Security Issues of Cloud Computing and Impacts to

Enterprises

Slaiman Nasrollah Master of Information Technology,

International Islamic University Malaysia (IIUM) nas.slaiman@gmail.com

2 | P a g e

Table of Contents

I. Introduction ........................................................................................................................................... 3

II. Security issues of cloud computing ...................................................................................................... 6

1. Data breaches .................................................................................................................................... 6

2. Data Lock-in ..................................................................................................................................... 7

3. Data Remanence ............................................................................................................................... 8

4. Data recovery .................................................................................................................................... 8

5. Data locality ...................................................................................................................................... 9

III. Strengths and Weaknesses of Cloud Computing .................................................................................. 9

1. Strengths ........................................................................................................................................... 9

2. Weaknesses ..................................................................................................................................... 10

3. Opportunities ................................................................................................................................... 10

4. Threats............................................................................................................................................. 11

IV. The impacts of security issues in cloud computing to enterprises ...................................................... 11

1. Sharing infrastructure ...................................................................................................................... 11

2. Loss in business .............................................................................................................................. 12

V. Conclusion .......................................................................................................................................... 13

VI. Bibliography ....................................................................................................................................... 14

3 | P a g e

I. Introduction

The emergence of cloud computing has attracted great attentions for various business

enterprises to deploy the advanced technology of the cloud paradigm. As the cloud computing

promises to deliver a best solution for various sizes of the business enterprises for the

improvement their business strategies with the advancement of cloud computing technology.

However, cloud computing recently has become one of the fundamental issues that have turned

the public attentions with question mark, how secure is cloud computing? The security issues of

cloud are the major concerns from the small to large size of the business enterprises. Many

studies have considered the security issues as the most top disadvantages of cloud computing.

According to International Data Corporation (IDC) conducted a survey (see Figure.1.) of 263 IT

executives and their line-of business colleagues to gauge their opinions and understand their

companies’ use of IT cloud services. Security ranked first as the greatest challenge or issue of

cloud computing (Krešimir, 2010). This result turned to concerns from large business enterprises

as well the small one. According to the survey of Gartner in 2009, more than 70% of the

interviewee CTO considered that they do not use cloud computing primarily because of worry

about data and privacy security (Wang, 2011). This paper aims to address more on the

information security issues of cloud computing that enterprises/organization have experienced

and will continue to experience when the security is not managed properly or poorly managed by

the service providers. And the impacts of security issues on the enterprises/organization are also

part of the discussion that will discover with the loss for the enterprises/organization when

security is failed to manage and handle. On the other hand, the strengths, weaknesses,

opportunities, and threats will be discussed in following section. These will provide an

4 | P a g e

understanding and knowledge to the enterprises/organization to have a clear image on cloud

computing prior to adopt or deploy this service to the organization.

Prior to the deep discussion, there are some concepts of cloud computing to be addressed. Cloud

computing is the use of multiple server computers via a digital network as if they were one. The

Cloud itself is a virtualization of resources (networks, servers, applications, data storage and

services) allowing on-demand access for the end user. These resources can be provided with

minimal management or service provider interaction1. In addition, cloud computing has emerged

as an important solution offering enterprises a potentially cost effective model to ease their

computing needs and accomplish business objectives. It provides benefits to many large

enterprises such as optimized server utilization - as most enterprises typically underutilize their

server computing resources, cloud computing will manage the server utilization to the optimum

level and cost saving - IT infrastructure costs are almost always substantial and are treated as a

capital expense (CAPEX)2.

Cloud computing is continuously evolving and there are several major cloud computing

providers such as Amazon, Google, Microsoft, Yahoo and several others who are providing

services such as Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), Storage-as-a-

Service and Infrastructure-as-a-Service (IaaS) (Anthony, 2011). According to Dennis Brandl

(2010), enterprises are starting to look into cloud computing technology as a way to cut down on

cost and increase profitability, because across all industries "CIOs are under continuous pressure

to reduce capital assets, headcounts, and support costs, and cloud systems give them a way to

meet those goals" (Anthony, 2011). However, when it comes to security, cloud really suffers a

1 http://www.itgovernance.co.uk/cloud-computing.aspx

2 http://www.moorestephens.com/cloud_computing_benefits_challenges.aspx

5 | P a g e

lot. The vendor for cloud must make sure that the customer does not face any problem such as

loss of data or data theft. There is also a possibility where a malicious user can penetrate the

cloud by impersonating a legitimate user, there by infecting the entire cloud thus affecting many

customers who are sharing the infected cloud (Susan).

The following sections will respectively discuss the general security issue of cloud

computing in section II, section III will be discussed on the strengths, weaknesses, opportunities,

and threats (SWOT) of cloud computing and following by section IV, the impacts of poor

security management of cloud computing to the enterprises/organizations.

Figure.1. Results of IDC ranking security challenges (3Q2009, n=263) (Krešimir, 2010)

6 | P a g e

II. Security issues of cloud computing

The challenging aspect of cloud computing is the security issues that have come out on a

growing scale that need to be solved to promote the wider service of cloud computing. These

security issues is a hot topic that has been studied by many researchers As studied by Antone

Gonsalves (2013), the security issues in cloud computing are very challenging that become a

leading concern of security experts in cloud computing. There are 9 top cloud computing threats

that recently reported in 2013 such as data breaches, data loss, account hijacking, insecure APIs,

denial of services, malicious insiders, abuse of cloud services, insufficient due diligence, and

shared technology issues (Gonsalves, 2013). The report showed that, data breaches is the most

top issues that encountered by large business enterprises and followed by the data loss.

There are three security issues in cloud computing such as data security, virtualization related

security issues and application related security issues (Pengfei, 2012) that has been categorized

by Pengfei et al (2012). However, this paper will summarize the study only at the data security

issues.

1. Data breaches

Data breaches mainly violate two security properties of data which are the integrity and

confidentiality. The breach behavior may come from inside employee who operates the data

intentionally or unintentionally, or from outside malicious hacker. Data breaches have been

reported to the top ten threats in cloud computing security alliance. “It’s every CIO’s worst

nightmare: the organization’s sensitive internal data falls into the hands of their competitors”.

While this scenario has kept executives awake at night long before the advent of computing,

cloud computing introduces significant new avenues of attack. In November 2012, researchers

from the University of North Carolina, the University of Wisconsin and RSA Corporation

7 | P a g e

released a paper describing how a virtual machine could use side channel timing information to

extract private cryptographic keys being used in other virtual machines on the same physical

server. However, in many cases an attacker wouldn’t even need to go to such lengths. If a

multitenant cloud service database is not properly designed, a flaw in one client’s application

could allow an attacker access not only to that client’s data, but every other client’s data as well

(Los, 2013).

The nonprofit's latest survey found a reshuffling of security priorities pointing to the growing

danger posed by cyber-attacks aimed at stealing corporate data. Data breaches and account

hijackings that were in the middle of CSA's 2010 list of top threats rose to the number one and

three spots, respectively, this year. At the same time, denial of service attacks made their debut

as the fifth most worrisome threat (Gonsalves, 2013).

“So far this year, 28 breaches attributed to hackers have been made public, resulting in the

loss of 117,000 data records, according to the Privacy Rights Clearinghouse. Service providers

hacked included Zendesk and Twitter. In 2012 there were 230 publicly disclosed breaches for a

loss 9 million records. Service providers that suffered breaches included Yahoo, eHarmony and

LinkedIn” (Gonsalves, 2013).

2. Data Lock-in

Data lock-in refers to the customer cannot well migrate the data from a SaaS or IaaS vendor

to another. It may lose users' data, which prevents users from adopting cloud computing. Data

loss is a very serious problem in Cloud computing. If the vendor closes due to financial or legal

problems there will be a loss of data for the customers. The customers won’t be able to access

those data’s because data is no more available for the customer as the vendor shut down.

8 | P a g e

In a survey released in January of 3,200 business enterprises, Symantec found that more than

four in 10 had lost data in the cloud and have had to recover it through backups.” It's really kind

of astounding," Dave Elliott, a cloud-marketing manager at the storage and security company,

told Investor's Business Daily (Gonsalves, 2013).

3. Data Remanence

Data remanence is the residual representation of data that have been in some way nominally

erased or removed. In private cloud it causes minimal security threats; however in public cloud it

can cause severe security issues because of the open environment, especially in an IaaS model.

Deleting your data files from digital devices may seem like the best way to protect your company

from security breaches, but that simple act may not be enough. Virtually all digital devices

utilize built in data storage3. This issue of data remanence remained the worries to the

organization after the deletion of the data. This issue needs a wise solution to be proven by the

cloud service providers to ensure that the data that has been removed is free from the attackers in

the future.

4. Data recovery

Data recovery is contradicted to the concerns of data remanence. However, data recovery in

cloud computing may take place to recover the data as an incident such as a server breakdown

may cause damage or loss to users' data. To avoid this, data should be backed up to be recovered

in future. Cloud users can keep a backup of critical data on a local computer. The SaaS vendor

may provide backup service for users. For instance, Amazon’s S3 (Simple Storage Service)

3

http://www.oceusa.com/main/article_details.jsp?WebLogicSession=L0GhR4hb8n8BqZvjWBxTDDN3H22MhxxWphhGk58JvrQXm61jpdHt!1249089552&CONTENT%3C%3Ecnt_id=10134198673403001&FOLDER%3C%3Efolder_id=9852723696641347&bmUID=1371021756349

9 | P a g e

allows a user to specify the files that should be backed up as well as the appropriate level of data

mirroring.

5. Data locality

In a SaaS model of a cloud environment the customer does not know where the data is stored,

which may be an issue. One of the top security concerns of enterprises are the physical location

of the data that are being stored in the cloud especially if they are located in another country

because the laws of the host country of the equipment apply to the data on the machines (Smith,

2009) and that could be a big issue if the host country does not have adequate laws to protect

sensitive data or if the host nation becomes hostile or when the government of the hosting nation

changes and become unfriendly (Anthony, 2011).

III. Strengths and Weaknesses of Cloud Computing

1. Strengths

Cloud computing offers a dramatically lower cost of entry for smaller firms, almost immediate

access to hardware resources, lower IT barriers to innovation, easiness for enterprises to scale

their services and possible new classes of applications and delivers services that were not

possible before. Besides that, cloud computing has the ability to scale up services at a very short

notice obviates the need for underutilized servers in anticipation of peak demand. When an

organization has unanticipated usage spikes in computing above its internally installed capacity,

it has the ability to request more computing resources on the fly. Cloud computing offers

business enterprises the ability to effectively use time distributed computing resources (Sean,

2010).

10 | P a g e

2. Weaknesses

There are many issues that need to be resolved before cloud computing can be accepted as a

viable choice in business computing. As pointed out in the previous section, business enterprises

will be justifiably wary of the loss of physical control of the data that is put on the cloud.

Hitherto, providers have been unable to guarantee the location of a company's information on

specified set of servers in a specified location. However, cloud computing service providers are

rapidly adopting measures to handle this issue. For example, Amazon Web Services recently

announced the Amazon Virtual Private Cloud that allows a business to connect its existing

infrastructure to a set of isolated AWS compute resources via a VPN connection. To satisfy the

European Union data regulations, AWS now allows for companies to deploy its Simple DB

structured storage physically within the EU region. The Government Cloud product from Google

that we alluded to earlier is also a response to allay concerns from government entities over the

location of their data.

3. Opportunities

One of the significant opportunities of cloud computing lies in its potential to help

developing countries reap the benefits of information technology without the significant upfront

investments that have stymied past efforts. As reported in the star online (October 9, 2013),

Cloud Computing investments in Malaysia is expected to reach RM2.8bil by 2020, a significant

rise from the RM140mil recorded in 2012. "Its benefits in delivering on economies of scale,

shared computing platforms, more cost effective investment into infrastructure and greater

11 | P a g e

human resources efficiencies, are things we can no longer ignore," he added in his opening

address at the MSC Malaysia Cloud Conference here today4.

4. Threats

One of the biggest threats to cloud computing is the possibility of backlash from entrenched

incumbents. Threats are presented as the security issues that occur in cloud computing. It’s a

potential risk that organization comes into concerns. The CSA's March 2010 reported, it listed

seven key threats specific to cloud environments include: abuse and nefarious use of cloud

computing; insecure application programming interfaces (APIs); malicious insiders; shared

technology vulnerabilities; data loss/leakage; account, service and traffic hijacking; and

unknown risk profiles5.

IV. The impacts of security issues in cloud computing to enterprises

1. Sharing infrastructure

The security issues of cloud computing lead to various impacts to the small-to-large

enterprises that deployed the cloud services. It is obvious to press that, by keeping it entirely data

within a private corporate network may increase data vulnerability and the business models of

CSPs involve sharing infrastructure among many clients and managing IT workloads among

many different physical machines or even geographically dispersed data centers (Ernst, Young).

This can be showed that vulnerability may occur and create the impact when the data is shared

across the clients and it is unenviable to say the safety is 100% there. Somehow data even

geographically share across the nations that have different lawsuits to be applied and enterprises

4 http://www.thestar.com.my/Business/Investing/2013/10/09/CLOUD-COMPUTING-INVESTMENTS-IN-MALAYSIA-

TO-REACH-RM2point8-BLN-BY-2020.aspx 5 http://ccskguide.org/top-threats-to-cloud-computing/

12 | P a g e

have no knowledge where the data is stored. Everything is relied on the service providers to

handle their millions of data. However, cloud computing service has prioritized to the business

enterprises with choices whether to keep the data entirely with the cloud or partially with their

own database storage. Therefore, the business enterprises have priority to migration their data

and specify the data which data is sensitive or not sensitive to be migrated to the cloud.

Moving to the cloud presents the enterprise with a number of risks and that include securing

critical information like the protection of intellectual property, trade secrets, personally

identifiable information that could fall into the wrong hands. Making sensitive information

available on the internet requires a considerable investment in security controls and monitoring

of access to the contents (Anthony, 2011).

2. Loss in business

The security issues have become a leading concern to the enterprises as well cloud

computing providers. The security issues are threatening the enterprises with serious impacts that

bring a fundamental problems and loss to the enterprises. As described at above section, the

enterprises may face many impacts regarding data breaches, data loss, account hijacking and so

on. These will drive the enterprises to failures of services, down time, loss customers, and loss

profits and will affect the overall business even small and large sizes. These impacts will drive a

large attention from investors away and lead the bankrupts if the security of cloud computing is

not handled quickly at timely manner.

There have been instances where there has been a complete blackout of entire cloud services

and making it unavailable for hours and even days due to bugs (Smith, 2009). Google's Gmail

went down for two hours, Ctrix's GoToMeeting and GoToWebinar were temporarily

13 | P a g e

unavailable, Amazon.com's Simple Storage Service was "out of commission for excruciating

eight hours" (Hoover, 2008). Imagine an enterprise that completely depends on a cloud

computing service provider whose system had been disrupted for hours or days, the loss of

business could be catastrophic (Anthony, 2011).

V. Conclusion

Evolution of cloud computing is potentially one of the major advance in fastest growth of

technology and it represents a fundamental change in the way information technology services

that are invented, developed, deployed by various sizes of enterprises. It offers major advantages

to the enterprises regarding the immediate access, lower cost, availability, accessibility, mobility

and competitiveness. Most businesses, however, have a major concern when it comes to cloud

computing. Although most reputable cloud providers have top-of-the-line security to protect

users' data, experts say there is no such thing as a completely safe cloud system. Since the cloud

computing has its strengths and weaknesses that business enterprises may have to take into

consideration before the adoption of cloud computing. Of course, there are agreements between

the service providers and business enterprises should go through and have a clear image of

unpredicted issues regarding cloud computing security such as threats. This is because hackers,

intruders are resided everywhere and even inside or outside the organization itself. However,

having a strong security for cloud computing is a fundamental advantage to create and uphold

the trust from and reputation to both enterprises and service providers with the competitive

manner. This is because the opportunities of cloud computing have brought the huge advantages

to the business with fastest access and best services to their customers from very small to

medium and of course the large size of the enterprises.

14 | P a g e

VI. Bibliography

Anthony, B. S. (2011). AN OVERVIEW OF THE SECURITY CONCERNS IN ENTERPRISE CLOUD COMPUTING.

International Journal of Network Security & Its Applications (IJNSA), 1.

Ernst, Young. (n.d.). Cloud computing issues and impacts.

Gonsalves, A. (2013, March 4). readwrite. Retrieved from The 9 Top Threats Facing Cloud Computing:

http://readwrite.com/2013/03/04/9-top-threats-from-cloud-

computing#awesm=~or5nwS7S4Rf4dz

Krešimir, P. Ž. (2010). Cloud computing security issues and challenges . MIPRO 2010, 344.

Los, R. S. (2013). The Notorious Nine Cloud Computing Top Threats 2013. 8-21.

Mell, P. G. (2011). The NIST Definition of Cloud Computing. Special Publication, 2-3.

Pengfei, Y. Y. (2012). Security Issues and Solutions in Cloud Computing. 32nd International Conference

on Distributed Computing Systems Workshops, 574-575.

Sean, M. Z. (2010). Cloud computing — The business perspective☆. Elsevier , 1-8.

Susan, W. (n.d.). About.com. Retrieved from 5 Disadvantages of Cloud Computing:

http://sbinfocanada.about.com/od/itmanagement/a/Cloud-Computing-Disadvantages.htm

Wang, J. M. (2011). Security Issues and Countermeasures in Cloud Computing. IEE, 1.