The economic benefits and scalability of public cloud computing are already undeniable due to recent advancements in the field; the only question that remains is cloud security. Despite the enormous benefits of moving their computing workload to the cloud, many organizations continue to show resistance to this change. Cloud security concerns are the most frequently mentioned cause. Organizations are concerned by a larger attack surface created by the worldwide accessibility of services in the cloud. The security and risk control set that enterprises can apply in the cloud is also often limited and impacted by the interoperability and support provided by the chosen Cloud Service Providers (CSPs), and organizations are often not allowed to extend their trusted security solutions they are already familiar with to the cloud. Yet, both traditional computing and cloud computing include security risks, and cloud risk is just as controllable as traditional IT risk. Secondary data obtained from Identity Theft Resource Centre (ITRC) database on cloud incidents from year 2020 to 2022 were analyzed in this study. To determine the primary underlying causes of cybersecurity events observed across the years covered by the available data, the study used trend analysis and descriptive statistics. The analysis shows that cloud incidents are not different from traditional incident and organizations can leverage existing capabilities already developed in traditional computing towards managing the cloud risk. Also, organizations need to take be proactive in their responsibility and take ownership of the risks. As the study shows, the majority of cloud incidents are caused by knowledge gaps and the cloud customer's inability to exercise due diligence and care in ensuring effective controls are put in place to stop prevalent attacks. Effective cloud training and adherence to the established cloud control matrix, like the CSA, would successfully lower risk to a reasonable level.
Published in | Mathematics and Computer Science (Volume 9, Issue 5) |
DOI | 10.11648/j.mcs.20240905.11 |
Page(s) | 88-95 |
Creative Commons |
This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited. |
Copyright |
Copyright © The Author(s), 2024. Published by Science Publishing Group |
Public, Cloud, Risk, Security, Governance
[1] | N. Caithness, M. Drescher, and D. William, "Can functional characteristics usefully define the cloud computing landscape, and is the current reference model correct? " Journal of Cloud Computing: Advances, Systems and Applications, vol. 6, no. 10, 2017. |
[2] | P. Mell and T. Grance, "The NIST Definition of Cloud Computing," National Institute of Standards and Technology Special Publications, Vols. 800-145, pp. 1-7, 2011. |
[3] | H. Ahmed, M. Ali, L. Kadhum, M. Zolkipli, and Y Alsariera, “A review of challenges and security risks of cloud computing.” Journal of Telecommunication, Electronic and Computer Engineering (JTEC), 9(1-2), pp 87-91, 2017. |
[4] | R. Latif, H. Abbas, S. Assar, and Q. Ali, “Cloud Computing Risk Assessment: A Systemic Literature Review” in Future Information Technology, vol 276, 2014. |
[5] | J. Hedman, and X. Xiao, “Transition to the Cloud: A vendor Perspective,” 2016 49th Hawaii Internarional Conference on System Sciences (HICSS), Koala, HI, USA, 2016, pp 3989-3998. |
[6] | N. Daylami, "The Origin and Construct of Cloud Computing," International Journal of the Academic Business World, vol. 9, no. 2, pp. 39-45, 2015. |
[7] | A. Rot, "Data and Services Security Issues and Challenges in Cloud Computing Environments," in 22nd World Multi-Conference on Systemics, Cybernetics and Infomatics, Wroclaw, 2018. |
[8] | M. Liangli, S. Yufei, C. Yanshen and W. Qungyi, "Virtualization MAturity Refernce Model for Green Software," International Conference on Control Engineering and Commincation Technology, 2012. |
[9] | L. Malhotra and D. Agarwal, "Virtualization in Cloud Computing," Journal of Information Technology and Software Engineering, vol. 4, no. 2, pp. 1-3, 2014. |
[10] | S. Goyal, "Public vs Private vs Community - Cloud Computing: A Critical Review," International Journal Computer Network and Information Security, vol. 3, pp. 20-29, 2014. |
[11] |
M. S. R. C. (MSRC), "Investigation Regarding Misconfigured Microsoft Storage Location," Microsoft Inc., 19 October 2022. [Online]. Available:
https://msrc-blog.microsoft.com/2022/10/19/investigation-regarding-misconfigured-microsoft-storage-location-2/ [Accessed 19 November 2022]. |
[12] |
S. Gatlan, "Microsoft data breach exposes customers' contact info, emails," Bleeping Computer, 19 October 2022. [Online]. Available:
https://www.bleepingcomputer.com/news/security/microsoft-data-breach-exposes-customers-contact-info-emails/ [Accessed 15 December 2022]. |
[13] | R. Mogull, J. Arlen, F. Gilbert, A. Lane, D. Mortman, G. Peterson and M. Rothman, "Security Guidance for Critical Areas of Focus in Cloud Computing v4.0," Cloud Security Alliance, 2021. |
[14] | F. Pfarr, T. Buckel and A. Winkelmann, "Cloud Computing Data Protection - A Literature Review and Analysis," in 47th Hawaii International Conference on System Science, Hawaii, 2014. |
[15] | M. Yildiz, J. Abawajy, E. Tuncay and A. Bernoth, "A Layered Security Approach for Cloud Computing Infrastructure," in 10th International Symposium on Pervasive Systems, Algorithms, and Networks, 2009. |
[16] | B. Grobauer and T. Schrek, "Towards Incident Handling in the Cloud: Challenges and Approaches," in Cloud Computing Security Workshop, Chicago, 2010. |
[17] |
I. T. R. Center, "Q3 Data Breach Analysis," Identity Theft Resource Center, October 2022. [Online]. Available:
https://www.idtheftcenter.org/publication/q3-2022-data-breach-analysis/ [Accessed 15 December 2022]. |
[18] | J. E. Thomas, "Individual CyberSecurity: Empowering Employees to Resist Spear Phishinh to Prevent Identity Theft and Ransomeware Attacks," International Journal of Business and Management, vol. 13, no. 6, 2018. |
[19] | A. Kerman, O. Borchert, S. Rose and A. Tan, Implementing a Zero Trust Architecture, National Institute of Standards and Technology, 2020. |
[20] | I. Indu, R. Anand and V. Bhaskar, "Identity and Access Management in Cloud Environment: Mechanisms and Challenges," International Journal of Engineering Science and Technology, vol. 21, pp. 574-588, 2018. |
[21] | M. Armbrust, A. Fox, A. D. Joseph, R. Griffith, R. H. Katz, A. Konwinski, G. Lee, D. A. Patterson, A. Rabkin, I. Stoica and M. Zaharia, "Above the Clouds: A Berkeley View of Cloud Computing," Electrical Engineering and Computer Sciences, University of Califonia, Berkeley, 2009. |
APA Style
Ogundapo, A., Ezeaputa, V. N. (2024). Managing Security Risks of Public Cloud Computing. Mathematics and Computer Science, 9(5), 88-95. https://doi.org/10.11648/j.mcs.20240905.11
ACS Style
Ogundapo, A.; Ezeaputa, V. N. Managing Security Risks of Public Cloud Computing. Math. Comput. Sci. 2024, 9(5), 88-95. doi: 10.11648/j.mcs.20240905.11
AMA Style
Ogundapo A, Ezeaputa VN. Managing Security Risks of Public Cloud Computing. Math Comput Sci. 2024;9(5):88-95. doi: 10.11648/j.mcs.20240905.11
@article{10.11648/j.mcs.20240905.11, author = {Ayokunmi Ogundapo and Vitus Nnamdi Ezeaputa}, title = {Managing Security Risks of Public Cloud Computing }, journal = {Mathematics and Computer Science}, volume = {9}, number = {5}, pages = {88-95}, doi = {10.11648/j.mcs.20240905.11}, url = {https://doi.org/10.11648/j.mcs.20240905.11}, eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.mcs.20240905.11}, abstract = {The economic benefits and scalability of public cloud computing are already undeniable due to recent advancements in the field; the only question that remains is cloud security. Despite the enormous benefits of moving their computing workload to the cloud, many organizations continue to show resistance to this change. Cloud security concerns are the most frequently mentioned cause. Organizations are concerned by a larger attack surface created by the worldwide accessibility of services in the cloud. The security and risk control set that enterprises can apply in the cloud is also often limited and impacted by the interoperability and support provided by the chosen Cloud Service Providers (CSPs), and organizations are often not allowed to extend their trusted security solutions they are already familiar with to the cloud. Yet, both traditional computing and cloud computing include security risks, and cloud risk is just as controllable as traditional IT risk. Secondary data obtained from Identity Theft Resource Centre (ITRC) database on cloud incidents from year 2020 to 2022 were analyzed in this study. To determine the primary underlying causes of cybersecurity events observed across the years covered by the available data, the study used trend analysis and descriptive statistics. The analysis shows that cloud incidents are not different from traditional incident and organizations can leverage existing capabilities already developed in traditional computing towards managing the cloud risk. Also, organizations need to take be proactive in their responsibility and take ownership of the risks. As the study shows, the majority of cloud incidents are caused by knowledge gaps and the cloud customer's inability to exercise due diligence and care in ensuring effective controls are put in place to stop prevalent attacks. Effective cloud training and adherence to the established cloud control matrix, like the CSA, would successfully lower risk to a reasonable level. }, year = {2024} }
TY - JOUR T1 - Managing Security Risks of Public Cloud Computing AU - Ayokunmi Ogundapo AU - Vitus Nnamdi Ezeaputa Y1 - 2024/11/18 PY - 2024 N1 - https://doi.org/10.11648/j.mcs.20240905.11 DO - 10.11648/j.mcs.20240905.11 T2 - Mathematics and Computer Science JF - Mathematics and Computer Science JO - Mathematics and Computer Science SP - 88 EP - 95 PB - Science Publishing Group SN - 2575-6028 UR - https://doi.org/10.11648/j.mcs.20240905.11 AB - The economic benefits and scalability of public cloud computing are already undeniable due to recent advancements in the field; the only question that remains is cloud security. Despite the enormous benefits of moving their computing workload to the cloud, many organizations continue to show resistance to this change. Cloud security concerns are the most frequently mentioned cause. Organizations are concerned by a larger attack surface created by the worldwide accessibility of services in the cloud. The security and risk control set that enterprises can apply in the cloud is also often limited and impacted by the interoperability and support provided by the chosen Cloud Service Providers (CSPs), and organizations are often not allowed to extend their trusted security solutions they are already familiar with to the cloud. Yet, both traditional computing and cloud computing include security risks, and cloud risk is just as controllable as traditional IT risk. Secondary data obtained from Identity Theft Resource Centre (ITRC) database on cloud incidents from year 2020 to 2022 were analyzed in this study. To determine the primary underlying causes of cybersecurity events observed across the years covered by the available data, the study used trend analysis and descriptive statistics. The analysis shows that cloud incidents are not different from traditional incident and organizations can leverage existing capabilities already developed in traditional computing towards managing the cloud risk. Also, organizations need to take be proactive in their responsibility and take ownership of the risks. As the study shows, the majority of cloud incidents are caused by knowledge gaps and the cloud customer's inability to exercise due diligence and care in ensuring effective controls are put in place to stop prevalent attacks. Effective cloud training and adherence to the established cloud control matrix, like the CSA, would successfully lower risk to a reasonable level. VL - 9 IS - 5 ER -