Browse

Journals By Subject

Life Sciences, Agriculture & Food
Chemistry
Medicine & Health
Materials Science
Mathematics & Physics
Electrical & Computer Science
Earth, Energy & Environment
Architecture & Civil Engineering
Education
Economics & Management
Humanities & Social Sciences
Multidisciplinary

Books

Publish Conference Abstract Books
Upcoming Conference Abstract Books
Published Conference Abstract Books
Publish Your Books
Upcoming Books
Published Books

Proceedings

Events

Events
Five Types of Conference Publications

Join

Join the Editorial Board
Become a Reviewer

Information

For Authors
For Reviewers
For Editors
For Conference Organizers
For Librarians
Article Processing Charges
Special Issue Guidelines
Editorial Process
Manuscript Transfers
Peer Review at SciencePG
Open Access
Copyright and License
Ethical Guidelines
Submit an Article
Research Article | | Peer-Reviewed

Managing Security Risks of Public Cloud Computing

Ayokunmi Ogundapo* Vitus Nnamdi Ezeaputa
Published in Mathematics and Computer Science (Volume 9, Issue 5)
Received: 16 July 2024     Accepted: 17 October 2024     Published: 18 November 2024
Views:       Downloads:
Download PDF
Abstract

The economic benefits and scalability of public cloud computing are already undeniable due to recent advancements in the field; the only question that remains is cloud security. Despite the enormous benefits of moving their computing workload to the cloud, many organizations continue to show resistance to this change. Cloud security concerns are the most frequently mentioned cause. Organizations are concerned by a larger attack surface created by the worldwide accessibility of services in the cloud. The security and risk control set that enterprises can apply in the cloud is also often limited and impacted by the interoperability and support provided by the chosen Cloud Service Providers (CSPs), and organizations are often not allowed to extend their trusted security solutions they are already familiar with to the cloud. Yet, both traditional computing and cloud computing include security risks, and cloud risk is just as controllable as traditional IT risk. Secondary data obtained from Identity Theft Resource Centre (ITRC) database on cloud incidents from year 2020 to 2022 were analyzed in this study. To determine the primary underlying causes of cybersecurity events observed across the years covered by the available data, the study used trend analysis and descriptive statistics. The analysis shows that cloud incidents are not different from traditional incident and organizations can leverage existing capabilities already developed in traditional computing towards managing the cloud risk. Also, organizations need to take be proactive in their responsibility and take ownership of the risks. As the study shows, the majority of cloud incidents are caused by knowledge gaps and the cloud customer's inability to exercise due diligence and care in ensuring effective controls are put in place to stop prevalent attacks. Effective cloud training and adherence to the established cloud control matrix, like the CSA, would successfully lower risk to a reasonable level.

Published in Mathematics and Computer Science (Volume 9, Issue 5)
DOI 10.11648/j.mcs.20240905.11
Page(s) 88-95
Creative Commons

This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited.

Copyright

Copyright © The Author(s), 2024. Published by Science Publishing Group
Previous article
Keywords

Public, Cloud, Risk, Security, Governance

References
[1] N. Caithness, M. Drescher, and D. William, "Can functional characteristics usefully define the cloud computing landscape, and is the current reference model correct? " Journal of Cloud Computing: Advances, Systems and Applications, vol. 6, no. 10, 2017.
[2] P. Mell and T. Grance, "The NIST Definition of Cloud Computing," National Institute of Standards and Technology Special Publications, Vols. 800-145, pp. 1-7, 2011.
[3] H. Ahmed, M. Ali, L. Kadhum, M. Zolkipli, and Y Alsariera, “A review of challenges and security risks of cloud computing.” Journal of Telecommunication, Electronic and Computer Engineering (JTEC), 9(1-2), pp 87-91, 2017.
[4] R. Latif, H. Abbas, S. Assar, and Q. Ali, “Cloud Computing Risk Assessment: A Systemic Literature Review” in Future Information Technology, vol 276, 2014.
[5] J. Hedman, and X. Xiao, “Transition to the Cloud: A vendor Perspective,” 2016 49th Hawaii Internarional Conference on System Sciences (HICSS), Koala, HI, USA, 2016, pp 3989-3998.
[6] N. Daylami, "The Origin and Construct of Cloud Computing," International Journal of the Academic Business World, vol. 9, no. 2, pp. 39-45, 2015.
[7] A. Rot, "Data and Services Security Issues and Challenges in Cloud Computing Environments," in 22nd World Multi-Conference on Systemics, Cybernetics and Infomatics, Wroclaw, 2018.
[8] M. Liangli, S. Yufei, C. Yanshen and W. Qungyi, "Virtualization MAturity Refernce Model for Green Software," International Conference on Control Engineering and Commincation Technology, 2012.
[9] L. Malhotra and D. Agarwal, "Virtualization in Cloud Computing," Journal of Information Technology and Software Engineering, vol. 4, no. 2, pp. 1-3, 2014.
[10] S. Goyal, "Public vs Private vs Community - Cloud Computing: A Critical Review," International Journal Computer Network and Information Security, vol. 3, pp. 20-29, 2014.
[11] M. S. R. C. (MSRC), "Investigation Regarding Misconfigured Microsoft Storage Location," Microsoft Inc., 19 October 2022. [Online]. Available:

https://msrc-blog.microsoft.com/2022/10/19/investigation-regarding-misconfigured-microsoft-storage-location-2/ [Accessed 19 November 2022].

[12] S. Gatlan, "Microsoft data breach exposes customers' contact info, emails," Bleeping Computer, 19 October 2022. [Online]. Available:

https://www.bleepingcomputer.com/news/security/microsoft-data-breach-exposes-customers-contact-info-emails/ [Accessed 15 December 2022].

[13] R. Mogull, J. Arlen, F. Gilbert, A. Lane, D. Mortman, G. Peterson and M. Rothman, "Security Guidance for Critical Areas of Focus in Cloud Computing v4.0," Cloud Security Alliance, 2021.
[14] F. Pfarr, T. Buckel and A. Winkelmann, "Cloud Computing Data Protection - A Literature Review and Analysis," in 47th Hawaii International Conference on System Science, Hawaii, 2014.
[15] M. Yildiz, J. Abawajy, E. Tuncay and A. Bernoth, "A Layered Security Approach for Cloud Computing Infrastructure," in 10th International Symposium on Pervasive Systems, Algorithms, and Networks, 2009.
[16] B. Grobauer and T. Schrek, "Towards Incident Handling in the Cloud: Challenges and Approaches," in Cloud Computing Security Workshop, Chicago, 2010.
[17] I. T. R. Center, "Q3 Data Breach Analysis," Identity Theft Resource Center, October 2022. [Online]. Available:

https://www.idtheftcenter.org/publication/q3-2022-data-breach-analysis/ [Accessed 15 December 2022].

[18] J. E. Thomas, "Individual CyberSecurity: Empowering Employees to Resist Spear Phishinh to Prevent Identity Theft and Ransomeware Attacks," International Journal of Business and Management, vol. 13, no. 6, 2018.
[19] A. Kerman, O. Borchert, S. Rose and A. Tan, Implementing a Zero Trust Architecture, National Institute of Standards and Technology, 2020.
[20] I. Indu, R. Anand and V. Bhaskar, "Identity and Access Management in Cloud Environment: Mechanisms and Challenges," International Journal of Engineering Science and Technology, vol. 21, pp. 574-588, 2018.
[21] M. Armbrust, A. Fox, A. D. Joseph, R. Griffith, R. H. Katz, A. Konwinski, G. Lee, D. A. Patterson, A. Rabkin, I. Stoica and M. Zaharia, "Above the Clouds: A Berkeley View of Cloud Computing," Electrical Engineering and Computer Sciences, University of Califonia, Berkeley, 2009.
Cite This Article
Plain Text BibTeX RIS

  • APA Style

    Ogundapo, A., Ezeaputa, V. N. (2024). Managing Security Risks of Public Cloud Computing. Mathematics and Computer Science, 9(5), 88-95. https://doi.org/10.11648/j.mcs.20240905.11

    Copy | Download

    ACS Style

    Ogundapo, A.; Ezeaputa, V. N. Managing Security Risks of Public Cloud Computing. Math. Comput. Sci. 2024, 9(5), 88-95. doi: 10.11648/j.mcs.20240905.11

    Copy | Download

    AMA Style

    Ogundapo A, Ezeaputa VN. Managing Security Risks of Public Cloud Computing. Math Comput Sci. 2024;9(5):88-95. doi: 10.11648/j.mcs.20240905.11

    Copy | Download 

  • @article{10.11648/j.mcs.20240905.11,
  author = {Ayokunmi Ogundapo and Vitus Nnamdi Ezeaputa},
  title = {Managing Security Risks of Public Cloud Computing
},
  journal = {Mathematics and Computer Science},
  volume = {9},
  number = {5},
  pages = {88-95},
  doi = {10.11648/j.mcs.20240905.11},
  url = {https://doi.org/10.11648/j.mcs.20240905.11},
  eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.mcs.20240905.11},
  abstract = {The economic benefits and scalability of public cloud computing are already undeniable due to recent advancements in the field; the only question that remains is cloud security. Despite the enormous benefits of moving their computing workload to the cloud, many organizations continue to show resistance to this change. Cloud security concerns are the most frequently mentioned cause. Organizations are concerned by a larger attack surface created by the worldwide accessibility of services in the cloud. The security and risk control set that enterprises can apply in the cloud is also often limited and impacted by the interoperability and support provided by the chosen Cloud Service Providers (CSPs), and organizations are often not allowed to extend their trusted security solutions they are already familiar with to the cloud. Yet, both traditional computing and cloud computing include security risks, and cloud risk is just as controllable as traditional IT risk. Secondary data obtained from Identity Theft Resource Centre (ITRC) database on cloud incidents from year 2020 to 2022 were analyzed in this study. To determine the primary underlying causes of cybersecurity events observed across the years covered by the available data, the study used trend analysis and descriptive statistics. The analysis shows that cloud incidents are not different from traditional incident and organizations can leverage existing capabilities already developed in traditional computing towards managing the cloud risk. Also, organizations need to take be proactive in their responsibility and take ownership of the risks. As the study shows, the majority of cloud incidents are caused by knowledge gaps and the cloud customer's inability to exercise due diligence and care in ensuring effective controls are put in place to stop prevalent attacks. Effective cloud training and adherence to the established cloud control matrix, like the CSA, would successfully lower risk to a reasonable level.
},
 year = {2024}
}

    Copy | Download 

  • TY  - JOUR
T1  - Managing Security Risks of Public Cloud Computing

AU  - Ayokunmi Ogundapo
AU  - Vitus Nnamdi Ezeaputa
Y1  - 2024/11/18
PY  - 2024
N1  - https://doi.org/10.11648/j.mcs.20240905.11
DO  - 10.11648/j.mcs.20240905.11
T2  - Mathematics and Computer Science
JF  - Mathematics and Computer Science
JO  - Mathematics and Computer Science
SP  - 88
EP  - 95
PB  - Science Publishing Group
SN  - 2575-6028
UR  - https://doi.org/10.11648/j.mcs.20240905.11
AB  - The economic benefits and scalability of public cloud computing are already undeniable due to recent advancements in the field; the only question that remains is cloud security. Despite the enormous benefits of moving their computing workload to the cloud, many organizations continue to show resistance to this change. Cloud security concerns are the most frequently mentioned cause. Organizations are concerned by a larger attack surface created by the worldwide accessibility of services in the cloud. The security and risk control set that enterprises can apply in the cloud is also often limited and impacted by the interoperability and support provided by the chosen Cloud Service Providers (CSPs), and organizations are often not allowed to extend their trusted security solutions they are already familiar with to the cloud. Yet, both traditional computing and cloud computing include security risks, and cloud risk is just as controllable as traditional IT risk. Secondary data obtained from Identity Theft Resource Centre (ITRC) database on cloud incidents from year 2020 to 2022 were analyzed in this study. To determine the primary underlying causes of cybersecurity events observed across the years covered by the available data, the study used trend analysis and descriptive statistics. The analysis shows that cloud incidents are not different from traditional incident and organizations can leverage existing capabilities already developed in traditional computing towards managing the cloud risk. Also, organizations need to take be proactive in their responsibility and take ownership of the risks. As the study shows, the majority of cloud incidents are caused by knowledge gaps and the cloud customer's inability to exercise due diligence and care in ensuring effective controls are put in place to stop prevalent attacks. Effective cloud training and adherence to the established cloud control matrix, like the CSA, would successfully lower risk to a reasonable level.

VL  - 9
IS  - 5
ER  -

    Copy | Download

Author Information
Download PDF
  • Sections

About Us

Science Publishing Group (SciencePG) is an Open Access publisher, with more than 300 online, peer-reviewed journals covering a wide range of academic disciplines.

Learn More About SciencePG

Products

Information

Important Link

Copyright © 2012 -- 2024 Science Publishing Group – All rights reserved.