The recent emergence of cloud computing has drastically altered everyone's perception of infrastructure architectures, software delivery, and development models. Projecting as an evolutionary step, cloud computing encompasses elements from grid computing, utility computing, and autonomic computing into an innovative deployment architecture. Cloud computing systems offer a lot of advantages like pay per use and rapid service provisioned on demand, while it suffers for some concerns specially security. In fact, a number of unchartered risks and challenges have been introduced from this new environment. This chapter explores the security issues in cloud computing systems and shows how to solve these problems using a quantitative security risk assessment model.
TopIntroduction
Cloud computing is an emerging technology which recently has shown significant attention lately in the word. It provides services over the internet: users can utilize the online services of different software instead of purchasing or installing them on their own computers. The National Institute of Standard and Technology (NIST) definition defines cloud computing as a paradigm for enabling useful, on-demand network access to a shared pool of configurable computing resources (Mell, & Grance, 2010).
Cloud computing is the delivery of computing services, servers, storage, databases, networking, software, analytics using the Internet to offer faster innovation, flexible resources, and economies of scale. It reduces your operating costs by paying just the services used, runs your infrastructure more efficiently, and scales as your business needs change. It presents a new model for IT service delivery. Cloud computing has, as well, the potential to improve the way businesses and IT operate by offering fast start-up, flexibility, scalability and cost efficiency. As well in n last decades, cloud services adoption haw increased and which has, also, followed consumer confidence with the security of cloud providers. As providers invest in the security of their platforms, a McAfee survey (Intel Security, 2017) showed complete trust in public cloud offerings increased 76 percent in 2017.
Moreover, Intel Security reports that in 15 months, 80% of all IT budgets will be committed to cloud apps and solutions. In fact, Cloud Computing being a global urgency for organizations that choose deploying applications in the cloud. The study found that the percentage of IT professionals who stated they don’t think their IT budget will ever be 80% cloud dropped by 50% from 12% in 2015 to 6% in 2016 (Intel Security, 2017).
It offers several services presented in three models: Software as Service (SaaS), Platform as Service (PaaS), and Infrastructure as Service (IaaS). Software as Service (SaaS) provides services existing in the cloud or applications to end users, Platform as Service (PaaS) provides access to platforms and Infrastructure as Service (IaaS) offers processing storage and other computing resources. Thus, CC provides compelling benefits and cost-effective options for IT hosting and expansion, new risks and opportunities for security exploits are introduced. So, many are moving to the cloud to take advantage of the on-demand nature of documents, applications and services.
An area of cloud computing that is starting to garner more attention is security risks, as well as it presents a serious problem for this environment. In fact, these security threats are increasing in last few years like cyber thieves, data and confidential information loss, data privacy, data mobility, quality of service and service levels, bandwidth costs, data protection, and support.
Moreover, data users’ externalization makes hard to maintain data integrity and privacy, and availability which causes serious consequences. Security is the big challenge in cloud computing systems. In fact, Intel security survey shows that the biggest security cloud concerns in 2018 are data loss and leakage (67%), threats to data privacy (61%), and breaches of confidentiality (53%) as compared to the previous year. Moreover, cloud computing accidental exposure issues are jumped from 26% in 2017 to 47% in 2018 (Intel Security, 2017).
This environment is threatened to several threats and the survey shows that there are three main serious threats types public cloud in 2018 which are: Misconfiguration of the cloud platform by a rate of 62%, unauthorized access through misuse of employee credentials and improper access controls by a rate of 55%, and insecure interfaces/APIs by a rate of 50%. In addition, Intel Security shows that there are three main barriers for cloud computing adoptions which are due to people and process and to technologies. These three aspects are: Staff expertise and training by 56%, data privacy concerns by 41% and lack of integration with on premises technology by 37% (Intel Security, 2017).
Additionally, McAfee reports that security is a major obstacle. In fact, 1 in 4 of Cloud users have experienced data theft from the public cloud and 1 in 5 of them have experienced an advanced attack against their public cloud infrastructure (McAfee, 2018).
In addition, organizations recognize several key advantages of deploying cloud-based security solutions. In fact, 47% of respondents cloud time to deployment is so fast and 47% of them estimate that the cost is very lower when using a cloud solution (McAfee, 2018).