(PDF) Top Threats to Cloud Computing Security

Verified

Added on  2021/05/30

|13
|2463
|122
AI Summary

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running Head: CLOUD COMPUTING SECURITY THREATS 1
SECURITY THREATS IN CLOUD COMPUTING

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
CLOUD COMPUTING SECURITY THREATS 2
Abstract
Cloud computing is an innovation that has transformed the traditional way of accessing
software’s, storage structures, servers and managed services by allowing users to access them via
the Internet. As such, it offers a lot of benefits including cost savings, quicker innovation, faster
marketing, operations flexibility and easy data and information access. Cloud computing has
grown extensively since its launch as a result of the substantial benefits it offers individuals and
businesses according to Gartner. However, since it is a rapidly emerging development it is still
facing huge challenges both as a concept and in reality such as difficulty in interoperability
insecurity. This report describes cloud computing including technologies that are used in cloud
computing, such as implementation models. It also identifies and discusses some of the major
cloud computing security challenges. Specifically, the report discusses security and privacy
issues through data breaches and regulatory challenges in cloud systems. Following, measures to
reduce these issues have been suggested. Additionally, areas lacking in cloud computing security
research has been identified alongside a summarized discussion on future research areas with
regard to cloud computing technology.
Document Page
CLOUD COMPUTING SECURITY THREATS 3
Table of Contents
Abstract.......................................................................................................................................2
Introduction to Cloud Computing...............................................................................................4
Cloud Computing Service Models..............................................................................................4
Cloud Computing Delivery Models............................................................................................5
Security Challenges in Cloud Computing...................................................................................5
Cloud Security Threats................................................................................................................6
Research Gap for Cloud Security................................................................................................8
Measures to Reduce Security Threats.........................................................................................8
Conclusion and Future Research Direction.................................................................................9
References.................................................................................................................................11
Document Page
CLOUD COMPUTING SECURITY THREATS 4
Introduction to Cloud Computing
According to National Institute for Standards and Technology (NIST), cloud computing is a
technology that facilitates suitable access to configurable computing resources and infrastructure
such as software, servers, networks, storage infrastructure (NIST, 2018). Cloud computing
services can be accessed with little efforts from an organization’s management or service
providers (Sen, 2011). Another basic way to define cloud computing is that it is a development
that delivers software’s and IT resources such as managed services over the Internet and through
software and hardware in datacenters. Google, Microsoft and Amazon are some of the popular
companies that provide cloud computing services for Industries (Fischer, 2018).
Cloud Computing Service Models
Cloud computing can be implemented in form of several services including as software,
infrastructure and platform in services termed software as a service, infrastructure as a service
and platform as a service (Orlando, 2011).
Software as a service allow customers to access any applications over the Internet
without the need to necessarily install it in the machines. This way they don’t bother with
updates and upgrades because they always access an updated copy of the application.
Infrastructure as a service allow users to be able to access IT infrastructure components
such as servers, storage drives, networks and more
Platform as a service enable mostly developers and system designers access applications
for developing environments solely online. Such a service protects developers from loss
of code since everything is stored on the cloud and can be accessed from anywhere.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
CLOUD COMPUTING SECURITY THREATS 5
Cloud Computing Delivery Models
Whether a user is in need of a software, IT storage resource or a development platform from the
cloud, there are several methods to implement the service they select. According to (Badger,
Grance, Patt-Corner, & Voas, 2011), cloud systems can be implemented in any of these models.
As a public cloud: a user usually subscribes to a public cloud from a third party cloud
services provider such as Google, Amazon or Microsoft. A public cloud is therefore
hosted by the provider whose service is to sell, host and manage cloud space for clients
(Microsoft Azure , 2018).
As a private cloud: a user usually gets an exclusive cloud space that is not shared with the
public. The space can be hosted by the end-user or the cloud provider providing the
service for the user. A private cloud is more costly that a public cloud but offers more
privacy and control since the owner is the one who mostly is in charge of control and
management.
As a community cloud: a community cloud is implemented when more than one user or
organization share a cloud space in order to work collectively or to support a common
mission or objective, policy or concerns.
As a hybrid cloud: a hybrid cloud is the deployment of more than one cloud systems. For
instance if an organization implements both public and private cloud, they are using a
hybrid cloud computing.
Security Challenges in Cloud Computing
Cloud computing innovation has proven very beneficial for individual persons and organizations
throughout the world. However, it is still faced with huge security issues (Monjur & Mohammad,
2014). This part of the report identifies some of the security issues facing cloud systems. Many
Document Page
CLOUD COMPUTING SECURITY THREATS 6
security issues affect cloud computing because it uses are integrated with several technologies
such as computer networks, operating systems, databases, virtualization, processing
management, device management and memory management. Thus, all security matters that
affect such systems automatically become challenges for cloud computing. For instance,
computer networks provides a platform for cloud computing implementation since they
interconnect cloud systems and models. Cloud computing is also overlaid on top of the Internet
which is a computer network. Some of the risks that affect the Internet will therefore affect cloud
computing implementation. Likewise, virtualization technology in cloud computing is also tied
to a number of security concerns including the challenge of mapping physical to virtual
machines in a secure manner. In addition, algorithms for managing memory and resource
allocation need to be secure.
Cloud Security Threats
Cloud related threats can vary depending on the model used by a user or an organization (Lee,
2012). There are several types of security threats including the following:
Insider Attacker Threats
Insider threats are some of the most active threats to cloud computing systems. An internal
attacker is usually employed by a company whose data and information they attack or employed
by cloud providers that provides cloud facilities (Sen, 2011). As such, they many have
authorized access to cloud services including customer information and applications. Since they
already have access to the systems, they can easily be a threat to supporting infrastructure and
applications, depending on the role they have in an organization and using existing privileges to
gain access and perform an illegal act against data integrity and confidentiality.
Document Page
CLOUD COMPUTING SECURITY THREATS 7
External Attacker Threats
An external attacker intrudes systems from outside for example a hacker. As such, they are not
employed by the company they intrude or the service provider organization that support the
systems. They therefore have no authorized access to data and information they attack. External
attackers carry out attacks against data and information confidentiality of cloud systems.
Hacking attacks have become prevalent globally that such the cyber security is expected to grow
massively in the coming years making cyber security skills become some of the most sought
after (Ekran , 2016). Threats from outside attackers may be thought to be targeted to public
clouds more than the other types of clouds. But, attackers intrude into all types of clouds and
most especially private clouds that could be more targeted. For instance, cloud application
providers with systems that hold huge data and information such as customer personal details,
credit and debit card details, sensitive data such as health information, or government related
data is subject to hacker attacks. Such hackers use social engineering, denial of service attacks,
and back door attacks to target and attack cloud systems.
Data Loss and Leakage
Data loss can transpire in the event of equipment failure and is one of the greatest risks with
cloud systems (Messmer, 2013). Additionally, failure to have the right access rights across
several domains can lead to data loss and leakage. Using a public cloud or the same third party
provider can lead to data leakage that cloud result from a human error or faulty hardware or
software.
Poor Identity and Data Access Policies and Procedures

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
CLOUD COMPUTING SECURITY THREATS 8
Sometimes the threat that faces cloud security systems is as a result of poor or lack of data access
procedures. When organizations fail to come up with clear procedures that govern data access
across a company, data is likely to fall in the wrong hands.
Cloud Computing Systems Downtime
Systems downtime is a great risk for cloud systems (EMC , 2014). It occurs when the underlying
infrastructure that support clouds for organizations fail including hardware and software’s (Chou,
2013). Downtime from cloud services providers such as Amazon or Google for instance can
spell disaster for people and businesses that depend on them for services. If a service provider
systems fail for four hours, it will also affect a user and their operations will also fail or pause for
four hours.
Research Gap for Cloud Security
With the dawn of social media, more and more security challenges for cloud systems have come
up. Attackers have doubled social engineering attacks by using social network platforms such as
Facebook, Twitter and LinkedIn. There’s no enough information to help users deal with attacks
that come through social media networks. It is thus crucial to study how attackers use social
engineering tactics through social media to target IT systems. Since social engineering is one of
the most common tactics that attackers use to gain login credentials from authorized personnel, it
is critical for business to familiarize themselves with how to detect it and some tactics attacks
may use so as to detect stop attempted attacks.
Measures to Reduce Security Threats
This part provides measures that can be taken by cloud services consumers to guard against data
security threats. The solutions can also help to manage and assess the privacy and security of
Document Page
CLOUD COMPUTING SECURITY THREATS 9
their cloud services, in order to reduce threats and risk as well as deliver suitable level of support
for cloud systems (Cloud Security Alliance , 2018). Such measures are outlined below according
to (Cloud Standards Customer Council , 2017).
i. Ensure proper governance and compliance processes
ii. Regular auditing of operational business processes
iii. Manage and control people, their identities and roles
iv. Ensure proper protection of data and information
v. Enforce privacy policies
vi. Regular assessment of cloud applications provisions for security
vii. Ensure security for cloud connections and networks
viii. Regular monitoring and security controls evaluation of physical infrastructure facilities
ix. Manage and control cloud services security terms
x. Implement biometric and intrusion detection systems
Conclusion and Future Research Direction
There’s no doubt that cloud computing technology is very significant for modern businesses
today. By implementing cloud computing, a business becomes more efficient in its operations
and increases its productivity and eventually revenue. For individual persons, cloud computing
offers convenience and speed. For freelancers, cloud computing enables them the comfort of
working from home. Cloud adoption is therefore beneficial. But faced with all the security
challenges discussed above, it can be risky. Adopting cloud computing without implementing the
right security policies, mechanisms tools and procedures is not helpful especially with the
increase in cyber-attacks. It is important to further search on social media growth and how it
Document Page
CLOUD COMPUTING SECURITY THREATS 10
affects cloud systems for improved security enhancement. Social media is an emerging and
disruptive technology that is being used as a channel to attack cloud systems.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
CLOUD COMPUTING SECURITY THREATS 11
References
Badger, L., Grance, T., Patt-Corner, R., & Voas, J. (2011, May 20). Draft Cloud Computing
Synopsis and Recommendations. Special Publication, National Institute of Standards and
Technology (NIST) . Retrieved from NIST: http://csrc.nist.gov/publications/drafts/800-
146/Draft-NIST-SP800-146.pdf
Chou, T.-S. (2013). SECURITY THREATS ON CLOUD COMPUTING VULNERABILITIES.
International Journal of Computer Science & Information Technology (IJCSIT) Vol 5,
No 3, June 2013, 82-90.
Cloud Security Alliance . (2018, May). Introduction to the Security Guidance Working Group.
Retrieved from Cloud Security Alliance :
https://cloudsecurityalliance.org/group/security-guidance/#_overview
Cloud Standards Customer Council . (2017). Security for Cloud Computing Ten Steps to Ensure
Success. Retrieved from http://www.cloud-council.org:
http://www.cloud-council.org/deliverables/CSCC-Security-for-Cloud-Computing-10-
Steps-to-Ensure-Success.pdf
Ekran . (2016, July 26). www.ekransystem.com. Retrieved from 4 FACTS ABOUT CYBER
CRIME (CYBER SECURITY STATISTICS IN 2018:
https://www.ekransystem.com/en/blog/cyber-security-statistics
EMC . (2014). Protect Cloud based Systems IT Systems from Downtime and Data Risks .
Retrieved from www.emc.com:
https://www.emc.com/collateral/solution-overview/h13690-so-metropoint-availability-
cloud.pdf
Document Page
CLOUD COMPUTING SECURITY THREATS 12
Fischer, S. (2018, May 2). The Best Cloud Storage Services for Backup in 2018. Retrieved from
www.thebalanceeveryday.com: https://www.thebalanceeveryday.com/free-cloud-storage-
1356638
Lee, K. (2012). Security Threats in Cloud Computing Environments. International Journal of
Security, Vol 6, Issue 4, 25-32.
Messmer, E. (2013, March 31). Cloud Security Alliance formed to promote best practices.
Retrieved from Cloud Security Alliance:
https://www.computerworld.com/article/2523598/security0/cloud-security-alliance-
formed-to-promote-best-practices.html
Microsoft Azure . (2018). What is a public cloud? Retrieved from azure.microsoft.com:
https://azure.microsoft.com/en-us/overview/what-is-a-public-cloud/
Monjur, A., & Mohammad, A. (2014). CLOUD COMPUTING AND SECURITY ISSUES IN
THE CLOUD. nternational Journal of Network Security & Its Applications (IJNSA),
Vol.6, No.1, January 2014, 25-26.
NIST. (2018, May 4). Cloud Computing Definition . Retrieved from faculty.winthrop.edu:
https://faculty.winthrop.edu/domanm/csci411/Handouts/NIST.pdf
Orlando, D. (2011, February 08). Cloud computing service models. Retrieved from
www.ibm.com: https://www.ibm.com/developerworks/cloud/library/cl-
cloudservicemodels/index.html
Sen, J. (2011). Security and Privacy Issues in Cloud Computing. Innovation Labs, Tata
Consultancy Services Ltd, 40-42.
Document Page
CLOUD COMPUTING SECURITY THREATS 13
1 out of 13
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]