What Organizations Should Be Aware of Regarding Cloud Technology

Cloud Computing Security Security flaws and risks in cloud computing are numerous. Current security issues range from data breaches to broken authentication, hacked interfaces, advanced persistent threats (APTs), permanent data loss, malicious insiders, DOS attacks, and cloud service abuses (Prashanth, Rao, 2015; Khan et al., 2016). This paper will discuss the current security issues, what organizations look for when implementing cloud systems, and whether security is the main factor for an organization when implementing cloud systems or whether there are other factors involved in the decision.

As Singh and Malhotra (2015) show, organizations are not just primarily interested in cloud computing because of security issues -- in fact, the main reasons they are interested in cloud computing are that the cloud system can help them to "expand their infrastructure at cheaper rates" and grow their organizational framework (p. 41). In other words, cloud computing allows firms to expand to new heights and store data in a manner that facilitates easier business interactions. However, there are several attendant risks associated with cloud computing, as has already stated.

One of the main current security issues associated with cloud computing is the fact that the cloud is like "a box" where everything is put inside, in one location, making it an easy target for hackers and intruders (Kashyap, Sharma, 2015, p. 32). The vulnerabilities of the cloud system, moreover, are numerous and may be defined as any "loop holes in the security architecture of the cloud, which can be exploited by malicious users to gain access to the cloud network and the resource infrastructure" (Kashyap, Sharma, 2015, p. 33).

Control of encryption keys, legal issues pertaining to international law and non-adherence across borders (the cloud is not confined to a single nation or region and thus the issue of risk related to law is evident), transferring and storing data, the kinds of data to be stored (is it lawful to store data that is considered illegal in some countries but not in others?), the violation of privacy rights, and payment security -- all of these are current concerns that relate to the security features of cloud computing and that can be accessed or hacked via loop holes in the security infrastructure (Chou, 2015).

There are also security issues related to the usage of the cloud's "hardware, virtualization, network, data and service providers" (Kazim, Zhu, 2015, p. 109). In fact securing data in the cloud is a major issue that few organizations are aware of, as their primary focus is on the ease with which they can operate their organization by utilizing the cloud and not the primary security issues associated with cloud computing (Singh, Malhotra, 2015).

The data security issues that organizations should be aware of are related to "confidentiality, integrity, authorization, availability and privacy" (Kazim, Zhu, 2015, p. 109). These are, in fact, the most common issues that arise through the use of cloud computing today. Data breaches, data loss, account hijacking, DOS attacks (Denial of Service), etc. are all customary problems that occur.

What organizations look for when implementing cloud systems are integration of systems in system-of-systems connections where cloud computing technology connects users -- unfortunately, it also serves as a link to which malicious intruders can join -- at which point the entire system-of-systems becomes a "complex interdependent and interconnected SOS" (Haimes et al., 2015, p. 284). The relationship between users, the cloud, and exploiters is a complex relationship in which each plays a role that may not be what it at first appears.

The organization, for example, uses the cloud to ease business transactions -- but it itself is dependent upon another source; the other source promises protection, but it too does not have 100% security or control over the "cloud," and users who interact with the cloud also interact with hackers or malicious users, who may function in both provider capacities and storage facilitator capacities, and there is no real way to disengage one from the other or to deny some entry into the cloud but not others: the cloud is like open storage where bits of data are secured by chain link fence and all that is stopping one from stepping in and accessing the data is a wire cutter.

Once the wire cutter is found, the data is accessed. Organizations thus look for some type of security measure that can assure them that the ease that cloud computing offers is backstopped by a rigorous system of protection that deters malicious abusers from breaching walls and taking what is not theirs or installing malicious software, etc.

Rather than having their cloud service outsourced to third party measures, organizations want accountability from providers and reassurance that the system they are entrusting their information to is actually protected in the virtual world (Kanagasabapathi, Prakash, 2015). Likewise, the issue of overlap of cloud computing services with that of intellectual property is a major concern for organizations and what that must be addressed as more information is brought forward about the risks of cloud computing and the security flaws within the overall structure of the cloud (Amit, Lizmary, 2015).

The solution that organizations want to see is better communication between stakeholders so that risks associated with cloud computing can be mitigated and.