Securing a SaaS application on AWS Cloud

Siddhartha Sourav Panda, Nishanth Pathi, Shinu Abhi

Abstract


The last few years have seen tremendous growth in cloud adoption especially the new age companies and startups in multiple domains are embracing cloud technologies to avoid on-premises costs of maintaining the systems. As organizations grow and continue to invest in digital transformation, the cloud is becoming an ever more crucial part of the organization. For startups, it is highly required that they look at their cloud security components and make them robust to avoid a cyber-attack and reputation damage. Year after year IT world has been witnessing multiple series of news headlines and data leaks that occurred because of cloud architecture misconfigurations. In this article, the authors will explore Amazon Web Services (AWS), which is one of the top cloud service providers in the world. This paper target is to educate and set up a guideline for a secured architecture baseline on AWS cloud adoption for new or existing customers to review their architecture and encourage them to deploy the security components on AWS. This paper provides a brief overview of the various architectures proposed and implemented that can act as a solution for handling the various issues related to Cloud Computing, especially Cloud Security.


Full Text:

PDF

References


T. Singh, “The effect of Amazon Web Services (AWS) on Cloud-Computing,” Int. J. Eng. Res. Technol., vol. 10, no. 11, pp. 480–482, 2021, [Online]. Available: https://www.ijert.org/research/the-effect-of-amazon-web-services-aws-on-cloud-computing-IJERTV10IS110188.pdf

O. Nath, “Top 5 AWS Misconfigurations That Led to Data Leaks in 2021,” 2021. https://www.spiceworks.com/it-security/cyber-risk-management/articles/aws-misconfigurations-2021/

O. Nath, “What Makes AWS Buckets Vulnerable to Ransomware and How to Mitigate the Threat,” 2021. https://www.spiceworks.com/it-security/cyber-risk-management/news/aws-vulnerable-to-ransomware-attacks/

A. Mahajan, “4 Most Common Misconfigurations in AWS EC2 Instances,” 2021. https://kloudle.com/blog/4-most-common-misconfigurations-in-aws-ec2-instances

Cloudanix, “15 TOP AWS RDS MISCONFIGURATIONS TO AVOID IN 2022,” 2021. https://blog.cloudanix.com/top-15-aws-rds-misconfigurations-2022/

N. Lord, “Data Protection: Data In transit vs. Data At Rest,” 2019. https://digitalguardian.com/blog/data-protection-data-in-transit-vs-data-at-rest

AWS, “Shared Responsibility Model.” https://aws.amazon.com/compliance/shared-responsibility-model/

Trend, “Top 10 AWS Security Misconfiguration,” 2021. https://www.trendmicro.com/en_us/devops/21/k/top-10-aws-security-misconfigurations.html

Votiro, “How Misconfigured Amazon S3 Buckets Can Lead to a Ransomware Attack,” 2021. https://securityboulevard.com/2021/04/how-misconfigured-amazon-s3-buckets-can-lead-to-a-ransomware-attack/

S. Gietzen, “S3 Ransomware Part 2: Attack Vector,” 2021. https://rhinosecuritylabs.com/aws/s3-ransomware-part-2-prevention-and-defense/

AWS, “Security Pillar AWS Well-Architected Framework,” 2020.

S. Malik, “Top 12 cloud security threats according to Cloud Security Alliance,” 2021. https://bitbytes.io/cloud-security-threats/

G. K. Anand Mishra, “Big Data Analytics Options on AWS,” Int. J. Eng. Res. Technol., vol. 10, no. April, p. 29, 2021.

P. NIKHIL N and M. RAHUL B, “A Comprehensive Survey on Data Integrity Proving Schemes in Cloud Storage,” Ijarcce, no. December, pp. 8163–8166, 2014, doi: 10.17148/ijarcce.2014.31019.

A. Phapale, “A Novel Approach for Securing Cloud Data Using Cryptographic Approach,” pp. 296–299.

N. I. Eltayb and O. A. Rayis, “Cloud Computing Security Framework Privacy Security,” … Recent Innov. Trends Comput. …, no. February, 2018, [Online]. Available: http://www.academia.edu/download/56698026/1519625123_26-02-2018.pdf

M. N. Ujloomwale and M. R. Badre, “Data storage security in Cloud,” IOSR J. Comput. Eng., vol. 16, no. 6, pp. 50–56, 2014, doi: 10.9790/0661-16635056.

G. Thomas and P. Janardhanan, “Intrusion Tolerance: Enhancement of Safety in Cloud Computing,” Ijarcce.Com, vol. 1, no. 4, pp. 238–242, 2012, [Online]. Available: http://ijarcce.com/upload/june/8-Intrusion Tolerance Enhancement.pdf

B. V Akash and R. Murugan, “Authenticated Transfer of Files with Storage and Backup within A Cloud Environment,” Int. J. Eng. Res. Technol., vol. 11, no. 02, pp. 259–260, 2022.




DOI: https://doi.org/10.29040/ijcis.v4i3.81

Article Metrics

Abstract view : 162 times
PDF - 114 times

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License