future internet

Review

The Effect of information security on cloud computing

Amira Youssef Mahrous * and Mona Nasr

Faculty of Computers and Artificial Intelligence, Helwan University, Lot 660, Hay Moulay Rachid, Cairo, Egypt,
[email protected]

* Correspondence: [email protected]

Abstract

The concept of Cloud computing will be evolving towards the future generation for
imparting the technology over various IT enterprises with distinct features that provides
additional procedures of demand based on infrastructure as it facilitates various primary
services. It provides distinct types of services like need based storage over web which
includes cloud services based on the user requirements which is a challenging concern as it
is based on information square measure with interconnected resource pool which is
scattered over distinct global locations that comprises of unauthorized user who tends to
access knowledge by means of virtual machines which is a negative characteristic of the
cloud storage for acquiring the knowledge. On the same hand due to this the established
insecurity will create many drawbacks for end users. One of the major drawbacks in cloud
computing is securing the knowledge as the AES is considered to be the chief standard for
development of higher performance AES in the maximum utilized applications. In this paper
we will make a survey about information security, benefits, challenges, and what its impact
on cloud computing.

Keyword: cloud computing, security, privacy.

1. INTRODUCTION
Cloud computing has become a necessary component for data storage and processing and
is becoming more widespread. However, there are threats to the security and privacy of user
data, which is why it is important to find out the most effective methods for ensuring data
security in the cloud. The purpose of the study was to develop methods aimed at ensuring
privacy and security in cloud environments and in modern applications [6]. Cloud computing
has elevated IT to newer limits by offering the market environment data storage and capacity
with flexible scalable computing processing power to match elastic demand and supply, whilst
reducing capital expenditure. Governments across the globe are moving to the cloud to improve
services, reduce costs, and increase effectiveness and efficiency while fostering innovation and

1
citizen engagement. However, information security and privacy concerns raised in the past
remain significant to government adoption and utilization of cloud computing [2]. The General
Data Protection Regulations for Europe (GDPR) was introduced in May 2018 to strengthen
European citizens’ rights of data privacy and to implement compliance with more rigorous
global regulations or severe financial penalties for non-compliance. In providing a secure Cloud
computing solution, a major decision is to decide on the type of cloud to be implemented.
Currently there are three types of cloud deployment models offered, namely, a public, private
and hybrid cloud as shown in figure 1.

Figure 1: The infrastructure of cloud computing [1]

A public cloud is a model which allows users’ access to the cloud via interfaces using
mainstream web browsers. It’s typically based on a pay-per-use model, similar to a prepaid
electricity metering system which is flexible enough to cater for spikes in demand for cloud
optimization. This helps cloud clients to better match their IT expenditure at an operational level
by decreasing its capital expenditure on IT infrastructure.

A private cloud is set up within an organization’s internal enterprise datacenter. It is easier

to align with security, compliance, and regulatory requirements, and provides more enterprise
control over deployment and use. In the private cloud, scalable resources and virtual
applications provided by the cloud vendor are pooled together and available for cloud users to
share and use. It differs from the public cloud in that all the cloud resources and applications
are managed by the organization itself, similar to Intranet functionality.

A Community cloud is cloud environment collectively owned by a set of organizations

with the same motive. The community cloud is similar to a private cloud, but the
computational resources and underlying infrastructure are exclusively controlled by two
organizations with common privacy and security motives. It is also more expensive than the

2
 public cloud, and data access is not regulated correctly due to untrusted parties that might
arise. The advantage of the community cloud is the involvement of fair third-party access for
security auditing.

A hybrid cloud is a private cloud linked to one or more external cloud services, centrally
managed, provisioned as a single unit, and circumscribed by a secure network. It provides virtual
IT solutions through a mix of both public and private clouds.

When implementing cloud solutions and defining methods for ensuring security and
privacy in cloud systems, certain advantages and disadvantages should be considered. Benefits
may include ease of access, cost, scalability, automation and updates, backup and recovery.
Cloud computing allows users to access data and resources from anywhere with an Internet
connection, which promotes convenience and mobility. Using cloud resources allows avoiding
significant costs for equipment and maintenance of own infrastructure, in particular, for small
companies and startups. Cloud services are easily scalable, allowing users to increase their
resources as needed. Many cloud solutions are automatically updated and maintained, reducing
the need for manual work. In addition, most cloud services provide the ability to automatically
backup and restore data, which helps to avoid data loss. Disadvantages include data privacy and
security, dependence on the Internet connection, denial of control, configuration restrictions,
and regulatory compliance issues. Under the terms of cloud computing, user data is stored on
third-party servers. This increases the risk of privacy violations and the possibility of
unauthorized access. Cloud services require a stable internet connection, and losing Internet
access can lead to data unavailability. Using cloud solutions means that users transfer some
control over their infrastructure and security to third parties. Some cloud services may limit the
user’s ability to configure computing resources, and using cloud services may require
compliance with various regulatory requirements that are quite complex to meet. There are
many examples of modern cloud computing. For example, AWS, which is one of the leading
cloud service providers and offers a wide range of services such as computing, data storage,
databases, networks, etc. AWS Lambda allows developers to execute code without the need for
infrastructure management. In addition, GCP, another leading cloud service provider, offers a
variety of services for developing, deploying, and managing applications in the cloud. And GCP
Cloud Functions allows developers to create features that automatically respond to events and
requests. In turn, Microsoft Azure is another popular cloud solution that provides a wide range
of services for developing, deploying, and managing applications in the cloud. Azure IoT Hub
allows a user to connect, monitor, and manage IoT devices. Another example is Salesforce,
which is a leading provider of cloud-based customer relationship management (CRM) systems
and other CRM services. There are other cloud platforms, but all of them provide a variety of
solutions for sales, marketing, customer service, and other business processes, a comparison of
these cloud platforms is shown in Table 1.

3
Table 1. Comparison of leading cloud environments [7].
Platform Basic services Advantages Disadvantage
AWS Computing, data Easy access to resources, High costs, difficulty in using for
storage, databases, wide range of services, beginners, low customer support.
networks, etc. scalability, automation,
backup.
GCP Development, Ability to automatically Specificity for use in some other areas,
deployment, and respond to events, wide lack of certain services, insufficient
management of range of services, scalability. data localization.
applications in the
cloud.
Microsoft Development, Wide range of services, Difficult integration with some
Azure deployment, and scalability, IoT support. applications, limited opportunities for
management of users with non-paid support.
applications in the
cloud.
Salesforce CRM systems and CRM Specialized services for Limited opportunities for other types
services. businesses. of services, high usage costs for some
businesses.

2. LITERATURE REVIEW
There are various studies on security in cloud computing. Some researchers focus on
aspects of data encryption during transmission and storage, while others focus on user
authentication and access control, and explore aspects of intrusion detection and monitoring
systems.
The study in [3] screened 758 articles and included 33 articles that revealed information
security and privacy as critical factors and barriers to adopting cloud computing through a
systematic evaluation (PRISMA approach). The combined two factors contributed 70% of the
significant gaps to the cloud computing adoption challenges. In contrast, the individual
contribution of information security and privacy as a significant gap to the challenges of cloud
adoption yielded 9% and 12%, respectively. Furthermore, 9% of the authors recognized the
need for a framework to address the challenges but could not attempt to develop the
framework.

The findings in [4] research recommend OCTAVE Allegro as the preferred cloud hosting
paradigm. With many security models available in management studies, it is imperative to
identify those suitable for the rapidly expanding and dynamically evolving cloud environment.
The study underscores the significant methods for securing data on cloud-hosting platforms,
thereby contributing to establishing a robust cloud security taxonomy and hosting methodology.

4
 The findings in [5] the study include a number of solutions. The main result is the
development of security monitoring application that analyses event logs and checks access to
resources. It shows whether suspicious activity has been detected and can be a basis for
practical application. A comparison table of various cloud platforms has been compiled, with an
emphasis on their advantages and disadvantages in the context of data protection and privacy.

In [8] emphasize that cloud computing is an important technology that provides access to
computing resources over the Internet. The paper examines the security and privacy challenges
in cloud computing that arise with the widespread use of this technology. The researchers
analyze methods to ensure data privacy, and discuss the role of cloud service providers and
compliance issues. In conclusion, they make recommendations for improving security and
privacy in cloud computing. Both studies applied practices for security and privacy issues in
cloud computing, and considered examples of various cloud services. However, the examples
themselves and their descriptions differ.

In [10] the authors evaluated firewalls issues and how the routing tables can be configured
in a way that minimizes the maximized firewall rule set which helps to avoid performance
bottlenecks and limit safety breakthroughs. The problems are NP-full and a heuristic approach
has been suggested to demonstrate the efficacy of algorithms using simulations. Two major
contributions have also taken place.

The International Data Encryption Standard (IDEA), the Advance Encryption Standard
(AES) [11], and the Data Encryption Standard (DES) [12]. Due to the significance of cloud
computing security, numerous research has been done on the topic. For instance [13], suggest
"Security study and performance evaluation of a new lightweight cryptographic method
for cloud computing". The authors suggest performing a security audit and effectiveness
evaluation of a new, lightweight cryptographic method to enhance data security in the cloud.
The study concentrates on assessing the efficiency and security of the cryptographic algorithm
design in the cloud computing environment, employing various techniques such as
computational complexity, key sensitivity analysis, statistical methods, image histograms, and
entropy analysis.

In addition to the aforementioned techniques, some researchers propose using advanced

methods to enhance cloud computing security. For instance [14], suggest using blockchain
technology to secure cloud computing. In a proposed blockchain-based ecosystem for new data,
when a majority of peers approve a new

block, the system adds it to the chain, and the newly generated blocks are distributed to all
network peers. This approach offers a high level of cloud computing security due to the inherent
security of blockchain technology. However, despite its numerous advantages, the blockchain-
based solution has several challenges, including the inability to update data once it is added to
the chain, which may affect data integrity. For instance, it may be illegal to do so in

5
 accordance with data protection regulations (such as GDPR1), which mandate that sensitive
personal information should only be retained for the "shortest time practicable" and have
a deadline for doing so. Moreover, changes or mistakes cannot be undone because it requires
the consent of much more than half of the peers. Another issue with the suggested approach is
that while many cloud technology data are enormous data, like images, and the method does
not adequately work for preserving all cloud computing data, blockchain is designed to
carry small transactional data.

In [15] the authors offered a solution for data protection, checking the authenticity and integrity
using the best practices in the sector. It discusses categorizing data into distinct groups, index
builders, SSL encryption, Message Authenticate Codes (MAC), double user authentication—first
by the user's owner, then by the cloud—and cloud-based digital signature verification. By
discussing solutions to numerous problems, including data tampering, data leakage, and
unwanted access even from the cloud service provider, it makes data accessible. Additionally,
this document offers increased flexibility and capability to meet the demands of today's
complex, diversified networks. It also offers a way for users to search for information in the
cloud and retrieve it.

A literature review of previous research and scholarly articles has also been conducted to
provide insights regarding cloud computing security. It shows the need for continuous research
and innovation to address emerging threats and maintain a security-conscious culture in the
company.

3. CLOUD COMPUTING SECURITY

Cloud computing’s diverse range of applications has drawn academic attention to security
when it comes to data storing, management and processing [9]. Cloud computing brings open
issues regarding the security and privacy of outsourced data. Due to its dynamic abstraction and
scalability, applications and data outsourced to the cloud have unlimited security boundaries
and infrastructure. Another primary security concern surrounding the adoption of cloud
computing is its multi-tenancy nature and sharing of virtualized resources. Cloud providers such
as Google, Microsoft, and Amazon have recently accelerated their cloud computing
infrastructure and services to support a more considerable number of users. Nevertheless, the
issue of privacy and security will continue to grow because cloud databases usually contain
important sensitive information. The confidence level in adopting the cloud is dropping due to
the threats and highlighted as follows:
1.Immoral use and abuse of cloud computing: Cloud computing infrastructure offers
various utilities for users, including storage and bandwidth capacities. However, the
cloud infrastructure lacks full control over the use of these resources, granting malicious
users and attackers the zeal to exploit these weaknesses. Malicious users abuse cloud
resources by targeting attack points and launching DDoS, Captcha solving farms and

6
 password cracking attacks. These threats mostly affect the PaaS and IaaS layers due to
their high user interaction level.
2.Malicious insider attackers: Attacks generated from malicious insiders have been one of
the most neglected attacks, but it has been the most devastating form of attack affecting
all layers of the cloud infrastructure. A malicious insider with high-level access can gain
root privilege to network components, tampering with sensitive and confidential data.
This attack poses many security threats because Intrusion Detection Systems and
firewalls bypass such anomalous behaviors, assuming it as a legal activity, thereby posing
no risk of detection.
3.Vulnerable programming interfaces: Part of the cloud services for user interaction in all
layers is publishing APIs for easy deployment or the development of software
applications. These interfaces provide an extra layer to the cloud framework to increase
complexity. Unfortunately, these interfaces bring vulnerabilities in the APIs
4.for malicious users to exploit through backdoor access. These types of vulnerabilities can
affect the underlying operations of the cloud architecture.
5.Data leakage and loss: One of the significant concerns of cloud computing is data leakage
due to the constant migration and transmission of information over untrusted channels.
Loss of data can lead to data theft, which has become the biggest threat to the IT world,
costing clients and industries a massive amount of money in losses. Causes of data loss
result from weak authentication and encryption schemes, defective data centers, and a
lack of disaster control.
6.Distributed technology vulnerabilities: The multitenant architecture offers virtualization
for shared on-demand services, meaning that one application can be shared among
several users, as long as they have access. However, vulnerabilities in the hypervisor
allow malicious intruders to gain control over legitimate virtual machines. These
vulnerabilities can also affect the underlying operations of the cloud architecture,
thereby altering its regular operation.
7.Services and account hijacking: This is the ability of a malicious intruder to redirect a
web service to an illegitimate website. Malicious intruders then have access to the
legitimate site and reused credentials and perform phishing attacks and identity theft.
8.Anonymous profile threat: cloud services possess the ability to provide less involvement
and maintenance for hardware and software. However, this poses threats to security
compliance, hardening, auditing, patching, logging processes and lack of awareness of
internal security measures. An anonymous profile threat can expose an organization to
the significant risk of confidential information disclosure.

7
4. CONCLUSION
From the literature and trends of emerging technologies, the challenge in any
system from the internet’s critical infrastructures such as cloud computing is the ability
of systems to self-protect regarding security and privacy. Secure adaptive techniques are
ubiquitous and can be adopted at any stage of an underlining technology, from hardware
and software to the core computing infrastructure. Secure adaptiveness implies that the
system can self-protect during multiple attacks or a malicious user exploring multiple
vulnerabilities. Cloud computing will still be prone to security and privacy concerns with-
out the practical adoption of adaptive mechanisms for efficient client and user
experience. The study further provides limitations to different works from the literature,
including classifying security and privacy issues based on attack mitigation. The review
also provided a technical approach and depicted the need for adaptive techniques that
better cater to threats and vulnerabilities surrounding cloud computing. The observation
from the study shows that most works in the literature have no consensus in the design
and implementation of effective cloud security schemes, which means that security and
privacy implementation in the literature does not balance integrity, accountability, and
privacy.

References:
1. S. Ramgovind, M. M. Eloff and E. Smith, "The management of security in Cloud
computing," 2010 Information Security for South Africa, Johannesburg, South Africa,
2010, pp. 1-7, https://doi.org/10.1109/ISSA.2010.5588290
2. Ahmadi, S. (2024) Systematic Literature Review on Cloud Computing Security: Threats
and Mitigation Strategies. Journal of Information Security, 15, 148-167.
https://doi.org/10.4236/jis.2024.152010
3. Ukeje, N., Gutierrez, J. & Petrova, K. Information security and privacy challenges of
cloud computing for government adoption: a systematic review. Int. J. Inf. Secure. 23,
1459–1475 (2024). https://doi.org/10.1007/s10207-023-00797-6
4. Ali, T., Al-Khalidi, M., & Al-Zaidi, R. (2024). Information Security Risk Assessment
Methods in Cloud Computing: Comprehensive Review. Journal of Computer Information
Systems, 1–28. https://doi.org/10.1080/08874417.2024.2329985
5. Zarichuk, O. (2024). Security in cloud computing: Methods for ensuring privacy and
integration in modern applications. Development Management, 23(1), 37-
45. https://doi.org/10.57111/devt/1.2024.37
6. Abdulsalam, Y., & Hedabou, M. (2022). Security and privacy in cloud computing:
Technical review. Future Internet, 14(1), article number 11.
https://doi.org/10.3390/fi14010011

8
7. Dignan, L. (2021). Top cloud providers: AWS, Microsoft Azure, and Google Cloud, hybrid,
SaaS players. Retrieved from https://www.zdnet.com/article/the-top-cloud-providers-
of-2021-aws-microsoft-azure-google-cloud-hybrid-saas/
8. Mohd Fadhil, I.S., Mohd Nizar, N.B., & Rostam, R.J. (2023). Security and privacy issues in
cloud computing. TechRxiv. https://doi.org/10.36227/techrxiv.23506905.v1
9. T. Sampath Kumar, B. Manjula, “Security Issue Analysis on Cloud Computing Based
System”, International Journal of Future Generation Communication and Networking,
12(5), 143–150, (2019).
10. Rajasekharaiah K.M., Dr., Dule C.S., Sudarshan E. Cyber Security Challenges and its
Emerging Trends on Latest Technologies 2020 IOP Conference Series: Materials Science
and Engineering 981 2 22062 https://doi.org/10.1088/1757-899X/981/2/022062
11. Tezcan, C. (2021) “Optimization of Advanced Encryption Standard on graphics
processing units,” IEEE Access, 9, pp. 67315–67326. Available at:
https://doi.org/10.1109/access.2021.3077551.7AES encrypton using python and
pycryptodomeDECRYPTED FILE
12. Reyad, O. et al. (2021) “Key-based enhancement of Data Encryption Standard for Text
Security,” 2021 National Computing Colleges Conference (NCCC) [Preprint]. Available at:
https://doi.org/10.1109/nccc49330.2021.9428818
13. Thabit, F., Alhomdy, S.and Jagtap, S. (2021) “Security analysis and performance
evaluation of a new lightweight cryptographic algorithm for cloud computing,” Global
Transitions Proceedings, 2(1), pp. 100–110. Available at:
https://doi.org/10.1016/j.gltp.2021.01.014.
14. Prabhdeep Singh, & Ashish Kumar Pandey. (2022). A Review on Cloud Data Security
Challenges and existing Countermeasures in Cloud Computing. International Journal of
Data Informatics and Intelligent Computing, 1(2), 23–33.
https://doi.org/10.5281/zenodo.7464700
15. Jones, K. I., & Suchithra, R. (2023). Information Security: A Coordinated Strategy to
Guarantee Data Security in Cloud Computing. International Journal of Data Informatics
and Intelligent Computing, 2(1), 11-31.