Skip to main content
SpringerLink
Log in

Top Threats to Cloud: A Three-Dimensional Model of Cloud Security Assurance

  • Conference paper
  • First Online:
Computer Networks and Inventive Communication Technologies

Part of the book series: Lecture Notes on Data Engineering and Communications Technologies ((LNDECT,volume 58))

Abstract

The incredible growth in the cloud applications and services reflects a positive swing in the thought processes of the business decision makers for cloud adoption. However, ever-evolving security and privacy issues continue to influence the decision makers to delay the cloud adoption. In this integrationist exposition, the previous publications are enriched and enhanced to holistically analyze different threats to cloud computing to conceptualize a three-dimensional model of cloud security assurance. These three dimensions, namely Security Solution, Security Operation, and Security Compliance, are interwoven to address the top threats to cloud computing, which are identified and reported by the cloud security alliance (CSA) research group in their latest and previous reports. The model will help practitioners to design and implement a security assurance system for a cloud ecosystem to strengthen trust in the cloud and accelerate its adoption to bring agility and velocity in cloud applications and services delivery in a cost-effective way.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Alhamazani K, Ranjan R, Mitra K, Rabhi F, Jayaraman PP, Khan SU, Guabtni A, Bhatnagar V (2015) An overview of the commercial cloud monitoring tools: research dimensions, design issues, and state-of-the-art. Computing 97(4):357–377. https://doi.org/10.1007/s00607-014-0398-5

    Article  MathSciNet  Google Scholar 

  2. Ali M, Khan SU, Vasilakos AV (2015) Security in cloud computing: opportunities and challenges. Inf Sci 305:357–383. https://doi.org/10.1016/j.ins.2015.01.025

    Article  MathSciNet  Google Scholar 

  3. Ardagna CA, Asal R, Damiani E, Vu QH (2015) From security to assurance in the cloud: a survey. ACM Comput Sur 48(1):1–50. https://doi.org/10.1145/2767005

    Article  Google Scholar 

  4. CISA (2018) Cloud security guidance v0.2. Homeland Security, USA

    Google Scholar 

  5. Coppolino L, D’Antonio S, Mazzeo G, Romano L (2017) Cloud security: emerging threats and current solutions. Comput Electr Eng 59:126–140. https://doi.org/10.1016/j.compeleceng.2016.03.004

    Article  Google Scholar 

  6. CSA (2010) Top threats to cloud computing. Tech. rep. V1.0, Cloud Security Alliance

    Google Scholar 

  7. CSA (2013) The notorious nine: cloud computing top threats in 2013. Tech. rep., Cloud Security Alliance

    Google Scholar 

  8. CSA (2016) The treacherous 12–cloud computing top threats in 2016. Tech. rep., Cloud Security Alliance

    Google Scholar 

  9. CSA (2019) Top threats to cloud computing: the egregious eleven. Tech. rep., Cloud Security Alliance

    Google Scholar 

  10. CSA (2020) Security Trust Assurance and Risk (STAR). https://cloudsecurityalliance.org/star/

  11. Dobran B (2018) 23 cloud monitoring tools: the definitive guide for 2020. https://phoenixnap.com/blog/cloud-monitoring-tools

  12. Fernandes DAB, Soares LFB, Gomes JV, Freire MM, Inácio PRM (2014) Security issues in cloud environments: a survey. Int J Inf Secur 13(2):113–170. https://doi.org/10.1007/s10207-013-0208-7

    Article  Google Scholar 

  13. FISMA: Federal Information Security Modernization Act (2020). https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html

  14. Gartner (2019) Gartner forecasts worldwide public cloud revenue to grow 17. https://www.gartner.com/en/newsroom/press-releases/2019-11-13-gartner-forecasts-worldwide-public-cloud-revenue-to-grow-17-percent-in-2020

  15. GDPR (2018) EU data protection rules. https://ec.europa.eu/info/law/law-topic/data-protection/eu-data-protection-rules_en

  16. Grobauer B, Walloschek T, Stocker E (2011) Understanding cloud computing vulnerabilities. IEEE Secur Privacy 9(2):50–57. https://doi.org/10.1109/MSP.2010.115

    Article  Google Scholar 

  17. Hashizume K, Rosado DG, Fernández-Medina E, Fernandez EB (2013) An analysis of security issues for cloud computing. J Internet Serv Appl 4(1):1–13. https://doi.org/10.1186/1869-0238-4-5

    Article  Google Scholar 

  18. HIPAA: Health Information Privacy (1996). https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html

  19. Hong JB, Nhlabatsi A, Kim DS, Hussein A, Fetais N, Khan KM (2019) Systematic identification of threats in the cloud: a survey. Comput Netw 150:46–69. https://doi.org/10.1016/j.comnet.2018.12.009

    Article  Google Scholar 

  20. ISO: ISO/IEC 27001:2013—information security management systems requirements (2013). https://www.iso.org/standard/54534.html

  21. ISO: ISO/IEC 27002:2013—code of practice for information security controls (2013). https://www.iso.org/standard/54533.html

  22. ISO: ISO/IEC 27018:2014—code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors (2014). https://www.iso.org/standard/61498.html

  23. ISO: ISO/IEC 27017:2015—code of practice for information security controls based on ISO/IEC 27002 for cloud services (2015). https://www.iso.org/standard/43757.html

  24. Jansen W, Grance T (2011) Guidelines on security and privacy in public cloud computing (SP 800-144). National Institute of Standards & Technology, Gaithersburg, MD, USA. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf

  25. Khan S, Gani A, Wahab AWA, Bagiwa MA, Shiraz M, Khan SU, Buyya R, Zomaya AY (2016) Cloud log forensics: foundations, state of the art, and future directions. ACM Comput Surv 49(1):1–42. https://doi.org/10.1145/2906149

    Article  Google Scholar 

  26. Krishnan S (2017) A hybrid approach to threat modelling. https://blogs.sans.org/appsecstreetfighter/files/2017/03/A-Hybrid-Approach-to-Threat-Modelling.pdf

  27. Kumar R, Goyal R (2019) Assurance of data security and privacy in the cloud: a three-dimensional perspective. Softw Qual Prof 21

    Google Scholar 

  28. Kumar R, Goyal R (2019) On cloud security requirements, threats, vulnerabilities and countermeasures: a survey. Comput Sci Rev 33:1–48. https://doi.org/10.1016/j.cosrev.2019.05.002

    Article  MathSciNet  Google Scholar 

  29. Liu F, Tong J, Mao J, Bohn R, Messina J, Badger L, Leaf D (2011) NIST cloud computing reference architecture (SP 500-292). National Institute of Standards & Technology, Gaithersburg, USA. http://ws680.nist.gov/publication/get_pdf.cfm?pub_id=909505

  30. Mell PM, Grance T (2011) The NIST definition of cloud computing (SP 800-145). Tech. rep., National Institute of Standards & Technology, Gaithersburg, USA. http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf

  31. Mogull R, Arlen J, Gilbert F, Lane A, Mortman D, Peterson G, Rothman M (2017) Security guidance for critical areas of focus in cloud computing v4.0. CSA

    Google Scholar 

  32. NCSC (2018) Cloud security guidance v1.0. https://www.ncsc.gov.uk/collection/cloud-security/implementing-the-cloud-security-principles

  33. NIST (2013) Security and privacy controls for federal information systems and organizations (SP 800-253). National Institute of Standards & Technology, Gaithersburg, USA. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf

  34. PCI-DSS (2018) Requirements and security assessment procedures. https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf

  35. Rahman NHA, Glisson WB, Yang Y, Choo KKR (2016) Forensic-by-design framework for cyber-physical cloud systems. IEEE Cloud Comput 3(1):50–59. https://doi.org/10.1109/MCC.2016.5

    Article  Google Scholar 

  36. Scandariato R, Wuyts K, Joosen W (2015) A descriptive study of Microsoft’s threat modeling technique. Requir Eng 20(2):163–180. https://doi.org/10.1007/s00766-013-0195-2

    Article  Google Scholar 

  37. Sgandurra D, Lupu E (2016) Evolution of attacks, threat models, and solutions for virtualized systems. ACM Comput Surv 48(3). https://doi.org/10.1145/2856126

  38. Sookhak M, Gani A, Talebian H, Akhunzada A, Khan SU, Buyya R, Zomaya AY (2015) Remote data auditing in cloud computing environments: a survey, taxonomy, and open issues. ACM Comput Surv 47(4):1–34. https://doi.org/10.1145/2764465

    Article  Google Scholar 

  39. Stackify (2017) Best log management tools: 51 useful tools for log management, monitoring, analytics, and more. https://stackify.com/best-log-management-tools/

  40. Subramanian N, Jeyaraj A (2018) Recent security challenges in cloud computing. Comput Electr Eng 71:28–42. https://doi.org/10.1016/j.compeleceng.2018.06.006

    Article  Google Scholar 

  41. Tabrizchi H, Kuchaki Rafsanjani M (2020) A survey on security challenges in cloud computing: issues, threats, and solutions. J Supercomput. https://doi.org/10.1007/s11227-020-03213-1

    Article  Google Scholar 

  42. Zhang Q, Cheng L, Boutaba R (2010) Cloud computing: state-of-the-art and research challenges. J Internet Serv Appl 1(1):7–18. https://doi.org/10.1007/s13174-010-0007-6

    Article  Google Scholar 

  43. Zissis D, Lekkas D (2012) Addressing cloud computing security issues. Future Gen Comput Syst 28(3):583–592. https://doi.org/10.1016/j.future.2010.12.006

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University School of Information, Communication and Technology (USIC&T), Guru Gobind Singh (GGS) Indraprastha University, New Delhi, 110078, India

    Rakesh Kumar & Rinkaj Goyal

Authors
  1. Rakesh Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rinkaj Goyal
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, RVS Technical Campus, Coimbatore, India

    S. Smys

  2. Gerald Schwartz School of Business, St. Francis Xavier University, Antigonish, India

    Ram Palanisamy

  3. University of Lisbon, Lisbon, Portugal

    Álvaro Rocha

  4. Department of Business Administration of Food and Agricultural Enterprises, Agrinio Campus, University of Patras, Patras, Greece

    Grigorios N. Beligiannis

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kumar, R., Goyal, R. (2021). Top Threats to Cloud: A Three-Dimensional Model of Cloud Security Assurance. In: Smys, S., Palanisamy, R., Rocha, Á., Beligiannis, G.N. (eds) Computer Networks and Inventive Communication Technologies. Lecture Notes on Data Engineering and Communications Technologies, vol 58. Springer, Singapore. https://doi.org/10.1007/978-981-15-9647-6_53

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-9647-6_53

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-9646-9

  • Online ISBN: 978-981-15-9647-6

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation