Content deleted Content added
Reverted 1 edit by Healtheworld23 (talk): Unreliable source |
Artisticrush (talk | contribs) →Security issues associated with the cloud: this line is relevant to the security concerns associated with cloud computing and that it will be helpful to readers of the article. Tags: Reverted Visual edit |
||
Line 8:
Cloud [[computing]] and storage provide users with the capabilities to store and process their data in third-party [[data center]]s.<ref name="cloudid">{{cite journal |last1=Haghighat |first1=Mohammad |last2=Zonouz |first2=Saman |last3=Abdel-Mottaleb |first3=Mohamed |title=CloudID: Trustworthy cloud-based and cross-enterprise biometric identification |journal=Expert Systems with Applications |date=November 2015 |volume=42 |issue=21 |pages=7905–7916 |doi=10.1016/j.eswa.2015.06.025 }}</ref> Organizations use the cloud in a variety of different service models (with acronyms such as [[SaaS]], [[PaaS]], and [[IaaS]]) and deployment models ([[Cloud computing#Private cloud|private]], [[Cloud computing#Public|public]], [[Cloud computing#Hybrid|hybrid]], and [[community cloud|community]]).<ref name="Srinivasan">{{cite book |doi=10.1145/2345396.2345474 |chapter=State-of-the-art cloud computing security taxonomies |title=Proceedings of the International Conference on Advances in Computing, Communications and Informatics - ICACCI '12 |year=2012 |last1=Srinivasan |first1=Madhan Kumar |last2=Sarukesi |first2=K. |last3=Rodrigues |first3=Paul |last4=Manoj |first4=M. Sai |last5=Revathy |first5=P. |pages=470–476 |isbn=978-1-4503-1196-0 |s2cid=18507025 }}</ref>
Security concerns associated with cloud computing are typically categorized in two ways: as security issues faced by cloud providers (organizations providing [[Software as a service|software-]], [[Platform as a service|platform-]], or [[Infrastructure as a service|infrastructure-as-a-service]] via the cloud) and security issues faced by their customers (companies or organizations who host applications or store data on the cloud).<ref>{{cite news|url=http://security.sys-con.com/node/1231725|title=Swamp Computing a.k.a. Cloud Computing|publisher=Web Security Journal|date=2009-12-28|access-date=2010-01-25}}</ref> The responsibility is shared, however, and is often detailed in a cloud provider's "shared security responsibility model" or "shared responsibility model."<ref name="CSACloudCont4">{{cite web |url=https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v4/ |format=xlsx |title=Cloud Controls Matrix v4 |publisher=Cloud Security Alliance |date=15 March 2021 |access-date=21 May 2021}}</ref><ref name="AWSShared20">{{cite web |url=https://docs.aws.amazon.com/whitepapers/latest/navigating-gdpr-compliance/shared-security-responsibility-model.html |title=Shared Security Responsibility Model |work=Navigating GDPR Compliance on AWS |publisher=AWS |date=December 2020 |access-date=21 May 2021}}</ref><ref name="TozziAvoid20">{{cite web |url=https://www.paloaltonetworks.com/blog/prisma-cloud/pitfalls-shared-responsibility-cloud-security/ |title=Avoiding the Pitfalls of the Shared Responsibility Model for Cloud Security |author=Tozzi, C. |work=Pal Alto Blog |publisher=Palo Alto Networks |date=24 September 2020 |access-date=21 May 2021}}</ref> The provider must ensure that their infrastructure is secure and that their clients’ data and applications are protected, while the user must take measures to fortify their application and use strong passwords and authentication measures.<ref name="AWSShared20" /><ref name="TozziAvoid20" /> A cloud computing environment is a computer environment that provides services and stores data as virtualized a data warehouse and information that is accessed remotely using scalable and measurable resources.<ref>{{Cite journal |last=Kaliyanandi |first=Maharajan |last2=Murugan |first2=Jayalakshmi |last3=Subburaj |first3=Senthil Kumar |last4=Ganesan |first4=Saritha |last5=Gandhimathinathan |first5=Visalaxi |date=2023 |title=Design and development of novel security approach designed for cloud computing with load balancing |url=http://aip.scitation.org/doi/abs/10.1063/5.0126814 |pages=050005 |doi=10.1063/5.0126814}}</ref>
When an organization elects to store data or host applications on the public cloud, it loses its ability to have physical access to the servers hosting its information. As a result, potentially sensitive data is at risk from insider attacks. According to a 2010 [[Cloud Security Alliance]] report, insider attacks are one of the top seven biggest threats in cloud computing.<ref name="Top Threats to Cloud Computing v1.0">{{cite web|date=March 2010|title=Top Threats to Cloud Computing v1.0|url=http://www.itsecure.hu/library/file/Biztons%C3%A1gi%20%C3%BAtmutat%C3%B3k/Felh%C5%91%20szolg%C3%A1ltat%C3%A1sok/Top%20threats%20to%20cloud%20computing%20v1_0.pdf|access-date=2020-09-19|publisher=Cloud Security Alliance}}</ref> Therefore, cloud service providers must ensure that thorough background checks are conducted for employees who have physical access to the servers in the data center. Additionally, data centers are recommended to be frequently monitored for suspicious activity.
| |||