CLOUD SECURITY ISSUES & CHALLENGES – PUBLIC CLOUD

​

​

By: Dr. Mohammad Shoab

WHAT IS PUBLIC CLOUD?

CLOUD ARCHITECTURE

WHO OFFERS CLOUD SERVICES?

HYPOTHESIS

• public cloud could pose a huge potential security risk for the general public.

IMPORTANCE – PUBLIC CLOUD

• Provides huge benefit for the general public.
• Reduced excessive high cost of running, purchasing and maintenance by companies.
• Pay-per-use model at a very low cost.
• IaaS, PaaS and SaaS are provisioned from a pooled of shared resources that are accessible over the internet.

​

POTENTIAL REVIEW OF SECURITY THREATS & CHALLENGES

• A thematic review on the security issues and privacy in the public cloud.

​

​

​

ISSUES HIGHLIGHTED

• Security & Privacy
• Infrastructure & Data Management
• Interoperability across different service providers.

​

​

Ghanam, Y., Ferreira, J., & Maurer, F. (2012)

PRIVACY CONCERNS

• Security standards in SLA
• Access controls – accounts/services in cloud
• Extensive use of virtualization – brings security concerns to tenants

​

​

Ouahman, A. A. (2014)

CHALLENGES

• Outsourcing – tenants no longer retain physical control on hardware, software and data.
• Multi-tenancy – A shared physical machine that holds different tenants data. Therefore exploitation can occur.
• Massive data & intensive computation – traditional security mechanism may not suffice the new security requirements. That is due unbearable computation/communications overhead.

​

Mosca, P., Zhang, Y., Xiao, Z., & Wang, Y. (2014)

​

​

SECURITY CONCERNS

• Cloud availability – under investigated
• CIA (Confidentiality, Integrity & Accessibility) – the CIA triad has not yet been formally adapted to the cloud

​

​

Khansa, L., & Zobel, C. W. (2014)

LEGAL ISSUES

• Lack of uniformity – in the terms and the provider contracts and SLA (Service level Agreement)
• Information Policies (Private Industries) – governments have not provided a uniform & homogenous information policy regime where private industries are given clear guidance as to multi-jurisdictional risk, cyber terrorism risk, outage risk.

​

Teng, K. (2012)

SECURITY MEASURES

• Malware detection & prevention
• Secure virtual machine managers
• Cloud resilience – the ability for the system to recover & continue to provide services after a loss of software and hardware occurs.

​

​

Denz and Taylor. (2013)

​

TAKE - AWAY

• As presented by the different reviews, there exist multiple challenges and issues regarding cloud. However, it is up to the cloud service provider to pick from a grab back of techniques to secure their infrastructure. It can also be deduced that some issues and challenges that practitioners consider important need further studies and research.
• In future, as a cloud service consumer it is advisable to conduct a thorough & diligent risk assessment of the potential threats of low to high risk inherent in the cloud.

Thank You