Introduction
The wave of digitization has never ceased since it began. The increasing adoption of computers has changed how societies run in key aspects. With the ubiquitous nature of smartphones, the internet has become virtually indispensable in the everyday functioning of people. Staying online has historically depended upon remote servers. The need for servers has sparked the emergence of new industries centered on cloud computing. Institutions, businesses, and individuals opt to surrender their core computing needs to companies that offer cloud computing services primarily because it saves them the need to purchase or build their servers. Nevertheless, despite the cost-saving benefits, this paper will focus on the security alongside privacy concerns of cloud computing.
A definition of cloud computing would be important to better understand where security and privacy issues arise. Cloud computing conveys computer resources, particularly data storage and software, databases, and servers, to multiple users depending on their needs via the internet. Cloud computing fulfills several attributes. Firstly, it is multitenant, meaning the computing resources offered are shared amongst different users. Secondly, it allows for immense scalability; meaning organizations can expand in bandwidth and storage space utilization. Thirdly, it is elastic where users can raise or reduce the computing resources utilized at will. Finally, it is customizable meaning users decide on the resources they need (Rashid & Chaturvedi, 2019).
The major cloud computing leaders include Amazon Web Services (AWS), Microsoft Azure, Google Cloud, Salesforce, and IBM Cloud. Some of the common cloud computing services they offer are:
- Infrastructure-as-a-Service (IaaS): a variety of computing resources are provided through this method including storage, hardware, networking, and server management.
- Platform-as-a-Service (PaaS): a development platform service upon which organizations can develop their applications while the service automatically manages storage, software updates, operating systems, and cloud infrastructure.
- Software-as-a-Service (SaaS): replaces the need for installing software by using it online. Thus, organizations are freed from meeting storage needs and the need to maintain software through updates.
Security and privacy issues
Hacking
Despite the convenience cloud computing offers, it is still plagued with various security and privacy issues. One security issue is that cloud computing ecosystems are vulnerable to hacking. Crafting a foolproof cloud computing ecosystem is virtually impossible; therefore, gaps in the system inevitably are left unchecked (Cook et al., 2018). Hackers can exploit these points of failure for their advantage for various reasons.
One prominent reason for hacks is to access and steal data. Since user data is highly valuable in the modern computer age, hackers may break into a system to steal and sell the data. Computer systems with vast data, such as medical institutions, are usually particularly vulnerable to hacks. A recent example of a medical institution that has suffered hacks is the Leon Medical Centers, where medical records numbering in the tens of thousands were stolen and posted for sale on the dark web (Collier, 2021).
Cyberattacks by foreign governments
Cyberattacks can also be waged on cloud computing applications by foreign governments or people connected to foreign governments to acquire intellectual property, trade secrets, state secrets, or sabotage a nation’s infrastructure. The 2010 Stuxnet worm attack on Iran’s nuclear program is a prominent example of a cyberattack that sabotaged a nation’s critical infrastructure (Al-Mhiqani et al., 2018). That cyberattack awoke nations to the vulnerability in their infrastructural systems that threatened the very functioning of those nations. As many nations increasingly divert some state operations to the cloud, nations will become even more vulnerable to cyberattacks.
Moreover, theft of trade and state secrets is a major issue that threatens cloud security and privacy. Cyber-attacks become increasingly embraced in a world characterized by frantic competition for technological and economic dominance to narrow the gap between nations. China is a prominently cited example of a nation that routinely engages in massive cyberattacks that steal intellectual property worth billions of dollars. A Boston-based cybersecurity firm called Cybereason recently uncovered that APT 41, a Chinese state-linked company, had conducted extensive cyberattacks across North America, Europe, and Asia to steam intellectual property worth hundreds of billions of dollars (Sganga, 2022). The cyberattacks enable nations like China to forgo the need to spend heavily on research and development by stealing from other corporations and governments, thus leapfrogging ahead in technological development. Therefore, China targets high-tech companies, military contractors, and medical institutions.
Tracking
Tracking is another security and privacy issue associated with cloud computing. Large internet platforms companies like Facebook, Google, and Amazon are known for the vast amounts of data they collect from their users. The data usually ranges from location to likes to website visits. Furthermore, in some cases, tracking persists even if a user leaves the platform and moves to a new unrelated platform or website. Companies collect this information to form a profile of an individual. From this profile, the data enables the companies to better understand their users and, therefore, serve them more relevant advertisements (West, 2019). The data also enables the companies to curate the site to ensure users can stick to it for as long as possible.
Additionally, tracking is not just correlated to the data that internet platforms collect from their users but also to GPS-enabled devices that have proliferated everywhere and become virtually ubiquitous. Many devices are increasingly getting connected to the cloud and other devices on the Internet of Things (Cook et al., 2018). Through this process, they can communicate with each other, thus enhancing their capabilities. Devices under the Internet of Things umbrella range from music speakers to cars to fridges and bulbs. Some of the core censors that enable these capabilities are GPS. As much as the information shared between the devices is beneficial, it also enhances locational tracking. This is unsettling since a hacker who breaches such devices can acquire a user’s location, potentially causing undesirable consequences.
Cloud security enhancement
To better meet the security demands of cloud computing, different standards have been proposed by different institutions and jurisdictions that cloud computing providers strive to meet. The first is the National Institute of Standards and Technology (NIST) which has set a list of best practices and standards that lay out the core elements of a secure, stable, and sustainable cloud computing framework (Tissir et al., 2021). NIST standards enable organizations to self-assess whether they cover the full scope of cloud security. NIST provides five attributes of a robust cybersecurity architecture, namely: Identity, Protect, Detect, Respond, and Recover
The other is the ISO, an organization set up in 1947. It comprises technical committees that have expertise in relevant fields. The most common standard set by the ISO is ISO/IEC 2700. This standard sets the conditions for “planning, executing, operating, monitoring, and advancing” Information Security Management System (ISMS) (Tissir et al., 2021). The standard is useful to organizations in aiding them in continually improving their cloud security framework as it provides guidance and advice on how to implement security controls. The standards offered guidelines and milestones that must be attained for cloud computing security to be robust. Some of the cloud security solutions offered include:
- Data loss prevention (DLP). This protects stored data through encryption, remediation alerts, etc.
- Identity and access management (IAM): this creates digital identities for all users thus enhancing their management through monitoring and appropriate limitation of services accessible to them, for instance when a subscription period runs out.
- Business continuity and data recovery: a service that provides tools to organizations to enhance the recovery of lost data in case of data breaches or outages.
Conclusion
Despite the enormous benefits cloud computing offers, security and privacy remain a significant challenge for the service. The challenges reveal themselves in the form of hacks for data meant for sale, cyberattacks meant to ruin nations’ critical infrastructure, theft of intellectual property, tracking to form user profiles for targeted advertising, and location tracking made possible by the Internet of Things. Nevertheless, NIST and ISO/IEC 27001 set standards that cloud service providers use to meet security demands. The processes embedded in the standards ensure that the security provisions of cloud computing services are robust.
References
Al-Mhiqani, M. N., Ahmad, R., Yassin, W., Hassan, A., Abidin, Z. Z., Ali, N. S., & Abdulkareem, K. H. (2018). Cyber-security incidents: a review cases in cyber-physical systems. Int. J. Adv. Comput. Sci. Appl, (1), 499-508. DOI: 10.14569/IJACSA.2018.090169
Collier, K. (2021, February 5). Hackers post detailed patient medical records from two hospitals to the dark web. NBCNews. https://www.nbcnews.com/tech/security/hackers-post-detailed-patient-medical-records-two-hospitals-dark-web-n1256887
Cook, A., Robinson, M., Ferrag, M. A., Maglaras, L. A., He, Y., Jones, K., & Janicke, H. (2018). Internet of cloud: Security and privacy issues. In Cloud Computing for Optimization: Foundations, Applications, and Challenges (pp. 271-301). Springer, Cham. https://doi.org/10.48550/arXiv.1711.00525
Sganga, N. (2022, May 4). Chinese hackers took trillions in intellectual property from about 30 multinational companies. CBSNews. https://www.cbsnews.com/news/chinese-hackers-took-trillions-in-intellectual-property-from-about-30-multinational-companies/
Tissir, N., El Kafhali, S., & Aboutabit, N. (2021). Cybersecurity management in cloud computing: Semantic literature review and conceptual framework proposal. Journal of Reliable Intelligent Environments, 7(2), 69-84. DOI:10.1007/s40860-020-00115-0
West, S. M. (2019). Data capitalism: Redefining the logics of surveillance and privacy. Business & Society, 58(1), 20-41. https://doi.org/10.1177/0007650317718185