Security Issues in Cloud Computing IT & Computer Science Essay

Security Issues in Cloud Computing
Student’s Name
Institutional Affiliation
Course Code: Course Name
Professor’s Name
Date of Submission
Security Issues in Cloud Computing
Introduction
Cloud computing entails computing services in software, storage, and processing power delivered to users over the internet. It is an on-demand, flexible, and cost-effective computer delivery system, offering services to businesses or consumer IT through the internet. Due to its agility in offering services, cloud computing importance continues to increase, and it's scoring a lot of interest, especially in the scientific and e-commerce/industrial sectors. Cloud computing allows extensive access to convenient computing resources like servers, applications, networks, storage, etc. that can be released effortlessly through the internet. It is a computational model or a distribution system aiming to offer secure and efficient data storage and computing services, all delivered over the internet as visualized computing resources. It cannot be forgotten that the internet encourages collaboration, scalability, agility, and the ability to adjust to dynamics based on demand, accompanied by low cost through efficient computing.
In cloud computing, business owners do not have to have their own IT system or information centers; they can pay for both applications and storage from service providers. Through cloud computing, companies can avoid extra cost and the challenges of handling their own IT infrastructure; hence, firms only pay for services they use CITATION Ste181 \l 1033 (Steve Ranger, 2018). Meanwhile, cloud computing service providers benefit significantly from economies of scale as they deliver similar services to many customers. Currently, cloud computing boasts a wide range of options, from the standard features of networking, storage, and data processing capabilities to artificial intelligence (AI), language processing, and essential office software. Interestingly, any service that does not demand your physical availability to computer hardware can be delivered through the cloud. It combines a range of computer technologies like Service Oriented Architecture (SOA), Virtual Reality, Web 2.0, among other computing concepts on the internet, offering standard office applications through search engines to satisfy users' needs. Common examples of cloud computing services include Gmail, cloud photo backup on our smart devices.
Even though cloud computing offers several benefits, there is a potential downside and barriers to its adoption. Among the most common barriers to adoption include security concerns, compliance issues, and user information privacy ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"9hDXOGke","properties":{"formattedCitation":"(Hashizume et al., 2013)","plainCitation":"(Hashizume et al., 2013)","noteIndex":0},"citationItems":[{"id":81,"uris":["http://zotero.org/users/local/eXddgH2J/items/XVEZM47H"],"uri":["http://zotero.org/users/local/eXddgH2J/items/XVEZM47H"],"itemData":{"id":81,"type":"article-journal","abstract":"Cloud Computing is a flexible, cost-effective, and proven delivery platform for providing business or consumer IT services over the Internet. However, cloud Computing presents an added level of risk because essential services are often outsourced to a third party, which makes it harder to maintain data security and privacy, support data and service availability, and demonstrate compliance. Cloud Computing leverages many technologies (SOA, virtualization, Web 2.0); it also inherits their security issues, which we discuss here, identifying the main vulnerabilities in this kind of systems and the most important threats found in the literature related to Cloud Computing and its environment as well as to identify and relate vulnerabilities and threats with possible solutions.","container-title":"Journal of Internet Services and Applications","DOI":"10.1186/1869-0238-4-5","ISSN":"1869-0238","issue":"1","journalAbbreviation":"Journal of Internet Services and Applications","page":"5","source":"BioMed Central","title":"An analysis of security issues for cloud computing","URL":"https://doi.org/10.1186/1869-0238-4-5","volume":"4","author":[{"family":"Hashizume","given":"Keiko"},{"family":"Rosado","given":"David G."},{"family":"Fernández-Medina","given":"Eduardo"},{"family":"Fernandez","given":"Eduardo B."}],"accessed":{"date-parts":[["2020",11,1]]},"issued":{"date-parts":[["2013",2,27]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Hashizume et al., 2013). Since cloud computing is a relatively new computational paradigm, there is uncertainty on how security is guaranteed at its functional levels (networking, web hosting, applications, storage, etc.). Thus, many firms, especially those dealing with IT or large enterprises, talk of security as their primary concern with cloud computing. Traditional technologies security strategies (identity, authentication, and authorization) are insufficient for cloud hosting in their current version. Although security mechanisms in cloud computing are almost similar to that in IT systems, the operational systems and technologies used in cloud services present a greater risk than essential IT security solutions. The public cloud is the primary computing system. Users have the leverage of accessing invaluable computing resources over the internet, and moving corporations' applications and sensitive data, there can be a significant concern. Cloud computing security concerns are majorly related to "data security"; almost all identified problems, lack of data control, cyberattacks, lack of visibility, etc. surround the data users put in the cloud.
Over 90 percent of corporations are concerned about cloud security CITATION Topnd2 \l 1033 ("Top 15 Cloud", n.d.). Security issues in cloud computing are categorized, focusing on the SPI model; SaaS, PaaS, and IaaS. Using the SPI model, it is possible to identify the vulnerabilities and threats related to the cloud computing environment ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"Wiv74Z3k","properties":{"formattedCitation":"(Zhang et al., 2010)","plainCitation":"(Zhang et al., 2010)","noteIndex":0},"citationItems":[{"id":85,"uris":["http://zotero.org/users/local/eXddgH2J/items/WJ3AGEXH"],"uri":["http://zotero.org/users/local/eXddgH2J/items/WJ3AGEXH"],"itemData":{"id":85,"type":"article-journal","abstract":"Cloud computing has recently emerged as a new paradigm for hosting and delivering services over the Internet. Cloud computing is attractive to business owners as it eliminates the requirement for users to plan ahead for provisioning, and allows enterprises to start from the small and increase resources only when there is a rise in service demand. However, despite the fact that cloud computing offers huge opportunities to the IT industry, the development of cloud computing technology is currently at its infancy, with many issues still to be addressed. In this paper, we present a survey of cloud computing, highlighting its key concepts, architectural principles, state-of-the-art implementation as well as research challenges. The aim of this paper is to provide a better understanding of the design challenges of cloud computing and identify important research directions in this increasingly important area.","container-title":"Journal of Internet Services and Applications","DOI":"10.1007/s13174-010-0007-6","ISSN":"1869-0238","issue":"1","journalAbbreviation":"J Internet Serv Appl","language":"en","page":"7-18","source":"Springer Link","title":"Cloud computing: state-of-the-art and research challenges","title-short":"Cloud computing","URL":"https://doi.org/10.1007/s13174-010-0007-6","volume":"1","author":[{"family":"Zhang","given":"Qi"},{"family":"Cheng","given":"Lu"},{"family":"Boutaba","given":"Raouf"}],"accessed":{"date-parts":[["2020",11,1]]},"issued":{"date-parts":[["2010",5,1]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Zhang et al., 2010). Any potential attack that leads to misuse of information present danger, while vulnerability represents the flaws in a cloud computing system that allow any threat to occur. This paper will present security issues (threats and vulnerabilities) affecting cloud services and potential countermeasures to solve or improve the identified concerns.
Application Cloud-related Security Concerns with Software-as-a-Service (SaaS)
Security issues encountered with SaaS cloud applications are usually concerned with data and accessibility since many shared security solutions leave the two aspects entirely in the users' responsibility. Several issues have become significant concerns for SaaS cloud users in the recent past. Data within SaaS cloud applications is usually hidden, and users lack visibility CITATION Topnd2 \l 1033 ("Top 15 Cloud", n.d.) since most applications are provisioned by shadow IT. The firm's cloud-based data is usually stored outside of the organization's network and run by cloud systems owned by other corporations. Some SaaS applications lack cloud-focused security solutions, limiting the user's ability to monitor their data. There is inadequate control of users who can access sensitive data through the public cloud, resulting in increased data theft cases by malicious users. Data security concerns are common in almost all organizations. Still, when it comes to SaaS users, it is a significant challenge since they have to rely on cloud service providers to secure their data.  
The applications are usually delivered over the internet through search engines. Yet, defects in web browsers can result in SaaS application being vulnerable to any potential threat. Cyberattacks have been prevalent since intruders usually use web browsers to access and steal sensitive information by compromising user's devices ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"s3yBPB6R","properties":{"formattedCitation":"(Sabashini & Kavitha, 2011)","plainCitation":"(Sabashini & Kavitha, 2011)","noteIndex":0},"citationItems":[{"id":87,"uris":["http://zotero.org/users/local/eXddgH2J/items/8V26GNJI"],"uri":["http://zotero.org/users/local/eXddgH2J/items/8V26GNJI"],"itemData":{"id":87,"type":"webpage","abstract":"Cloud computing is a way to increase the capacity or add capabilities dynamically without investing in new infrastructure, training new personnel, or licensing new software. It extends Information Technology’s (IT) existing capabilities. In the last few years, cloud computing has grown from being a promising business concept to one of the fast growing segments of the IT industry. But as more and more information on individuals and companies are placed in the cloud, concerns are beginning to grow about just how safe an environment it is. Despite of all the hype surrounding the cloud, enterprise customers are still reluctant to deploy their business in the cloud. Security is one of the major issues which reduces the growth of cloud computing and complications with data privacy and data protection continue to plague the market. The advent of an advanced model should not negotiate with the required functionalities and capabilities present in the current model.","title":"A survey on security issues in service delivery models of cloud computing - ScienceDirect","URL":"/science/article/abs/pii/S1084804510001281?via%3Dihub","author":[{"family":"Sabashini","given":"S."},{"family":"Kavitha","given":"V."}],"accessed":{"date-parts":[["2020",11,1]]},"issued":{"date-parts":[["2011"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Sabashini & Kavitha, 2011). Traditional security solutions cannot effectively prevent attacks from occurring; therefore, practical approaches have to be integrated to ensure no attacker access users' sensitive data.
Data backup is an essential aspect that enables recovery when information is lost, but it also raises significant security concerns since SaaS's security solutions are weaker. Another problem arises as cloud computing service providers may find third-party solutions to back up your data. Once your data has been subcontracted to another backup provider, regulatory compliance issues relating to data privacy and segregation, and it is the provider's responsibility to enforce compliance standards to protect your data ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"2jyVkZWj","properties":{"formattedCitation":"(Hashizume et al., 2013)","plainCitation":"(Hashizume et al., 2013)","noteIndex":0},"citationItems":[{"id":81,"uris":["http://zotero.org/users/local/eXddgH2J/items/XVEZM47H"],"uri":["http://zotero.org/users/local/eXddgH2J/items/XVEZM47H"],"itemData":{"id":81,"type":"article-journal","abstract":"Cloud Computing is a flexible, cost-effective, and proven delivery platform for providing business or consumer IT services over the Internet. However, cloud Computing presents an added level of risk because essential services are often outsourced to a third party, which makes it harder to maintain data security and privacy, support data and service availability, and demonstrate compliance. Cloud Computing leverages many technologies (SOA, virtualization, Web 2.0); it also inherits their security issues, which we discuss here, identifying the main vulnerabilities in this kind of systems and the most important threats found in the literature related to Cloud Computing and its environment as well as to identify and relate vulnerabilities and threats with possible solutions.","container-title":"Journal of Internet Services and Applications","DOI":"10.1186/1869-0238-4-5","ISSN":"1869-0238","issue":"1","journalAbbreviation":"Journal of Internet Services and Applications","page":"5","source":"BioMed Central","title":"An analysis of security issues for cloud computing","URL":"https://doi.org/10.1186/1869-0238-4-5","volume":"4","author":[{"family":"Hashizume","given":"Keiko"},{"family":"Rosado","given":"David G."},{"family":"Fernández-Medina","given":"Eduardo"},{"family":"Fernandez","given":"Eduardo B."}],"accessed":{"date-parts":[["2020",11,1]]},"issued":{"date-parts":[["2013",2,27]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Hashizume et al., 2013). Nowadays, one can access applications through their website on web browsers and has become an easy way of accessing SaaS platforms using internet-enabled devices like mobile devices. However, the website service is exposed to security threats such as mobile malware, insecure Wi-Fi network, OS vulnerabilities, proximity-based hacking, and many more that intruders use to steal sensitive information. SaaS applications are categorized into maturity models based on scalability, metadata configurability, and multi-tenancy. The multi-tenancy model allows users to operate SaaS applications in a shared platform. Although the approach facilitates the efficient use of resources, there is limited scalability. Data from many tenants (users) will be stored in one database, increasing data leakage risks between users. It calls for a significant intervention that will ensure customers' data are stored in separate databases.
Platform-As-A-Service (PaaS) Cloud Security Issues
The PaaS service enables the deployment of cloud-based applications without buying and maintaining the hardware and software layers. Like in SaaS and IaaS, platform-as-a-service relies on a safe network and web browser. The PaaS application's security solution consists of two software layers, including Security for PaaS runtime engine and user application security. The PaaS cloud computing providers are mandated to offer protection for the platform software (runtime engine), facilitating the running of user applications. Below are some of the security issues brought by PaaS:
The PaaS cloud computing offers traditional programming languages as well as third-party services like mashups. Data and network security issues arise since mashups integrate more than one source element into a single unit. Data breaches are prone to PaaS as users usually depend on web-hosted security tools and the third-party mashup component providers.
With PaaS, application developers face challenges of creating complex applications to be hosted in the cloud. Changes in PaaS components can compromise the application's secur...