Cloud Computing

 

Overview

Many organizations have adopted cloud computing. In this assignment, you will research cloud computing and explore its advantages and disadvantages. You will also consider best practices for adopting cloud computing, selecting a particular cloud computing service model, and assessing and mitigating security risks. 

For your research, please consult Chapters 13 and 14 of your textbook and these articles: 

• “A Brief Review: Security Issues in Cloud Computing and Their Solutions.” 
• “Cloud Computing Security Risks: Identification and Assessment.” 
• “Cloud Computing – Recent Trends in Information Technology.” 

Note: If you wish you may consult additional articles, but this is not required.

Requirements

Specifically you will write a 3–4-page paper in which you:

1. Outline the planning process that needs to be in place before adopting cloud computing.

   Be sure to identify the stakeholders who need to be involved and the discussions that need to take place. 

2. Evaluate the advantages and disadvantages of cloud computing. 
3. Describe the methodology you would use to select a cloud computing service model.
4. Review the security risks and mitigation activities that need to take place before adopting cloud computing. 
5. Go to Basic Search: Strayer University Online Library to locate and integrate into the assignment at least three quality, peer-reviewed academic resources, written within the past five years. 

   Include your textbook as one of your resources.
   Wikipedia and similar websites do not qualify as quality resources.

Cloud Computing – Recent Trends in

Information Technology

Vijaya H. Pise
Department of Computer Science, Sarhad College of Arts, Commerce & Science, Katraj, Pune,

Maharashtra, India. Email: pisevijaya24@gmail.com

Abstract: Nowadays many new mechanization’s are
emanating in a world. As current century is 20th century
usually referred as computer world there are many
developments takes place in computer science. Computer is
used world wide for variety of purposes like from learning
basic education up to storing all data on it. In today’s
world people are becoming techno savvy they are using
technologies for each and every day to day activities. Even
government of India has also taken an initiative for online
business transactions. They try towards how maximum
people in the country will do financial transactions
online by providing cash backs on online transactions.
Government tries to make all business transactions
transparent by linking Aadhar card of an individual with
his/her bank account. As we know that while handling
various transactions government has to store all data
about all population of country also it needs very huge
database storage. Such requirement for huge storage can
be easily satisfied by Cloud Computing. Cloud Computing
permits user for storing data on distant devices rather than
storing data on hard drive or local devices. It makes use of
distributed operating environment. This paper describes
basics about Cloud Computing, its working, benefits about
using the cloud and conclusion.

Keywords: Cloud Computing, Elasticity, IaaS, PaaS, SaaS,
Virtualization.

I. IntroductIon

There are many methods to deliver services in Information
Technology (IT) one among these methods is Cloud Computing.
In this method instead connecting directly to the World Wide
Web in order to provide or deliver various services resources
are accessed with the help of internet dependent tools and
applications. Usually all files are stored on hard drive or local
storage devices but Cloud Computing allow the user to store
files on remote database. For gaining access this remote data /
information device needs to connected with internet using web
based application or tools. So that software on device can process
it. Cloud Computing is a technology which focuses on sharing
of computing resources in order to attain consistency and state

Article can be accessed online at http://www.publishingindia.com

capitalism of standards same as public utility. The term Cloud
Computing was come in fame in a year 2006 when Amazon.
com had released their elastic compute cloud product. Symbol
of cloud refers to web of operating environment in the standard
ARPANET in beginning of 1977 and CSNET in 1981 they are
forefather of internet. As rain is scattered in the sky in the form
of cloud in Cloud Computing term cloud refers to distributed
operating environment. To use Cloud Computing user does
not need to have in depth knowledge about it. An important
method which provides legal power to Cloud Computing is
visualization. Visualization mechanism isolates a material
operating device into many more visual devices which can be
utilized and handled very easily to do variety of operations.
Visualization gives lightness to devices necessary to increase
the speed of various operations performed in Information
Technology and lowers the ransom by enabling infrastructure
utilization. User can issue resources as per their need using the
process of automatic computing. Cloud Computing shares its
characteristics with client-server model, grid computing, fog
computing, green computing etc.

1

Cloud Computing – Recent Trends in
Information Technology

Vijaya H. Pise

Department of Computer Science, Sarhad College of Arts, Commerce & Science, Katraj,

Pune, Maharashtra, India.

Email: Pisevijaya24@gmail.com

Abstract: Nowadays many new mechanization’s are emanating in a world. As current century is 20th
century usually referred as computer world there are many developments takes place in computer science.
Computer is used world wide for variety of purposes like from learning basic education up to storing all
data on it. In today’s world people are becoming techno savvy they are using technologies for each and
every day to day activities. Even government of India has also taken an initiative for online business
transactions. They try towards how maximum people in the country will do financial transactions online
by providing cash backs on online transactions. Government tries to make all business transactions
transparent by linking Aadhar card of an individual with his/her bank account. As we know that while
handling various transactions government has to store all data about all population of country also it needs
very huge database storage. Such requirement for huge storage can be easily satisfied by Cloud Computing.
Cloud Computing permits user for storing data on distant devices rather than storing data on hard drive
or local devices. It makes use of distributed operating environment. This paper describes basics about
Cloud Computing, its working, benefits about using the cloud and conclusion.

Keywords: Cloud Computing, Elasticity, IaaS, PaaS, SaaS, Virtualization.

I. INTRODUCTION

There are many methods to deliver services in Information Technology (IT) one among these methods is Cloud
Computing. In this method instead connecting directly to the
World Wide Web in order to provide or deliver various services
resources are accessed with the help of internet dependent tools
and applications. Usually all files are stored on hard drive or local
storage devices but Cloud Computing allow the user to store files
on remote database. For gaining access this remote data /
information device needs to connected with internet using web
based application or tools. So that software on device can process
it. Cloud Computing is a technology which focuses on sharing of
computing resources in order to attain consistency and state
capitalism of standards same as public utility. The term Cloud
Computing was come in fame in a year 2006 when Amazon.com
had released their elastic compute cloud product. Symbol of cloud
refers to web of operating environment in the standard ARPANET in beginning of 1977 and CSNET in 1981 they
are forefather of internet. As rain is scattered in the sky in the form of cloud in Cloud Computing term cloud refers
to distributed operating environment. To use Cloud Computing user does not need to have in depth knowledge
about it. An important method which provides legal power to Cloud Computing is visualization. Visualization
mechanism isolates a material operating device into many more visual devices which can be utilized and handled
very easily to do variety of operations. Visualization gives lightness to devices necessary to increase the speed of
various operations performed in Information Technology and lowers the ransom by enabling infrastructure
utilization. User can issue resources as per their need using the process of automatic computing. Cloud Computing
shares its characteristics with client-server model, grid computing, fog computing, green computing etc.

II. CLOUD COMPUTING

Fig. 1

II. cloud computIng

A. Definition

Cloud Computing is a common term used to denote delivery
of corporate or IT services with the help of web based tools
and applications in remote operating environment. It is named

ANWESH: International Journal of Management and Information Technology
4 (1), March 2019, 27-29
http://www.publishingindia.com/anwesh

28 ANWESH: International Journal of Management and Information Technology Volume 4, Issue 1, March 2019

Cloud Computing because the data being used is located in
“the cloud” and can be accesses by user irrespective of his/her
location and operating device.

The environment given by Cloud Computing permits workers
to work remotely. Corporate houses supplying cloud service
allows their employees to put in their files and applications on
distant servers and then retrieve them through internet.

B. Few Examples of Cloud Computing Services

Some vendors are offering Cloud Computing services without
any cost whereas some vendors required to do paid subscription.
Following are some vendors providing variety of cloud service:

Amozon EC2 (Elastic Compute Cloud), Google App Engine,
Google Apps and Microsoft Office Online, Apple iCloud and
Digital Ocean.

C. Types of Cloud

Cloud can be classified in either of two ways one based on
type of deployment model it uses and another based on type of
service Cloud Computing provides. Depending on deployment
model of cloud can be categorized as private, public, hybrid and
community cloud.

i. Public Cloud: In public cloud complete operating system
is deployed in the area of Cloud Computing company which

provides various cloud services. In short location is isolated
from the user and user does not have any control over system.
Public cloud makes use of shared resources due to which it
gives great performance but easily susceptible to various cyber
attacks.

ii. Private Cloud: Private cloud provides all the services that are
offered by public cloud only difference is that it makes use of
consecrated private Hardware’s for deployment. Private cloud
means one-on-one cloud indicating that cloud network is solely
used by particular client / organizer. In private cloud corporate
houses also have a choice of on-site cloud which allows them to
deploy cloud in their own premise instead of deploying it in the
area of cloud service provider like public cloud. On-site cloud
increases storage cost but consumer will have their own control
over system.

iii. Hybrid Cloud: Hybrid cloud is combination of both private
cloud and public cloud. It allows consumer to use private as well
as public cloud as per their requirement. E.g. by using public
cloud consumer can communicate for business transactions
where as they can provide security to their data using private
cloud. Usually people interrelate conventional public cloud
facility with bouncy measure-ability and capacity to invariable
shuffle in demand.

iv. Community Cloud: Community cloud permit various
corporate houses to share infrastructure of cloud between them
along with shared data and anxiety in managing data.

2

A. Definition

Cloud Computing is a common term used to denote delivery of corporate or IT services with the help of web based
tools and applications in remote operating environment. It is named Cloud Computing because the data being used
is located in “the cloud” and can be accesses by user irrespective of his/her location and operating device.

The environment given by Cloud Computing permits workers to work remotely. Corporate houses supplying
cloud service allows their employees to put in their files and applications on distant servers and then retrieve them
through internet.

B. Few Examples of Cloud Computing Services

Some vendors are offering Cloud Computing services without any cost whereas some vendors required to do paid
subscription. Following are some vendors providing variety of cloud service:

Amozon EC2 (Elastic Compute Cloud), Google App Engine, Google Apps and Microsoft Office Online, Apple
iCloud and Digital Ocean.

C. Types of Cloud

Cloud can be classified in either of two ways one based on type of deployment model it uses and another based on
type of service Cloud Computing provides. Depending on deployment model of cloud can be categorized as
private, public, hybrid and
community cloud.

i. Public Cloud: In
public cloud
complete operating
system is deployed in
the area of Cloud
Computing company
which provides
various cloud
services. In short
location is isolated
from the user and
user does not have
any control over
system. Public cloud
makes use of shared resources due to which it gives great performance but easily susceptible to various
cyber attacks.

ii. Private Cloud: Private cloud provides all the services that are offered by public cloud only
difference is that it makes use of consecrated private Hardware’s for deployment. Private cloud
means one-on-one cloud indicating that cloud network is solely used by particular client / organizer.
In private cloud corporate houses also have a choice of on-site cloud which allows them to deploy
cloud in their own premise instead of deploying it in the area of cloud service provider like public
cloud. On-site cloud increases storage cost but consumer will have their own control over system.

iii. Hybrid Cloud: Hybrid cloud is combination of both private cloud and public cloud. It allows
consumer to use private as well as public cloud as per their requirement. E.g. by using public cloud
consumer can communicate for business transactions where as they can provide security to their data
using private cloud. Usually people interrelate conventional public cloud facility with bouncy
measure-ability and capacity to invariable shuffle in demand.

Fig. 2

Cloud Computing is nothing but a system which is composed
of three main services containing Infrastructure as a Service
(IaaS), Platform as a Service (PaaS) and Software as a Service
(SaaS).

i. Software-as-a-Service Model (SaaS): SaaS tells about at what
time or situation consumer should lease or acquire connected
routine rather than really buying it or deploying it on their own
device. It is basic idea behind centralized computing whole
businesses and yards of workers are using their computer
applications as online leased goods. All operations and data
storage are done through web-based tools and applications

connected to internet. Combination of SaaS and PaaS results
in Cloud Computing. For example, small real estate sales can
not spend money on sales database. Instead real estate owner
would lease access to secure online sales database and all real
estate agents can retrieve data using their connected computers
or hand-held devices.

ii. Platform-as-a-Service (PaaS): It is difficult to manage
PaaS as compared to managing other two types of Cloud
Computing based on services it provided. The name Platform-
as-a-Service indicates that resources are supplied through
platform. Consumers will use this platform to develop and edit

Cloud Computing – Recent Trends in Information Technology 29

applications depending on model supplied to them. It is very
easy to develop, test and deploy applications in simple and
cost effective way using PaaS. PaaS is generally used by large
corporate houses having employees for it and wants to improve
communication among their employees.

3

iv. Community Cloud: Community cloud permit various corporate houses to share infrastructure of
cloud between them along with shared data and anxiety in managing data.

Cloud Computing is nothing but a system which is composed of three main services containing Infrastructure as a
Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS).

i. Software-as-a-Service Model (SaaS): SaaS tells about at what time or situation consumer should
lease or acquire connected
routine rather than really
buying it or deploying it on
their own device. It is basic
idea behind centralized
computing whole businesses
and yards of workers are
using their computer
applications as online leased
goods. All operations and
data storage are done
through web-based tools and
applications connected to
internet. Combination of
SaaS and PaaS results in
Cloud Computing. For example, small real estate sales can not spend money on sales database.
Instead real estate owner would lease access to secure online sales database and all real estate agents
can retrieve data using their connected computers or hand-held devices.

ii. Platform-as-a-Service (PaaS): It is difficult to manage PaaS as compared to managing other two
types of Cloud Computing based on services it provided. The name Platform-as-a-Service indicates
that resources are supplied through platform. Consumers will use this platform to develop and edit
applications depending on model supplied to them. It is very easy to develop, test and deploy
applications in simple and cost effective way using PaaS. PaaS is generally used by large corporate
houses having employees for it and wants to improve communication among their employees.

iii. Infrastructure-as-a-Service (IaaS): IaaS is responsible for infrastructure that is visualization, storage
space and connection to internet. Consumer completely out-sourced facilities which will billed
according to their utilization. Though vendor is amenable to manage visualization, storage space and
connection to internet consumer should deal with data, applications, middleware and runtime.

III. BENEFITS OF CLOUD COMPUTING

 Use of Cloud Computing reduces the cost of operation environment of various corporate houses.

 Using Cloud Computing businesses can easily recover from disaster.

 It provides better security as compared to conventional systems.

 Cloud Computing provides security against ransomware or malware.

 It allows to deploy service quickly within few seconds to speed up data operations.

 It allows retrieval of data from any location at any time.

Fig. 3

iii. Infrastructure-as-a-Service (IaaS): IaaS is responsible for
infrastructure that is visualization, storage space and connection
to internet. Consumer completely out-sourced facilities which
will billed according to their utilization. Though vendor is
amenable to manage visualization, storage space and connection
to internet consumer should deal with data, applications,
middleware and runtime.

III. BenefIts of cloud computIng
∑ Use of Cloud Computing reduces the cost of operation

environment of various corporate houses.
∑ Using Cloud Computing businesses can easily recover

from disaster.
∑ It provides better security as compared to conventional

systems.
∑ Cloud Computing provides security against ransomware

or malware.
∑ It allows to deploy service quickly within few seconds to

speed up data operations.
∑ It allows retrieval of data from any location at any time.

IV. conclusIon

Cloud Computing in one of the emerging trend in technology
that has great effect on the world. It provides with user or
businesses many advantages which helps to reduce business
cost. It also has some challenges or risk associated with that
must be overcome to provide better security to user’s data.

references

[1] https://www.investopedia.com/terms/c/cloud-comput-
ing.asp

[2] https://en.m.wikipedia.org/wiki/cloud_computing
[3] h t t p s : / / s e a r c h c l o u d c o m p u t i n g . t e c h t a r g e t . c o m /

definition/cloud-computing
[4] https://www.lifewire.com/what-is-cloud-computing-

817770
[5] h t t p s : / / a w s . a m a z o n . c o m / e c 2 / ? l i n k C o d e = w 6 1 &

imprToken=Ps-8VFivSuZEem9Ki-jIRQ&slotNum=0
[6] h t t p s : / / w w w. g l o b a l d o t s . c o m / c l o u d – c o m p u t i n g –

types-of-cloud/
[7] h t t p s : / / w w w. g l o b a l d o t s . c o m / s o l u t i o n s / h o s t i n g –

hardware/public-cloud/
[8] https://www.lifewire.com/what-is-saas-software-

2483600
[9] h t t p s : / / w w w. l i f e w i r e . c o m / s a a s – p a a s – a n d – i a a s –

in-the-mobile-industry-2373137
[10] h t t p s : / / y o u r s t o r y. c o m / m y s t o r y / 2 a b 4 1 3 0 2 7 5 –

5-benefits-and-limitat
[11] https://www.channelfutures.com/from-the-industry/5-

benefits-and-3-drawbacks-of-using-cloud-storage-for-
your-baas-offering

[12] https://www.uniprint.net/en/7-types-cloud-computing-
structures/

[13] https://intellipaat.com/tutorial/amazon-web-servic-
es-aws-tutorial/advantages-and-disadvantages-of-
cloud-computing/

[14] https://www.uniprint.net/en/7-types-cloud-computing-
structures/

[15] https://www.termpaperwarehouse.com/essay-on/
Emerging-Technologies/100083

[16] https://intellipaat.com/tutorial/

amazon-web-services

–
aws-tutorial/

[17] https://aws.amazon.com/types-of-cloud-computing/
[18] https://www.monitis.com/blog/3-types-of-cloud-

computing-services/
[19] h t t p s : / / w w w. a d v a n t a g e s – d i s a d v a n t a g e s . c o /

cloud-computing-advantages-and-disadvantages/
[20] https://www.termpaperwarehouse.com/essay-on/

Emerging-Technologies/100083
[21] http://www.tutorialspoint.com/amazon_web_services/

amazon_web_services_cloud_computing.htm
[22] https://intellipaat.com/tutorial/amazon-web-services-

aws-tutorial/
[23] h t t p s : / / a c a d g i l d . c o m / b l o g / g e t t i n g – s t a r t e d – a w s –

amazon-web-services

Copyright of ANWESH: International Journal of Management & Information Technology is
the property of Publishing India Group and its content may not be copied or emailed to
multiple sites or posted to a listserv without the copyright holder’s express written permission.
However, users may print, download, or email articles for individual use.

Patel& Alabisi – Volume 17, Issue 2 (2019)

© JNBIT Vol.17, Iss.2 (2019)

11

Journal of New Business Ideas & Trends
Vol. 17 Iss.2, September 2019, pp. 11-19.
”http://www.jnbit.org”

Cloud Computing Security Risks: Identification
and Assessment

Kumar Patel
Managing Director
Enovasions Limited, Fiji

Antonina Alabisi
Westmead Hospital, NSW, Australia

Abstract

Purpose – The purpose of this paper is to explore the issues of security risks for the
various types of cloud computing in an endeavour to provide a succinct overview.
Design/methodology/approach – The approach employed in this paper involves an
assessment of the literature relating to cloud computing security risks in order to provide
a synthesis of the issues.
Originality/value – The assessment leads to a concise focus of the security issues for
cloud computing services and guidance for considering the practical application of cloud
computing risk evaluation.

Keywords: Cloud computing; security risks; risk management.

JEL Classifications: O33
PsycINFO Classifications: 4120
FoR Codes: 0803
ERA Journal ID #: 40840

Patel & Alabisi – Volume 17, Issue 2 (2019)

© JNBIT Vol.17, Iss.2 (2019)

12

Introduction

Cloud computing is arguably both an innovation in technology and an avenue for

new business ventures. However, the revelations made by Snowden that the USA had been

conducting mass surveillance and data collection through the US National Security Agency

(NSA) and various other national intelligence agencies has created additional concerns

about security when it comes to the cloud (Landau, 2013; Bauman, et al, 2014). As early as

2013 the German government adopted a particularly aggressive stance by seeking to

mitigate the dangers of cloud technology by creating secure data centres in Germany

specifically for email traffic. The use of SSL encryption was viewed as a way in which to

restrict foreign jurisdictions from gaining access. It was on August 31, 2014, that a collection

of almost 500 private pictures of various celebrities, mostly women, were hacked from the

online storage offered by Apple’s iCloud platform which is the source for automatically

backing up photos from iOS devices, such as iPhones (Satti, 2015; Bai, Xing, Zhang, Wang,

Liao, Li & Hu, 2017).

Cloud computing has been heralded as an innovation in information system

architecture, with efficient usage of computer hardware resources (Zissis & Lekkas, 2010).

However, with the exponential growth in the development and use of web based systems

and computer technology brings with it an increased risk for security breaches from hacking

(Monrose & Rubin, 1999; Choo, 2011; Teh, Teoh & Yue, 2013). The banking industry is a

prime example of a high profile industry sector that has been the focus of the greatest

number of attacks (Choo, 2011). In this regards the security of cloud based systems is also

becoming a high risk prospect for cyber crime (Kaufman, 2009).

Subsequently, there has been a growth in the literature regarding risks and concepts

for dealing with cloud security. For the most part it is important to bring these disparate

concepts of the issues and the various approaches together in an effort to better understand

the recognition of the risks and the various methods for dealing with security. This paper is

therefore concerned with drawing the information from the literature together in an effort

to present a general overview.

Background

The National Institute of Standards and Technology (NIST) proposed a broad

ranging definition of cloud computing and set out what they considered to be five essential

features, three service models and four deployment models (Mell & Grance, 2011). The five

essential features encompass; virtualized computing resource pool, broad network access,

rapid elasticity, on-demand self-service, measured service. The three service models are

Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS);

the four deployment models are private cloud, community cloud, public cloud and hybrid

cloud.

With regards to the service models Infrastructure as a Service (IaaS) as the name

implies involves a single tenant cloud layer where the Cloud computing vendor’s dedicated

resources are only shared with contracted clients at a pay-per-use fee. Software as a Service

(SaaS) also operates on the pay-per-use costing model with software applications being

Patel & Alabisi – Volume 17, Issue 2 (2019)

© JNBIT Vol.17, Iss.2 (2019)

13

leased out to contracted organisations by specialised SaaS vendors. Platform as a Service

(PaaS) works on a similar basis to IaaS however, it provides an additional level of “rented”

functionality. So there are different types of cloud computing services in much the same way

as there are different types of clouds that exist in the sky1.

A public cloud allows users’ access to the cloud via interfaces using mainstream web

browsers. Public clouds are less secure than the other cloud models because of the

additional need to ensure that all applications and data accessed on the public cloud are not

subjected to malicious attacks. A private cloud is established within an organisation and is

therefore easier to align with the security, compliance, and regulatory requirements,

providing greater control over deployment and use. In contrast, a hybrid cloud is a private

cloud which is linked to one or more external cloud services, although it is centrally

managed, acts as a single unit, and has a secure network. It consists of a mix of both public

and private clouds. Hybrid Clouds provide greater secure control over the data and

applications even though it allows various parties to access information over the Internet.

Access to any of the Cloud services is gained from two main technologies. Firstly,

Web Services are commonly used to provide access to IaaS. Secondly, Web browsers are

used in order to access SaaS applications. When it comes to PaaS environments both

approaches are used. The common thread here is the use of the internet to gain access to

any of the cloud models and it is this aspect that raises the risk factor when it comes the

potential for hacking to occur. Thus, the complexity of security risk is further compounded

by the reliance on the internet/web as the over-riding intermediary (see figure 1).

Figure 1:

Cloud Delivery Models and Deployment Models in the Internet / Web

Security Risks

There are various types of security risks and these vary according to the
distinguishing types of cloud computing environment models. To commence this
introspective analysis Chea, Duanb, Zhanga, and Fana, (2011) proposed that security risks

1 This is an interesting metaphor and arguably shares some similarities with actual cloud formations of which notably there are
10 types of cloud formations – 3 high level; 4 mid-level; and 3 low level. The use of metaphors in the computing discipline is
not surprising and is a common occurrence with examples being – the mouse; the memory (RAM); the speed (Chip speed);
and of course, artificial intelligence (AI).

Patel & Alabisi – Volume 17, Issue 2 (2019)

© JNBIT Vol.17, Iss.2 (2019)

14

could be identified as falling within the requirements for three specific parties that is
customers, service providers and government.

Security risks – customers:

The security risks that customers face in the cloud environment are generally:

1) Potential downtime with an impact on business – this cannot be totally avoided;
2) Exposure of commercial secrets – this cannot be totally avoided;
3) The privilege status of the cloud service provider gives rise to concerns over issues

such as fault elimination, damage compensation and business migration etc.

Security risks – service providers:

The security risks that service providers face in the cloud environment encompass:

1) Assurance of the long-term secure operation of the cloud data center – isolate
potential fault to reduce or minimise their influence;

2) Protection against the numerous and aggressive network hackers is a disturbing
security problem;

3) Need to effectively and securely manage demands of customers – identify and block
any malicious customers (an unavoidable task).

Security risks – government:

The security risks that government departments face in the cloud computing
environment are likely to be:

1) Need to enhance the security protection of a mass-scale data center;
2) A means to securely manage the numerous and various scale cloud service providers;
3) Evaluation and ranking of the security level of cloud service providers which extends

to include the security credit of other cloud customers, and a proactive alarm
mechanism for malicious programs.

Whilst these are intuitively obvious in most respects, they are broad in their application

to those specific groups and as such remain as general concerns to be aware of in the
assessment process.

With regards to the deployment models the security risks have been summarised in a
number of papers in particular Subashini and Kavitha (2010) and Chou (2013). Now whilst
various terminology and issues are involved it is reasonable to assume that the concepts
remain virtually consistent. In essence these can be briefly summarised in regard to the
particular service model to which they apply:

SaaS security issues:

• Data security – which in itself requires attention be paid to:
o Cross-site scripting (XSS);
o Access control weaknesses;
o OS and SQL injection flaws;
o Cross-site request forgery (CSRF);
o Cookie manipulation;
o Hidden field manipulation;
o Insecure storage;
o Insecure confirmation.

Patel & Alabisi – Volume 17, Issue 2 (2019)

© JNBIT Vol.17, Iss.2 (2019)

15

• Network security – which requires assessment be made of:
o Network penetration and packet analysis;
o Session management weaknesses;
o Insecure SSL trust configuration.

• Data locality – this is of particular concern since the location of the data storage will
be regulated by the legislation within the country in which it resides:

o Compliance and data privacy laws;
o Jurisdiction for legal action.

• Data segregation – given that there are inevitably multi users storing their data at
the same cloud site the issues of concern are:

o SQL injection flaws;
o Data validation;
o Insecure storage.

• Data access – here too the concern arises from the potential risks arising from multi
users being involved:

o Security policies;
o Limitations n levels of users.

• Authentication and authorization – this covers aspects of the methods of data access
security levels:

PaaS security issues:
This is dealt with in a much more succinct manner with the issues specifically
relating to:

• Security features and capabilities – in effect consideration of degree of flexibility to
layer additional security;

• Metrics on vulnerability – including patch coverage and application coding;

• Service Oriented Architecture (SOA) applications – machine to machine
vulnerabilities.

IaaS security issues:
Here too this is dealt with in a succinct manner and the issues in this area are
identified as being:

• Public cloud versus private cloud – there being greater risks associated with the
public cloud;

• Physical security – there needs to be attention to the security of infrastructure and a
disaster management plan;

• Encryption and security measures – cloud systems operate through the internet and
as such transmission of data is vulnerable to the same risks as face the internet.

As an alternative perspective, Zissis and Lekkas (2012) approached the security risks

and requirements for the service cloud models on two basic levels. Which they referred to as
the application level and the virtual level. The application level they proposed encompassed
the software as service model (SaaS) and the virtual level included both the platform as a
service (PaaS) and the infrastructure as a service (IaaS) model. The details of their
assessment of the security issues are therefore:

SaaS (Application level):

• Threats:
o Interception;
o Modification of data at rest and in transit;
o Data interruption (deletion);
o Privacy breach;
o Impersonation;
o Session hijacking;

Patel & Alabisi – Volume 17, Issue 2 (2019)

© JNBIT Vol.17, Iss.2 (2019)

16

o Traffic flow analysis;
o Exposure in network.

• Security requirements:
o Privacy in multitenant environment;
o Data protection from exposure;
o Access control;
o Communication protection;
o Software security;
o Service availability.

PaaS and IaaS (Virtual level):

• Threats:
o Programming flaws;
o Software modification;
o Software interruption (deletion);
o Impersonation;
o Session hijacking;
o Traffic flow analysis;
o Exposure in network;
o Defacement;
o Connection flooding;
o DDOS;
o Disrupting communications.

• Security requirements:
o Access control;
o Application security;
o Data security (data in transit, at rest and remanence);
o Cloud management control security;
o Secure images;
o Virtual cloud protection;
o Communication security.

In essence there are a number of issues and concepts that although the terminology

may differ remain for all intense and purposes as covering the same or very similar aspects
as raised in the overview of Subashini and Kavitha (2010) and Chou (2013).

Risk Management

Having determined that there are a variety of risks inherent in the use of cloud

computing it then becomes a matter of seeking to evaluate the risks in terms of their impact

upon the business emanating from the most appropriate form of cloud computing. To assist

in this the application of risk management techniques is arguably the best way forward. The

notion of risk management has links to the general insurance field dating back some

considerable time (Laing, 1992a, 1992b). In more recent times the treatment of risk

management has come under the control of the International Standards ISO 31000 which

was originally published in 2009 and then updated in February 2018. Employing the

guidelines of ISO 31000: 2009 in conjunction with the work of Fito and Guitart (2014)

developed a risk management approach for assessing cloud computing risks with attention

focusing on the application for considering a PaaS cloud model.

Patel & Alabisi – Volume 17, Issue 2 (2019)

© JNBIT Vol.17, Iss.2 (2019)

17

Whilst there is ample guidance in the ISO 31000 it is interesting to draw on the

original concepts and bring these together for the evaluation process. This is done to provide

the development of a more general framework for use in the evaluation of cloud computing

models. A specific risk management framework is presented in Figure 2.

Figure 2:

Risk Management framework for Cloud Risk Evaluation

This framework forms the basis for the risk management evaluation which follows.

For the purpose of this example the four common threats to all three deployment clouds will

be used. Given that they are common threats there is some degree of serendipity in the

evaluation concerns.

Step 1 is the establishment of the context and in this example the context is the

selection of a cloud deployment model.

Step 2 involves the identification of the threats or risks and here the four threats

common to all three are:

o Impersonation;
o Session hijacking;
o Traffic flow analysis;
o Exposure in network.

Step 3 is the analysis phase and to assist in this the process the work done by the

European Network and Information Security Agency (2012) employing the guidelines of

Patel & Alabisi – Volume 17, Issue 2 (2019)

© JNBIT Vol.17, Iss.2 (2019)

18

ISO 31000: 2009 in conjunction with the work of Fito and Guitart (2014) are used to inform

the development of the risk matrix/grid.

The matrix / grid with an explanatory legend that is employed for this example is

presented in Figure 3.

Figure 3:

Risk Matrix / Grid

Impact

Probability Very Low Low Moderate High Very High

Almost Certain H H E E E

Likely M H H E E

Probable L M H E E

Unlikely L L M H E

Rare L L M H H

Rating Descriptor Action

E = Extreme Risk Never acceptable. Immediate action required.

H = High Risk Not acceptable. Attention required.

M = Medium Risk Acceptable risk. Monitor and review.

L = Low Risk Acceptable risk. Routine monitoring.

The analysis of the four threats / risks with reference to the evaluations provided by

the European Network and Information Security Agency (2012) with additional

consideration from the assessment undertaken by Fito and Guitart (2014) result in the

following assessments.

Impersonation – Probability: Medium; Impact: High; Risk: Medium
Session hijacking – Probability: Medium; Impact: Very High; Risk: High
Traffic flow analysis – Probability: Medium; Impact: High; Risk: Medium
Exposure in network – Probability: Medium; Impact: Very High; Risk: High

Step 4 armed with the above risk assessments two of the threats, impersonation and

traffic flow analysis, have a medium risk and would therefore be considered as acceptable.

However, the remaining two threats, session hijacking and exposure in the network, present

as having high risk and these require further attention. The questions that need to be

asked are firstly can the risks be reduced and this would require determining exactly what

actions need to be undertaken once they are reduced at which stage they would need to be

reassessed. Should reduction not be possible then it would be necessary to consider whether

they can be transferred, either by insurance or some other form of mitigation. Failing to

obtain a satisfactory reduction in the risks the decision lead to rejecting the cloud model and

investigate an alternative (which may be an alternative cloud model).

Step 5 now on the assumption that the means to satisfactorily deal with the threats

and risks were found and implemented then the decision would be to proceed with the cloud

model and establish a policy for the monitoring of the risks on a regular basis.

Patel & Alabisi – Volume 17, Issue 2 (2019)

© JNBIT Vol.17, Iss.2 (2019)

19

Conclusion

The security and the risks associated with the various cloud computing models may
well be outweighed by other matters. For example, the costs to a business can not be
overlooked and the cloud computing models offer benefits that undoubtedly need to be
given consideration. To that end future research may prove beneficial in incorporating the
benefits into the evaluation process and extending the framework to accommodate the
alternative perspectives.

Further research may also provide the means to reduce the threats and risks by

merging them into categories that share very similar properties. This might be achievable
through the use of statistical evaluation techniques such as factor analysis.

References

Bai, X., Xing, L., Zhang, N., Wang, X., Liao, X., Li, T., & Hu, S. M. (2017). Apple ZeroConf holes: How hackers

can steal iPhone photos. IEEE Security & Privacy, 15(2), 42-49.

Bauman, Z., Bigo, D., Esteves, P., Guild, E., Jabri, V., Lyon, D., & Walker, R. B. (2014). After Snowden:
Rethinking the impact of surveillance. International political sociology, 8(2), 121-144.

Chea, J., Duanb, Y., Zhanga, T. & Fana, J. (2011). Study on the security models and strategies of cloud
computing, Procedia Engineering 23, 586–593.

Choo, K. K. R. (2011). The cyber threat landscape: Challenges and future research directions. Computers &
Security, 30(8), 719-731.

Chou, T. S. (2013). Security threats on cloud computing vulnerabilities. International Journal of Computer
Science & Information Technology, 5(3), 79-88.

European Network and Information Security Agency (2012). Cloud Computing: Benefits, risks and
recommendations for information security, www.enisa.europa.eu

Fito, J. O. & Guitart, J. (2014). Business-driven management of infrastructure-level risks in Cloud providers,
Future Generation Computer Systems, 32, 41-53.

Kaufman, L. M. (2009). Data security in the world of cloud computing. IEEE Security & Privacy, 7(4), 61-64.

Laing, G.K. (1992 a). The Function of Risk Management, Australian Insurance Institute Journal, February, 49-
50.

Laing, G.K. (1992 b). Risk Management and the Role of the Insurance Broker, Australian Insurance Institute
Journal, July, 53-54.

Landau, S. (2013). Making sense from Snowden: What’s significant in the NSA surveillance revelations. IEEE
Security & Privacy, 11(4), 54-63.

Mell, P. & Grance, T. (2011). The NIST Definition of Cloud – Special Publication 800-145, National Institute of
Standards and Technology – U.S. Department of Commerce: Gaithersburg, MD.
Computinghttps://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145

Monrose, F. & Rubin, A. (2000). Keystroke dynamics as a biometric for authentication, Future Generation
Computer Systems, 16, 351-359.

Oestreicher, K. (2014). A forensically robust method for acquisition of iCloud data. Digital Investigation, 11,
S106-S113.

Satti, C. (2015). A Call to (Cyber) Arms: Applicable Statutes and Suggested Courses of Action for the Celebrity
iCloud Hacking Scandal. Quinnipiac Law Review, 34, 561-581.

Subashini, S. & Kavitha, V. (2010). A survey on security issues in service delivery models of cloud computing,
Journal of Network and Computer Applications, 34(1), 1-11.

Teh, P., Teoh, A. & Yue, S. (2013). A Survey of Keystroke Dynamics Biometrics, Scientific World Journal, 1-24.

Zissis, D. & Lekkas, D. (2010). Addressing cloud computing security issues, Future Generation Computer
Systems, 28, 583-592.

http://www.enisa.europa.eu/

Copyright of Journal of New Business Ideas & Trends is the property of Australian Business
Education Research Association and its content may not be copied or emailed to multiple sites
or posted to a listserv without the copyright holder’s express written permission. However,
users may print, download, or email articles for individual use.

TELKOMNIKA,Vol.17, No.6, December 2019, pp.2812~2817

ISSN: 1693-6930, accredited First Grade by Kemenristekdikti, Decree No: 21/E/KPT/2018
DOI: 10.12928/TELKOMNIKA.v17i6.12490 ◼ 2812

Received February 5, 2019; Revised June 6, 2019; Accepted July 2, 2019

A brief review: security issues in cloud computing
and their solutions

Iqbal Ahmed
Department of Computer Science and Engineering, University of Chittagong,

Chittagong-4331, Bangladesh
*Corresponding author, e-mail: iqbal.ahmed@cu.ac.bd

Cloud computing is an Internet-based, emerging technology, tends to be prevailing in our
environment especially in the field of computer sciences and information technologies which require
network computing on large scale. Cloud Computing is a shared pool of services which is gaining
popularity due to its cost, effectiveness, avilability and great production. Along with its numerous benefits,
cloud computing brings much more challenging situation regarding data privacy, data protection,
authenticated access, Intellectual property rights etc. Due to these issues, adoption of cloud computing is
becoming difficult in today’s world. In this review paper, various security issues regarding data privacy and
reliability, key factors which are affecting cloud computing, have been addressed and also suggestions on
particular areas have been discussed.

Keywords: cloud computing, cloud security, data encryption, data protection, digital signature

Copyright © 2019 Universitas Ahmad Dahlan. All rights reserved.

1. Introduction

Cloud computing is a service that is internet based and that gives the facility of sharing
computer resources along with other devices on user demand. It is a mechanism to enable on
demand shared resources. For example, server, data centre, networks, storage applications
which can store data. That can be generated with minimum effort. In addition, cloud computing
provides the facility to the organizations and users to keep their data on private or third-party
storage location and these locations/data centres may be located far away from user, may be in
some other city or country in this world. National Institute of Standard and Technology (NIST)
gives the cloud computing’s definition as cloud computing is a model for enabling ubiquitous,
convenient, on-demand network access to a shared pool of configurable computing resources
(e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and
released with minimal management effort or service provider interaction [1, 2]. For better
understanding of cloud computing services, one needs to comprehend the importance and
characteristics of cloud services which are explained here and represented in Figure 1 [3]:
– On demand Self-service: It refers to the service which enables provisioning of cloud

resources to vendors on demand or whenever they are required such as network storage,
service time without human interaction.

– Broad Network Access: Services are accessible over the network which are retrieved
through some standardized mechanism which promotes the usages of heterogeneous
platforms (workstations, tablets, laptops, mobile phones).

– Resource Pooling: Resources of cloud provider are pooled over the server. Consumers are
assigned different resources which are either physical or virtual one. Generally, consumers
have no idea of exact location the resources provided to them except at the abstraction
level like state, city, country or data centre.

– Rapid Elasticity: Services can be elastically released and monitored for consumers
services available to them can often appear as unlimited which can be scaled in quantity
anytime.

– Measured Services: Cloud system are so designed that they can monitor the resource
usages, for example processing, bandwidth and active user accounts, storage to deliver
transparency to provider as well as consumer. At some level of abstraction, they can
optimize the resource usage by keeping a check through metering capability.

TELKOMNIKA ISSN: 1693-6930 ◼

A brief review: security issues in cloud computing and their solutions (Iqbal Ahmed)

2813

This paper is divided into following sections: section 1 tells about the introduction of
cloud computing, section 2 gives the idea of cloud computing models while section 3 is the brief
introduction of related works. Section 4 is about the factors affecting cloud computing, section 5
is the possible threats regarding the cloud computing paradigm and finally section 6 gives some
solutions to the security issues. The conclusive remark is in section 7.

2. Cloud Service Models

The benefits and impotence of cloud computing might be very appealing and
demandable, but it has got huge number of risks and security issues like data leakage, data
loss, intruder attacks, malicious insiders etc. Following service models are defined by NIST
which includes three categories [1, 3, 4]:
– Infrastructure as a Service (IaaS): IaaS is all about providing the virtual machine, operating

systems or networks to the end users. Some other computing resources are also supported
in IaaS, where the customer or client can run arbitrary operating system on virtual machine
or any other software. Client can control only the operating system or software which he is
running but he loses his control on the infrastructure which is providing him all these
services.

– Software as a Service (SaaS): In this kind of scenario, user is only using the applications
which are being provided by the vendor and those applications run on the cloud services.
Same application is accessible by many other clients as well through some common
mechanism, for example by using web browser or email. Additionally, the clients or users
have no control over the application or underlying infrastructure, network server or
operating system upon which these applications run.

– Platform as a Service (PaaS): In PaaS, the client is able to create their own desired
application by using some programming language, linked libraries. These languages or
libraries are supported by the vendor. After creating the user desired application, it is
deployed on the server provided by the vendor. User has also the authority to configure its
application or can change the configuration settings later on. The next Figure 2 shows
the relationships of the clients and three service models defined bu NIST.

Figure 1. Cloud computing
characteristics

Figure 2. Different cloud

service models

3. Related Works

Agarwal A et al. highlight the emergence of cloud computing along with its security
concerns like data loss, data breaches, insecure APIs, account hijacking, denial of
services [4, 5]. P Garg et al. have worked on different cloud security aspects like basic security
which includes Cross site scripting attacks, SQL injection attacks, Man in the middle attacks [6].
Pradeep Kumar Sharma et al. also work for the security concerns of cloud like cost
model charge [6, 7], service level agreements and issue of migration should be dealt. Naseer
Amara et al. highlighted the security threats, architectural principles and cloud security attacks

◼ ISSN: 1693-6930

TELKOMNIKA Vol. 17, No. 6, December 2019: 2812-

2817

2814

with their techniques that can minimize the effects of malicious attacks (mitigation
techniques) [8, 9]. Iqbal Ahmed et al. introduces green IT as a Service (GaaS), which is
important for modern days sustainability concern [10]. S Ajoudaninan et al. said that following
three parameters were the most crucial (a) data confidentiality (b) integrity (c) availability [11].
She proposed a new security model (CIA) [11], for cloud computing.

4. Factors Affecting Cloud Security

There are numerous key factors which may affect cloud computing performance
because it is surrounded by many technologies, for example, load balancing, network,
concurrency control, virtualization, operating system, database, memory management etc [12].
The main key factors which are affecting cloud performance are shown in Figure 3. The security
factors of these technologies affecting the cloud computing are appropriate; for example,
network which connects the cloud computing to the outer world has to be secured. Virtualization
concept has to be carried out securely when mapping with the physical systems. Load
balancing involves the handling of incoming requests traffic which sometimes overloads
the server. Data mining algorithms can be applied to cope with malicious attacks.

Figure 3. Factors affecting cloud security

5. Possible Threats Regarding Cloud Computing

Nowadays cloud computing is getting so much popularity that it is in the limelight of modern
era. Along with its huge benefits cloud computing is facing much security issues which need
considerable attention to resolve them for the betterment of this services. Following are
the major concerns [13]:
– Outsourcing: in outsourcing the data, consumer might get lose the control. Some kind of

appropriate mechanism is needed to prevent the cloud service provider (CSPs) to use
the data against the consent of their clients.

– Multitenancy: cloud is a shared pool of resources. Protection of data must be taken into
account while providing the multi-tenant environment.

– Service Level Agreements (SLA): a clear contract between the consumer and provider is
needed. The main goal of agreements is to build trust.

– Heterogeneity: different cloud providers have different mechanism of data protection which
leads to integration challenges.

– Server Downtime: downtime is the time in which the system starts responding to the client
after some service failure. Downtime should be kept minimized and power backups must be
installed to keep down time minimum.

TELKOMNIKA ISSN: 1693-6930 ◼

A brief review: security issues in cloud computing and their solutions (Iqbal Ahmed)

2815

– Backup: Data uploaded by the clients, should be backed up in case of any service failure.
Cloud seller should mention in the SLAs that in case of any disaster what should be
the remedy or solutions to such problems. There is very rare chance of whole system failure
like flood etc.

– Data Redundancy: Data redundancy is a situation in which same data is being kept on two
different places. In case of cloud computing, it can be understood as to provide copies of
same data, systems or equipment to the clients, cloud provider should try to keep data
redundancy minimum.

6. Solutions to Security Challenges in Cloud Computing

Security challenges in cloud computing need to be addressed properly. If appropriate
solutions are not being provided, adoption of cloud environment becomes more difficult. Apart of
adoption, data transmission and operation tend to become more tedious. Figure 4 elaborates
that data protection and privacy is the most crucial factor among all [14]. Following are some
solutions which needs to be considered while considering about cloud computing security
challenges.

Figure 4. Data security challenges

6.1. Data Encryption

Encryption is said to be a better approach regarding data security. Data should be
encrypted before sending it to cloud. Data owner can permit some particular members to have
access to that data [14]. The file or data being sent to cloud should be encrypted first then
before storing it on cloud it should be again encrypted by the cloud provider; the process is
known as multistage encryption. It has been observed that combination of different encryption
algorithms provides better encryption on data. Experimental results show that RSA+IDEA gives
the higher performance of encryption in securing the data [15, 16].

6.2. Legal Jurisdiction

When it comes to understand and analyse the legal jurisdiction of cloud computing, the
very basic aspects of cloud environment complicate the data protection, for example presence

◼ ISSN: 1693-6930
TELKOMNIKA Vol. 17, No. 6, December 2019: 2812-2817

2816

of internet, virtualization, dynamically distributed data, multinational elements. Consumers
normally do not know that where their data resides in cloud. For example, a client from India
may be using a server deployed in USA, using an application which has been developed in
Japan and storing his crucial data at a data centre which is physically located in
Switzerland [17]. Therefore, the resource allocated to the consumers should be marked to make
sure that data is segregated [18].

6.3. Distributed Denial of Service (DDoS)

Distributed Denial of Service is a kind of attack in which attacker creates some zombie
machine by infecting the machine over the internet [19-22]. Then these infected machines are
used to attack on victim. When attacks/traffic from so many infected machines are directed
towards one victim, its resource like CPU, bandwidth and memory starts getting exhausted and
particular resource becomes unavailable for consumers. To cope with this Deepali et al. [19]
has introduced a layer named as fog layer which sites in between cloud server and user.
All the requests made to server are filtered through this fog layer and DDoS attacks
get minimized.

6.4. Digital Signature

Digital signature is powerful tool for securing data in cloud computing [23, 24].
P Rewagad et al. [25] has proposed a solution using digital signature to secure data along with
Diffie Hellman key exchange with AES encryption algorithm. Diffie Hellman key exchange
facility marks it useless if the key is hacked in transmission because it us useless without private
key of user, which is confined to legitimate user only. This three-way mechanism which is
proposed in that paper makes it harder to hack security system, therefore, protecting the data
that resides in cloud.

7. Conclusion

This paper gave the overview of cloud computing, its various security aspects and key
factors which are affecting the cloud security. Cloud consumer and provider should be sure that
their cloud is fully secure and protected. Cloud computing is growing in every industry however
it suffers from certain issues regarding security and protection which are hurdle in its adoption
widely. Solutions to these problems have been suggested which can be used for better
performance of cloud services in future.

References
[1] Mell P, Grance T. The NIST Definition of Cloud Computing. NIST special publication 800-145.

September 2011.
[2] Rashid Dar Ab, Ravindran D. A Comprehensive Study on Cloud Computing. International Journal of

Advance Research in Science and Engineering. 2018; 7(4): 235-242.
[3] Mell P, Grance T. The NIST Definition of Cloud Computing, version 15. National Institute of Standards

and Technology (NIST), Information Technology Laboratory. 2011.
[4] Simmon E. Evaluation of Cloud Computing Services Based on NIST 800-145. NIST special

Publication. USA. 2018: 500-322
[5] Agarwal A, Siddharth S, Bansal P. Evolution of Cloud Computing and related security concerns. 2016

Symposium on Colossal Data Analysis and Networking (CDAN). Indore. 2016: 1-9.
[6] Chetan M B, Bhojannavar SS, Danawade VM. Cloud Computing: Research Activities and Challenges.

International Journal of Emerging Trends & Technology in Computer Science. 2013; 2(5): 206-214.
[7] Grag P, Goel S, Sharma A. Security Techniques for Cloud Computing Environment. IEEE

International Conference on Computing, Communication and Automation (ICCCA). Greater Noida.
2017: 771-776.

[8] Sharma PK, Kaushik PS, Agarwal P, Jain P, Agarwal S, Dixit K. Issues and Challenges of data
security in a Cloud Computing Environment. 2017 IEEE 8th Annual Ubiquitous Computing, Electronics
and Mobile Communication Conference (UEMCON). New York. 2017: 560-566.

[9] Amara N, Zhiqui H, Ali A. Cloud Computing Security Threats and Attacks with their Mitigation
Techniques. 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge
Discovery (CyberC). IEEE Explorer. Nanjing. 2017: 244-251.

TELKOMNIKA ISSN: 1693-6930 ◼

A brief review: security issues in cloud computing and their solutions (Iqbal Ahmed)
2817

[10] Ahmed I, Okumura H, Arai K. Identifying Green Services using GSLA for Achieving Sustainability in
Industries. International Journal of Advanced Computer Science and Applications (IJACSA). 2016;
7(9): 160-167.

[11] Ajoudanian Sh, Ahmadi MR. A Novel Data Security Model for Cloud Computing. International Journal
of Engineering and Technology. 2012; 4(3): 326-329.

[12] Qadiree J, Maqbool IM. Solutions of Cloud Computing Security Issues. International Journal of
Computer Science Trends and Technology (IJCST). 2016; 4(2): 38-42.

[13] Shahzad F. State-of-the-art Survey on Cloud Computing Security Challenges, Approaches and
Solutions. Procedia Computer Science. 2014; 37: 357-362.

[14] Rao RV, Selvamani K. Data Security Challenges and its Solutions in Cloud Computing. Procedia
Computer Science. 2015; 48: 204-209.

[15] Chennam KK, Muddana L, Aluvalu RK. Performance Analysis of Various Encryption Algorithms for
Usage in Multistage Encryption for securing data in Cloud. 2nd IEEE International Conference on
Recent trends in Electronics, Information & Communication Technology (RTEICT). India.
2017: 2030-2033.

[16] Yan Z, Deng RH, Varadharajan V. Cryptography Data Security in Cloud Computing. Information
Sciences. 2017; 387: 53-55.

[17] Sony R, Rao SKD, Prasad DB. Data Protection and Cloud Computing: A Jurisdictional Aspect. Law
Journal of Higher School of Economics. Annual review. 2013: 81-91.

[18] Harfoushi O, Alfawwaz B, and Ghatasheh NA. Data Security Issues and Challenges in Cloud
Computing: A conceptual Analysis and Review. Communications and Network 2014; 6(1): 15-21.

[19] Deepali, Bhushan K. DDoS Attack Defense Framework for Cloud using Fog Computing. 2nd IEEE
International Conference on Recent trends in Electronics, Information & Communication Technology
(RTEICT). India. 2017: 534-538.

[20] Somani, Gaurav. DDoS attacks in cloud computing: Collateral damage to non-targets. Computer
Networks. 2016; 109: 157-171.

[21] Paharia, Bhumika, Bhushan K. DDoS Detection and Mitigation in Cloud Via FogFiter: A Defence
Mechanism. 2018 9th International Conference on Computing, Communication and Networking
Technologies (ICCCNT). India. 2018: 1-7.

[22] Alqahtani, Sarra M, Rose F, Gamble. DDoS Attacks in Service Clouds. 48th Hawaii International
Conference on System Sciences. USA. 2015: 5331-5340.

[23] Merkle, Ralph C. A Certified Digital Signature. CRYPTO. New York. 1989: 218-238.
[24] Grobauer, Bernd, Tobias Walloschek, Elmar Stocker. Understanding Cloud Computing Vulnerabilities.

IEEE Security & Privacy. 2010; 9(2): 50-57.
[25] Rewagad P, Pawar Y. Use of Digital Signature with Diffie Hellman Key Exchange and AES Encryption

Algorithm to Enhance Data Security in Cloud Computing. 2013 International Conference on
Communication Systems and Network technologies. India. 2013: 437-439.

Copyright of Telkomnika is the property of Department of Electrical Engineering, Ahmad
Dahlan University and its content may not be copied or emailed to multiple sites or posted to
a listserv without the copyright holder’s express written permission. However, users may
print, download, or email articles for individual use.