University of Hertfordshire

Cloud Security: A Review of Recent Threats and Solution Models

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Documents

  • Betrand Ugorji
  • Nasser Abouzakhar
  • John Sapsford
View graph of relations
Original languageEnglish
Title of host publicationProcs Int Conf on Cloud Security Management
Subtitle of host publicationICCSM 2013
PublisherAcademic Conferences Ltd.
Pages115-124
Number of pages10
Publication statusPublished - 18 Oct 2013
EventInt Conf on Cloud Security Management (ICCSM 2013) - University of Washington, Seattle, United States
Duration: 17 Oct 201318 Oct 2013

Conference

ConferenceInt Conf on Cloud Security Management (ICCSM 2013)
CountryUnited States
CitySeattle
Period17/10/1318/10/13

Abstract

The most significant barrier to the wide adoption of cloud services has been attributed to perceived cloud insecurity (Smitha, Anna and Dan, 2012). In an attempt to review this subject, this paper will explore some of the major security threats to the cloud and the security models employed in tackling them. Access control violations, message integrity violations, data leakages, inability to guarantee complete data deletion, code injection, malwares and lack of expertise in cloud technology rank the major threats. The European Union invested €3m in City University London to research into the certification of Cloud security services. This and more recent developments are significant in addressing increasing public concerns regarding the confidentiality, integrity and privacy of data held in cloud environments. Some of the current cloud security models adopted in addressing cloud security threats were – Encryption of all data at storage and during transmission. The Cisco IronPort S-Series web security appliance was among security solutions to solve cloud access control issues. 2-factor Authentication with RSA SecurID and close monitoring appeared to be the most popular solutions to authentication and access control issues in the cloud. Database Active Monitoring, File Active Monitoring, URL Filters and Data Loss Prevention were solutions for detecting and preventing unauthorised data migration into and within clouds. There is yet no guarantee for a complete deletion of data by cloud providers on client requests however; FADE may be a solution (Yang et al., 2012).

ID: 2819512