Cloud Computing Security

10 min readSep 1, 2023

Introduction

Cloud computing security refers to the measures taken to protect the cloud data from being attacked by the people. Cloud computing security can be termed as a sub domain of the information security as well.

As data stored on internet (generally referred as cloud) is very portable and requires very less management therefore cloud computing became an important part of the information technology (IT) and therefore it became important to protect it from the increasing threats day by day.

Therefore we can see that there are a number of security issues associated with a cloud so for the proper functioning of the cloud computing there has to be a well functioning security department that can control or minimise the damage caused by the attacks on the cloud servers. Therefore this security department is created and is given set of controls for controlling attacks and these set of controls are called cloud security controls.

Security Issues Associated With the Cloud

Cloud computing became a vastly used service due to its many advantages in a short period of time. And organisations providing the cloud storage is also generally very big organisations therefore it requires a vast security network for its protection.

There are two main security concerns associated with the cloud computing. They can be classified into two broad categories the 1st one is faced by the cloud providers and the 2nd is faced by its customers.

1. Security issues faced by the organisations-

When a user stores the data on cloud, it is no longer physically accessible by the servers hosting the information rather it gets stored on the internet (called cloud) and is now accessible by the employees of the cloud storage providers. This is where the problem arises as now the data is in reach of the staff appointed by the cloud provider for management purpose. Therefore now the organisation must appoint a separate body governing the people inside in organisation so that they do not manipulate or access any data of another user. And there are regular checks done over a data centre.

These days’ organisations use various methods to save money, resources, etc. So they store data of many users on a single server which sometimes due to miss management allows one user to access the data of another. Therefore to prevent this situation from happening the cloud providers must use proper data isolation.

Isolation-

In cloud security, isolation determines the extent of data shared by the users whose data is stored on the same server. In older systems isolation is done through the temporary tables. In a two tier system the isolation happens through a transaction processing manager and further in an n-tier system it becomes more complex and a number of transaction managers are required for the required isolation.

A lot of isolation is not the thing which is required as less isolation leads to the leakage of data of one user to the other; on the other hand in a transaction system the high isolation can cause one transaction being made by a user to block the transaction made by the other user. Therefore an adequate amount of isolation is always required in the servers.

Now there are isolation levels defined for the degree of isolation required in a database. These isolation levels are listed as follows-

1. Serializable

2. Repeatable reads

3. Read committed

4. Read uncommitted

2. Security Issues faced by the customers: -

As the basic infrastructure of cloud is based on the virtualisation, therefore it is common for the extensive use of virtualisation in the cloud sector. Hence this virtualisation brings a lot of new security concerns for the customers. There is a need of strong passwords from the side of customers to protect their data from other users.

Virtualisation:-

Virtualisation refers to the formation of non-real form of the various components.

Its main and focused types are:-

1. Hardware Virtualisation

2. Desktop Virtualisation

3. Nested Virtualisation

4. Cloud Virtualisation

Here cloud virtualisation is the type of virtualisation focused for the virtual infrastructure of the cloud computing.

Cloud Security Controls

There are a variety of controls available for the security department but they mostly fall in four categories:-

1. Deterrent controls

2. Preventive controls

3. Detective controls

4. Corrective controls.

1. Deterrent controls:-

Deterrent controls can be described as a warning given to an attacker for illegally accessing data from a cloud, telling them about the adverse consequences of their action. It acts as a fence for the data stored on cloud.

2. Preventive controls:-

These are the measures taken to strengthen the security of data. These controls aim at decreasing the unauthorized access to a user’s data.

3. Detective controls:-

These are the controls set up for the detection of any illegal activity in the servers. These controls aim to bring the preventive or the corrective controls under operation and act on the respective issue

4. Corrective controls:-

These are the controls set up for reducing the damage caused by any illegal activity. These controls take effect after the incident or during the incident. For example:-restoring the cloud data through backup due to illegal deletion of files of a user.

Cloud Security Alliance

Cloud security alliance is the organization formed for assuring better security featured in cloud computing, it has about 80,000 members around the world. It’s a non-profit organization.

Membership

As cloud security alliance is a member driven organization so it is very important to maintain the quantity and quality of members in the organization.

INDIVIDUALS

Members of the CSA are given complementary participation certificate but there is a minimum participation criteria set to be completed to get the certificate.

CHAPTERS

The separate legal entities of CSA are termed as chapters. These have worldwide connections and can conduct meetings but work under the rules set up by the CSA.

INTERNATIONAL SCOPE

CSA entities are present in almost every continent. These work with the CSA agreements and keep the CSA tasks under functioning worldwide.

Cloud Access Security Broker

A cloud access security broker is software that sits between the cloud application and the cloud customer and keeps an eye on every action taken so that the security measures can be taken if something illegal is detected.

CASB contains many tasks to be performed. It does management as well as security. Security refers to the prevention of any illegal activity whereas management refers to the minimising of losses due to the harmful activities.

For proper functioning of the cloud access security broker, it must be present in the path of the user and the cloud provider. For this to happen the cloud providers use the proxy agents, this is even possible without the agent and this CASB is called agent less cloud access security broker. Agent less CASB’s are easy to be deployed as compared to the age based CASB’s.

Managerial CASB’s uses API’s to manage the data in the cloud. It is also capable of managing the firewall of the servers.

Security and Privacy

Identity Management

For controlling the illegal activities, every cloud provider has developed its own identity management system. It uses a biometric encryption to store the confidential information of a user. Then it uses biometric identification to identify the user so that his/her data is not accessible by any other user.

Physical Security

As there are not only technical issues to be tackled for cloud security there are physical issues as well such as destruction of memory resources due to disasters. In this case cloud providers secure the data through backups.

Personal Security

There are security screening potential recruits and awareness programs and training programs as well to promote personal security. These are handled through pre-employment, post-employment and para-employment activities.

Privacy

If there is any critical data then the cloud providers encrypt that data to prevent any unauthorized access.

There is the use of data isolation as well, which plays a vast role in the field of cloud computing.

Data Security

There are not only security dangers concerning the illegal access of data, there are a lot of other dangers as well. Such as there can be the lack of proper virtualisation which leads to mishandling of various cloud features. So to control the threats various security controls are provided to restrain the issues.

Confidentiality

It refers to the prevention of data from being disclosed to an unauthorized user. As data stored in cloud is out of the direct control of a user therefore it is very important that confidentiality is maintained and no one even the cloud service providers must not have access to this data and with this full access to cloud must be provided to the user.

Access Controllability

Access controllability refers to the control of a user over his or her data stored in the cloud. Through this a user is able to set restriction over the access to his or her data. User can set the amount of access he or she will allow to their data by any unknown person and they can even vary the access of people to different data pieces. As we know the cloud is a form of very untrusted data storage therefore access controllability is a feature of cloud that plays a great role in cloud computing.

Integrity

Data integrity refers to the proper storage of data in the cloud. It aims to provide user with full satisfaction of data storage and prevent any data loss. If a data loss takes place accidentally or through other harmful activities then the user must know about it and he must be privileged to have the data restored by the servers.

Application Programming Interface

These are the various methods of communication among different components of the network. Application Programming interface make it easier for users to make application similar to the graphic interface which makes it easier for user to interact with the programs.

Encryption

Encryption helps user to store data in an encrypted form on the servers which provides an excellent type of security to the stored data. These days the advanced encryption is used which has revolutionised the field of network security.

It includes Crypto Shredding.

In detail encryption is a way to manipulate data in such a way that the data is only accessible to authorized person and is not accessible to unauthorized party and can only be accessed through decryption. For encryption of data the encryption algorithm is used, this encryption algorithm is termed as cipher.

Attribute based encryption algorithms

When the cipher is dependent upon attribute then the encryption is termed as attribute based encryption.

Cipher text-policy ABE (CP-ABE)

Access structure of the encrypted data depends upon this. Its main focus is on the structure of the data access.

Fully homomorphic encryption (FHE)

It manages the operations performed on the encrypted data, using this operations such as sum or product can be done on encrypted data without use of any decryption.

Searchable encryption (SE)

Searchable encryption is used to search in an encrypted data without use of any decryption.

Compliance

There are many privacy laws established worldwide and each country has their own rules and regulation about things like cloud computing. So it is very important for a user to know the laws set up by their cloud provider and they must take care of the origin of their cloud providers. For example a cloud provider originating from India and being mirrored in U.S will have rules established in India thus it is very important to know the origin of the cloud providers.

Business continuity and data recovery

In case of emergency or accidental loss of data the cloud providers must ensure the recovery of data.

Log and audit trail

Cloud provider must keep the log and audit trail secured. For this the cloud providers work with their customers to keep log and audit trails for as long as their customers demand.

Unique compliance requirements

The European Union has introduced the unique compliance requirements for their customers.

Conclusion

So we can conclude by this that the cloud computing is a very powerful idea and has great potential in the future technology. It has revolutionalised the way computers, mobiles and many other IT products works. It has changed the way data storage was done. It is capable of replacing the storage devices and makes instruments more light weight.

We can find many articles describing cloud and praising it but this doesn’t remove the fact that this brings many security concerns as well with it. Therefore it must be used very carefully and one must know about all the potential harms that can arise from it before using it.

And proper knowledge of all user rights and laws under which cloud providers work must be given to the users.

References

1.en.wikipedia.org

2.Student paper of University of Westminster.

3. Student paper of Colorado State University.

4.”Smart Healthcare Administration Over Cloud”,IGI Global Publication.