Need a perfect paper? Place your first order and save 5% with this code:   SAVE5NOW
HomeScience › Cloud Security and Privacy

Cloud Security and Privacy

Introduction

The wave of digitization has never ceased since it began. The increasing adoption of computers has changed how societies run in key aspects. With the ubiquitous nature of smartphones, the internet has become virtually indispensable in the everyday functioning of people. Staying online has historically depended upon remote servers. The need for servers has sparked the emergence of new industries centered on cloud computing. Institutions, businesses, and individuals opt to surrender their core computing needs to companies that offer cloud computing services primarily because it saves them the need to purchase or build their servers. Nevertheless, despite the cost-saving benefits, this paper will focus on the security alongside privacy concerns of cloud computing.

A definition of cloud computing would be important to better understand where security and privacy issues arise. Cloud computing conveys computer resources, particularly data storage and software, databases, and servers, to multiple users depending on their needs via the internet. Cloud computing fulfills several attributes. Firstly, it is multitenant, meaning the computing resources offered are shared amongst different users. Secondly, it allows for immense scalability; meaning organizations can expand in bandwidth and storage space utilization. Thirdly, it is elastic where users can raise or reduce the computing resources utilized at will. Finally, it is customizable meaning users decide on the resources they need (Rashid & Chaturvedi, 2019).

The major cloud computing leaders include Amazon Web Services (AWS), Microsoft Azure, Google Cloud, Salesforce, and IBM Cloud. Some of the common cloud computing services they offer are:

  • Infrastructure-as-a-Service (IaaS): a variety of computing resources are provided through this method including storage, hardware, networking, and server management.
  • Platform-as-a-Service (PaaS): a development platform service upon which organizations can develop their applications while the service automatically manages storage, software updates, operating systems, and cloud infrastructure.
  • Software-as-a-Service (SaaS): replaces the need for installing software by using it online. Thus, organizations are freed from meeting storage needs and the need to maintain software through updates.

Security and privacy issues

Hacking 

Despite the convenience cloud computing offers, it is still plagued with various security and privacy issues. One security issue is that cloud computing ecosystems are vulnerable to hacking. Crafting a foolproof cloud computing ecosystem is virtually impossible; therefore, gaps in the system inevitably are left unchecked (Cook et al., 2018). Hackers can exploit these points of failure for their advantage for various reasons.

One prominent reason for hacks is to access and steal data. Since user data is highly valuable in the modern computer age, hackers may break into a system to steal and sell the data. Computer systems with vast data, such as medical institutions, are usually particularly vulnerable to hacks. A recent example of a medical institution that has suffered hacks is the Leon Medical Centers, where medical records numbering in the tens of thousands were stolen and posted for sale on the dark web (Collier, 2021).

Cyberattacks by foreign governments

Cyberattacks can also be waged on cloud computing applications by foreign governments or people connected to foreign governments to acquire intellectual property, trade secrets, state secrets, or sabotage a nation’s infrastructure. The 2010 Stuxnet worm attack on Iran’s nuclear program is a prominent example of a cyberattack that sabotaged a nation’s critical infrastructure (Al-Mhiqani et al., 2018). That cyberattack awoke nations to the vulnerability in their infrastructural systems that threatened the very functioning of those nations. As many nations increasingly divert some state operations to the cloud, nations will become even more vulnerable to cyberattacks.

Moreover, theft of trade and state secrets is a major issue that threatens cloud security and privacy. Cyber-attacks become increasingly embraced in a world characterized by frantic competition for technological and economic dominance to narrow the gap between nations. China is a prominently cited example of a nation that routinely engages in massive cyberattacks that steal intellectual property worth billions of dollars. A Boston-based cybersecurity firm called Cybereason recently uncovered that APT 41, a Chinese state-linked company, had conducted extensive cyberattacks across North America, Europe, and Asia to steam intellectual property worth hundreds of billions of dollars (Sganga, 2022). The cyberattacks enable nations like China to forgo the need to spend heavily on research and development by stealing from other corporations and governments, thus leapfrogging ahead in technological development. Therefore, China targets high-tech companies, military contractors, and medical institutions.

Tracking 

Tracking is another security and privacy issue associated with cloud computing. Large internet platforms companies like Facebook, Google, and Amazon are known for the vast amounts of data they collect from their users. The data usually ranges from location to likes to website visits. Furthermore, in some cases, tracking persists even if a user leaves the platform and moves to a new unrelated platform or website. Companies collect this information to form a profile of an individual. From this profile, the data enables the companies to better understand their users and, therefore, serve them more relevant advertisements (West, 2019). The data also enables the companies to curate the site to ensure users can stick to it for as long as possible.

Additionally, tracking is not just correlated to the data that internet platforms collect from their users but also to GPS-enabled devices that have proliferated everywhere and become virtually ubiquitous. Many devices are increasingly getting connected to the cloud and other devices on the Internet of Things (Cook et al., 2018). Through this process, they can communicate with each other, thus enhancing their capabilities. Devices under the Internet of Things umbrella range from music speakers to cars to fridges and bulbs. Some of the core censors that enable these capabilities are GPS. As much as the information shared between the devices is beneficial, it also enhances locational tracking. This is unsettling since a hacker who breaches such devices can acquire a user’s location, potentially causing undesirable consequences.

Cloud security enhancement

To better meet the security demands of cloud computing, different standards have been proposed by different institutions and jurisdictions that cloud computing providers strive to meet. The first is the National Institute of Standards and Technology (NIST) which has set a list of best practices and standards that lay out the core elements of a secure, stable, and sustainable cloud computing framework (Tissir et al., 2021). NIST standards enable organizations to self-assess whether they cover the full scope of cloud security. NIST provides five attributes of a robust cybersecurity architecture, namely: Identity, Protect, Detect, Respond, and Recover

The other is the ISO, an organization set up in 1947. It comprises technical committees that have expertise in relevant fields. The most common standard set by the ISO is ISO/IEC 2700. This standard sets the conditions for “planning, executing, operating, monitoring, and advancing” Information Security Management System (ISMS) (Tissir et al., 2021). The standard is useful to organizations in aiding them in continually improving their cloud security framework as it provides guidance and advice on how to implement security controls. The standards offered guidelines and milestones that must be attained for cloud computing security to be robust. Some of the cloud security solutions offered include:

  • Data loss prevention (DLP). This protects stored data through encryption, remediation alerts, etc.
  • Identity and access management (IAM): this creates digital identities for all users thus enhancing their management through monitoring and appropriate limitation of services accessible to them, for instance when a subscription period runs out.
  • Business continuity and data recovery: a service that provides tools to organizations to enhance the recovery of lost data in case of data breaches or outages.

Conclusion

Despite the enormous benefits cloud computing offers, security and privacy remain a significant challenge for the service. The challenges reveal themselves in the form of hacks for data meant for sale, cyberattacks meant to ruin nations’ critical infrastructure, theft of intellectual property, tracking to form user profiles for targeted advertising, and location tracking made possible by the Internet of Things. Nevertheless, NIST and ISO/IEC 27001 set standards that cloud service providers use to meet security demands. The processes embedded in the standards ensure that the security provisions of cloud computing services are robust.

References

Al-Mhiqani, M. N., Ahmad, R., Yassin, W., Hassan, A., Abidin, Z. Z., Ali, N. S., & Abdulkareem, K. H. (2018). Cyber-security incidents: a review cases in cyber-physical systems. Int. J. Adv. Comput. Sci. Appl, (1), 499-508. DOI: 10.14569/IJACSA.2018.090169

Collier, K. (2021, February 5). Hackers post detailed patient medical records from two hospitals to the dark web. NBCNews. https://www.nbcnews.com/tech/security/hackers-post-detailed-patient-medical-records-two-hospitals-dark-web-n1256887

Cook, A., Robinson, M., Ferrag, M. A., Maglaras, L. A., He, Y., Jones, K., & Janicke, H. (2018). Internet of cloud: Security and privacy issues. In Cloud Computing for Optimization: Foundations, Applications, and Challenges (pp. 271-301). Springer, Cham. https://doi.org/10.48550/arXiv.1711.00525

Sganga, N. (2022, May 4). Chinese hackers took trillions in intellectual property from about 30 multinational companies. CBSNews. https://www.cbsnews.com/news/chinese-hackers-took-trillions-in-intellectual-property-from-about-30-multinational-companies/

Tissir, N., El Kafhali, S., & Aboutabit, N. (2021). Cybersecurity management in cloud computing: Semantic literature review and conceptual framework proposal. Journal of Reliable Intelligent Environments7(2), 69-84. DOI:10.1007/s40860-020-00115-0

West, S. M. (2019). Data capitalism: Redefining the logics of surveillance and privacy. Business & Society58(1), 20-41. https://doi.org/10.1177/0007650317718185

 

Don't have time to write this essay on your own?
Use our essay writing service and save your time. We guarantee high quality, on-time delivery and 100% confidentiality. All our papers are written from scratch according to your instructions and are plagiarism free.
Place an order

Cite This Work

To export a reference to this article please select a referencing style below:

APA
MLA
Harvard
Vancouver
Chicago
ASA
IEEE
AMA
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard

Related Essays

Review of Research Studies

Agent one: Canagliflozin Canagliflozin is an effective therapy for type 2 diabetes when used with a nutritious diet and consistent physical activity. Patients who have type 2 diabetes and other cardiovascular complications, such as heart disease or blood vessel disease, take it to lower their risk of experiencing a heart attack, stroke, or death at ... Read More
Pages: 5       Words: 1174

Essay on Edwards Syndrome

Introduction Edwards syndrome is a genetic disorder in babies or young children caused by adding a third copy of part or all of chromosome 18. Edward syndrome, commonly known as trisomy 18, affects most of the bodies of young babies, and many are born with heart defects or small in size (Taylor-Phillips et al., 2016). ... Read More
Pages: 8       Words: 2173

An Investigative Report on Chlorine as a Water Disinfectant

Overview This report aims to identify how chlorine as a water disinfectant works, its chemical components, and its effectiveness in household water purification. The report also identifies how chlorine is used in treating water in small-scale household set-ups. It captures the assessment, and the improvement of chlorine uses to ensure disinfection efficiency in treating water; ... Read More
Pages: 7       Words: 1687

Unveiling the Evolutionary Framework of the Human Interactome: Unicellular and Multicellular Giant Clusters

Introduction: The Human Interactome’s Evolutionary Framework examines the human interactome’s structure, focusing on the Multicellularity Contradiction (MCM) in biological organization. Genes at unicellular (UC) and multicellular (MC) levels conflict, causing the MCM. Independent behavior promotes cancer, but UC genes keep multicellular creatures alive. This study investigates how evolutionary gene grouping affects biological functions, specifically cancer ... Read More
Pages: 4       Words: 1045

Efficacy of Telehealth After COVID-19 Pandemic

The dissemination of quality information to the patient is an essential segment of health care (Tso, 2020). Understanding the complexity of a successful transition from hospital to home-based care is relevant in exploring the need for change in patient education quality during hospital discharge. Telehealth is beneficial for both health and convenience, and it serves ... Read More
Pages: 12       Words: 3154

Data Privacy and IT Security Health Policy

Introduction Healthcare policy is the term used to refer to the system of laws, rules, and regulations that govern how healthcare services are provided in a given region. The government usually manages the implementation of health policy and delivery systems. In addition to providing guidelines for operating hospitals and other healthcare establishments, these policies should ... Read More
Pages: 6       Words: 1607
Need a plagiarism free essay written by an educator?
Order it today

Popular Essay Topics