issue. This service protects data from being lost based on the rules deployed on cloud servers. Data can be lost in various ways such as the hacker sends a malicious file, which infects the

Data storage repository must be secured enough to handle such attacks although the level of attacks varies from high to low and each attack is to be considered no matter which level that threat is. Suppose a low level of threat occurs in the cloud server where that data is stored and the administrator does not take any action to fix the issue or just ignores it thinking that it is a small issue, it could multiply and do

Securing the storage in the cloud is very important where the storage or based in geographical location or not, but at the end of the day, the storage repository is linked to a network and that is enough information for an advanced hacker to easily delete the data by entering into the system from just a small script which will

If the administrators are not monitoring such scenarios, that virus can do the damage to the storage server. In such cases, it may send a lot of traffic request to the storage server, and this can result in overload. Such case is mostly described as denial of service attacks. With DoS attacks, the server will notice a change in traffic load coming in, and if there are no intelligent applications installed in the server to mitigate, there could be serious implications. These attacks can corrupt data, delete data, and data loss. This is a common issue faced by a lot of users, which ultimately

We noticed a virus spread across the globe called WannaCry, which is a ransomware virus where it locks down your computer system and asks for money in order to unlock the affected system. This type of attacks can lead to data loss as well. Supposedly, this threat can affect the data stored in the cloud server, which is definitely huge on a threat level. Microsoft had to realize patches for their operating systems in order to prevent such attacks. This results in a lot of distress around the globe and was one of most talked about attacks. It not only inflicts damage to the affected system, but it also has the ability to destroy the data itself, which is stored in any system [9]. One must be very careful of such attacks if not then data loss is inevitable. Such attacks are a wake-up call for cloud system, which does not have any type of data loss prevention techniques implemented, and if such techniques are implemented, then the administration must map out ways to block or to prevent data being lost. Therefore, security rules need to be in place to avoid customers from

being frustrated with one of the major issues, which are data loss [4].

Web security plays a vital role as well in clouds. While the servers are hosted in clouds, websites and applications are also hosted in it which combines the functionality to work with cloud resources and deliver as expected to customers. Protection against virus and malware nowadays is very common as new types of such threats emerge almost every day. In cloud, all folders are synchronized at all times as the

*DOI: http://dx.doi.org/10.5772/intechopen.92683*

#### *Cloud Computing Security Services to Mitigate DDoS Attacks DOI: http://dx.doi.org/10.5772/intechopen.92683*

*Cloud Computing Security - Concepts and Practice*

an example is a web application firewall (Barracuda).

to unwanted access to the cloud system [5].

Cloud computing security keeps on changing as new technologies emerge. Services provided by the three basic cloud service models, which are infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS), give more outbreak to exploit such state-of-the-art models. As the cloud expands, so does its vulnerabilities [2]. It is the hosting providers or administrators duty to ensure that these vulnerabilities are kept on patching up as new threats arise. One must always be on the look for any threats coming their way towards the cloud servers. If such threats enter the cloud, it could be devastating for the cloud hosting providers and even the cloud servers itself. We as human beings need to keep in mind that a person who wants to get the data for their benefit or even for fun purposes [3] creates those threats. There are certain software programmed and integrated to the cloud server to automatically mitigate a certain level of threat, and

Stated in the research paper regarding a study on security model in cloud computing, we vastly agree to the statements stated such as the security being a real-time obstacle of the everlasting picture and foundation of cloud computing [4]. Furthermore, this research will now move towards focusing on the security aspect and its services shown by cloud computing itself as keeping in mind the increasing need for security in the cloud as we see a new day moving forward in

This paper starts with cloud identity access management as the first level of cloud computing security service that we identified based on various researches conducted. Whenever a user has established the connection to the cloud, the user will need to login and access the cloud resources in order to drive forward the idea of hosting applications, websites or even doing online sales securely through a secure login tunnel. This has to be fully done by successful authentication and authorization to avoid loss of data and identity being manipulated which could lead

The need to have identified information in this case, which related to identity

access management itself, first needs to be synchronized so that there are no conflicts when identifying the cloud user [6]. One needs to keep in mind there are many users who have the same name although their username can differentiate the users and their level of access. For user information to be synced properly, the old user data will need to be checked if there are any, which were used previously, and it should not match with the new data. Such scenarios occur when a user cancels their online subscription to a cloud host provider and comes back after a few years wanting to again host their applications on the cloud [7]. This reflects on mostly public clouds. This can also be hinted at a private cloud when the administrator permanently deletes the user's data, which in this case is the user's login and registration details to focus on. A hacker can pose as a new user and easily gain access to the cloud system if he/she is able to manipulate the registration and other details.

• Email security

• Encryption

• Network security

• Information security

**2. Literature review**

our daily lives.

**14**

This can happen when the administrator is adding a new identity to the system, and if the administrator is not careful, the system does not identify old data. This will lead to an identity within the cloud system that will gain access to certain module level-based information because the identity has not been synced and verified with real time updates [8]. Another issue could be confidentiality, which focuses only on authorized access to cloud data; an authentication that is related to checking of the received data to be from a legit source and integrity, which relates to only authorized party, should be allowed to modify data in the cloud [9].

Building trust in cloud computing services may help prevent data loss to some extent, but it does not guarantee it. The cloud server needs to be equipped with state-of-the-art hardware and software in order to prevent such issue. This service protects data from being lost based on the rules deployed on cloud servers. Data can be lost in various ways such as the hacker sends a malicious file, which infects the cloud server and deleting the files and folders [10].

Data storage repository must be secured enough to handle such attacks although the level of attacks varies from high to low and each attack is to be considered no matter which level that threat is. Suppose a low level of threat occurs in the cloud server where that data is stored and the administrator does not take any action to fix the issue or just ignores it thinking that it is a small issue, it could multiply and do its job on the storage server leading to data loss [11].

Securing the storage in the cloud is very important where the storage or based in geographical location or not, but at the end of the day, the storage repository is linked to a network and that is enough information for an advanced hacker to easily delete the data by entering into the system from just a small script which will eventually grow to a virus or Trojan to inflict the damage.

If the administrators are not monitoring such scenarios, that virus can do the damage to the storage server. In such cases, it may send a lot of traffic request to the storage server, and this can result in overload. Such case is mostly described as denial of service attacks. With DoS attacks, the server will notice a change in traffic load coming in, and if there are no intelligent applications installed in the server to mitigate, there could be serious implications. These attacks can corrupt data, delete data, and data loss. This is a common issue faced by a lot of users, which ultimately will become the administrator's responsibility.

We noticed a virus spread across the globe called WannaCry, which is a ransomware virus where it locks down your computer system and asks for money in order to unlock the affected system. This type of attacks can lead to data loss as well. Supposedly, this threat can affect the data stored in the cloud server, which is definitely huge on a threat level. Microsoft had to realize patches for their operating systems in order to prevent such attacks. This results in a lot of distress around the globe and was one of most talked about attacks. It not only inflicts damage to the affected system, but it also has the ability to destroy the data itself, which is stored in any system [9]. One must be very careful of such attacks if not then data loss is inevitable. Such attacks are a wake-up call for cloud system, which does not have any type of data loss prevention techniques implemented, and if such techniques are implemented, then the administration must map out ways to block or to prevent data being lost. Therefore, security rules need to be in place to avoid customers from being frustrated with one of the major issues, which are data loss [4].

Web security plays a vital role as well in clouds. While the servers are hosted in clouds, websites and applications are also hosted in it which combines the functionality to work with cloud resources and deliver as expected to customers. Protection against virus and malware nowadays is very common as new types of such threats emerge almost every day. In cloud, all folders are synchronized at all times as the

user updates their data. What could happen is that if a malware enters the cloud and data sync is taking place, the malware gets synched together, spreading around with the configured account, which is the source in which the malware entered into the system [11].

Hosting service providers for cloud-based will need to get a good web application firewall (WAF), which can prevent attacks to web servers and applications. Traffic going in and out of the web server needs to pass through WAF in order to check for malicious responses [12].

As proposed in the paper by Fernandez et al [13], web application scanner and a cloud-based web application firewall can be used to identify vulnerabilities and scan for sensitive data [13]. This type of scanner is very useful in a cloud computing environment. The cloud-based web application firewall will also be integrated with the scanner. The first step will be the scanning process followed by filtering unwanted request, keeping in mind that these unwanted requests are the virus and attacks coming into the system. In their paper, they have also stated that the firewall can control the web application communication via HTTP based on the rules for authorizing and with the main purpose for it to stop SQL injection, XSS, and other types of similar attacks on the cloud servers [12]. What our research has looked into is one of the WAF available for purchase called Barracuda. This application is very useful as it generates a whole lot of data that is not required for processing based on the traffic flow in which the attackers can come in and out of the system. This application has the ability to scan, put cloud applications and websites behind a state-of-the-art firewall system, and monitor traffic to name some of its core functionalities. When we look at a WAF system for cloud, we must have reports generated in order to do research that is more thorough from where the particular attack is coming from and how these attacks can be mitigated. The WAF provides a solution to every attack or vulnerability that is present in the generated report as well. This firewall will be able to stop unwanted traffic into the system, keep the cloud servers safe, and transfer those IP addresses that are suspicious to the suspicious list from the whitelist causing it to be classified as a threat [14]. The users can do online banking securely and other tasks that they would prefer to be done under a secure application layer.

Email security is being implemented in clouds as well. It has major advantages. Any inbound and outbound emails will need to go through email security protocols to ensure that the user sending and receiving the email does not contain any type of malicious data, which can affect the customers' online activity in any way. This could also lead to having a bad impact on web servers as well if proper security protocols are not in place to filter malicious emails. Cases of security policies need to be implemented in order to run the workflow of emails and filtering unwanted emails [15].

As outlined in the paper published as from Barracuda itself, using such application will not limit the functionalities of email security being deployed in the cloud servers. Some things to notice about the paper is that they have outlined the suit for the cloud services with the following combinations for the advanced package, multilayer security which extends the protection for the email also being integrated with Office 365 which is currently being well-known for its cooperative feature for an organization provided by Microsoft. Multilayer security is one of the core features that the email security giant company looks in depth, for the application itself is being a guard against threats arising from emails, data loss protection through spam emails, data being leaked with encryption, and all the email contents being inspected. Another advanced feature that they explained in their paper was cloud-based archiving. This feature is very important, and emails need to be

**17**

alter the data.

*Cloud Computing Security Services to Mitigate DDoS Attacks*

archived frequently for an organization. Such feature in the cloud will enable users to retrieve any previous email at any time from any device, and this can be from any cloud environment whether it being the hybrid cloud-based environment, Microsoft 365, Microsoft Exchange, and even any other types of email service being used on-premise. They also mentioned retrieving emails such as cloud-based backup and recovery features. This feature will allow the administrators to retrieve any email from the frequent backup storage and send it to the live server so that the user requesting for the email can view and retrieve their contents for that particular

According to Rawezh Tara and Nashwans' paper based on private cloud and implementation of software, routing in it identifies the use of virtual private network (VPN), which enables the ability to ensure that the user who is logged into the cloud service can do their online transactions without any issues. The attackers will not be able to judge where or how the data is being transferred to. This creates a secure environment for customers doing online shopping or banking. It is a good practice to provide VPN to users who are already logged into cloud service. Each user will have a VPN client profile. Using this they can establish the VPN connection, and a secure tunnel is enabled, and authentication is being done on the data

Only two types of users use VPN tunnel, which will be the employees and the cloud administrator. The VPN tunnel works as the employee will establish a secure connection through a VPN tunnel; the employee will then login to the VPN client profile using username and password. The authentication is verified with the security policies and the data center. Once the connection is successful, the remote client is connected to the cloud and is ready to utilize the resources and services offered by the application itself. The login of the user will fail if the user is not a valid user, which is checked in the system mainly through the active directory [18]. This type of secure login is highly desirable and is present in the Barracuda application, which was also tested while carrying out this research. It not only protects the user's data, but the users who login into the system through VPN tunnel can be rest assured that they can perform their task without anyone capturing their

Encryptions ensure that the data, which are available in the cloud, is secure. Although there are many types of encryption techniques available, attribute-based encryption will provide favorable results. This provides access control with a private

Furthermore, as proposed a clear explanation of encryption by Rohit, Rituparna, Nabendu, and Sugata research paper based on security issues in cloud computing, they outline the very important aspect of how the encryption can occur in a cloudbased environment. The argument raised is that that data that is stored in the cloud is secure enough towards any type of security breach. They come up with utilizing homomorphed token, which can help secure data through encrypting by private and public keys, respectively. The trust-based methods for the cloud environment are very valuable towards secure private and public key exchange over a secure seamless synchronized connection. Moving on to further discuss encryption supposedly if data is not encrypted, spoofing attacks can take place. Such attacks can be checked by performing user authentication based on key exchange and even encryption techniques [20]. By enabling encryption sessions with filtering at the entrance of traffic management, such attacks can be avoided. Encryption plays a very important part in securing the cloud services with its unique ability to transform the data into cipher which makes the attackers difficult or almost impossible to

*DOI: http://dx.doi.org/10.5772/intechopen.92683*

email [16].

center firewall end [17].

information.

key, master key, and ciphers text [19].

#### *Cloud Computing Security Services to Mitigate DDoS Attacks DOI: http://dx.doi.org/10.5772/intechopen.92683*

*Cloud Computing Security - Concepts and Practice*

system [11].

malicious responses [12].

under a secure application layer.

user updates their data. What could happen is that if a malware enters the cloud and data sync is taking place, the malware gets synched together, spreading around with the configured account, which is the source in which the malware entered into the

Hosting service providers for cloud-based will need to get a good web application firewall (WAF), which can prevent attacks to web servers and applications. Traffic going in and out of the web server needs to pass through WAF in order to check for

As proposed in the paper by Fernandez et al [13], web application scanner and a cloud-based web application firewall can be used to identify vulnerabilities and scan for sensitive data [13]. This type of scanner is very useful in a cloud computing environment. The cloud-based web application firewall will also be integrated with the scanner. The first step will be the scanning process followed by filtering unwanted request, keeping in mind that these unwanted requests are the virus and attacks coming into the system. In their paper, they have also stated that the firewall can control the web application communication via HTTP based on the rules for authorizing and with the main purpose for it to stop SQL injection, XSS, and other types of similar attacks on the cloud servers [12]. What our research has looked into is one of the WAF available for purchase called Barracuda. This application is very useful as it generates a whole lot of data that is not required for processing based on the traffic flow in which the attackers can come in and out of the system. This application has the ability to scan, put cloud applications and websites behind a state-of-the-art firewall system, and monitor traffic to name some of its core functionalities. When we look at a WAF system for cloud, we must have reports generated in order to do research that is more thorough from where the particular attack is coming from and how these attacks can be mitigated. The WAF provides a solution to every attack or vulnerability that is present in the generated report as well. This firewall will be able to stop unwanted traffic into the system, keep the cloud servers safe, and transfer those IP addresses that are suspicious to the suspicious list from the whitelist causing it to be classified as a threat [14]. The users can do online banking securely and other tasks that they would prefer to be done

Email security is being implemented in clouds as well. It has major advantages. Any inbound and outbound emails will need to go through email security protocols to ensure that the user sending and receiving the email does not contain any type of malicious data, which can affect the customers' online activity in any way. This could also lead to having a bad impact on web servers as well if proper security protocols are not in place to filter malicious emails. Cases of security policies need to be implemented in order to run the workflow of emails and filtering unwanted

As outlined in the paper published as from Barracuda itself, using such application will not limit the functionalities of email security being deployed in the cloud servers. Some things to notice about the paper is that they have outlined the suit for the cloud services with the following combinations for the advanced package, multilayer security which extends the protection for the email also being integrated with Office 365 which is currently being well-known for its cooperative feature for an organization provided by Microsoft. Multilayer security is one of the core features that the email security giant company looks in depth, for the application itself is being a guard against threats arising from emails, data loss protection through spam emails, data being leaked with encryption, and all the email contents being inspected. Another advanced feature that they explained in their paper was cloud-based archiving. This feature is very important, and emails need to be

**16**

emails [15].

archived frequently for an organization. Such feature in the cloud will enable users to retrieve any previous email at any time from any device, and this can be from any cloud environment whether it being the hybrid cloud-based environment, Microsoft 365, Microsoft Exchange, and even any other types of email service being used on-premise. They also mentioned retrieving emails such as cloud-based backup and recovery features. This feature will allow the administrators to retrieve any email from the frequent backup storage and send it to the live server so that the user requesting for the email can view and retrieve their contents for that particular email [16].

According to Rawezh Tara and Nashwans' paper based on private cloud and implementation of software, routing in it identifies the use of virtual private network (VPN), which enables the ability to ensure that the user who is logged into the cloud service can do their online transactions without any issues. The attackers will not be able to judge where or how the data is being transferred to. This creates a secure environment for customers doing online shopping or banking. It is a good practice to provide VPN to users who are already logged into cloud service. Each user will have a VPN client profile. Using this they can establish the VPN connection, and a secure tunnel is enabled, and authentication is being done on the data center firewall end [17].

Only two types of users use VPN tunnel, which will be the employees and the cloud administrator. The VPN tunnel works as the employee will establish a secure connection through a VPN tunnel; the employee will then login to the VPN client profile using username and password. The authentication is verified with the security policies and the data center. Once the connection is successful, the remote client is connected to the cloud and is ready to utilize the resources and services offered by the application itself. The login of the user will fail if the user is not a valid user, which is checked in the system mainly through the active directory [18]. This type of secure login is highly desirable and is present in the Barracuda application, which was also tested while carrying out this research. It not only protects the user's data, but the users who login into the system through VPN tunnel can be rest assured that they can perform their task without anyone capturing their information.

Encryptions ensure that the data, which are available in the cloud, is secure. Although there are many types of encryption techniques available, attribute-based encryption will provide favorable results. This provides access control with a private key, master key, and ciphers text [19].

Furthermore, as proposed a clear explanation of encryption by Rohit, Rituparna, Nabendu, and Sugata research paper based on security issues in cloud computing, they outline the very important aspect of how the encryption can occur in a cloudbased environment. The argument raised is that that data that is stored in the cloud is secure enough towards any type of security breach. They come up with utilizing homomorphed token, which can help secure data through encrypting by private and public keys, respectively. The trust-based methods for the cloud environment are very valuable towards secure private and public key exchange over a secure seamless synchronized connection. Moving on to further discuss encryption supposedly if data is not encrypted, spoofing attacks can take place. Such attacks can be checked by performing user authentication based on key exchange and even encryption techniques [20]. By enabling encryption sessions with filtering at the entrance of traffic management, such attacks can be avoided. Encryption plays a very important part in securing the cloud services with its unique ability to transform the data into cipher which makes the attackers difficult or almost impossible to alter the data.

Information security relates to gathering the alerts which come about the cloud service monitoring tools. Logs get created for the events. Being a central point, cloud computing is able to handle the information stored and how it gets altered by malicious activity which leads to a crisis situation. If an alert gets ignored, it becomes a golden opportunity for attackers to exploit the cloud services and can access the data of customers. If such a case does happen, the admin must take immediate actions and retrieve data backups. Cloud computing can aid in the seamless transfer of the information to a backup server which will store the information of all the customers. Cloud IaaS is a possible direction of data backup in which data needs to be firmly protected as it should be a specialized cloud-based backup server [21].

Intrusion management looks after the packets coming in and going out of the network. It has got a set of predefined rules which can handle a particular event. A cloud service provider needs to have an intrusion management tool such as anomaly detection. This type of detection system trains itself by observing network behaviors. It identifies the class level for the intrusion whether normal or intrusion, based on the network packets. If an intrusion is found, it should send a warning to the alert or information security system for further action [22]. Hadoop is an open source software, which is becoming popular with cloud administrators. Hadoop is used to distribute processing of big data using MapReduce. MapReduce is a model which can perform analysis very quickly to locate the malicious activity and the area in which the attack occurs [23].

Disaster management in collaboration with disaster recovery relates to cloud data storage in its servers. One must be prepared for it; thus, disaster rescue management can be put in place by the hosting providers in the cloud servers. Attackers can disrupt services by sending malicious requests to the server if there are no strong security policies placed, and they can create downtime of the server as the servers can get overloaded through it. For natural disasters, cloud hosting providers can place their data centers at geographical locations so that if one center gets affected, another will pick up and prevent downtime of services [24].

Looking at an infrastructure point of view, we picked Veeam, a software product developed by Veeam organization itself to replicate, backup, and restore data on virtual machines. It has a lot of capabilities as it pools together one of the leading backup services for a cloud infrastructure. Having the ability to replicate with advanced monitoring, reporting tools, and capacity planning functionality, Veeam is highly desirable to be used for a disaster management tool.
