SECURITY ISSUES IN

CLOUD COMPUTING:
CHALLENGES AND
SOLUTION
SALAU DAMILOLA S.
 ABSTRACT
Cloud computing is an emerging computing method whereby computing is been delivered
as a service rather than the delivery of computing as a product. “Cloud” always being
used as a metaphor for the ‘Internet’’ and the internet is the largest network we can think
of. The main motive behind networking is to share resources so as to cut cost and reduce
stress, the “cloud” in conjunction with “computing” offers shared resources such as
applications software, information, hardware etc to computers and computing devices as
a utility over the internet. This seminar reviews cloud computing and potential security
threats which are constantly affecting available cloud services. This will be done by
studying cloud architectures, their vulnerabilities and feasible solutions to these threats.

Keywords: Cloud, Computing, Security, IT Security, Cloud models, Cloud services,

Security threats
 TABLE OF CONTENTS

Introduction
What is cloud computing
Components of cloud computing
Characteristics of Cloud computing
Cloud computing architectures
Areas of applications for Cloud computing today
Security Issues in cloud computing
Solutions to cloud security threats
Conclusion
Recommendation
References
 INTRODUCTION

Data storage has always been a place for useful information shortage. Even with
large scale data storage devices, the space will not be adequate to store the existing
huge amount of information. Cloud computing is basically considered as an internet-
centric open standard model. This model is full of different types of services which
include both hardware and software. The service providers do not require any high
management efforts for provision and maintenance of these services. The term
“cloud computing” aims to enhance the capabilities of high-power computing
systems. It also aims to reduce the price by hiking its efficiency as well as
performance. Though the benefits and facilities provided are very much effective,
the available technical barriers might stop cloud computing from being a ubiquitous
service. One of the main constituents of the cloud computing is security and it also
remains as the most significant concern of the system It usually suffers from various
types of security concerns and attacks like malicious codes. In addition, various new
concerns like storage and moving of data through the cloud is a big problem for the
user. The possibility of locating in a different place with different regulations adds a
lot to this problem It is also very much important for a cloud service provider to
confirm the usability and availability of their services. There are various reasons that
could affect the availability and the accessibility of the computing resources like
service denial or natural/unnatural disasters. Data privacy is one of the prime
concerns associated with the security of cloud computing as the data must be
protected from any third party, which is frequently reported by the users. Since,
cloud computing is used for sharing data, data theft is remaining as very common
and big risk, which is available for both users and service providers. (Manoj &
Venkateswarlu, 2021). Cloud computing has gained huge attention over the past
decades because of continuously increasing demands. There are several advantages
to organizations moving toward cloud-based data storage solutions. These include
simplified IT infrastructure and management, remote access from effectively
anywhere in the world with a stable Internet connection and the cost efficiencies that
cloud computing can bring(Hamed & Marjan, 2020). Cloud computing is an
archetype that enables access to a shared pool of computing resources for cloud users
in an on-demand or pay-per-use, fashion. Cloud computing offers several benefits
to users and organizations, in terms of capital expenditure and savings in operational
expenditure Cloud computing creates a network-based environment vision to the
users, which paves way for the sharing of calculations and resources regardless of
location. The National Institute of Standards and Technology's (NIST) defines cloud
computing (Dimitros, 2012) as, “A template for providing the suitable and when
needed access to the internet, to a collective pool of programmable grids, storage,
servers, software, and amenities that can be rapidly emancipated, with little
communication and supervision from the provider”. Cloud computing has four
deployment models namely Hybrid, Community, Private and Public clouds. There
are three service models, which are, PAAS (Platform as a Service), IAAS
(Infrastructure as a Service), and SAAS (Software as a Service). NIST's cloud
computing definition provides the needed framework and common characteristics
depicted such as Virtualization, Homogeneity, Geographic Distribution and Service
Orientation among others. (Nalini & Andrews, 2018)

WHAT IS CLOUD COMPUTING

Simply put, cloud computing is the delivery of computing services—including

servers, storage, databases, networking, software, analytics, and intelligence—over
the internet (“the cloud”) to offer faster innovation, flexible resources, and
economies of scale. You typically pay only for cloud services you use, helping you
lower your operating costs, run your infrastructure more efficiently, and scale as
your business needs change (Microsoft, 2023). Cloud computing is the on-demand
delivery of IT resources over the Internet with pay-as-you-go pricing. Instead of
buying, owning, and maintaining physical data centres and servers, you can access
technology services, such as computing power, storage, and databases, on an as-
needed basis from a cloud provider like Amazon Web Services (Amazon, 2023).

Cloud computing is the on-demand availability of computing resources as services

over the internet. It eliminates the need for enterprises to procure, configure, or
manage resources themselves, and they only pay for what they use (Google, 2023).

The concept of Cloud Computing was introduced back in 1960s by John McCarthy.
According to him “computation may someday be organized as a public utility”. The
characteristics of cloud computing were explored first time in 1966 by Douglas
Parkhill in his book, “The challenge of the Computer Utility” history of term
“Cloud” is originated from telecommunications world, where telecom companies
started offering Virtual Private Network (VPN) services along with comparable
quality of service at a much lower cost. Before invention of VPN, they provided
dedicated point-to-point data circuits which are nothing but wastage of bandwidth.
But by using VPN services they able to switch traffic to balance utilization of overall
network. Cloud computing now extends this to cover servers and network
infrastructure. Many players in industries have jumped into cloud computing and
implemented it. For example, Amazon has played an important role and launched
the Amazon Web Service (AWS) in 2006. Along with this Google and IBM also
started research projects in Cloud Computing. Eucalyptus became the first open-
source platform for deploying the private clouds. (Ankur, 2015)

COMPONENTS OF CLOUD COMPUTING

In Cloud computing architecture there are two main modules are Front end and
Back End. Front End comprises customer part of the framework which speaks to
the clients who are getting to the Cloud Components through an interface or through
the application, for example, internet browser or versatile application over the
Internet. Back End speaks to the cloud itself. It comprises of the assets required to
convey the cloud computing administrations, for example, virtual machines,
stockpiling account, organize, security instrument, administrations and so on. Back
End part is under the supplier's control and it's the essential duty of back-end segment
to deal with the traffic control, give worked in security system, and convention. Both
of part of distributed computing is associated by means of system, normally Internet.
In a cloud computing design, all applications are controlled, overseen, and served by
a cloud server. Its information is imitated and protected remotely as a major aspect
of the cloud design. There are sure administrations and arrangement models working
in the background making cloud computing achievable and open to the end clients.
(Mohamed, 2020)

CHARACTERISTICS OF CLOUD COMPUTING:

The cloud carries the basic infrastructure characteristics that are helpful to deploy
the cloud service in a fast and cost-effective way. The characteristics discussed in
the following subsections set apart the cloud from other computing techniques.

Self-Service On-Demand: As a cloud consumer, users are privileged to request and

provision computing capabilities bundled with services with or without approval
process powered by automation and workflows.

Ubiquitous Network Access: This is the characteristics by which end-user and

server computing devices can be accessed over the network even using the next
generation heterogeneous devices such as smart phone, tablets, phablets, thin and
thick clients.

Resource Pooling: This characteristic refers to the pooling of resource across

multiple datacentres. These pooled virtual datacentres are then divided into multiple
pools to provide their services to various consumers in a multitenant model. These
pools can have both physical and virtual resources. Also, the devices provided by
this pool give the notion of location-independent compute (storage, servers,
processing, network bandwidth, virtual machines, etc.), where the consumer does
not control or visibility about the service location and its geography.

Broad Network Access: Thick or thin clients (ranging from tablets, laptops,
workstations to mobile phones) enjoy access to the cloud by using standard
mechanisms.

Rapid Elasticity: This characteristic makes the provisioning rapid and elastic. This
provisioning can be automatic and can flex-up and flex-down on the basis of spikes
of utilization. The consumer can view the infinite capacity available as a service,
which can be bought at any point of time. (Harjit, 2020)

CLOUD COMPUTING ARCHITECTURES

According to NIST, five major actors have been identified in cloud computing. The
NIST Conceptual Reference Model diagram in shows the actors which are discussed
below.

Fig 1: NIST cloud computing standards Source: www.nist.gov

i. Cloud Consumer: A person or organization that starts and keeps a business
association with and requires services from suppliers of cloud services.

ii. Cloud Provider: A person, organization engaged in supplying cloud computing

services to interested persons or organizations.

iii. Cloud Auditor: An organisation in charge of conducting independent evaluation

of cloud computing, and determining the systems effectiveness and security.

iv. Cloud Broker: A third-party organisation or individual that serves as an

intermediary between cloud consumers and cloud providers. He/she is useful for
negotiating terms and conditions of the contract for the purchase of cloud services.

v. Cloud Carrier: An intermediary person, organisation or entity that provides

connectivity and transport of cloud services from cloud provider to cloud consumers.

The diagram showing interactions between the actors in cloud computing in

describes the relationship amongst actors in cloud computing. Highlighting the
relevance of each party in actualising the delivery, use and maintenance of cloud
services. In addition, NIST also provides five characteristics of the cloud which have
been earlier stated above.

AREAS OF APPLICATION FOR CLOUD COMPUTING TODAY

Cloud computing has found its way into so many fields in which it has proven to be
efficient and easy to manage for all kinds of solution. Cloud technology offers
several applications in various fields like business, data storage, entertainment,
management, social networking, education, art, GPS, to name a few. The major types
of cloud computing service models available are Platform as a Service (PaaS),
Infrastructure as a Service (IaaS), and Software as a Service (SaaS). Plus, there are
platforms like Public Cloud, Private Cloud, Hybrid Cloud, and Community
Cloud. Below are some areas of application of cloud computing:

1. Online Data Storage: Cloud Computing allows storage and access to data like
files, images, audio, and videos on the cloud storage. In this age of big data, storing
huge volumes of business data locally requires more and more space and escalating
costs. This is where cloud storage comes into play, where businesses can store and
access data using multiple devices.

The interface provided is easy to use, convenient, and has the benefits of high speed,
scalability, and integrated security.

2. Backup and Recovery: Cloud service providers offer safe storage and backup
facility for data and resources on the cloud. In a traditional computing system, data
backup is a complex problem, and often, in case of a disaster, data can be
permanently lost. But with cloud computing, data can be easily recovered with
minimal damage in case of a disaster.

3. Big Data Analysis: One of the most important applications of cloud computing
is its role in extensive data analysis. The extremely large volume of big data makes
it impossible to store using traditional data management systems. Due to the
unlimited storage capacity of the cloud, businesses can now store and analyze big
data to gain valuable business insights.

4. Testing and Development: Cloud computing applications provide the easiest

approach for testing and development of products. In traditional methods, such an
environment would be time-consuming, expensive due to the setting up of IT
resources and infrastructure, and needed manpower. However, with cloud
computing, businesses get scalable and flexible cloud services, which they can use
for product development, testing, and deployment.
5. Antivirus Applications: With Cloud Computing comes cloud antivirus software
which is stored in the cloud from where they monitor viruses and malware in the
organization’s system and fixes them. Earlier, organizations had to install antivirus
software within their system and detect security threats.

6. E-commerce Application: Ecommerce applications in the cloud enable users and

e-businesses to respond quickly to emerging opportunities. It offers a new approach
to business leaders to make things done with minimum amount and minimal time.
They use cloud environments to manage customer data, product data, and other
operational systems.

7. Cloud Computing in Education: E-learning, online distance learning programs,

and student information portals are some of the key changes brought about by
applications of cloud computing in the education sector. In this new learning
environment, there’s an attractive environment for learning, teaching, experimenting
provided to students, teachers, and researchers so they can connect to the cloud of
their establishment and access data and information. (Simplilearn, 2023)

SECURITY ISSUES IN THE CLOUD TODAY

In the Cloud Security Report conducted in 2020, organizations were asked about
their major security concerns regarding cloud environments. Despite the fact that
many organizations have decided to move sensitive data and important applications
to the cloud, concerns about how they can protect it there abound. Here are some of
the major cloud security threats as of 2021:

Data Loss/Leakage

Cloud-based environments make it easy to share the data stored within them. These
environments are accessible directly from the public Internet and include the ability
to share data easily with other parties via direct email invitations or by sharing a
public link to the data. The ease of data sharing in the cloud – while a major asset
and key to collaboration in the cloud – creates serious concerns regarding data loss
or leakage. In fact, 69% of organizations point to this as their greatest cloud security
concern. Data sharing using public links or setting a cloud-based repository to public
makes it accessible to anyone with knowledge of the link, and tools exist specifically
for searching the Internet for these unsecured cloud deployments.

Data Privacy/Confidentiality

Data privacy and confidentiality is a major concern for many organizations. Data
protection regulations like the EU’s General Data Protection Regulation (GDPR),
the Health Insurance Portability and Accessibility Act (HIPAA), the Payment Card
Industry Data Security Standard (PCI DSS) and many more mandate the protection
of customer data and impose strict penalties for security failures. Additionally,
organizations have a large amount of internal data that is essential to maintaining
competitive advantage. Placing this data on the cloud has its advantages but also has
created major security concerns for 66% of organizations. Many organizations have
adopted cloud computing but lack the knowledge to ensure that they and their
employees are using it securely. As a result, sensitive data is at risk of exposure – as
demonstrated by a massive number of cloud data breaches.

Accidental Exposure of Credentials

Phishers commonly use cloud applications and environments as a pretext in their

phishing attacks. With the growing use of cloud-based email (G-Suite, Microsoft
365, etc.) and document sharing services (Google Drive, Dropbox, OneDrive),
employees have become accustomed to receiving emails with links that might ask
them to confirm their account credentials before gaining access to a particular
document or website. This makes it easy for cybercriminals to learn an employee’s
credentials for cloud services. As a result, accidental exposure of cloud credentials
is a major concern for 44% of organizations since it potentially compromises the
privacy and security of their cloud-based data and other resources.

Incident Response

Many organizations have strategies in place for responding to internal cybersecurity

incidents. Since the organization owns all of their internal network infrastructure and
security personnel are on-site, it is possible to lock down the incident. Additionally,
this ownership of their infrastructure means that the company likely has the visibility
necessary to identify the scope of the incident and perform the appropriate
remediation actions. With cloud-based infrastructure, a company only has partial
visibility and ownership of their infrastructure, making traditional processes and
security tools ineffective. As a result, 44% of companies are concerned about their
ability to perform incident response effectively in the cloud.

Legal and Regulatory Compliance

Data protection regulations like PCI DSS and HIPAA require organizations to
demonstrate that they limit access to the protected information (credit card data,
healthcare patient records, etc.). This could require creating a physically or logically
isolated part of the organization’s network that is only accessible to employees with
a legitimate need to access this data. When moving data protected by these and
similar regulations to the cloud, achieving and demonstrating regulatory compliance
can be more difficult. With a cloud deployment, organizations only have visibility
and control into some of the layers of their infrastructure. As a result, legal and
regulatory compliance is considered a major cloud security issue by 42% of
organizations and requires specialized cloud compliance solutions.

Data Sovereignty/Residence/Control
Most cloud providers have a number of geographically distributed data centres. This
helps to improve the accessibility and performance of cloud-based resources and
makes it easier for CSPs to ensure that they are capable of maintaining service level
agreements in the face of business-disrupting events such as natural disasters, power
outages, etc. Organizations storing their data in the cloud often have no idea where
their data is actually stored within a CSP’s array of data centres. This creates major
concerns around data sovereignty, residence, and control for 37% of organizations.
With data protection regulations such as the GDPR limiting where EU citizens data
can be sent, the use of a cloud platform with data centres outside of the approved
areas could place an organization in a state of regulatory non-compliance.
Additionally, different jurisdictions have different laws regarding access to data for
law enforcement and national security, which can impact the data privacy and
security of an organization’s customers. (checkpoint, 2023)

SOLUTIONS TO CLOUD SECURITY THREATS

There's no question that the public cloud service providers that you're familiar with,
such as Amazon, Google and Microsoft, offer a more secure environment than you
could ever hope to with your on-premises servers. Security breaches are rarely
caused by poor cloud data security - they’re caused by humans. Stolen log-in
credentials, disgruntled employees, accidental deletions, insecure wi-fi connections,
and other employee mishaps are the reason that your cloud data is at risk. In a bid to
avert these rare but dangerous data breaches, the following precautions are
suggested:

Multi-Factor Authentication (MFA):

The traditional username and password combination is often insufficient to protect

user accounts from hackers, and stolen credentials is one of the main ways hackers
get access to your on-line business data and applications. Once they have your user
credentials, they can log into all those cloud-based applications and services that you
use every day to run your business. Cloud users are to be protected with multi factor
authentication (MFA) to ensure that only authorized personnel can log in to your
cloud apps and access that sensitive data in your on- or off- premise environment.

Automated Solutions to monitor end user activities and detect Intruders:

Real-time monitoring and analysis of end user activities can help you spot
irregularities that deviate from normal usage patterns, e.g., log in from a previously
unknown IP or devices. These abnormal activities could indicate a breach in your
system so catching them early on can stop hackers in their tracks, and allow you to
fix security issues before they cause mayhem.

Comprehensive Off-boarding Process to Protect against Departing Employees:

When employees leave your company, make sure they can no longer access your
cloud storage, systems, data, customer information, and intellectual properties. This
is a crucial security responsibility that often gets pushed back days or weeks after
someone has left. Since each employee would likely have access to many different
cloud applications and platforms, you need a systemized deprovisioning process to
ensure that all the access rights for each departing employee are revoked.

Consider Cloud-to-Cloud Back Up Solutions:

As mentioned, the odds of you losing data because of your cloud provider's mistake
is very low - but losing that data due to human error is high. Let's use Microsoft
Office 365 as an example. If an employee should accidentally delete data, a hacker
obtains an account password and corrupts the data, or a rogue employee cleans out
his inbox and folders - there is nothing Microsoft can do past a certain time period.
Note that most cloud providers, including Microsoft, do store deleted data in their
data centres for a short period of time, including your Microsoft Office 365 data.
(Frank, 2022)
 CONCLUSION

Cloud computing gives easy access to information and services anywhere.

Government agencies are no strangers to cloud computing. Individual agencies are
already using private, public and community cloud services. Based on the result of
the analysis carried out, it can be easily concluded that the cloud though extremely
secure from the providers end can still be vulnerable as a result of human errors
which leave loop holes for attackers to perpetrate malicious acts, hence there’s a
need to make your cloud services as secure as possible.
 RECOMMENDATIONS
From a critical look at the security loopholes that might be available in cloud
usage from both service provider’s and user’s end in relation to the solutions
proffered, the following recommendation have been made:

• Awareness on the possible cloud security threats should be made for

users of all cloud services.
• Organisation using any form of cloud service should utilise automated
solutions to monitor activities on their space in the cloud to detect
irregularities.
• Cloud Service Providers should put in more effort to secure data in
transit from the cloud to any other outlet.
 REFERENCES
Amazon. (2023, May 20). https://aws.amazon.com/what-is-cloud-computing/.
Retrieved from aws.amazon.com: https://aws.amazon.com/what-is-cloud-
computing/

Ankur, B. (2015). Cloud Computing: History, Architecture, Security Issues.

International Journal of Advent Research in Computer and Electronics
(IJARCE) , 2-3.

checkpoint. (2023, May 11). https://www.checkpoint.com/cyber-hub/cloud-

security/what-is-cloud-security/top-cloud-security-issues-threats-and-
concerns. Retrieved from https://www.checkpoint.com/:
https://www.checkpoint.com/cyber-hub/cloud-security/what-is-cloud-
security/top-cloud-security-issues-threats-and-concerns

Dimitros, Z. e. (2012). Addressing cloud computing security issues. Future

Generation Computer Systems, ScienceDirect.

Frank, D. (2022, July 10). https://www.ntiva.com/blog/6-tips-for-improving-cloud-

computing-security. Retrieved from www.ntiva.com:
https://www.ntiva.com/blog/6-tips-for-improving-cloud-computing-security

Google. (2023, May 20). https://cloud.google.com/learn/what-is-cloud-

computing#section-1. Retrieved from cloud.google.com:
https://cloud.google.com/learn/what-is-cloud-computing#section-1

Hamed, T., & Marjan, K. R. (2020). A survey on security challenges in cloud

computing: issues, threats, and solutions. The Journal of Supercomputing, 1.

Harjit, K. (2020). Characteristics Of Cloud Computing. Rajasthan, India:

Department of Computer Science, Tantia University, Sri Ganganagar.

M, M. M. (n.d.).

Manoj, K. S., & Venkateswarlu, R. (2021). Cloud Computing Security Challenges,

Threats and Vulnerabilities. 2021 6th International Conference on Inventive
Computation Technologies (ICICT) (pp. 2-3). Coimbatore,India: Institute of
Electrical and Electronic Engineers.
Microsoft. (2023, May 20). https://azure.microsoft.com/en-us/resources/cloud-
computing-dictionary/what-is-cloud-
computing#:~:text=Simply%20put%2C%20cloud%20computing%20is,reso
urces%2C%20and%20economies%20of%20scale. Retrieved from
azure.microsoft.com: https://azure.microsoft.com/en-us/resources/cloud-
computing-dictionary/what-is-cloud-
computing#:~:text=Simply%20put%2C%20cloud%20computing%20is,reso
urces%2C%20and%20economies%20of%20scale.

Mohamed, M. (2020). CLOUD COMPUTING COMPONENTS, SERVICES,

TOOLS AND ITS ROADMAP TO ORGANIZATION. Tamilnadu:
Department Of Computer Science And Engineering Al-Ameen Engineering
College, Erode.

Nalini, S., & Andrews, J. (2018, October). Recent security challenges in cloud
computing. Computer and Electrical Engineering,ScienceDirect, pp. 28-42.

Simplilearn. (2023, April 5). https://www.simplilearn.com/applications-of-cloud-

computing-article#top_7_applications_of_cloud_computing. Retrieved from
www.simplilearn.com: https://www.simplilearn.com/applications-of-cloud-
computing-article#top_7_applications_of_cloud_computing