Karim Djemame,Afnan Ullah Khan,Manuel Oriol,Ming Jiang,Mariam Kiran

DOI: https://doi.org/10.1109/CloudCom.2012.6427574

2012-01-01

Abstract:Cloud computing provides outsourcing of resources bringing economic benefits. The outsourcing however does not allow data owners to outsource the responsibility of confidentiality, integrity and access control, as it still is the responsibility of the data owner. As cloud computing is transparent to both the programmers and the users, it induces challenges that were not present in previous forms of distributed computing. Furthermore, cloud computing enables its users to abstract away from low-level configuration such as configuring IP addresses and routers. It creates an illusion that this entire configuration is automated. This illusion is also true for security services, for instance automating security policies and access control in cloud, so that individuals or end-users using the cloud only perform very high-level (business oriented) configuration. This paper investigates the security challenges posed by the transparency of distribution, abstraction of configuration and automation of services by performing a detailed threat analysis of cloud computing across its different deployment scenarios (private, bursting, federation or multi-clouds). This paper also presents a risk inventory which documents the security threats identified in terms of availability, integrity and confidentiality for cloud infrastructures in detail for future security risks. We also propose a methodology for performing security risk assessment for cloud computing architectures presenting some of the initial results.

Jun Tang,Yong Cui,Qi Li,Kui Ren,Jiangchuan Liu,Rajkumar Buyya

DOI: https://doi.org/10.1145/2906153

IF: 16.6

2016-01-01

ACM Computing Surveys

Abstract:With the rapid development of cloud computing, more and more enterprises/individuals are starting to outsource local data to the cloud servers. However, under open networks and not fully trusted cloud environments, they face enormous security and privacy risks (e.g., data leakage or disclosure, data corruption or loss, and user privacy breach) when outsourcing their data to a public cloud or using their outsourced data. Recently, several studies were conducted to address these risks, and a series of solutions were proposed to enable data and privacy protection in untrusted cloud environments. To fully understand the advances and discover the research trends of this area, this survey summarizes and analyzes the state-of-the-art protection technologies. We first present security threats and requirements of an outsourcing data service to a cloud, and follow that with a high-level overview of the corresponding security technologies. We then dwell on existing protection solutions to achieve secure, dependable, and privacy-assured cloud data services including data search, data computation, data sharing, data storage, and data access. Finally, we propose open challenges and potential research directions in each category of solutions.

Jie Xu,Paul Townend,Junaid Arshad,Wei Jie

DOI: https://doi.org/10.4018/jghpc.2012010104

2012-01-01

International Journal of Grid and High Performance Computing

Abstract:The evolution of modern computing systems has lead to the emergence of Cloud computing. Cloud computing facilitates on-demand establishment of dynamic, large scale, flexible, and highly scalable computing infrastructures. However, as with any other emerging technology, security underpins widespread adoption of Cloud computing. This paper presents the state-of-the-art about Cloud computing along with its different deployment models. The authors also describe various security challenges that can affect an organization's decision to adopt Cloud computing. Finally, the authors list recommendations to mitigate with these challenges. Such review of state-of-the-art about Cloud computing security can serve as a useful barometer for an organization to make an informed decision about Cloud computing adoption.

Scott Paquette,Paul T. Jaeger,Susan C. Wilson

DOI: https://doi.org/10.1016/j.giq.2010.01.002

IF: 8.49

2010-07-01

Government Information Quarterly

Abstract:Cloud computing, which refers to an emerging computing model where machines in large data centers can be used to deliver services in a scalable manner, has become popular for corporations in need of inexpensive, large scale computing. Recently, the United States government has begun to utilize cloud computing architectures, platforms, and applications to deliver services and meet the needs of their constituents. Surrounding the use of cloud computing are many risks that can have major impacts on the information and services supported by this technology. This paper discusses the current use of cloud computing in government, and the risks–tangible and intangible–associated with its use. Examining specific cases of government cloud computing, this paper explores the level of understanding of the risks by the departments and agencies that implement this technology. This paper argues that a defined risk management program focused on cloud computing is an essential part of the government IT environment.

information science & library science

Jamelia M. Anderson-Princen

DOI: https://doi.org/10.1007/s40804-022-00252-4

IF: 1.79

2022-06-21

European Business Organization Law Review

Abstract:Cloud applications are becoming central and critical to the delivery of financial services. Despite their significance, banks face increased exposure to transaction risks related to the use of cloud services and internal and external pressures to improve their risk management practices. In this study, we use a unique data set from a bank's cloud register to examine the effectiveness of internal governance on an ongoing cloud outsourcing transaction between a bank and cloud service provider. We employ structural equation modeling and a simple linear regression to test for transaction misalignment and causes of governance inefficiencies. We find that a strong degree of misalignment is largely due to poor design of internal controls and a weak control system that does not provide acceptable indications of residual risk likelihood. The findings indicate that cloud risks are driven not only by agency costs, but also by firm-specific risks which contribute to a number of transaction uncertainties and governance misalignment.

law,business

Norah Abokhodair,Hazel Taylor,Surry Jones Mowery,Jitsuko Hasegawa

DOI: https://doi.org/10.48550/arXiv.1604.00737

2016-04-13

Abstract:Cloud computing projects have many implications, including issues such as security, compliance, funding, cohesion with existing systems, operational resource requirements, and number of employees involved. In order to gain a better understanding of why businesses are interested in adopting cloud services in spite of these potential difficulties, we interviewed senior IT personnel at five different organizations about their processes related to cloud decisions, their thoughts before and during the process, and the outcome of their endeavor. Our results provide insights from their perspectives into the similarities and differences among the organizations and the implications of going into the cloud. We conclude with a list of recommended questions and areas to consider for use by other organizations looking into adopting cloud services. The ultimate goal is to help businesses considering a cloud computing project by providing advice from other organizations based on their experience.

Computers and Society

Ali Khajeh-Hosseini,Ian Sommerville,Ilango Sriram

DOI: https://doi.org/10.48550/arXiv.1001.3257

2010-01-19

Distributed, Parallel, and Cluster Computing

Abstract:Cloud computing represents a shift away from computing as a product that is purchased, to computing as a service that is delivered to consumers over the internet from large-scale data centers - or "clouds". This paper discusses some of the research challenges for cloud computing from an enterprise or organizational perspective, and puts them in context by reviewing the existing body of literature in cloud computing. Various research challenges relating to the following topics are discussed: the organizational changes brought about by cloud computing; the economic and organizational implications of its utility billing model; the security, legal and privacy issues that cloud computing raises. It is important to highlight these research challenges because cloud computing is not simply about a technological improvement of data centers but a fundamental change in how IT is provisioned and used. This type of research has the potential to influence wider adoption of cloud computing in enterprise, and in the consumer market too.

M.G. Avram

DOI: https://doi.org/10.1016/j.protcy.2013.12.525

2014-01-01

Procedia Technology

Abstract:With the rapid development of processing and storage technologies and the success of the Internet, computing resources have become cheaper, more powerful and more available than ever before. This technological trend has enabled the realization of a new computing model called cloud computing, in which resources are provided as general utilities that can be leased and released by users through the Internet in an on-demand fashion. The organizations are gaining more experience in the cloud and they start to shift more core business functions onto cloud platforms. Because of this fact, we are seeing that cloud adoption is significantly more complex than we imagined initially, particularly in terms of data management, system integration and the management of multiple cloud providers. Cloud computing is of growing interest to companies around the globe, but many are finding greater costs and greater obstacles to the adoption of cloud computing than they anticipated. In this case, is cloud computing still able to deliver all the promises?In this paper we will analyze from a company's point of view the factors that need to be considered by an enterprise when making the decision of using cloud computing. Some of the companies are moving towards cloud computing just because it is the latest trend in information technology. On the other hand, other companies cannot even take into consideration the idea of having their sensitive data outside their premises. Both of these cases represent companies that are just not very well informed. We are not sustaining that cloud computing is a perfect solution for everybody, but adopting it or not should be result of a very well informed analysis. We will analyze the positive and negative aspects of each of the following factors: integration with existing IT infrastructure and existing software, costs, return on investment, performances, security. Also, we will correlate all these factors with the company size and business area in order to identify if or what type of cloud computing solution is suitable for their needs.

English Else

Abhishek Mahalle,Jianming Yong,Xiaohui Tao,Jun Shen

DOI: https://doi.org/10.1109/cscwd.2018.8465318

2018-01-01

Abstract:Cloud computing architecture and infrastructure has received an acceptance from corporations and governments across the globe. Cloud computing helped to reduce cost of management of physical and technical infrastructure at the same time has made information systems available for locally & globally deployed work force. Cloud computing infrastructure provides access to data and applications from any location and this has made organizations to keep evaluating privacy and security framework. Banking and financial services have data and applications which are internally developed to remain ahead of competition. This data and applications becomes the Intellectual Property (IP) that serves specific business processes and goals. When this data and applications can be accessed from remote locations, there may be a potential risks of data leakages and erosion of IP over a period of time. With an adoption of cloud computing, banking and financial services industry continues to be under strict regulatory and compliance framework to maintain privacy of data and security of systems. Privacy and security of cloud architecture infrastructure continues to be the challenge across the globe. In this paper, various aspects of cloud computing related to data privacy and system security for banking and financial services industry have been introduced.

Wenli Wang,Indira R. Guzman,Edgardo Donovan,Monica Adya

Journal of Information Technology Management

Abstract:As cloud computing became on one of the top technology investments in public and private organizations and represents expenses of billions yearly, little research was conducted about the factors that affect the success of cloud systems. This research study investigates the impact of free flow of information, flexibility of IT infrastructure, cloud system quality, IT security, and cloud privacy concerns on the increased net benefits of cloud computing use. The intent is to extend DeLone and McLean’s Information Systems Success Theory for today’s cloud-centric information technology world and add to the body of knowledge of cloud computing adoption. The results from surveying 117 IT professionals working in the United States with a minimum of three 3 years of experience were obtained and analyzed using Structural Equation Modelling (SEM) show that free flow of information and overall cloud system quality can lead to overall information systems success

Business,Computer Science

Saleem-ullah Lar,Xiaofeng Liao,Syed Ali Abbas

DOI: https://doi.org/10.1109/chinacom.2011.6158348

2011-01-01

Abstract:Cloud computing is a developing archetype with marvelous momentum, but its exceptional aspects worsening the security and privacy challenges. This article provides an overview of the security and privacy challenges pertinent to public cloud computing and points out considerations organizations should take when outsourcing data, applications, and infrastructure to a public cloud environment. We have also proposed a security mechanism “security as a service” for cloud computing. It also explores the roadblocks and solutions to providing a trustworthy cloud computing environment.

J. Uma Maheswari,S. Vijayalakshmi,Rajiv Gandhi N,Laith H. Alzubaidi,Khonimkulov Anvar,R. Elangovan

DOI: https://doi.org/10.1051/e3sconf/202339904040

2023-01-01

E3S Web of Conferences

Abstract:The globe has adopted the cloud computing environment, which organizes data and manages space for data storage, processing, and access. This technical development has brought up questions regarding data security and privacy in cloud computing environments, though. The purpose of this abstract is to offer a thorough review of the issues, solutions, and future developments related to data privacy and security in cloud computing. Keeping data private and secure while it is being processed and stored in outside data centres is the main difficulty in cloud computing systems. The abstract discusses the dangers of insider threats, data breaches, and illegal access to sensitive information. It digs further into the legal and compliance criteria that businesses must follow in order to protect user data in the cloud. In result, data privacy and security in cloud computing environments remain critical concerns for organizations and individuals alike. In the survey the overview of how to use cloud storage globally and its challenges, solution and future innovation is well explained. It underscores the importance of robust encryption, access controls, user awareness, and emerging technologies in safeguarding data in the cloud. By addressing these concerns, organizations can leverage the power of cloud computing while maintaining the confidentiality, integrity, and availability of their data.

DOI: https://doi.org/10.1007/s11219-024-09669-1

2024-05-15

Software Quality Journal

Abstract:Organizations are increasingly migrating from on-premise enterprise information systems (EIS) to cloud products due to cloud computing benefits, such as flexibility, elasticity, and on-demand service. However, identifying the most suitable option becomes challenging with the proliferation of Cloud-EIS solutions in the market. To address this challenge, this study introduces a novel quality model named Cloud-QM, based on ISO/IEC 250nn standards. It diagnoses the quality of Cloud-EIS products, benchmarks available options, and identifies the most suitable choice for the organization. Cloud-QM comprises 10 main dimensions, 33 sub-dimensions, and corresponding metrics for a systematic quality assessment. Furthermore, the practical use of Cloud-QM is illustrated through a case study that evaluates two substitute Cloud-EIS products. The results from the case study highlight the effectiveness of Cloud-QM in enabling decision-makers to delve into the quality dimensions and facilitate the selection of the most suitable product for their organizations. The main contributions are as follows: (1) proposing a comprehensive and hierarchically structured quality model for Cloud-EIS products; (2) offering a quantifiable and standardized assessment approach through a set of metrics for quality evaluation; and (3) demonstrating applicability and usability of Cloud-QM by benchmarking Cloud-EIS products.

computer science, software engineering

Nattakarn Phaphoom,Xiaofeng Wang,Sarah Samuel,Sven Helmer,Pekka Abrahamsson

DOI: https://doi.org/10.1016/j.jss.2015.02.002

2017-12-02

Abstract:In the context of cloud computing, risks associated with underlying technologies, risks involving service models and outsourcing, and enterprise readiness have been recognized as potential barriers for the adoption. To accelerate cloud adoption, the concrete barriers negatively influencing the adoption decision need to be identified. Our study aims at understanding the impact of technical and security-related barriers on the organizational decision to adopt the cloud. We analyzed data collected through a web survey of 352 individuals working for enterprises consisting of decision makers as well as employees from other levels within an organization. The comparison of adopter and non-adopter sample reveals three potential adoption inhibitor, security, data privacy, and portability. The result from our logistic regression analysis confirms the criticality of the security concern, which results in an up to 26-fold increase in the non-adoption likelihood. Our study underlines the importance of the technical and security perspectives for research investigating the adoption of technology.

Software Engineering

Joel Gibson,Robin Rondeau,Darren Eveleigh,Qing Tan

DOI: https://doi.org/10.1109/cason.2012.6412402

2012-11-01

Abstract:Cloud computing can be defined as the use of new or existing computing hardware and virtualization technologies to form a shared infrastructure that enables web-based value added services. The three predominant service models are infrastructure, platform, and software-as-a-service. Infrastructure-as-a-Service (IaaS) can be defined as the use of servers, storage, and virtualization to enable utility like services for users. Security is a big concern within IaaS, especially considering that the rest of the cloud service models run on top of the infrastructure and related layers. Platform-as-a-Service (PaaS) providers offer access to APls, programming languages and development middleware which allows subscribers to develop custom applications without installing or configuring the development environment. Software-as-a-Service (SaaS) gives subscribed or pay-per-use users access to software or services which reside in the cloud and not on the user's device. Understanding the cloud service models is critical in determining if cloud services or hosting are an appropriate business solution, and if so, which model best balances the level of control required versus reduced hardware, configuration, and maintenance costs. Cloud computing offers many benefits to organizations; it has enabled collaboration amongst disparate communities and workgroups, and has overcome challenges that have plagued existing business solutions. However, the security, privacy, and integrity of the cloud are of prime importance and there are many challenges that exist. At the present time there seems to be a lot of momentum behind the adoption of cloud computing despite these. This may simply be a trend, an indication that society truly wants their data to be available whenever from anywhere, or a sign that few understand the associated risks.

Karuturi S R V Satish

DOI: https://doi.org/10.17762/ijritcc.v11i11.10396

2024-04-05

International Journal on Recent and Innovation Trends in Computing and Communication

Abstract:The majority of enterprises have recently enthusiastically embraced cloud computing, and at the same time, the database has moved to the cloud. This cloud database paradigm can lower data administration expenses and free up new business to concentrate on the product that is being delivered. Furthermore, issues with scalability, flexibility, performance, availability, and affordability can be resolved with cloud computing. Security, however, has been noted as posing a serious risk to cloud databases and has been essential in fostering public acceptance of cloud computing. Several security factors should be taken into account before implementing any cloud database management system. These features comprise, but are not restricted to, data privacy, data isolation, data availability, data integrity, confidentiality, and defense against insider threats. In this paper, we discuss the most recent research that took into account the security risks and problems associated with adopting cloud databases. In order to better comprehend these problems and how they affect cloud databases, we also provide a conceptual model. Additionally, we look into these problems to the extent that they are relevant and provide two instances of vendors and security features that were used for cloud-based databases. Finally, we provide an overview of the security risks associated with open cloud databases and suggest possible future paths.

Kui Ren,Cong Wang,Qian Wang

DOI: https://doi.org/10.1109/MIC.2012.14

IF: 2.68

2012-01-01

IEEE Internet Computing

Abstract:Cloud computing represents today's most exciting computing paradigm shift in information technology. However, security and privacy are perceived as primary obstacles to its wide adoption. Here, the authors outline several critical security challenges and motivate further investigation of security solutions for a trustworthy public cloud environment.

Wang Guo-Feng,Liu Chuan-Yi,Pan He-Zhong,Fang Bin-Xing

DOI: https://doi.org/10.11897/SP.J.1016.2017.00296

2017-01-01

Jisuanji Xuebao/Chinese Journal of Computers

Abstract:The division of data ownership and data management is regarded as the key characteristics of cloud computing. Customers outsource their data to the cloud and need to use cloud computing platform for data management, as a result losing direct control over the data. The introduction of cloud computing model has brought some new security issues and challenges, such as malicious cloud administrator, security vulnerabilities and improper access interface. So insider threats become more crucial, especially with the cloud administrators gaining more control on customers' virtual machines and data in reality. How to defend against malicious insiders, especially who have priorities to access or steal customers' data and computation resources, has become a challenging problem as well as a common focus of attention in both academia and industry in recent years. For further study of the insider threats in cloud computing model, making systematic summary from ways and means to deal with, and promoting domestic research in this direction, this paper firstly summarizes the major types of internal threats in the cloud environment, and takes an experimental approach to demonstrate typical insider vulnerabilities and possible actionable attacks. This paper summarizes and proposes three approaches to deal with insider threats in the cloud, as: user & entity behavior analysis and evaluation, cloud administration priority division and run-time access control, and customer controlled data encryption. For each approach, this paper thoroughly analyzes its technical principles, key technologies, state of the art, as well as practical possibilities in the real world. At last, this paper points out the future research directions and key technologies against insider threats in the cloud. © 2017, Science Press. All right reserved.

Amin Keshavarzi,Abolfazl T. Haghighat,Mahdi Bohlouli

DOI: https://doi.org/10.48550/arXiv.2005.01475

2020-04-27

Distributed, Parallel, and Cluster Computing

Abstract:In today's information technology (IT) era, a major part of the costs is being spent on computational needs. Enterprises are in efforts to increase their Return on Investment (ROI) and individuals are trying to reduce their costs. In this regard, cloud computing which emerges as a fifth utility can reduce costs and enhance performance of IT solutions. A large number of companies and institutions are dealing with cloud related issues as a provider or user. Due to the fact that cloud computing services have been proposed in recent years, organizations and individuals face with various challenges and problems such as how to migrate applications and software platforms into cloud and how to ensure security of migrated applications and etc. Given that many different definitions of cloud computing is presented in many publications and projects, a concrete and clear definition for cloud computing considering its characteristics, models and services is provided in this paper. In addition, current challenges and open issues in cloud computing is discussed in details and further recommendations and roadmaps for scientific activities and researches as well as potentials for improvements in this area from scientific and commercial points of view are given in this paper.

S. Subashini,V. Kavitha

DOI: https://doi.org/10.1016/j.jnca.2010.07.006

IF: 7.574

2011-01-01

Journal of Network and Computer Applications

Abstract:Cloud computing is a way to increase the capacity or add capabilities dynamically without investing in new infrastructure, training new personnel, or licensing new software. It extends Information Technology’s (IT) existing capabilities. In the last few years, cloud computing has grown from being a promising business concept to one of the fast growing segments of the IT industry. But as more and more information on individuals and companies are placed in the cloud, concerns are beginning to grow about just how safe an environment it is. Despite of all the hype surrounding the cloud, enterprise customers are still reluctant to deploy their business in the cloud. Security is one of the major issues which reduces the growth of cloud computing and complications with data privacy and data protection continue to plague the market. The advent of an advanced model should not negotiate with the required functionalities and capabilities present in the current model. A new model targeting at improving features of an existing model must not risk or threaten other important features of the current model. The architecture of cloud poses such a threat to the security of the existing technologies when deployed in a cloud environment. Cloud service users need to be vigilant in understanding the risks of data breaches in this new environment. In this paper, a survey of the different security risks that pose a threat to the cloud is presented. This paper is a survey more specific to the different security issues that has emanated due to the nature of the service delivery models of a cloud computing system.

computer science, interdisciplinary applications, software engineering, hardware & architecture