Assessing and Mitigating the Security Concerns, Threats and Associated Risks with Cloud Adoption
Volume 2, Issue 2, December 2018, Pages: 95-106
Received: Oct. 2, 2018;
Accepted: Nov. 5, 2018;
Published: Dec. 4, 2018
Views 834 Downloads 140
Chinedu Uchenna Paschal, Department of Information Technology, National Open University of Nigeria, Abuja, Nigeria
Oliver Ebere Osuagwu, Department of Computer Science, Imo State University, Owerri, Nigeria
Cloud Computing Security is part of the foreseeable evolution of Information Technology (IT) which any organisation intending to attain or sustain competitiveness must need to embrace in order to play in the evolving digital economy. Evidently, companies who tackle cloud computing responsibly need not entertain fears of security concerns, threats and associated risks on the path to the cloud. This research paper unveils that the concerns of handling security, privacy or forensic in the cloud virtualised environment are not as much a nightmare as compared to addressing them in-house. In an environment where information systems security and privacy has become paramount concern to enterprise customers, the risk of unauthorized access to information in the cloud poses a significant concern to cloud stakeholders. In a bid to mitigate the inevitable threats concerns of the associated stakeholders, this research prescribes the deployment of a cloud computing threat model, relevant to all other computing environments. Further, the research undertook and accessed a survey which was designed to identify and rank the various security, privacy, and forensic issues plaguing fears to the full adoption and deployment of this new computing paradigm. The survey was geared at the Nigeria marketplace among practicing IT professionals and organisations. Consequently, the drive to underpin this new direction and computing paradigm was advocated where the research highlights and ranks some of the operational concerns for cloud users in Nigeria, and further suggests measures to raise the level of awareness and engagement around those concerns within the constituencies of various consumers of the services. However, the research further argues that proper implementation of security, privacy, and forensic measures should not just be seen as the cloud providers’ sole concern, but the responsibilities of all consumers of the services. Thus, the paper prescribes techniques which could help cloud users maintain control of their data at rest or in transit within the cloud networks rather than outsource control to external vendors as usual.
Chinedu Uchenna Paschal,
Oliver Ebere Osuagwu,
Assessing and Mitigating the Security Concerns, Threats and Associated Risks with Cloud Adoption, Engineering Mathematics.
Vol. 2, No. 2,
2018, pp. 95-106.
Rebollo, O., Mellado, D.: Systematic Review of Information Security Governance Frameworksin the Cloud Computing. Journal of Universal Computer Sc. 18(6), 798–815 (2012)
Latif, R., Abbas, H., Assar, S. & Ali, Q. (2014). Cloud Computing Risk Assessment: A Systematic Literature Review. Springer-Verlag Berlin Heidelberg. Available online at DOI: 10.1007/978-3-642-40861-8_42,
Boss et al. (2007). Cloud Computing: High Performance On Demand Solutions (HiPODS). Version 1.0, Available online at http://www.ibm.com/developerworks/websphere/zones/hipods/ (Accessed: 20 May 2011).
Siddiqui, M. (2011). Cloud Computing Security: Final paper submitted spring 2011. Available online at http://blogs.techconception.com/manny/content/binary/Manny%20Siddiqui%20%20Cloud%20Computing%20Security.pdf (Accessed: 20 May 2011).
Reilly, D.; Wren, C. & Berry, T. (2011). Cloud Computing: Pros and Cons for Computer Forensic Investigations: International Journal Multimedia and Image Processing (IJMIP), Volume 1, Issue 1, March 2011. Available online at http://www.infonomicssociety.org/IJMIP/Cloud%20Computing_Pros%20and%20Cons%20for%20Computer%20Forensic%20Investigations.pdf Accessed: 20 May 2011
ISACA (2009). Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives: Emerging Technology White Paper. Available online at http://www.isaca.org/...Center/.../Cloud-Computing-28Oct09-Research.pdf Accessed: 08 June 2011
Hasan, R. (2011). Security and Privacy in Cloud Computing: Johns Hopkins University en.600.412 Spring 2011, Lecture 1, 01/31/2011. Available online at http://www.cs.jhu.edu/~ragib/sp11/cs412/lectures/600.412.lecture01.pptx (Accessed: 20 May 2011).
Metri, P. et al. (2011). Privacy issues and challenges in cloud computing. International Journal of Advanced Engineering Sciences and Technologies (IJAEST) Vol No. 5, Issue No. 1, 001 - 006
Cho (2010). An overview of cloud security and privacy. Presentation, CS 590, Fall 2010. Available online at http://www.cs.purdue.edu/homes/bb/cs590/.../YounSun.pptx - United States. (Accessed: 08 June 2012).
Samson, T. (2013) “9 top threats to cloud computing security. Conference processing by Cloud Security Alliance” [Online]. Available from http://www.infoworld.com/t/cloud-security/9top-threats-cloud-computing-security-213428?page=0,0 [Accessed: 05/06/2014]
IBM Research (2011) “Protocols for Secure Cloud Computing: Christian Cachin, Zurich” [Online]. Available from http://www.zurich.ibm.com/~cca/talks/metis2011.pdf [Accessed: 21 May 2013]
Frye, S. (2013) “Crypton for developers: Toward cryptographically- secure cloud apps” [Online]. Available at: http://www.techrepublic.com/blog/linux-and-opensource/crypton-for-developers-toward-cryptographicallysecure-cloud-apps/ [Accessed: 27/05/2014]
Violino, B. (2018) “The dirty dozen: 12 top cloud security threats for 2018” [online]. Available at: https://www.csoonline.com/article/3043030/security/12-topcloud-security-threats-for-2018.html. [Accessed 7 March 2018]
Hellman, M. E. (1980) “A cryptanalytic time-memory tradeoff. Information Theory”, IEEE Transactions, Vol. 26, Issue: 4
Al Beshri, A. M. (2013) Outsourcing data storage without outsourcing trust in cloud computing. PhD thesis, Queensland University of Technology. Available online at http://eprints.qut.edu.au/61738/ (Accessed: June 05, 2014)
Kelsey et al (1997). RC2. Available online at http://en.wikipedia.org/wiki/RC2 (Accessed: June 14, 2014)
www.wikipedia.com/cryptoanalysis/attacks, August 2013
Cloud Standards Customer Council (2017). “Security for Cloud Computing: Ten Steps to Ensure Success” [online]. Available at: http://www.cloud-council.org/deliverables/CSCC-Security-for-Cloud-Computing-10-Steps-to-Ensure-Success.pdf. [Accessed 7 March 2018]
Ike, K. R. (2003). Introduction to research method. Umuahia, Nigeria: Chudy Publications.
Saunders, M., Lewis, P., & Thornhill, A. (2007) Research methods for business students (4th Edition). (pp. 204- 246). Essex: Prentice Hall
Chinedu, P. U. (2018). Secured Cloud-Based Framework for ICT Intensive Virtual Organisation. Approved by: Owerri, Nigeria, Federal University of Technology Owerri, Diss., 2008. Beau Bassin, Mauritius: LAP LAMBERT Academic Publishing. ISBN: 978-613-9-82456-4, Published: April 22, 2018
Almond, C. (2009). A Practical Guide to Cloud Computing Security: What you need to know now about your business and cloud security: Avanade Perspective. Available online at http://www.avanade.com/Documents/Research%20and%20Insights/practicalguidetocloudcomputingsecurity574834.pdf (Accessed: 08 June 2011)