Question

- Read the below chapter and discuss in details (2-3 pages) using your own words about Cloud Security Concerns, Risk Issues, and Legal Aspects (use the below reference )

NOTE: please make sure that the answer is typing on the computer with font size 11pt

Answer 1

Cloud Security Concerns, Risk Issues, and Legal Aspects:

The cloud security concern is just one of the parts of the cybersecurity risks and threats out there. The main reason why organizations, enterprises, companies, governments, and other related agencies and entities are not adopting cloud computing technology in their IT infrastructure is, because of a number of security concerns. Security is their number one concern. They are even scared of the cloud computing platform. This is only because of the fact, their data would be on a third-party company's data centers, who are Cloud Service Providers (CSPs), who would have control over their customer companies' data. Also, the fear of their data being attacked, hacked or breached by bad guys in the world. This is the case, even when cloud computing is a booming, famous, robust, flexible, latest, inexpensive, easy, simple, and seamless technology.

One of the benefits of Cloud Computing is, it provides security, in fact, highest security compared to on-premise data centers, and yet has its own security concerns. However, all the major public cloud service providers' topmost goal, responsibility, and job zero is security. They expect, want, educate, and train everyone related to and do business in the cloud, to be a security engineer themselves, including the customers, end-users, and even home users to some extent, if not to offend the bad guys, but at least to defend their attacks.

There are cloud security concerns, risk issues, and legal aspects at every level of the cloud platform and in every aspect of IT infrastructure operations, maintenance, administration, monitoring, deployment, and development. Hence, security should be applied at every level and layer of the cloud platform, type, model, infrastructure, and architecture; in everything- hardware, software, network, data, hosts, client machines, servers, storage systems, network components, devices, databases systems and servers, and software.

There are security concerns in the cloud and they are:
* Data security issue.
* Cloud platforms, accounts, resources, software, and data can get malware infections unleashing targeted attacks, cracks, and hacks.
* There are many cloud computing vulnerabilities.
* There are privacy issues.
* There is a lot of potential risks of users', customers', governments', and other organizations' data being made public and disclosed either accidentally or intentionally.
* One of the concerns is the risk areas such as external data storage.
* There should be important security aspects for each layer of the cloud model.
* There are Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks security risks.
* There is data residency risk.
* It can face confidentiality risks.
* Unnecessary data exposure issue either, the data at rest or in motion.

There are definitely many risks in the adoption, transition, administration, deployments, monitoring, management of Cloud Computing platform, accounts, subscriptions, tenants, resources, and services, and their entire IT infrastructure. Organizations, individuals, enterprises, governments, and other stakeholders should assess their risk tolerance.
* There are even unavoidable risks, in general.
* There is a loss, damage, removal, deletion, wrong manipulation of data losing integrity, or theft of intellectual property losing availability, and in turn accessibility to them.

* There is a risk of losing connectivity completely by not having a bandwidth to access a company's cloud IT infrastructure, or less network bandwidth, intermittent bandwidth, it could even be slow, as to access any cloud service or resource one should 100% have network bandwidth or Internet connection as the cloud is an application "service" accessed over the Internet or public Internet, or at least a company's VPN.
* There is a loss of or little control over users' actions.
* There could be little to less customer trust.
* There are, in general, corporate governance risk issues.
* Cloud risk assessments should be conducted regularly to find out all the security risks related to cloud computing.
* To avoid any cloud security risks, threats, attacks, hacks, breaches, etc, appropriate cloud computing security techniques, tools, and tactics, and even other technologies should be used.
* There is cloud service provider insolvency risk.
* There is vendor lock-in risk.
* In the long run, there is definitely a rise in the cost for the IT infrastructure of customer companies in the cloud.
* There are internal and external risks.
* There are technical risks such as isolation failure, compromise of accounts, data interception, leakage, remanence, and malicious probes or scans.
* There is a multitenancy issue.
* There is a CSP outsourcing issue.
* Cloud service provider insider threat.
* In case there are ineffective incident management systems, policies, and processes.
* If there are thefts of equipment and data.
* If there are inadequate resources.
* If there are media destruction failures.
* When there are common service failures.
* Improper and inadequate network management.
* Legacy applications, software, and hardware support.
* There are operational risks such as malicious insiders, errors, bugs, vulnerabilities, mistakes, and misconfiguration, bandwidth issues, network traffic changes, social engineering, hack or loss of confidential logs, backed up data loss, physical security hacks, encryption keys loss, and natural disasters, and wars.
* There are data breaches that require disclosures and notifications to victims.
* There could be a potential and increased loss of customer trust and taking their business, applications, data, IT infrastructure elsewhere, when they find there is no protection for customers' privacy at CSPs.
* In case of breaches of CSPs or any of its customers' data, both of them may experience revenue losses.
* In case of breaches, customers, users, and people will lose trust in CSPs and the companies hosting people's data in the cloud.
* CSPs and their customers may lose reputation in the market in cases of breaches.

Also, there are a considerable and substantial amount of legal and regulatory issues and these are extremely important in cloud computing.
* There are compliance violations issues caused by users, customers, and even the cloud service providers themselves, and related regulatory actions.
* There could be contractual breaches with customers, users, clients, other stakeholders, or business partners.
* There are legal risks of cloud services per cyber laws.
* The business contracts could be violated and legal actions could occur.
* There are unique legal risks.
* There is property right (IPR) infringement
* There are in general, tax issues.
* Mobile, application, and software developers are required to be educated about data legal issues and made aware of.
* There are legal requirements for data not leaving a specific country.
* There are policy and legal risks such as governance loss, compliance failures, licensing and jurisdictional issues, and subpoenas and e-discoveries.

* There are local laws when it comes to transferring data stored in the cloud to a different country, region, or continent.

* Cloud service provider (CSP) fails or business changes, in turn, affects tenants. However, different cloud service providers, customers, users, governments, other related entities, agencies, third-party agencies and entities who conduct audits, new innovations, different technologies, all have been working together to ensure and are tending to bring in the highest security, eliminating any and all cloud security concerns, risk issues, and legal aspects making cloud computing technology a success. Security-as-a-Service (SECaaS) is to be adopted and used that provides cloud data security.
It requires the CSP to focus on default encryption, two-factor authentication, zero-knowledge encryption, anonymity networks, cloud data security monetization, home clouds, and handle legal challenges.

Despite all these challenges, problems, issues, risks, threats, attacks, cloud computing will tend to sustain and thrive.