Page 12 - Cyber Warnings
P. 12
Cloud Computing Security Issues: What Can Be Done?
By Dr. Daniel Osafo. Harrison, D.C.S., Security+.
The goal of cloud computing is to bring all of an organization’s features like databases, mail,
software applications and more into one easily accessible place. Organizations that use cloud
computing do not have to pay for hosting the information because the service provider hosts the
information. Data storage and applications for the organization are kept in the cloud. This also
means that the service provider will have more control of the security infrastructure, will have
control over compliance and regulation, and will do the monitoring of the organization for
compliance. Although the cloud was supposed to be a better way to store data, the use of the
cloud brought with it new security risks. This paper will explore some of those risks. .
Introduction
The advent of cloud computing has made subscribing to services like Infrastructure as a Service
(IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS), easier for
organizations easier for organizations to operate. These subscriptions were created to cut costs
and maximize profit for the organization, by allowing employees to work at any time in any place
(Orman, 2016). Organizations are not only providing a way for all employees to access the
system, hackers can also find ways into the system more easily.
Generally, when an organization has the infrastructure in house, both internal and external
audits can be easily done to monitor the system at any time. However, when all resources are
move to and stored in the cloud, there can be challenges to confidentiality and integrity of the
system (Ryoo, Rizvi, Aiken, & Kissoll, 2014). Another challenge for cloud users is that instead of
a closed system that is controlled by the organization, a three-way system exists between the
organization, the cloud service provider and the end users. The more systems involved, the
more vulnerable the organization is to attack. In addition, auditors are not always familiar with
the cloud’s terminology and may not understand how the cloud works (Ryoo et al.).
Viega (2012) stated that the cloud is more secure than people think. Viega attempted to
assuage people’s fears by showing how the cloud has similar controls as traditional IT models.
Viega suggested that organizations have the same control over the cloud as they have in
traditional systems, and at the same time, these two systems are very different so comparison is
difficult. Although it is true that the cloud has many good qualities, there are still issues of
security that must be addressed.
Analysis of Cloud Articles on Security Issues
A random literature review using the key words cloud security and cloud computing compliance
issues, was conducted analyzing challenges with cloud security and compliance issue. I
12 Cyber Warnings E-Magazine October 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
