Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Short Assignment Title

Verified

Added on 2019/09/24

AI Summary

The assignment discusses the importance of ensuring the security of data in cloud-based systems. It highlights the need for businesses to identify potential vulnerabilities and take steps to prevent data breaches. The report also emphasizes the role of cloud vendors in delivering secure services, and the need for them to predict and respond to potential threats. Furthermore, it identifies gaps in existing literature regarding the identification of potential security threats and suggests future research directions.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Task 3
1

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Table of Contents
Introduction:....................................................................................................................................3
Overview of the cloud computing and the relevant technologies:..................................................3
Security issues associated with the cloud:.......................................................................................4
Identification of gaps in existing literature:...................................................................................10
Future research directions:.............................................................................................................11
Conclusion:....................................................................................................................................11
References:....................................................................................................................................12
2

Introduction:
The cloud computing is one of the emerging technologies in the recent years. The cloud
computing provides the users with many benefits including the enhanced flexibility, improved
efficiency and the better strategic value. However, the cloud computing highly depends on the
internet and so; it is being highly vulnerable to the security threats. Therefore, in recent days, the
users of cloud computing are focusing more on enhancing security of the data shared over the
cloud services (An & Kim, 2018). As the hacking techniques are getting improved every day,
protecting confidentiality of the data shared over the cloud service is also getting difficult. The
organizations which are using the cloud services need to focus more on identification of the
solutions to mitigate the security threats. The current research report deals with analysis on the
security challenges faced by the users of cloud computing. The research report also gives
importance on identification of the gaps in existing literature and providing the future research
directions.
Overview of the cloud computing and the relevant technologies:
Cloud computing security or cloud security refers to the set of policies, technologies, and
controls used to ensure applications, data, and associated infrastructure of the cloud computing.
It is a sub-domain of PC security, network security, and, more extensively, information security.
The approach of cloud computing is actually forcing organizations to change their techniques.
Already, contracting another worker means furnishing him with a work area, computer and
different other hardware or software which requires investment of huge amount of capital and the
Cloud computing enables them to lessen these capital expenditures fundamentally. Presently
each of the employees needs is a computer with a web association with access the work data.
Work areas and office gear may in any case be vital; however the cost of storage hardware can
be reduced by taking help from the cloud computing organizations. Upon switching to the cloud
computing services, need of the hardware and software on the business' side drastically
(BRANQUINHO, 2018). As the labor costs per employee does down, the organization becomes
empowered to hire more number of workers. Due to use of the cloud technology, productivity of
the organization expands, which increases the proficiency and profits of the business.
3

Security issues associated with the cloud:
The key reason behind the increasing importance of cloud computing is the benefits it provides
to the business organizations. The cost reduction is one of the key factors that attract the
businesses to use the cloud services. Apart from the benefits obtained from the cloud computing,
there are a number of concerns about cloud computing exist, specifically regarding the privacy
and security of data shared over cloud.
Entrepreneurs and administrators may hesitate to expose their confidential data to an outsider
system considering all the security issues associated with it (Ivanchenko ey al.2018) .Losing
access to the own data or having it compromised can reduce competitiveness of the organizations
in the market . One major advantage against the security concern, is the fact that cloud
computing provides the organizations with the opportunity to increase the productivity and the
profitability . Despite the intensity of this motivating force, there are many businesses which still
hesitate to use the cloud technology.
When it comes to ensuring privacy of the data, the key concern is making the interaction
between the client's computer and the cloud system secured. Privacy could undoubtedly be
compromised by corrupted people who could access individual information like credit card
numbers when the users system and the cloud system is interacting. A solution for this issue is to
utilize authentication and encryption to protect the data.
The practical concerns related to losing confidentiality of the protected data can be reduced to
some degree through the authentication process. When the authentication process is
implemented, the users need to verify their identity before getting access to the data in several
stages. As a result, getting access to the data by the unauthorized individuals becomes difficult.
Data theft is one of the biggest threats associated with cloud based systems. Implementation of
the authentication system helps the users to keep the data secured.
Cloud computing and storage gives users capabilities to store and process their data in outsider
data centers Organizations utilize the cloud in a wide range of service models (PaaS, SaaS, and
IaaS) and deployment models (private, hybrid, public, and community) (Hashem et al.2015).
Security concerns associated with cloud computing fall into two general categories: security
issues looked by cloud providers (organizations which provide platform-, software-, , or
4

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

infrastructure-as-a-service with the help of the cloud) and security issues looked by their
customers (organizations or organizations who host applications or store data on the cloud).The
responsibility is shared, be that as it may. The supplier must guarantee that their infrastructure is
secure and that their clients' data and applications are ensured, while the client must take
measures to fortify their application and utilize strong passwords and authentication measures.
At the point when an organization chooses to store data or host applications on the public cloud,
it loses its ability to have physical access to the servers hosting its information. Accordingly,
potentially sensitive data is in danger from insider attacks. Insider attacks are the 6th greatest risk
in cloud computing. Therefore, cloud service providers must guarantee that thorough personal
investigations are directed for representatives who have physical access to the servers in the data
focus. Additionally, data centers must be as often as possible monitored for suspicious activity.
In order to moderate resources, cut costs, and look after productivity, cloud service providers
often store more than one client's data on a similar server (Rittinghouse & Ransome, 2016).
Accordingly, there is a possibility that one client's private data can be seen by other users and
possibly even competitors. To handle such sensitive situations, cloud service providers ought to
guarantee appropriate data disengagement and logical storage isolation.
The broad utilization of virtualization in development of cloud infrastructure brings unique
security concerns for customers or users of a public cloud service. Virtualization modifies the
connection between the OS and fundamental hardware including the computing, storage or
notwithstanding networking. This presents an additional layer – virtualization – that itself must
be legitimately arranged, managed and secured. Specific concerns incorporate the potential to
trade off the virtualization software, or "hypervisor". While these concerns are to a great extent
theoretical, they do exist. For instance, a breach in the administrator workstation with the
management software of the virtualization software can cause the entire data focus to go down or
be reconfigured to an attacker's preferring.
Cloud security controls
5

Cloud security architecture is viable just if the correct cautious usage are set up. Proficient cloud
security architecture ought to perceive the issues that will emerge with security management.
The security management tends to these issues with security controls. These controls are set up
to shield any shortcomings in the system and diminish the impact of an assault. While there are
numerous kinds of controls behind a cloud security architecture, they can more often than not be
found in one of the accompanying categories:
Deterrent controls
These controls are planned to decrease attacks on a cloud system. Much like a notice sign on a
fence or a property, deterrent controls ordinarily diminish the risk level by informing potential
attackers that there will be antagonistic outcomes for them in the event that they continue. Some
consider them a subset of preventive controls (Almorsy et al.2016).
Preventive controls
Preventive controls strengthen the system against occurrences, for the most part by decreasing if
not actually eliminating vulnerabilities. Strong authentication of cloud users, for example, makes
it more outlandish that unauthorized users can access cloud systems, and more likely that cloud
users are positively distinguished.
Detective controls
Detective controls are planned to recognize and react suitably to any episodes that happen. In
case of an assault, a detective control will flag the deterrent or corrective controls to address the
issue (Botta et al.2016). System and network security monitoring, including intrusion detection
and prevention arrangements, are commonly utilized to identify attacks on cloud systems and the
supporting correspondences infrastructure.
Corrective controls
Corrective controls diminish the results of an episode, normally by limiting the harm (Amini et
al.2015). They become effective amid or after an episode. Restoring system backups in order to
reconstruct a compromised system is a case of a corrective control.
Dimensions of cloud security
6

It is for the most part prescribed that information security controls be chosen and actualized
according and in proportion to the dangers, commonly by evaluating the threats, vulnerabilities
and impacts. Cloud security concerns can be assembled in different ways. Cloud access security
brokers (CASBs) are software that sits between cloud service users and cloud applications to
monitor all activity and enforce security policies.
Identity management
Each cloud service can have its own particular identity management system to control access to
information and computing resources (Von Solms & Roussel, 2015). Cloud providers either
incorporate the client's identity management system into their own infrastructure, utilizing league
or SSO technology, or a biometric-based identification system, or give an identity management
system of their own. It interfaces the confidential information of the users to their biometrics and
stores it in an encrypted design. Making utilization of a searchable encryption system, biometric
identification is performed in encrypted domain to ensure that the cloud supplier or potential
attackers do not access any sensitive data or even the contents of the individual questions.
Physical security
Cloud service providers physically secure the IT hardware such as the servers, routers, cables
against unauthorized access, impedance, theft, fires, surges and so on and guarantee that basic
supplies, for example, electricity are adequately strong to limit the possibility of disruption
(Fielder et al.2016). This is normally accomplished by serving cloud applications from
professionally designed, specified, managed, constructed, maintained and monitored data
centers.
Personnel security
Different information security concerns identifying with the IT and other professionals
associated with cloud services are normally handled through business activities, for example,
security screening potential recruits, security awareness and preparing programs.
Privacy
7

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Providers guarantee that every critical data is encrypted and that exclusive authorized users can
get access to the data . Moreover, digital identities and credentials must be protected in the
similar manner as data that the supplier gathers or delivers about client activity in the cloud.
Data security
Various security threats are associated with cloud data services: not just traditional security
threats, for example, network listening in, illegal invasion, and denial of service attacks, yet
additionally particular cloud computing threats such as the side channel attacks, virtualization
vulnerabilities, and mishandle of cloud services. The accompanying security requirements limit
the threats.
Confidentiality
Data confidentiality is the property that data contents are not made accessible or disclosed to
illegal users. Outsourced data is stored in a cloud and out of the proprietors' immediate control.
Just authorized users can access the sensitive data while others ought to increase any information
of the data (Liu et al.2015). In the interim, data proprietors hope to completely use cloud data
services, e.g., data search, data computation, and data sharing, without the spillage of the data
contents to CSPs or other adversaries.
Access controllability
Access controllability implies that a data owner can host some limitations of access to her or his
data outsourced to cloud (Gordon et al.2015). Legitimate users can be authorized by the vendor
to access the data, while others cannot access it without consents. Further, it is alluring to enforce
access control to the outsourced data. In other words, the distinctive users should be provided
with the diverse access benefits as to various data pieces. The access authorization must be
controlled just by the host in suspicious cloud situations.
Integrity
Data integrity demands keeping up and guaranteeing the precision of data. A data proprietor
dependably expects that her or his data in a cloud can be stored correctly and trustworthily. It
implies that the data ought not be illegally altered, changed, intentionally erased, or malignantly
8

manufactured. In case of any activities meant to corrupt or erase the data, the host should have
the capacity to distinguish the corruption or loss. Further, when a portion of the outsourced data
is corrupted or lost, it can even now be recovered by the data users.
Encryption
Some propelled encryption algorithms which have been connected into cloud computing
increment the protection of privacy (Buczak & Guven, 2016). In a practice called crypto-
destroying, the keys can essentially be erased when there is no more utilization of the data.
Attribute-based encryption algorithms
Attribute-based encryption is a sort of public-key encryption in which the secret key of a client
and the ciphertext are used to protect the confidential data.
Approaches to enhance the cloud security:
The organizations dealing with cloud based systems need to approach the issues with respect to
cloud computing security in two different ways: one concentrating on cloud services, and the
other on created applications. To successfully oversee cloud services, begin with a far reaching
audit of cloud providers. IT chiefs should as of now be doing these audits as a component of
their due perseverance, however it's important that information-security personnel play a part in
this process to guarantee that any potential vendor offers fundamental security measures, as
encrypted data very still and two-factor authentication.
Once a vendor's security measures are considered satisfactory ,professionals should look inside
to their ventures' new and existing applications, a process that is more convoluted when the cloud
is included. Cloud computing takes into consideration the fast improvement and arrival of
applications, particularly when advancement receives an Agile methodology, which implies it is
basic that organizations incorporate application testing into their Software Development Life
Cycles. professionals must start with a disclosure process (which is generally a little amazing in
big business cloud conditions), alongside an audit of all advancement groups, their particular
applications and their discharge cycles (Botta et al.2016). With an entire improvement outline
put, endeavors can start incorporating being developed trying to guarantee that new applications
are secure when they're discharged.
9

All current cloud-based applications, which ought to likewise be mapped in the revelation
process, must be filtered for vulnerabilities. The critical applications should be reviewed
continuously so the businesses can see a more thorough perspective of every potential
vulnerabilities (Xia et al.2016). The loss of data confidentiality causes significant amount of loss
to the businesses. The confidential data security loss is not only
At last, when working in cloud conditions, businesses need to understand the dangers can come
to outsider and open-source software, for instance, such software can have vulnerabilities that are
hard to get in runtime, and source code is not generally accessible. Evade those issues by
utilizing security arrangements that sweep paired code. Often introduced as a feature of a bigger
bundle, these arrangements leave most of the remediation and mitigation legwork to security
vendors, authorizing endeavor IT resources for other squeezing undertakings.
Indeed, even as the cloud turns out to be more secure, cloud vendors need to work on to deliver
the services securely. Business information-security pioneers cannot generally control the
activities of the cloud vendors , however they can guarantee their applications are as secure as
possible for deployment in the cloud, giving the clients a competitive edge.
Identification of gaps in existing literature:
The existing literature on the cloud technology focuses on analyzing the different aspects of
security of the information shared over cloud and the current techniques used to cope up with the
cloud technology. However, in the recent days, the hackers are using highly advanced techniques
to get access to the data without authorization. As the hacking techniques are getting advanced,
effectiveness of the existing security measures is also reducing. The users of cloud systems
require focusing on identification of the effective ways to manage the new security challenges.
Along with the advancement, the nature of security threats is also changing. Therefore, the
organizations using the cloud services need to predict the potential threats in advance and taking
steps accordingly to avoid the losses. The cloud vendors play a crucial role in delivering the
cloud services and so, they play an important part to ensure the cloud security also. the The
current literature does not enable the cloud vendors to identify the potential threats and taking the
necessary steps. So, there is a gap in the literature regarding identification of the potential
security threats to the cloud services and taking necessary measures by the cloud vendors.
10

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Future research directions:
The future research can be done to mitigate the gaps identified in the current study. The future
researchers can focus on identification of the techniques to find out the potential security threats
for the cloud vendors. The research can be done to analyze how the nature of security threats is
changing and how the organizations need to respond to that for protecting their sensitive data.
The researchers also need focusing on development of a holistic approach to manage the cloud
security threats and minimize the losses associated with such threats.
Conclusion:
The current research report indicates that cloud computing is one of the most widely used
technologies in the recent days. The cloud computing is widely accepted among the modern
businesses because of its improved flexibility, productivity and efficiency. However, managing
security of the data in the cloud system is one of the key concerns of the users of such systems.
The security of a cloud based system depends on a number of factors including the identity
management, the physical security, data security and accessibility of the system. The security
issues can be managed by focusing on the protection of data while dealing with cloud services
and its applications. However, identification of the Cloud Security threats in advance is
necessary to cope up with the risks in future. The future researchers also need to focus on
developing a holistic approach to manage the cloud security threats by the cloud service vendors.
11

References:
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Amini, L., Christodorescu, M., Cohen, M. A., Parthasarathy, S., Rao, J., Sailer, R., ... &
Verscheure, O. (2015). U.S. Patent No. 9,032,521. Washington, DC: U.S. Patent and Trademark
Office.
An, J., & Kim, H. W. (2018). A Data Analytics Approach to the Cybercrime Underground
Economy. IEEE Access, 6, 26636-26652.
Botta, A., De Donato, W., Persico, V., & Pescapé, A. (2016). Integration of cloud computing and
internet of things: a survey. Future Generation Computer Systems, 56, 684-700.
BRANQUINHO, M. A. (2018). RANSOMWARE IN INDUSTRIAL CONTROL SYSTEMS.
WHAT COMES AFTER WANNACRY AND PETYA GLOBAL ATTACKS?. WIT
Transactions on The Built Environment, 174, 329-334.
Buczak, A. L., & Guven, E. (2016). A survey of data mining and machine learning methods for
cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2), 1153-
1176.
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K. (2016).
A review of cyber security risk assessment methods for SCADA systems. Computers &
security, 56, 1-27.
Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., & Smeraldi, F. (2016). Decision support
approaches for cyber security investment. Decision Support Systems, 86, 13-23.
Gordon, L. A., Loeb, M. P., Lucyshyn, W., & Zhou, L. (2015). Externalities and the magnitude
of cyber security underinvestment by private sector firms: a modification of the Gordon-Loeb
model. Journal of Information Security, 6(1), 24.
12

Gupta, B., Agrawal, D. P., & Yamaguchi, S. (Eds.). (2016). Handbook of research on modern
cryptographic solutions for computer and cyber security. IGI Global.
Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The
rise of “big data” on cloud computing: Review and open research issues. Information
Systems, 47, 98-115.
Ivanchenko, O., Kharchenko, V., Moroz, B., Kabak, L., & Smoktii, K. (2018, February). Semi-
Markov availability model considering deliberate malicious impacts on an Infrastructure-as-a-
Service Cloud. In Advanced Trends in Radioelecrtronics, Telecommunications and Computer
Engineering (TCSET), 2018 14th International Conference on (pp. 570-573). IEEE.
Liu, Y., Sarabi, A., Zhang, J., Naghizadeh, P., Karir, M., Bailey, M., & Liu, M. (2015, August).
Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents. In USENIX Security
Symposium (pp. 1009-1024).
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation, management,
and security. CRC press.
Von Solms, B., & Roussel, J. (2015, November). A Solution to improve the cyber security of
home users. In AFRICAN CYBER CITIZENSHIP CONFERENCE 2015 (ACCC2015) (p. 157).
Xia, Z., Wang, X., Zhang, L., Qin, Z., Sun, X., & Ren, K. (2016). A privacy-preserving and
copy-deterrence content-based image retrieval scheme in cloud computing. IEEE Transactions
on Information Forensics and Security, 11(11), 2594-2608.
13

1 out of 13

+13062052269

info@desklib.com

Short Assignment Title

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Cloud Security Threat Identification and Mitigation

Security Threats in Cloud Computing and Preventive Measures

Designing a Cloud-Based Data Security System

Assignment on Cyber Security PDF

Cloud Computing: Advantages and Risks

Security Threats in Cloud Computing and Preventive Methods