ASSIGNMENT 2 FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing

Unit number and title Unit 16: Cloud Computing

Submission date Date Received 1st submission

Re-submission Date Date Received 2nd submission

Student Name Student ID

Class Assessor name

Student declaration

I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.

Student’s signature

Grading grid

P5 P6 P7 P8 M3 M4 D2 D3

1
 Summative Feedback:  Resubmission Feedback:

Grade: Assessor Signature: Date:

Internal Verifier’s Comments:

Signature & Date:

2
Submission Format:

Format:
A report(in PDF format)
You must use font Calibri size 12, set number of the pages and use multiple line spacing at
1.3. Margins must be: left: 1.25 cm; right: 1 cm; top: 1 cm and bottom: 1 cm. The reference
follows Harvard referencing system.
Submission Students are compulsory to submit the assignment in due date and in a way requested by
the Tutors. The form of submission will be a soft copy posted on
http://cms.greenwich.edu.vn/
Note: The Assignment must be your own work, and not copied by or from another student or from
books etc. If you use ideas, quotes or data (such as diagrams) from books, journals or other sources, you
must reference your sources, using the Harvard style. Make sure that you know how to reference
properly, and that understand the guidelines on plagiarism. If you do not, you definitely get failed

Unit Learning Outcomes:

LO3 Develop Cloud Computing solutions using service provider’s frameworks and open source tools.

LO4 Analyse the technical challenges for cloud applications and assess their risks

Assignment Brief and Guidance:

Task 1

Base on the scenario and architecture design in the first assignment provide the
implementation. Because of the time constraint of the assignment, the
implementation just provides some demo functions of the scenario. The
implementation includes two parts:

 A step by step instruction

o which shows which functions are implemented
o How to config, deploy and test the services (Web application, Database
Server, Source code management, server logs..) using service provider’s
frameworks and open source tools.
o Images for the built functions
 A brief discussion about difficulties which one can face during the development
process(optional)
 The source code for the built application

3
Task 2

The table of contents in your security manual (which should be 500–700 words)
should be as follows:

1. Analysis of the most common problems and security issues of a cloud

computing platform.
2. Discussion on how to overcome these issues.
3. Summary.

4
 Learning Outcomes and Assessment Criteria

Pass Merit Distinction

LO3 Develop Cloud Computing solutions using service

provider’s frameworks and open source tools
D2 Critically discuss how
P5 Configure a Cloud M3 Discuss the issues and one can overcome these
Computing platform with a constraints one can face issues and constraints.
cloud service provider’s during the development
framework. process.

P6 Implement a cloud
platform using open source
tools.

LO4 Analyse the technical challenges for cloud applications

and assess their risks

P7 Analyse the most common M4 Discuss how to overcome D3 Critically discuss how an
problems which arise in a these security issues when organisation should protect
Cloud Computing platform building a secure cloud their data when they
and discuss appropriate platform. migrate to a cloud solution.
solutions to these problems.
P8 Assess the most common
security issues in cloud
environments.

5
Contents
Table of Figures..........................................................................................................................................
1.5. A guide (step by step): how to deploy (put the website) to Heroku and connect to
PostgreSQL:..............................................................................................................................................
1.5.1. Create and login a new Heroku account:.........................................................................................
1.5.2. Working with Heroku:.....................................................................................................................
1.5.2.1. Create a new Heroku application:.............................................................................................
1.5.2.2. The overview tab:......................................................................................................................
1.5.2.3. The resource tab:.......................................................................................................................
1.5.2.4. Connecting app to database add- on:.........................................................................................
1.5.2.5. Connect Heroku to the working directory:................................................................................
2. Implement a cloud platform using open source tools...............................................................................
2.1. Git and GitHub:.....................................................................................................................................
2.3. Working with GitHub:...........................................................................................................................
2.3.1. Create new repository on GitHub:...................................................................................................
2.3.2. Clone a repository:..........................................................................................................................
2.3.3. Pull all data from working directory to a GitHub repository:........................................................
2.3.8. Changing information in local account:..........................................................................................
2.3.9. Creating a server on pgAdmin:.......................................................................................................
2.4. Connecting Heroku to GitHub:.............................................................................................................
3. most common problems which arise in a Cloud Computing platform and discuss
appropriate solutions to these problems:......................................................................................................
3.1. Security issues:......................................................................................................................................
3.2. Cloud Cost Management:......................................................................................................................
3.3. Lack of resources/expertise:..................................................................................................................
3.4. Compliance:...........................................................................................................................................
3.5. Vendor Lock-In:....................................................................................................................................
3.6. Building a private cloud:.......................................................................................................................
3.7. Data portability:.....................................................................................................................................

6
3.8. Transparency of service provider:.........................................................................................................
4. Assess the most common security issues in cloud environments............................................................
4.1. Ten SaaS Cloud Security Issues:...........................................................................................................
4.2.Visibilyty And Control Over Access:....................................................................................................
4.3. Data Security:........................................................................................................................................
4.4. Five Private Cloud Security Issues:.......................................................................................................
4.5. Basic Security Risk Considerations:.....................................................................................................
4. 6. Data Security Considerations...............................................................................................................
References....................................................................................................................................................

7
Table of Figures
Figure 1: Create a new Heroku account.......................................................................................................
Figure 2: Login to Heroku............................................................................................................................
Figure 3: Login successfully to Heroku.......................................................................................................
Figure 4: Step 1 of create a new Heroku application...................................................................................
Figure 5: Step 2 of create a new Heroku application...................................................................................
Figure 6: Create successfully a new Heroku application............................................................................
Figure 7: Running successfully a new Heroku application.........................................................................
Figure 8: The overview tab..........................................................................................................................
Figure 9: The resource tab...........................................................................................................................
Figure 10: Step 1 of connecting app to database add- on.............................................................................
Figure 11: Step 2..........................................................................................................................................
Figure 12: Step 3 of connecting app to database add- on.............................................................................
Figure 13: Step 4 of connecting app to database add- on.............................................................................
Figure 14: Step 5 of connecting app to database add- on.............................................................................
Figure 15: Connect successfully app to a database......................................................................................
Figure 16: Step 1 of connecting Heroku to the working directory..............................................................
Figure 17: Step 2 connecting Heroku to the working directory...................................................................
Figure 18: Step 3 of connecting Heroku to the working directory...............................................................
Figure 19: Step 4 of connecting Heroku to the working directory...............................................................
Figure 20: Connecting Heroku successfully to the working directory.........................................................
Figure 21: Step 1 of Creating and login a GitHub account..........................................................................
Figure 22: Step 2 of Creating and login a GitHub account..........................................................................
Figure 23: Step 3 of Creating and login a GitHub account..........................................................................
Figure 24: Step 4 of Creating and login a GitHub account..........................................................................
Figure 25: Step 5 of Creating and login a GitHub account..........................................................................
Figure 26: Step 6 of Creating and login a GitHub account..........................................................................
Figure 27: Creating successfully a GitHub account:....................................................................................
Figure 28: Login to the GitHub account......................................................................................................
Figure 29: Login successfully to a GitHub account.....................................................................................
Figure 30: Step 1 of Creating new repository on GitHub............................................................................
Figure 31: Create successfully a GitHub account........................................................................................
Figure 32: Step 1 of Clone a repository.......................................................................................................
Figure 33: Step 2 of Clone a repository.......................................................................................................
Figure 34: Clone successfully a repository..................................................................................................
Figure 35: Clone successfully a repository..................................................................................................
Figure 36: Step 1 of Pulling all data from working directory to a GitHub repository................................

8
Figure 37: Step 2 of Pulling all data from working directory to a GitHub repository................................
Figure 38: Step 3 of Pulling all data from working directory to a GitHub repository................................
Figure 39: Pull successfully to a GitHub repository...................................................................................
Figure 40: Changing information in local account.......................................................................................
Figure 41: Step 1 of Creating a server on pgAdmin.....................................................................................
Figure 42: Step 2 Creating a server on pgAdmin.........................................................................................
Figure 43: Step 3 of Creating a server on pgAdmin.....................................................................................
Figure 44: Connecting Heroku to GitHub....................................................................................................

9
1.5. A guide (step by step): how to deploy (put the website) to Heroku and connect to
PostgreSQL:
1.5.1. Create and login a new Heroku account:
 Create a new Heroku account: The Figure 1 show the register page of the Heroku that
allows user to register a new account by full filled information then clicks on the
“Create free account” button.

10
Figure 1: Create a new Heroku account.

11
 Login to Heroku: The account that have successfully register that can login into the
Heroku in the login page in the Figure 2

Figure 2: Login to Heroku

 Login successfully to Heroku: This Figure 3 is shown the interface of the Heroku
after login successfully.

12
 Figure 3: Login successfully to Heroku
1.5.2. Working with Heroku:
1.5.2.1. Create a new Heroku application:
 Step 1: Clicks on the “New” button then clicks on the “Create new app” to go to the
Heroku” create New App” interface.

Figure 4: Step 1 of create a new Heroku application

 Step 2: This interface in Error: Reference source not found is shown the first step of create
a new Heroku application then fills the app name and clicks on the Create App button.

13
Figure 5: Step 2 of create a new Heroku application
 Create successfully a new Heroku application: This interface is displayed after user
successfully create a new Heroku app.

Figure 6 Create successfully a new Heroku application

This page will be shown if the user clicks on the open app button in the Heroku application
interface to run app.

14
 Figure 7: Running successfully a new Heroku application
1.5.2.2. The overview tab:
This tab will show all the Heroku application detail include overview, resource, deploy, metrics,
activity, access, and setting

Figure 8: The overview tab

1.5.2.3. The resource tab:
This tab will show all the Heroku application resource detail.

15
 Figure 9: The resource tab
1.5.2.4. Connecting app to database add- on:
 Step 1: Clicks on the find more add-on button to go the add-on page to choose the
resource for the application.

Figure 10: Step 1 of connecting app to database add- on

16
 Step 2: In this page, user can choose the add-on resource which is necessary for the
application in this case is Heroku Postgres.

Figure 11: Step 2

 Step 3: In this page, user clicks on the Install button to install the resource

Figure 12: Step 3 of connecting app to database add- on

 Step 4: In this page, user must choose the Heroku application to connect with.

17
 Figure 13: Step 4 of connecting app to database add- on
 Step 5: After choose the Heroku, user clicks on the submit button to finish connecting
app to database add- on.

Figure 14: Step 5 of connecting app to database add- on

18
  Successfully connect app to a database: The Heroku has connect successfully to the
connecting app to database add- on

Figure 15: Successfully connect app to a database

1.5.2.5. Connect Heroku to the working directory:
 Step 1: User clicks on the GitHub icon to prepare for connecting the repository

Figure 16: Step 1 of connecting Heroku to the working directory

19
 Step 2: User clicks on search button and to find and choose the necessary repository in
GitHub and connects it.

Figure 17: Step 2 connecting Heroku to the working directory

 Step 3: clicks on the checkbox Wait on the CLI to pass before clicks on the Enable
Automatic Deploys to enable it.

20
 Figure 18: Step 3 of connecting Heroku to the working directory
 Step 4: clicks on Deploy Branch button to deploy.

Figure 19: Step 4 of connecting Heroku to the working directory

 Connecting Heroku successfully to the working directory:

Figure 20: Connecting Heroku successfully to the working directory

21
2. Implement a cloud platform using open-source tools.

2.1. Git and GitHub:

Definition: Git and GitHub are not the same things. Git is an open-source, version control tool
created in 2005 by developers working on the Linux operating system; GitHub is a company
founded in 2008 that makes tools that integrate with git. You do not need GitHub to use git, but
you cannot use GitHub without using git. You do not need to use a remote to use git, but it will
make sharing your code with others easier (Hubspot, 2021)

 The instructions for using GitHub:

+ Step 1: Installing git and create a GitHub account.
+ Step 2: Creating a repository.
+ Step 3: Adding new files to the repo repository.
2.2. Create and login a GitHub account:
 Step 1: In this page, user must fills the email and click on the Continue button.

Figure 21: Step 1 of Creating and login a GitHub account

22
 Step 2: User must fill all the information and click on the Create account button to create
account

Figure 22: Step 2 of Creating and login a GitHub account

 Step 3: Fill all necessary information of account’s role.

23
 Figure 23: Step 4 of Creating and login a GitHub account
 Step 5: Choose the major work of GitHub you are needing.

Figure 24: Step 5 of Creating and login a GitHub account

 Step 6:Clicks on the Apply button to apply the account ype of free.

24
 Figure 25: Step 6 of Creating and login a GitHub account
 Create successfully a GitHub account:

Figure 26: Creating successfully a GitHub account:

25
 Login to the GitHub account: In this page, user can login with the registered account with
valid username and password.

Figure 27: Login to the GitHub account

 Login successfully to a GitHub account:

Figure 28: Login successfully to a GitHub account

26
2.3. Working with GitHub:
2.3.1. Create new repository on GitHub:
 Step 1: fills the name of repository and clicks onn the create button.

Figure 29: Step 1 of Creating new repository on GitHub

 Creating successfully a GitHub account:

Figure 30: Successfully create a GitHub account

27
2.3.2. Clone a repository:
 Step 1: Pressing button CRTL+O to open a clone interface

Figure 31: Step 1 of Clone a repository

28
 Step 2: User choose the necessary repository to clone.

Figure 32: Step 2 of Clone a repository

 Step 3: Clone successfully a repository

Figure 33: Clone successfully a repository

29
After clone successfully, there will automatically create a folder in the local storage with its
name is the repository name that user have clone.

Figure 34: Clone successfully a repository

2.3.3. Pull all data from working directory to a GitHub repository:
 Step 1: if there is some changes in the local file that the GitHub desktop will notice user to
commit and publish it into the GitHub.

30
 Figure 35: Step 1 of Pulling all data from working directory to a GitHub repository
 Step 2: User enters the description and click Commit

31
 Figure 36: Step 2 of Pulling all data from working directory to a GitHub repository
 Step 3: after commit, user have to Publish its to GitHub by clicking on the publish
button.

32
 Figure 37: Step 3 of Pulling all data from working directory to a GitHub repository
 Pull successfully to a GitHub repository: All file go to the GitHit repository.

33
 Figure 38: Pull successfully to a GitHub repository
2.3.8. Changing information in local account:
If there is any changes, GitHub desktop will notice the user.

34
 Figure 39: Changing information in local account
2.3.9. Creating a server on pgAdmin:
 Step 1: enter the password of the pgAdmin.

Figure 40: Step 1 of Creating a server on pgAdmin

 Step 2: create a server by right-clicking to the server button and then clicking on the
“server” to go to the create database interface.

Figure 41: Step 2 Creating a server on pgAdmin

35
  Step 3: Enters the database name Correctly full- fill all the information form the database
resources information in the Heroku application and click on save button to create a server.

Figure 42: Step 3 of Creating a server on pgAdmin

2.4. Connecting Heroku to GitHub:
Click on the Heroku icon and search necessary repository name to connect the GitHub to the
Heroku application.

Figure 43: Connecting Heroku to GitHub

36
3. most common problems which arise in a Cloud Computing platform and discuss appropriate
solutions to these problems:
Cloud computing has now emerged as one of the best practices for companies looking to renovate
and enhance their IT infrastructure. However, there are some issues and problems associated with
cloud computing. It is very convenient for everyone to adapt to new technology, but it is also wise
to recognize some of the risks associated with this technology, in order to avoid the possibility of
problems in future.
While cloud computing is a key strength for some businesses, cloud computing also has some
problems. And in some rare cases, this can also cause some serious problems. Although cloud
computing is gaining a lot of popularity, it still suffers from some disadvantageous challenges as
follows:
3.1. Security issues:
 Overview: Regarding the security concern of cloud technology, the security risk of cloud
computing has become a top concern because once data is exposed or stolen, it will lead to
an extremely dangerous threat. serious for a company or a business. Mysterious threats like
website hacks and virus attacks are the biggest problems of cloud data security.
 Solution: Security has indeed been a primary, and valid, concern from the start of cloud
computing technology: you are unable to see the exact location where your data is stored or
being processed. This increases the cloud computing risks that can arise during the
implementation or management of the cloud. Headlines highlighting data breaches,
compromised credentials, and broken authentication, hacked interfaces and APIs, account
hijacking haven’t helped alleviate concerns. All of this makes trusting sensitive and
proprietary data to a third party hard to stomach for some and, indeed, highlighting the
challenges of cloud computing. Luckily as cloud providers and users, mature security
capabilities are constantly improving. To ensure your organization’s privacy and security is
intact, verify the SaaS provider has secure user identity management, authentication, and
access control mechanisms in place. Also, check which database privacy and security laws
they are subject to (Durcevic, 2019)
3.2. Cloud Cost Management:
 Overview: Companies make several mistakes that can increase their expenses. Sometimes, IT
professionals like developers turn on a cloud instance implied to be utilized for some time and
forget to turn it off again. And some companies find themselves hindered by the hidden cloud
costing packages that provide numerous discounts that they might not be using.
 Solution: Using cloud spending management challenges, several tech solutions can help
organizations. For instance, automation, cloud spending management solutions, serverless
services, containers, autoscaling features, and numerous management tools provided by the
cloud vendors may help lower the possibility of the issue. (Solanki, 2021)

37
3.3. Lack of resources/expertise:
 Overview: The shortage of resources and expertise is one of the challenges facing the cloud
migration this year. Although many IT staff are undertaking various initiatives to enhance
their expertise in the anticipated future of cloud computing, employers are still finding it
difficult to find employees with the right skills. expertise they require.
 Solution: Organizations are placing more and more workloads in the cloud as cloud
technology continues to evolve rapidly. Due to these factors, organizations are having a hard
time keeping up with the tools. In addition, the need for expertise continues to grow. These
challenges can be mitigated through additional training of IT and development staff
(Durcevic, 2019)
SME (Small to Medium) organizations may find it very expensive to add cloud professionals to
their IT team. Fortunately, many of the common tasks performed by these professionals can be
automated. For this goal, companies are turning to DevOps tools, like Chef and Puppet, to
perform tasks like monitoring resource usage patterns and automated backups at defined
intervals. estimate. These tools also help optimize the cloud for cost, administration, and
security. (Durcevic, 2019)

3.4. Compliance:
 An overview: Compliance is also one of the challenges faced by cloud computing in 2021.
For everyone using cloud storage or backup services, this is a problem. Whenever an
organization transfers data from its internal storage to the cloud, it experiences compliance
with the laws and regulations of the industry.
 Solution: An interesting law aspect of General Data Protection Regulation (GDPR) is that it
will expedite compliance in the future. Many organizations require employing a data
protection professional who can anticipate data security and privacy according to the needs
of the law.
Considering these professionals are aware of the compliance needs of the organizations they are
employed, concentrating on the duties for compliance will help organizations fulfill every legal
responsibility.
(Solanki, 2021)

3.5. Vendor Lock-In:

 An overview: At present, a few topmost cloud service providers, for instance, Google Cloud
Platform, Microsoft Azure, Amazon Web Services, and IBM Cloud, are ruling over the
public cloud market. For IT experts of the enterprise and analyst, this makes the vendor lock-
in’s specters secure.
 Solution: In a Hybrid Cloud assessment, nearly 90% of those assessed expressed high to
moderate concern levels regarding this problem.

38
 As per Gartner’s Cloud Adoption Statistics 2021, the rising power of the hyper-scale IaaS
providers makes both the chances and challenges for some marketing participants and end-
users. Although a few of them allow cost advantages and efficacy, companies required to be
more alert regarding the IaaS providers possibly acquiring unwanted impact over the clients
and the market.

Regarding the multi-cloud acceptance trends, some companies will highly demand an easier
way to transfer apps, workloads, and data across the cloud IaaS providers providing with no
penalty (Solanki, 2021)

3.6. Building a private cloud:

 An overview: Although building a private cloud isn’t a top priority for many organizations,
for those who are likely to implement such a solution, it quickly becomes one of the main
challenges facing cloud computing- private solutions should be carefully addressed.
 Solution: Creating an internal or private cloud will cause a significant benefit: having all the
data in-house. But IT managers and departments will need to face building and gluing it all
together by themselves, which can cause one of the challenges of moving to cloud
computing extremely difficult.
It is important to keep in mind also the steps that are needed to ensure the smooth operation of
the cloud:
 Automating as many manual tasks as possible (which would require an inventory
management system)
 Orchestration of tasks which has to ensure that each of them is executed in the right order.

As this article stated: the cloud software layer has to grab an IP address, set up a virtual local
area network (VLAN), put the server in the load balancing queue, put the server in the firewall
rule set for the IP address, load the correct version of RHEL, patch the server software when
needed and place the server into the nightly backup queue.
(Durcevic, 2019)

3.7. Data portability:

 An overview: Every person wants to leverage of migrating in and out of the cloud.
Ensuring data portability is very necessary. Usually, clients complain about being locked in
the cloud technology from where they cannot switch without restraints. There should be no
lock in period for switching the cloud. Cloud technology must have capability to integrate
efficiently with the on premises. The clients must have a proper contract of data portability
with the provider and must have an updated copy of the data to be able to switch service
providers, should there be any urgent requirement (EDUCBA, 2021)

39
3.8. Transparency of service provider:
 An overview: For uninterrupted services and proper working it is necessary that you
acquire a vendor services with proper infrastructural and technical expertise. An authorized
vendor who can meet the security standards set by your company’s internal policies and
government agencies. While selecting the service provider you must carefully read the
service level agreement and understand their policies and terms and provision of
compensation in case of any outage or lock in clauses (Pedamkar, 2021)
 Solution: organizations have some demanding work ahead, especially since cloud adoption
is becoming a business standard that will grow exponentially. The cloud is not just an idea
to be implemented overnight, but a strategic approach, detailed management, and the
involvement of experts can help reduce risks, costs, and potential errors. hidden during
execution. The future of the cloud lies in the introduction of industry standards that will
help solve regulatory, regulatory, and technological issues (Durcevic, 2019)

4. Assess the most common security issues in cloud environments.

Moving to the cloud isn't just a trend- it's becoming a requirement for any business enterprise trying to
build more team collaboration, improve productivity, and enhance the guest experience. row. But the
move to the cloud brings cutting-edge capabilities for unmistakable human threats, attacks, and breaches
from an additional mobile workforce. Security issues in cloud computing are similar to those you might
encounter with on-premises and community computing. However, to save you and fix cloud safety issues,
they must be controlled differently.
SaaS cloud security issues are naturally centered around data and access because most shared security
responsibility models leave those two as the sole responsibility for SaaS customers. It is every
organization’s responsibility to understand what data they put in the cloud, who can access it, and what
level of protection they (and the cloud provider) have applied.
It is also important to consider the role of the SaaS provider as a potential access point to the
organization’s data and processes. Developments such as the rise of XcodeGhost and GoldenEye
ransomware emphasize that attackers recognize the value of software and cloud providers as a vector to
attack larger assets. As a result, attackers have been increasing their focus on this potential vulnerability.
To protect your organization and its data, make sure you scrutinize your cloud provider’s security
programs. Set the expectation to have predictable third-party auditing with shared reports, and insist on
breach reporting terms to complement technology solutions
(mcaffe, 2021)

4.1. Ten SaaS Cloud Security Issues:

 Lack of visibility into what data is within cloud applications
 Theft of data from a cloud application by malicious actor
 Incomplete control over who can access sensitive data
 Inability to monitor data in transit to and from cloud applications

40
  Cloud applications being provisioned outside of IT visibility (e.g., shadow IT)
 Lack of staff with the skills to manage security for cloud applications
 Inability to prevent malicious insider theft or misuse of data
 Advanced threats and attacks against the cloud application provider
 Inability to assess the security of the cloud application provider’s operations
 Inability to maintain regulatory compliance
4.2.Visibilyty And Control Over Access:
Adopting a zero-trust security architecture is one of the most impactful ways to manage users and
safeguard data in the cloud.
Zero trust security is exactly what it sounds like-no user is automatically trusted. Everyone must
provide verification of who they are before gaining access to resources and data stored in the
cloud app.
Two common examples of identity-based zero trust security approaches are Single SignOn (SSO)
and Multi-factor Authentication (MFA). Single SignOn verifies users through a single name and
password combination. Multi-factor Authentication combines two (or more) unique credentials,
such as requiring users to enter a password and a security token. Most reputable cloud
applications provide both of these authentication features natively, and simply require your admin
to activate either or both for your team.
Many companies use Single SignOn or Multi-factor Authentication as the first line of defense to
keep unauthorized users out of systems that hold sensitive data. Both are easy to use and set up in
popular cloud apps, and all IT security experts strongly encourage the use of both
(managedmethod, 2019)

4.3. Data Security:

Data loss prevention solutions, SaaS security, and malware threat protection can all increase your
cloud data security to reduce the risk of internal and external threats, and guard against data
breaches.
Thwart External Threats
Today’s cybercriminals target weaknesses in cloud applications to steal business, employee, and
customer data. This means any business with SaaS applications accessing the cloud environment
is at risk. SaaS security is no longer a nice-to-have, it’s a necessity.
Prevent Insider Threats Develop company-wide standards to define who can take action on
what data sets, in what environments, using which methods to ensure that data stays carefully
controlled. Limiting internal access points, and monitoring how that information is used, can help
keep sensitive data safe.
Stop Accidental Data Breaches: Human error is the most common source of a data breach, and
proactiveness is the key to prevention. To ensure costly mistakes are not made, help employees
understand how and where data breaches can happen
41
(managedmethod, 2019)

4.4. Five Private Cloud Security Issues:

 Lack of consistent security controls spanning over traditional server and virtualized private
cloud infrastructures
 Increasing complexity of infrastructure resulting in more time/effort for implementation
and maintenance
 Lack of staff with skills to manage security for a software-defined data center (e.g., virtual
compute, network, storage)
 Incomplete visibility over security for a software-defined data center (e.g., virtual compute,
network, storage)
 Advanced threats and attacks
An important factor in the decision-making process to allocate resources to a public vs. private
cloud is the fine-tuned control available in private cloud environments. In private clouds,
additional levels of control and supplemental protection can compensate for other limitations of
private cloud deployments and may contribute to a practical transition from monolithic server-
based data centers.
At the same time, organizations should consider that maintaining fine-tuned control creates
complexity, at least beyond what the public cloud has developed into. Currently, cloud
providers take on much of the effort to maintain infrastructure themselves. Cloud users can
simplify security management and reduce complexity through abstraction of controls. This
unifies public and private cloud platforms above and across physical, virtual, and hybrid
environments
(mcaffe, 2021)

4.5. Basic Security Risk Considerations:

There are a number of areas that are at risk of being compromised and hence must be secured
when it comes to cloud computing. Each area represents a potential attack vector or source of
failure. By risk analysis, five key such areas have been identified:
 Organizational Security Risks: Organizational risks are categorized are categorized as the risks
that may impact the structure of the organization or the business as an entity. If a CSP goes out of
business or gets acquired by another entity, this may negatively affect their CSPs since any Service
Level Agreements (SLA) they had may have changed and they would then have to migrate to
another CSP that more closely aligns with their needs. In addition to this, there could be the threat
of malicious insiders in the organization who could do harm using the data provided by their
CSCs.
 Physical Security Risks: The physical location of the cloud data center must be secured by the
CSP in order to prevent unauthorized on-site access of CSC data. Even firewalls and encryption
cannot protect against the physical theft of data. Since the CSP is in charge of the physical
infrastructure, they should implement and operate appropriate infrastructure controls
including staff training, physical location security, network firewalls. It is also important to
42
 note that the CSP is not only responsible for storing and process data in specific
jurisdictions but is also responsible for obeying the privacy regulations of those
jurisdictions.
 Technological Security Risks: These risks are the failures associated with the hardware,
technologies and services provided by the CSP. In the public cloud, with its multi tenancy
features, these include resource sharing isolation problems, and risks related to changing
CSPs, i.e. portability. Regular maintenance and audit of infrastructure by CSP is
recommended.
 Compliance and Audit Risks: These are risks related to the law. That is, risks related to
lack of jurisdiction information, changes in jurisdiction, illegal clauses in the contract and
ongoing legal disputes. For example, depending on location, some CSPs may be mandated
by law to turn over sensitive information if demanded by government.
 Data Security Risks: There are a variety of data security risks that we need to take into
account. The three main properties that we need to ensure are data integrity, confidentiality
and availability. We will go more into depth on this in the next subsection since this is the
area most at risk of being compromised and hence where the bulk of cloud security efforts
are focused.
(Dahbur, 2011)

4. 6. Data Security Considerations

At the heart of all computing is arguably the processing of data into meaningful information. As
such, when the processing and storage of such data is outsourced to infrastructure owned and
maintained by a third party, this leads to a host of issues to consider when securing said data.
These issues are especially more pronounced in the public cloud, since multiple parties, some of
which could be malicious, have to share this aforementioned infrastructure:
 Data Security Properties
+ Privacy: Privacy is one of the more important issues to deal with in the cloud and
in network security in general. Privacy ensures that the personal information and
identity of a CSC are not revealed to unauthorized users. This property is most
important to the CSC, especially when they deal with sensitive data.
+ Confidentiality: This is related to data privacy since this is the property ensuring
that the data that belongs to a CSC is not revealed to any unauthorized parties. In
public clouds, the CSP is mainly responsible for securing the CSC's data.This is
particularly difficult due to multi tenancy, since multiple customers have access to
the same hardware that a CSC stores its data. Some providers use job scheduling
and resource management, but most providers employ virtualization to maximize
the use of hardware.
 These two methods allow attackers to have full access to the host and cross- VM side
channel attacks to extract information from a target VM on the same machine:

43
 + Integrity: The integrity of data refers to the confidence that the data stored in the
cloud is not altered in any way by unauthorized parties when it's being retrieved, i.e.
you get out what you put in. To ensure this, CSPs must make sure that no third party
has access to data in transit or data in storage. Only authorized CSCs should be able
to change their data.
+ Availability: This property ensures that the CSC has access to their data, and are
not denied access erroneously or due to malicious attacks by any entity. Attacks like
denial-of-service are typically used to deny availability of data .
 Data Stages: The flow of data through a cloud goes through various distinct stages, with
each stage requiring one or more of the previous properties to be maintained. These stages
are as follows:
 Data-in-transit: This is when data is in the process of being transmitted either to the cloud
infrastructure or to the computing device used by the CSC. Here, data is most at risk of
being intercepted, hence violating confidentiality. Encryption is generally used here to
prevent this, along with other methods we shall detail later.
 Data-at-rest: This is when data has been stored in the cloud infrastructure. The main issue
with this stage for the CSC is their loss of control over the data. The onus of defending
against attacks at this stage hence fall on the CSP. They have to ensure that all 4 of the data
security properties outlined are upheld at this stage.
 Data-in-use: This is when data is being processed into information. Here, the issues might
lie with the corruption of data while it is being processed. In order to prevent this the
integrity of data going into a process must be ensured using any one of the applicable
methods we will discuss later In addition to these three stages, the data left out in case of
data transfer or data removal also needs to be considered, since it can cause severe security
issues in the case of public cloud offerings since a CSC may end up gaining access to
sections of data not properly deleted from a prior CSC.
 (Latif, 2014)

44
References
Dahbur, K. M., 2011. "A Survey of Risks, Threats and Vulnerabilities in Cloud. [Online]
Available at: https://jisajournal.springeropen.com/articles/10.1186/1869-0238-4-5

Durcevic, S., 2019. cloud-computing-risks-and-challenges. [Online]

Available at: https://www.datapine.com/blog/cloud-computing-risks-and-challenges/

EDUCBA, 2021. educba. [Online]

Available at: https://www.educba.com/cloud-computing-issues-challenges/
[Accessed 12 11 2021].

Hubspot, 2021. hubspot. [Online]

Available at: https://product.hubspot.com/blog/git-and-github-tutorial-for-beginners
[Accessed 11 11 2021].

Latif, R. A. H. A. S. A., 2014. "Cloud computing risk assessment: a systematic. [Online]

Available at: LNEE 276 - Cloud Computing Risk Assessment: A Systematic Literature Review (researchgate.net)

managedmethod, 2019. security-issues-in-cloud-computing/. [Online]

Available at: https://managedmethods.com/blog/security-issues-in-cloud-computing/

mcaffe, 2021. security-awareness. [Online]

Available at: https://www.mcafee.com/enterprise/en-us/security-awareness/cloud/security-issues-in-cloud-
computing.html

Pedamkar, P., 2021. cloud-computing-issues-challenges/. [Online]

Available at: https://www.educba.com/cloud-computing-issues-challenges/

Pedamkar, P., 2021. cloud-computing-issues-challenges/. [Online]

Available at: https://www.educba.com/cloud-computing-issues-challenges/

Solanki, P., 2021. cloud-computing-challenges/. [Online]

Available at: https://www.mindinventory.com/blog/cloud-computing-challenges/

45
46