Analyzing the Effectiveness of Security Measures in Cloud Computing

Verified

Added on 2023/04/10

AI Summary

This report investigates the effectiveness of security measures in cloud computing, focusing on solutions like access control, authentication, and encryption. It identifies security issues and vulnerabilities within cloud environments and proposes recommendations for improvement. The research covers cloud computing concepts, service and deployment models, and associated security threats. The analysis includes quantitative data to assess the efficacy of existing security solutions provided by various cloud service providers, aiming to enhance the overall security posture of cloud computing infrastructures. Desklib provides this document along with many others to aid students in their studies.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Effectiveness of Forensics or Security in Cloud Computing
Name of the Student
Name of the University

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

2EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Abstract
In this majorly prevalent cloud-computing era, the data centres play one of the crucial roles as
cloud infrastructure providers. However, these cloud data centres face exponential amount of
security threats related to cloud computing networks, platforms, intranets and internet. The
various forms of cloud security issues range from the provider’s security failure, reliability
and availability issues, external customer attacks, regulatory and legal issues, broken
perimeter security models, insecure API (Application Programming Interface), malicious
insiders, data leakage or loss, shared technology vulnerabilities and so on. Therefore, the
cloud service providers and cloud service users both need to follow certain implementation
guidelines and principles to take a step further towards ensuring cloud security. In order to
overcome the major security challenges of cloud computing, the cloud providers establish a
number of security measures and controls. Based on the type of cloud providers these
security measures vary significantly. The major solutions to cloud computing security
problems include access control, authentication, and encryption mechanisms. However, it is
important to analyse the effectiveness of these solutions. In this research paper, the
effectiveness of these cloud security solutions will be evaluated in order to identify existing
security issues if any and thereby, make recommendations for improvement.

3EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Acknowledgement
Conducting this research has been one of the most enriching experiences of my life. The
contribution of this research to enhance my knowledge base and analytical skill has been
paramount. It gave me the opportunity to face challenges in the process and overcome them.
This would not have been possible without the valuable guidance of my professors, peers and
all the people who have contributed to this enriching experience. I would like to take this
opportunity to thank my supervisor _____________________________________ for the
constant guidance and support provided to me during the process of this research. It would
not be justified if I did not thank my academic guides for their important and valuable
assistance and encouragement throughout the research process. I would also like to thank my
friends who had provided me with help and encouragement for collecting primary data and
valuable resources. Finally, I would like to thank the professionals from the retail industry
who have participated in the research survey and provided with valuable inputs into the
subject. The support of all these people has been inspiring and enlightening throughout the
process of research in the subject.
Heartfelt thanks and warmest wishes,
Yours Sincerely,

4EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Table of Contents
Chapter 1 – Introduction............................................................................................................6
1.1 Introduction......................................................................................................................6
1.2 Research Aim...................................................................................................................6
1.3 Research Objectives.........................................................................................................7
1.4 Research Questions..........................................................................................................7
1.5 Background of the Topic..................................................................................................8
1.6 Rationale of the Study......................................................................................................9
1.7 Purpose of the Study........................................................................................................9
1.8 Structure of the Study.....................................................................................................10
1.9 Summary........................................................................................................................12
Chapter 2 – Literature Review.................................................................................................13
2.1 Introduction....................................................................................................................13
2.2 Cloud Computing Basic Concepts.................................................................................13
2.2.1 Cloud Computing Service Models..........................................................................14
2.2.2 Cloud Computing Deployment Models..................................................................16
2.3 Advantages of Cloud Computing...................................................................................21
2.4 Security in the Cloud......................................................................................................22
2.4.1 Types of Security Threats and Risks in Cloud Computing.....................................23
2.4.2 Types of Security Solutions in Cloud Computing..................................................25
2.5 Benefits of the Cloud Security Mechanisms..................................................................27

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

5EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
2.6 Drawbacks of the Cloud Security Mechanisms.............................................................29
2.7 Summary........................................................................................................................30
Chapter 3 – Research Methodology.........................................................................................31
3.1 Introduction....................................................................................................................31
3.2 Method Outline..............................................................................................................31
3.3 Research Philosophy......................................................................................................31
3.3.1 Justification for selection of the chosen Philosophy...............................................31
3.4 Research Approach........................................................................................................31
3.4.1 Justification for selection of the chosen Approach.................................................31
3.5 Research Design.............................................................................................................31
3.5.1 Justification for selection of the chosen Design......................................................31
3.6 Data Collection Process.................................................................................................31
3.6.1 Data Sources: Primary and Secondary....................................................................31
3.6.2 Data Techniques: Qualitative and Quantitative......................................................32
3.7 Population and Sample.......................................................................................................33
3.7.1 Sampling Method....................................................................................................33
3.7.2 Sample Size.............................................................................................................33
3.9 Ethical Consideration.....................................................................................................34
3.10 Limitations of the study...............................................................................................35
3.11 Summary......................................................................................................................36
Chapter 4 – Data Analysis........................................................................................................37

6EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
4.1 Introduction....................................................................................................................37
4.2 Quantitative Analysis.....................................................................................................37
4.3 Issues identified..............................................................................................................54
4.4 Summary........................................................................................................................55
Chapter 5 – Conclusion and Recommendations......................................................................57
5.1 Conclusion......................................................................................................................57
5.2 Linking with the Objectives...........................................................................................57
5.3 Recommendations..........................................................................................................59
5.4 Future Scope of the Study..............................................................................................60
References................................................................................................................................61

7EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Table of Figures
Figure 1: Different cloud computing models...........................................................................17
Figure 2: Public cloud deployment model...............................................................................20
Figure 3: Private cloud deployment model..............................................................................21
Figure 4: Hybrid cloud deployment model..............................................................................22
Figure 5: types of data breaches and the percent of incidents of its type.................................25
Figure 6: A DDoS attack..........................................................................................................26

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

8EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Chapter 1 – Introduction
1.1 Introduction
Cloud computing is the hottest topic in the present era of technology where
companies are making revolutionary changes in their way of implementing information
systems through cloud computing. Cloud services have tremendously helped the IT industry
to reach newer heights by means of offering unlimited data storage and capacity, market
environment as well as a scalable and flexible computing and processing power that matches
the elastic supply and demand and at the same time reduces capital expenditure (Khan, 2016).
Therefore, the adoption of cloud computing environment is spreading in a rapid manner and
bringing more and more opportunities for companies around the world. The profound impact
of the cloud computing capabilities cannot be ignored. As a result of its perceived open
nature, it raises strong privacy, security and trust concerns. The shared and distributed
resources in the cloud essentially reside in an open environment in the network (Almorsy,
Grundy & Müller, 2016). Hence, it naturally attracts a number of security threats and
vulnerabilities. Hence, cloud service providers require safeguarding the security and privacy
of the confidential, personal and private data pertaining to the cloud users or clients, which
the providers host, store and process as third party on behalf of the company. According to
Khan& Al-Yasiri (2018), the most common forms of security issues seen in a cloud
environment can be insecure APIs or Application Programming Interfaces, data crash, traffic
hijacking, wicked insiders, shared technology issues, misuse of cloud computing capabilities.
1.2 Research Aim
The primary aim of this study is to investigate the security requirements in cloud
computing and understand the implications and issues in cloud environment. For this
purpose, the study will involve a thorough research and review of the security threats, issues

9EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
and vulnerabilities associated with the cloud (Somani et al., 2017). Along with that, the main
aim of the study is to undertake a detailed investigation on the effectiveness of the security
solutions offered by the different cloud service providers. After that, the study will represent
some useful suggestions and recommendations on how to improve the security aspects of
cloud environment. There are a number of famous cloud service providers such as Google,
Amazon, Microsoft, Salesforce, Dropbox, SAP, IBM Cloud, VMware, Oracle Cloud and
Yahoo (Rao & Selvamani, 2015). The study is aimed at understanding the basic implications
and considerations in their security frameworks in order to identify potential issues and
vulnerabilities that cloud result in attacks or threats.
1.3 Research Objectives
In order to undertake this research on the selected topic “effectiveness of forensics or
security in the cloud”, it is important to formulate specific research objectives that helps to
direct the study in the desired direction and yields relevant and successful outcomes. For this
purpose, the following research objectives are formulated:
 To identify cloud security issues and challenges
 To identify the solutions to the security threats and vulnerabilities
 To understand the effectiveness of basic security solutions of cloud providers
 To propose recommendations to improve cloud security
The research objectives are required for carrying out the research in an appropriate
way by gathering relevant data, analysing the gathered data and thereby, producing effective
results and outcomes, which can help in successful completion of the study.
1.4 Research Questions
According to the research objective formulated above, the research questions will be
developed to help understand the important aspects to be covered in the research topic. The

10EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
research questions unveil the crucial areas of analysis in a detailed and easier manner by
emphasizing on the useful and relevant information related to the selected topic (Flick, 2015).
Therefore, below is the list of research questions formulated for executing the present study:
 What are the security issues and challenges in cloud computing?
 What are the solutions to those security threats and vulnerabilities?
 What is the effectiveness of basic security solutions of cloud providers?
 What measures can be taken to improve cloud security?
Therefore, the above research questions as formulated will enlighten the areas and
aspects of the selected research topic that can help gathering relevant data and information to
achieve a successful conclusion.
1.5 Background of the Topic
According to Puthal et al. (2015) in this majorly prevalent cloud computing era, the
data centres play one of the crucial roles as cloud infrastructure providers. However, these
cloud data centres face exponential amount of security threats related to cloud computing
networks, platforms, intranets and internet. The various forms of cloud security issues range
from the provider’s security failure, reliability and availability issues, external customer
attacks, regulatory and legal issues, broken perimeter security models, insecure API
(Application Programming Interface), malicious insiders, data leakage or loss, shared
technology vulnerabilities and so on (Aljawarneh & Yassein, 2015).
Therefore, the cloud service providers and cloud service users both need to follow
certain implementation guidelines and principles to take a step further towards ensuring cloud
security. In order to overcome the major security challenges of cloud computing, the cloud
providers establish a number of security measures and controls. Based on the type of cloud
providers these security measures vary significantly (Singh, Jeong & Park, 2016). The major

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

11EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
solutions to cloud computing security problems include access control, authentication, and
encryption mechanisms. However, it is important to analyse the effectiveness of these
solutions. In this research paper, the effectiveness of these cloud security solutions will be
evaluated in order to identify existing security issues if any and thereby, make
recommendations for improvement.
1.6 Rationale of the Study
The security issues associated with the cloud computing environment are crucial for
cloud providers to consider. It offers an environment through implementing a specific model
for enabling on-demand, convenient network access to a pool of shared computing resources
(Khan & Al-Yasiri, 2018). These shared resources may include servers, networks, storage,
services and applications. The fundamental benefits of cloud computing are resource pooling
and rapid elasticity. However, along with the advantages of cloud computing there comes a
certain amount of risks. These risks may range from maintaining control and accountability,
privacy threats, external attacks, compliance risks, legal risks and many more. For this
purpose, the security framework implemented by a particular cloud service provider should
involve a proper governance structure (Ali, Khan & Vasilakos, 2015). In this aspect, the
present study focuses on assessing the consistency and sufficiency of the security measures
undertaken by the basic cloud security infrastructure, which involves encryption,
authentication and access control. Therefore, the study offers clarity on the security areas of
cloud environments along with providing useful recommendations to improve and strengthen
cloud security.
1.7 Purpose of the Study
In order to conduct this research, the basic technology behind cloud computing will be
studied and evaluated. It is required for understanding the areas and aspects of security
framework implementation in the cloud. In addition to that, the study will also cover the

12EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
various services and platforms offered in cloud computing environment. To be more precise,
according to Sen (2015), the cloud computing technology is divides into several categories
and models, it is crucial to investigate the mature, and functionalities of the different cloud
computing models in detail in order to carry out the research in a proper manner. In addition
to that, the study will also involve a thorough investigation on the major services applied by
the most popular cloud service providers. The sole purpose of the study will be to identify
and understand the security implementation mechanisms to be able to understand their
effectiveness and provide useful recommendations for future improvement (Singh &
Chatterjee, 2017). Therefore, the primary purpose of the research is to identify any existing
security vulnerabilities in the various cloud computing environment and after that, present
some effective suggestions and recommendations to overcome those vulnerabilities.
1.8 Structure of the Study
The study will be segregated into separate chapters in order to better analyse each
perspective of the topic. To be more precise, each chapter will involve relevant content about
the topic that throws light on the overall purpose of conducting this research. Below are the
chapters that constitute the whole paper.
Chapter 1: Introduction: This chapter introduces the topic by explaining the basic
areas of the selected topic and captures the reader’s attention. It presents a broad overview of
the overall research area along with the specific aim and objectives of the research (Mackey
& Gass, 2015). Along with that, it will include the research questions or hypotheses to better
fit into the specific research area.
Chapter 2: Literature Review: This chapter basically gathers all the information
required for conducting the study in a successful manner. For this purpose, the study involves
detail review of existing literature relevant to the study area (Kumar, 2019). In addition to

13EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
that, it also critically reviews and evaluates the information collected from the various
secondary sources such as online websites, e-journals, articles, PDFs, previous research
papers etc.
Chapter 3: Research Methodology: This chapter explains the appropriate way chosen
for conducting the research. To be more precise, it involves the selection and justification of
the most suitable research philosophy, research design and approach. Along with that, this
chapter will also explain how data will be collected and analysed in order to arrive at
effective solutions. The basic types of research methods are quantitative and qualitative,
where interviews and questionnaire surveys are arranged respectively for primary data
collection and analysis.
Chapter 4: Data Analysis and Interpretations: The data analysis chapter involves
proper presentation of the findings, interpretation and discussion of the data. The qualitative
form of data collection involves interviewing a selected group of users for conducting
interview sessions to ask open ended question that can yield relevant and useful amount of
data (Quinlan et al., 2019). Apart from that, the quantitative data is analysed, presented using
charts and graphs (pictorial / graphical representation), and thereby, discussed in relation to
the research aim and objectives.
Chapter 5: Conclusions and Recommendations: The conclusion chapter shows
whether the study has been successfully carried out and what the level of success of the
research is. Along with that, this chapter also summarizes the main points derived from the
results and outcomes as discussed in the previous chapters. Moreover, the chapter also
includes the limitations or weaknesses of the research and suggestions regarding the future
scope of extending the study.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

14EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
1.9 Summary
The cloud computing third parties or the cloud service providers are essentially
responsible for hosting and storing the confidential and important client/ customer data,
records and files of each cloud user. Outsourcing storage and capacity to the third party
essentially relieves the information owner from a huge amount of load, associated risks,
management needs and oversight. However, it comes with a potential issue of retaining
adequate control over that information. Therefore, before the information owner or the
company can properly entrust the cloud providers with its confidential and private
information, it is necessary to assess and evaluate the security framework offered by the
service provider. In this aspect, the study focuses on the various security requirements in a
cloud environment and assess the existing security solutions and mechanisms. The present
chapter has clearly depicted the research aim and objectives for conducting the study along
with the rationale and primary purpose behind it. Moreover, the chapter has also presented a
broad overview of the security aspects in cloud computing environments.

15EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Chapter 2 – Literature Review
2.1 Introduction
Cloud computing refers to a kind of computing infrastructure that is constituted with a
collection of mutually interconnected nodes, servers, networks, various hardware and
software services and applications dynamically run by different users through networks.
Users are able to access the cloud services over the networks based on the performance,
availability, capability and QoS (Quality of Service) requirements of those applications. The
concept of cloud computing refers to the services and applications delivered across the
network or internet as well as the system software and hardware in the data centre that host
these applications and services (Ali, Khan and Vasilakos, 2015). In other words, the overview
or main concept of cloud involves the technology behind a distributed data processing with
high scalability and capacity provided to more than one external customer (also known as
cloud users) through the help of internet.
2.2 Cloud Computing Basic Concepts
Cloud computing model enables convenient, ubiquitous, on-demand network access
to a pool of shared computing resources, which involves servers, storage, networks,
applications and services (Ardagna et al., 2015). These cloud services can be easily
provisioned with minimal effort and management and in a far more efficient and cost
effective manner. According to Chouhan and Singh (2016), the fundamentals of cloud
computing paradigm is based on ‘reusability of IT capabilities’. The traditional concepts of
‘grid computing’, ‘utility computing’, ‘distributed computing’ or ‘autonomic computing’ are
brought to broader horizons across the organizational boundaries by the cloud computing
approach.

16EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
2.2.1 Cloud Computing Service Models
There are three different types of cloud service models for hosting, building and
consuming the cloud computing facilities. These service models are discussed as follows:
Software as a Service (SaaS): The SaaS model offers a complete application solution
directly to the customers on demand. A service that is running on the cloud serves multiple
end users who access that service. The SaaS model does not require the customers to make
upfront investment in software or server licenses. On the other hand, the cloud service
provider’s investments also reduce potentially, as only one single application is hosted and
maintained. There are several cloud service providers offering SaaS including Google,
Microsoft, Salesforce and Zoho. According to Gordon (2016), cloud providers host, package
and deliver the cloud software applications through the internet. In addition to that, by
adopting the SaaS model, organizations can offload the maintenance and management costs
over to the vendor. Some famous SaaS applications include email software hosted in the
cloud or customer relationship management software.
Figure 1: Different cloud computing models
(Source: De Carvalho et al., 2017)

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

17EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Platform as a Service (PaaS): In the PaaS model, a cloud provider offers a layer of
software or a software development environment, which is encapsulated as a service. Using
this environment, many higher level of applications or services can be developed. In other
words, the vendor hosts and runs the cloud infrastructure that the users can independently use
in order to build their own web applications (Islam, Manivannan and Zeadally, 2016). The
PaaS service providers typically offer a predefined combination of application servers and
operating system (OS) to achieve the scalability and manageability requirements. For
instance, Force.com, Google’s App Engine, LAMP platform (Apache, Linux, MySql and
PHP), Ruby, restricted J2EE etc. are some of the PaaS examples. The PaaS model is typically
geared for the software developers and IT professionals. A cloud based application
development platform is rented out by the service provider, which can be used by the
developers to build and deliver applications (Ferris & Red Hat Inc, 2015). Therefore, the
PaaS cloud framework offers an integrated, efficient, effective and easy platform to build,
develop, customize and deploy web applications and services.
Infrastructure as a Service (IaaS): Infrastructure as a Service (IaaS) cloud service
providers manage and deploy virtualized and pre-configured hardware in order to enable the
users to spin up computing power without the need of labour intensive hardware investments
and server management (Kirti et al., 2017). For instance, EC2 (Elastic Compute Cloud)
offered by Amazon Web Services (AWS) provides IaaS model that covers servers,
networking, storage as well as virtualization components. On the other hand, the IaaS cloud
users are only subject to the installation and maintenance of the databases, operating systems
(OS), applications and security components. Apart from AWS, some of the other examples of
IaaS cloud include Microsoft Azure, Cisco Metapod, Joyent and Google Compute Engine
(GCE) (Ramachandran and Chang, 2016). IaaS gives the users with an opportunity to build a
virtual data centre in the cloud with adequate amount of resources and capabilities.

18EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
2.2.2 Cloud Computing Deployment Models
According to Lins et al., (2016), the rapid adoption of cloud computing will result in a
total drive out of the traditional on-premises infrastructure by the 2020. For the software
developers, cloud is becoming the default option for deployment purpose. The main
advantages of cloud computing can be availed only if the concerned organization chooses the
most appropriate and suitable deployment model that matches with their business. In this
context, the four major types of cloud deployment models are discussed as follows:
Public cloud: Public cloud deployment model allows the public users to access the
systems and services. Some companies who offer public cloud facilities include IBM,
Amazon, Google, Microsoft etc. Public clouds are most commonly used in application
development and testing as well as for non-critical activities such as email service, file
sharing etc. A public cloud deployment model can be managed, owned and operated by a
particular academic, business and government organization (Ouedraogo et al., 2015). The
public cloud is located on the cloud service provider’s premises. In order to utilize the
offerings of a public cloud, the clients are required to follow a specific set of Service Level
Agreements or SLAs. The third party cloud providers deliver these public cloud services
mostly at pay-per-use or pay-as-you-go schemes (Khan and Tuteja, 2015). The primary
applications of public cloud deployment include online storage, Wikis, public blogs, SaaS
(Software as a Service) applications, online backup and restore process, batch processing
jobs, customer facing web pages and so on.

19EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Figure 2: Public cloud deployment model
(Source: Kalaiprasath, Elankavi and Udayakumar, 2017)
Private cloud: Private clouds offer high level of security, scalability and flexibility to
the users. This type of cloud is typically owned by one single organization that mainly
focuses on protecting the confidentiality and privacy of the particular organization and its
data. Compared to public clouds, private clouds are more expensive. There are two individual
kinds of private cloud, such as on-premises private cloud and externally hosted private cloud.
On-premises private clouds are hosted internally by the organization’s own data centre (De
Benedictis et al., 2016). On the other hand, a third party cloud service provider, who is
responsible for the security and control of the client company’s data, hosts the ‘externally
hosted private clouds’. The major services provided by these private clouds include
virtualization, multi-tenancy, access control, consistent deployment, security, chargeback,
and pricing. This deployment model is implemented in a secured environment guarded by
firewall and VPN mechanisms under a specifically dedicated IT department’s surveillance of
the organization. There are multiple private cloud solution providers such as Red Hat, Dell
Cisco, IBM and Amazon (Choo, Rana, and Rajarajan, 2017).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

20EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Figure 3: Private cloud deployment model
(Source: Khan and Al-Yasiri, 2018)
Hybrid cloud: The hybrid cloud model is composed of two or more types of cloud-
based infrastructure such as public, community or private clouds. These models have their
individual entities. However, these separate models are amalgamated through a standardized
technology enabling proper portability of applications and data. Organizations usually rely on
private clouds for handling critical and sensitive tasks. The use of virtualized cloud server
instances and physical hardware together provides a single service (Kazim and Zhu, 2015). It
is one of the most complicated cloud infrastructures in terms of managing the configuration
for the modern companies. This type of cloud also provides on-demand services to the users.
However, it requires adequate IT proficiency and deeper enterprise modernization. The
adoption of hybrid cloud is bases on several factors including the level of control over data,
data security and compliance requirements (Ab Rahman and Choo, 2015). It is possible for
the provider to overcome the boundaries by cross isolation.

21EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Figure 4: Hybrid cloud deployment model
(Source: Almorsy, Grundy and Müller, 2016)
Community cloud: A group of organization is responsible for using and controlling
the community cloud, which in turn is mostly commonly hosted and managed either by a
third party cloud provider or internally by the organization itself. The shared infrastructure
shared by a specific group of companies, which have certain similarities in terms of industrial
backgrounds and similar requirements of security, mission, IT policies and compliance
(Bratterud, Happe and Duncan, 2017). Community clouds may exist on-premises or hosted
externally by cloud providers. The community cloud involves integration and cooperation of
IT resources and infrastructure from the group of several organization. The deployment of
community clouds may be used for typical large inter-organizational projects (Cook et al.,
2018). The benefits of such deployment model are cost reduction, easy of collaboration and
data sharing, improve privacy, security and reliability. Some of the examples of companies
that offer community cloud solutions include Microsoft, IBM, Red Hat and Google.
2.3 Advantages of Cloud Computing
Cloud computing benefits an enterprise in many different perspectives. The
advantages of cloud computing are:

22EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Cost Saving: The main motive of a business is to earn more income keeping the
principal and investments at their minimum level (Aljawarneh and Yassein, 2016). Cloud
computing helps a business to reduce the amount of investment by reducing the cost of the
central storage system of the business and also reduces the cost of the application required.
Reliability: Cloud computing is highly reliable in a well-controlled service program.
Most of the providers allow 99.99% and 24/7/365 availability which is guaranteed by Service
Legal Agreement (Van Eecke 2013). An enterprise can utilize the quick failover tool of cloud
computing which means that if a desired server fails then the hosting applications and the
services are transferred to the accessible servers.
Manageability: Cloud computing allows enriched and simplified IT services. Main
administrator of resources maintains these services; SLA backed contracts and the
infrastructure. The infrastructure updates and the service providers carry out the maintenance
who gives a simplified web based interface to access applications, facilities, and software
without installation. SLA confirms the well-timed management, maintenance and delivery of
the IT services (Chang Kuo and Ramachandran, 2016).
Strategic edge: Cloud computing allows a positive competitive strategy of an
enterprise as the time requirement of IT attainment is nearly zero. Cloud computing allow an
enterprise to focus on the key objective of the business and allow the enterprise to not deal
with the technology.
2.4 Security in the Cloud
Along with the potential benefits in information technology through the cloud service
models, there are a number of risks associated with cloud performance. Therefore, the cloud
providers are responsible for taking proper care of the systems and data security in a typical
cloud based environment (Erl, Cope and Naserpour, 2015). There are certain policies and

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

23EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
mechanisms for governance and management in order to handle these security issues. These
include authentication, cryptography techniques and virtualization methods. However, these
technologies have certain vulnerabilities in themselves in terms of their state of the art
implementations. Cloud services are typically run in a shared infrastructure, which may lead
to a potential increase in the vulnerabilities and as a result, security threats can happen.
Threats and risks in a cloud based environment may be related to unauthorized data access,
compliance issues, authentication failure, compromise of data integrity, confidentiality,
availability and encryption techniques (Ibrahim, Hamlyn-Harris and Grundy, 2016). Apart
from that, there are many other security related risks associated with cloud computing such as
lack of standards, poor third party management, ambiguous SLA (Service Level Agreement)
between consumer and service provider, performance issues, virtualization risks, problems
with auditing procedures and compliance regulations and laws (Vacca, 2016).
2.4.1 Types of Security Threats and Risks in Cloud Computing
Cloud computing is one of the latest emerging innovations of recent times and it has
some security threats which are recognized by CSA (Cloud Security Allowance). The cloud
user or consumer needs to depend on the cloud service provider in terms of ensuring security
and privacy of their data and system (Tari et al., 2015). On the other hand, the cloud provider
needs to take proper responsibility for protecting the data and applications of its clients. In
order to establish adequate data efficiency and data availability, the third party provider
replicates and stores the data in a public cloud environment. The security risks of Cloud
computing are as follows:
Data breaches: Data breach is the unauthorized method of releasing secure or private
information to an untrusted environment. Data breaches involve personal information,
financial information, intellectual property and trade secrets of the enterprise. Some of the
recent incidents of data breaches are- i) BitDefender, an antivirus firm suffered a data breach

24EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
incident in 2015 where the username and the password of its customers are stolen (Cluley,
2019) ii) The law maker of South Korea claimed that the hackers of North Korea stole over
235 GB of confidential information in September 2016. iii) On December 3, Quora claimed
that they faced data breach, which affected the data of hundred million users (Chacos, 2019).
Data breach is the topmost security concern of cloud computing.
Figure 5: types of data breaches and the percent of incidents of its type
(Source: Romanosky, Hoffman and Acquisti 2014)
Human error: Human error is the topmost risk regarding system availability. A
recent research states that 53% cloud computing attack are carried out by the organization’s
insiders where people deliberately delete or overwrites some important data of the
organization.
DDoS (Distributed Denial of Service) attacks: DDoS amplification attack is one of
the cloud computing threat globally. It is an attack where an attacker accesses an open DNS
to engulf the target server with a huge amount of traffic. A bot carries the attack who makes a
request on the open DNS with respect to spoofed IP address which has been changed by real
outsource IP address of the targeted system (Zhou et al., 2017). To generate a high traffic, the
culprit structures the request in such a way that target server receives a greater response from

25EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
the DNS resolvers. On 28th February 2018, GitHub, a code hosting site suffered a DDoS
attack which exploit 1.35TBs of information.
Figure 6: A DDoS attack
(Source: Anagnostopoulos et al. 2013)
Insecure APIs: The last asset of an organization outside the trusted boundary are the
API (Application Programming Interfaces) which uses public IP address and are mostly liked
by the attackers to breach any information. Organization uses API to allow customer to
interact, accomplish and extract information from cloud. A recent cloud attack due to
insecure API was at Moonpig (Krishnan 2017). API are the only front door for public it
should be properly maintained with sufficient verification, authorization and encryption.
2.4.2 Types of Security Solutions in Cloud Computing
Cloud needs to be secure as it contains huge information of the enterprise. A
developed and prolong technology is required to secure cloud. The techniques used to secure
data in cloud are as follows:
Authentication Technique: Authentication plays a major role in cloud computing. It
protects the data from unauthorized access. User’s authentication is checked whenever a user

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

26EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
tries to access the cloud service providers (Chang et al. 2014). Some of the authentication
schemes are-
Username and password authentication: To access the data in CSP (Cloud service
provider) user should enter the required username and password in order to access the
information. This type of authentication technique fails because of Brute and dictionary
attacks.
Multifactor authentication: It is a stronger authentication technique, which not only
checks the username and password entered by the user but also checks the biometric input of
the user (Sharma et al., 2017).
Public Key Infrastructure: PKI has a great impact on user working on different
environment where it ensures data confidentiality, strong authentication, data integrity and
non-repudiation.
Biometric authentication: This authentication technique is based on one’s
psychological and behavioral attributes. It is strong authentication techniques as it is using
biological attribute.
Data encryption: To secure data in cloud, data should be encrypted whether they are
in rest or in flight mode. Data encryption is a method of transforming data before it gets
loaded to the cloud storage. Encryption prevents unauthorized access to the system or data
without using decryption key, which makes the method more effective and efficient (Tang et
al., 2016). To secure the data more efficiently cloud data should be backed up locally,
encryption of data should be done with cloud service providers, track the data for Cloud
Deployment and lastly details of all the service provided by the CSP should be clearly
understood.

27EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Malware-Injection Attack Solution: When a user creates an account in the cloud the
service provider captures an image of user’s VM which is stored in the image repository
system. A malware injection attack can be carried out by three different ways.
SQL injection attack: This type of malware attack can be mitigated by employment
of comprehensive data sanitization, usage of web based firewall, limiting the database
privileges with context and applying software patches regularly.
Cross-site scripting attack: This type of malware attack can be mitigated by PHP
antiXSS, HTML purifier, XSSprotect and XSS HTML purifier.
Command injection attack: This type of malware attack can be mitigated by Using of
Escape inputs, performing reviews on codes thoroughly and restricting the allowed
commands.
Cloud Based Disaster Recovery: Cloud DR is a type of strategy of backup and
restore data which is maintained by storing and making a copies of the essential electronic
records present in the environment of cloud computing (Rubóczki and Rajnai, 2015). The
benefits of cloud based disaster recovery are faster recovery, scalability, security and less cost
effective.
2.5 Benefits of the Cloud Security Mechanisms
There are a number of potential benefits of the cloud security solutions offered by the
cloud service providers. A properly defined, formulated and well documented security
solution provides the client organization with the necessary security, privacy, reliability as
well as availability that the company needs for the purpose of conducting its business in a
safe and secure environment (Sen, 2015). For this reason, companies always look for
establishing partnership with the promising private cloud service providers who are capable

28EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
of providing smart and advanced security solutions that will efficiently protect the company’s
data and system security.
Protection against Distributed Denial of Service (DDoS) attacks: The top security
mechanisms implemented by the major cloud service providers extensively focuses on
undertaking proper measures in order to stop excessive amount of network traffic from
entering the client company’s cloud servers (Rittinghouse and Ransome, 2017). These
security methods are dedicated to monitor, absorb and disperse DDoS attacks and thus,
minimize security threats.
Assurance regarding company data security: With the rapid transformation of the
society through technological evolution, data breaches and leaks are ever-increasing
scenarios. Hence, top cloud providers place the right security protocols for protecting the data
and transaction so that no external entities without authorization to access can eavesdrop or
tamper with the company’s confidential data being transmitted across networks.
Ensuring flexibility: The right security solution provided by the cloud service
provider helps the client organization in avoiding potential server crashes by scaling up
security during the periods of high network traffic (Lane, Shrestha and Ali, 2017). Reversely,
when the traffic is back to normal, then the security can be scaled back down to reduce the
expenditure. Thus, the cloud security solutions offer adequate flexibility to the company.
High support and availability: Another benefit of adopting one of the top cloud
security solution providers is to have constant support for the organization’s data and assets.
It also encompasses 24 hours of live monitoring. In addition to that, a part of the security
solution also builds the necessary redundancies in order to ensure availability of the
organization’s website and applications (Khan, 2016).

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

29EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Regulatory compliance: The top cloud providers offer typical security solutions so
enable the client company to maintain and manage the IT infrastructure in accordance with
the policies and regulations in order to protect financial as well as personal data.
2.6 Drawbacks of the Cloud Security Mechanisms
Even though the existing cloud security solutions are indispensable for the modern IT
companies to survive, there are significant studies that have found some noticeable gaps in
the cloud security. With the growing popularity of cloud based solutions, the implementation
of cloud security is becoming the key to protect data (Chang and Ramachandran, 2016).
However, a recent survey conducted to understand the present state of cloud security saw
how well companies are progressing towards a secured cloud environment. In this survey,
some critical gaps in cloud security has been discovered.
Firstly, according to Anomelechi et al. (2018), companies are going for additional
investment for a secured cloud environment, which is leading to a greater complexity and
potential security lapses as consequences. For instance, more and more companies are opting
for multi-cloud strategies, which mean they will run their workloads on several different
cloud provider’s platforms. As a result, the company’s cloud landscape becomes increasingly
complex and distributed from a security perspective. The nuances naturally increase, as the
different providers will involve different security controls and best practices in place.
In relation to this phenomenon, as the complexity of those multi-cloud environments
keep on increasing, it is becoming more and more challenging to maintain a consistent and
strong security throughout the multi-cloud infrastructure (Betz et al., 2015). More so,
because, the multi-cloud environment is rapid and temporal where different security
mechanisms work on the different portions of the hybrid cloud. For instance, anti-malware
security mechanism may work the best for a certain part, while intrusion prevention systems

30EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
is the most effective technique in some other part. In addition, the encryption technique may
also be necessary for another portion of security capability. Therefore, the total cost of
implementing all those security controls altogether potentially increases.
Another gap identified in the cloud security is associated with the use of the right
security tool at the right time. To be more precise, the tools that companies choose often fail
to accomplish the goal (Ahmad, 2017). These include automation via DevOps tool
integration, prevention of a configuration or software vulnerability, getting visibility into the
system-level activity etc. In other words, if the right security tool is not used, it is often
impossible to identify and detect the red flags.
2.7 Summary
In the modern age of technological development, establishing sufficient security in a
cloud environment is a complex challenge. Hence, cloud security is the top concern for
companies with respect to cloud adoption. A majority of the organizations are significantly
suffering from bottom line consequences for potential lack of comprehensive abilities. While
most businesses are exponentially moving towards cloud based solutions due to the powerful
capabilities of the cloud architectures, they are also exposing themselves to a new universe of
security threats and issues. In this concern, this chapter has looked into the various types of
cloud security risks and the associated security measures for protecting the company from
those identified risks.

31EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Chapter 3 – Research Methodology
3.1 Introduction
The research methodology chapter defines the most effective way that can be
undertaken for attaining a successful completion of the research process. According to Luna
et al. (2017), the various concepts and theories adopted in the research method dive deep into
the topic of the study in order to execute a better analysis and findings of the key factors
associated with the research. In addition to that, the implementation of a proper research
method enables the understanding of the main aspects of the topic, ‘effectiveness of forensics
or security in cloud computing’. However, Mackey and Gass (2015) pointed out that even a
detailed research method may lead to some common errors or mistakes, which in turn may
limit the scope or rightness of the research process. In this study, the researcher has discussed
about the individual aspects of the method including the research philosophy, research design
and approach for analysing the effective of cloud security with an aim to identify potential
security issues and thereby, propose some useful recommendations.
3.2 Method Outline
This particular chapter discusses about the several techniques to analyse and identify
the pros and cons of the major security solutions offered by the top cloud service providers.
In other words, the research method will be selected in such a way so that it takes the whole
study towards the proper direction. For this purpose, the selected research philosophy is
dedicated to gain adequate information for proper evaluation of the topic. Furthermore, the
appropriate research approach serves to conduct the study based on a specific type of data
collection process (Kumar, 2019). Descriptive design on the other hand, defines the used and
applied theories and ideas for further analysing the impact of the topic as well. Apart from
that, the selection and application of primary and secondary sources will help gather relevant

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

32EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
and useful data and information about the study topic. In case of conducting a primary data
collection process, it is important to select a particular sample size for carrying out the study
by following a quantitative and a qualitative analysis process.
3.3 Research Philosophy
The research philosophy determines the proper approach to gather effective
information about the research topic. In this context, Quinlan et al. (2019) has discussed that
the purpose of a research philosophy is to explain the assumption process in order to evaluate
the key elements of the topic. In this respect, the appropriate philosophy needs to be selected
so that it is effective and in proper alignment. The epistemology of research philosophy is
categorized into three common forms such as realism, interpretivism and positivism.
Positivism research philosophy allows the application of the most suitable logic that
potentially analyses the hidden factors and components in a scientific way. On the other hand,
the interpretivism philosophy defines the human qualitative behaviour for studying the most
crucial factors associated with the study. Therefore, this philosophy does not take into
consideration the scientific method of conducting a research, unlike the positivism research
philosophy. According to Walliman (2017), a mixed approach consisting of both these
philosophies constitute the realism research philosophy. It explains the human belief system
by studying the interactions of man with the reality.
3.3.1 Justification for selection of the chosen Philosophy
In the present study, the positivism philosophy is applied in order to execute a proper
analysis of the crucial factors associated with the effectiveness of cloud security solutions and
their role in ensuring proper protection to organization’s business. Apart from that, there is
the limitation of time constraint in this study. Hence, it was not possible to apply the realism

33EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
or interpretative type of philosophy (Flick, 2015). Moreover, the selection of positivism will
allow to quantify the collected information with minimal error as well.
3.4 Research Approach
A proper approach to conduct the research is essential in terms of ensuring a detailed
analysis of the facts and information associated with the research topic. The study can be
undertaken by following either one of the two research approaches, namely, the inductive and
the deductive research approach. The inductive research approach is effective when there is
not enough data available. The inductive approach involves observation in its initial phases in
order to gain useful data for building an effective path to conduct the research. On the other
hand, Mahboob, Zahid and Ahmad (2016) noted that the deductive approach mainly
describes the practical application of the concepts and ideas associated with the topic of the
study from various secondary sources. The deductive approach is more inclined towards
building theories for data analysis. However, depending upon the nature of the study, the
most suitable research approach is selected as follows.
3.4.1 Justification for selection of the chosen Approach
In the present research, the selected approach is deductive because it helps in
identifying and understanding the theories and concepts related to cloud computing security.
In other words, the deductive approach will allow the research to gain adequate information
about the topic and thereby, achieve a deeper level of insights into the primary or key factors
associated with cloud security. In this context, identifying and analysing the different types of
security issues, risks and threats is possible through deductive approach (Mackey and Gass,
2015). Moreover, it is possible to identify the existing issue, as the deductive approach does
not consider any new concepts, methods and theories.

34EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
3.5 Research Design
Walliman (2017) stated that the research design explains the necessary framework
that best suits the nature of the topic. It in turns helps in the selection and collection process
of relevant data along with applying the proper analysis pattern. During the process of data
collection, it is essential to apply a specific research design for better results. In this respect,
the main types of research designs are explanatory, exploratory and descriptive.
The exploratory design acknowledges different types of thoughts and ideas associated
with the research paper. On the other hand, the explanatory research design explains the
occurrence of events and incidents associated to the impacts (Flick, 2015). Due to the nature
of the study being limited, the descriptive design aims to gather details to enable proper
description of the topic.
3.5.1 Justification for selection of the chosen Design
In this study, the application of explanatory research design was avoided because the
nature of the research is not longitudinal. On the other hand, the descriptive type of design is
useful in terms of defining the detailed process associated with the impact of cloud security
and its implications on the organization’s data security. In this regard, the extent of issues
identified in the existing concepts and ideas is effective to scrutinize the details aptly with the
help of descriptive research design.
3.6 Data Collection Process
In this research, relevant secondary and primary data related to the particular research
topic is collected that points out the important facts and information required for studying the
topic. According to Kumar (2019), data collection is useful in deriving accurate outcome of
the research that enables a standard format to conduct the research.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

35EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
3.6.1 Data Sources: Primary and Secondary
The data sources are of utmost useful elements to gain deep insights into the research
topic and extract relevant details on the topic that reveals meaningful information based on
the requirements. The study will involve both types of data sources including primary and
secondary sources. According to Quinlan et al. (2019), the use of primary data is necessary in
case of collecting raw information that can be catered directly in accordance with the need of
the research topic. However, as it is a type of first hand data collection, therefore, it needs
adequate amount of clarification regarding its validity and reliability. On the other hand, in
case of secondary sources, data and information is collected from already existing previous
research and studies for the purpose of widening the concept of research for better study and
description of the crucial aspects associated with the topic.
In this research, adequate amount of primary data will be collected from the primary
data sources. The primary data sources will mainly involve multiple organizations who
deploy cloud security solutions to run their business (Kumar, 2019). The collection of
relevant primary information from these primary sources will help in achieving the research
objectives by finding out the gaps. Moreover, several secondary sources will be considered
for this study, which may include previous research articles, dissertations, thesis, journal
papers, websites, blogs, published e-books and so on.
3.6.2 Data Techniques: Qualitative and Quantitative
The data analysis technique can be of two types such as qualitative and quantitative.
According to Mackey and Gass (2015), the qualitative data analysis technique helps in
including hypothetical ideas in the down to earth field that likewise prompts better
comprehension of the point not at all like quantitative technique. On the contrary, the
quantitative data analysis technique then again applies the quantifiable statistical information
that is useful in account information of huge sample sizes. In the present investigation, the

36EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
study will apply a mixture of both the types of analysis techniques viz. qualitative and
quantitative.
3.7 Population and Sample
As per Samarati et al. (2016), population is characterized as the total number of
individuals who are legitimately or by implication included or influenced by the substance of
the study procedure. In other words, a population is a whole gathering about which some data
is required to be found out. While summing up from perceptions made on an example to a
bigger population, certain issues will manage judgment. In the present research work, specific
organizations that deploy and use cloud environments to maintain their business has been
considered as the number of population in the investigation. Nevertheless, the study cannot
involve all organizations and henceforth, a littler portrayal of the population is considered as
sample.
3.7.1 Sampling Method
The sample taken into consideration to study the effectiveness of cloud security
solutions is respectively smaller in number however will meet the needs of the requirements
of the study. The sample considered for the cloud based organizations was selected in a
simple random probability sampling technique. In this technique, no criteria has been
considered (Samarati et al., 2016). On the contrary, again, administrators of were considered
for non-probability sampling procedure. With the assistance of online poll or questionnaire
survey, the organization’s representatives were to participate in the survey. The responses
were dependent on Likert’s scale rating from 1 to 5.
3.7.2 Sample Size
The sample size is partitioned for qualitative and quantitative technique. In order to
study the quantitative research technique, 45organizations who use cloud based solutions

37EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
were involved in the questionnaire survey to gain relevant raw data about the topic of the
study.
For the qualitative analysis technique, 5 managers from top cloud based companies
have been interviewed with open ended and semi structured questions. Subsequently, the all
out sample size of the research work about is 50, involving both the subjective and
quantitative structures.
3.9 Ethical Consideration
Amid the execution of the particular research work, it is important to follow a code of
conduct in order to identify the right and wrong set of practices required to be maintained
amid the study. The study is aimed to analyse the effectiveness of cloud security solutions
offered by the various cloud solution providers. It is endeavoured to pursue couple of moral
and ethical contemplations that can help in adding institutionalization to the exploration
point.
Anonymity of the respondents: It was guaranteed that any type of mental or physical
provocation was not included with the respondents so the identities of the participants were
anonymised and concealed according to the solicitations of the members.
Application of data: Data picked up by means of investigation of the subject is useful
in understanding the present pattern of implementing cloud based security solutions in the
organizational environments. In any case, any business use of the information will be
maintained a strategic distance from with the goal that the discoveries can be carefully
restricted to scholastic reason as it were.
Involvement of the respondents: The analyst attempted to embed no outer effect on
weight over the respondents for partaking in the criticism procedure of the exploration point.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

38EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Respondents with a sense on wilful interest were urged to take an interest in the
accompanying examination subject.
Depending on the list mentioned above, the study will maintain the research ethics
throughout the duration.
3.10 Limitations of the study
Every research has some limitations and this study is no exception. The study
encounters a couple of restrictions that are defines the restricted ability and scope. It is
important to acknowledge the limitations that are directly associated with the research
problem. In this context, the main limitations of the research are underlined as follows:
Time constraint: The nature of the study is cross-section, due to which, there was
potential time limitation associated. The short time span could not allow for the elaboration
and explanation of some deep details of the analysis.
Lack of previous studies: There are few studies carried out in the same topic in the
past. Due to this reason, the literature review cloud not cover all the trivial details and aspects
associated with the topic directly or indirectly. However, the literature review has been
constructed based on the existing secondary sources available to create the foundation of the
study.
Sample size: Due to the short time limit allocated for the study, it is not possible to
select a huge sample size including all employees for multiple cloud based organizations
from across different states or countries. Instead, a small sample size relevant to the research
problem has been selected that can represent the larger population significant to the research.

39EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Scope of discussions: The scope of discussion is limited by the time constraints.
Thus, more in depth discussions about each related parts of the findings was not possible
within the choice of research area.
Reliability: The respondents were not forced or pressurized during the survey
participation. However, if there exists any level of partiality or bias in the answers then it is
not possible to figure out.
3.11 Summary
The research chapter has explained the particular methodology that will be adopted
for conducting the detail study and analysis. The positivism research philosophy will be
applied along with the deductive approach and descriptive research design. In addition to
that, a mixture of both the qualitative and quantitative data analysis techniques will be used
on the primary and secondary data sources selected for the present study.

40EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Chapter 4 – Data Analysis
4.1 Introduction
As per the recent studies conducted on this area, the concept of data security in the
cloud is of the highest concern amongst companies. At the same time, these companies are
focusing on successful digital transformation by deploying hybrid cloud strategy, SDN,
multi-cloud strategy etc. However, the IT professionals and IT leaders of these companies
face several challenges regarding security in these new cloud based environments. For
instance, it involves potential difficulties that need high level of IT skills and expertise to deal
with the complex architectures of the hybrid or multi-cloud environments. In this respect, the
CISOs and CIOs need to provide proper security training to educate the non-technical
executives regarding the security measures undertaken to protect the company’s data in the
cloud. In this present study, 45 number of employees from organizations who have deployed
or considering deploying cloud based security solutions have been asked to participate in a
survey, which involves questionnaire about the effectiveness of forensics or security in the
cloud environment. From the survey, several crucial aspects have been identified such as
what the top security threats that the companies are facing and what security framework they
use to mitigate those threats.
4.2 Quantitative Analysis
The present section discusses the results derived from the quantitative data collection
where 45 sample population were associated with a questionnaire survey. Based on their
responses, a thorough quantitative analysis will be conducted in order to understand the
present state of cloud security solutions in these companies, their effectiveness and existing
challenges and issues that they face with the security posture.
Q1. What is your organization's primary cloud deployment strategy?

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

41EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Options No of respondents Total respondents Response %
Single cloud 10 46 18.6 %
Multi cloud 27 46 60.5 %
Hybrid cloud 8 46 20.9 %
Finding & Analysis: As seen from the above chart, more than 60% respondents are
going for multiple cloud service providers for running their workloads. 20.9% of the
population are planning for a hybrid cloud setup. Hence, it is obvious that the associated
complexity of the cloud environment will increase.
Q2. Has your organization experienced a cloud related security incident in the
recent past?
Options No of respondents Total respondents Response %
Yes 21 46 47.7 %
No 15 46 31.8 %
Not sure 10 46 20.5 %

42EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Findings & Analysis: The majority of the respondents (47.7%) have experienced
security incidents in the cloud in the past 12 months. It implies that the cloud environment
needs to adopt multiple security measures each according to the need of the infrastructure
specifications used by the particular company. It depends on the company’s ability to apply
the right security tool at the right time for the right purpose.
Q3. If yes, what type of incident was it?
Options No of respondents Total respondents Response %
Account compromise 3 46 7 %
Vulnerability exploitation 24 46 55.8 %
Malware infection 8 46 16.3 %
Data leak 7 46 16.3 %

43EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Findings & Analysis: From the chart illustrated above, it is seen that the most
common form of security breach is vulnerability exploitation. Apart from that, malware
infection is also seen to be one of the prevailing security threats in companies. Around 16.3%
respondents have experienced data leak issue in their organization in the recent past.
Q4. Are public cloud apps/ SaaS less or more secure than the on-premises apps?
Options No of respondents Total respondents Response %
Public cloud apps are more
secure 26
48 55.3 %
Public cloud apps are less
secure 9
48 19.1 %
About the same 9 48 19.1 %
Not sure 3 48 6.4 %
Findings & Analysis: Around 55.6% participants say that public cloud applications
are less secured compared to the on-premises applications. However, there are basic
differences in security in public cloud vs. on-prem. Unlike on-premises, the security tools in
cloud are interconnected and driven by APIs (Application Programming Interface).
Moreover, on-premises security is not automated.
Q5. How confident are you in your organization’s cloud security posture?

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

44EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Options No of respondents Total respondents Response %
Extremely confident 5 46 10.6 %
Very confident 21 46 44.7 %
Moderately confident 10 46 21.3 %
Slightly confident 8 46 17 %
Not at all confident 3 46 6.4 %
Findings & Analysis: Around 46.7% respondents are very confident in the cloud
security posture adopted by their organizations. Around 20% of them are moderately
confident. This factor typically depends on how well the organization understands the nature
of security breaches and provide security training programs for their employees.
Q6. What are your biggest operational, day-to-day headaches trying to protect
cloud workloads?
Options No of
respondents
Total respondents Response %
Justifying more security spend 7 48 15.6 %
Visibility into infrastructure
security 14
48 31.1 %
Reporting security threats 16 48 35.6 %

45EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
No flexibility 3 48 6.7 %
Setting consistent security
policies 3
48 6.7 %
Cannot identify
misconfigurations quickly 3
48 6.7 %
Compliance 2 48 4.4 %
Findings & Analysis: The majority of the companies (30.2%) are worried about
visibility into the infrastructure security. Apart from that, there are other important concerns
that companies are worried about in their day-to-day operational business for protecting the
cloud workloads. Around 32.6% respondents feel that one of the biggest concern is reporting
security threats.
Q7. Which part of the cloud compliance process is the most challenging?
Options No of
respondents
Total respondents Response %
Going through audit / risk
assessment within the cloud
environment 4
48 9.3 %
Applying / following the
Shared Responsibility Model 19
48 44.2 %
Data quality and integrity in 13 48 30.2 %

46EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
regulatory reporting
Monitoring for new
vulnerabilities in cloud
services that must be secured 5
48 11.6 %
Staying up to date about new/
changing compliance and
regulatory requirements 5
48 11.6 %
Findings & Analysis: According to the chart as illustrated above, around 42.9%
respondents find it the most challenging in applying or following the SRM (Shared
Responsibility Model). Apart from that, a significant number of respondents (28.6%) find it
challenging to maintain data integrity and quality in regulatory reporting.
Q8. What are the main barriers to migrating to cloud-based security solutions?
Options No of
respondents
Total respondents Response %
Budget 4 48 9.1 %
Scalability and performance 17 48 38.6 %
Regulatory compliance
requirements 11
48 25 %
Sunk cost into on-premises
tools 3
48 6.8 %

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

47EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Data residency 7 48 15.9 %
Lack of integration with on-
premises security technologies 3
48 6.8 %
Staff expertise / training 0 48 0 %
Limited control over
encryption keys 2
48 4.5 %
Findings & Analysis: Scalability and performance is the biggest barrier to cloud
based security solutions. Another major barrier is the regulatory compliance requirements to
be met to deploy any cloud security solution. A significant portion (23.3%) of the population
has encountered this barrier.
Q9. What security capabilities have you deployed in the cloud?
Options No of
respondents
Total respondents Response %
Access control 2 48 4.4 %
Anti-virus / anti-malware /
advanced threat protection
(ATP) 14
48 31.1 %

48EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Application protection (WAF,
scanners, etc.) 3
48 6.7 %
Container Security 5 48 11.1 %
Data loss / leakage prevention
(DLP) 4
48 8.9 %
Firewalls / NAC 3 48 6.7 %
Intrusion detection and
prevention 0
48 0 %
Multifactor authentication 2 48 4.4 %
Network encryption (VPN,
packet encryption, transport
encryption) 3
48 6.7 %
Privileged Access Management
(PAM) 3
48 6.7 %
Single sign-on / user
authentication 4
48 8.9 %
VM Backup and Recovery 8 48 17.8 %
Findings & Analysis: Around 31.8% of the organizations deploy antivirus, ATP
(advanced threat protection) and anti-malware to improve their security capabilities. Apart
from that, the other common security technologies seen to be deployed by companies include
WAF (Web Application Firewall), firewalls, container security and DLP (Data Loss

49EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Prevention). Around 9.1% of the selected population chose multifactor authentication as a
common method of security implementation.
Q10. What services & workloads is your organization deploying in the cloud?
Options No of
respondents
Total respondents Response %
Networking & Content
Delivery (virtual private cloud,
DNS, etc) 6
48 13.6 %
Database (relational, NoSQL,
caching, etc) 13
48 29.5 %
Storage (object storage,
archive, backup, etc) 9
48 20.5 %
Runtime 6 48 13.6 %
Business Applications (CRM,
marketing automation, ERP,
BI, project management, etc) 3
48 6.8 %
IT Operations Applications
(administration, backup,
provisioning monitoring, etc) 2
48 4.5 %
Operating System 5 48 11.4 %
Security (Identity management,
access control, data protection,
threat detection, usage &
resource monitoring, anti-
virus, etc) 0
48 0.0 %
Productivity Applications
(email, collaboration, instant
messaging, etc.) 4
48 9.1 %
Developer / Testing
Applications 1
48 2.3 %

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

50EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Finding & Analysis: Many organizations are storing their company databases
containing customer information, employee data, financial corporate data and other
intellectual properties in cloud databases. Apart from that, companies also extensively use
cloud storage and runtime. The IT operation applications are most popular apps after business
apps such as CRM (customer relationship management) that get stored in the cloud.
Q11. What criteria do you consider most important when evaluating a cloud
security solution?
Options No of
respondents
Total respondents Response %
Support 2 48 4.3 %
Performance and effectiveness 23 48 50 %
Ease of use 8 48 17.4 %
Contract / term 4 48 8.7 %
Cost 4 48 8.7 %
Product features / functionality 5 48 10.9 %
Vendor experience and
reputation 3
48 6.5 %

51EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Findings & Analysis: As per the chart as demonstrated above, around 51.1%
respondents consider ‘performance and effectiveness’ the most important criteria to consider
in order to evaluate a cloud security solution. 15.6% respondents think ease of use is another
crucial factor to look upon in case of evaluating the cloud security.
Q12. How do you source cloud security?
Options No of
respondents
Total respondents Response %
Third party cloud security
vendor 6
48 15 %
Cloud provider native security
tools 21
48 52.5 %
Managed services provider 13 48 32.5 %

52EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Findings & Analysis: The majority of the organizations (53.8%) deploying cloud
based models who participated in this survey consider cloud provider’s native tools to source
cloud security. In addition to that, 33.3% respondents prefer managed services provider for
sourcing the cloud security solutions for their organization.
Q13. How would you rate the percentage of failure of your cloud security tools?
Options No of respondents Total respondents Response %
1 - 20 % 6 48 13 %
21 - 35 % 17 48 37 %
36 - 50 % 9 48 19.6 %
50 - 65 % 8 48 17.4 %
Above 65 % 6 48 13 %
Findings & Analysis: The survey has derived that the rate offailure of the cloud
security tools is around 21% to 35%. It is evident that the proper application of the right tool
for the right type of need is mandatory to successfully mitigate the risks.
Q14. How many active cloud provider accounts are currently in use in your
organization?

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

53EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Options No of respondents Total respondents Response %
1 3 48 17.6 %
2 5 48 29.4 %
3 5 48 29.4 %
4 2 48 11.8 %
Multiple 1 48 5.9 %
Not sure 1 48 5.9 %
Findings & Analysis: The majority of respondent organizations (31.3% of the
selected population) utilize at least 2 to 3 cloud provider accounts to manage their entire
cloud services and workloads. Hence, it is evident that, compared to single clouds, multi-
cloud and hybrid cloud environments are becoming more and more popular day by day.
Q15. How would you rate your team’s overall security readiness?
Options No of respondents Total respondents Response %
Above average 5 48 10.9 %
Average 35 48 76.1 %
Below average 6 48 13 %

54EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Findings & Analysis: As per the pie chart illustrated above, most of the companies
have rated their organization’s security readiness as average. On the other hand, a number of
respondents (around 13.3%) also said that their security readiness is below average.
Therefore, the team’s readiness to react to any type of security incident is a crucial matter.
Q16. How effective is your current cloud security training program?
Options No of respondents Total respondents Response %
Very effective 3 48 6.4 %
Somewhat effective 23 48 48.9 %
Neither effective or
ineffective 11
48 23.4 %
Somewhat ineffective 6 48 12.8 %
Very ineffective 1 48 2.1 %
Note sure 3 48 6.4 %

55EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Findings & Analysis: Most of the companies have a somewhat effective solution to
protect the security of the cloud environments. While 50% agreed that, the existing security
policies and procedures currently being followed in their organization is effective, 23.9% of
them said that the existing security solutions are neither effective not ineffective.
Q17. How many employees work at your company in total (worldwide)?
Options No of respondents Total respondents Response %
Fewer than 10 1 48 2.2 %
10 – 99 19 48 41.3 %
100 – 499 4 48 8.7 %
500 - 999 10 48 21.7 %
1,000 – 4,999 6 48 13 %
5,000 – 10,000 3 48 6.5 %
Over 10,000 3 48 6.5 %

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

56EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Findings & Analysis: Most of the organizations that participated in the survey
involved more than 500 and less than 5000 employees across the geographical boundaries.
They have already deployed a specific cloud deployment strategy (single cloud, hybrid cloud
or multi-cloud) of their choice. Along with that, many companies also use the IaaS
(Infrastructure as a Service) as well as the SaaS (Software as a Service) service models for
managing the different types of workloads.
Q18. What is your job title?
Options No of respondents Total respondents Response %
Specialist 2 48 4.4 %
Manager / Supervisor 15 48 33.3 %
Consultant 8 48 17.8 %
Director 3 48 6.7 %
Owner / CEO /
President 5
48 11.1 %
CTO, CIO, CISO,
CMO, CFO, COO 3
48 6.7 %
Vice President 3 48 6.7 %
Project Manager 6 48 13.3 %

57EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Findings & Analysis: As seen in the chart demonstrated above, in the survey
undertaken by the researcher in this paper, the participants’ population mostly involved IT
managers, executives and supervisors of various companies. Apart from that, there were
consultants, project managers, specialists, CTO, CIO, CISO and two directors.
4.3 Issues identified
From the quantitative analysis, the survey has found that many companies are
experiencing potential gaps in their cloud security adoption. In addition to that, there are a
number of barriers to implementing the most effective and cost-efficient cloud security
solutions. The survey indicated that the majority of the IT managers and executives do not
know how many shadow IT apps their organization has. The outcome has further showed
how companies are presently approaching towards cloud security, including the obstacles that
are preventing cloud adoption, cloud visibility and compliance.
The cloud security providers are mostly evaluated through their ability to provide
adequate compliance frameworks or customer reviews as well as their reputation or brand
names. Another potential challenge faced by these companies is the frequent changes in the
regulatory framework that they need to follow and stay updated on. From the survey results,
it has been noticed that the majority of the IT managers and project executives feel that the
often times the cloud service providers does not offer the necessary components with their
cloud infrastructure and services. It may include operational certifications, expert audits,

58EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
usage and inventory reports of the subscription owner etc. Apart from that, the biggest
concerns amongst the companies in their day–to-day operations to protect the cloud
workloads include the lack of integration with on-premises technologies, lack of qualified
staff, inability to identify misconfigurations in a timely manner, increasing complexity and
most importantly, setting consistent security policies across the multi-cloud environments.
The companies are extensively storing their confidential data in the cloud
environment. This data include the organization’s intellectual property, financial corporate
data, employee data, invoices, contracts and so on. However, they face significant barrier in
applying the traditional security tools in the cloud because of their limited functionality.
Moreover, the respondents jointly agreed on a number of factors that pose as barriers to
migrating to the cloud security solutions. For instance, deploying a smart security technology
in the cloud essentially requires expensive staff training, imposes limited control over the
encryption keys, reduces flexibility as well as introduces sunk cost into the on premises tools.
One more challenge frequently encountered in a cloud security model is applying and
following the Shared Responsibility Model (SRM). Moreover, organizations do not have
proper visibility into the shadow IT app numbers, user logins, or DLP (Data Loss/ Leakage
Prevention) policy violations associated high risk uploading and downloading. In addition to
these bottlenecks, companies usually face lot of difficulties in integrating DevOps
(Development and Operations) chain due to inconsistent environments (different
configurations in the dev test and prod environments).
4.4 Summary
This chapter has summarized the entire quantitative survey undertaken on the research
topic involving 50 respondents. The respondents were IT managers, supervisors, executives,
consultants, CTO and CISOs belonging to the different organizations that are well versed
with the cloud computing capabilities and either already deployed or planning to deploy

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

59EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
cloud in the near future. The analysis has revealed the major security challenges and barriers
to adopt the perfect security measures and employ the required security components in the
cloud environment. The purpose of this chapter was to identify the particular issues with the
existing cloud security so that relevant recommendations to address those issues can be
presented.

60EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Chapter 5 – Conclusion and Recommendations
5.1 Conclusion
With the rapid adoption of cloud based environments by companies worldwide, the
security issues associated with the cloud are attracting a great deal of attention. Many security
solutions exist that are offered by the various cloud providers. Many security solutions are
also evolving. The vast areas of cloud security such as virtualization, data protection,
information security etc have captured massive importance in the academics and research
industries. However, in this context, this particular study has tried to focus on the major
factors of cloud security that need more improvement in the future. For this purpose, the
primary data analysis carried out in this study has shown that many companies are struggling
with applying the best suited security solutions for their cloud environments. With the
growing advancement in the cloud, the complexity is also growing. This in turn creates a
significant number of issues that cloud security users need to think about.
5.2 Linking with the Objectives
Based on the collected data, the linking between the research objectives and the
practical application has been established successfully. It has properly justified the credibility
of the study undertaken on the selected topic of investigation of the effectiveness of forensics
or security in the cloud environment.
Linking objective 1: To identify cloud security issues and challenges
As identified in the survey, the majority of organizations agree that, there are multiple
potential security challenges and issues they have to deal with on a regular basis. The various
security issues involved in a public cloud environment mostly include data leak, security

61EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
breach, vulnerability exploitation, malware infection and account compromise. These threats
require adequate contingency measures, which need to be provided by the cloud service
providers. Apart from that, the primary analysis has also made it possible to identify other
challenging security issues and barriers to migrating to the cloud computing environments.
Linking objective 2: To identify the solutions to the security threats and
vulnerabilities
As found in the survey, several organizations look for the proper security tools and
technologies available with the service providers as well as native tools in order to address
the security threats and vulnerabilities. The cloud security solutions are becoming more and
more important with the growing age of information exposure. There are a number of
different tools that organizations are using to meet the purpose.
Linking objective 3: To understand the effectiveness of basic security solutions of
cloud providers
The survey has involved multiple questions targettedtowards understanding the
effectiveness of the existing cloud security solutions. In this aspect, it is found that many
times IT managers are not sure about which tool to use for which security incident. The cloud
service provider’s contract should be more transparent and clearer in order to enable greater
effectiveness of the security solutions. In other words, the existing security gaps in the basic
solutions can be overcome by following some smart rules. These have been discussed in the
recommendations section.
Linking objective 4: To propose recommendations to improve cloud security
As per the outcome of the undertaken primary study, along with the previous chapter
of literature sources review, several suggestions and recommendations have been proposed in

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

62EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
this paper, which target the identified issues in cloud security. The major security gaps as
identified through the survey can be mitigated by means of following certain smart best
practices to implement cloud security in a multi-cloud or hybrid cloud environment. In
addition to that, the existing security measures and technologies can be used more efficiently
and effectively to the fullest benefit of a particular organization.
5.3 Recommendations
As illustrated in the sections above, the survey has found a number of issues in the
existing cloud security solutions being used by organizations across different backgrounds.
However, based on the research carried out with the help of secondary sources, and adding
some useful answers to the problematic factors in the concerned area, below are some
relevant recommendations to consider in order to improve the state of cloud security and
successfully address the identified issues.
Provide sufficient training to the employees: through social engineering techniques
(spoofing, phishing, spying etc), hackers can manage to steal or hack employee credentials.
Hence, companies essentially require providing high degree cyber security training to the
employees.
Create smart employee off-boarding: Employees of a company is likely to have
access to several different cloud platforms, services and applications. It is crucial to ensure all
access rights to the company’s data, systems, intellectual properties and customer information
are revoked immediately for each departing employee.
Log, monitor and analyze user activities: The provider should allow visibility to the
environment log to see the entire traceability management of access profiles and user
activities. Consistent monitoring is required for spotting irregularities such as login in from
an unknown IP.

63EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Use the right security tools and services: After gathering sufficient working
knowledge of the cloud service provider’s security capabilities, it is recommended to go
through the ISO series of standards in order to determine the best fitted security technologies.
Additional security tools such as Skyhigh Networks and BitGlass are also helpful for
establishing transparent protection, tracking and encryption.
Have details in the SLA contract: The contract should allow log retention and the use
of log collectors. Moreover, it is beneficial to keep a security point person during the entire
contract period. The Contract should detail the process of data disposal, responding to legal
requirements and how much infrastructure / environment is shared with other clients.
5.4 Future Scope of the Study
The research can further be extended to focus on the state of cloud security country
wise. The sample size can also be significantly increased in order to allow a more accurate
representation of the population. Apart from that, a more elaborate qualitative analysis can be
included in the future scope of this study in order to understand the various individual
opinions and views of the IT managers and executives.

64EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
References
Ab Rahman, N.H. and Choo, K.K.R., 2015. A survey of information security incident
handling in the cloud. computers & security, 49, pp.45-69.
Ahmad, N., 2017, March. Cloud computing: Technology, security issues and solutions.
In 2017 2nd International Conference on Anti-Cyber Crimes (ICACC) (pp. 30-35). IEEE.
Alenezi, A., Zulkipli, N.H.N., Atlam, H.F., Walters, R.J. and Wills, G.B., 2017, April. The
impact of cloud forensic readiness on security. In International Conference on Cloud
Computing and Services Science (Vol. 2, pp. 539-545). Scitepress.
Ali, M., Khan, S.U. and Vasilakos, A.V., 2015. Security in cloud computing: Opportunities
and challenges. Information sciences, 305, pp.357-383.
Aljawarneh, S.A. and Yassein, M.O.B., 2016. A conceptual security framework for cloud
computing issues. International Journal of Intelligent Information Technologies
(IJIIT), 12(2), pp.12-24.
Almorsy, M., Grundy, J. and Müller, I., 2016. An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Anagnostopoulos, M., Kambourakis, G., Kopanos, P., Louloudakis, G. and Gritzalis, S.,
2013. DNS amplification attack revisited. Computers & Security, 39, pp.475-485.
Anomelechi, N., Cooper, W., Duncan, B. and Lamb, J.D., 2018. A Management View of
Security and Cloud Computing. CLOUD COMPUTING 2018, p.35.
Ardagna, C.A., Asal, R., Damiani, E. and Vu, Q.H., 2015. From security to assurance in the
cloud: A survey. ACM Computing Surveys (CSUR), 48(1), p.2.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

65EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Betz, L.N., Ho, W.J., Lingafelt, C.S. and Merrill, D.P., International Business Machines
Corp, 2015. Providing security services within a cloud computing environment. U.S. Patent
9,129,086.
Bratterud, A., Happe, A. and Duncan, R.A.K., 2017, February. Enhancing cloud security and
privacy: the Unikernel solution. In Eighth International Conference on Cloud Computing,
GRIDs, and Virtualization, 19 February 2017-23 February 2017, Athens, Greece. Curran
Associates.
Chacos, B. (2019). Quora data breach FAQ: What 100 million hacked users need to know.
[online] PCWorld.
Chang, D.Y., Benantar, M., Chang, J.Y.C. and Venkataramappa, V., International Business
Machines Corp, 2014. Authentication and authorization methods for cloud computing
security. U.S. Patent 8,769,622.
Chang, V. and Ramachandran, M., 2016. Towards achieving data security with the cloud
computing adoption framework. IEEE Transactions on Services Computing, 9(1), pp.138-
151.
Chang, V., Kuo, Y.H. and Ramachandran, M., 2016. Cloud computing adoption framework:
A security framework for business clouds. Future Generation Computer Systems, 57, pp.24-
41.
Choo, K.K.R., Rana, O.F. and Rajarajan, M., 2017. Cloud Security Engineering: Theory,
Practice and Future Research. IEEE Transactions on Cloud Computing, 5(3), pp.372-374.
Chouhan, P. and Singh, R., 2016. Security attacks on cloud computing with possible
solution. International Journal of Advanced Research in Computer Science and Software
Engineering, 6(1).

66EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Cluley, G. (2019). 2018 – A Year of Data Breaches in Review. [online]
Businessinsights.bitdefender.com.
Cook, A., Robinson, M., Ferrag, M.A., Maglaras, L.A., He, Y., Jones, K. and Janicke, H.,
2018. Internet of cloud: Security and privacy issues. In Cloud Computing for Optimization:
Foundations, Applications, and Challenges (pp. 271-301). Springer, Cham.
De Benedictis, A., Casola, V., Rak, M. and Villano, U., 2016, September. Cloud security:
From per-provider to per-service security slas. In 2016 International Conference on
Intelligent Networking and Collaborative Systems (INCoS) (pp. 469-474). IEEE.
De Carvalho, C.A.B., de Castro Andrade, R.M., de Castro, M.F., Coutinho, E.F. and
Agoulmine, N., 2017. State of the art and challenges of security SLA for cloud
computing. Computers & Electrical Engineering, 59, pp.141-152.
Erl, T., Cope, R. and Naserpour, A., 2015. Cloud computing design patterns. Prentice Hall
Press.
Ferris, J.M., Red Hat Inc, 2015. Extending security platforms to cloud-based networks. U.S.
Patent 8,977,750.
Flick, U., 2015. Introducing research methodology: A beginner's guide to doing a research
project. Sage.
Gordon, A., 2016. The hybrid cloud security professional. IEEE Cloud Computing, 3(1),
pp.82-86.
Ibrahim, A.S., Hamlyn-Harris, J. and Grundy, J., 2016. Emerging security challenges of
cloud virtual infrastructure. arXiv preprint arXiv:1612.09059.

67EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Islam, T., Manivannan, D. and Zeadally, S., 2016. A classification and characterization of
security threats in cloud computing. Int. J. Next-Gener. Comput, 7(1).
Kalaiprasath, R., Elankavi, R. and Udayakumar, D.R., 2017. Cloud. Security and
Compliance-A Semantic Approach in End to End Security. International Journal Of
Mechanical Engineering And Technology (Ijmet), 8(5), pp.987-994.
Kazim, M. and Zhu, S.Y., 2015. A survey on top security threats in cloud computing.
Khan, M.A., 2016. A survey of security issues for cloud computing. Journal of network and
computer applications, 71, pp.11-29.
Khan, N. and Al-Yasiri, A., 2018. Cloud security threats and techniques to strengthen cloud
computing adoption framework. In Cyber Security and Threats: Concepts, Methodologies,
Tools, and Applications (pp. 268-285). IGI Global.
Khan, S.S. and Tuteja, R.R., 2015. Security in cloud computing using cryptographic
algorithms. International Journal of Innovative Research in Computer and Communication
Engineering, 3(1), pp.148-155.
Kirti, G., Gupta, R., Biswas, K. and Turlapati, R.R.S., Oracle International Corp,
2017. Techniques for cloud security monitoring and threat intelligence. U.S. Patent
Application 15/632,174.
Krishnan, R. (2017). Security and Privacy in Cloud Computing.
Kumar, R., 2019. Research methodology: A step-by-step guide for beginners. Sage
Publications Limited.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

68EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Lane, M., Shrestha, A. and Ali, O., 2017. Managing the risks of data security and privacy in
the cloud: a shared responsibility between the cloud service provider and the client
organisation.
Lins, S., Grochol, P., Schneider, S. and Sunyaev, A., 2016. Dynamic certification of cloud
services: Trust, but verify!. IEEE Security & Privacy, 14(2), pp.66-71.
Luna, J., Taha, A., Trapero, R. and Suri, N., 2017. Quantitative reasoning about cloud
security using service level agreements. IEEE Transactions on Cloud Computing, 5(3),
pp.457-471.
Mackey, A. and Gass, S.M., 2015. Second language research: Methodology and design.
Routledge.
Mahboob, T., Zahid, M. and Ahmad, G., 2016, August. Adopting information security
techniques for cloud computing—a survey. In 2016 1st International Conference on
Information Technology, Information Systems and Electrical Engineering (ICITISEE) (pp. 7-
11). IEEE.
Ouedraogo, M., Mignon, S., Cholez, H., Furnell, S. and Dubois, E., 2015. Security
transparency: the next frontier for security research in the cloud. Journal of Cloud
Computing, 4(1), p.12.
Quinlan, C., Babin, B., Carr, J. and Griffin, M., 2019. Business research methods. South
Western Cengage.
Ramachandran, M. and Chang, V., 2016. Towards performance evaluation of cloud service
providers for cloud data security. International Journal of Information Management, 36(4),
pp.618-625.

69EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Rittinghouse, J.W. and Ransome, J.F., 2017. Cloud computing: implementation,
management, and security. CRC press.
Romanosky, S., Hoffman, D. and Acquisti, A., 2014. Empirical analysis of data breach
litigation. Journal of Empirical Legal Studies, 11(1), pp.74-104.
Rubóczki, E.S. and Rajnai, Z., 2015. Moving towards cloud security. Interdisciplinary
Description of Complex Systems: INDECS, 13(1), pp.9-14.
Samarati, P., di Vimercati, S.D.C., Murugesan, S. and Bojanova, I., 2016. Cloud security:
Issues and concerns. Encyclopedia on cloud computing, pp.1-14.
Sen, J., 2015. Security and privacy issues in cloud computing. In Cloud Technology:
Concepts, Methodologies, Tools, and Applications (pp. 1585-1630). IGI Global.
Sharma, V.D., Agarwai, S., Moin, S.S. and Qadeer, M.A., 2017, November. Security in cloud
computing. In 2017 7th International Conference on Communication Systems and Network
Technologies (CSNT) (pp. 234-239). IEEE.
Singh, A. and Chatterjee, K., 2017. Cloud security issues and challenges: A survey. Journal
of Network and Computer Applications, 79, pp.88-115.
Tang, J., Cui, Y., Li, Q., Ren, K., Liu, J. and Buyya, R., 2016. Ensuring security and privacy
preservation for cloud data services. ACM Computing Surveys (CSUR), 49(1), p.13.
Tari, Z., Yi, X., Premarathne, U.S., Bertok, P. and Khalil, I., 2015. Security and privacy in
cloud computing: vision, trends, and challenges. IEEE Cloud Computing, 2(2), pp.30-38.
Vacca, J.R. ed., 2016. Cloud computing security: foundations and challenges. CRC Press.
Van Eecke, P., 2013. Cloud computing legal issues.

70EFFECTIVENESS OF SECURITY IN CLOUD COMPUTING
Walliman, N., 2017. Research methods: The basics. Routledge.
Xing, T., Xiong, Z., Qian, H., Medhi, D. and Huang, D., 2015. Cloud security. Cloud
Services, Networking, and Management, pp.269-294.
Zhou, J., Cao, Z., Dong, X. and Vasilakos, A.V., 2017. Security and privacy for cloud-based
IoT: Challenges. IEEE Communications Magazine, 55(1), pp.26-33.