Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Cloud Security Threat Identification and Mitigation

Verified

Added on 2019/09/23

AI Summary

The provided assignment content discusses the importance of ensuring the security of cloud-based systems. Despite the increased use of cloud technology, the literature focuses on analyzing security aspects and current techniques to cope with hacking threats. However, as hackers' methods become more advanced, existing security measures become less effective. Therefore, there is a gap in identifying potential security threats and taking necessary steps by cloud vendors. Future research directions include developing holistic approaches to manage cloud security threats and minimizing losses associated with such threats.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Task 3
1

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Table of Contents
Introduction:....................................................................................................................................3
Overview of the cloud computing and the relevant technologies:..................................................3
Security issues associated with the cloud:.......................................................................................4
Identification of gaps in existing literature:...................................................................................10
Future research directions:.............................................................................................................11
Conclusion:....................................................................................................................................11
References:....................................................................................................................................12
2

Introduction:
The cloud computing is one of the emerging technologies in the recent years. The cloud
computing provides the users with many benefits including the enhanced flexibility, improved
efficiency and the better strategic value. However, the cloud computing highly depends on the
internet and so; it is being highly vulnerable to the security threats. Therefore, in recent days, the
users of cloud computing are focusing more on enhancing security of the data shared over the
cloud services (An & Kim, 2018). As the hacking techniques are getting improved every day,
protecting confidentiality of the data shared over the cloud service is also getting difficult. The
organizations which are using the cloud services need to focus more on identification of the
solutions to mitigate the security threats. The current research report deals with analysis on the
security challenges faced by the users of cloud computing. The research report also gives
importance on identification of the gaps in existing literature and providing the future research
directions.
Overview of the cloud computing and the relevant technologies:
Cloud computing security or cloud security refers to the set of technologies, policies, and
controls used to ensure applications, data, as well as the associated infrastructure of the cloud
computing. It is a sub-domain of PC security, network security, and, more extensively,
information security. The approach of cloud computing is actually forcing organizations to
change their techniques. Already, contracting another worker means furnishing him with a work
area, computer and different other hardware or software which requires investment of huge
amount of capital and the Cloud computing enables them to lessen these capital expenditures
fundamentally. Presently each of the employees needs is a computer with a web association with
access the work data. Work areas and office gear may in any case be vital; however the cost of
storage hardware can be reduced by taking help from the cloud computing organizations. Upon
switching to the cloud computing services, need of the hardware and software on the business'
side drastically (BRANQUINHO, 2018). As the labor costs per employee does down, the
organization becomes empowered to hire more number of workers. Due to use of the cloud
3

technology, productivity of the organization expands, which increases the proficiency and profits
of the business.
Security issues associated with the cloud:
The key reason behind the increasing importance of cloud computing is the benefits it provides
to the business organizations. The cost reduction is one of the key factors that attract the
businesses to use the cloud services. Apart from the benefits obtained from the cloud computing,
there are a number of concerns about cloud computing exist, specifically regarding the privacy
and security of data shared over cloud.
Entrepreneurs and administrators may hesitate to expose their confidential data to an outsider
system considering all the security issues associated with it (Ivanchenko ey al.2018) .Losing
access to the own data or having it compromised can reduce competitiveness of the organizations
in the market . One major advantage against the security concern, is the fact that cloud
computing provides the organizations with the opportunity to increase the productivity and the
profitability . Despite the intensity of this motivating force, there are many businesses which still
hesitate to use the cloud technology.
When it comes to ensuring privacy of the data, the key concern is making the interaction
between the client's computer and the cloud system secured. Privacy could undoubtedly be
compromised by corrupted people who could access individual information like credit card
numbers when the users system and the cloud system is interacting. A solution for this issue is to
utilize authentication and encryption to protect the data.
The practical concerns related to losing confidentiality of the protected data can be reduced to
some degree through the authentication process. When the authentication process is
implemented, the users need to verify their identity before getting access to the data in several
stages. As a result, getting access to the data by the unauthorized individuals becomes difficult.
Data theft is one of the biggest threats associated with cloud based systems. Implementation of
the authentication system helps the users to keep the data secured.
Cloud computing as well as the storage services provide the users with the capabilities for
storing and processing the data in the external data centers. The organizations utilize the cloud in
4

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

the form of a wide range of service models such as the PaaS, SaaS, and Iaas. The organizations
also utilize a number of deployment models for incorporating the cloud system to the business
activities. The deployment models which are used by the businesses for switching to the cloud
based services can be categorized as the private, hybrid, public, and community based models
(Hashem et al.2015). The security concerns associated with the cloud based systems can be
categorized into two general categories. These categories are the security issues provided by the
cloud service providers and the security issues caused by the activities of the user organization.
The security issues caused by the cloud service providers can deal with the security threats
associated with the private platform offered by the vendors, the software used as part of the
cloud services and the infrastructure required to incorporate the cloud services. The
organizations on the contrary, require focusing to deal with the security issues associated with
their own applications. It indicates that the responsibility to ensure security of the data stored and
processed in cloud is shared between the vendors and the users. Collaboration between these two
parties is necessary to reduce the threats associated with data security by the cliud based
organizations (Rittinghouse & Ransome, 2016).
The extensive focus on virtualization for development of the cloud based systems enhances the
security concerns for the users. The security concerns become more serious when the users opt
for using the public cloud services. The public cloud services can be accessed in an easier way
by many users and so, the data stored in the cloud based systems are more vulnerable to the
security threats. Use of the virtualization modifies the interaction between the basic hardware
and the operating system. Use of the virtualization adds another layer to the cloud security which
needs to be managed with additional care.
Cloud security controls
The safety of the cloud security architecture can be ensured if the correct precautions are taken.
An efficient cloud security architecture should be able to manage the issues which emerge from
the security management. The security controls are used to cover the shortcomings present in the
system and also mitigate the effects of a security threat. There are several controls associated
with the cloud security services. The users need to choose the right ones as per their
requirements.
5

Deterrent controls
The deterrent controls are designed to reduce the attacks to the cloud based systems. Such
controls inform the potential attackers that there are damaging effects of the illegal activity they
are trying to carry out (Almorsy et al.2016). Therefore, the deterrent controls are considered to
be a way for preventing the security attacks to the cloud based systems.
Preventive controls
The preventive controls are used for strengthening the system security against the present threats.
The preventive controls give importance on reducing the level of vulnerabilities rather than
completely eliminating those vulnerabilities. Implementation of the strong authentication system
of the cloud users can be considered as an instance of the preventive controls against the security
threats. The authentication measures help the systems to distinguish between the authorized and
the unauthorized users. As an impact, the security threats reduce to a great extent.
Detective controls
The detective controls are created by recognize as well as react if there is any incident of the
security breach. When an incident of the security breach occurs, the detective control helps the
deterrent or corrective controls to take action against the security breach (Botta et al.2016). The
activities of detective control includes the intrusion detection, network monitoring, the system
monitoring and making the preventive arrangements against the attacks.
Corrective controls
The corrective controls are used for eliminating the effects of an incident of the security breach.
In other words, the corrective controls focus on reducing the adverse effects of the security
attacks (Amini et al.2015). The corrective measures become effective after occurrence of an
incident of security breaches. Restoration of the system backup can be considered as an instance
of the corrective control. The facility to restore the system back up helps to protect the data even
if security of the cloud based system is compromised.
Dimensions of cloud security
6

Assessing the dimensions of cloud security is necessary to ensure the security of the optimum
level for the information being dealt with the cloud based system. Identification and assessment
of the security dimensions in the cloud security based systems helps the users to identify the
information security controls in accordance with the level of threats posed to the organization,
the extent of vulnerabilities and its effects on the business. The concerns related to the cloud
security can be managed in several ways. The Cloud access security brokers (CASBs) are the
software which are used along with the cloud applications and the cloud service users for the
purpose of monitoring as well as enforcing the security policies.
Identity management
Each cloud service can possess its own particular identity management system to control access
to information and computing resources (Von Solms & Roussel, 2015; Fielder et al.2016).).
Cloud providers either incorporate the client's identity management system into their own
infrastructure, utilizing league technology, or through a biometric-based identification system.
Physical security
Security of the cloud based system can be com promised due to lack of the security to the
hardware associated with the cloud infrastructure. For instance, enhancing security of the
hardware materials such as the routers, the servers , wires can help the users to protect the data.
The vendors of cloud services need to take step for protecting the hardware associated with the
infrastructure from fire, theft, impedance, power surge and the unauthorized access.
Personnel security
Managing the insider threat is another crucial aspect of the cloud based systems. Security of a
cloud based system can be compromised due to activities of the personnel who are dealing with
the system. For ensuring the security of cloud systems, it should be ensured that the personnel
who are responsible for managing the system are aware of the best practices associated with it.
Confidentiality
The confidentiality of the data is described as a property which ensures that the information
stored in the cloud are neither accessible or can be disclosed by the unauthorized users (Liu et
7

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

al.2015). When a business opts to use the cloud based services , it has to share the data with the
external bodies. If the cloud service is ale to keep the data confidential , then the business
becomes able to enjoy the benefits of cloud based systems fully.
Access controllability
The feature of Access controllability indicates that owner of the data is able to put some
limitations over the use of information even if it is shared across the cloud (Gordon et al.2015).
Incorporation of the access controllability policies ensures that the legitimate users are able to
access the data stored in the cloud only whereas the data remains inaccessible to the other users.
However , the access control policies are able provide different users with the opportunity to
access the data to different extents as per their need. As the users do not get full access to the
data stored in the cloud, the security risks can be mitigated further.
Integrity
The data integrity indicates that the information stored in the cloud is precise enough. The cloud
services need to be able to ensure that any attempt for altering the data by the unauthorized users
can be tracked instantly. The cloud services need to be able to ensure that any attempt to
change the data illegally is prevented.
Encryption
Some propelled encryption algorithms that are incorporated into cloud computing increment the
protection of privacy (Buczak & Guven, 2016). In a practice named as the crypto-destroying, the
keys can essentially be erased when there is no more utilization of the data. If an unauthorized
user gets access to the keys, the security of the information stored in cloud by the organization
can be at risk.
Approaches to enhance the cloud security:
The organizations dealing with cloud based systems need to approach the issues with respect to
cloud computing security in two different ways: one concentrating on cloud services, and the
other on created applications. To successfully oversee cloud services, begin with a far reaching
audit of cloud providers. IT chiefs should as of now be doing these audits as a component of
8

their due perseverance, however it is necessary to make the information-security personnel able
to play a part in this process to guarantee that the services offered by potential vendors are fully
secured and use of such services cannot enhance vulnerability of the businesses.
The security threats in the cloud environment are increasing every day. Even if the security
measures took by the vendor seem adequate for protecting the data in the cloud environment, the
businesses need to review their own ways to deal with the cloud based system. The own
activities of a business such as the applications used by a business becomes more vulnerable to
the security threats when they are being used in the cloud environment. Therefore, the
organizations need to pay more attention to eliminate the security threats from their own
processes while working in the cloud environment.
When a business starts to use the cloud environment, it needs to be able to improve the activities
fast for remaining compatible with the ever changing cloud technology. Incorporation of the
agile methodology can be effective while using the cloud environment in the organizational
context. At the time of implementing the cloud based systems, the organizations can initiate the
process with an audit among all the stakeholders associated with the process (Botta et al.2016).
wen the businesses have a well-defined improvement plan, incorporating the changes due to
embracing the cloud based system.The critical applications should be reviewed continuously so
the businesses can see a more thorough perspective of every potential vulnerabilities (Xia et
al.2016). The loss of data confidentiality causes significant amount of loss to the businesses. The
confidential data security loss is not only causes financial damage of the business but it also
affects the reputation and competitiveness in the market.
Finally, when the businesses work in a cloud environment, they require understanding the
threats that can arise by using the external and open source software. Such software can pose
risks which are difficult to get identified at the runtime. So, such threats are not recognized easily
and show their adverse effects in longer term. The businesses which focus on utilizing the cloud
services an give importance on making necessary security arrangements. The role of vendors ,
providing such software is crucial in such cases. The organizations need to work in collaboration
with the vendors to ensure that the used software is safe in nature.
9

Indeed, even as the cloud turns out to be more secure, cloud vendors need to work on to deliver
the services securely. Business information-security pioneers cannot generally control the
activities of the cloud vendors , however they can guarantee their applications are as secure as
possible for deployment in the cloud, giving the clients a competitive edge.
Identification of gaps in existing literature:
The existing literature on the cloud technology focuses on analyzing the different aspects of
security of the information shared over cloud and the current techniques used to cope up with the
cloud technology. However, in the recent days, the hackers are using highly advanced techniques
to get access to the data without authorization. As the hacking techniques are getting advanced,
effectiveness of the existing security measures is also reducing. The users of cloud systems
require focusing on identification of the effective ways to manage the new security challenges.
Along with the advancement, the nature of security threats is also changing. Therefore, the
organizations using the cloud services need to predict the potential threats in advance and taking
steps accordingly to avoid the losses. The cloud vendors play a crucial role in delivering the
cloud services and so, they play an important part to ensure the cloud security also. the The
current literature does not enable the cloud vendors to identify the potential threats and taking the
necessary steps. So, there is a gap in the literature regarding identification of the potential
security threats to the cloud services and taking necessary measures by the cloud vendors.
Future research directions:
The future research can be done to mitigate the gaps identified in the current study. The future
researchers can focus on identification of the techniques to find out the potential security threats
for the cloud vendors. The research can be done to analyze how the nature of security threats is
changing and how the organizations need to respond to that for protecting their sensitive data.
The researchers also need focusing on development of a holistic approach to manage the cloud
security threats and minimize the losses associated with such threats.
10

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Conclusion:
The current research report indicates that cloud computing is one of the most widely used
technologies in the recent days. The cloud computing is widely accepted among the modern
businesses because of its improved flexibility, productivity and efficiency. However, managing
security of the data in the cloud system is one of the key concerns of the users of such systems.
The security of a cloud based system depends on a number of factors including the identity
management, the physical security, data security and accessibility of the system. The security
issues can be managed by focusing on the protection of data while dealing with cloud services
and its applications. However, identification of the Cloud Security threats in advance is
necessary to cope up with the risks in future. The future researchers also need to focus on
developing a holistic approach to manage the cloud security threats by the cloud service vendors.
11

References:
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Amini, L., Christodorescu, M., Cohen, M. A., Parthasarathy, S., Rao, J., Sailer, R., ... &
Verscheure, O. (2015). U.S. Patent No. 9,032,521. Washington, DC: U.S. Patent and Trademark
Office.
An, J., & Kim, H. W. (2018). A Data Analytics Approach to the Cybercrime Underground
Economy. IEEE Access, 6, 26636-26652.
Botta, A., De Donato, W., Persico, V., & Pescapé, A. (2016). Integration of cloud computing and
internet of things: a survey. Future Generation Computer Systems, 56, 684-700.
BRANQUINHO, M. A. (2018). RANSOMWARE IN INDUSTRIAL CONTROL SYSTEMS.
WHAT COMES AFTER WANNACRY AND PETYA GLOBAL ATTACKS?. WIT
Transactions on The Built Environment, 174, 329-334.
Buczak, A. L., & Guven, E. (2016). A survey of data mining and machine learning methods for
cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2), 1153-
1176.
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K. (2016).
A review of cyber security risk assessment methods for SCADA systems. Computers &
security, 56, 1-27.
Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., & Smeraldi, F. (2016). Decision support
approaches for cyber security investment. Decision Support Systems, 86, 13-23.
Gordon, L. A., Loeb, M. P., Lucyshyn, W., & Zhou, L. (2015). Externalities and the magnitude
of cyber security underinvestment by private sector firms: a modification of the Gordon-Loeb
model. Journal of Information Security, 6(1), 24.
12

Gupta, B., Agrawal, D. P., & Yamaguchi, S. (Eds.). (2016). Handbook of research on modern
cryptographic solutions for computer and cyber security. IGI Global.
Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The
rise of “big data” on cloud computing: Review and open research issues. Information
Systems, 47, 98-115.
Ivanchenko, O., Kharchenko, V., Moroz, B., Kabak, L., & Smoktii, K. (2018, February). Semi-
Markov availability model considering deliberate malicious impacts on an Infrastructure-as-a-
Service Cloud. In Advanced Trends in Radioelecrtronics, Telecommunications and Computer
Engineering (TCSET), 2018 14th International Conference on (pp. 570-573). IEEE.
Liu, Y., Sarabi, A., Zhang, J., Naghizadeh, P., Karir, M., Bailey, M., & Liu, M. (2015, August).
Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents. In USENIX Security
Symposium (pp. 1009-1024).
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation, management,
and security. CRC press.
Von Solms, B., & Roussel, J. (2015, November). A Solution to improve the cyber security of
home users. In AFRICAN CYBER CITIZENSHIP CONFERENCE 2015 (ACCC2015) (p. 157).
Xia, Z., Wang, X., Zhang, L., Qin, Z., Sun, X., & Ren, K. (2016). A privacy-preserving and
copy-deterrence content-based image retrieval scheme in cloud computing. IEEE Transactions
on Information Forensics and Security, 11(11), 2594-2608.
13

1 out of 13

+13062052269

info@desklib.com

Cloud Security Threat Identification and Mitigation

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Short Assignment Title

Security Threats in Cloud Computing and Preventive Measures

Designing a Cloud-Based Data Security System

Assignment on Cyber Security PDF

Cloud Computing: Advantages and Risks

Security Threats in Cloud Computing and Preventive Methods