## Encryption and Key Management In cloud environments, data from multiple tenants often resides on the same physical hardware. While virtualization creates a logical separation, encryption is the primary control mechanism to protect data confidentiality and integrity. Strong encryption ensures that if data is accessed without authorization it will remain unintelligible. Key management lifecycle includes creating, storing, distributing, and retiring keys securely. ### Identity and Access Management (IAM) Effective Identity and Access Management is critical in cloud security. IAM systems allow administrators to set permissions and access controls specific to the needs of users and services. This ensures that only authenticated individuals/processes can access sensitive information or execute privileged operations. Remember the ==principle of least privilege==! Limits the access rights for users to the bare minimum permissions they need to perform their work. This minimizes the potential damage from compromised accounts and limits the attack surface. ### Data and Media Sanitization The process of delivertately, permanently, and irreversiblyremoving or destroying data stored on a memory device to prevent unauthorized access. In a cloud environment, this is particularly significant when decommissioning resources. Cryptographic erasure uses encryption to render data unreadable. When a decryption key is destroyed the data becomes irrecoverable which provides practical and secure means for data sanitization even in multi-tenant systems. #### Network Security Measures - Cloud Firewalls: Virtual firewalls that filter traffic based on security rules. - Network Security Groups (NSGs): Act as virtual firewall for controlling inbound and outbound traffic to and from Azure resources. ##### Virtualization Security Virtualization is foundational to cloud computing yet introduces unique security challenges especially in regard to hypervisors and containers. The hypervisor which manages the virtual machines must be secured to prevent attacks that could allow an adversary to gain control over all VMs on a host. Container security is equally critical as vulnerabilities might allows unauthorized access beyond the container boundary which is known as "container escape". ##### Common Cloud Threats - Account Hijacking: Exploiting stolen credentials to gain unauthorized access to cloud resources. - Data Breaches: Unauthorized access and exfiltration of sensitive data storage. - Denial of Service (DoS): Overloading cloud services making them unavailable for legitimate requests. ###### Security Hygiene Practices - Patching: Regularly updating cloud infrastructure with the latest security patches reduces the risk of exploitation. - Baseline Configurations: Establishing secure baseline configurations for system components ensures consistency and reduces the potential for misconfiguration.