CYBER SECURITY CHALLENGES AND THEIR EMERGING TRENDS IN CLOUD COMPUTING

CYBER SECURITY CHALLENGES AND ITS EMERGING TRENDS IN CLOUD COMPUTING

?

Research Paper
by 
Adeeba Saeed

?

?

?

?

?

?

?

?

?

Abstract

This research paper aims to understand cyber security challenges and emerging trends in cloud computing. Cyber security challenges have been prevalent nowadays, and new and effective solutions must be implemented to reduce these negative impacts. Cyber security is required in every organisation to protect every specific data category from damage and theft. It mainly includes personally identifiable information, intellectual property, data, organisational information systems and many more. Such security is also required in cloud computing technology to ensure that the organisation meets compliance requirements and reduces the risk of destructive human errors. Hence, the organisational data and information would be safe and secured under every circumstance, and the data management aspects would be enhanced to a high level. This research paper has considered a literature review of recent articles on cyber security challenges and emerging trends in cloud computing. Six cyber security risks are identified, and three emerging cloud trends are determined from the existing research. This research paper also provides future research avenues that would benefit the technological aspect.

Keywords: Cyber security, challenges, cloud computing, emerging trends

?
?

?

?
?
?

?

?

?

1.?? ?????Introduction

?

Cyber security is an important issue in the infrastructure of every company and organization (Li and Liu, 2021). Cyber security refers to the core practice to protect various systems, networks, and different programs from digital attacks (Alnasser, Sun and Jiang 2019). Stealing attacks against controlled information, along with the increasing number of information leakage incidents, has become an emerging cyber security threat in recent years. (Miao et al., 2021). All of such cyber-attacks are mainly aimed at accessing, destroying and changing personal information or even interrupting of normal business processes (Mendhurwar and Mishra 2021). Hence, the user is able to secure their system from unauthorised exploitation of systems, technologies and networks (Sun, Hahn and Liu 2018).

Proper implementation of the most effective measures of cyber security is extremely challenging as there are several devices than various individuals, and the attackers are becoming highly innovative (Mantha and de Soto 2019). In spite of such advantages, there are a few prevalent challenges in cyber security that are needed to be eradicated for gaining maximum efficiency (Dui?, Cvrtila and Ivanjko 2017). The following research paper outlines a brief discussion on cyber security challenges and different emerging trends in cloud computing. Although cloud computing is based on a 50-year-old business model, evidence from this study indicates that cloud computing still needs to expand and overcome present limitations that prevent the full use of its potential. In this study, we critically review the state of the art in cloud computing with the aim of identifying advances, gaps, and new challenges (Durao, F. et al. 2014).

2.??? ??Research Question

The research question for this research paper is provided below:

What are the cyber security challenges in cloud computing and cloud services, and how can the emerging technologies of cloud computing be effective?

3.??? ???Method??????

An in-depth literature review is being performed for completing the research on cyber security challenges and its emerging trends in cloud computing. Our aim was to provide an in-depth analysis of the field rather than providing a descriptive overview (Jones and Gatrell, 2014). The review method consists of search, selection, analysis, and synthesis processes.

3.1? ???Search and Selections

The most recent papers from 2017 to 2022 have been selected for the research work to ensure that the current scenario can be identified, and every emerging trend is recognised for cloud computing. The search was conducted in two rounds. I primarily judged papers based on abstract, title, and keywords in the first round. I chose research papers that include search keywords “cyber security” and “cloud computing” as focal concepts in an organisational context. In the second round, I inspected the full texts of articles to check whether the term ‘‘cyber security” and “cloud computing” had been mentioned in the body of the text. The report is not written from blogs, abstract only or news articles. The search engine Google Scholar, Scopus and Science Direct were used to take up published journal articles to collect appropriate data for the research work and papers in IEEE databases.

?Out of 561 potential candidates in the initial selection, I selected 181 papers that focus on cyber security and cloud computing in an organizational context. In the end, 22 papers qualified for inclusion as they discuss how cyber security is crucial for any organisation to set up cloud computing and services. (See Fig. 1)

?

????????

Journals: EJIS, ISJ, ISR, JAIS, JIT, JMIS, JSIS, MISQ, BD&S, CACM, DSS,

?Search???????????????????????? ????????? JASIST, AMJ, AMR, I&M, I&O, JOM, JMS, MS, SMJ

???????????????????????? ???????????????????? Conferences: AMCIS, ECIS, ICIS

???????????????????????? ???????????????????? Keywords: “cyber security”, “cloud computing”,” emerging trends”, “cloud services.”

?????????????????????????????????????????? Search: google scholars, Scopus and Science Direct

????????????? ???????????????????????????? Exclude:

561 potential candidates

? ???????????? ???????????????????????????? Blogs, news items, proposals, overviews, Wikipedia

?




?????????????????????????????????????????????? Primarily judge papers based on abstract, title and keywords

????????????? ???????????????????????????? Include: cyber security, cloud computing, emerging trends, cloud services

Selection ???????????????????????????? Exclude Main technical forms,

181 papers on cyber security

?




?????????????

????????????? ???????????????????????????? Full-text search on cyber security and cloud computing

22 papers on cyber security

Exclude: Paper not mentioning cyber security or cloud computing in body, title, abstract or keywords

?

?

?Fig 1: Search and selection Process

?

3.2? ???Analysis and synthesis of the literature

?

This current analysis mainly focuses on summarising and analysing existing theories on cloud computing. As the IT industry evolves rapidly and new revolutionary trends emerge rapidly. This work aimed to provide new insights, which could contribute to the futuristic research on cyber security challenges and emerging trends of cloud computing. For this purpose, I classified the search topics into three dimensions: cyber security, cloud computing, and cloud services. I present this research discussion stemming out from findings from different related search articles.

?

4.??? ???Literature Review on Cyber Security

?

4.1? ???Cyber Security Challenges

A unified threat management system is needed for automating various integrations in organisational security products and services. It is also required for accelerating critical security operational functions like detection, investigation, and remediation. The organizations should comprise a specific framework for dealing with the negative impacts from attempted as well as successful cyber threats and attacks (Edgar and Manz 2017). Various processes and technological advancements are needed to be considered for such circumstances, and hence maximum-security aspects would be focused. The existence of a comprehensive definition of a cyber-attack will undoubtedly have a direct impact on the legal environment to continue and identify the consequences of this attack type (Furnell et al., 2020)

There are different methodologies that are being adopted by cyber attackers or criminals to conduct such circumstances for securing the network (Benias and Markopoulos 2017). These are referred to as cyber security challenges, and these are needed to be eradicated on a top priority basis. The most distinct challenges of cyber security are listed below:

????? I.???????? Malware and Ransomware: The first and foremost challenge of cyber security for an organization is malware and ransomware. These are termed as the most common challenges faced by any business. Ransomware is a distinctive kind of malware, which infects different devices, files, and systems unless a specific amount of money is being paid to the cybercriminals by the respective organisation. Most of the common ransomware attacks mainly initiate by clicking on a malware attachment or malicious link for viewing any advertisement with malware or malvertising as well as various phishing emails that comprise of malicious attachments (Kimani, Oduol and Langat 2019). As soon as ransomware infects the network, several processes or critical operations are slowed down or even become inoperable unless the organization pays the ransom to the respective criminal. Hence, the organisation is impacted financially and faces reputational damages.

??? II.???????? Data Breaches: This particular challenge is another common security factor for cyber security. The attackers hack the system or network for extracting the confidential information or data and hence causing data breaches accordingly (El Mrabet et al., 2018). There is always a need for effective device management, monitoring, and even securing sensitive data in the respective business. Most of the organizations lack updated security measures, different protocols and even a knowledgeable information department (Khan, Brohi and Zaman 2020). Hence, the cybercriminals gain access to social security numbers, contact information and other personal confidential information and therefore data breaches are observed.

?? III.???????? Insider Threats: An insider threat is a security risk, which initiates from within the targeted organisation. It mainly involves a former or current employee who has accessibility to the most sensitive information or privileged accounts in a company’s network and misuses access. Traditional security measures also tend in focusing on external threats and are not always capable of recognising the internal threat from inside the organisation (Tweneboah-Koduah, Skouby and Tadayoni 2017). There are three reasons for insider threats: malicious, negligent, and accidental.

? IV.???????? Distributed Denial of Service Attacks: DDoS attacks are the subclass of denial-of-service attacks. The DDoS attacks mainly involve several connected online devices, termed a botnet and are being utilised for overwhelming a target website with fake traffic. It refers to the attack that is meant to shut down a network or machine and hence making it inaccessible to the intended users (Althobaiti and Dohler 2020). The issue is being caused by flooding the targeted host or network with traffic until and unless the target could not respond or crashes and, as a result, preventing access for the legal users.

??? V.???????? Cloud Computing Threats: There are a few cloud computing threats that can be referred to as extremely vulnerable for any organisation and are required to be treated on a priority basis (Harel, Gal and Elovici 2017). These threats mainly include access management, data breaches and data leaks, insecure APIs, misconfigured cloud storage and many more. Suitable strategies are required to be considered for removing the negative impacts of such threats.

? VI.???????? Phishing Attacks: It is the practice to send fraudulent communication, which appears to come from a reputable source and is usually done through an email. The main aim is to steal confidential information, such as credit card and login information, as well as install malware on the respective machine for such activities (Ervural and Ervural 2018).

?

4.2? ???Cloud Computing Technologies

?

Cloud computing technology has been focusing on new and innovative methodologies to be included in the business for ensuring that the respective organisation gains advantages and the best technology is being selected. Due to the rapid development of cloud technologies, it is needed to focus on the post cloud computing paradigms (Abdel-Basset, Mohamed and Chang 2018). Network applications are emerging as the Internet of Things, and virtual and augmented reality make the process more appropriate. Different terminologies are needed to be considered and analysed for cloud computing. It is required to systematically summarise cloud computing paradigms like fog computing, dew computing, and mobile edge computing.

It is significant for the organisation to consider the future development prospects of post cloud computing. The major challenges of cloud computing are required to be eradicated on top-level priority for this circumstance and also focus on leveraging the core capabilities of heterogeneous devices as well as edge equipment (Wang et al. 2017). Moreover, heterogeneous, and long-distance network bottlenecks would be referred to as quite distinct with the subsequent development of ubiquitous network technology, and there had been a significant improvement in the network bandwidth and speed.

The high demand for new and complex network applications can even be referred to as distinctive in this factor and check for variations. For reducing the challenge, two distinct applications are focused on, which include IoT and 5G network (Zhou, Zhang and Xiong 2017). The authors have compared the technologies aspects properly for ensuring that a clear idea is gained, and the survey provides a detailed description of the comparison of post cloud computing paradigms. The technical parameters of cloud computing and post cloud computing are compared in terms of latency, delay jitter, access network, mobility support, service access, availability, main content generator, control mode, content consumption and many more. Moreover, the inspired drivers are also considered for this purpose and all the post cloud computing paradigms are compared accordingly (Stergiou et al. 2018).

The clients require proper assurance of security to ensure that the most sensitive information is sent to the third-party cloud supplier and maintain relevancy for safety. To ensure that such protection is enhanced in cloud computing, a few aspects should be considered: network segmentation, cloud-based access controls, multi-tenancy in cloud computing, cloud access management, and cloud computing threats and liability. The emerging trends of cloud computing require to be safe and secured, and better results are obtained accordingly.

?

4.3? ???Emerging Trends in Cloud Computing

?

Cloud computing has been providing major opportunities for different emerging trends and new strategies and business models are considered to adopt new cloud services and even checking for the recent trends in cloud computing (Namasudra 2018). The main cloud computing trends are hybrid cloud computing, quantum computing and serverless computing.

????? I.???????? Since the cloud applications are becoming highly portable, the companies are implementing the workloads across several IaaS platforms like Google Cloud, Microsoft Azure and Amazon Web Services. Hence, hybrid cloud computing integrates the local servers with private as well as third party public cloud services; it has become extremely common for different companies to consider new and innovative methodologies and aspects (Varghese and Buyya 2018).

??? II.???????? Quantum computing, on the contrary, has been famous as it is the computing of several variables at the same time and can also solve problems quickly and even accurately. There have been significant advancements in the configuration, allowing the data to be processed faster than before. The main benefits involve the reduction of energy consumption and having a positive impact on the environment. Quantum computers promise to perform certain tasks that are believed to be intractable to classical computers. Boson sampling is such a task and is considered a strong candidate to demonstrate the quantum computational advantage (Zhong et al., 2020).

?? III.???????? Serverless computing, has emerged as a new compelling paradigm for the deployment of applications and services. It represents an evolution of cloud programming models, abstractions, and platforms, and is a testament to the maturity and wide adoption of cloud technologies (Baldini et al., 2017). Serverless computing is mainly based on the pay as per basis model. It can offer scalability and flexibility to the businesses for deploying their applications without even investing in the underlying infrastructure. More than 20% of the global companies are moving to serverless computing. Hence, they have been gaining additional focus and control on the most effective applications and configuration or management of the servers in an appropriate manner. Therefore, this trend is more effective for different types of companies

?

4.4? ???Cloud Services and Cyber Security

?

Sandeep et al., (2021) believe that many leading global companies compete to provide the best cloud services to their customers. Microsoft Azure manages the communication between IoT applications and devices with high security and reliability. Azure IoT Hub provides connectivity to virtually any device in the network using the Cloud-hosted solutions. Cloud IoT Core services provided by Google incorporation is a fully managed service that allows easy access and secured connection, management, and data are collected from billions of devices spread over the entire globe. Another example of cloud service is Amazon Web Services (AWS) spread to the edge of the IoT network and provides deep and broad functionalities to improve the overall performance.

Cyber security is required in cloud services. It is necessary for maintaining consistency in data management and security and focusing on secured infrastructure data applications, information applications, and frameworks. Protection for cloud computing platforms mainly works on the same premises for confidentiality, integrity, and handiness. It helps address every logical and physical security issue for the assorted service models of the platform, infrastructure, and code. It also addresses the public, private and hybrid cloud service model services. Recently, a new scheme was developed called Multi-user certificateless public key encryption with a conjunctive keyword search (mCLPECK) scheme. It contains two features: the multi-user environment and the conjunctive keyword search function. Nevertheless, it requires a secure channel while transmitting the trapdoor to the cloud server, which is not practical in applications, and it cannot resist the keyword guessing attack (KGA) (Chenam and Ali, 2022).

Moving data into the cloud offers great convenience to users since they don't have to care about the complexities of direct hardware management. The pioneer of Cloud Computing vendors, Amazon Simple Storage Service (S3) and Amazon Elastic Compute Cloud (EC2) [1] are both well-known examples (Cong et al., 2009). Service-oriented computing and cloud computing have gone a long way since their advent, but emerging technologies, aiming at the convergence of devices, networks, and the Internet of Things (IoT), sustain a very active research community aiming to develop these technologies further to build smart systems in research, business, and social contexts (Schulte, S. et al. 2017).

5.??? ???Discussion

In the face of increasing numbers of cyber-attacks, it is critical for organisations to understand the risk they are exposed to even after deploying security controls (Erola et al., 2022). For example, if we talk about it, Ransomware infiltrates victim systems in various ways, usually encrypting files in the system, and demanding a ransom to allow the user access to the encrypted files again. Although security mechanisms such as firewalls, anti-virus programs, and automated analysis programs have been developed to combat this threat, these mechanisms have little success and fail to protect the valuable assets stored in local or cloud storage resources (Kara and Aydos, 2022).

Another issue discovered during the research was very common, while cloud infrastructure is very secure, customers are responsible for implementing cyber security features and configuring them correctly. Cloud misconfigurations are common sources of data breaches, and the number is expected to increase as more companies adopt cloud services to support remote workers (Sheth et al.,2021). However, cloud service providers have not been providing enough secure and reliable services to end-users. Blockchain is a technology that is improving cloud computing. This revolutionary technology offers persuasive data integrity properties and is used to tackle security problems (Habib Gill et al., 2022).

6.??? ???Conclusion and Avenues for Future Research

?

Therefore, from the above discussion, a conclusion can be drawn that cyber security challenges must be avoided on a priority basis for gaining maximum advantages in the respective organisation. This research paper has identified six distinct cyber security challenges by conducting a literature review and analysing these threats. The emerging trends of cloud computing also need to be highlighted to gain an idea of better results and efficiency. Besides, the attainment of security and privacy in cloud services is also pivotal. The research question of cyber security challenges is identified in the paper, and all these six cyber security threats are addressed for better results.

In our study, we were limited by the methods used. Specifically, although we captured a rich set of papers from the IS domain, further interesting and complementary insights can be found in related fields (Wamba et al., 2015) There are several avenues for future research as it is expected by 2031, the cloud could be forwarding. It would be responsible for ensuring that maximum efficiency is being obtained in the business. Data collection would be easier and faster, and the chance of data loss would be checked without any issue. Moreover, communications’ problems would be avoided with such advantages. The involvement of cyber security in cloud computing emerging trends can be beneficial for reducing the threats and gaining benefits.

?

?

?

?

?

?

?

?

References

Abdel-Basset, M., Mohamed, M. and Chang, V., 2018. NMCDA: A framework for ??evaluating cloud computing services. Future Generation Computer Systems, 86, pp.12-29.

Alnasser, A., Sun, H. and Jiang, J., 2019. Cyber security challenges and solutions for V2X communications: A survey. Computer Networks, 151, pp.52-67.

Althobaiti, O.S. and Dohler, M., 2020. Cybersecurity Challenges Associated With the Internet of Things in a Post-Quantum World. IEEE Access, 8, pp.157356-157381.

Banias, N. and Markopoulos, A.P., 2017, September. A review on the readiness level and cyber-security challenges in Industry 4.0. In 2017 South Eastern European Design Automation, Computer Engineering, Computer Networks and Social Media Conference (SEEDA-CECNSM) (pp. 1-5). IEEE.

Baldini, I., Castro, P., Chang, K., Cheng, P., Fink, S., Ishakian, V., Mitchell, N., Muthusamy, V., Rabbah, R., Slominski, A. and Suter, P. (2017). Serverless Computing: Current Trends and Open Problems. Research Advances in Cloud Computing, [online] pp.1–20.

Chenam, V. and Ali, S., 2022. A designated cloud server-based multi-user certificateless public key authenticated encryption with conjunctive keyword search against IKGA. Computer Standards & Interfaces, 81, p.103603

Cong Wang, Qian Wang, Kui Ren and Wenjing Lou, 2009. Ensuring data storage security in Cloud Computing. 2009 17th International Workshop on Quality of Service,

Dui?, I., Cvrtila, V. and Ivanjko, T., 2017, May. International cyber security challenges. In 2017 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO) (pp. 1309-1313). IEEE.

Durao, F. et al. (2014) A systematic review on cloud computing. The Journal of supercomputing. [Online] 68 (3), 1321–1346.

Edgar, T. and Manz, D., 2017. Research methods for cyber security. Syngress.

El Mrabet, Z., Kaabouch, N., El Ghazi, H. and El Ghazi, H., 2018. Cyber-security in smart grid: Survey and challenges. Computers & Electrical Engineering, 67, pp.469-482.

Ervural, B.C. and Ervural, B., 2018. Overview of cyber security in the industry 4.0 era. In Industry 4.0: managing the digital transformation (pp. 267-284). Springer, Cham.

Erola, A., Agrafiotis, I., Nurse, J., Axon, L., Goldsmith, M. and Creese, S., 2022. A system to calculate cyber-value-at-risk. Computers & Security, 113, p.102545.

Harel, Y., Gal, I.B. and Elovici, Y., 2017. Cyber security and the role of intelligent systems in addressing its challenges. ACM Transactions on Intelligent Systems and Technology (TIST), 8(4), pp.1-12.

Habib Gill, S., Abdur Razzaq, M., Ahmad, M., M. Almansour, F., Ul Haq, I., Jhanjhi, N., Zaib Alam, M. and Masud, M., 2022. Security and Privacy Aspects of Cloud Computing: A Smart Campus Case Study. Intelligent Automation & Soft Computing, 31(1), pp.117-128.

Jones, O., Gatrell, C., 2014. Editorial: the future of writing and reviewing for IJMR. Int. J. Manage. Rev. 16 (3), 249–264.

Khan, N.A., Brohi, S.N. and Zaman, N., 2020. Ten deadly cyber security threats amid COVID-19 pandemic.

Kimani, K., Oduol, V. and Langat, K., 2019. Cyber security challenges for IoT-based smart grid networks. International Journal of Critical Infrastructure Protection, 25, pp.36-49.

Kara, I. and Aydos, M., 2022. The rise of ransomware: Forensic analysis for windows based ransomware attacks. Expert Systems with Applications, 190, p.116198.

Li, Y. and Liu, Q. (2021). A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments. Energy Reports. Volume 7, pp. 8176-8186

Mantha, B.R. and de Soto, B.G., 2019. Cyber security challenges and vulnerability assessment in the construction industry. In Creative Construction Conference 2019 (pp. 29-37). Budapest University of Technology and Economics.

Mendhurwar, S. and Mishra, R., 2021. Integration of social and IoT technologies: architectural framework for digital transformation and cyber security challenges. Enterprise Information Systems, 15(4), pp.565-584.

Miao, Y., Chen, C., Pan, L., Han, Q.-L., Zhang, J. and Xiang, Y. (2021). Machine Learning–based Cyber Attacks Targeting on Controlled Information. ACM Computing Surveys, 54(7), pp.1–36.

Namasudra, S., 2018. Cloud computing: A new era. Journal of Fundamental and Applied Sciences, 10(2).

Stergiou, C., Psannis, K.E., Kim, B.G. and Gupta, B., 2018. Secure integration of IoT and cloud computing. Future Generation Computer Systems, 78, pp.964-975.

Sun, C.C., Hahn, A. and Liu, C.C., 2018. Cyber security of a power grid: State-of-the-art. International Journal of Electrical Power & Energy Systems, 99, pp.45-56.

Schulte, S. et al. (2017) Service-Oriented and Cloud Computing: 6th IFIP WG 2.14 European Conference, ESOCC 2017, Oslo, Norway, September 27-29, 2017, Proceedings. Vol. 10465. [Online]. Cham: Springer International Publishing.

Sandeep, S., Rayan, T., Kumudavalli and Kumar, S., 2021. Case Studies on 5G and IoT Security Issues from the Leading 5G and IoT System Integration Vendors. Secure Communication for 5G and IoT Networks, pp.197-212.

Sheth, A., Bhosale, S. and Kurupkar, F., 2021. RESEARCH PAPER ON CYBER SECURITY. [online] Available at: <https://www.researchgate.net/publication/352477690_Research_Paper_on_Cyber_Security> [Accessed 8 January 2022].

Tweneboah-Koduah, S., Skouby, K.E. and Tadayoni, R., 2017. Cyber security threats to IoT applications and service domains. Wireless Personal Communications, 95(1), pp.169-185.

Fosso Wamba, S., Akter, S., Edwards, A., Chopin, G. and Gnanzou, D., 2015. How ‘big data’ can make big impact: Findings from a systematic review and a longitudinal case study. International Journal of Production Economics, 165, pp.234-246.

Zhong, H.-S., Wang, H., Deng, Y.-H., Chen, M.-C., Peng, L.-C., Luo, Y.-H., Qin, J., Wu, D., Ding, X., Hu, Y., Hu, P., Yang, X.-Y., Zhang, W.-J., Li, H., Li, Y., Jiang, X., Gan, L., Yang, G., You, L. and Wang, Z. (2020). Quantum computational advantage using photons. Science. [online] Available at: https://science.sciencemag.org/content/early/2020/12/02/science.abe8770 [Accessed 17 Dec. 2021].G