Annotated Bibliography

Why We Shouldn’t Reach For Cloud Computing

Christopher Fong

Professor Malcolm Campbell

Honors UWRT 1103-H03

22 October 2019
Hamby, Chris. "Census at Risk From Glitches And Attackers." New York Times, 5 July 2019, p.

A1(L). Gale In Context: Science,

https://link.gale.com/apps/doc/A592222058/SCIC?u=char69915&sid=SCIC&xid=10548

a02. Accessed 16 Oct. 2019.

This news article speaks about the concern over software glitches and cyberattacks that

could happen to the 2020 U.S. census data due to the move to newer data collection

methods, including cloud computing. In an effort to lower costs and raise response rates

the Census Bureau(CB) decided to move onto the cloud platform provided by Amazon.

However, what the CB failed to realize was that, in the previous year’s audit, there was

an unsecured door to sensitive data, which allowed a hacker to view, alter and delete

information collected in field tests. The CB has since patched up the breach, but are still

struggling to ensure the safety of information on the cloud, due to lack of resources.

According to former congressional staff member Terri Ann Lowenthal, if these issues are

not resolved in time “we could be headed toward a failed census,” which would be the

first since 1790. The article then moves on to speak about small technological problems

encountered by census workers during testing and the possible repercussions of having a

security breach. The bureau states that having these problems risks fear being spread

throughout the population, especially those who could be suspected of noncitizenship.

Chris Hamby is a journalist who is currently working for the New York Times. He has

won awards such as a Pulitzer Prize, a Goldsmith Prize, two White House

Correspondents’ Association awards, and a Gerald Loeb Award. He has previously

worked at BuzzFeed News and was a reporter at the Center for Public Integrity. Hamby
 seems to hold slightly more liberal beliefs; however, is more objective in his writing. The

information in this source is reliable, as it mainly summarizes statements made by the CB

and a variety of other reliable sources speaking about the census. The source is

essentially an informative report on what has been happening in the build-up to the 2020

census. The intended audience is general higher education readers who care about politics

and the upcoming census. Unlike my other sources, this source isn’t mainly focused on

the dangers of rushing into cloud computing, but the effect that it can have society and

the dangers of a security breach. I wish that this source would’ve been more specific on

what the CB did to solve these issues and the issues that they encountered during their

test runs.

This source fits into my research by giving insight on a different side of the issue. When I

originally thought of my topic it was more about the business rushing into using cloud

computing; however, after reading this article it made it clear to me that this problem was

a lot larger than I had originally thought. Along with this, the article shows how pressing

this issue is by giving a current event that most people know about. This source will most

likely make an appearance in Extended Inquiry Project, due to the fact that it broadens

the scope of what I can talk about, and it provides a good example for people who may

not relate to cybersecurity and cloud computing.

Morrow, Timothy. “12 Risks, Threats, & Vulnerabilities in Moving to the Cloud.” 12 Risks,

Threats, & Vulnerabilities in Moving to the Cloud, Carnegie Mellon University, 5 Mar.
2018,https://insights.sei.cmu.edu/sei_blog/2018/03/12-risks-threats-vulnerabilities-in-mo

ving-to-the-cloud.html. Accessed 16 Oct. 2019.

This blog lists 12 different risks, threats, and vulnerabilities associated with moving to

the cloud. This includes the reduced visibility and control of consumers, the

simplification of unauthorized use, and overall cybersecurity risk just to name a few.

Morrow states that consumers have reduced visibility and control because of the amount

of monitoring needed without the use of network-based monitoring. Next, he briefly talks

about how the increased demand for cloud computing increases unauthorized use of

cloud services and how unauthorized cloud services can result in an increase in malware.

The third item on Morrow’s list states that application programming interfaces (APIs),

management planes that cloud service providers(CSPs) give to organizations to help

manage assets and users, are much more accessible on the internet and expose them to

possible security breaches. After this, he states that there is an increased chance of data

leakage if the separation between users is not met. The last issue only affects cloud

computing pertains to deleting data on the cloud. Because many different CSPs have

different deletion procedures organizations may not be able to verify that their data was

securely deleted. This leaves organizations that switch between many CSPs more

vulnerable to data leaks. The remaining seven items on the list apply to both cloud and

on-premise data centers that hold the cloud servers. The first issue that he states is the

connectivity of the cloud. Because the cloud is so connected if a hacker gained access to

a user’s cloud credentials it can potentially be used to gain access to CSP administrator’s

data. This would be devastating due to the amount of rights administrators hold. While
this is pretty far fetched it can still be a possibility. The three main issues that Morrow

addresses in the list is the insider abuse that can occur, loss of data that can occur, and the

insufficient understanding of the cloud computing and the risks involved with it. Due to

this lack of knowledge, some organizations don’t provide the necessary security measures

needed to have a secure cloud platform.

The author Timothy Morrow, also known as Tim Morrow, is the situational awareness

technical manager in the SEI CERT Division’s Monitoring and Response Directorate. He

has past experience as technical support for DoD and non-DoD programs. Morrow is

objective in this blog post; however, he has a slight bias toward CSPs and makes it seem

like the blame is to fully put on organizations that implement cloud computing without

knowing the consequences. The intended audience of this website published by an

association are higher education people and businesses/organizations that are considering

implementing cloud computing. This source is much more general when compared to the

sources in this bibliography.

The source supplies me with a large amount of general information about the subject;

however, the information given in the blog post is a bit too general. If the author added

examples to each entry on the list the blog would be easier to understand and read as a

casual reader. This blog helps me understand different problems pertaining to cloud

computing and the different factors that make security in the cloud difficult. It has made

me take in the fact that there are three different parties that are interacting within the

cloud computing process, the consumer, organization, and provider. These three different

parties play an important role in ensuring the safety of the cloud platform.
Pugazhenthi, A, and Chitra, D. “Data Access Control and Secured Data Sharing Approach for

Health Care Data in Cloud Environment.” Journal of Medical Systems., vol. 43, no. 8,

Kluwer Academic-Plenum-Human Sciences Press, DOI:10.1007/s10916-019-1381-7.

Accessed 16 Oct. 2019.

This academic journal is about security issues pertaining to cloud computing and a

solution that in theory should work. It starts off talking about Google Docs and the

usefulness of that platform to talk about the overall usefulness of cloud computing;

however, the authors quickly explain that “while storing the data in the Cloud and

meanwhile of sharing the information, the security of the Cloud is more likely to be

violated.” After this, the academic journal goes on to speak about the previous research

on the issue. This includes, but is not limited to, Xinyi Huang’s Identity-based ring

signature method (ID-based), Huang Qinlong’s Efficient revocation (EABDS), and Hong

Liu’s shared authority based privacy-preserving authentication protocol(SAPA). The

authors do this to show the previous research that much of the academic journal is about.

The rest of the academic journal goes on about how using the Improved Diffie Hellman

Key Exchange Algorithm (IDHKE) will ensure secured data transmission with accurate

and reliable authentication. The IDHKE is an algorithm that encrypts data, which makes

the data stored much more secured.

Author Chitra Duraisamy is a professor and Head of Computer Science and Engineering

at Anna University. Pugazhenthi is a professor in the Department of Computer Science

and Engineering, P. A. College of Engineering and Technology, Pollachi, India. Other

than this information I could not find more information on the authors. Which is
extremely concerning to me. Because I really don’t know how reliable they are. I can

assume that they are because they are professors at universities doing research on the

topic. In the source, the authors are extremely objective showing little to no bias on the

subject. I couldn’t understand/comprehend most of the math in the source and some of

the terms were hard to understand as well. This is an academic publication. The purpose

of this journal was to help solve the cloud computing issue of security by creating an

encryption algorithm that could potentially make data stored in the could much safer. The

intended audience of this academic article is people who are already in the cloud

computing field and other higher educated people who care about computer science. My

other sources are much easier to read when compared to this source. This is because of

how dense the material is in general.

The source helps me with my general understanding of the topic. It also gives me a

solution to the problem that I have presented. However, I believe that the source is a bit

too complicated and hard to understand. The math that the source presents is a bit too

complicated for me to understand at times, even though it gives a step by step. The source

really does a good job of highlighting the complexity of the topic. It helped me

understand the different efforts that people are making to solve this situation. If I do

decide to use this source in my paper it will most likely be included in the last few

paragraphs as a suggested solution to the issue.