Discussion: Cloud Security

Discussion: Cloud Security

Discussion: Cloud Security

Instructions Begin by locating several peer-reviewed articles from the past 5 years that support the problem you wish to address in your dissertation which is “Cloud Security”. These articles may be ones previously gathered for your annotated bibliography assignment (document attached) or additional resources. For this assignment, create a problem statement dealing with “Cloud Security”. The problem must come from a critical issue that must be addressed, otherwise negative consequences will occur or continue. In most cases, scholarly citations within the past 5 years are required to support the problem you will investigate. Articulate a concise problem statement. Include appropriate published or relevant primary sources to document the existence of a problem worthy of doctoral level research. Follow these steps: 1. Present the general issue grounded in the research literature that leads to the need for the study. 2. Clearly describe and document the problem prompting the study. Include appropriate published or relevant primary sources to document the existence of a problem worthy of PhD doctoral-level research. Be sure to consider the following: What perspective is represented? For example, is the problem an individual level problem, an organizational problem, an industry problem, or a social problem? 3. Consider the theories relevant to predict, explain, and understand the problem. 4. To identify and articulate a problem, consider the potential negative consequences to the field or stakeholders if the proposed research is never conducted. Support your assignment with at least five scholarly resources. In addition to these specified resources, other appropriate scholarly resources, including older articles, may be included. Length: 1-2 pages, not including title and reference pages Your assignment should demonstrate thoughtful consideration of the ideas and concepts presented in the course by providing new thoughts and insights relating directly to this topic. Your response should reflect scholarly writing and current APA standards. ***PLEASE ENSURE ALL REFERENCES ARE SCHOLARLY RESOURCES*** Cloud Security 1 Part A: Cloud Security Reference: Singh, A., & Chatterjee, K. (2017). Cloud security issues and challenges: A survey. Journal of Network and Computer Applications, 79, 88-115. doi:10.1016/j.jnca.2016.11.027 Annotation Cloud computing services are gaining rapid popularity in different industries across the globe. Discussion: Cloud Security

The services are delivered over the Internet and without any local installation of applications on users’ devices. Cloud computing services are on-demand, scalable, and allows cost optimization. However, there are several security issues and challenges for cloud service providers and consumers. The purpose of this paper is to present a detailed overview of cloud computing architecture, service models, deployment models, and possible security issues and challenges. It helps to understand the broad scenario of security and privacy concerns for various key stakeholders in the cloud computing service delivery domain. In many cases, third-party providers are also involved between a service provider and a consumer. And that adds additional security concerns to the service delivery process. The strength of the research is analyzing the broad spectrum of cloud security and helping readers to understand the information security context for cloud computing. The paper contains a discussion on how cloud computing came from clusters and grid computing, automation, various cloud technologies, the core concept of cloud security, requirements for cloud security, trust, security threats, attacks, security requirements through an extensive literature review and 2 survey. It helps in future work on any particular cloud security issue or challenge described in the paper. Reference: Tari, Z., Yi, X., Premarathne, U. S., Bertok, P., & Khalil, I. (2015). Security and privacy in cloud computing: vision, trends, and challenges. IEEE Cloud Computing, 2(2), 30-38. doi:10.1109/MCC.2015.45 Annotation Cloud computing offers flexibility and cost-effective solutions to individuals and organizations. However, there are different service layers in a cloud architecture model. At different levels, various infrastructural components, and technologies are integrated and virtualization is used to distribute the infrastructure and services among remote users over the Internet. And it adds various security issues to cloud computing. The paper is focused on exploring cloud security issues mainly related to data utilization and management aspects. It covers various dimensions of data storage, access controls, and data management related security concerns for cloud computing. Other than discussing the security issues and challenges, the paper also covers various trends on solutions to some of the security issues and challenges. It covers solutions like homomorphic encryption, privacy-preserving DMaaS or Data Mining as a Service on a cloud to protect privacy, and various types of distributed access control mechanisms for decentralized cloud computing environments. It also explores the roles of middleware in implementing various security solutions for cloud computing service delivery models. 3 Discussion: Cloud Security

The strength of the paper is, it is particularly focused on cryptographic solutions viable to secure data management, and access control for cloud services. And it provides an insight into some of the popular cryptographic solution and how those can be implemented on a cloud service model. Even though the paper does not provide an in-depth discussion on the cryptographic solution, but it can be a starting point for a reader to start exploring possible solutions to cloud security issues and challenges. Reference: Khan, N., & Al-Yasiri, A. (2016). Identifying cloud security threats to strengthen cloud computing adoption framework. Procedia Computer Science, 94, 485-490. doi:10.1016/j.procs.2016.08.075 Annotation Cloud computing has changed the traditional way of using information technologies at an organization. It allows the outsourcing of data management, and IT services of a firm in different ways. The positive aspect of the adoption of cloud computing is, such outsourcing helps in cutting down costs, enhancing innovation and productivity in businesses and developing a customer-focused IT infrastructure. However, there are certain limitations and concerns over cloud security. Before outsourcing organizations must understand various security risks, threats, and concerns related to cloud adoption. The paper provides a detailed discussion on identifying various threats related to cloud computing and some of the possible measurements for organizations to strengthen their cloud adoption framework. The paper provides insight to current issues and some of the possible future challenges including service hijacking, data scavenging, data leakage, denial of services, customer data manipulation, virtual machine escape, virtual machine hopping, creation of 4 malicious virtual machines, spoofing or sniffing virtual networks, issues with a hypervisor, legal and information security challenges of sharing cloud technology, hypervisor viruses and so on. The paper gives the reader an understanding of cloud security challenges focused on cloud adoption by organizations and possible ways to strengthen cloud preparation stage or CPS to strengthen the security of a cloud adoption framework. Reference: Walterbusch, M., Fietz, A., & Teuteberg, F. (2017). Missing cloud security awareness: investigating risk exposure in shadow IT. Journal of Enterprise Information Management. doi:10.1108/JEIM-07-2015-0066 Annotation Shadow IT is a broad term that refers to IT architecture and applications that are utilized and managed without the knowledge of the IT department of an enterprise. Discussion: Cloud Security

As cloud services are usually outsourced to cloud service providers and third parties. Hence, cloud computing is a type of shadow IT. The paper discusses various aspects of cloud computing as shadow IT from the perspective of an employee in an organization. As an enterprise does not have any knowledge of managing and utilizing the outsourced cloud computing frameworks and solutions, hence, employees don’t have always much awareness and information about the security concerns and challenges related to cloud computing. Lack of awareness makes it more difficult for organizations to raise and increase awareness about cloud security among employees. There are various inherent risks to cloud security due to the architecture, service model, and deployment models of cloud computing. It requires addressing such risks with countermeasures and awareness. 5 The strength of the paper is the extensive literature review and study on cloud computing awareness through expert interviews and in-depth study. The study has covered perspectives of employees and employers towards cloud computing. And the paper provides a detailed set of recommendations for employers and employees to secure their cloud computing framework and to raise awareness among employees. Reference: Demchenko, Y., Turkmen, F., Slawik, M., & de Laat, C. (2017). Defining intercloud security framework and architecture components for multi-cloud data-intensive applications. Paper presented at the 2017 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID). Annotation The paper covers the concept of ICSF or Intercloud Security Framework and its importance to implement a security infrastructure for cloud platforms. The intercloud security framework is a component of the ICAF or Intercloud Architecture Framework. ICAF offers an architectural base to build information security solutions for the cloud computing platform, especially for multi-cloud applications. Data-intensive applications usually require to be built on the multicloud framework and require an extensive intercloud security solution. Discussion: Cloud Security

The paper provides a detailed analysis of the use of multi-cloud to elicit general requirements for ICSF, identification of functional components of security infrastructure to allow the use of distributed computing datasets and resources, main functional components of ICSF. It covers the importance of consistent implementation of various standards for security services lifecycle management or SSLM for various cloud applications. The report also covers the importance and role of compliances in cloud security management. 6 The report also covers the implementation of ICSF on a project called CYCLONE. The project shows implementation details of identifying requirements, and implementation of secure login, security service lifecycle management, multi-domain Attribute-Based Access Control, and implementation of Bootstrap protocol to ensure consistency in the security measurements implemented on a virtualized intercloud environment. The report is focused on a particular area of cloud security. Part B: Cloud Security Issues and Possible Solutions The primary topic is “Cloud Security” and the specific topic is “Cloud Security Issues and Possible Solutions”. The analysis of the selected annotations is focused on exploring various cloud security concerns and some of the solution. Cloud computing is a rapidly developing field. Hence, there are still many open challenges and issues. Hence, the research in the dissertation will start from an extensive literature review to find out cloud security challenges and issues. Then the discussion will be on exploring the roles of various key stakeholders like cloud service providers and consumers. In most of the cases, consumers are enterprises and businesses. The research will be particularly focused on the lack of awareness and multi-cloud security solutions because rather than generic solutions to cloud security issues and challenges, addressing multi-cloud security framework like ICSF will help to improve cloud security from different dimensions. At the same time, the research will be focused on how increasing awareness among employees helps in improving cloud security. Discussion: Cloud Security