Identifying cloud security threats to strengthen cloud computing adoption framework

Cloud Computing allows firms to outsource their entire information technology (IT) process, allowing them to concentrate more on their core business to enhance their productivity and innovation in offering services to customers. It allows businesses to cut down heavy cost incurred over IT infrastructure without losing focus on customer needs. However, to a certain limit adopting Cloud computing has struggled to grow among many established and growing organizations due to several security and privacy related issues. Throughout the course of this study several interviews were conducted, with cloud developers and security experts, and the literature was reviewed. This study enabled us to understand, current and future, security and privacy challenges with cloud computing. The outcome of this study led to identification of total 18, current and future, security issues affecting several attributes of cloud computing

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Modelling Organizational Resilience in the Cloud

Cloud computing (CC) is a promising information and communication technologies (ICT) services delivery model that has already had a significant impact on Government agencies, small and medium enterprises and large organisations. Even though its adoption is moving from the early stage to mainstream, many organisations are still afraid that their resilience might deteriorate because of the additional levels of abstraction that CC introduces. This additional complexity makes the assessment of ICT operational resilience more difficult and no consensus exists of such analysis. Following a multi-method approach, this research proposal first extends prior research in the field, looking at new possible categories of resilience-oriented requirements when working in CC environments. Based on the results, this research will propose a conceptual model that helps organisations to maintain and improve Organisational Resilience (OR) when working in CC environments, from the ICT operational perspective. Particularly, as a lack of coordination has been identified as one of the main problems when facing disruptive incidents, using coordination theory, this research will identify the fundamental coordination processes involved in the proposed model. The results of this research should be of interest to academic researchers and practitioners

ASIDSDCCE - A Survey on to Improve Data Security and Data Confidentiality in Cloud Computing Environment

Cloud computing refers delivery of computing services such as servers, storage, databases, networking, software, analytics and so on. The several organizations providing these computing services are called cloud providers and typically charge for cloud computing services based on usage. The National Institute of Standards and Technology defines cloud computing by five essential characteristics, three service models, and four deployment models. The essential characteristics are on-demand self-service location-independent resource pooling, broad network access, rapid resource elasticity, and measured service. The main three service models are software as service, platform as a service, and infrastructure as a service. The aim of this survey is to improve the data security and data confidentiality through rectifying the problem in cloud computing environment

Enhancing cyber assets visibility for effective attack surface management : Cyber Asset Attack Surface Management based on Knowledge Graph

The contemporary digital landscape is filled with challenges, chief among them being the management and security of cyber assets, including the ever-growing shadow IT. The evolving nature of the technology landscape has resulted in an expansive system of solutions, making it challenging to select and deploy compatible solutions in a structured manner. This thesis explores the critical role of Cyber Asset Attack Surface Management (CAASM) technologies in managing cyber attack surfaces, focusing on the open-source CAASM tool, Starbase, by JupiterOne. It starts by underlining the importance of comprehending the cyber assets that need defending. It acknowledges the Cyber Defense Matrix as a methodical and flexible approach to understanding and addressing cyber security challenges. A comprehensive analysis of market trends and business needs validated the necessity of asset security management tools as fundamental components in firms' security journeys. CAASM has been selected as a promising solution among various tools due to its capabilities, ease of use, and seamless integration with cloud environments using APIs, addressing shadow IT challenges. A practical use case involving the integration of Starbase with GitHub was developed to demonstrate the CAASM's usability and flexibility in managing cyber assets in organizations of varying sizes. The use case enhanced the knowledge graph's aesthetics and usability using Neo4j Desktop and Neo4j Bloom, making it accessible and insightful even for non-technical users. The thesis concludes with practical guidelines in the appendices and on GitHub for reproducing the use case

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

Virtualization in Cloud Computing : Developments and Trends

Cloud computing is an interesting paradigm that is making computing and other related activities easy for consumers. The cloud infrastructure is not new, but it is working on new technology based on various services offered. The cloud provides application software online for users to conduct common activities like word processing. Cloud computing also enables consumers to leverage on cloud infrastructure by designing and deploying their application on the cloud. A unique feature of the cloud is the provision of scalable storage for data which are usually spread across several geographical locations. A core technology used on the cloud is virtualization. This allows virtual machines to be hosted on physical servers. This provides great benefits to users on the cloud. This paper presents the state of the art from some literature available on cloud virtualisation. The study was executed by means of review of some literature available on cloud virtualisation. The study was performed by means of review of some literature using reliable methods. This paper examines present trends in the area of cloud virtualisation and provides a guide for future research. In the present work, the objective is to answer the following question: what is the current trend and development in cloud virtualisation? Papers published in journals, conferences, white papers and those published in reputable magazines were analysed. The expected result at the end of this review is the identification of trends in cloud virtualisation. This will be of benefit to prospective cloud users and even cloud providers

Cloud privacy and security issues beyond technology: championing the cause of accountability

Cloud computing provides IT service providers increased efficiency of resource utilization while enabling consumers to benefit from innovative advantages like access to up-to-date IT resources and low upfront investment. A significant hindrance to adoption of cloud computing is the lack of trust arising from worries over privacy and security when data resources of cloud service consumers are handled by third parties. A key factor in fostering cloud privacy and security is accountability, which increases trust by obligating an entity to be answerable for its actions. This paper uses a hermeneutic literature review to investigate (i) the prevailing methods and strategies of fostering privacy and security through accountability, (ii) the key actors in championing cloud accountability and (iii) the key barriers to cloud accountability. This literature review provides insight into current practices associated with championing cloud accountability and contributes to cloud service provider awareness of ways to improve cloud computing trustworthiness