Cloud computing security issues and solutions pdf
File Name: cloud computing security issues and solutions .zip
- A Review on Security Issues in Cloud Computing
- We apologize for the inconvenience...
- Cloud Computing Security Issues
- Cloud Computing
Almost every business you can think of is using public cloud services for many of their critical business applications. Unfortunately as we head into , cyberattacks and breaches on cloud services are increasing.
Cloud computing security or, more simply, cloud security refers to a broad set of policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing. It is a sub-domain of computer security , network security , and, more broadly, information security. Cloud computing and storage provide users with capabilities to store and process their data in third-party data centers.
A Review on Security Issues in Cloud Computing
Metrics details. Cloud Computing is a flexible, cost-effective, and proven delivery platform for providing business or consumer IT services over the Internet. However, cloud Computing presents an added level of risk because essential services are often outsourced to a third party, which makes it harder to maintain data security and privacy, support data and service availability, and demonstrate compliance. The importance of Cloud Computing is increasing and it is receiving a growing attention in the scientific and industrial communities.
A study by Gartner [ 1 ] considered Cloud Computing as the first among the top 10 most important technologies and with a better prospect in successive years by companies and organizations. Cloud Computing enables ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources e.
Cloud Computing appears as a computational paradigm as well as a distribution architecture and its main objective is to provide secure, quick, convenient data storage and net computing service, with all computing resources visualized as services and delivered over the Internet [ 2 , 3 ].
The cloud enhances collaboration, agility, scalability, availability, ability to adapt to fluctuations according to demand, accelerate development work, and provides potential for cost reduction through optimized and efficient computing [ 4 — 7 ]. In some respects, Cloud Computing represents the maturing of these technologies and is a marketing term to represent that maturity and the services they provide [ 6 ].
Although there are many benefits to adopting Cloud Computing, there are also some significant barriers to adoption. One of the most significant barriers to adoption is security, followed by issues regarding compliance, privacy and legal matters [ 8 ]. Because Cloud Computing represents a relatively new computing model, there is a great deal of uncertainty about how security at all levels e. That uncertainty has consistently led information executives to state that security is their number one concern with Cloud Computing [ 10 ].
Compared to traditional technologies, the cloud has many specific features, such as its large scale and the fact that resources belonging to cloud providers are completely distributed, heterogeneous and totally virtualized. Traditional security mechanisms such as identity, authentication, and authorization are no longer enough for clouds in their current form [ 11 ]. Security controls in Cloud Computing are, for the most part, no different than security controls in any IT environment.
However, because of the cloud service models employed, the operational models, and the technologies used to enable cloud services, Cloud Computing may present different risks to an organization than traditional IT solutions. Unfortunately, integrating security into these solutions is often perceived as making them more rigid [ 4 ].
To alleviate these concerns, a cloud solution provider must ensure that customers will continue to have the same security and privacy controls over their applications and services, provide evidence to customers that their organization are secure and they can meet their service-level agreements, and that they can prove compliance to auditors [ 12 ]. We present here a categorization of security issues for Cloud Computing focused in the so-called SPI model SaaS, PaaS and IaaS , identifying the main vulnerabilities in this kind of systems and the most important threats found in the literature related to Cloud Computing and its environment.
A threat is a potential attack that may lead to a misuse of information or resources, and the term vulnerability refers to the flaws in a system that allows an attack to be successful. There are some surveys where they focus on one service model, or they focus on listing cloud security issues in general without distinguishing among vulnerabilities and threats.
Here, we present a list of vulnerabilities and threats, and we also indicate what cloud service models can be affected by them. Furthermore, we describe the relationship between these vulnerabilities and threats; how these vulnerabilities can be exploited in order to perform an attack, and also present some countermeasures related to these threats which try to solve or improve the identified problems.
The remainder of the paper is organized as follows: Section 2 presents the results obtained from our systematic review. Next, in Section 3 we define in depth the most important security aspects for each layer of the Cloud model. Later, we will analyze the security issues in Cloud Computing identifying the main vulnerabilities for clouds, the most important threats in clouds, and all available countermeasures for these threats and vulnerabilities.
Finally, we provide some conclusions. We have carried out a systematic review [ 13 — 15 ] of the existing literature regarding security in Cloud Computing, not only in order to summarize the existing vulnerabilities and threats concerning this topic but also to identify and analyze the current state and the most important security issues for Cloud Computing.
The question focus was to identify the most relevant issues in Cloud Computing which consider vulnerabilities, threats, risks, requirements and solutions of security for Cloud Computing. This question had to be related with the aim of this work; that is to identify and relate vulnerabilities and threats with possible solutions. Therefore, the research question addressed by our research was the following: What security vulnerabilities and threats are the most important in Cloud Computing which have to be studied in depth with the purpose of handling them?
The keywords and related concepts that make up this question and that were used during the review execution are: secure Cloud systems, Cloud security, delivery models security, SPI security, SaaS security, Paas security, IaaS security, Cloud threats, Cloud vulnerabilities, Cloud recommendations, best practices in Cloud.
The selection criteria through which we evaluated study sources was based on the research experience of the authors of this work, and in order to select these sources we have considered certain constraints: studies included in the selected sources must be written in English and these sources must be web-available.
Later, the experts will refine the results and will include important works that had not been recovered in these sources and will update these work taking into account other constraints such as impact factor, received cites, important journals, renowned authors, etc. Once the sources had been defined, it was necessary to describe the process and the criteria for study selection and evaluation.
The inclusion and exclusion criteria of this study were based on the research question. We therefore established that the studies must contain issues and topics which consider security on Cloud Computing, and that these studies must describe threats, vulnerabilities, countermeasures, and risks. During this phase, the search in the defined sources must be executed and the obtained studies must be evaluated according to the established criteria.
After executing the search chain on the selected sources we obtained a set of about results which were filtered with the inclusion criteria to give a set of about 40 relevant studies. This set of relevant studies was again filtered with the exclusion criteria to give a set of studies which corresponds with 15 primary proposals [ 4 , 6 , 10 , 16 — 27 ]. The studies analyze the risks and threats, often give recommendations on how they can be avoided or covered, resulting in a direct relationship between vulnerability or threats and possible solutions and mechanisms to solve them.
In addition, we can see that in our search, many of the approaches, in addition to speaking about threats and vulnerabilities, also discuss other issues related to security in the Cloud such as the data security, trust, or security recommendations and mechanisms for any of the problems encountered in these environments. The cloud model provides three types of services [ 21 , 28 , 29 ]:.
Software as a Service SaaS. The applications are accessible from various client devices through a thin client interface such as a web browser e. Platform as a Service PaaS. The capability provided to the consumer is to deploy onto the cloud infrastructure his own applications without installing any platform or tools on their local machines. PaaS refers to providing platform layer resources, including operating system support and software development frameworks that can be used to build higher-level services.
Infrastructure as a Service IaaS. The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications.
With SaaS, the burden of security lies with the cloud provider. In part, this is because of the degree of abstraction, the SaaS model is based on a high degree of integrated functionality with minimal customer control or extensibility. By contrast, the PaaS model offers greater extensibility and greater customer control.
Largely because of the relatively lower degree of abstraction, IaaS offers greater tenant or customer control over security than do PaaS or SaaS [ 10 ].
Before analyzing security challenges in Cloud Computing, we need to understand the relationships and dependencies between these cloud service models [ 4 ].
However, we have to take into account that PaaS offers a platform to build and deploy SaaS applications, which increases the security dependency between them. As a consequence of these deep dependencies, any attack to any cloud service layer can compromise the upper layers. Each cloud service model comprises its own inherent security flaws; however, they also share some challenges that affect all of them.
These relationships and dependencies between cloud models may also be a source of security risks. A SaaS provider may rent a development environment from a PaaS provider, which might also rent an infrastructure from an IaaS provider.
Each provider is responsible for securing his own services, which may result in an inconsistent combination of security models. It also creates confusion over which service provider is responsible once an attack happens.
SaaS users have less control over security among the three fundamental delivery models in the cloud. The adoption of SaaS applications may raise some security concerns. These applications are typically delivered via the Internet through a Web browser [ 12 , 22 ]. However, flaws in web applications may create vulnerabilities for the SaaS applications.
Security challenges in SaaS applications are not different from any web application technology, but traditional security solutions do not effectively protect it from attacks, so new approaches are necessary [ 21 ]. There are more security issues, but it is a good start for securing web applications. SaaS applications can be grouped into maturity models that are determined by the following characteristics: scalability, configurability via metadata, and multi-tenancy [ 30 , 33 ].
In the first maturity model, each customer has his own customized instance of the software. This model has drawbacks, but security issues are not so bad compared with the other models. In the second model, the vendor also provides different instances of the applications for each customer, but all instances use the same application code. In this model, customers can change some configuration options to meet their needs.
In the third maturity model multi-tenancy is added, so a single instance serves all customers [ 34 ]. This approach enables more efficient use of the resources but scalability is limited.
Since data from multiple tenants is likely to be stored in the same database, the risk of data leakage between these tenants is high. For the final model, applications can be scaled up by moving the application to a more powerful server if needed. Data security is a common concern for any technology, but it becomes a major challenge when SaaS users have to rely on their providers for proper security [ 12 , 21 , 36 ].
In SaaS, organizational data is often processed in plaintext and stored in the cloud. The SaaS provider is the one responsible for the security of the data while is being processed and stored [ 30 ]. Also, data backup is a critical aspect in order to facilitate recovery in case of disaster, but it introduces security concerns as well [ 21 ].
Also cloud providers can subcontract other services such as backup from third-party service providers, which may raise concerns. Moreover, most compliance standards do not envision compliance with regulations in a world of Cloud Computing [ 12 ].
Accessing applications over the internet via web browser makes access from any network device easier, including public computers and mobile devices. However, it also exposes the service to additional security risks. The Cloud Security Alliance [ 37 ] has released a document that describes the current state of mobile computing and the top threats in this area such as information stealing mobile malware, insecure networks WiFi , vulnerabilities found in the device OS and official applications, insecure marketplaces, and proximity-based hacking.
PaaS facilitates deployment of cloud-based applications without the cost of buying and maintaining the underlying hardware and software layers [ 21 ]. PaaS application security comprises two software layers: Security of the PaaS platform itself i. PaaS providers are responsible for securing the platform software stack that includes the runtime engine that runs the customer applications.
Same as SaaS, PaaS also brings data security issues and other challenges that are described as follows:. Moreover, PaaS does not only provide traditional programming languages, but also does it offer third-party web services components such as mashups [ 10 , 38 ].
Mashups combine more than one source element into a single integrated unit. Thus, PaaS models also inherit security issues related to mashups such as data and network security [ 39 ]. Also, PaaS users have to depend on both the security of web-hosted development tools and third-party services. From the perspective of the application development, developers face the complexity of building secure applications that may be hosted in the cloud.
Developers have to keep in mind that PaaS applications should be upgraded frequently, so they have to ensure that their application development processes are flexible enough to keep up with changes [ 19 ].
However, developers also have to understand that any changes in PaaS components can compromise the security of their applications. Besides secure development techniques, developers need to be educated about data legal issues as well, so that data is not stored in inappropriate locations.
We apologize for the inconvenience...
Cloud computing is emerging as one of the powerful computing technologies in the field of Information Technology due to its flexibility and cost reduction. This paper provides a detailed survey on security issues of the services provided by cloud computing and solutions to mitigate them. The main objective of this paper is to empower a new researcher to figure out the concepts of cloud computing, the services provided by them, and the security issues in the services. It also provides solutions to avoid or mitigate the different security issues which occur in the services provided by cloud computing. Additionally, it provides insight into the cloud computing model proposed by the National Institute of Standards and Technology NIST , data stages and data security basics in a multi-tenant environment.
Cloud Computing Security Issues
Fog computing is a paradigm that extends Cloud computing and services to the edge of the network which eliminates the limitations such as abeyance, curtailed mobility, absenteeism of location awareness, security short comings etc. This survey paper gives an overview of fog computing, its benefits, challenges, architectural components, security and privacy issues. Also discusses about the encryption algorithms, techniques, security requirements and the key challenges for fog computing. Tadapaneni, N. Different Types of Cloud Service Models.
Skip to Main Content. A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. Use of this web site signifies your agreement to the terms and conditions. Cloud computing: Technology, security issues and solutions Abstract: The concept of cloud computing can be traced back to almost the middle of last century.
Metrics details. Cloud Computing is a flexible, cost-effective, and proven delivery platform for providing business or consumer IT services over the Internet. However, cloud Computing presents an added level of risk because essential services are often outsourced to a third party, which makes it harder to maintain data security and privacy, support data and service availability, and demonstrate compliance. The importance of Cloud Computing is increasing and it is receiving a growing attention in the scientific and industrial communities. A study by Gartner [ 1 ] considered Cloud Computing as the first among the top 10 most important technologies and with a better prospect in successive years by companies and organizations.
PDF | Cloud Computing provide a solution of computing problems. Cloud users can fulfill his/her need for all hardware, operating system and.