CLOUD SECURITY ISSUES

1
 Table of Contents

1. Introduction ................................................................................................................................. 3

2. Keywords .................................................................................................................................... 3

3. Aim of the paper ......................................................................................................................... 3

4. Cloud computing security practice ............................................................................................. 3

4.1 Security related issues with cloud computing ....................................................................... 4

4.2 Issues ..................................................................................................................................... 5

4.3 Privacy and data protection and security............................................................................... 6

4.4 Current adapted solutions ...................................................................................................... 6

5. Recommendation ........................................................................................................................ 7

6. Areas that the paper failed to address ......................................................................................... 7

7. Conclusion .................................................................................................................................. 8

References ....................................................................................................................................... 9

2
1. Introduction

In the potential advantages of cloud computing, it has certain limitation in some business critical
application areas especially in case of large enterprises. The main issue is regarding privacy
protection as well as data security. For this reason, several organisations avoid to use cloud
depended data life cycle. This presentation is aiming to address the issues from the paper ‘Data
Security and Privacy Protection Issues in Cloud Computing’.

 Potential advantages of cloud computing

 Certain limitation
 Business critical application areas
 Regarding privacy protection
 Data security

2. Keywords

 Privacy protection,
 Data security,
 Data segregation,
 Cloud computing security,
 Cloud computing,
 Access control

3. Aim of the paper

The current paper that is written by Chen and Zhao (2012) is aimed to provide an overview of
privacy protection and data security issues in cloud computing across all stages of data life cycle.

4. Cloud computing security practice

The current paper concisely discussed that cloud computing security is beyond of computer
subdomain security and it focuses on information and network security. Chen and Zhao (2012)
suggested that, it is built by huge support of technologies, policies and controls for protecting
infrastructure and application of data in cloud computing. It is effective for providing benefits of
reducing cost, centralising security, reliability maintenance and reduced cost. On the other hand,
Hashem et al. (2015) opposed that, this is a fast growing service that is incorporated in a wide

3
scale by business houses which is currently has transformed from ‘preventing’ to ‘corrective’ and
‘detective’ actions. It is often treated as a shared responsibility by the service providers which are
of four types like Infrastructure-as-a-service (IaaS), software-as-a-service (SaaS), Platform-as-a-
service (PaaS) and On-Premise. However, Chen and Zhao (2012) stated that, here, the mentioned
cloud security software is not a cloud dependent application or software like antivirus products. In
this way, the current research has discussed several aspects of cloud security regime which are
providing flawless operations and network systems in business organisations.

 Subdomain security
 Information and network security
 Technologies, policies and controls for protecting infrastructure and application of data
 Transformed from ‘preventing’ to ‘corrective’ and ‘detective’ actions
 Infrastructure-as-a-service (IaaS), software-as-a-service (SaaS), Platform-as-a-service
(PaaS) and On-Premise

4.1 Security related issues with cloud computing

As per the Generally Accepted Privacy Principles (GAPP), protection of data and privacy by
maintaining policies of disclosure, retention and collection need to be done according to the policy
and it should also include use of data. In accordance with Chen and Zhao (2012), for analysing the
issues regarding data life cycle, data generation, transfer, use, share, storage, destruction and
archival. However, that data life cycle is entirely covered the transformation of generation to
archival process. This is effective for maintaining security protocol of cloud networking. Stergiou
et al. (2018) suggested hat, maintaining integrity and confidentiality are the key factors of data
security along with data encryption. In the traditional environment of IT, organisations have used
to maintain own data. As a simple storage service, the data can be encrypted such as Amazon S3
services. On the contrary, in case of SaaS or PaaS, the encryption of data is not feasible. The
rendering of data sharing permission is another significant issue in which if a third party is
involved, they are asked to maintain the original restriction of usage and protection measures.
Apart from this, the storage is also divided into simple type of IaaS and complex SaaS or PaaS
service.

Data Life Cycle

4
  Data generation: ownership
 Transfer: no permission required within enterprise boundaries
 Use: simple and cloud based application
 Share: Third party requires to maintain same policy
 Storage: IaaS environment and PaaS or SaaS environment
 Archival: off-site storage and storage duration
 Destruction: After destruction, data can be retrieved and data protection policy can be
violated

4.2 Issues

While conducting the research about data protection and privacy security, different issues can be
considered properly. As opined by Ali et al. (2015), one of the most significant issue is data
br4eaching in which sensitive data are stolen, lost or attacked by hackers. It has been estimated
that, the cloud system is more prone to the exposure of data breaching risks. On the other hand,
Chen and Zhao (2012) argued that account hijacking by ghost users who usually access employee’s
login information and access remotely to the sensitive information which has been noticed in
Amazon 2010 which used customer credential by cross-site scripting bug. Sometimes, internal
stakeholders conduct their unauthorised access to cloud services which need to eradicated by
controlling access. Apart from this, Chang et al. (2016) stated that, mostly in the SaaS cloud
services malware injection is a great issue that can act as valid instance for to business. As for this
reason, the cloud computing has become a significant issue. Abuse of cloud service is another
significant issue for which U.S. Copyright Law has put barriers of data protection violation
activities and charging about $250,000 for the issue.

 Data Breaches
 Hijacking of Accounts
 Malware Injection
 Abuse of Cloud Services
 Insecure APIs
 Denial of Service Attacks
 Insufficient Due Diligence

5
  Shared Vulnerabilities
 Data Loss

4.3 Privacy and data protection and security

In order to promote the effective data protection law in the workplace and within the operation of
business houses, the companies need to incorporate policies, legislations and standards.
Maintaining integrity and confidentiality are the key factors of data security along with data
encryption (Sen, 2015). In the traditional environment of IT, organisations have used to maintain
own data. As for this reason, General Data Protection Regulation (GDPR) has been incorporated
in the organisations for enhancing data security in cloud computing. According to Rebollo et al.
(2015), the existing privacy protection policies are not effective and up to the mark to protect the
system which needs to be changed and updated soon.

 Data protection law

 The operation of business houses
 Incorporate policies, legislations and standards
 Integrity and confidentiality
 Traditional environment of IT

4.4 Current adapted solutions

Due to incorporation of Differential Privacy Protection Technologies as well as decentralized

information flow control (DIFC), they have developed Airavat which is a significant privacy
protection protocol. According to Mollah et al. (2017), in order to detect the malware, continuous
scanning and protection regime are required to incorporate. Along with this, based on the
operations, the employee’s login password and ID can be changed time to time which can lower
significant issues in the system. In this way, the system can become effective for maintaining
security of data and privacy of individuals and organisation.

 Differential Privacy Protection Technologies

 Decentralized Information Flow Control (DIFC)
 Airavat
 Detect the malware

6
  Continuous scanning
 Login password and ID can be changed

5. Recommendation

Therefore, it can be recommended that, strong and effective legal policies in the worldwide context
is required to implemented. Along with this, the aspects of general data protection regulation
(GDPR) needs to be incorporated. More security measures and upgradation of software need to
engage in the companies which can be presented as new security system. This could be able to
prevent malware and hacking especially in PaaS and SaaS. Effective policies should be included
at the workplace that can control employee's activities. If their login identification is used in other
IP addresses or any issues causing, serious enquiries and steps should be taken. In this way, cloud
computing security can help company to address ethical concerns of data security and privacy
protection.

 Strong and effective legal policies in the worldwide

 General data protection regulation (GDPR)
 More security measures
 Upgradation of software
 Malware and hacking especially in PaaS and SaaS
 Control employee's activities
 Login identification
 Serious enquiries and steps should be taken
 Address ethical concerns

6. Areas that the paper failed to address

The current research has effectively highlighted several aspects of cloud computing and network
security issues. However, in spite of that the journal has failed to address different aspects such as
inclusion of effective legal policies and frameworks are completely ignored which is a major
drawback. There are no honourable mentions of GDPR or privacy act is provided. Apart from this,
proper recommendation for mitigating the issue is also not acknowledged properly in this research
work. On the other hand, the current ethical practices regarding cloud computing security issues
are not mentioned which has been adopted by different business houses.

7
  Several aspects of cloud computing and network security issues
 Failed to address different aspects
 Inclusion of effective legal policies and frameworks
 No honourable mentions of GDPR or privacy act
 Proper recommendation for mitigating the issue is also not acknowledged
 Ethical practices regarding cloud computing security issues

7. Conclusion

Henceforth, it can be concluded that, the mentioned cloud security software is not a cloud
dependent application or software like antivirus products. In this way, the current research has
discussed several aspects of cloud security regime which are providing flawless operations and
network systems in business organisations. The rendering of data sharing permission is another
significant issue in which if a third party is involved, they are asked to maintain the original
restriction of usage and protection measures. Maintaining integrity and confidentiality are the key
factors of data security along with data encryption.

 Cloud security software is not a cloud dependent application

 Cloud security regime which are providing flawless operations
 Network systems in business organisations
 Data sharing permission is another significant issue
 Usage and protection measures
 Maintaining integrity and confidentiality

8
References

Ali, M., Khan, S.U. and Vasilakos, A.V., 2015. Security in cloud computing: Opportunities and
challenges. Information sciences, 305, pp.357-383.

Chang, V., Kuo, Y.H. and Ramachandran, M., 2016. Cloud computing adoption framework: A
security framework for business clouds. Future Generation Computer Systems, 57, pp.24-41.

Chen, D. and Zhao, H., 2012, March. Data security and privacy protection issues in cloud
computing. In 2012 International Conference on Computer Science and Electronics
Engineering (Vol. 1, pp. 647-651). IEEE.

Hashem, I.A.T., Yaqoob, I., Anuar, N.B., Mokhtar, S., Gani, A. and Khan, S.U., 2015. The rise of
“big data” on cloud computing: Review and open research issues. Information systems, 47, pp.98-
115.

Mollah, M.B., Azad, M.A.K. and Vasilakos, A., 2017. Security and privacy challenges in mobile
cloud computing: Survey and way ahead. Journal of Network and Computer Applications, 84,
pp.38-54.

Rebollo, O., Mellado, D., Fernández-Medina, E. and Mouratidis, H., 2015. Empirical evaluation
of a cloud computing information security governance framework. Information and Software
Technology, 58, pp.44-57.

Sen, J., 2015. Security and privacy issues in cloud computing. In Cloud Technology: Concepts,
Methodologies, Tools, and Applications (pp. 1585-1630). IGI Global.

Stergiou, C., Psannis, K.E., Kim, B.G. and Gupta, B., 2018. Secure integration of IoT and cloud
computing. Future Generation Computer Systems, 78, pp.964-975.