Review on Security Aspects for Cloud Architecture

Cloud computing is one of the fastest growing and popular technology in the field of computing. As the concept of cloud computing was introduced in 2006. Since then large number of IT industries join the queue to develop many cloud services and put sensitive information over cloud. In fact cloud computing is no doubt the great innovation in the field of computing but at the same time also poses many challenges. Since a large number of organizations migrate their business to cloud and hence it appears as an attractive target for the malicious attack. The purpose of the paper is to review the available literature for security concerns and highlight a relationship between vulnerabilities, attacks and threats in SaaS model. A mapping is being presented to highlight the impact of vulnerabilities and attacks.

Download Full-text

Device-Based Security to Improve User Privacy in the Internet of Things †

Sensors ◽

10.3390/s18082664 ◽

2018 ◽

Vol 18 (8) ◽

pp. 2664 ◽

Cited By ~ 4

Author(s):

Luis Belem Pacheco ◽

Eduardo Pelinson Alchieri ◽

Priscila Mendez Barreto

Keyword(s):

Cloud Computing ◽

Internet Of Things ◽

Single Point ◽

Data Access ◽

Cloud Services ◽

Sensitive Information ◽

User Privacy ◽

Privacy And Security ◽

Iot Devices ◽

And Control

The use of Internet of Things (IoT) is rapidly growing and a huge amount of data is being generated by IoT devices. Cloud computing is a natural candidate to handle this data since it has enough power and capacity to process, store and control data access. Moreover, this approach brings several benefits to the IoT, such as the aggregation of all IoT data in a common place and the use of cloud services to consume this data and provide useful applications. However, enforcing user privacy when sending sensitive information to the cloud is a challenge. This work presents and evaluates an architecture to provide privacy in the integration of IoT and cloud computing. The proposed architecture, called PROTeCt—Privacy aRquitecture for integratiOn of internet of Things and Cloud computing, improves user privacy by implementing privacy enforcement at the IoT devices instead of at the gateway, as is usually done. Consequently, the proposed approach improves both system security and fault tolerance, since it removes the single point of failure (gateway). The proposed architecture is evaluated through an analytical analysis and simulations with severely constrained devices, where delay and energy consumption are evaluated and compared to other architectures. The obtained results show the practical feasibility of the proposed solutions and demonstrate that the overheads introduced in the IoT devices are worthwhile considering the increased level of privacy and security.

Download Full-text

Exploring Expansion and Innovations in Cloud Computing

International Journal of R&D Innovation Strategy ◽

10.4018/ijrdis.2019010104 ◽

2019 ◽

Vol 1 (1) ◽

pp. 46-59

Author(s):

Jitendra Singh

Keyword(s):

Information Technology ◽

Cloud Computing ◽

Cloud Services ◽

Recent Past ◽

Cloud Development ◽

User Expectations ◽

Cloud Evolution ◽

The Impact

Cloud computing is one of the highly sought-after paradigms in information technology. In several cases, it has surpassed earlier predictions of growth, and expanding its services to cover all the key areas. With the growing usage of the cloud, new requirements have also surfaced. To meet user expectations, the cloud services pool has expanded drastically. In order to meet the subscriber's futuristic demands, cloud computing needs to advance further. This work undertakes the study of expansion and innovations that have already happened in the recent past. In addition, perceived cloud evolution in the futuristic cloud has been presented. During the course of exploration, the impact of hardware and software on evolution has been taken into account. Considering the benefits involved, and the current advancement, this work concludes by presenting the innovations that will lead to cloud development.

Download Full-text

Multi-Perspectives of Cloud Computing Service Adoption Quality and Risks in Higher Education

Handbook of Research on Modern Educational Technologies, Applications, and Management ◽

10.4018/978-1-7998-3476-2.ch001 ◽

2021 ◽

pp. 1-19

Author(s):

Mohammed Banu Ali

Keyword(s):

Cloud Computing ◽

Cloud Services ◽

Innovative Technology ◽

Sensitive Information ◽

Service Adoption ◽

Cloud Adoption ◽

Convincing Argument ◽

Security Issues ◽

Collaborative Tools ◽

Cloud Computing Service

Universities worldwide are starting to turn to cloud computing. The quality characteristics, which include access to a wider network of computing resources, pay-as-you-go services, self-services, agile services, and resource centralisation provide a convincing argument for HEIs to adopt cloud services. However, the risks leading to non-adoption range from security issues to a lack of cloud vendor support. The findings suggest that security, privacy, and trust are the key determinants to non-adoption as stakeholders felt that the cloud cannot fully guarantee the safeguarding of sensitive information. Key determinants to cloud adoption include improving relationships between students and teachers via collaborative tools and proposing cloud apps for mobile devices for accessing virtual learning materials and email securely off-campus. In conclusion, university stakeholders are still unconvinced about adopting cloud services, but future advances of the cloud may help to steer their decision to adopt this innovative technology given its overwhelming potential.

Download Full-text

Consumer protection in cloud computing contracts stipulating non-monetary remuneration

International Journal of Law and Information Technology ◽

10.1093/ijlit/eaaa006 ◽

2020 ◽

Vol 28 (1) ◽

pp. 20-38

Author(s):

Krzysztof Żok

Keyword(s):

Cloud Computing ◽

Consumer Protection ◽

Personal Data ◽

Reference Points ◽

Cloud Services ◽

The Impact

Abstract The convenience of cloud services rapidly increases their popularity among consumers. Although the services are often marketed as free, the consumer may be required to provide remuneration. Instead of charging a fee, however, providers usually collect assets other than money, in particular consumer’s personal data. This raises serious questions about consumer protection which until recently has mainly covered ‘paid’ contracts. Moreover, treating some forms of non-monetary remuneration as payment is controversial due to the special status of the information provided by the consumer in exchange for the service. The article analyses the impact of non-monetary remuneration on consumer protection in cloud computing contracts, taking as reference points Directives 2011/83 (with the latest amendments) and 2019/770. The following considerations highlight the disadvantages of both Directives, concluding that they do not remove all the concerns associated with cloud computing contracts. The article also indicates possible solutions to the issue of non-monetary remuneration.

Download Full-text

A comparative study of the evolution of vulnerabilities in IT systems and its relation to the new concept of cloud computing

Journal of Management History ◽

10.1108/jmh-02-2014-0018 ◽

2014 ◽

Vol 20 (4) ◽

pp. 409-433 ◽

Cited By ~ 6

Author(s):

Issam Kouatli

Keyword(s):

Cloud Computing ◽

Risk Analysis ◽

Comparative Study ◽

New Technology ◽

Business Environment ◽

Cloud Services ◽

Content Type ◽

It Systems ◽

Weighted Score ◽

The Impact

Purpose – The purpose of this paper is to classify and categorize the vulnerability types emerged with time as information technology (IT) systems evolved. This comparative study aims to compare the seriousness of the old well-known vulnerabilities that may still exist with lower possibility of happening with that of new technologies like cloud computing with Mobility access. Cloud computing is a new structure of IT that is becoming the main part of the new model of business environment. However, issues regarding such new hype of technology do not come without obstacles. These issues have to be addressed before full acceptability of cloud services in a globalized business environment. Businesses need to be aware of issues of concerns before joining the cloud services. This paper also highlights these issues and shows the comparison table to help businesses with appropriate decision-making when joining the cloud. Design/methodology/approach – A historical review of emerged vulnerabilities as IT systems evolved was conducted, then these vulnerabilities were categorized into eight different categories, each of which composed of multiple vulnerability types. Simple scoring techniques were used to build a “risk” analysis table where each vulnerability type was given a score based on availability of matured solution and the likeliness of happening, then in case of vulnerability type, another score was used to derive the impact of such vulnerability. The resulted weighted score can be derived from the multiplication of likeliness to happen score with that of its impact in case it did happen. Percentage of seriousness represented by the percentage of the derived weighted score of each of the vulnerabilities can then be concluded. Similar table was developed for issues related to cloud computing environment in specific. Findings – After surveying the historical background of IT systems and emerged vulnerabilities as well as reviewing the common malicious types of system vulnerabilities, this paper identifies 22 different types of vulnerability categorized in eight different categories. This comparative study explores amount of possible vulnerabilities in new technology like cloud computing services. Specific issues for cloud computing were also explored and a similar comparative study was developed on these issues. The result of the comparative study between all types of vulnerabilities since the start of IT system development till today’s technology of cloud computing, shows that the highest percentage vulnerability category was the one related to mobility access as mobile applications/systems are relatively newly emerged and do not have a matured security solution(s). Practical implications – Learning from history, one can conclude the current risk factor in dealing with new technology like cloud computing. Businesses can realize that decision to join the cloud requires thinking about the issues mentioned in this paper and identifying the most vulnerability types to try to avoid them. Originality/value – A new comparative study and new classification of vulnerabilities demonstrated with risk analysis using simple scoring technique.

Download Full-text

Secure Architecture for Cloud Environment

Cyber Security and Threats ◽

10.4018/978-1-5225-5634-3.ch045 ◽

2018 ◽

pp. 910-925

Author(s):

Kashif Munir ◽

Sellapan Palaniappan

Keyword(s):

Cloud Computing ◽

Data Centers ◽

End Users ◽

Cloud Services ◽

The Internet ◽

Security Threats ◽

Cloud Environment ◽

Cloud Architecture ◽

The World ◽

Secure Architecture

Cloud computing is set of resources and services offered through the internet. Cloud services are delivered from data centers located throughout the world. Enterprises are rapidly adopting cloud services for their businesses, measures need to be developed so that organizations can be assured of security in their businesses and can choose a suitable vendor for their computing needs. In this chapter we identify the most vulnerable security threats/attacks in cloud computing, which will enable both end users and vendors to know about the key security threats associated with cloud computing and propose relevant solution directives to strengthen security in the cloud environment. This chapter also discusses secure cloud architecture for organizations to strengthen the security.

Download Full-text

Cyber-Security Concerns with Cloud Computing

Advances in Systems Analysis, Software Engineering, and High Performance Computing - Resource Management and Efficiency in Cloud Computing Environments ◽

10.4018/978-1-5225-1721-4.ch005 ◽

2017 ◽

pp. 105-135 ◽

Cited By ~ 2

Author(s):

Ezer Osei Yeboah-Boateng

Keyword(s):

Cloud Computing ◽

Value Creation ◽

Value Chain ◽

Cyber Security ◽

Cost Effective ◽

Sensitive Information ◽

Expert Opinions ◽

Strategic Model ◽

Security Concerns ◽

Malicious Insiders

Information is modeled into virtual objects to create value for its owner. The value chain involves stakeholders with varied responsibilities in the cyber-market. Cloud computing emerged out of virtualization, distributed and grid computing, and has altered the value creation landscape, through strategic and sensitive information management. It offers services that use resources in a utility fashion. The flexible, cost-effective service models are opportunities for SMEs. Whilst using these tools for value-creation is imperative, a myriad of security concerns confront both providers and end-users. Vulnerabilities and threats are key concerns, so that value created is strategically aligned with corporate vision, appropriated and sustained. What is the extent of impact? Expert opinions were elicited of 4 C-level officers and 10 security operatives. Shared technology issues, malicious insiders and service hijacking are considered major threats. Also, an intuitive strategic model for Value-Creation Cloud-based Cyber-security is proposed as guidance in fostering IT-enabled initiatives.

Download Full-text

Cloud Computing for Earth Observation

Cloud Technology ◽

10.4018/978-1-4666-6539-2.ch056 ◽

2015 ◽

pp. 1204-1230

Author(s):

Roberto Cossu ◽

Claudio Di Giulio ◽

Fabrice Brito ◽

Dana Petcu

Keyword(s):

Cloud Computing ◽

Earth Observation ◽

Cloud Services ◽

Grid Services ◽

Efficient Storage ◽

Technical Details ◽

Earth Observation Satellites ◽

Lock In ◽

The Impact

This chapter elaborates on the impact and benefits Cloud Computing may have on Earth Observation. Earth Observation satellites generate in fact Tera- to Peta-bytes of data, and Cloud Computing provides many capabilities that allow an efficient storage and exploitation of such data. Several scenarios related to Earth Observation activities are analyzed in order to identify the possible benefits from the adoption of Cloud Computing. As concrete proofs-of-concept, several activities related to Cloud Computing in the context of Earth Observation are exposed and discussed. Technical details are provided for a particular framework used by Earth Observation applications that has made the transition from using Grid services towards using Cloud services. A special attention is given to the avoidance of the vendor-lock-in problem.

Download Full-text

Denial of Service (DoS) Attacks Over Cloud Environment

Research Anthology on Combating Denial-of-Service Attacks ◽

10.4018/978-1-7998-5348-0.ch026 ◽

2021 ◽

pp. 491-521

Author(s):

Thangavel M. ◽

Nithya S ◽

Sindhuja R

Keyword(s):

Cloud Computing ◽

Capacity Planning ◽

Denial Of Service ◽

Cloud Services ◽

The Other ◽

Complete Analysis ◽

Cloud Environment ◽

Dos Attack ◽

Dos Attacks ◽

The Impact

Cloud computing is the fastest growing technology in today's world. Cloud services provide pay as go models on capacity or usage. For providing better cloud services, capacity planning is very important. Proper capacity planning will maximize efficiency and on the other side proper control over the resources will help to overcome from attacks. As the technology develops in one side, threats and vulnerabilities to security also increases on the other side. A complete analysis of Denial of Service (DOS) attacks in cloud computing and how are they done in the cloud environment and the impact of reduced capacity in cloud causes greater significance. Among all the cloud computing attacks, DOS is a major threat to the cloud environment. In this book chapter, we are going to discuss DOS attack in the cloud and its types, what are the tools used to perform DOS attack and how they are detected and prevented. Finally it deals with the measures to protect the cloud services from DOS attack and also penetration testing for DOS attack.

Download Full-text

The impact of cloud computing on the future of academic library practices and services

New Library World ◽

10.1108/03074801311304041 ◽

2013 ◽

Vol 114 (3/4) ◽

pp. 132-141 ◽

Cited By ~ 12

Author(s):

Judith Mavodza

Keyword(s):

Cloud Computing ◽

Data Privacy ◽

Academic Library ◽

Information Access ◽

Fair Use ◽

Cloud Services ◽

Content Type ◽

Platform As A Service ◽

The Future ◽

The Impact

PurposeThe purpose of this paper is to discuss issues involved in navigating the modern information environment where the relevance of cloud computing is unavoidable. This is a way of shifting from the hardware and software demands of storing and organizing data, to information access concerns. That is because with the exponential growth in information sources and all accompanying complexities, the limited capacity of libraries to host their own in its entirety necessitates opting for alternatives in the cloud.Design/methodology/approachA review of current literature about the topic was performedFindingsLiterature used reveals that currently, libraries are using the cloud for putting together user resources, i.e. using Software as a Service (SaaS), such as in library catalogues, WorldCat, Googledocs, and the aggregated subject gateways like SUMMON, and others; the web Platform as a Service (PaaS) as in the use of GoogleApp Engine; or Infrastructure as a Service (IaaS) as in the use of D‐Space, FEDORA, and others. The cloud is confirmed as a facilitator in storing and accessing information in addition to providing a unified web presence with reduced local storage capacity challenges.Originality/valueThe value of these findings is to remind librarians of the shift in focus towards which devices provide the easiest access to data and applications. This is one of the reasons they in many instances are currently having to address issues relating to the use of electronic media tools such as smartphones, iPad, e‐book readers, and other handheld devices. The largely borderless information resources also bring to the forefront considerations about digital rights management, fair use, information security, ownership and control of data, privacy, scholarly publishing, copyright guidance, and licensing that the librarian has to be knowledgeable about. It has become necessary for librarians who make use of commercial cloud services to be conversant with the implications on institutional data. To avert the ever present dangers and risks involving cyber‐security, it is usually practical for institutions to keep policies, procedures, fiscal, and personnel data in private clouds that have carefully crafted access permissions. Being aware of these implications enables thoughtful, adaptive planning strategies for the future of library practice and service.

Download Full-text