Cloud computing
services have quickly become a mainstay in business, leading to success as a business
model and numerous advantages from the client’s point of view. Ease and amount of
storage and computational services provisions were not previously accessible or
affordable. However, parallel to this explosion has been significant security risk
concerns. Thus, it is important to understand and define these security risks in
a cybersecurity framework. This paper will take a case study approach to approach
past security risks and propose a model that can be followed by organizations to
eliminate the risk of Cloud-related cyberattacks. The main aims of this systematic
literature review (SLR) are to (1) address security risks/vulnerabilities that can
target cloud environments, (2) define tools that can be used by organizations to
defend their cloud environment against those security risks/vulnerabilities, and
(3) analyze case studies of significant cyberattacks and provide recommendations
for organizations to mitigate such cyberattacks. This paper will propose a novel
cloud cybersecurity model from a two-pronged offensive and defensive perspective
for implementation by organizations to enhance their security infrastructure.
References
[1]
Shaikh, F.B. and Haider, S. (2011) Security Threats in Cloud Computing. 2011 International Conference for Internet Technology and Secured Transactions, Abu Dhabi, 11-14 December 2011, 214-219.
[2]
Dudin, E.B. and Smetanin, Y.G. (2011) A Review of Cloud Computing. Scientific and Technical Information Processing, 38, 280-284. https://doi.org/10.3103/S0147688211040083
[3]
The 2021 AWS Cloud Security Report. Fidelis Cybersecurity. https://fidelissecurity.com
[4]
Galiveeti, S., et al. (2021) Cybersecurity Analysis: Investigating the Data Integrity and Privacy in AWS and Azure Cloud Platforms. In: Maleh, Y., et al., Eds., Artificial Intelligence and Blockchain for Future Cybersecurity Applications, Springer, Cham, 329-360. https://doi.org/10.1007/978-3-030-74575-2_17
[5]
Carlin, S. and Curran, K. (2013) Cloud Computing Security. In: Curran, K., Ed., Pervasive and Ubiquitous Technology Innovations for Ambient Intelligence Environments, IGI Global, Hershey, 12-17. https://doi.org/10.4018/978-1-4666-2041-4.ch002
[6]
Zissis, D. and Lekkas, D. (2012) Addressing Cloud Computing Security Issues. Future Generation Computer Systems, 28, 583-592. https://doi.org/10.1016/j.future.2010.12.006
[7]
Diogenes, Y. and Ozkaya, E. (2018) Cybersecurity? Attack and Defense Strategies: Infrastructure Security with Red Team and Blue Team Tactics. Packt Publishing Ltd., Birmingham.
[8]
AWS. Shared Responsibility Model—Amazon Web Services (AWS). https://aws.amazon.com/compliance/shared-responsibility-model/
[9]
Mather, T., Kumaraswamy, S. and Latif, S. (2009) Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance. O’Reilly Media, Inc., Sebastopol.
[10]
Fahmideh, M., et al. (2020) Cloud Migration Process a Survey Evaluation Framework and Open Challenges. https://arxiv.org/ftp/arxiv/papers/2004/2004.10725.pdf
[11]
Loaiza Enriquez, R. (2021) Cloud Security Posture Management/CSPM in Azure. https://www.theseus.fi/handle/10024/504136
[12]
Top Cloud Security Concerns Worldwide 2021. Statista, 19 June 2023. https://www.statista.com/statistics/1172265/biggest-cloud-security-concerns-in-2020
[13]
Suryateja, P.S. (2018) Threats and Vulnerabilities of Cloud Computing: A Review. International Journal of Computer Sciences and Engineering, 6, 297-302. https://www.researchgate.net/profile/Pericherla-Suryateja/publication/324562008_Threats_and_Vulnerabilities_of_Cloud_Computing_A_Review/links/5ad5bf9d458515c60f54c714/Threats-and-Vulnerabilities-of-Cloud-Computing-A-Review.pdf https://doi.org/10.26438/ijcse/v6i3.297302
[14]
Agarwal, A. and Agarwal, A. (2011) The Security Risks Associated with Cloud Computing. International Journal of Computer Applications in Engineering Sciences, 1, 257-259. https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.207.9119&rep=rep1&type=pdf
[15]
Faatz, D. (2018, March 12) Best Practices for Cloud Security. SEI Blog. https://insights.sei.cmu.edu/blog/12-risks-threats-vulnerabilities-in-moving-to-the-cloud
[16]
Swiss Cyber Institute (2021, November 25) 21 Cloud Security Statistics You Probably Didn’t Know. https://swisscyberinstitute.com/blog/21-cloud-security-statistics-you-probably-didnt-know
[17]
Cipher (2019, August 30) Analysis of a Cyber Attack: Capital One. Cipher. https://cipher.com/blog/analysis-cyber-attack-capital-one
[18]
Kritikos, K., et al. (2019) A Survey on Vulnerability Assessment Tools and Databases for Cloud-Based Web Applications. Array, 3, Article ID: 100011. https://doi.org/10.1016/j.array.2019.100011
[19]
Chow, E. (2011) Ethical Hacking & Penetration Testing. No. AC 626, University of Waterloo, Waterloo.
[20]
Pourmajidi, W., et al. (2018) On Challenges of Cloud Monitoring. https://arxiv.org/abs/1806.05914
[21]
Myllykangas, T. (2016) Integrating Next-Generation Firewalls into a Private Cloud Datacenter. https://scholar.google.com/scholar?hl=en&as_sdt=0%2C5&q=Integrating+Next-Generation+Firewalls+into+a+Private+Cloud+Datacenter.&btnG=
[22]
Guo, H., Jin, B. and Shang, T. (2012) Forensic Investigations in Cloud Environments. 2012 IEEE International Conference on Computer Science and Information Processing (CSIP), Xi’an, 24-26 August 2012, 248-251. https://doi.org/10.1109/CSIP.2012.6308841