Enhancing Cloud Access Security: An Adaptive CASB Framework for Multi-Tenant Environments
Main Article Content
Abstract
In the context of multi-tenant cloud systems, security concerns, data loss, and unauthorized access are becoming more of a challenge for enterprises as they increase their use of SaaS platforms. In addition to traditional perimeter defenses, modern dispersed cloud ecosystems need security measures to prevent unauthorized access by users using diverse devices and ever-changing networks. This study introduces a context-aware CASB system that uses user identity profiling, behavioral analytics, and risk scoring to dynamically enforce data protection policies. In response to context signals such as access location, device trust level, previous activity patterns, and abnormal behavior, the suggested system constructs an adaptive policy enforcement layer capable of fine-tuning access decisions during runtime. An anomaly detection layer that is built on machine learning that is specifically designed to learn about each user's baseline and warn them to potentially dangerous actions before any data is stolen or misused. While keeping operational overhead minimal, this architecture seamlessly integrates with business identity management systems, Data Loss Prevention (DLP) solutions, and Next-Generation Firewalls (NGFWs). The result is a single point of policy orchestration. Experiments conducted on cloud settings with several tenants have shown that stringent security measures may be implemented with a 35% decrease in the amount of unwanted access while incurring just an extra 8% latency cost, as compared to other solutions. In order to protect companies from new cloud security risks, this article presents a scalable and modular paradigm for CASB that uses policy-driven access control that takes context into account. This approach lays the groundwork for smart cloud access governance that adapts to user intent, behavior patterns, and danger environment dynamics.
Article Details
Section
How to Cite
References
1. K. Krombholz, H. Hobel, M. Huber, and E. Weippl, "Advanced social engineering attacks," Journal of Information Security and applications, vol. 22, pp. 113-122, 2015.
2. S. Landini, "Ethical issues, cybersecurity and automated vehicles," InsurTech: A Legal and Regulatory View, pp. 291-312, 2020.
3. Q. Fan, X. Li, J. Li, Q. He, K. Wang, and J. Wen, “PA-Cache: Evolving learning-based popularity-aware content caching in edge networks,” IEEE Trans. Netw. Serv. Manag., vol. 17, no. 2, pp. 1014–1027, Jun. 2020.
4. C. Ming, Y. Bingjie, and L. Xiantong, "Multi-tenant SaaS deployment optimisation algorithm for cloud computing environment," International Journal of Internet Protocol Technology, vol. 11, no. 3, pp. 152-158, 2018.
5. M. Lansley, N. Polatidis, S. Kapetanakis, K. Amin, G. Samakovitis, and M. Petridis, "Seen the villains: Detecting social engineering attacks using case-based reasoning and deep learning," 2019.
6. F. Salahdine and N. Kaabouch, "Social engineering attacks: A survey," Future internet, vol. 11, no. 4, p. 89, 2019.
7. D. Huang, D. Mu, L. Yang, and X. Cai, "CoDetect: Financial fraud detection with anomaly feature detection," IEEE Access, vol. 6, pp. 19161-19174, 2018.
8. Z. Chen, W. Dong, H. Li, P. Zhang, X. Chen, and J. Cao, "Collaborative network security in multi-tenant data center for cloud computing," Tsinghua Science and Technology, vol. 19, no. 1, pp. 82-94, 2014.
9. Q. Fan, X. Li, J. Li, Q. He, K. Wang, and J. Wen, “PA-Cache: Evolving learning-based popularity-aware content caching in edge networks,” IEEE Trans. Netw. Serv. Manag., vol. 17, no. 2, pp. 1014–1027, Jun. 2020.
10. Y. Wang and V. Friderikos, “Energy-efficient proactive caching with multipath routing,” IEEE Trans. Green Commun. Netw., vol. 5, no. 2, pp. 487–499, Jun. 2021.
11. C.-J. Chung, T. Xing, D. Huang, D. Medhi, and K. Trivedi, "SeReNe: on establishing secure and resilient networking services for an SDN-based multi-tenant datacenter environment," in 2015 IEEE International Conference on Dependable Systems and Networks Workshops, 2015: IEEE, pp. 4-11.
12. S. S. Gulati and S. Gupta, "A framework for enhancing security and performance in multi-tenant applications," International Journal of Information Technology and Knowledge Management, vol. 5, no. 2, pp. 233-237, 2012.
13. R. K. Thelagathoti, “Named data networking for content delivery,” J. Internet Technol., vol. 22, no. 5, pp. 123–134, Oct. 2021.
14. P. Jyothi, "Efficient Technique to optimize cloud storage in multi-Tenant Environment," IJCERT ISSN (O): 2349-7084, pp. 23-29, 2016.
15. Ngo, C., Demchenko, Y., De Laat, C.: ‘Multi-tenant attribute-based access control for cloud infrastructure services’, J. Inf. Secur. Appl., 2016, 27, pp.65–84
16. Hussain, S.A., Fatima, M., Saeed, A., et al.: ‘Multi-level classification ofsecurity concerns in cloud computing’, Appl. Comput. Inf., 2017, 13, (1), pp.57–65
17. Batista, B.G., Ferreira, C.H., Segura, D.C., et al.: ‘A QoS-driven approach forcloud computing addressing attributes of performance and security’, FutureGener. Comput. Syst., 2017, 68, pp. 260–274
18. Gupta, D., Chakraborty, P.S., Rajput, P.: ‘Cloud security using encryptiontechniques’, Int. J., 2015, 5, (2), pp. 425–429
19. P. A. Urla, G. Mohan, S. Tyagi, et al., “A novel approach for security of data in IoT environment,” in Computing and Network Sustainability, 2019, pp. 251–259. [Online]. Available: https://arxiv.org/