ArticlePDF Available

Security Awareness In The Age Of Cloud Computing: An Extensive Review On The Cloud Computing Security

Authors:
Security Awareness In The Age Of Cloud
Computing
An Extensive Review On The Cloud Computing Security
1st Khaled Al-Ansari
Computer Science
Princess Sumaya University for Technology
Amman, Jordan
khaledelansari@gmail.com
Abstract—Security is a main part of almost everything related
to technology whether it was software or hardware, unfortunately
security it is either skipped at the early beginnings or is
mistreated during the implementation and that is why there
should be more awareness about it in general. Cloud computing
is one of the fields that is growing due to its easy to use models
provided by the competing companies which focus on making
the cloud adaptation easier by the time and this is bringing new
topics that needs to be learned and existing skills to be enhanced,
one of the topics that comes up to the mind is security and it is
one of the topics that should be considered all the time where
people should stay up-to-date about it in general and while using
the cloud in specific specially with the public cloud services that
are taking a bigger part day-by-day in many applications that we
use on a day-to-day process just like we use water or electricity
services.
Index Terms—cloud computing, security in cloud, enterprise
solutions, data protection, web services
I. INTRODUCTION
Since the early days of distributed computers [1] the idea
of having an off-premises resources off to do different kind of
computational tasks where intriguing to multiple companies
especially those who can’t afford getting a good hardware,
distributed computing helps with tackling complex task but
it is hard to share resources because each resource is fully
focused on one task or job and can’t work on another until it
is finished and this is caused an issue with resource utilization.
To solve the problem of resource utilization many solutions
and architectures where introduced like using Mainframe
computers [2], which is more powerful than normal computers
and have extensive input-output (I/O) facilities, or the Peer-to-
peer (P2P) [3] architecture, where individual devices can join
a network of devices and used as needed and leave when not
in used and so, but non of the existing solution could scale
properly and from there cloud computing started using virtual
machines as a backbone to utilize resources as needed with the
help of the internet to help customers use the virtual resources.
Cloud computing have been one of the most interesting
fields due to the features provided yet a bit mysterious, from
why it was named cloud computing to how it work exactly,
but none of this would be a blocker to the growth of this
path until it hits security where many issues became concerns
to different possible adapters whether they were individuals
or companies (specially large corporations that own historical
data) and according to a survey by Redmond magazine [4]
53 percent of the companies surveyed consider cloud security
a major ranking element when they want to choose a cloud
service provider after service uptime with 73 percent.
In order to spread the awareness of cloud security and
contribute to it we need to understand how the cloud work in
general, what are the service models and what are the types
of the cloud, then we need to know the stakeholders, people
who use the cloud from developers to end-users and how they
interact with it, until we finally list the current issues and what
are latest mitigations by checking other related work to cloud
security.
The paper is organized as follows:
Section 2: we will discuss the main cloud environment
components including the types of services and deploy-
ments.
Section 3: we will list some of the known issues and
what are the suggested mitigations.
Section 4: we will go through some related and how they
classify cloud issues.
Section 5: we will present the suggested classification
based on issues type.
Section 6: the last section will be for the future work and
conclusion.
II. CL OU D ENVIRONMENT MAIN COMPONENTS
The first step in solving any security issue is to learn more
about it in order to implement the best mitigation possible and
if we desire to avoid issues from the first place then we need to
learn about security in general before implementing anything
so we can keep security in mind during the implementation and
that is an effective way which is adopted by many big players
in the industry like Microsoft and we can see that at the begin-
ning in their security development lifecycle practices [5], based
on this important practice this section will be describing the
main components of cloud computing environment including:
Fig. 1. Cloud Computing Reference Architecture according to NIST [9].
A) deployment types, B) services models and C) stakeholders
usage which creates the cloud architecture (Fig. 1).
A. Cloud Deployment Types
When it comes to defining the cloud deployment types
one thing can be noticed which is researchers [6] [7] [8]
are using the National Institute of Standards and Technology
(NIST) definition of the cloud deployment models [9] which
is accurate if you compare it with the current deployments by
the IT corporations.
The most known deployment models to cloud users and
enthusiasts are:
Private Cloud: the resources in this model are provi-
sioned to be used exclusively by a single organization,
mostly it is owned and operated by the same organization
and usually it is on premises although it can be off
premises and operated by a third-party.
Public Cloud: the resources in this model are provisioned
to be used by the general public, the resources are
owned, managed and operated by the cloud provider (e.g.
Amazon Web Services, Microsoft Azure).
Hybrid Cloud: this model is a composition of the pre-
viously mentioned models (or more) where the resources
are unique and dedicated to the environment and con-
trolled by standards that allow data portability between
the different models.
As mentioned in the hybrid cloud definition there is more
models than the aforementioned models, for example the
NIST definition of the cloud deployment models has a fourth
model which is Community Cloud Model where it is close to
the private model but the only difference that it is own by
multiple entities, another model know in the industry is the
Multicloud Model [10] where developers use resources from
more than one cloud provider and the providers are all public
providers unlike the Hybrid model where the resources are
mixed between public and private cloud. We will focus on the
three models mentioned above since they are the most used
models in the IT industry and they shape the other models as
the multicloud model.
B. Cloud Services Models
In order for customers to benefit from the cloud provider
resources there must be a model for interaction that can ease
the usage of the resources and solve multiple problems for the
customers based on their needs and that’s why there is multiple
models for the cloud services that describe the type of the
service and the expected control level given to the customer
(Fig. 2).
Currently there are three main service models known world-
wide, the models are as follows:
Software as a Service (SaaS): in this model a software
is provided to customers on-demand via subscription as a
service as the name says, the software is friendly and easy
to use by the targeted customers. Note that the software
is completely hosted on the cloud by the service provider
whether it was the cloud provider itself (e.g. Microsoft
Office tools) or a third-party (e.g. Dropbox).
Platform as a Service (PaaS): cloud providers allow
customer to manage data and monitor the application
health and scale as wanted, in short in is model the
customer own more of the application which is the part
around the deployment of the application and the tools
that can help (e.g. AWS Elastic Beanstalk).
Infrastructure as a Service (IaaS): this model provide
customers with full access to low-level resources like
storage and servers where they can host and manage their
own services from top-to-bottm, this is achievable via
virtualization and cloud providers own maintaining the
hardware (note that some researchers call it hardware-as-
a-service).
Fig. 2. Control level for each service model.
The aforementioned models are the most known models due
to their massive usage in the industry though they are not the
only models out there provided as a service [11], some of
the models are made from leveraging the main three models
like the Backend as a Service (BaaS) [12] which aims to
create a developer-first system that can be accessed via web
APIs (e.g. Headless CMSs [13]) while other models are just a
normal software from a high level perspective but has a unique
architecture that solves a specific problem and can be deployed
just like any SaaS (e.g. Data as a Service (DaaS) [14]). Many
other models exist and many will be found later, that’s why
some researchers refers to such models with the term XaaS
[26] which means Anything as a Service but even though we
will focus only on the three main models that we mentioned
above.
C. Cloud Stakeholders And Their Usage
In the 2011 cloud computing report by NIST it was listed
that there are 5 actors (users) in the cloud computing archi-
tecture, the list of actors goes as follow:
Cloud Consumer: an actor that use cloud services from
providers (e.g. developers, organizations).
Cloud Provider: an actor that own cloud resoruces (e.g.
Amazon Web Services, Microsoft Azure).
Cloud Auditor: a party that provide services above
the cloud services to enhance one of its aspects like
performance or security (e.g. Cisco).
Cloud Broker: an entity that manages the relationships
between Consumer and Provider (e.g. legal departments
at a corporate).
Cloud Carrier: a party that insure connectivity from
provider to consumer (e.g. telecom companies).
The NIST list and definition for each actor can be seen in
Table 1 below and Figure 3 describe the interactions between
the actors in cloud computing.
TABLE I
CLO UD CO MP UTI NG AC TOR S TABL E BY NIST [16].
Fig. 3. The interactions between the actors in cloud computing by NIST [?].
III. COMMON CLO UD SECURITY CONCERNS
When it comes to security in any application or service
there is always a kind of list for common security vulnerabil-
ities that create concerns for stakeholders and those concerns
will affect the final decision of the stakeholders that’s why
companies rush to solve if them, if they exist, and enhance
the system continuously to earn the trust of the customers.
Cloud computing systems also have some common concerns
that any cloud consumer is aware of, novice to expert, and in
this section we will list some of those issues to give a high
level insight on the types of issues cloud systems face and how
they are being mitigated to understand the current mentality
when it comes to cloud vulnerabilities.
A. Authentication
One of the biggest advantages for cloud computing is the
usage of the internet for communication which is easier than
any other method specially with the massive usage after the
Web 2.0 release but the internet is open and build on trust and
that caused many authentication issues that cause data leakage
that is why loosing access to privileged account might mean
loss of service. Loosing access to an entity or party that can
damage the application is scary and it is more scary if sensitive
data became in the hand of bad people.
Enhancing the encryption is always a valid option but it
is not the only option some researchers are looking into new
design approaches to help authenticating the right user one of
them for example was on the firewall level where there will
be a multi-layer checking for the IP address and the data hold
by the packet in order to be sure it is not interfered by another
party (see Figure 4), others find that they can follow a simple
yet powerful option which is using some access rules to define
roles and add as much details as wanted, this approach meets
the Separation of Privilege security principle (e.g. AWS IAM
Roles).
Fig. 4. Design of tree-rule firewall using IP address and port ranges [17].
B. Storage
When it comes to storage we can find many applications
built for this purpose on many different levels of usage from
personal to business and maybe beyond but all of them share
one thing in common which the privacy of those files and how
they are stored and many companies specify how in order to
make the customer feel safe and comfortable (e.g. Dropbox
[18]).
The storage security issue is related very much to authen-
tication since data owners don’t want unauthorized people to
access the data, one of the main issue with storage is that it
is accessible to any entity using the storage APIs whether it
was passing the payload or manipulating parts of it. Giving
permissions to wanted parties only is the defacto solution for
such issue but it can be a single point of failure in case the
authentication process was broken that’s why some researchers
are suggesting to save the data encrypted and only decrypt it
on trusted sides (see Figure 5), many methods and algorthims
are suggested like Incremental encryption and Homomorphic
encryption to use as an implementation for this suggested
solution.
Fig. 5. Saving data encrypted to solve the data leakage issue [6].
The previous solution is an arithmetic solution and some
researchers preferred to go to an architectural solution which
leverage existing options and mix between public and private
clouds [19] [20] where they extract important data and save
it in a private cloud resources that are away from the eyes
of hackers and keep the non-sensitive data to be saved in the
public cloud.
C. Service Level Agreements (SLAs)
When it comes to the relationship between cloud consumers
and cloud provider there is a bit of confusion and vagueness in
some cases and that’s why cloud providers need to have more
explicit agreements and cloud consumers need to get more
help from legal firms, or cloud brokers according to NIST
definition, in order to solve any legal conflict or confusion
about the service usage and avoid any kind of churn [22].
For example cloud providers need to give a specific metric
for the availability of the resources provided like the hosting
instances or the data availability by controlling the age of
the storage devices since such services can affect directly the
applications built on top of them. Researchers [6] came to a
conclusions that SLAs have not covered security aspects such
as confidentiality and integrity yet and many researchers are
advocating the idea and proposing some concepts [21] to solve
the current SLA issues.
As noticed in this section all there is a lot of vulnerabilities
that happen in one side but affect other sides and that’s why
there is a need to enhance the current solutions and risk
classification.
IV. REL ATED WORK
Security needs to be built at every layer in a cloud-
computing platform by incorporating best practices and imple-
ment emerging technologies to effectively mitigate the risks,
the current classification approaches are focusing on a single
aspect which is the issue itself not the impact or where it can
happen while others focus on each layer [23] where it can be
time consuming and will duplicate the same issue classification
in many places which will cause a confusion.
One of the good yet simple approaches to classify the cloud
security issues was done based on the three basic level of cloud
(see Fig. 6) which are 1) Communication, 2) Computational
and 3) SLA, this approach simplify the classifying the type
but still cover it from a high level perspective specially that
some issues can have different types and causes.
Fig. 6. Security issues classification based on the three basic levels of cloud
computing [24].
Another interesting classification approach is done based
on inherited categories where each category is inside a bigger
category where classifications are tightly coupled to each other
in a way describing how deep an issue can be and how
resolving it must touch different parts of the system, for issues
outside this classification it will be placed in separate category
(see Fig. 7), the categories used for this approach are:
Safety Standards.
Network.
Access.
Cloud Infrastructure.
Data.
Other (for issues outside the classification).
Fig. 7. An inherited base classification [25].
The first approach shows simple and easy to follow classi-
fication while the second one shows a more deep describing
model where an issue is based on general categories although
the two approaches from a neutral point of view have some
issues, for the first one the basic have a wide range and can be
too vague while the second approach is very tightly coupled
and an issue be go through a tough process to be completely
solved. The suggested approach in this paper tries to be as
simple as approach yet one yet descriptive to some levels by
using functional categories.
V. SU GG ES TE D CLASSIFICATION MODEL
The suggested approach is based on taking functional issues
and breaking it into separate categories to remove any confu-
sion and if need to break each issue into smaller and more
specified issued to make it easier to follow and solve in the
future.
For our case study we took databases issues into considera-
tions where they be under computational/infrastructure issues
where storage is not available or data is lost due to aging hard-
drives or under communication/network issues where data in-
tegrity or data privacy can be threatened due bad encryption for
example, this case study shows how the previously mentioned
classifications can cause frustration to developers. Using the
functional classification approach suggested we can classify
the problems mentioned into something like the following:
Privacy preservation: where securing the communica-
tion is the priority.
Data security: where protecting the data integrity and
the control over it is the goal.
Storage security: which can be solved by having spec-
ified instances as backups or create a new instances in
other availability zones to shred the data between them
instead of relying on one zone.
The aforementioned classification shows a functional way
to detect issues which give a better description for the solver
since it can be self-descriptive in some cases (e.g. data
integrity) and it can common for developers with different
backgrounds.
Fig. 8. An inherited base classification [25].
The only limitation at the moment to this approach is the
lack of a data-set with functional description for the issues
that can occur in a cloud-based service since issues can have
multiple naming and descriptions due to different backgrounds
and development environments also new problems can occur
due to different cloud providers implementation of a service.
VI. CONCLUSION AN D FUTURE WOR K
Security needs to be built at every layer in a cloud-
computing platform by incorporating best practices and emerg-
ing technologies to effectively mitigate the risk, some issues
might occur in one area more than another but that doesn’t
mean it should be handled individually in the area where it
was discovered, we saw different approaches to classify the
cloud security issues but unfortunately we still don’t have
a clear classification specially with the increasing amount of
services release year over year by cloud providers, for example
Amazon Web Services has a week newsletter for new updates
and features [?]. With such massive production there is a need
for a better classification that can cover newly added services
and features and keep it updated.
For the future work we need to have a more up-to-date list
to have more categories covered since the current limitation
was lacking of a clear data-set, after the classification process
there is an opening to enhance existing design principles and
techniques to solve issues in a better way. Again this will not
be possible without having a clear data-set which is by itself
a good contribution to do for the scientific field.
ACKNOWLEDGMENT
I would like to thank my professor, colleagues and friends
who helped me with some ideas and resources for this paper.
Also I would like to the thank every contributor to the Cloud
Computing and Security in general whether they wrote a paper,
an article to explain an idea or a software, thank you for
making this topic easier to learn and more fun to discover.
REFERENCES
[1] Wikipedia contributors, “Distributed Computing“, Wikipedia, The Free
Encyclopedia., 5 June 2020. https://en.wikipedia.org/w/index.php?title=
Distributed computing&oldid=956299584
[2] Wikipedia contributors, “Mainframe Computer“, Wikipedia, The Free
Encyclopedia., 5 June 2020. https://en.wikipedia.org/w/index.php?title=
Mainframe computer&oldid=957699374
[3] Wikipedia contributors, “Peer-to-peer“, Wikipedia, The Free En-
cyclopedia., 5 June 2020. https://en.wikipedia.org/w/index.php?title=
Peer-to-peer&oldid=957567521
[4] Kurt Mackie, “Cloud Services Use on the Rise But Security Concerns
Remain“, Redmond Magazine, 6 June 2019. https://redmondmag.com/
articles/2019/06/26/cloud-security- concerns-remain.aspx
[5] Microsoft Corportation, “Microsoft Secure Development Lifecycle
Practices“, Microsoft, 6 June 2020. https://www.microsoft.com/en-us/
securityengineering/sdl/practices
[6] C. Rong, S. T. Nguyen, and M. G. Jaatun, “Beyond lightning: A survey
on security challenges in cloud computing“, Computers and Electrical
Engineering, 39(1):47–54, January 2013.
[7] G. Ramachandra , M. Iftikhar , and F. A. Khan, “A Comprehensive
Survey on Security in Cloud Computing A Comprehensive Survey on
Security in Cloud Computing“, Procedia Computer Science 110:465-
472, December 2017.
[8] A. Lamba, S. Singh, N. Dutta, S. Sai, and R. Muni, “A COMPREHEN-
SIVE SURVEY ON SECURITY IN CLOUD COMPUTING“, January
2016.
[9] E. D. Simmon, “NIST Releases Evaluation of Cloud Computing Services
Based on NIST SP 800-145 (NIST SP 500-322)“, National Institute of
Standards and Technology, 23 February 2018.
[10] IBM Cloud Education, “Multicloud“, IBM Cloud, 5 September 2019.
https://www.ibm.com/cloud/learn/multicloud
[11] Wikipedia, The Free Encyclopedia, “As a service“. [Online]. Available:
https://en.wikipedia.org/w/index.php?title=As a service&oldid=
953523144 [Accessed 06-Jun-2020].
[12] Cloudflare, “What is BaaS? Backend-as-a-Service vs. Serverless“.
[Online]. Available: https://www.cloudflare.com/learning/serverless/
glossary/backend-as- a-service- baas [Accessed 06-Jun-2020].
[13] Storyblok, “Headless CMS explained in 5 minutes“, 2020. [Online].
Available: https://www.storyblok.com/tp/headless-cms-explained [Ac-
cessed 06-Jun-2020].
[14] Joel Battistoni. “Data as a Service (DaaS)“, YouTube, Sep.
29, 2015 [Video file]. Available: https://www.youtube.com/watch?v=
ayS5yvdg2Tg [Accessed 04-May-2020].
[15] Tech Target, “What is XaaS (Anything as a Service)¿‘. [On-
line]. Available: https://searchcloudcomputing.techtarget.com/definition/
XaaS-anything-as-a-service [Accessed 06-Jun-2020].
[16] F. Liu, J. Tong, J. Mao, R. B. Bohn, J. V. Messina, M. L. Badger, and
D. M. Leaf, “NIST Releases Evaluation of Cloud Computing Services
Based on NIST SP 800-145 (NIST SP 500-322)“, National Institute of
Standards and Technology, 8 September 2011.
[17] M. Ali, S. U. Khan, and A. V. Vasilakos, “Security in Cloud Computing:
Opportunities and Challenges“, Information Sciences 305, 07 February
2015.
[18] Dropbox, “Where is my data stored¿‘. [Online]. Available: https://help.
dropbox.com/accounts-billing/security/physical- location-data- storage
[Accessed 06-Jun-2020].
[19] S. Altowaijri, “An Architecture to Improve the Security of Cloud Com-
puting in the Healthcare Sector“, Smart Infrastructure and Applications,
January 2015.
[20] U. Singh, A. Tiwari, and S. Sharma, “DATA SECURITY IN CLOUD
COMPUTING“, International Journal of Engineering Applied Sciences
and Technology, February 2020.
[21] A. H. Ranabahu, P. Patel, and A. Sheth, “Service Level Agreement in
Cloud Computing“, January 2009.
[22] Wired, “Service Level Agreements in the Cloud: Who cares¿‘.
[Online]. Available: https://www.wired.com/insights/2011/12/
service-level-agreements- in-the- cloud-who- cares/ [Accessed 06-
Jun-2020].
[23] A. Bouayad, A. Blilat, N. E. H. Mejhed, M. E. Ghazi, “Cloud computing
: security challenges“, Information Science and Technology (CIST),
October 2012.
[24] N. Subramanian, and A. Jeyaraj, “Recent security challenges in cloud
computing“, Computers and Electrical Engineering, October 2018.
[25] I. Khalil, A. Khreishah, S. Bouktif, and A. Ahmad, “Security Con-
cerns in Cloud Computing“, Information Technology: New Generations
(ITNG), April 2013.
[26] Amazon Web Services, “What’s New with AWS¿‘. [Online]. Available:
https://aws.amazon.com/new [Accessed 09-Jun-2020].
ResearchGate has not been able to resolve any citations for this publication.
Article
Full-text available
According to a Forbes’ report published in 2015, cloud-based security spending is expected to increase by 42%. According to another research, the IT security expenditure had increased to 79.1% by 2015, showing an increase of more than 10% each year. International Data Corporation (IDC) in 2011 showed that 74.6% of enterprise customers ranked security as a major challenge. This paper summarizes a number of peer-reviewed articles on security threats in cloud computing and the preventive methods. The objective of our research is to understand the cloud components, security issues, and risks, along with emerging solutions that may potentially mitigate the vulnerabilities in the cloud. It is a commonly accepted fact that since 2008, cloud is a viable hosting platform; however, the perception with respect to security in the cloud is that it needs significant improvements to realise higher rates of adaption in the enterprise scale. As identified by another research, many of the issues confronting the cloud computing need to be resolved urgently. The industry has made significant advances in combatting threats to cloud computing, but there is more to be done to achieve a level of maturity that currently exists with traditional/on-premise hosting.
Book
Full-text available
Cloud computing that provides cheap and pay-as-you-go computing resources is rapidly gaining momentum as an alternative to traditional IT Infrastructure. As more and more consumers delegate their tasks to cloud providers, Service Level Agreements(SLA) between consumers and providers emerge as a key aspect. Due to the dynamic nature of the cloud, continuous monitoring on Quality of Service (QoS) attributes is necessary to enforce SLAs. Also numerous other factors such as trust (on the cloud provider) come into consideration, particularly for enterprise customers that may outsource its critical data. This complex nature of the cloud landscape warrants a sophisticated means of managing SLAs. This paper proposes a mechanism for managing SLAs in a cloud computing environment using the Web Service Level Agreement(WSLA) framework, developed for SLA monitoring and SLA enforcement in a Service Oriented Architecture (SOA). We use the third party support feature of WSLA to delegate monitoring and enforcement tasks to other entities in order to solve the trust issues. We also present a real world use case to validate our proposal.
Article
Full-text available
The cloud computing exhibits, remarkable potential to provide cost effective, easy to manage, elastic, and powerful resources on the fly, over the Internet. The cloud computing, upsurges the capabilities of the hardware resources by optimal and shared utilization. The above mentioned features encourage the organizations and individual users to shift their applications and services to the cloud. Even the critical infrastructure, for example, power generation and distribution plants are being migrated to the cloud computing paradigm. However, the services provided by third-party cloud service providers entail additional security threats. The migration of user’s assets (data, applications etc.) outside the administrative control in a shared environment where numerous users are collocated escalates the security concerns. This survey details the security issues that arise due to the very nature of cloud computing. Moreover, the survey presents the recent solutions presented in the literature to counter the security issues. Furthermore, a brief view of security vulnerabilities in the mobile cloud computing are also highlighted. In the end, the discussion on the open issues and future research directions is also presented.
Chapter
Technology plays a vast role in all aspects of our lives. In every business, technology is helpful to fulfill the needs of the customers. Cloud computing is a technology that satisfies the demand for dynamic resources and makes it easier for jobs to work on all platforms. Cloud computing platforms on the internet provide rapid access with pay-as-you-go pricing. Many business organizations have deployed their data either fully or partially on a cloud platform. A healthcare cloud is a platform where one can easily find hospitals, doctors, clinics, pharmacies, etc. While one face of this cloud is quite beneficial, the other face is challenging because of security issues. The data are stored somewhere else; hence, they can be an attractive target for cybercriminals. This chapter provides an introduction to cloud computing and the healthcare cloud. Subsequently, security issues in cloud computing, especially in the context of the healthcare cloud, are introduced. Finally, some methods to improve cloud security for healthcare are discussed along with our proposed architecture.
Article
Cloud computing is an archetype that enables access to a shared pool of computing resources for cloud users in an on-demand or pay-per-use, fashion. Cloud computing offers several benefits to users and organizations, in terms of capital expenditure and savings in operational expenditure. Despite the existence of such benefits, there are some obstacles that place restrictions on the usage of cloud computing. Security is a major issue that is always considered. The lack of this vital feature results in the negative impact of the computing archetype thus resulting in personal, ethical, and financial harm. This paper will focus and explore the security challenges that are faced by cloud entities. These entities include Cloud Service Provider, the Data Owner and Cloud User. Focusing on the crypto-cloud that constitutes of different Communication, Computation, and Service Level Agreement. Studying the causes and effects of various cyber attacks it will provide the necessary upgrades.
Conference Paper
The rate of threats against IT systems is directly proportional to the rate of growing technology. The emergence of new technology requires researchers and practitioner's attention to discover new threats in order to make it reliable. Cloud computing is an emerging technology paradigm that migrates current technological and computing concepts into utility-like solutions similar to electricity and water systems. Security issues in cloud computing is shown to be the biggest obstacle that could subvert the wide benefits of cloud computing. The new concepts that the cloud introduces, such as multi-tenancy, creates new challenges to the security community. Addressing these challenges requires, in addition to the ability to cultivate and tune the security measures developed for other systems, proposing new security policies, models, and protocols to address the unique cloud security challenges. In this work, we provide comprehensive study of cloud computing security that includes classification of known security threats and the state-of-the-art practices in the endeavor to calibrate these threats. This paper also provides the dependency level within classification and provides a solution in form of preventive actions rather than proactive actions.
Article
Cloud computing is a model to provide convenient, on-demand access to a shared pool configurable computing resources. In cloud computing, IT-related capabilities are provided as services, accessible without requiring detailed knowledge of the underlying technologies, and with minimal management effort. The great savings promised by the cloud are however offset by the perceived security threats feared by users. This paper gives an overview of cloud computing, and discusses related security challenges. We emphasize that although there are many technological approaches that can improve cloud security, there are currently no one-size-fits-all solutions, and future work has to tackle challenges such as service level agreements for security, as well as holistic mechanisms for ensuring accountability in the cloud.
Cloud Services Use on the Rise But Security Concerns Remain
  • Kurt Mackie
Kurt Mackie, "Cloud Services Use on the Rise But Security Concerns Remain", Redmond Magazine, 6 June 2019. https://redmondmag.com/ articles/2019/06/26/cloud-security-concerns-remain.aspx
NIST Releases Evaluation of Cloud Computing Services Based on NIST SP 800-145 (NIST SP 500-322)
  • E D Simmon
E. D. Simmon, "NIST Releases Evaluation of Cloud Computing Services Based on NIST SP 800-145 (NIST SP 500-322)", National Institute of Standards and Technology, 23 February 2018.