Question

- In details write a report using your own words and mention some references (at least 3 books) about Cloud Security Concerns, Risk Issues, and Legal Aspects. (2-3 pages)

Answer 1

Cloud Security Concerns, Risk Issues, and Legal Aspects:

Cloud security is just one of the parts of the cybersecurity risks and threats out there. The main reason why organizations, enterprises, companies, governments, and other related agencies and entities are not adopting cloud computing technology in their IT infrastructure is because of a number of security concerns. Security is their number one concern. They are even scared of the cloud computing platform. This is only because of the fact, their data would be on a third-party company's data centers who are Cloud Service Providers (CSPs), who would have control over their customer companies' data. Also, the fear of their data being attacked, hacked or breached by bad guys in the world. This is the case, even when cloud computing is a booming, famous, robust, flexible, latest, inexpensive, easy, simple, and seamless technology.

One of the benefits of Cloud Computing is, it provides security, in fact, highest security compared to on-premise data centers, and yet has its own security concerns. However, all the major public cloud service providers' topmost goal, responsibility, and job zero is security. They expect, want, educate, train, everyone related to and do business in the cloud to be a security engineer of their own, including the customers, end-users, and even home users.

There are cloud security concerns, risk issues, and legal aspects at every level of the cloud platform. Hence, security should be applied at every level and layer of the cloud platform, type, model, infrastructure, and architecture; in everything- hardware, software, network, data, hosts, client machines, servers, storage systems, network components, devices, databases systems and servers, and software.

There are security concerns in the cloud.
* Data security issue.
* Cloud platforms, accounts, resources, software, and data can get malware infections unleashing targeted attacks, cracks, and hacks.
* There are many cloud computing vulnerabilities.
* There are privacy issues.
* There is a lot of potential risks of users', customers', governments', and other organizations' data being made public and disclosed either accidentally or intentionally.
* One of the concerns is the risk areas such as external data storage.
* There should be important security aspects for each layer of the cloud model.
* There are Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks security risks.
* There is data residency risk.
* It can face confidentiality risks.
* Data exposure either at rest or in motion.

There are definitely many risks in the adoption, transition, administration, deployments, monitoring, management of Cloud Computing and organizations, individuals, enterprises, governments, and other stakeholders should assess their risk tolerance.
* There are even unavoidable risks, in general.
* There is a loss, damage, removal, deletion, wrong manipulation losing integrity, or theft of intellectual property losing availability, and in turn accessibility to them.
* There is a loss of or little control over users' actions.
* There could be little to less customer trust.
* There are, in general, corporate governance risk issues.
* Cloud risk assessments should be conducted regularly to find out all the security risks related to cloud computing.
* To avoid any cloud security risks, threats, attacks, hacks, breaches, etc, appropriate cloud computing security techniques, tools, and tactics, and even other technologies should be used.
* There is cloud service provider insolvency risk.
* There is vendor lock-in risk.
* In the long run, there is definitely a rise in the cost of the IT infrastructure of customer companies.
* There are internal and external risks.
* There are technical risks such as isolation failure, compromise of accounts, data interception, leakage, remanence, and malicious probes or scans.
* There is a multitenancy issue.
* There is a CSP outsourcing issue.
* Cloud service provider insider threat.
* In case there are ineffective incident management systems, policies, and processes.
* If there is are thefts of equipment and data.
* If there are inadequate resources.
* If there are media destruction failures.
* When there are common service failures.
* Improper and inadequate network management.
* Legacy applications, software, and hardware support.
* There are operational risks such as malicious insiders, errors, bugs, vulnerabilities, mistakes, and misconfiguration, bandwidth issues, network traffic changes, social engineering, hack or loss of confidential logs, backed up data loss, physical security hacks, encryption keys loss, and natural disasters, and wars.
* There are data breaches that require disclosures and notifications to victims.
* There could be a potential and increased loss of customer trust and taking their business, applications, data, IT infrastructure elsewhere, when they find there is no protection for customer privacy at CSPs.
* In case of breaches of CSPs or any of its customers' data, both of them may experience revenue losses.
* In case of breaches, customers, users, and people will lose trust in CSPs and the companies hosting people's data in the cloud.
* CSPs and their customers may lose reputation in the market in cases of breaches.

Also, there are a considerable and substantial amount of legal and regulatory issues and these are extremely important in cloud computing.
* There are compliance violations issues caused by users, customers, and even the cloud service providers themselves, and related regulatory actions.
* There could be contractual breaches with customers, users, clients, other stakeholders, or business partners.
* There are legal risks of cloud services per cyber laws.
* The business contracts could be violated and legal actions could occur.
* There are unique legal risks.
* There is property right (IPR) infringement
* There are in general, tax issues.
* Mobile, application, and software developers are required to be educated about data legal issues and made aware of.
* There are legal requirements data not to leave the country.
* There are policy and legal risks such as governance loss, compliance failures, licensing and jurisdictional issues, and subpoenas and e-discoveries.
* Cloud service provider (CSP) fails or business changes, in turn, affects tenants.

However, different cloud service providers, customers, users, governments, other related entities, agencies, third-party agencies and entities who conduct audits, new innovations, different technologies, all have been working together to ensure and tending to bring in the highest security eliminating any and all cloud security concerns, risk issues, and legal aspects making cloud computing technology a success. Security-as-a-Service (SECaaS) is to be adopted and used that provides cloud data security.
* There are local laws when it comes to transferring data stored in the cloud to a different country, region, or continent.

It requires the CSP to focus on default encryption, two-factor authentication, zero-knowledge encryption, anonymity networks, cloud data security monetization, home clouds, and handle legal challenges.

Despite all these challenges, problems, issues, risks, threats, attacks, cloud computing will tend to sustain and thrive.