Security in Cloud Computing Research Paper

Download this Research Paper in word format (.doc)

Note: Sample below may appear distorted but all corresponding word document files contain proper formatting

Excerpt from Research Paper:

Security in Cloud Computing

Security issues associated with the cloud

Cloud Security Controls

Deterrent Controls

Preventative Controls

Corrective Controls

Detective Controls

Dimensions of cloud security

Security and privacy


Business continuity and data recovery

Logs and audit trails

Legal and contractual issues

Public records

The identified shortcomings in the cloud computing services and established opportunities for growth regarding security aspects are discussed in the current research. The security of services is regarded as the first obstacle. The opportunity for growth is provided as combination of multiple service providing resources and mechanism to mitigate the effect of vulnerability. The research further elaborates the dimensions of security in a shared resources and strategically locating computing resources at multiple locations similar to cloud computing. Furthermore the legal and regulatory issues are also addressed in detail. Improvement in security of the services is also a responsibility of the cloud services users and enterprises deciding to store data. The service providers can establish storage in multiple locations, using different networks, and internet service providers to minimize disturbance in providing services. In such cases it is necessary or the users to classify their data and store the least vulnerable information on cloud computing resources.

1 Security issues associated with the cloud:

Scott Case, CEO of the Startup America Partnership however narrates a different story in favor of cloud computing while ignoring the enormous security issues posed by cloud computing for the larger organizations., a company founded by Scott Case had to invest $3 million in IT infrastructure, platforms, and software development when the company was started in 1997. Comparatively, now such IT capability can be acquired using cloud services of any of the renowned vendors such as Amazon, Intuit, Dell, or IBM (Shread, 2012). The choice of vendors and cost incurred on acquisition of IaaS, PaaS, and SaaS are relatively negligible for new startups. Instead, the IT capability acquisition costs can be incurred on marketing and product development. The inventories can be managed against a fraction of cost that is incurred if startups invest in the infrastructure. The flexibility and cost reduction of IT acquisition out-weigh potential security threats.

2 Cloud Security Controls:

The security controls enables in each computing system including cloud computing are targeted at reducing the amount of vulnerabilities. It is also aimed at providing the adequate level of security to the user's data and their key information. The users of cloud computing should also assess their level of tolerance and to what extent they would like to compromise on the security of information. The security issues associated with the shared infrastructure and resources of cloud computing are mainly with respect to the loss of sensitive information, financial crimes, reputation, and resources destruction.

The controls established to counter these issues are related to be identified as four major categories including deterrent controls, preventive controls, corrective, and detective controls. All these controls refer to different areas of information security however all are related to establish a coherent and integrated system for providing uninterrupted services to their clients. The issues of information security in cloud computing also arise due to its services oriented shared nature of business. These control categories are elaborated in detail underneath.

2.1 Deterrent Controls:

The deterrence oriented controls are established to reduce the amount of vulnerabilities in cloud services. It is also deliberate attacks from hackers and other cyber criminals are handled through increased deterrence in cloud services. The deterrence against the likely attacks is achieved through updated programs and firewalls erected at the premises of cloud services providers. It is highly likely that the cloud users lose their valuable data through a well-planned attempt of security breach at cloud services provider's infrastructure. The attackers take advantage of the latest technology to enter and destroy the security mechanism of cloud services providers (Krutz, & Vines, 2010).

The deterrence control measures are described in the client's security manuals as well as the assurances provided in the service level agreements (SLA). The deterrence control measures are significant in the cloud information security as there is always a threat of attacks. The threat perception and levels have to define as assessed risks in order to maintain a high level of security. The cybercrimes can also take place through the shared systems and criminals might gain access to the information stored in the system through seeking an account. The cloud services providers need to place adequate amount of checks for their client's identity. It can also be enhanced through monitoring cloud account activity using multiple techniques.

2.2 Preventative Controls:

Krutz et al. (2010) defines that the preventive measures are also taken to reduce vulnerabilities in cloud services. These vulnerabilities may arise through the violation of security policy. There are numerous preventive measures that can be taken in order to prevent the potential threats to cloud services security. The accurate preventive controls are required to provide an effective protection against the potential attacks through physical and virtual (network) security violations. The notable preventive controls are the applications developed for integration with the systems development life cycle approach. The system disables the users from using a high level of privileges. The users are only providing minimum to adequate amount of privileges in order to restrict their attempts for violating the security policy (Mather, Kumaraswamy, & Latif, 2009).

According to Mather et al. (2009) the significant preventive controls are also implemented through user authentications techniques, access control measures, and account management policies. There are browser handled and endpoint security measures that also ensure the preventive attacks are handled effectively in order to reduce the threat level. The usage of anti-virus, host-based IDS, host firewalls, and administration of virtual private networks are used as measures through policy for ensuring security in cloud computing. The applicable preventive actions for cloud computing security measures should be documented in the form of a list containing all possible states where the controls should also be defined (Ackermann, 2013).

2.3 Corrective Controls:

The rapid evolution of cloud computing services as a model for reduced infrastructure and upfront cost has also raised several security issues. The growth in number of users facilitated through cloud computing services has also raised the concerns of information and data that can be classified as vulnerable in cloud resources. It is also observed that prior to this situation the customers of cloud computing were used to secure and risk the data theft as their own decision (Isaca, 2011). However the later developments including government's initiative for using cloud resources has also raised various concerns.

The result of such development could be seen in terms of the corrective measures taken to secure cloud services through implementation of cloud security and information and data security corrective measures. The response of various communities, governments, and cloud services providers is also changing from reactive to proactive approach in implementation of corrective measures. According to Prodan, and Ostermann (2009) the assessment procedures adopted by federal and various state governments to perform vulnerability scanning is a cost effective method of initiating corrective actions. The system development life cycle approach is also regarded as significant in increasing usage of corrective measures for improvement in cloud computing information security.

2.4 Detective Controls:

According to Krutz et al. (2010) the detective controls are essential in aspect for effective cloud computing security measures. The detective controls implemented in cloud computing are required to discover the attempts made for security breach and activate the corrective and preventive controls. It can also be associated with the intelligent systems that are developed to interpret the attempts made to intrude the security settings of cloud computing. These controls also work as a coordinated insertion detections system that is also capable of detecting the violations of security policy, organizational policy and physical attempts to break in the system through breach of security apparatus.

The detective controls implemented for increasing security in cloud computing are mostly logging events and event correlation. The application vulnerability scanning and monitoring is also categorized as detective controls (Mather et al., 2009). These measures are a preemptive attempt to ensure data and information security ofcloud computing services. The cloud computing resources are secured through the auto activation of corrective and preventive measures initiated through the detective controls.

3 Dimensions of cloud security:

The cloud computing services offer three major types of services including software as a service (SaaS), infrastructure as a service (IaaS), and platform as a service (PaaS). All these services are used through networks and remote access is required to offer the services. The usage of these services also has different requirements and distinct level of controls required to ensure security for the users. These controls for cloud computing security are also segregated into three categories including SaaS, IaaS, and PaaS.

The security architecture for IaaS is concerning the assurance for the hosted applications to work according to the offered terms and conditions. The attacks on IaaS security could be dealt in similar ways as enterprise web applications in distributed architecture. The IaaS controls are essentially ensured by…[continue]

Some Sources Used in Document:


Cite This Research Paper:

"Security In Cloud Computing" (2013, October 03) Retrieved December 2, 2016, from

"Security In Cloud Computing" 03 October 2013. Web.2 December. 2016. <>

"Security In Cloud Computing", 03 October 2013, Accessed.2 December. 2016,

Other Documents Pertaining To This Topic

  • Cloud Computing Information Security in

    This approach to defining a performance-based taxonomy will also allow for a more effective comparison within industries as well. All of these factors taken together will provide enterprise computing buyers with more effective foundations of arguing for more thorough measures of application performance. The net result will be much greater visibility into how cloud computing is actually changing the global economics of the enterprise computing industry. III. Final Report: Introduction The foundational

  • Cloud Computing Emerging Trends for

    In addition to the stability, scalability and extensibility of its architecture, cloud platform have made it possible for workflows across government to become more pervasive and secure as a result [4]. The TCO of a given cloud platform or series of applications therefore has continued to become reduced by the experience effect (comparable to economies of scale yet only applied to data aggregated and knowledge creation) across government [6]. This

  • Cloud Computing

    Brodkin, J. (2008). Gartner: Seven cloud-Computing security risks. Infoworld, pp. 1 -- 3. Carlin, S. & Curran, K. (2011). Cloud computing security. International Journal Of Ambient Computing And Intelligence (IJACI), 3 (1), pp. 14 -- 19. Cloud Computing Benefits, risks and recommendations for information security. (2009). [e-book] Available through: ENISA [Accessed: 24 Mar 2014]. (2011). Top threats to cloud computing: cloud security alliance. [online] Retrieved from: [Accessed: 24 Mar 2014]. Feng,

  • Cloud Computing as Cloud Computing Became More

    Cloud Computing As cloud computing became more and more popular, many major business names jumped at the chance to execute cloud strategies and services within their IT management strategies. Ericsson was one of those companies and has seen major benefits in terms of cost reduction, ease of automatic software updates, increased capabilities of remote access, and on-demand availability. Since its adoption of AWS services as provided from Amazon, it has

  • Cloud Computing Will Be Discussed to Show

    cloud computing will be discussed to show that the good outweighs the bad. Furthermore, it will be further discussed that the government is looking into using cloud computing because it will cut IT cost down and increase capabilities despite the fact people are concerned with security issues that this may bring to the public. In completing a dissertation, it is very hard to go through the challenges that it requires.

  • Mobile and Cloud Computing

    Mobile & Cloud Computing Cloud Computing Author's note with contact information and more details on collegiate affiliation, etc. This paper will define cloud computing and mobile cloud computing even while there is no current consensus on their definitions as it is a newly forming field of study and technology. The paper will additionally describe the utility and the structure of mobile cloud and cloud computing. Furthermore, the paper will address topics within

  • Cloud Computing Assessing the Risks of Cloud

    Cloud Computing Assessing the Risks of Cloud Computing Despite the many economic advantages of cloud computing, there are just as many risks, both at the information technologies (IT) and strategic level for any enterprise looking to integrate them into their operations. The intent of this analysis is to evaluate three of the top risks of cloud computing and provide prescriptive analysis and insight into how best to manage each. Despite widespread skepticism

Read Full Research Paper
Copyright 2016 . All Rights Reserved