| Peer-Reviewed

Assessing and Mitigating the Security Concerns, Threats and Associated Risks with Cloud Adoption

Received: 2 October 2018     Accepted: 5 November 2018     Published: 4 December 2018
Views:       Downloads:
Abstract

Cloud Computing Security is part of the foreseeable evolution of Information Technology (IT) which any organisation intending to attain or sustain competitiveness must need to embrace in order to play in the evolving digital economy. Evidently, companies who tackle cloud computing responsibly need not entertain fears of security concerns, threats and associated risks on the path to the cloud. This research paper unveils that the concerns of handling security, privacy or forensic in the cloud virtualised environment are not as much a nightmare as compared to addressing them in-house. In an environment where information systems security and privacy has become paramount concern to enterprise customers, the risk of unauthorized access to information in the cloud poses a significant concern to cloud stakeholders. In a bid to mitigate the inevitable threats concerns of the associated stakeholders, this research prescribes the deployment of a cloud computing threat model, relevant to all other computing environments. Further, the research undertook and accessed a survey which was designed to identify and rank the various security, privacy, and forensic issues plaguing fears to the full adoption and deployment of this new computing paradigm. The survey was geared at the Nigeria marketplace among practicing IT professionals and organisations. Consequently, the drive to underpin this new direction and computing paradigm was advocated where the research highlights and ranks some of the operational concerns for cloud users in Nigeria, and further suggests measures to raise the level of awareness and engagement around those concerns within the constituencies of various consumers of the services. However, the research further argues that proper implementation of security, privacy, and forensic measures should not just be seen as the cloud providers’ sole concern, but the responsibilities of all consumers of the services. Thus, the paper prescribes techniques which could help cloud users maintain control of their data at rest or in transit within the cloud networks rather than outsource control to external vendors as usual.

Published in Engineering Mathematics (Volume 2, Issue 2)
DOI 10.11648/j.engmath.20180202.17
Page(s) 95-106
Creative Commons

This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited.

Copyright

Copyright © The Author(s), 2018. Published by Science Publishing Group

Keywords

Cloud Computing, Cloud Security, Security and Privacy Issue, Operational Concerns

References
[1] Rebollo, O., Mellado, D.: Systematic Review of Information Security Governance Frameworksin the Cloud Computing. Journal of Universal Computer Sc. 18(6), 798–815 (2012)
[2] Latif, R., Abbas, H., Assar, S. & Ali, Q. (2014). Cloud Computing Risk Assessment: A Systematic Literature Review. Springer-Verlag Berlin Heidelberg. Available online at DOI: 10.1007/978-3-642-40861-8_42,
[3] Boss et al. (2007). Cloud Computing: High Performance On Demand Solutions (HiPODS). Version 1.0, Available online at http://www.ibm.com/developerworks/websphere/zones/hipods/ (Accessed: 20 May 2011).
[4] Siddiqui, M. (2011). Cloud Computing Security: Final paper submitted spring 2011. Available online at http://blogs.techconception.com/manny/content/binary/Manny%20Siddiqui%20%20Cloud%20Computing%20Security.pdf (Accessed: 20 May 2011).
[5] Reilly, D.; Wren, C. & Berry, T. (2011). Cloud Computing: Pros and Cons for Computer Forensic Investigations: International Journal Multimedia and Image Processing (IJMIP), Volume 1, Issue 1, March 2011. Available online at http://www.infonomicssociety.org/IJMIP/Cloud%20Computing_Pros%20and%20Cons%20for%20Computer%20Forensic%20Investigations.pdf Accessed: 20 May 2011
[6] ISACA (2009). Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives: Emerging Technology White Paper. Available online at http://www.isaca.org/...Center/.../Cloud-Computing-28Oct09-Research.pdf Accessed: 08 June 2011
[7] Hasan, R. (2011). Security and Privacy in Cloud Computing: Johns Hopkins University en.600.412 Spring 2011, Lecture 1, 01/31/2011. Available online at http://www.cs.jhu.edu/~ragib/sp11/cs412/lectures/600.412.lecture01.pptx (Accessed: 20 May 2011).
[8] Metri, P. et al. (2011). Privacy issues and challenges in cloud computing. International Journal of Advanced Engineering Sciences and Technologies (IJAEST) Vol No. 5, Issue No. 1, 001 - 006
[9] Cho (2010). An overview of cloud security and privacy. Presentation, CS 590, Fall 2010. Available online at http://www.cs.purdue.edu/homes/bb/cs590/.../YounSun.pptx - United States. (Accessed: 08 June 2012).
[10] Samson, T. (2013) “9 top threats to cloud computing security. Conference processing by Cloud Security Alliance” [Online]. Available from http://www.infoworld.com/t/cloud-security/9top-threats-cloud-computing-security-213428?page=0,0 [Accessed: 05/06/2014]
[11] IBM Research (2011) “Protocols for Secure Cloud Computing: Christian Cachin, Zurich” [Online]. Available from http://www.zurich.ibm.com/~cca/talks/metis2011.pdf [Accessed: 21 May 2013]
[12] Frye, S. (2013) “Crypton for developers: Toward cryptographically- secure cloud apps” [Online]. Available at: http://www.techrepublic.com/blog/linux-and-opensource/crypton-for-developers-toward-cryptographicallysecure-cloud-apps/ [Accessed: 27/05/2014]
[13] Violino, B. (2018) “The dirty dozen: 12 top cloud security threats for 2018” [online]. Available at: https://www.csoonline.com/article/3043030/security/12-topcloud-security-threats-for-2018.html. [Accessed 7 March 2018]
[14] Hellman, M. E. (1980) “A cryptanalytic time-memory tradeoff. Information Theory”, IEEE Transactions, Vol. 26, Issue: 4
[15] Al Beshri, A. M. (2013) Outsourcing data storage without outsourcing trust in cloud computing. PhD thesis, Queensland University of Technology. Available online at http://eprints.qut.edu.au/61738/ (Accessed: June 05, 2014)
[16] Kelsey et al (1997). RC2. Available online at http://en.wikipedia.org/wiki/RC2 (Accessed: June 14, 2014)
[17] www.wikipedia.com/cryptoanalysis/attacks, August 2013
[18] Cloud Standards Customer Council (2017). “Security for Cloud Computing: Ten Steps to Ensure Success” [online]. Available at: http://www.cloud-council.org/deliverables/CSCC-Security-for-Cloud-Computing-10-Steps-to-Ensure-Success.pdf. [Accessed 7 March 2018]
[19] Ike, K. R. (2003). Introduction to research method. Umuahia, Nigeria: Chudy Publications.
[20] Saunders, M., Lewis, P., & Thornhill, A. (2007) Research methods for business students (4th Edition). (pp. 204- 246). Essex: Prentice Hall
[21] Chinedu, P. U. (2018). Secured Cloud-Based Framework for ICT Intensive Virtual Organisation. Approved by: Owerri, Nigeria, Federal University of Technology Owerri, Diss., 2008. Beau Bassin, Mauritius: LAP LAMBERT Academic Publishing. ISBN: 978-613-9-82456-4, Published: April 22, 2018
[22] Almond, C. (2009). A Practical Guide to Cloud Computing Security: What you need to know now about your business and cloud security: Avanade Perspective. Available online at http://www.avanade.com/Documents/Research%20and%20Insights/practicalguidetocloudcomputingsecurity574834.pdf (Accessed: 08 June 2011)
Cite This Article
  • APA Style

    Chinedu Uchenna Paschal, Oliver Ebere Osuagwu. (2018). Assessing and Mitigating the Security Concerns, Threats and Associated Risks with Cloud Adoption. Engineering Mathematics, 2(2), 95-106. https://doi.org/10.11648/j.engmath.20180202.17

    Copy | Download

    ACS Style

    Chinedu Uchenna Paschal; Oliver Ebere Osuagwu. Assessing and Mitigating the Security Concerns, Threats and Associated Risks with Cloud Adoption. Eng. Math. 2018, 2(2), 95-106. doi: 10.11648/j.engmath.20180202.17

    Copy | Download

    AMA Style

    Chinedu Uchenna Paschal, Oliver Ebere Osuagwu. Assessing and Mitigating the Security Concerns, Threats and Associated Risks with Cloud Adoption. Eng Math. 2018;2(2):95-106. doi: 10.11648/j.engmath.20180202.17

    Copy | Download

  • @article{10.11648/j.engmath.20180202.17,
      author = {Chinedu Uchenna Paschal and Oliver Ebere Osuagwu},
      title = {Assessing and Mitigating the Security Concerns, Threats and Associated Risks with Cloud Adoption},
      journal = {Engineering Mathematics},
      volume = {2},
      number = {2},
      pages = {95-106},
      doi = {10.11648/j.engmath.20180202.17},
      url = {https://doi.org/10.11648/j.engmath.20180202.17},
      eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.engmath.20180202.17},
      abstract = {Cloud Computing Security is part of the foreseeable evolution of Information Technology (IT) which any organisation intending to attain or sustain competitiveness must need to embrace in order to play in the evolving digital economy. Evidently, companies who tackle cloud computing responsibly need not entertain fears of security concerns, threats and associated risks on the path to the cloud. This research paper unveils that the concerns of handling security, privacy or forensic in the cloud virtualised environment are not as much a nightmare as compared to addressing them in-house. In an environment where information systems security and privacy has become paramount concern to enterprise customers, the risk of unauthorized access to information in the cloud poses a significant concern to cloud stakeholders. In a bid to mitigate the inevitable threats concerns of the associated stakeholders, this research prescribes the deployment of a cloud computing threat model, relevant to all other computing environments. Further, the research undertook and accessed a survey which was designed to identify and rank the various security, privacy, and forensic issues plaguing fears to the full adoption and deployment of this new computing paradigm. The survey was geared at the Nigeria marketplace among practicing IT professionals and organisations. Consequently, the drive to underpin this new direction and computing paradigm was advocated where the research highlights and ranks some of the operational concerns for cloud users in Nigeria, and further suggests measures to raise the level of awareness and engagement around those concerns within the constituencies of various consumers of the services. However, the research further argues that proper implementation of security, privacy, and forensic measures should not just be seen as the cloud providers’ sole concern, but the responsibilities of all consumers of the services. Thus, the paper prescribes techniques which could help cloud users maintain control of their data at rest or in transit within the cloud networks rather than outsource control to external vendors as usual.},
     year = {2018}
    }
    

    Copy | Download

  • TY  - JOUR
    T1  - Assessing and Mitigating the Security Concerns, Threats and Associated Risks with Cloud Adoption
    AU  - Chinedu Uchenna Paschal
    AU  - Oliver Ebere Osuagwu
    Y1  - 2018/12/04
    PY  - 2018
    N1  - https://doi.org/10.11648/j.engmath.20180202.17
    DO  - 10.11648/j.engmath.20180202.17
    T2  - Engineering Mathematics
    JF  - Engineering Mathematics
    JO  - Engineering Mathematics
    SP  - 95
    EP  - 106
    PB  - Science Publishing Group
    SN  - 2640-088X
    UR  - https://doi.org/10.11648/j.engmath.20180202.17
    AB  - Cloud Computing Security is part of the foreseeable evolution of Information Technology (IT) which any organisation intending to attain or sustain competitiveness must need to embrace in order to play in the evolving digital economy. Evidently, companies who tackle cloud computing responsibly need not entertain fears of security concerns, threats and associated risks on the path to the cloud. This research paper unveils that the concerns of handling security, privacy or forensic in the cloud virtualised environment are not as much a nightmare as compared to addressing them in-house. In an environment where information systems security and privacy has become paramount concern to enterprise customers, the risk of unauthorized access to information in the cloud poses a significant concern to cloud stakeholders. In a bid to mitigate the inevitable threats concerns of the associated stakeholders, this research prescribes the deployment of a cloud computing threat model, relevant to all other computing environments. Further, the research undertook and accessed a survey which was designed to identify and rank the various security, privacy, and forensic issues plaguing fears to the full adoption and deployment of this new computing paradigm. The survey was geared at the Nigeria marketplace among practicing IT professionals and organisations. Consequently, the drive to underpin this new direction and computing paradigm was advocated where the research highlights and ranks some of the operational concerns for cloud users in Nigeria, and further suggests measures to raise the level of awareness and engagement around those concerns within the constituencies of various consumers of the services. However, the research further argues that proper implementation of security, privacy, and forensic measures should not just be seen as the cloud providers’ sole concern, but the responsibilities of all consumers of the services. Thus, the paper prescribes techniques which could help cloud users maintain control of their data at rest or in transit within the cloud networks rather than outsource control to external vendors as usual.
    VL  - 2
    IS  - 2
    ER  - 

    Copy | Download

Author Information
  • Department of Information Technology, National Open University of Nigeria, Abuja, Nigeria

  • Department of Computer Science, Imo State University, Owerri, Nigeria

  • Sections