The main aim of this project is to investigate the distinctive security risks associated with cloud computing—such as data breaches, misconfigured services, insider threats, and multi-tenancy risks—and to propose robust, business-oriented strategies for securing cloud infrastructure and data. With the global shift towards cloud-based operations, organizations are increasingly exposed to evolving cyber threats that traditional IT security frameworks are not equipped to handle. Students undertaking this project will evaluate cloud-specific challenges and the shared responsibility model between cloud service providers and users. The expected outcome is a set of best practices, policies, and technological recommendations (including encryption, IAM, multi-factor authentication, and compliance frameworks) that enterprises can adopt to minimize risks and enhance trust in cloud ecosystems.
To complete this project successfully, students will begin with a comprehensive literature review of cloud computing architectures (IaaS, PaaS, SaaS) and commonly used cloud platforms (e.g., AWS, Azure, Google Cloud). They will identify and categorize different types of cybersecurity threats unique to cloud environments and explore real-world case studies involving cloud breaches or attacks.
Students will also conduct a comparative analysis of existing cloud security standards and frameworks such as ISO/IEC 27017, NIST, and the CIS benchmarks. In addition, they will evaluate the effectiveness of tools and methods such as encryption protocols, identity and access management (IAM), firewalls, and Security Information and Event Management (SIEM) systems. If feasible, surveys or expert interviews may be conducted with IT managers or cloud practitioners to understand current industry practices.
The project will culminate in the development of a strategic cybersecurity blueprint tailored for cloud adoption, which includes a policy recommendation document, a risk mitigation framework, and implementation roadmap. Students will document their findings in a detailed report and deliver a final presentation summarizing insights and recommendations.
