Post on 12-Jan-2023
Security Issues of Cloud Computing and Impacts to
Enterprises
Slaiman Nasrollah Master of Information Technology,
International Islamic University Malaysia (IIUM) nas.slaiman@gmail.com
2 | P a g e
Table of Contents
I. Introduction ........................................................................................................................................... 3
II. Security issues of cloud computing ...................................................................................................... 6
1. Data breaches .................................................................................................................................... 6
2. Data Lock-in ..................................................................................................................................... 7
3. Data Remanence ............................................................................................................................... 8
4. Data recovery .................................................................................................................................... 8
5. Data locality ...................................................................................................................................... 9
III. Strengths and Weaknesses of Cloud Computing .................................................................................. 9
1. Strengths ........................................................................................................................................... 9
2. Weaknesses ..................................................................................................................................... 10
3. Opportunities ................................................................................................................................... 10
4. Threats............................................................................................................................................. 11
IV. The impacts of security issues in cloud computing to enterprises ...................................................... 11
1. Sharing infrastructure ...................................................................................................................... 11
2. Loss in business .............................................................................................................................. 12
V. Conclusion .......................................................................................................................................... 13
VI. Bibliography ....................................................................................................................................... 14
3 | P a g e
I. Introduction
The emergence of cloud computing has attracted great attentions for various business
enterprises to deploy the advanced technology of the cloud paradigm. As the cloud computing
promises to deliver a best solution for various sizes of the business enterprises for the
improvement their business strategies with the advancement of cloud computing technology.
However, cloud computing recently has become one of the fundamental issues that have turned
the public attentions with question mark, how secure is cloud computing? The security issues of
cloud are the major concerns from the small to large size of the business enterprises. Many
studies have considered the security issues as the most top disadvantages of cloud computing.
According to International Data Corporation (IDC) conducted a survey (see Figure.1.) of 263 IT
executives and their line-of business colleagues to gauge their opinions and understand their
companies’ use of IT cloud services. Security ranked first as the greatest challenge or issue of
cloud computing (Krešimir, 2010). This result turned to concerns from large business enterprises
as well the small one. According to the survey of Gartner in 2009, more than 70% of the
interviewee CTO considered that they do not use cloud computing primarily because of worry
about data and privacy security (Wang, 2011). This paper aims to address more on the
information security issues of cloud computing that enterprises/organization have experienced
and will continue to experience when the security is not managed properly or poorly managed by
the service providers. And the impacts of security issues on the enterprises/organization are also
part of the discussion that will discover with the loss for the enterprises/organization when
security is failed to manage and handle. On the other hand, the strengths, weaknesses,
opportunities, and threats will be discussed in following section. These will provide an
4 | P a g e
understanding and knowledge to the enterprises/organization to have a clear image on cloud
computing prior to adopt or deploy this service to the organization.
Prior to the deep discussion, there are some concepts of cloud computing to be addressed. Cloud
computing is the use of multiple server computers via a digital network as if they were one. The
Cloud itself is a virtualization of resources (networks, servers, applications, data storage and
services) allowing on-demand access for the end user. These resources can be provided with
minimal management or service provider interaction1. In addition, cloud computing has emerged
as an important solution offering enterprises a potentially cost effective model to ease their
computing needs and accomplish business objectives. It provides benefits to many large
enterprises such as optimized server utilization - as most enterprises typically underutilize their
server computing resources, cloud computing will manage the server utilization to the optimum
level and cost saving - IT infrastructure costs are almost always substantial and are treated as a
capital expense (CAPEX)2.
Cloud computing is continuously evolving and there are several major cloud computing
providers such as Amazon, Google, Microsoft, Yahoo and several others who are providing
services such as Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), Storage-as-a-
Service and Infrastructure-as-a-Service (IaaS) (Anthony, 2011). According to Dennis Brandl
(2010), enterprises are starting to look into cloud computing technology as a way to cut down on
cost and increase profitability, because across all industries "CIOs are under continuous pressure
to reduce capital assets, headcounts, and support costs, and cloud systems give them a way to
meet those goals" (Anthony, 2011). However, when it comes to security, cloud really suffers a
1 http://www.itgovernance.co.uk/cloud-computing.aspx
2 http://www.moorestephens.com/cloud_computing_benefits_challenges.aspx
5 | P a g e
lot. The vendor for cloud must make sure that the customer does not face any problem such as
loss of data or data theft. There is also a possibility where a malicious user can penetrate the
cloud by impersonating a legitimate user, there by infecting the entire cloud thus affecting many
customers who are sharing the infected cloud (Susan).
The following sections will respectively discuss the general security issue of cloud
computing in section II, section III will be discussed on the strengths, weaknesses, opportunities,
and threats (SWOT) of cloud computing and following by section IV, the impacts of poor
security management of cloud computing to the enterprises/organizations.
Figure.1. Results of IDC ranking security challenges (3Q2009, n=263) (Krešimir, 2010)
6 | P a g e
II. Security issues of cloud computing
The challenging aspect of cloud computing is the security issues that have come out on a
growing scale that need to be solved to promote the wider service of cloud computing. These
security issues is a hot topic that has been studied by many researchers As studied by Antone
Gonsalves (2013), the security issues in cloud computing are very challenging that become a
leading concern of security experts in cloud computing. There are 9 top cloud computing threats
that recently reported in 2013 such as data breaches, data loss, account hijacking, insecure APIs,
denial of services, malicious insiders, abuse of cloud services, insufficient due diligence, and
shared technology issues (Gonsalves, 2013). The report showed that, data breaches is the most
top issues that encountered by large business enterprises and followed by the data loss.
There are three security issues in cloud computing such as data security, virtualization related
security issues and application related security issues (Pengfei, 2012) that has been categorized
by Pengfei et al (2012). However, this paper will summarize the study only at the data security
issues.
1. Data breaches
Data breaches mainly violate two security properties of data which are the integrity and
confidentiality. The breach behavior may come from inside employee who operates the data
intentionally or unintentionally, or from outside malicious hacker. Data breaches have been
reported to the top ten threats in cloud computing security alliance. “It’s every CIO’s worst
nightmare: the organization’s sensitive internal data falls into the hands of their competitors”.
While this scenario has kept executives awake at night long before the advent of computing,
cloud computing introduces significant new avenues of attack. In November 2012, researchers
from the University of North Carolina, the University of Wisconsin and RSA Corporation
7 | P a g e
released a paper describing how a virtual machine could use side channel timing information to
extract private cryptographic keys being used in other virtual machines on the same physical
server. However, in many cases an attacker wouldn’t even need to go to such lengths. If a
multitenant cloud service database is not properly designed, a flaw in one client’s application
could allow an attacker access not only to that client’s data, but every other client’s data as well
(Los, 2013).
The nonprofit's latest survey found a reshuffling of security priorities pointing to the growing
danger posed by cyber-attacks aimed at stealing corporate data. Data breaches and account
hijackings that were in the middle of CSA's 2010 list of top threats rose to the number one and
three spots, respectively, this year. At the same time, denial of service attacks made their debut
as the fifth most worrisome threat (Gonsalves, 2013).
“So far this year, 28 breaches attributed to hackers have been made public, resulting in the
loss of 117,000 data records, according to the Privacy Rights Clearinghouse. Service providers
hacked included Zendesk and Twitter. In 2012 there were 230 publicly disclosed breaches for a
loss 9 million records. Service providers that suffered breaches included Yahoo, eHarmony and
LinkedIn” (Gonsalves, 2013).
2. Data Lock-in
Data lock-in refers to the customer cannot well migrate the data from a SaaS or IaaS vendor
to another. It may lose users' data, which prevents users from adopting cloud computing. Data
loss is a very serious problem in Cloud computing. If the vendor closes due to financial or legal
problems there will be a loss of data for the customers. The customers won’t be able to access
those data’s because data is no more available for the customer as the vendor shut down.
8 | P a g e
In a survey released in January of 3,200 business enterprises, Symantec found that more than
four in 10 had lost data in the cloud and have had to recover it through backups.” It's really kind
of astounding," Dave Elliott, a cloud-marketing manager at the storage and security company,
told Investor's Business Daily (Gonsalves, 2013).
3. Data Remanence
Data remanence is the residual representation of data that have been in some way nominally
erased or removed. In private cloud it causes minimal security threats; however in public cloud it
can cause severe security issues because of the open environment, especially in an IaaS model.
Deleting your data files from digital devices may seem like the best way to protect your company
from security breaches, but that simple act may not be enough. Virtually all digital devices
utilize built in data storage3. This issue of data remanence remained the worries to the
organization after the deletion of the data. This issue needs a wise solution to be proven by the
cloud service providers to ensure that the data that has been removed is free from the attackers in
the future.
4. Data recovery
Data recovery is contradicted to the concerns of data remanence. However, data recovery in
cloud computing may take place to recover the data as an incident such as a server breakdown
may cause damage or loss to users' data. To avoid this, data should be backed up to be recovered
in future. Cloud users can keep a backup of critical data on a local computer. The SaaS vendor
may provide backup service for users. For instance, Amazon’s S3 (Simple Storage Service)
3
http://www.oceusa.com/main/article_details.jsp?WebLogicSession=L0GhR4hb8n8BqZvjWBxTDDN3H22MhxxWphhGk58JvrQXm61jpdHt!1249089552&CONTENT%3C%3Ecnt_id=10134198673403001&FOLDER%3C%3Efolder_id=9852723696641347&bmUID=1371021756349
9 | P a g e
allows a user to specify the files that should be backed up as well as the appropriate level of data
mirroring.
5. Data locality
In a SaaS model of a cloud environment the customer does not know where the data is stored,
which may be an issue. One of the top security concerns of enterprises are the physical location
of the data that are being stored in the cloud especially if they are located in another country
because the laws of the host country of the equipment apply to the data on the machines (Smith,
2009) and that could be a big issue if the host country does not have adequate laws to protect
sensitive data or if the host nation becomes hostile or when the government of the hosting nation
changes and become unfriendly (Anthony, 2011).
III. Strengths and Weaknesses of Cloud Computing
1. Strengths
Cloud computing offers a dramatically lower cost of entry for smaller firms, almost immediate
access to hardware resources, lower IT barriers to innovation, easiness for enterprises to scale
their services and possible new classes of applications and delivers services that were not
possible before. Besides that, cloud computing has the ability to scale up services at a very short
notice obviates the need for underutilized servers in anticipation of peak demand. When an
organization has unanticipated usage spikes in computing above its internally installed capacity,
it has the ability to request more computing resources on the fly. Cloud computing offers
business enterprises the ability to effectively use time distributed computing resources (Sean,
2010).
10 | P a g e
2. Weaknesses
There are many issues that need to be resolved before cloud computing can be accepted as a
viable choice in business computing. As pointed out in the previous section, business enterprises
will be justifiably wary of the loss of physical control of the data that is put on the cloud.
Hitherto, providers have been unable to guarantee the location of a company's information on
specified set of servers in a specified location. However, cloud computing service providers are
rapidly adopting measures to handle this issue. For example, Amazon Web Services recently
announced the Amazon Virtual Private Cloud that allows a business to connect its existing
infrastructure to a set of isolated AWS compute resources via a VPN connection. To satisfy the
European Union data regulations, AWS now allows for companies to deploy its Simple DB
structured storage physically within the EU region. The Government Cloud product from Google
that we alluded to earlier is also a response to allay concerns from government entities over the
location of their data.
3. Opportunities
One of the significant opportunities of cloud computing lies in its potential to help
developing countries reap the benefits of information technology without the significant upfront
investments that have stymied past efforts. As reported in the star online (October 9, 2013),
Cloud Computing investments in Malaysia is expected to reach RM2.8bil by 2020, a significant
rise from the RM140mil recorded in 2012. "Its benefits in delivering on economies of scale,
shared computing platforms, more cost effective investment into infrastructure and greater
11 | P a g e
human resources efficiencies, are things we can no longer ignore," he added in his opening
address at the MSC Malaysia Cloud Conference here today4.
4. Threats
One of the biggest threats to cloud computing is the possibility of backlash from entrenched
incumbents. Threats are presented as the security issues that occur in cloud computing. It’s a
potential risk that organization comes into concerns. The CSA's March 2010 reported, it listed
seven key threats specific to cloud environments include: abuse and nefarious use of cloud
computing; insecure application programming interfaces (APIs); malicious insiders; shared
technology vulnerabilities; data loss/leakage; account, service and traffic hijacking; and
unknown risk profiles5.
IV. The impacts of security issues in cloud computing to enterprises
1. Sharing infrastructure
The security issues of cloud computing lead to various impacts to the small-to-large
enterprises that deployed the cloud services. It is obvious to press that, by keeping it entirely data
within a private corporate network may increase data vulnerability and the business models of
CSPs involve sharing infrastructure among many clients and managing IT workloads among
many different physical machines or even geographically dispersed data centers (Ernst, Young).
This can be showed that vulnerability may occur and create the impact when the data is shared
across the clients and it is unenviable to say the safety is 100% there. Somehow data even
geographically share across the nations that have different lawsuits to be applied and enterprises
4 http://www.thestar.com.my/Business/Investing/2013/10/09/CLOUD-COMPUTING-INVESTMENTS-IN-MALAYSIA-
TO-REACH-RM2point8-BLN-BY-2020.aspx 5 http://ccskguide.org/top-threats-to-cloud-computing/
12 | P a g e
have no knowledge where the data is stored. Everything is relied on the service providers to
handle their millions of data. However, cloud computing service has prioritized to the business
enterprises with choices whether to keep the data entirely with the cloud or partially with their
own database storage. Therefore, the business enterprises have priority to migration their data
and specify the data which data is sensitive or not sensitive to be migrated to the cloud.
Moving to the cloud presents the enterprise with a number of risks and that include securing
critical information like the protection of intellectual property, trade secrets, personally
identifiable information that could fall into the wrong hands. Making sensitive information
available on the internet requires a considerable investment in security controls and monitoring
of access to the contents (Anthony, 2011).
2. Loss in business
The security issues have become a leading concern to the enterprises as well cloud
computing providers. The security issues are threatening the enterprises with serious impacts that
bring a fundamental problems and loss to the enterprises. As described at above section, the
enterprises may face many impacts regarding data breaches, data loss, account hijacking and so
on. These will drive the enterprises to failures of services, down time, loss customers, and loss
profits and will affect the overall business even small and large sizes. These impacts will drive a
large attention from investors away and lead the bankrupts if the security of cloud computing is
not handled quickly at timely manner.
There have been instances where there has been a complete blackout of entire cloud services
and making it unavailable for hours and even days due to bugs (Smith, 2009). Google's Gmail
went down for two hours, Ctrix's GoToMeeting and GoToWebinar were temporarily
13 | P a g e
unavailable, Amazon.com's Simple Storage Service was "out of commission for excruciating
eight hours" (Hoover, 2008). Imagine an enterprise that completely depends on a cloud
computing service provider whose system had been disrupted for hours or days, the loss of
business could be catastrophic (Anthony, 2011).
V. Conclusion
Evolution of cloud computing is potentially one of the major advance in fastest growth of
technology and it represents a fundamental change in the way information technology services
that are invented, developed, deployed by various sizes of enterprises. It offers major advantages
to the enterprises regarding the immediate access, lower cost, availability, accessibility, mobility
and competitiveness. Most businesses, however, have a major concern when it comes to cloud
computing. Although most reputable cloud providers have top-of-the-line security to protect
users' data, experts say there is no such thing as a completely safe cloud system. Since the cloud
computing has its strengths and weaknesses that business enterprises may have to take into
consideration before the adoption of cloud computing. Of course, there are agreements between
the service providers and business enterprises should go through and have a clear image of
unpredicted issues regarding cloud computing security such as threats. This is because hackers,
intruders are resided everywhere and even inside or outside the organization itself. However,
having a strong security for cloud computing is a fundamental advantage to create and uphold
the trust from and reputation to both enterprises and service providers with the competitive
manner. This is because the opportunities of cloud computing have brought the huge advantages
to the business with fastest access and best services to their customers from very small to
medium and of course the large size of the enterprises.
14 | P a g e
VI. Bibliography
Anthony, B. S. (2011). AN OVERVIEW OF THE SECURITY CONCERNS IN ENTERPRISE CLOUD COMPUTING.
International Journal of Network Security & Its Applications (IJNSA), 1.
Ernst, Young. (n.d.). Cloud computing issues and impacts.
Gonsalves, A. (2013, March 4). readwrite. Retrieved from The 9 Top Threats Facing Cloud Computing:
http://readwrite.com/2013/03/04/9-top-threats-from-cloud-
computing#awesm=~or5nwS7S4Rf4dz
Krešimir, P. Ž. (2010). Cloud computing security issues and challenges . MIPRO 2010, 344.
Los, R. S. (2013). The Notorious Nine Cloud Computing Top Threats 2013. 8-21.
Mell, P. G. (2011). The NIST Definition of Cloud Computing. Special Publication, 2-3.
Pengfei, Y. Y. (2012). Security Issues and Solutions in Cloud Computing. 32nd International Conference
on Distributed Computing Systems Workshops, 574-575.
Sean, M. Z. (2010). Cloud computing — The business perspective☆. Elsevier , 1-8.
Susan, W. (n.d.). About.com. Retrieved from 5 Disadvantages of Cloud Computing:
http://sbinfocanada.about.com/od/itmanagement/a/Cloud-Computing-Disadvantages.htm
Wang, J. M. (2011). Security Issues and Countermeasures in Cloud Computing. IEE, 1.