The first defense mechanism that is employed to deter se-curity breaches is a firewall.The cloud itself, being a security container, will therefore have an outer firewall. Where you have containers within con-tainers, which is not uncommon, then you would have fire-wall after firewall to traverse if you followed the data flow. The firewall will contain rules that tell it what traffic to al-low through and what traffic to block. However, a security system will have a number of components such as firewalls, user authentication and identification, intrusion detection and prevention, and user-based security such as anti-virus and anti-malware tools. Such a system, if properly configured, will generate logs that will keep track of users, services provided to the users, and data. Reviewing the log files by humans is not possible, since the logs grow to a large size very quickly. As such, software is used to analyze the server and firewall logs, as a first step in monitoring, in order to detect any suspicious activity.The second line of defense is at the user authentica-tion and identification stage. If a number of failed attempts are made to log in as someone or to a particular service, then the monitoring tools ought to alert the cloud system administrator of this. If the tools are automated, then they may deny further log-ins on that account or to that service by the username concerned. Additionally , certain traffic can be deduced to be suspect because it is trying to use a service that is not allowed for a particular user, or it is trying to re-trieve data that would normally not be needed by the user.
All such traffic can be analyzed and reported by software that is known as intrusion detection system (IDS).Usually this takes the form of anti-malware (included in this is anti-virus, anti-spoof-ing, personal firewalls, and blockingof tracking cookies2) that is installed on the client device that you use to access cloud services. Mostly such end-user client devices are out-side the scope of a cloud service provider to monitor or con- It is this, then, that becomes the weak link in the security chain. However, with thin or zero-client comput-ing, this weak link should become irrelevant as the client device should have a centrally managed operating system.