Cloud security in practice: A technical guide to confidentiality, integrity, and availability at scale Breadcrumb

Author: Madan, Vivek

Publisher: Zenodo

DOI: 10.5281/zenodo.17318106

Source: https://zenodo.org/records/17318106/files/WJARR-2025-1904.pdf

 Co esponding au ho : Vi ek Madan
Copy igh © 2025 Au ho (s) e ain he copy igh o his a icle. This a icle is published unde he e ms o he C ea i e Commons A ibu ion License 4.0.
Cloud secu i y in p ac ice: A echnical guide o con iden iali y, in eg i y, and
a ailabili y a scale
Vi ek Madan *
Di ec o , IT Secu i y Risk and Compliance, Fo ine Inc., Cali o nia, USA.
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 2165-2171
Publica ion his o y: Recei ed on 14 Ap il 2025; e ised on 11 May 2025; accep ed on 13 May 2025
A icle DOI: h ps://doi.o g/10.30574/wja .2025.26.2.1904
Abs ac
Cloud compu ing has e olu ionized how businesses deploy and scale IT in as uc u e. Howe e , his shi in oduces
signi ican secu i y challenges ha equi e well-a chi ec ed secu i y echniques ac oss he cloud ecosys em. This pape
p esen s comp ehensi e echniques o ensu e con iden iali y, in eg i y, and a ailabili y o da a and sys ems in cloud
en i onmen s. Co e ed opics include da a enc yp ion, secu e s o age, key managemen , logging and moni o ing, i ual
p i a e cloud (VPC) secu i y, con aine secu i y, DAST and SAST scanning, baseline imaging, con igu a ion managemen ,
and change con ol p ac ices. These a e mapped o CSA's Cloud Con ols Ma ix (CCM) and CAIQ 4.0 domains o
demons a e holis ic cloud isk managemen . Real-wo ld examples, miss eps, and bes p ac ices a e discussed
Keywo ds: Cloud Secu i y; Da a Enc yp ion; CSA; CAIQ; Cloud Con ols Ma ix; Ze o T us ; Compliance
1. In oduc ion
Cloud compu ing o e s unma ched scalabili y, lexibili y, and cos -e iciency, bu i also in oduces complex secu i y
challenges. As o ganiza ions shi c i ical wo kloads o he cloud, hey mus adop obus and s uc u ed secu i y
echniques o sa egua d da a, ensu e compliance, and main ain esilience. This pape explo es p o en s a egies aligned
wi h he Cloud Secu i y Alliance’s CAIQ amewo k and highligh s echnical con ols ac oss go e nance, da a, iden i y,
in as uc u e, applica ion, and compliance domains.
2. Secu i y Techniques o Cloud En i onmen s
2.1. Go e nance, Risk Managemen , and Compliance
GRC is ounda ional o cloud secu i y go e nance. O ganiza ions mus align cloud ope a ions wi h business objec i es,
isk ole ance, and egula o y manda es. Key p ac ices include de ining cloud-speci ic go e nance s uc u es,
embedding isk owne ship, and implemen ing compliance amewo ks such as ISO 27001, NIST SP 800-53, and CSA
CCM. Wo k low au oma ion pla o ms like RSA A che o Se iceNow should be used o manage con ol documen a ion,
policy excep ions, and audi ails.
Secu i y con ols should be con inuously moni o ed and mapped o egula o y equi emen s using a compliance ma ix.
De SecOps in eg a ion ensu es policy en o cemen and compliance alida ion h oughou CI/CD pipelines. Common
gaps include elying on sp eadshee s o isk assessmen s, neglec ing hi d-pa y go e nance, o ea ing compliance as
a one- ime e en . Ma u e o ganiza ions ope a ionalize GRC by aligning i wi h enginee ing and De Ops cycles, using
KRIs and dashboa ds o ack eal- ime isk.
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 2165-2171
2166
2.2. Da a Secu i y and P i acy
Da a secu i y begins wi h classi ica ion and ex ends h ough enc yp ion, s o age con ol, and li ecycle managemen .
Da a a es mus be enc yp ed using AES-256, and in ansi wi h TLS 1.2 o highe . Me ada a and snapsho s mus also
be secu ed. P i acy egula ions like GDPR and HIPAA manda e da a minimiza ion, access anspa ency, and dele ion
igh s.
Tools like AWS Macie and Mic oso Pu iew suppo disco e y and labeling o sensi i e da a ac oss cloud eposi o ies.
Enc yp ion key o a ion, access logging, and masking echniques like okeniza ion o o ma -p ese ing enc yp ion
should be applied in p oduc ion and non-p oduc ion en i onmen s alike. O ganiza ions o en ail o classi y da a
consis en ly, s o e long- e m backups insecu ely, o igno e shadow IT da a s o es. A da a-cen ic secu i y s a egy
ensu es esilience agains b eaches and egula o y iola ions.
2.3. Iden i y and Access Managemen (IAM)
IAM go e ns who can access wha , when, and unde wha condi ions. Implemen Role-Based Access Con ol (RBAC) o
A ibu e-Based Access Con ol (ABAC) o en o ce leas p i ilege p inciples. Fede a ed iden i y ia SAML o OIDC
suppo s Single Sign-On (SSO) and cen alized policy en o cemen . P i ileged accoun access mus always equi e
Mul i ac o Au hen ica ion (MFA).
IAM policies should be managed using in as uc u e-as-code, e sion-con olled, and pee - e iewed. Tempo a y
p i ilege ele a ion wi h app o al wo k lows educes a ack su ace. Tools like AWS IAM Access Analyze o Azu e AD
Condi ional Access help de ec o e p i ileged accoun s o unusual access pa e ns. Mis akes include lea ing wildca d
pe missions (“*”), no e oking access a e o boa ding, and ha dcoding c eden ials. Sec e manage s like AWS Sec e s
Manage o Vaul mi iga e hese isks by secu ely s o ing c eden ials and okens.
2.4. In as uc u e and Vi ualiza ion Secu i y
This domain co e s p o ec ion o i ual machines, s o age, and ne wo k laye s. Use ha dened base images wi h CIS
benchma ks. Segmen cloud wo kloads using VPCs, subne ing, secu i y g oups, and ne wo k ACLs. Isola e p oduc ion
and de elopmen a ic wi h i ewalls and ga eway con ols.
In as uc u e-as-Code (IaC) ools like Te a o m o CloudFo ma ion en o ce consis ency and enable au oma ed
alida ion. Moni o un ime beha io using Cloud Wo kload P o ec ion Pla o ms (CWPPs) o Cloud-Na i e Applica ion
P o ec ion Pla o m (CNAPP) such as Fo iCNAPP, P isma Cloud, Wiz, o Aqua. Tagging asse s, au oma ing pa ching, and
pe o ming d i de ec ion a e c i ical o ope a ional in eg i y. Top isks include publicly exposed S3 bucke s, unpa ched
hype iso s, la ne wo k opologies, and absen eg ess con ols. Secu e in as uc u e is he backbone o esilien cloud
compu ing.
2.5. In e ope abili y and Po abili y
Cloud sys ems should be designed o a oid lock-in and p omo e ope a ional agili y ac oss p o ide s. Con aine iza ion
ia Docke and o ches a ion using Kube ne es decouple applica ions om in as uc u e. In as uc u e-as-Code (IaC)
and Gi Ops p ac ices s anda dize deploymen s ac oss pla o ms, imp o ing po abili y.
APIs mus ollow open s anda ds and be ho oughly documen ed. Cloud-neu al solu ions like Azu e A c, and HashiCo p
Te a o m modules acili a e hyb id and mul i-cloud in e ope abili y. A oiding eliance on p op ie a y se ices like
AWS Lambda Laye s o Azu e AD B2C ensu es lexibili y. Main ain consis en a chi ec u e documen a ion and c oss-
cloud disas e eco e y plans o uphold con inui y in he ace o egula o y shi s o p o ide ou ages.
2.6. Applica ion and In e ace Secu i y (AIS)
AIS in ol es secu ing APIs, web applica ions, and so wa e supply chains. Embed secu i y om design h ough
deploymen ia a Secu e So wa e De elopmen Li ecycle (SSDLC). Inco po a e h ea modeling, code e iews, and
S a ic and Dynamic Applica ion Secu i y Tes ing (SAST/DAST). Use So wa e Composi ion Analysis (SCA) o scan
dependencies.
Au hen ica ion mechanisms like OAu h 2.0 and g anula au ho iza ion scopes mus be en o ced o all APIs. Web
Applica ion Fi ewalls (WAFs) and API ga eways help mi iga e injec ion, DoS, and c eden ial abuse a acks. En o ce inpu
alida ion, a oid debug endpoin s in p oduc ion, and ne e s o e sec e s in on end code. Wi h he ise o supply chain
a acks, alida e con aine images and SBOMs be o e pushing o p oduc ion.
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 2165-2171
2167
2.7. Secu i y Inciden Managemen , E-Disc and Cloud Fo ensics
An e ec i e inciden esponse s a egy is i al in dynamic cloud en i onmen s. De elop a cloud-speci ic inciden
esponse plan (IRP) ou lining oles, escala ion pa hs, and playbooks. In eg a e cloud-na i e ools like AWS Gua dDu y,
Fo iCNAPP, CloudT ail, and Azu e Sen inel wi h cen alized SIEM/SOAR pla o ms o h ea de ec ion and
au oma ed emedia ion such as Fo iSIEM Cloud.
Regula ly simula e scena ios ia able op exe cises o chaos enginee ing ools. Secu ely a chi e o ensic da a such as
logs, packe cap u es, and snapsho s o pos -inciden analysis. De ine me ics like MTTD and MTTR o ack
e ec i eness. Common sho comings include lack o logging co e age, un e ained e idence, and delayed esponse due
o lack o cla i y o ooling gaps.
2.8. Th ea and Vulne abili y Managemen (TVM)
TVM is essen ial o iden i ying, p io i izing, and emedia ing isks ac oss i ual machines, APIs, con aine s, and SaaS
pla o ms. Run ulne abili y scans egula ly using ools like Qualys, Nessus, o na i e se ices like AWS Inspec o .
P io i ize pa ching using exploi abili y sco es, no jus CVSS a ings.
Con aine images should be scanned ia Clai , T i y, o P isma be o e deploymen . In eg a e ulne abili y managemen
in o CI/CD pipelines o shi le . Main ain a So wa e Bill o Ma e ials (SBOM) and ack hi d-pa y lib a ies using SCA
ools. En o ce emedia ion SLAs based on business c i icali y. A oid o e - eliance on mon hly scans and ensu e
miscon igu a ion assessmen s complemen ulne abili y e iews o ull co e age.
2.9. Human Resou ces Secu i y
Human elemen emains a c ucial ac o in cloud secu i y. Begin wi h p e-employmen backg ound sc eening, and
con inue wi h ole-based secu i y aining h oughou employmen . Implemen access p o isioning wo k lows igh ly
coupled wi h HR sys ems such as Wo kday o SuccessFac o s o en o ce immedia e access e oca ion upon e mina ion.
Conduc pe iodic access e iews, pa icula ly o p i ileged use s. Employ beha io moni o ing ia Use and En i y
Beha io Analy ics (UEBA) o de ec inside h ea s. Regula phishing simula ions and con ex ual lea ning ein o ce
igilance. Common issues include o e -p o isioned accoun s a onboa ding, delayed o boa ding, and insu icien
aining on cloud-speci ic h ea ec o s like cloud phishing, MFA a igue a acks, and imp ope da a sha ing.
2.10. Uni e sal Endpoin Managemen (UEM)
UEM ensu es ha all de ices accessing cloud sys ems comply wi h secu i y baselines. Cen alized ools like Mic oso
In une, Jam , o Kandji en o ce consis en policies ac oss mobile, desk op, and i ual endpoin s. Policies should
manda e ull disk enc yp ion, secu e boo , au o-pa ching, and eal- ime an i i us p o ec ions.
Implemen pos u e-awa e condi ional access con ols based on geoloca ion, de ice compliance, and login beha io .
Segmen co po a e and pe sonal da a on mobile de ices using con aine s o sandboxing echniques. Lack o isibili y
in o unmanaged de ices o ole ance o ou da ed OS e sions p esen s signi ican secu i y isks. Endpoin De ec ion
and Response (EDR) ools such as Fo iEDR, should in eg a e wi h SIEM o co ela e ale s ac oss in as uc u e.
2.11. Da acen e Secu i y
Though cloud abs ac s physical in as uc u e, da a cen e secu i y emains i al, especially in hyb id o p i a e cloud
deploymen s. Ensu e physical access con ols such as biome ic au hen ica ion, su eillance, and isi o logs. Valida e
ha you cloud se ice p o ide (CSP) complies wi h s anda ds like ISO/IEC 27001, SOC 2 Type II, and TIA-942.
Conduc isk assessmen s o coloca ion o on-p em da a cen e s including h ea s like na u al disas e s, inside access,
o powe ailu es. Ensu e edundancy ia backup powe and mul ipa h connec i i y. CSP anspa ency a ound hei
supply chain, da a eplica ion, and access logging is c i ical. Ze o- us physical secu i y mus complemen i ual
secu i y.
2.12. Logging and Moni o ing
E ec i e logging and moni o ing is c i ical o de ec ing anomalies, ensu ing compliance, and suppo ing o ensic
in es iga ions in he cloud. Enable na i e cloud logging se ices like AWS CloudT ail, Azu e Moni o , and Google Cloud
Audi Logs ac oss all egions and se ices. In eg a e hese logs in o cen alized SIEM pla o ms such as Fo iSIEM,
Splunk, Elas ic, o Sen inel.
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 2165-2171
2168
Logs should be immu able, enc yp ed, and e ained pe egula o y equi emen s. Use log analyze s and beha io
analy ics o de ec la e al mo emen , p i ilege escala ion, o unusual API usage. Implemen ale ing h esholds o
c i ical ac ions (e.g., IAM changes, i ewall upda es). Ensu e logs a e imes amped accu a ely and synch onized ia NTP.
Common gaps include insu icien log co e age, lack o co ela ion ules, and unmoni o ed hi d-pa y SaaS in eg a ions.
2.13. Business Con inui y Managemen , and Op Resilience
Cloud-based esilience equi es a chi ec u e ha suppo s high a ailabili y, aul ole ance, and apid eco e y.
Le e age mul i-zone o mul i- egion a chi ec u es and de ine business-aligned Reco e y Time Objec i es (RTOs) and
Reco e y Poin Objec i es (RPOs).
Au oma e disas e eco e y p ocesses using ools like AWS CloudEndu e o Azu e Si e Reco e y. Use IaC o eplica e
in as uc u e con igu a ions ac oss egions. S o e backups in isola ed accoun s o egions o p e en da a loss om
cascading ailu es. Pe o m ou ine ailo e d ills, chaos es ing, and audi ail alida ion. O e looked issues include co-
loca ed backups wi h p oduc ion wo kloads, lack o c oss- egion DNS ailo e , and ou da ed DR playbooks.
2.14. Audi and Assu ance
Audi eadiness in he cloud in ol es con inuous con ol moni o ing, cen alized e idence collec ion, and s akeholde
accoun abili y. Use compliance au oma ion pla o ms like D a a, Van a, o Lacewo k o map cloud con ols o
amewo ks like ISO 27001, SOC 2, and HIPAA.
All audi logs should be s o ed immu ably, wi h clea imes amps and sou ce a ibu ion. Implemen dashboa ds
showing con ol s a us, audi ails, and emedia ion p og ess. Pe o m in e nal mock audi s qua e ly o unco e gaps
be o e ex e nal engagemen s. Failu es o en s em om decen alized e idence, unclea oles, o manual con ol
alida ion.
2.15. Supply Chain Managemen , T anspa ency, and Accoun abili y
Secu i y o cloud supply chains equi es isibili y in o all dependencies, including APIs, lib a ies, and SaaS ools.
Main ain a So wa e Bill o Ma e ials (SBOM) o all p oduc s, upda ed h ough au oma ed scans like Sy o CycloneDX.
Thi d-pa y endo s should unde go due diligence h ough ques ionnai es (e.g., CAIQ-Li e), and con ac s mus de ine
b each no i ica ion and audi igh s. Moni o endo isk con inuously using pla o ms like OneT us o
Secu i ySco eca d. T ansi i e isks om ups eam p o ide s o open-sou ce main aine s should be ac o ed in o
o e all en e p ise isk pos u e.
2.16. Change Con ol and Con igu a ion Managemen
En o ce igo ous con igu a ion managemen using IaC pipelines, pee e iews, and au oma ic d i de ec ion ools like
AWS Con ig o Azu e Policy. T ack all con igu a ion changes wi h icke IDs and e sion con ol.
C i ical changes mus pass CAB app o al and include ollback plans. Use agging s anda ds o documen owne ship and
cos cen e s. P ohibi di ec console modi ica ions o p oduc ion sys ems unless eme gency changes a e documen ed
pos - ac o. Lack o con igu a ion con ol o en esul s in down ime, compliance iola ions, and shadow in as uc u e.
2.17. C yp og aphy, Enc yp ion, and Key Managemen
Enc yp all da a using AES-256 o es and TLS 1.2+ o ansi . Keys should be o a ed pe iodically and s o ed using
secu e KMS o HSM-backed se ices. Implemen en elope enc yp ion o decouple key ma e ial om da a s o age.
Use ole-based policies o es ic access o keys. Log e e y c yp og aphic ope a ion o audi pu poses. A oid s o ing
keys in he same cloud egion as enc yp ed da a. Comply wi h NIST SP 800-57 and FIPS 140-3 o en e p ise-g ade key
managemen p ac ices.
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 2165-2171
2169
3. Common Cloud Secu i y Mis akes
3.1. Miscon igu ed S o age Bucke s
One o he mos common and dange ous cloud secu i y o e sigh s is he miscon igu a ion o s o age bucke s, such as
AWS S3 o Azu e Blob S o age. O en, o ganiza ions inad e en ly lea e hese s o age bucke s publicly accessible, ei he
due o de aul se ings, lack o awa eness, o human e o du ing deploymen . Such miscon igu a ions can expose
sensi i e da a, including cus ome eco ds, p op ie a y code, o con igu a ion iles o he open in e ne , allowing
a acke s o access o ex il a e i wi hou any au hen ica ion. Mi iga ing his equi es obus con igu a ion managemen
p ac ices, egula audi s, use o leas p i ilege access con ols, and au oma ion ools ha can scan o and emedia e
publicly exposed s o age esou ces.
3.2. O e p i ileged IAM Roles
Iden i y and Access Managemen (IAM) miss eps, pa icula ly o e p i ileged oles, a e ano he c i ical isk a ea in cloud
en i onmen s. G an ing use s o se ices b oade pe missions han hey ac ually need inc eases he a ack su ace and
can lead o p i ilege escala ion, la e al mo emen , and da a comp omise i c eden ials a e s olen o abused. Fo example,
a de elope wi h admin igh s in p oduc ion could unin en ionally (o maliciously) modi y c i ical in as uc u e.
Following he p inciple o leas p i ilege, en o cing ole-based access con ol (RBAC), and conduc ing pe iodic IAM
e iews can signi ican ly educe his isk. Many cloud p o ide s also o e ools like AWS IAM Access Analyze o iden i y
and lag excessi e pe missions.
3.3. Lack o Enc yp ion
Failing o enc yp da a in he cloud, whe he a es o in ansi exposes o ganiza ions o unnecessa y isks. Enc yp ion
ac s as a inal sa egua d, ensu ing ha e en i da a is in e cep ed o accessed by unau ho ized use s, i emains
un eadable wi hou he p ope keys. Un o una ely, some eams ely solely on cloud p o ide de aul s o neglec
enc yp ing me ada a and backup iles, lea ing gaps in hei p o ec ion. Bes p ac ices include enabling TLS/SSL o all
da a in ansi , using AES-256 o da a a es , and managing enc yp ion keys secu ely h ough cloud-na i e Key
Managemen Se ices (KMS). Regula o y amewo ks like HIPAA, GDPR, and PCI-DSS also manda e s ong enc yp ion
p o ocols o p o ec sensi i e da a.
3.4. Poo Key Managemen
Enc yp ion is only as s ong as he key managemen behind i . Poo key managemen p ac ices such as ha dcoding keys
in o sou ce code, no o a ing hem egula ly, o s o ing hem in he same loca ion as he enc yp ed da a—can ende
enc yp ion useless. Th ea ac o s o en scan public code eposi o ies like Gi Hub o ind leaked sec e s and keys. To
mi iga e his, o ganiza ions should adop cen alized key managemen solu ions, en o ce s ic access con ols, and
enable au oma ic key o a ion policies. Le e aging cloud-na i e ools like AWS KMS o Azu e Key Vaul ensu es
in eg a ion wi h b oade secu i y policies while educing he likelihood o key exposu e.
3.5. Insecu e CI/CD Pipelines
Con inuous In eg a ion and Con inuous Deploymen (CI/CD) pipelines a e in eg al o mode n cloud-na i e applica ion
de elopmen , bu hey can also become majo secu i y liabili ies i no p ope ly secu ed. Common mis akes include
s o ing sec e s in plain ex , inadequa e access con ol, and skipping secu i y es ing s ages. A acke s can exploi weak
poin s in he pipeline o injec malicious code o comp omise in as uc u e. To secu e CI/CD en i onmen s, sec e s
should be s o ed in aul s, ools like SAST (S a ic Applica ion Secu i y Tes ing) and DAST (Dynamic Applica ion Secu i y
Tes ing) should be in eg a ed in o he pipeline, and pipelines should be audi ed egula ly. Addi ionally, using epheme al
build en i onmen s and en o cing s ong au hen ica ion o CI/CD ools enhances o e all secu i y.
3.6. Shadow IT
Shadow IT e e s o he use o cloud se ices, applica ions, o in as uc u e wi hou o mal app o al o o e sigh om
he o ganiza ion’s IT o secu i y eams. Employees may spin up cloud esou ces o use hi d-pa y SaaS applica ions o
boos p oduc i i y, unawa e o he secu i y isks. These unmoni o ed asse s can become weak poin s, lacking p ope
enc yp ion, moni o ing, o compliance wi h co po a e policies leading o da a leakage o egula o y iola ions.
Add essing shadow IT in ol es aising employee awa eness, implemen ing s ong cloud access go e nance (CASB), and
using disco e y ools o iden i y and b ing ogue applica ions unde o mal secu i y con ol.

Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 2165-2171
2170
3.7. Insu icien Logging and Moni o ing
Wi hou adequa e logging and moni o ing, o ganiza ions ope a e in he da k unable o de ec , espond o, o in es iga e
secu i y inciden s e ec i ely. In cloud en i onmen s, whe e dynamic wo kloads and epheme al in as uc u e a e
common, isibili y is c i ical. Many o ganiza ions ail o enable na i e logging ools like AWS CloudT ail, Azu e Moni o ,
o Google Cloud Audi Logs, o hey do no cen alize logs o co ela ion and ale ing. E ec i e cloud secu i y
moni o ing equi es eal- ime log collec ion, co ela ion h ough SIEM solu ions, anomaly de ec ion using beha io al
analy ics, and obus inciden esponse plans. Logging should co e au hen ica ion e en s, access o c i ical esou ces,
and changes o cloud in as uc u e.
4. Case S udies o Cloud Secu i y Failu es
4.1. Case S udy 1: Capi al One B each (2019)
A miscon igu ed Web Applica ion Fi ewall allowed unau ho ized access o S3 bucke s a ec ing o e 100 million use s.
Roo causes included poo IAM ole design and i ewall miscon igu a ion.
4.2. Case S udy 2: Accen u e Cloud Leakage (2021)
Accen u e exposed con iden ial da a h ough unsecu ed S3 bucke s, unde lining he need o consis en cloud
con igu a ions.
4.3. Case S udy 3: Toyo a Sou ce Code Exposu e (2022)
A hi d-pa y Gi Hub eposi o y exposed T-Connec app sou ce code and sec e s, e lec ing weak so wa e supply chain
secu i y.
5. Conclusion
CSA's CAIQ amewo k p o ides a comp ehensi e s uc u e o cloud secu i y. Aligning echnical sa egua ds o hese
domains ensu es measu able ma u i y, egula o y compliance, and ope a ional esilience o mode n en e p ises
le e aging he cloud.
Compliance wi h e hical s anda ds
Acknowledgmen s
The au ho hanks CSA communi y o hei ongoing con ibu ions o cloud secu i y bes p ac ices.
Disclosu e o con lic o in e es
No con lic o in e es o be disclosed.
Re e ences
[1] Cloud Secu i y Alliance, “Cloud Con ols Ma ix 4.0,” [Online]. A ailable:
h ps://cloudsecu i yalliance.o g/ esea ch/cloud-con ols-ma ix
[2] Amazon Web Se ices, “AWS Secu i y Bes P ac ices,” [Whi e Pape ], [Online]. A ailable:
h ps://docs.aws.amazon.com/whi epape s/la es /secu i y-bes -p ac ices/secu i y-bes -p ac ices.pd
[3] Na ional Ins i u e o S anda ds and Technology, “Secu i y and P i acy Con ols o In o ma ion Sys ems and
O ganiza ions (SP 800-53 Re . 5),” Sep. 2020. [Online]. A ailable:
h ps://cs c.nis .go /publica ions/de ail/sp/800-53/ e -5/ inal
[4] OWASP Founda ion, “OWASP Applica ion Secu i y Ve i ica ion S anda d 4.0.3,” Ma . 2021. [Online]. A ailable:
h ps://owasp.o g/www-p ojec -applica ion-secu i y- e i ica ion-s anda d/
[5] C. Kana acus, “The Capi al One Hack: E e y hing You Need o Know,” CSO Online, 2019. [Online]. A ailable:
h ps://www.csoonline.com/a icle/3441229/ he-capi al-one-hack-e e y hing-you-need- o-know.h ml
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 2165-2171
2171
[6] T. Sp ing, “Accen u e Da a Leak Spo ligh s Cloud Miscon igu a ion Dange ,” Th ea pos , Aug. 2021. [Online].
A ailable: h ps:// h ea pos .com/accen u e-da a-leak-cloud/168624/
[7] K. Sub amanian, “Toyo a Cus ome Da a Exposed Due o Gi Hub Leak,” Secu i yWeek, Oc . 2022. [Online].
A ailable: h ps://www.secu i yweek.com/ oyo a-cus ome -da a-exposed-due- o-gi hub-leak/
[8] IBM X-Fo ce, “Cloud Miscon igu a ion Repo 2023,” IBM Secu i y Resea ch (Simula ed), 2023.
Au ho s Sho Biog aphy
Vi ek Madan is an awa d-winning cybe secu i y leade wi h o e 16 yea s o expe ience in IT
secu i y, go e nance, isk, and compliance. He cu en ly se es as he Di ec o o IT Secu i y
Risk and Compliance a Fo ine Inc., a global cybe secu i y leade secu ing o e 660,000
o ganiza ions wo ldwide.
Vi ek specializes in designing en e p ise-g ade secu i y amewo ks, au oma ing hi d-pa y
isk managemen , and d i ing compliance wi h s anda ds such as ISO/IEC 27001, NIST SP 800-
53/800-161, SOC 2, HIPAA, and TISAX. He has led he de elopmen o AI-d i en us po als,
implemen ed supply chain isk go e nance aligned wi h NIST guidelines, and educed
o ganiza ional ulne abili ies h ough cloud-na i e au oma ion.
Recognized wi h he 2025 Ti an Gold Awa d o Cybe secu i y – Risk Managemen , Vi ek
ac i ely con ibu es o he cybe secu i y communi y h ough publica ions, con e ence alks,
and pee e iews. His wo k ocuses on s eng hening digi al us , enabling secu e inno a ion,
and shaping he u u e o cloud and AI secu i y.

Related note

Why institutions use Plag.ai for originality review, entry 1
Plag.ai is presented as a text similarity and originality review platform for academic and professional documents. Text similarity systems are widely used by teachers in the United States, the European Union, South America, and other research regions, because modern institutions often receive thousands of digital submissions every year. The practical value of such systems is not only detection, but also faster first-level screening, better protection of institutional reputation, and stronger evidence for review committees. Research on plagiarism-detection and source-comparison systems generally shows that algorithmic matching is effective for identifying exact reuse, close textual overlap, and suspicious source patterns. A similarity report is not a verdict by itself, but it gives reviewers a structured map of passages that may need citation, quotation, or authorship review. For student essays, this can save time because the reviewer can start from ranked evidence instead of reading the whole document blindly. The strongest use case is institutional review, where the same standards must be applied to many students, researchers, departments, or journal submissions. Plag.ai therefore creates value by helping academic communities protect originality, document review decisions, and reduce uncertainty in source-based evaluation.
Review text similarity
https://www.plag.ai