In: Computer Science
- In details write a report using your own words and mention some references (at least 3 books) about Cloud Security Concerns, Risk Issues, and Legal Aspects. (2-3 pages)
Cloud Security Concerns, Risk Issues, and Legal Aspects:
Cloud security is just one of the parts of the cybersecurity risks and threats out there. The main reason why organizations, enterprises, companies, governments, and other related agencies and entities are not adopting cloud computing technology in their IT infrastructure is because of a number of security concerns. Security is their number one concern. They are even scared of the cloud computing platform. This is only because of the fact, their data would be on a third-party company's data centers who are Cloud Service Providers (CSPs), who would have control over their customer companies' data. Also, the fear of their data being attacked, hacked or breached by bad guys in the world. This is the case, even when cloud computing is a booming, famous, robust, flexible, latest, inexpensive, easy, simple, and seamless technology.
One of the benefits of Cloud Computing is, it provides security, in fact, highest security compared to on-premise data centers, and yet has its own security concerns. However, all the major public cloud service providers' topmost goal, responsibility, and job zero is security. They expect, want, educate, train, everyone related to and do business in the cloud to be a security engineer of their own, including the customers, end-users, and even home users.
There are cloud security concerns, risk issues, and legal aspects at every level of the cloud platform. Hence, security should be applied at every level and layer of the cloud platform, type, model, infrastructure, and architecture; in everything- hardware, software, network, data, hosts, client machines, servers, storage systems, network components, devices, databases systems and servers, and software.
There are security concerns in the cloud.
* Data security issue.
* Cloud platforms, accounts, resources, software, and data can get
malware infections unleashing targeted attacks, cracks, and
hacks.
* There are many cloud computing vulnerabilities.
* There are privacy issues.
* There is a lot of potential risks of users', customers',
governments', and other organizations' data being made public and
disclosed either accidentally or intentionally.
* One of the concerns is the risk areas such as external data
storage.
* There should be important security aspects for each layer of the
cloud model.
* There are Denial-of-Service (DoS) and Distributed
Denial-of-Service (DDoS) attacks security risks.
* There is data residency risk.
* It can face confidentiality risks.
* Data exposure either at rest or in motion.
There are definitely many risks in the adoption, transition,
administration, deployments, monitoring, management of Cloud
Computing and organizations, individuals, enterprises, governments,
and other stakeholders should assess their risk tolerance.
* There are even unavoidable risks, in general.
* There is a loss, damage, removal, deletion, wrong manipulation
losing integrity, or theft of intellectual property losing
availability, and in turn accessibility to them.
* There is a loss of or little control over users' actions.
* There could be little to less customer trust.
* There are, in general, corporate governance risk issues.
* Cloud risk assessments should be conducted regularly to find out
all the security risks related to cloud computing.
* To avoid any cloud security risks, threats, attacks, hacks,
breaches, etc, appropriate cloud computing security techniques,
tools, and tactics, and even other technologies should be
used.
* There is cloud service provider insolvency risk.
* There is vendor lock-in risk.
* In the long run, there is definitely a rise in the cost of the IT
infrastructure of customer companies.
* There are internal and external risks.
* There are technical risks such as isolation failure, compromise
of accounts, data interception, leakage, remanence, and malicious
probes or scans.
* There is a multitenancy issue.
* There is a CSP outsourcing issue.
* Cloud service provider insider threat.
* In case there are ineffective incident management systems,
policies, and processes.
* If there is are thefts of equipment and data.
* If there are inadequate resources.
* If there are media destruction failures.
* When there are common service failures.
* Improper and inadequate network management.
* Legacy applications, software, and hardware support.
* There are operational risks such as malicious insiders, errors,
bugs, vulnerabilities, mistakes, and misconfiguration, bandwidth
issues, network traffic changes, social engineering, hack or loss
of confidential logs, backed up data loss, physical security hacks,
encryption keys loss, and natural disasters, and wars.
* There are data breaches that require disclosures and
notifications to victims.
* There could be a potential and increased loss of customer trust
and taking their business, applications, data, IT infrastructure
elsewhere, when they find there is no protection for customer
privacy at CSPs.
* In case of breaches of CSPs or any of its customers' data, both
of them may experience revenue losses.
* In case of breaches, customers, users, and people will lose trust
in CSPs and the companies hosting people's data in the cloud.
* CSPs and their customers may lose reputation in the market in
cases of breaches.
Also, there are a considerable and substantial amount of legal
and regulatory issues and these are extremely important in cloud
computing.
* There are compliance violations issues caused by users,
customers, and even the cloud service providers themselves, and
related regulatory actions.
* There could be contractual breaches with customers, users,
clients, other stakeholders, or business partners.
* There are legal risks of cloud services per cyber laws.
* The business contracts could be violated and legal actions could
occur.
* There are unique legal risks.
* There is property right (IPR) infringement
* There are in general, tax issues.
* Mobile, application, and software developers are required to be
educated about data legal issues and made aware of.
* There are legal requirements data not to leave the country.
* There are policy and legal risks such as governance loss,
compliance failures, licensing and jurisdictional issues, and
subpoenas and e-discoveries.
* Cloud service provider (CSP) fails or business changes, in turn,
affects tenants.
However, different cloud service providers, customers, users,
governments, other related entities, agencies, third-party agencies
and entities who conduct audits, new innovations, different
technologies, all have been working together to ensure and tending
to bring in the highest security eliminating any and all cloud
security concerns, risk issues, and legal aspects making cloud
computing technology a success. Security-as-a-Service (SECaaS) is
to be adopted and used that provides cloud data security.
* There are local laws when it comes to transferring data stored in
the cloud to a different country, region, or continent.
It requires the CSP to focus on default encryption, two-factor authentication, zero-knowledge encryption, anonymity networks, cloud data security monetization, home clouds, and handle legal challenges.
Despite all these challenges, problems, issues, risks, threats, attacks, cloud computing will tend to sustain and thrive.