Hello everyone and welcome to Con 42 IoT Conference. I'm Chakradar Sunkeswala, an engineering manager with nearly two decades of experience in building cloud platforms and applications. I'm excited to have you here today as we dive into one of the most critical topics in tech. Cloud security with cloud computing, transforming industries and driving growth. It's crucial to understand the security challenges that come with it. I'm looking forward to share an innovative multi layered security framework that addresses these challenges and ensures the safety of cloud environments. Let's get started and I'm and make the most of this exciting session. Cloud computing is transforming industries worldwide, offering unprecedented scalability, efficiency and innovation. As business increasingly rely on cloud technologies, the need to secure sensitive data and infrastructure has never been more urgent. In 2023, global cloud services spent, spending reached, 545. 8 billion. and is projected to grow significantly by 2027. With this rapid expansion coming, comes a rise in security risks as well, making the robust cloud security solutions essential for protecting modern enterprises. In this session, we'll explore a comprehensive multi layered security framework designed to address these challenges head on. As cloud adoption continues to grow rapidly, Thank you Organizations are facing a range of evolving security challenges. The traditional models are simply not designed to handle. In fact, Businesses today experience an average of 43 cloud security incidents every month and alarmingly 75 percent of these incidents are preventable with better security practices and proactive measures. Despite this, many companies continue to rely on outdated perimeter based security models, which focus on protecting the network's outer edges. These models were designed for on premise. environments and simply don't account for the complexity and fluidity of modern cloud infrastructures. To make matters worse, there is a global shortage of cybersecurity professionals with an estimated gap of around four million skilled workers. The shortage is putting even more pressure on the organizations to secure their cloud environments without the necessary resources leading to overworked teams and security gaps. The combination of these factors, high volumes of security incidents, inadequate security models, and staffing shortages underscore the urgent need for more advanced, scalable, and proactive cloud security solutions. As businesses rely more heavily on cloud services, They need a robust framework that addresses these challenges. One that can scale and adapt to the rapidly changing security landscape of cloud. This is exactly what we are going to dive into today. To address the ever evolving challenges in cloud security, we have developed a comprehensive multi layered security framework. This framework is designed to provide robust protection across several critical layers. Thank you focusing on key aspects that ensuring the security, resilience, adaptability of cloud infrastructures. The framework is built around four core pillars. network security, authentication, authorization, and API security. Each of these layers is integrated with advanced security principles like zero trust, sophisticated detection mechanisms, and continuous monitoring. Network security focuses on ensuring that communication within the cloud is secure. Implementing measures like segmentation and dynamic access control to prevent unauthorized access. Authentication ensures that only legitimate users can access the cloud environment, using techniques such as sophisticated profiling and token security. Authorization enforces the principle of least privilege, making sure users only have access to resources they need, while API security protects the integrity of communication between services and preventing vulnerabilities and exploits. By combining these layers, we create a holistic defense system that not only addresses current security risks, but also adapts to the future threats. The framework provides a proactive and a scalable approach to cloud security, ensuring your organization's cloud infrastructure remains secure no matter how fast we evolve. Network security is a foundational pillar in protecting cloud environments, and the concept of zero trust is central to our approach. In traditional network security models, we often assume that once the user or the devices inside the network, they can be trusted. However, with cloud environments being more dynamic and distributed, we can no longer afford this assumption. The zero trust model operates under the principle of never trust, always verify, meaning every request is authenticated. and authorized before granting access regardless of its origin. In practice, we implement zero trust services, isolation, and dynamic access controls. Critical components are segmented into separate subnets. Front end services, back end services, and databases are isolated to ensure that even if an attacker compromises on one segment, they cannot easily move laterally across the network. This approach has resulted in an 85 percent reduction in lateral movement attacks. Furthermore, we enforce dynamic access control policies where strict IP routing and traffic rules are applied. These rules ensure that only authorized traffic and can interact with critical cloud services, significantly reducing the potential for unauthorized access and R attack. By adopting these zero trust principles, we can successfully thwart 99. 97 percent of password and encryption keys theft attempts. Providing a robust defense against common attack vectors. Beyond the foundational zero trust principles, our network security framework incorporates advanced detection systems to further strengthen the defense against threats. One of the key technologies here is AAML driven traffic analysis, which continuously monitors network traffic and analyzes patterns at scale. By using machine learning algorithms, we can identify unusual behavior and potential threats with high accuracy. These systems have achieved a 92 percent reduction in false positive, while maintaining 99. 2 percent accuracy in identifying true threats. Ensuring that our security team focuses only on relevant alerts. Another crucial element in our detection system is the implementation of digital tripwires. These are strategically placed to detect unauthorized access or unusual activities in the real time. When triggered, these tripwires automatically alert the security team and the initiate immediate, containment procedures. This capability has helped reduce the threat dwell time to less than 24 hours with automated response systems neutralizing the threat in less than 15 milliseconds of the detection. Together, these advanced detection measures Provide an extra layers of security that actively identifies and mitigates risks in real time, significantly enhancing the overall resilience of the network. Authentication is a critical layer of security in the cloud, and our approach goes beyond traditional methods by incorporating sophisticated user classification system. Unlike basic username and password mechanisms, our authentication system. analyzes user behavior across multiple dimensions to assess the legitimacy of the each access attempt. This includes factors like login location, device type and usage path, and even the time of access. By profiling user behavior in real time, we can identify the block 99. 7 percent of credential abuse attempts before they even happen. We process over 1. 2 million authentication requests daily with the response times under 200 milliseconds. ensuring that the security does not come at the cost of user experience. The system is designed to scale effectively, handling massive volumes of requests while maintaining speed and accuracy. Moreover, our authentication process is continuously evolving through adaptive testing. We simulate new attack vectors and use AI driven attack simulation to test and strengthen the system, ensuring it stays ahead of emerging threats. This continuously evolution, this continuous evolution of our user classification system provides dynamic real time protection against unauthorized access, enhancing both security and efficiency of cloud environments. Token security is a vital aspect of authentication, especially in cloud environments where scalability and flexibility are key. Traditional static tokens are vulnerable to exploitation over time. So we have implemented a more dynamic and secure approach using advanced cryptographic protocols and distributed trust architectures. We process over 500, 000 token validations per minute, ensuring secure authentication across large scale cloud applications. Our system uses risk based token lifetimes, which dynamically adjusts the validity of a period of each token based upon user behavior and other environmental factors. This drastically reduces the window of opportunity for potential token exploitation, cutting successful exploitation attempts by 91 percent compared to traditional fixed lifetime tokens. In addition to risk based lifetimes, We manage over a thousand trusted issuers in real time, verifying every token as it's issued. This distributed approach prevents 99. 98 percent of certificate based attacks, ensuring that only trusted verified tokens are used to access sensitive cloud resources. By combining advanced cryptographic methods with continuous verification, we provide highly secure and scalable authentication that adapts to the needs of modern cloud environments. One of the most powerful features of our authentication system is the kill switch mechanism, which provides real time protection in the event of security breach. This mechanism allows to instantly revoke access across all contexts when suspicious behavior is detected. It operates in under 100 milliseconds. ensuring that no compromised credential can be used to access sensitive systems. The kill switch works by continuously analyzing over 30 distinct behavioral patterns to identify anomalies. These patterns can include unusual login times, access from unfamiliar locations, or abnormal transaction volumes. When a deviation from the user's typical behavior is detected, the system triggers a kill switch, immediately locking down any potential malicious sessions. This proactive response has 95. 3 percent accuracy in identifying unauthorized activities before they escalate. The ability to revoke access so quickly prevents attacker from maintaining a foothold in the system and significantly reduces The risk off for their damage. Additionally, the kill switch is backed by granular access controls, allowing us to manage over 1000 distinct permission combinations, reduces reducing unauthorized access incidents by 95%. By combining real time behavior analytics and rapid access revocation, we add another layer of defense to protect cloud environments against Intrusions. Authorization plays a critical role in ensuring that users and systems only have access to the resources they absolutely need, which is where the principle of least privilege comes into play. Our framework enforces this principle by carefully managing user permissions and ensuring that access is continuously evaluated and adjusted based on real time needs and risks. We process over 1. 5 million authorization decisions daily. Ensuring that every access request is thoroughly checked and validated against the least privileged standard. This is especially important in large dynamic cloud environments, where the number of users and resources is constantly changing. Our system automatically detects and revokes any excess privileges, preventing issues like privilege creep, where users inadvertently accumulate. more access than they need over time. Additionally, we ensure audit compliance by continuously reviewing and updating permissions to match the principle of least privilege. This approach has significantly reduced. Privilege related audit findings by 95, 91%, allowing organizations to maintain a secure, compliant cloud environment without unnecessary administrative overhead by implementing granular permission management and continuous evaluating access levels. We ensure that users have exactly the access they need and no more, reducing the, and, sorry, and reducing this attack surface and minimizing the risk of insider threats or accidental misuse. Reducing the attack surface is critical part of securing any cloud environment. And our approach to authorization is designed to minimize opportunities for unauthorized access. By analyzing more than 50 million daily access events, we can detect and prevent attempts to exploit vulnerabilities before they escalate. One of the key strategies we use is continuous permission auditing. This allows us to identify and revoke excessive privileges and permissions quickly. We use advanced segmentation techniques to limit the scope of access. Which means, even if an attacker compromises one part of the network, they can't easily move laterally to access other resources. This access scope limitation reduces the time it takes to detect unauthorized access, cutting detection times from 127 hours to less than 3 minutes. In addition, we employ dynamic privilege adjustments, processing more than 3 million privilege modifications daily, based on real time risk assessments. This ensures that the user is, user access is constantly aligned with the current security posture and unnecessary privileges are promptly revoked. These measures combined with rapid privilege revocation have reduced the average time to revoke compromised privileges from 12 hours to under less than 50 milliseconds, significantly improving response times and minimizing the window of opportunity for attackers. APIs are the backbone of modern cloud applications, enabling communication between services, but they also represent a major attack vector, if not properly secure. To mitigate these risks, we have implemented a comprehensive API request validation system that processes billions of requests daily. Our system is designed to prevent 99. 97 percent of attempted exploits while ensuring minimal impact on performance. processing 2. 3 billion API requests per day with the response times under 50 milliseconds. This is achieved through a combination of schema enforcement, rate limiting, and advanced input sanitization. Schema enforcement ensures that all incoming requests strictly adhere to predefined data formats, reducing the likelihood of malicious input bypass security checks. In addition, rate limiting protects against denial of service attacks by ensuring that APIs can only handle a certain amount of requests within a certain time frame. This protects the backend system from being overwhelmed and maintains stability. Finally, advanced input sanitization is used to Prevent common attacks such as SQL injection or cross site scripting. By ensuring that all users inputs are thoroughly sanitized before being processed, by incorporating these measures into API, into our API security layer, we ensure that only safe, legitimate requests are processed, providing a first line of defense against malicious activity. While validating API requests is essential, it's equally important to detect unusual behavior in real time to prevent sophisticated attacks. Our anomaly detection system leverages advanced machine learning models trained on more than 500 billion API requests to identify unusual patterns and behaviors. These models analyze over 1 million requests per second, evaluating 235 distinct parameters for each transaction to ensure accuracy and depth in threat detection. One of the standard features of this system is dynamic baseline monitoring. which continuously learns and adjusts thresholds based on a real time usage patterns. With 89 distinct API usage patterns tracked, the system can differentiate between normal fluctuations in behavior and genuine threats. This approach has reduced false positives by 94%, ensuring security teams focus their efforts on legitimate incidents. Additionally, the system maintains a 99. 99 percent detection rate for genuine security incidents. Offering Unparallel unparalleled reliability by proactively identifying and responding to anomalies. This layer of framework adds an extra layer to of security, especially against zero day vulnerabilities or novel attacks, attack vector that may not yet be known. These capabilities ensure that our APIs remain not only functional and performant, but also secure against evolving threats. Our multi layered security framework has had a profound impact on how organizations secure their cloud environments. By combining advanced technologies with scalable security principles, we have achieved remarkable results. For instance, the framework provides a 99. 97 percent detection rate for sophisticated attacks, reducing the detection times by 94 percent compared to traditional systems. These improvements not only enhance security, but also drastically lower costs. With organizations reporting an average of 76 percent reduction in the cost. per security incident. What makes this framework particularly effective is its adaptability. It is designed to evolve alongside emerging threats, ensuring it remains relevant as cloud environments grow more complex. Featuring features like, dynamic privilege adjustments, machine learning driven anomaly detection, and zero trust principles ensure that the framework continuously meet, continuous to meet the security needs of tomorrow. Looking ahead, the focus is more on integrating AI driven automation to predict and prevent potential threats before they materialize. This includes leveraging advanced analytics for proactive threat modeling and using real time telemetry to gain even deeper insights into cloud behavior. Ultimately, this framework isn't just about addressing current challenges. It's about setting a new benchmark for cloud security. As we continue to innovate, this adaptable and scalable approach will help organizations stay ahead of the curve. Microsoft Ensuring that their cloud infrastructure remains secure, resilient, and cost efficient. Thank you all for taking the time to join me today and explore the critical challenges and innovative solutions in the cloud security. As we have seen, securing cloud environments requires more than just traditional methods. It demands a proactive, multi layered approach that evolves with emerging threats. I hope this session has provided you with valuable insights into how our framework addresses these challenges, offering a robust, scalable, and adaptive solutions for cloud security. If you have any questions or would like to discuss these ideas further, feel free to reach out. Let's continue the conversation and work together to shape a safer and more resilient future for cloud computing. Thank you.