Beruflich Dokumente
Kultur Dokumente
1
Table of Contents
1. Introduction ................................................................................................................................. 3
2. Keywords .................................................................................................................................... 3
5. Recommendation ........................................................................................................................ 7
7. Conclusion .................................................................................................................................. 8
References ....................................................................................................................................... 9
2
1. Introduction
In the potential advantages of cloud computing, it has certain limitation in some business critical
application areas especially in case of large enterprises. The main issue is regarding privacy
protection as well as data security. For this reason, several organisations avoid to use cloud
depended data life cycle. This presentation is aiming to address the issues from the paper ‘Data
Security and Privacy Protection Issues in Cloud Computing’.
2. Keywords
Privacy protection,
Data security,
Data segregation,
Cloud computing security,
Cloud computing,
Access control
The current paper that is written by Chen and Zhao (2012) is aimed to provide an overview of
privacy protection and data security issues in cloud computing across all stages of data life cycle.
The current paper concisely discussed that cloud computing security is beyond of computer
subdomain security and it focuses on information and network security. Chen and Zhao (2012)
suggested that, it is built by huge support of technologies, policies and controls for protecting
infrastructure and application of data in cloud computing. It is effective for providing benefits of
reducing cost, centralising security, reliability maintenance and reduced cost. On the other hand,
Hashem et al. (2015) opposed that, this is a fast growing service that is incorporated in a wide
3
scale by business houses which is currently has transformed from ‘preventing’ to ‘corrective’ and
‘detective’ actions. It is often treated as a shared responsibility by the service providers which are
of four types like Infrastructure-as-a-service (IaaS), software-as-a-service (SaaS), Platform-as-a-
service (PaaS) and On-Premise. However, Chen and Zhao (2012) stated that, here, the mentioned
cloud security software is not a cloud dependent application or software like antivirus products. In
this way, the current research has discussed several aspects of cloud security regime which are
providing flawless operations and network systems in business organisations.
Subdomain security
Information and network security
Technologies, policies and controls for protecting infrastructure and application of data
Transformed from ‘preventing’ to ‘corrective’ and ‘detective’ actions
Infrastructure-as-a-service (IaaS), software-as-a-service (SaaS), Platform-as-a-service
(PaaS) and On-Premise
As per the Generally Accepted Privacy Principles (GAPP), protection of data and privacy by
maintaining policies of disclosure, retention and collection need to be done according to the policy
and it should also include use of data. In accordance with Chen and Zhao (2012), for analysing the
issues regarding data life cycle, data generation, transfer, use, share, storage, destruction and
archival. However, that data life cycle is entirely covered the transformation of generation to
archival process. This is effective for maintaining security protocol of cloud networking. Stergiou
et al. (2018) suggested hat, maintaining integrity and confidentiality are the key factors of data
security along with data encryption. In the traditional environment of IT, organisations have used
to maintain own data. As a simple storage service, the data can be encrypted such as Amazon S3
services. On the contrary, in case of SaaS or PaaS, the encryption of data is not feasible. The
rendering of data sharing permission is another significant issue in which if a third party is
involved, they are asked to maintain the original restriction of usage and protection measures.
Apart from this, the storage is also divided into simple type of IaaS and complex SaaS or PaaS
service.
4
Data generation: ownership
Transfer: no permission required within enterprise boundaries
Use: simple and cloud based application
Share: Third party requires to maintain same policy
Storage: IaaS environment and PaaS or SaaS environment
Archival: off-site storage and storage duration
Destruction: After destruction, data can be retrieved and data protection policy can be
violated
4.2 Issues
While conducting the research about data protection and privacy security, different issues can be
considered properly. As opined by Ali et al. (2015), one of the most significant issue is data
br4eaching in which sensitive data are stolen, lost or attacked by hackers. It has been estimated
that, the cloud system is more prone to the exposure of data breaching risks. On the other hand,
Chen and Zhao (2012) argued that account hijacking by ghost users who usually access employee’s
login information and access remotely to the sensitive information which has been noticed in
Amazon 2010 which used customer credential by cross-site scripting bug. Sometimes, internal
stakeholders conduct their unauthorised access to cloud services which need to eradicated by
controlling access. Apart from this, Chang et al. (2016) stated that, mostly in the SaaS cloud
services malware injection is a great issue that can act as valid instance for to business. As for this
reason, the cloud computing has become a significant issue. Abuse of cloud service is another
significant issue for which U.S. Copyright Law has put barriers of data protection violation
activities and charging about $250,000 for the issue.
Data Breaches
Hijacking of Accounts
Malware Injection
Abuse of Cloud Services
Insecure APIs
Denial of Service Attacks
Insufficient Due Diligence
5
Shared Vulnerabilities
Data Loss
In order to promote the effective data protection law in the workplace and within the operation of
business houses, the companies need to incorporate policies, legislations and standards.
Maintaining integrity and confidentiality are the key factors of data security along with data
encryption (Sen, 2015). In the traditional environment of IT, organisations have used to maintain
own data. As for this reason, General Data Protection Regulation (GDPR) has been incorporated
in the organisations for enhancing data security in cloud computing. According to Rebollo et al.
(2015), the existing privacy protection policies are not effective and up to the mark to protect the
system which needs to be changed and updated soon.
6
Continuous scanning
Login password and ID can be changed
5. Recommendation
Therefore, it can be recommended that, strong and effective legal policies in the worldwide context
is required to implemented. Along with this, the aspects of general data protection regulation
(GDPR) needs to be incorporated. More security measures and upgradation of software need to
engage in the companies which can be presented as new security system. This could be able to
prevent malware and hacking especially in PaaS and SaaS. Effective policies should be included
at the workplace that can control employee's activities. If their login identification is used in other
IP addresses or any issues causing, serious enquiries and steps should be taken. In this way, cloud
computing security can help company to address ethical concerns of data security and privacy
protection.
The current research has effectively highlighted several aspects of cloud computing and network
security issues. However, in spite of that the journal has failed to address different aspects such as
inclusion of effective legal policies and frameworks are completely ignored which is a major
drawback. There are no honourable mentions of GDPR or privacy act is provided. Apart from this,
proper recommendation for mitigating the issue is also not acknowledged properly in this research
work. On the other hand, the current ethical practices regarding cloud computing security issues
are not mentioned which has been adopted by different business houses.
7
Several aspects of cloud computing and network security issues
Failed to address different aspects
Inclusion of effective legal policies and frameworks
No honourable mentions of GDPR or privacy act
Proper recommendation for mitigating the issue is also not acknowledged
Ethical practices regarding cloud computing security issues
7. Conclusion
Henceforth, it can be concluded that, the mentioned cloud security software is not a cloud
dependent application or software like antivirus products. In this way, the current research has
discussed several aspects of cloud security regime which are providing flawless operations and
network systems in business organisations. The rendering of data sharing permission is another
significant issue in which if a third party is involved, they are asked to maintain the original
restriction of usage and protection measures. Maintaining integrity and confidentiality are the key
factors of data security along with data encryption.
8
References
Ali, M., Khan, S.U. and Vasilakos, A.V., 2015. Security in cloud computing: Opportunities and
challenges. Information sciences, 305, pp.357-383.
Chang, V., Kuo, Y.H. and Ramachandran, M., 2016. Cloud computing adoption framework: A
security framework for business clouds. Future Generation Computer Systems, 57, pp.24-41.
Chen, D. and Zhao, H., 2012, March. Data security and privacy protection issues in cloud
computing. In 2012 International Conference on Computer Science and Electronics
Engineering (Vol. 1, pp. 647-651). IEEE.
Hashem, I.A.T., Yaqoob, I., Anuar, N.B., Mokhtar, S., Gani, A. and Khan, S.U., 2015. The rise of
“big data” on cloud computing: Review and open research issues. Information systems, 47, pp.98-
115.
Mollah, M.B., Azad, M.A.K. and Vasilakos, A., 2017. Security and privacy challenges in mobile
cloud computing: Survey and way ahead. Journal of Network and Computer Applications, 84,
pp.38-54.
Rebollo, O., Mellado, D., Fernández-Medina, E. and Mouratidis, H., 2015. Empirical evaluation
of a cloud computing information security governance framework. Information and Software
Technology, 58, pp.44-57.
Sen, J., 2015. Security and privacy issues in cloud computing. In Cloud Technology: Concepts,
Methodologies, Tools, and Applications (pp. 1585-1630). IGI Global.
Stergiou, C., Psannis, K.E., Kim, B.G. and Gupta, B., 2018. Secure integration of IoT and cloud
computing. Future Generation Computer Systems, 78, pp.964-975.