Cloud computing plays a significant role in modern information
technology, providing organizations with numerous benefits, including
flexibility, scalability, and cost-efficiency. However, it has become essential
for organizations to ensure the security of their applications, data, and
cloud-based networks to use cloud services effectively. This systematic
literature review aims to determine the latest information regarding cloud
computing security, with a specific emphasis on threats and mitigation
strategies. Additionally, it highlights some common threats related to cloud
computing security, such as distributed denial-of-service (DDoS) attacks,
account hijacking, malware attacks, and data breaches. This research also
explores some mitigation strategies, including security awareness training,
vulnerability management, security information and event management (SIEM),
identity and access management (IAM), and encryption techniques. It discusses
emerging trends in cloud security, such as integrating artificial intelligence
(AI) and machine learning (ML), serverless computing, and containerization, as
well as the effectiveness of the shared responsibility model and its related
challenges. The importance of user awareness and the impact of emerging
technologies on cloud security have also been discussed in detail to mitigate
security risks. A literature review of previous research and scholarly articles
has also been conducted to provide insights regarding cloud computing security.
It shows the need for continuous research and innovation to address emerging
threats and maintain a security-conscious culture in the company.
References
[1]
Vinoth, S., Vemula, H.L., Haralayya, B., Mamgain, P., Hasan, M.F. and Naved, M. (2022) Application of Cloud Computing in Banking and e-Commerce and Related Security Threats. Materials Today: Proceedings, 51, 2172-2175. https://doi.org/10.1016/j.matpr.2021.11.121
[2]
Kurt, E. (2022) Cloud Computing and Data Security. https://ekremkurt1907.medium.com/cloud-computing-and-data-security-cdce9745ab09
[3]
Chen, D., Chowdhury, M.M. and Latif, S. (2021) Data Breaches in Corporate Setting. 2021 International Conference on Electrical, Computer, Communications and Mechatronics Engineering (ICECCME), Mauritius, 7-8 October 2021, 1-6. https://doi.org/10.1109/ICECCME52200.2021.9590974
[4]
Patel, V., Choe, S. and Halabi, T. (2020) Predicting Future Malware Attacks on Cloud Systems Using Machine Learning. IEEE 6th International Conference on Big Data Security on Cloud, Baltimore, 25-27 May 2020, 151-156. https://doi.org/10.1109/BigDataSecurity-HPSC-IDS49724.2020.00036
[5]
Lokuge, K. (2020) Security Concerns in Cloud Computing: A Review. https://www.researchgate.net/publication/346606684_Security_Concerns_in_Cloud_Computing_A_Review
[6]
Srinivasan, K., Mubarakali, A., Alqahtani, A.S. and Dinesh Kumar, A. (2020) A Survey on the Impact of DDoS Attacks in Cloud Computing: Prevention, Detection and Mitigation Techniques. In: Balaji, S., Rocha, á. and Chung, Y.-N., Eds., Intelligent Communication Technologies and Virtual Mobile Networks, Springer, Berlin, 252-270. https://doi.org/10.1007/978-3-030-28364-3_24
[7]
Seth, B., Dalal, S., Jaglan, V., Le, D.N., Mohan, S. and Srivastava, G. (2022) Integrating Encryption Techniques for Secure Data Storage in the Cloud. Transactions on Emerging Telecommunications Technologies, 33, e4108.
[8]
Ashtari, H. (2021) What Is Cloud Encryption? Definition, Importance, Methods, and Best Practices. https://www.spiceworks.com/tech/cloud/articles/what-is-cloud-encryption/
[9]
Olabanji, S.O., Olaniyi, O.O., Adigwe, C.S., Okunleye, O.J. and Oladoyinbo, T.O. (2024) AI for Identity and Access Management (IAM) in the Cloud: Exploring the Potential of Artificial Intelligence to Improve User Authentication, Authorization, and Access Control within Cloud-Based Systems. Asian Journal of Research in Computer Science, 17, 38-56. https://doi.org/10.9734/ajrcos/2024/v17i3423
[10]
Sasubilli, M.K. and Venkateswarlu, R. (2021) Cloud Computing Security Challenges, Threats and Vulnerabilities. 6th International Conference on Inventive Computation Technologies, Coimbatore, 20-22 January 2021, 476-480. https://doi.org/10.1109/ICICT50816.2021.9358709
[11]
Bentaleb, O., Belloum, A.S., Sebaa, A. and El-Maouhab, A. (2022) Containerization Technologies: Taxonomies, Applications and Challenges. The Journal of Supercomputing, 78, 1144-1181. https://doi.org/10.1007/s11227-021-03914-1
[12]
Kelly, D., Glavin, F. and Barrett, E. (2020) Serverless Computing: Behind the Scenes of Major Platforms. IEEE 13th International Conference on Cloud Computing (CLOUD), Beijing, 19-23 October 2020, 304-312. https://doi.org/10.1109/CLOUD49709.2020.00050
[13]
Rath, M., Satpathy, J. and Oreku, G.S. (2021) Artificial Intelligence and Machine Learning Applications in Cloud Computing and Internet of Things. In: Kaur, G., Tomar, P. and Tanque, M., Eds., Artificial Intelligence to Solve Pervasive Internet of Things Issues, Elsevier, Amsterdam, 103-123. https://doi.org/10.1016/B978-0-12-818576-6.00006-X
[14]
Abidin, S., Swami, A., Ramirez-Asís, E., Alvarado-Tolentino, J., Maurya, R.K. and Hussain, N. (2022) Quantum Cryptography Technique: A Way to Improve Security Challenges in Mobile Cloud Computing (MCC). Materials Today: Proceedings, 51, 508-514. https://doi.org/10.1016/j.matpr.2021.05.593
[15]
Alouffi, B., Hasnain, M., Alharbi, A., Alosaimi, W., Alyami, H. and Ayaz, M. (2021) A Systematic Literature Review on Cloud Computing Security: Threats and Mitigation Strategies. IEEE Access, 9, 57792-57807. https://doi.org/10.1109/ACCESS.2021.3073203
[16]
Yau-Yeung, D., Yigitbasioglu, O. and Green, P. (2020) Cloud Accounting Risks and Mitigation Strategies: Evidence from Australia. Accounting Forum, 44, 421-446. https://doi.org/10.1080/01559982.2020.1783047
[17]
Gupta, I., Gupta, R., Singh, A.K. and Buyya, R. (2020) MLPAM: A Machine Learning and Probabilistic Analysis Based Model for Preserving Security and Privacy in Cloud Environment. IEEE Systems Journal, 15, 4248-4259. https://doi.org/10.1109/JSYST.2020.3035666
[18]
Chen, C., Zhang, L. and Tiong, R.L.K. (2020) A Novel Learning Cloud Bayesian Network for Risk Measurement. Applied Soft Computing, 87, Article ID: 105947. https://doi.org/10.1016/j.asoc.2019.105947
[19]
Kumar, M.S. and Raja, M.I. (2020) A Queuing Theory Model for e-Health Cloud Applications. International Journal of Internet Technology and Secured Transactions, 10, 585-600. https://doi.org/10.1504/IJITST.2020.10029365
[20]
Amini, M. and Bozorgasl, Z. (2023) A Game Theory Method to Cyber-Threat Information Sharing in Cloud Computing Technology. International Journal of Computer Science and Engineering Research, 11, 4-11.
[21]
Ahmad, W., Rasool, A., Javed, A.R., Baker, T. and Jalil, Z. (2021) Cyber Security in IoT-Based Cloud Computing: A Comprehensive Survey. Electronics, 11, Article No. 16. https://doi.org/10.3390/electronics11010016
[22]
Parast, F.K., Sindhav, C., Nikam, S., Yekta, H.I., Kent, K.B. and Hakak, S. (2022) Cloud Computing Security: A Survey of Service-Based Models. Computers & Security, 114, Article ID: 102580. https://doi.org/10.1016/j.cose.2021.102580
[23]
Mondal, S.K., Pan, R., Kabir, H.D., Tian, T. and Dai, H.N. (2022) Kubernetes in IT Administration and Serverless Computing: An Empirical Study and Research Challenges. The Journal of Supercomputing, 78, 1-51.
[24]
Chuka-Maduji, N. and Anu, V. (2021) Cloud Computing Security Challenges and Related Defensive Measures: A Survey and Taxonomy. SN Computer Science, 2, Article No. 331. https://doi.org/10.1007/s42979-021-00732-3
[25]
Sun, P.J. (2019) Privacy Protection and Data Security in Cloud Computing: A Survey, Challenges, and Solutions. IEEE Access, 7, 147420-147452. https://doi.org/10.1109/ACCESS.2019.2946185
[26]
Stouffer, C. (2023) 23 Cloud Security Risks, Threats, and Best Practices to Follow. https://us.norton.com/blog/privacy/cloud-security-risks
[27]
Pratt-Sensie, A.A. (2020) Security Strategies to Prevent Data Breaches in Infrastructure as a Service Cloud Computing. Doctoral Dissertation, Walden University, Minneapolis.
[28]
Gan, C., Feng, Q., Zhang, X., Zhang, Z. and Zhu, Q. (2020) Dynamical Propagation Model of Malware for Cloud Computing Security. IEEE Access, 8, 20325-20333. https://doi.org/10.1109/ACCESS.2020.2968916
[29]
González-Granadillo, G., González-Zarzosa, S. and Diaz, R. (2021) Security Information and Event Management (SIEM): Analysis, Trends, and Usage in Critical Infrastructures. Sensors, 21, Article No. 4759. https://doi.org/10.3390/s21144759
[30]
Abusaimeh, H. (2020) Distributed Denial of Service Attacks in Cloud Computing. International Journal of Advanced Computer Science and Applications, 11, 163-168. https://doi.org/10.14569/IJACSA.2020.0110621
[31]
Pontes, D. (2021, June 30) Automated, Accurate, Flexible DDoS Detection and Mitigation. https://www.kentik.com/blog/automated-accurate-flexible-ddos-detection-and-mitigation/
[32]
Singh, C., Thakkar, R. and Warraich, J. (2023) IAM Identity Access Management—Importance in Maintaining Security Systems within Organizations. European Journal of Engineering and Technology Research, 8, 30-38. https://doi.org/10.24018/ejeng.2023.8.4.3074
[33]
Tuyishime, E., Balan, T.C., Cotfas, P.A., Cotfas, D.T. and Rekeraho, A. (2023) Enhancing Cloud Security—Proactive Threat Monitoring and Detection Using a SIEM-Based Approach. Applied Sciences, 13, Article No. 12359. https://doi.org/10.3390/app132212359
[34]
Mohanan, R. (2022) What Is Security Information and Event Management (SIEM)? Definition, Architecture, Operational Process, and Best Practices. https://www.spiceworks.com/it-security/vulnerability-management/articles/what-is-siem/