Cloud Security : A Review of Recent Threats and Solution Models

The most significant barrier to the wide adoption of cloud services has been attributed to perceived cloud insecurity (Smitha, Anna and Dan, 2012). In an attempt to review this subject, this paper will explore some of the major security threats to the cloud and the security models employed in tackling them. Access control violations, message integrity violations, data leakages, inability to guarantee complete data deletion, code injection, malwares and lack of expertise in cloud technology rank the major threats. The European Union invested €3m in City University London to research into the certification of Cloud security services. This and more recent developments are significant in addressing increasing public concerns regarding the confidentiality, integrity and privacy of data held in cloud environments. Some of the current cloud security models adopted in addressing cloud security threats were – Encryption of all data at storage and during transmission. The Cisco IronPort S-Series web security appliance was among security solutions to solve cloud access control issues. 2-factor Authentication with RSA SecurID and close monitoring appeared to be the most popular solutions to authentication and access control issues in the cloud. Database Active Monitoring, File Active Monitoring, URL Filters and Data Loss Prevention were solutions for detecting and preventing unauthorised data migration into and within clouds. There is yet no guarantee for a complete deletion of data by cloud providers on client requests however; FADE may be a solution (Yang et al., 2012)

Implementing two-factor authentication

Two-factor authentication is a part of modern authentication technologies. It is also called multifactor authentication or shortly 2FA. Traditional one-factor authentication method process provides only one factor, typically a password. This is quite easy possible to hack. Two-factor authentication is based in the assumption, that two of the three factors of authentication are used. Satakunta University of Applied Sciences, later called SAMK, operates with modern ICT environment. Administrative portals and management systems needs better security. To find the best possible way is to implement secure two-factor authentication method and bring it to production use in SAMK environments. At least more complex authentication is needed with administrative systems, but the solution must be implementable also to whole staff everyday use e.g. with VPN. A first pilot environment will be made and after that the solution can be extended to heavier use. The research type used will be case study research. That research type will be best suitable to match any needs of the wanted solution. The most benefit for this thesis is Satakunta University of Applied Sciences, it will get a modern secure authentication layer for its systems and get documentation how it will work and need to be published. This is really needed in SAMK environment so benefit for the company will be good. The thesis will include two-factor authentication methods, use in on premise environment, use in cloud systems and different usage surveys and doing the implementing action in SAMK environment

Survey on Security Issues in Cloud Computing and Associated Mitigation Techniques

Cloud Computing holds the potential to eliminate the requirements for setting up of high-cost computing infrastructure for IT-based solutions and services that the industry uses. It promises to provide a flexible IT architecture, accessible through internet for lightweight portable devices. This would allow multi-fold increase in the capacity or capabilities of the existing and new software. In a cloud computing environment, the entire data reside over a set of networked resources, enabling the data to be accessed through virtual machines. Since these data-centers may lie in any corner of the world beyond the reach and control of users, there are multifarious security and privacy challenges that need to be understood and taken care of. Also, one can never deny the possibility of a server breakdown that has been witnessed, rather quite often in the recent times. There are various issues that need to be dealt with respect to security and privacy in a cloud computing scenario. This extensive survey paper aims to elaborate and analyze the numerous unresolved issues threatening the cloud computing adoption and diffusion affecting the various stake-holders linked to it.Comment: 20 pages, 2 Figures, 1 Table. arXiv admin note: substantial text overlap with arXiv:1109.538