IT Security Cloud Computing Security Analysis Report - University Name

Verified

Added on 2019/09/30

AI Summary

This report provides an in-depth analysis of IT security within the realm of cloud computing. It begins by highlighting the increasing integration of cloud computing in the IT landscape and the associated security challenges, with a particular emphasis on data protection. The report then delves into various security issues, including external attacks like DDoS, man-in-the-middle attacks, and data breaches. It further examines several security techniques, such as authentication, confidentiality through encryption, access control mechanisms, and authorization protocols. The analysis section evaluates these techniques, emphasizing the importance of authentication and encryption for maintaining data security. The report also suggests recommendations for strengthening cloud security, including regular security audits, strong password policies, and the use of commercial wireless tools. Additionally, it highlights the importance of data backups and the implementation of intrusion prevention systems. The conclusion underscores the significance of these security measures in safeguarding user data and maintaining trust in cloud computing services.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running Head: IT Security 1
Cloud Computing Security

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

2
IT Security
Table of Contents
Introduction..........................................................................................................................3
Security Issues.....................................................................................................................3
Security Techniques.............................................................................................................4
Analysis...............................................................................................................................5
Conclusion...........................................................................................................................7
References............................................................................................................................8

3
IT Security
Introduction
Cloud Computing has become an integrated part of IT paradigms in this era of
digitalization. Cloud Computing comprises a number of computers used for work jointly in order
to provide dissimilar task as well as computations. It helps the IT industry to reduce its costs as
well as time in the market by providing computer resources and shared storage. Besides this,
several security issues of cloud computing are significantly increasing. Data protection is the
major issue all of them. The reason is, organizations do not share their confidential data to the
system which is not guaranteed by the cloud providers in term of security and privacy. Giving
protection to the data means protecting static and moving data, stored in the cloud. This report is
made in order to analyze the previously mentioned paper on the topic ‘Security Techniques for
Data Protection in Cloud Computing’.
Security Issues
Now a day, cloud computing service has to face several attacks to weaken IT security
system. Different external attacks are done on its network infrastructures by hackers for
penetrating its network security system. DDoS attack is one of them that are commanded by
hackers (Chang, Kuo & Ramachandran, 2016). IoT devices are infected by malicious malware that
attacks on the public networks to send information to hackers or botnet who misuses
them. Second security issue is known as a man in the middle attack. In this attack, malicious
malware insert into the network and sets up a communication with two parties to access their
information for sending to commander of this threat. This attack is done where security is not
configured properly. Data protection issue is the most dangerous vulnerability which can bring
the entity of the customers at risk. Most known security attack of cloud computing includes IP
Spoofing, Phishing, IP ports, traffic analysis, and many more. There are several security
techniques regarding data security which is accepted by cloud computing service (Villari, Fazio,
Dustdar, Rana & Ranjan, 2016).

4
IT Security
Security Techniques
The paper has focused mainly on 4 techniques (authentication, cloud computing
confidentiality, access control, and authorization) that can provide protection to cloud
computing. All of these techniques are gained through Cloud Computing providers-
1. At the very first, the author, Kire Jakimoski, has mentioned ‘Authentication in
Cloud Computing’, in which he had mentioned that these techniques the user is
getting proper authentic cloud technology. Different types of clouds (private,
public) are using different types of authentication designs with RSA. Sometimes,
authentication techniques comprise of one password and proxy setting to enable
authentication in Cloud Computing (Hussein & Khalid, 2016).
2. ‘Confidentiality in Cloud Computing’ has considered as a second important
security technique by the author. This technique comprises of encryption, done by
using either software or hardware, cannot even read by the cloud provider. In this
context, author marked this technique as an excellent protection for Cloud
Computing. The reason is, it ensures the security to confidentiality. As an
example, he mentioned about software and hardware-based encryption provided
by Dell.
3. In the third number, he has listed ‘Access Control in Cloud Computing’
mechanism that enables the Cloud Computing data protection. It guaranteed that
only the authorized users are allowed to access the stored data in cloud. He
emphasized that the Firewall must be implemented on different cloud layers and
networks as it enables only the filtered contents allowed to go by cloud network
(Botta, De Donato, Persico & Pescapé, 2016). There are also mentioned about
MacAfee which have single sign on access control and Fujitsu that can prevent
cloud attacks.
4. Last but not least, he described the ‘Authorization in Cloud Computing’,
required at the time of any cloud log in. vendor of Oracle database offers this
security technique to permit cloud authorization. Policy-based authorization

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

5
IT Security
enables the cloud users to set privacy policy according to them. Hence, the
technique gives protection to the users’ data.
After describing these 4 techniques, the author has suggested some recommendation to
secure the cloud environment. Keeping in mind the variation of risks according to various Cloud
Computing systems, he suggested several recommendations-
· The cloud providers must ensure that the cloud environments are entirely in
control of them for giving security to the stored data in it. Re-evaluation on an
annual basis is also very important to assure the strengthen level of the security
techniques.
· At the time of registering, providers must notice that the users are assigning
with their identities into the access group to evaluate the security policy of the
company.
· Both administrative and no-administrative accounts must be secured by
different and unique passwords. All the default passwords used in operating
system as well as in firewalls, applications, routers et cetera are needed to be
changed before installing new tools to the network system (Aljawarneh & Yassein,
2016).
· The author has recommended using commercial wireless tools for various
operating systems. Besides this, he has suggested using remote management tools
to manage weird networks.
· The Cloud Computing must use automated backups at least once in every week
to secure the sensitive data.
· To prevent both big and small attacks, an organization must include IPS
devices based on the networks. This will create a defense boundary to the cloud-
stored data.
Analysis
The main reason for providing security to the user data is that no other third party can
hack them or use them for crimes. After analyzing all the techniques described in the paper, it

6
IT Security
can be said that the author has described those techniques at their best. It emphasizes that the
most commonly used technique to provide ultimate data security is authentication. Most of these
techniques use secure socket layer (SSL), intrusion detection system, encryption, access control
based on multi-tenancy et cetera. Data security authentication is necessary to maintain for
keeping any computer system safe from data-stealing process (Stergiou, Psannis, Kim & Gupta,
2018). RSA Cryptosystem accepts three authentications which are 2FA, adaptive authentication,
and knowledge authentication. AWS transfers confidential information between web server and
browser and for that multifactor’s authentication and AWS identity are used to keep the cloud
service secure. Data encryption is another process that users must follow to keep their data
protected in cloud service networks. Dell data protection and encryption, as well as Wuala cloud,
enable data encryption from cloud. Before a computer could transmit data to cloud, encryption
process gets enabled.
Authorization is implemented just after the authentication. Hence, it can be said that the
author must consider the authorization technique as a second important mechanism that provides
higher security than other techniques. The major risks occur through the payment information,
consumer data, employee records, e-mail and customer information. Therefore, the author might
suggest a recommendation to protect Office 365 e-mail to prevent spam, complex malware along
with the phishing attack. The Cloud Computing also needs to be included encryption to identify
the stored data structured with same form (Mollah, Azad & Vasilakos, 2017).
Author has also recommended a wireless access control tool which is used for detecting
scanning and discovering intrusion detection system for commercial wireless. Data recovery is
most essential to be done as it contains most of the sensitive information that can bring business
at risk on its linkage. Automatic backup system can be indulged for storing the data securely in
the cloud networks so that it could avoid the risk of data loss due to hardware issue. Data must be
backed up at least once in a week. Application software and operating system can be used for
multiple data backups but for that it is mandatory to comply with regulatory requirements.
Boundary defense system can be implemented by using sniffers or commercial IDS in order to
detect the attack from an external server to an internal server to DMZ of organization. It also
restricts the communication with infected or malicious IP address so that server cannot be
attacked by a botmaster to steal the information. A firm should always network-based IPS

7
IT Security
devices with addition to IDS for blocking known signatures and attack-behaviors. Only DMZ
system should be used to communicate with private network system by using proxy applications
and familiar firewall over a channel which is authorized (Ibtihal & Hassan, 2017).
Conclusion
The main intention of this report is to analyze the security systems of Cloud Computing if
they are enough to give protection to the entities or not. Being failed to protect any data may lose
the trust and faith of the users. The reason is, all the users are seeking for the high-security
assurance from the providers. Therefore, it is very important to evaluate all the perceptions
behind the techniques that promise to provide security to the stored data. This report has
described various securities issues that cloud computing service has to face. Its influences in
cloud computing have been evaluated. This report has analyzed the security measures techniques
according to their principles. Cloud computing will stop working if it fails to serve security to
confidentiality. In this context, it can be concluded that all the considered techniques along with
recommended techniques with help to protect data at a higher level. This report has also focused
on the drawbacks of the paper as well as the required elements, must be listed on the paper.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

8
IT Security
References
Aljawarneh, S. A., & Yassein, M. O. B. (2016). A conceptual security framework for
cloud computing issues. International Journal of Intelligent Information
Technologies (IJIIT), 12(2), 12-24.
Botta, A., De Donato, W., Persico, V., & Pescapé, A. (2016). Integration of cloud
computing and internet of things: a survey. Future generation computer
systems, 56(1), 684-700.
Chang, V., Kuo, Y. H., & Ramachandran, M. (2016). Cloud computing adoption
framework: A security framework for business clouds. Future Generation
Computer Systems, 57(1), 24-41.
Hussein, N. H., & Khalid, A. (2016). A survey of cloud computing security challenges
and solutions. International Journal of Computer Science and Information
Security, 14(1), 52-55.
Ibtihal, M., & Hassan, N. (2017). Homomorphic encryption as a service for outsourced
images in mobile cloud computing environment. International Journal of Cloud
Applications and Computing (IJCAC), 7(2), 27-40.
Mollah, M. B., Azad, M. A. K., & Vasilakos, A. (2017). Security and privacy challenges
in mobile cloud computing: Survey and way ahead. Journal of Network and
Computer Applications, 84(1), 38-54.
Stergiou, C., Psannis, K. E., Kim, B. G., & Gupta, B. (2018). Secure integration of IoT
and cloud computing. Future Generation Computer Systems, 78(1), 964-975.
Villari, M., Fazio, M., Dustdar, S., Rana, O., & Ranjan, R. (2016). Osmotic computing: A
new paradigm for edge/cloud integration. IEEE Cloud Computing, 3(6), 76-83.