Posted: July 26th, 2022

Cloud Computing Security

Writing up a research of the selected topic. The report/essay should cover technology concepts,
technology advantages/weaknesses, and implementations. It should also discuss the technical and
economic impact of the technology on the National and International industry (from different
perspectives) where industrial and commercial examples are required as essential.

To achieve a higher mark, a CASE STUDY is required, which discusses a real practical practice or
experience that any industry, institute, organisation or academy does have.

Topic: Cloud Computing Security. (Risk Analysis, Security control, Cloud Identity Management
(OAuth), Cloud Application for security)
Cloud Computing Security
Institution:
Date:

Cloud Computing Security
In the twenty-first century, digital transformation has been a critical journey for most business organizations (D’souza, and Williams, 2017, page 5-18). Cloud computing technology is one of the technologies that has promoted flexibility, cloud services, and configurability. Cloud-based technology enables mobile banking, extensive data analysis, video streaming, customer relationship management(CRM), and business innovations. The diversification of cloud computing raises a number of security issues and threats, such as distributed denial of service(DDOS), unauthorized access, malware, and hackers (Rashid, and Chaturvedi, 2019, page 421-426). Cloud computing security is critical for every organization, especially in protecting the cloud environment from cybersecurity attacks. The paper is a discussion of cloud computing security.
Technology Concepts
Cloud computing security involves performing vulnerability management, incident response, collecting and addressing threats, and identifying important network events. Unknowingly, cloud users change critical settings or overlook the importance of the services, hence subjecting the misconfigurations to attackers (Hussein, and Khalid, 2016, page 52). Attackers use misconfiguration in conducting malicious practices, such as cyber-attacks. Also, apart from misconfiguration, attackers can access cloud information, data through damaging containers, and a credential that has been stolen, such as passwords. Security attacks may cause detrimental losses in an organization, especially unauthorized access of data, which leads to failures, data breaches, data deletion, and modification.
Crypto-jacking is another cloud-based attack where the attackers conduct unauthorized cryptocurrency mining in the organization leading to network traffic and resource hogging. On the other hand, E-skimming is another cloud-based attack, where attackers access an enterprise web application, injecting malicious codes. However, the malicious codes enable the attackers to access critical information, such as financial details and personal information, ruining a company’s reputation and financial losses (Amara, Zhiqui, and Ali, 2017, page 244-251). The most common risks and threats in cloud computing include misconfiguration, considered a top weakness for cloud users.
Technology Advantages/Weaknesses
Cloud computing has gained a broader scope in the information technology industry due to its m reduced closed, fewer management efforts, easy access to network resources, and ease to use. Cloud computing technology has grown, hence providing services, such as pay-for-use-strategy, data storage center, and delivery of resources. Cloud computing is known for its unique features and deliverables; for instance, it promotes resource pooling, promotes rapid elasticity, on-demand self-service, and measured services (Choi, and Jeong, 2018, page 81-87).
The three primary cloud computing services include software-as-a-service, platform-as-a-service, and infrastructure-as-a-service. Most organizations have embraced cloud computing due to its advantages, such as uninterrupted services, easy management, the availability of green computing, and disaster management. Despite its benefits, cloud computing technology has several disadvantages: lack of portability, less reliability, low quality of services, and lack of adaptability. On the other hand, cloud computing is vulnerable and prone to cybersecurity issues, such as integrity, confidentiality, authentication, and accountability. Privacy and security issues in cloud computing occur during processes, such as out-sourcing data and business applications.
The amazon network host service faced a security issue in 2010, where most people were affected. The problem was more related to storage security and web application, which are some of the issues that have been experienced by other companies, such as Twitter and Google. The security issues over the years have led to reduced trust and confidence and a reduction in cloud technology adoption (Mishra, Gupta, and Gupta, 2020. , page 145-161). Cloud computing security issues are categorized into data center issues, network issues, and security challenges, such as insecure programming interfaces. Datacenter security issues and vulnerability include the service provider’s multi-location, restriction on logistics and techniques, data combination, and commingling. The problems are summarized in the table below.
Risk Analysis and Security Controls
Risk analysis or cloud computing risk assessment is a process that conducts an in-depth research that provides several security benefits through information gathered. The cloud computing risk analysis identifies the strengths and weaknesses of information systems and assist in coming up with strategies and policies to minimize the risks. The analysis or assessment process evaluates the probability of an event taking place and the impacts the events may cause (Basu, et,al., 2018, page 347-356). Cloud computing risk assessment frameworks include the secure user-centric framework for service provision, a risk assessment framework for wireless sensor networks, and an offline risk assessment framework for cloud service providers.
Risk assessment in sensor cloud is conducted through the use of an attack graph which provides the relationship between the attack, also known as the cause-consequential relationship. Also, the attack graph assists through the vulnerability scanner tool, such as Nessus, in detecting several vulnerabilities that affect organizational performance. On the other hand, the risk assessment for cloud service providers is critical (Patel, and Alabisi, 2019., page 11-19). The process focuses on system design through data flow, evaluation of security through aggregate security measures, performance descriptive and exploratory analysis of CSA STAR, and development of cloud migration strategies.
Risk analysis in cloud computing is comprehensive and a very tiresome process that requires experience and expertise. Additionally, the risk assessment process is fundamental in realizing and identifying potential vulnerabilities, which play a vital role in creating and implementing security policies and strategies.
Implementation of Security Controls
Implementing cloud computing security controls is very important, although from the begining, migrating to cloud computing is challenging for most organizations (Hussein, and Khalid, 2016, page 52). However, cloud computing security should be included as part of the implementation plan to avoid security issues in the future. Implementation of cloud computing security technology involves adjusting the organization’s risk management strategies and implementing several cloud computing best practices. Some of the resource requirements for performance include,

Identity and access management: Identity and access management is one of the essential practices that should be implemented to avoid cloud-based security issues (Hussein, and Khalid, 2016, page 52). Identity and access management is a security policy that focuses on providing information on who the user should be and who can access data. Identity and access management involves controlling privileges concerned with the user identity. Identity and access management provides an organization with control and privacy of computing data. Users are, however, authenticated as a way of confirming identity. The primary authentication factors are something the user has, such as a physical token, something the user knows, such as a password or a user name. Also, the user has a face ID or fingerprints that match with those saved in the system.
On the other hand, access management involves limiting the type and amount of data to view. Gaining access does not mean a person can access any information they want; each statement is ranked and made available to the concerned parties. For instance, a low-level employee is not allowed to access email accounts or employees payrolls. Identity and management in cloud computing are fundamental in controlling access and placement of limitations to avoid hackers (Hussein, and Khalid, 2016, page 52). Identity and management assist in preventing identity-based attacks as well as data breaches. Most of the time, cloud users prefer using an identity provider (IDP), identity-as-a-service, and Cloudflare access.
Segmentation: Segmentation is a process that assists in preventing lateral movement, which is achieved through some techniques. However, network segmentation is done through many functions, such as the use of specialized tools that control network traffic through segregation and production of traffic. On the other hand, network segmentation is achieved through applications that use separate system images that do not share or use cloud storage resources. Additionally, virtual servers are dedicated to clients’ environments, for instance, s through the virtual database servers and SAN. Another method is the physical separation of servers in every model, such as the traditional application service provider(ASP).
Vulnerability management: Vulnerability management is another best practice that assists in preventing and managing Cloyd security issues (Hussein, and Khalid, 2016, page 52). Vulnerability management is implemented to perform vulnerability scans, which are regular testing and security audits. The most popular type of testing is penetration testing, which assists in testing for the cloud network environment and detecting system vulnerabilities.
Password management: Password management is critical, especially considering that attackers use stolen credentials to invade a system (Hussein, and Khalid, 2016, page 52). Password management best practices implemented include the frequent configuration of settings, the composition of minimum password length, setting a maximum number of password age, creating a password history with not fewer than ten previous passwords, and enabling password synchronization, which prevents security risks. Password auditing would also play an important role, especially in tracking password changes, which assist in monitoring security.
Patch management: Patching already identified cloud-based vulnerabilities is essential through the assistance of automated tools (Radwan, Azer, and Abdelbaki, 2017. , page 158-172). On the other hand, post-patching services are imperative, especially in addressing and taking care of any incompatibilities in the cloud environment.
Encryption involves ensuring that computing data and other organizations’ data are protected in bot transit and reset. The best encrypting is to use more than one encryption service for all network levels and databases.
Compliance management: Complaint management involves using a tool that provides security alerts, which assist in carrying out corrective measures and addressing the available security issues and risks.
Security reporting: Security reporting is the best practice an organization can implement to prevent cloud-based security issues (Bhadoria, 2018, page 725-765). The organization can opt for the security information and event management (SIEM) tool, which assists in centralizing data from the vendor security reporting.
Monitoring: Security monitoring assists in the discovery of new threats and vulnerabilities in cloud computing information systems. However, the cloud computing vendors should have continuous security monitoring tools, which assist in protecting the cloud environment.
Technical and economic impact of the technology on the National and International industry (from different perspectives) where industrial and commercial examples are required as essential.
Cloud computing technology is very impactful, especially in the national and international industries. Cloud computing is a technology that has caused tremendous growth in the economy as the technology has become essential for businesses across the world. For instance, cloud computing technology promotes job opportunities, promotes cost savings, and assists companies in developing and grow themselves (Hussein, and Khalid, 2016, page 52). On the other hand, the technology has a significant impact on cloud service providers and other entrepreneurs coming up from the technology. The economic and business growth has been contributed by developing the innovative business model; for instance, through the model, more companies have been creating, hence promoting social surplus.
On the other hand, cloud computing security technology is very impactful to the nation. For instance, the technology provides a platform to analyze and identify principal vulnerabilities that could cause a significant impact on the national security from the government cloud computing activities (Basu, et,al., 2018, page 347-356). The relationship between cybersecurity and national security is very close. The use of cloud computing technology puts the nation into security vulnerability, as critical government data is stored in the cloud, use of third-party service providers, and lack of a practical regulatory framework within and outside the country. Cloud computing is one o the technology that the government has implemented due to its advantages, such as low cost and more storage. Cloud computing raises security concerns for the nation and internationally, significantly where international business and trade are concerned, raising more national security issues, especially cyberterrorism.
The cloud computing deployment models provide security advantages on the national and international levels. For instance, migrating data to various cloud types and categorizing government data based on confidentiality, especially regarding military and national security plans. Secure cloud computing provides intelligent services for the government and assists in implementing digital government policies and strategies, which assist give services to its citizens without and security issues. Also, cloud computing security prevents corruption, and bureaucratic complications, which prevents teh government from achieving its roles. National and international security are achieved when managing threats, challenges, and vulnerabilities through a cloud-based security framework.
Cloud computing security creates hazards, and vulnerabilities, by bridging the gap between policymakers, society, and individuals (Subramanian, and Jeyaraj, 2018., page 28-42). Cloud computing security technology is all about protecting national and international data that focus on integrity, availability, and confidentiality. Because cyber-attacks and vulnerabilities are a threat to national security, application of solid legal guidelines, and a security framework meant to protect the national infrastructure, on the other hand, the technology protects the government and international businesses from political, social, environmental, and economic threats.

List of References
Almorsy M, Grundy J, Müller I. An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107. 2016 Sep 5.
Amara, N., Zhiqui, H. and Ali, A., 2017, October. Cloud computing security threats and attacks with their mitigation techniques. In 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC) (pp. 244-251). IEEE.
Basu, S., Bardhan, A., Gupta, K., Saha, P., Pal, M., Bose, M., Basu, K., Chaudhury, S. and Sarkar, P., 2018, January. Cloud computing security challenges & solutions-A survey. In 2018 IEEE 8th Annual Computing and Communication Workshop and Conference (CCWC) (pp. 347-356). IEEE.
Bhadoria, R.S., 2018. Security architecture for cloud computing. In Cyber Security and Threats: Concepts, Methodologies, Tools, and Applications (pp. 729-755). IGI Global.
Choi, S.Y. and Jeong, K., 2018. The Security Architecture for Secure Cloud Computing Environment. Journal of the Korea Society of Computer and Information, 23(12), pp.81-87.
D’souza, C. and Williams, D., 2017. The digital economy. Bank of Canada Review, 2017(Spring), pp.5-18.
Hussein, N.H. and Khalid, A., 2016. A survey of cloud computing security challenges and solutions. International Journal of Computer Science and Information Security, 14(1), p.52.
JAIN, P. and CHOUHAN, D.J.S., Cloud Computing Security Issues and Web-Service Methods to Overcome from Security Threats.
Mishra, A., Gupta, N. and Gupta, B.B., 2020. Security threats and recent countermeasures in cloud computing. In Modern principles, practices, and algorithms for cloud security (pp. 145-161). IGI Global.
Patel, K. and Alabisi, A., 2019. Cloud computing security risks: Identification and assessment. The Journal of New Business Ideas & Trends, 17(2), pp.11-19.
Radwan, T., Azer, M.A. and Abdelbaki, N., 2017. Cloud computing security: challenges and future trends. International Journal of Computer Applications in Technology, 55(2), pp.158-172.
Radwan, T., Azer, M.A. and Abdelbaki, N., 2017. Cloud computing security: challenges and future trends. International Journal of Computer Applications in Technology, 55(2), pp.158-172.
Rashid, A. and Chaturvedi, A., 2019. Cloud computing characteristics and services: a brief review. International Journal of Computer Sciences and Engineering, 7(2), pp.421-426.
Subramanian, N. and Jeyaraj, A., 2018. Recent security challenges in cloud computing. Computers & Electrical Engineering, 71, pp.28-42.
Yu, Y., Miyaji, A., Au, M.H. and Susilo, W., 2017. Cloud computing security and privacy: Standards and regulations.

Order | Check Discount

Tags: Cloud Computing Security