Security Challenges and Solutions in Cloud-Based Software Systems |
||
 |
 |
|
| © 2024 by IJCTT Journal | ||
| Volume-72 Issue-10 |
||
| Year of Publication : 2024 | ||
| Authors : Zainulabdeen J Alibadi | ||
| DOI : 10.14445/22312803/IJCTT-V72I10P123 | ||
How to Cite?
Zainulabdeen J Alibadi , "Security Challenges and Solutions in Cloud-Based Software Systems ," International Journal of Computer Trends and Technology, vol. 72, no. 10, pp. 160-172, 2024. Crossref, https://doi.org/10.14445/22312803/IJCTT-V72I10P123
Abstract
This research focuses on the increasing security threats and challenges in cloud-based software systems and potential solutions. Topics talked about are data breaches, insecure APIs/shared technology vulnerabilities in a multi-tenant environment and insider threats. This research clearly indicates the glaring requirement for strong security practices, including encryption, Identity and Access Management (IAM), and continuous monitoring to diminish risks. In addition to the Typo3 example, we can see in case studies such as Capital One and Equifax the devastating effects of misconfigurations (CapitalOne) or unpatched vulnerabilities (Equifax). Other types of emerging threats are discussed, like ransomware, container vulnerabilities and supply chain attacks — all related to the dynamic nature of cloud environments as well. Moreover, a side-by-side comparison with the major Cloud Service Providers (CSPs) — AWS, Azure and Google Cloud.
Keywords
Security challenges, Software, Cloud, AWS, Cloud Service Providers (CSPs).
Reference
[1] Farhan Faridi et al., “Cloud Computing Approaches in Health Care,” Materials Today: Proceedings, vol. 51, no. 1, pp. 1217-1223, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[2] Bo Li, and Subodha Kumar, “Managing Software‐as‐a‐Service: Pricing and Operations,” Production and Operations Management, vol. 31, no. 6, pp. 2588-2608, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[3] Mayank Sohani, and S.C. Jain, “A Predictive Priority-Based Dynamic Resource Provisioning Scheme with Load Balancing in Heterogeneous Cloud Computing,” IEEE Access, vol. 9, no. 62653-62664, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[4] Jaskaran Singh Saini et al., “Cloud Computing: Legal Issues and Provision,” Security and Communication Networks, vol. 2022, no. 1, pp. 1-14, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[5] Svetlana Syarova et al., “Data Leakage Prevention and Detection in Digital Configurations: А Survey,” Proceedings of the 15th International Scientific and Practical Conference, vol. 2, pp. 253-258, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[6] Oleksii Smirnov et al., “Simulation of the Cloud IoT-Based Monitoring System for Critical Infrastructures,” 2nd International Conference on Conflict Management in Global Information Networks, pp. 1-10, 2022.
[Google Scholar]
[7] Iffat Fatima, and Patricia Lago, “Towards a Sustainability-Aware Software Architecture Evaluation for Cloud-Based Software Services,” Software Architecture. ECSA 2023 Tracks, Workshops, and Doctoral Symposium, Istanbul, Turkey, pp. 200-216, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[8] S. Vinoth et al., “Application of Cloud Computing in Banking and E-commerce and Related Security Threats,” Materials Today: Proceedings, vol. 51, no. 8, pp. 2172-2175, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[9] Dervis Kirikkaleli, Hasan Güngör, and Tomiwa Sunday Adebayo, “Consumption‐based Carbon Emissions, Renewable Energy Consumption, Financial Development and Economic Growth in Chile,” Business Strategy and the Environment, vol. 31, no. 3, pp. 1123 1137, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[10] Rafiq Ahmad Khan et al., “Systematic Mapping Study on Security Approaches in Secure Software Engineering,” IEEE Access, vol. 9, pp. 19139-19160, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[11] Hussain Akbar, Muhammad Zubair, and Muhammad Shairoze Malik, “The Security Issues and Challenges in Cloud Computing,” International Journal for Electronic Crime Investigation, vol. 7, no. 1, pp. 9-28, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[12] Nelson Novaes Neto et al., “Developing a Global Data Breach Database and The Challenges Encountered,” Journal of Data and Information Quality, vol. 13, no. 1, pp. 1-33, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[13] Panjun Sun, “Security and Privacy Protection in Cloud Computing: Discussions and Challenges,” Journal of Network and Computer Applications, vol. 160, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[14] Farhan Qazi, “Application Programming Interface (API) Security in Cloud Applications,” EAI Endorsed Transactions on Cloud Systems, vol. 7, no. 23, pp. 1-14, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[15] Roy-Ivar Andreassen, “Digital Technology and Changing Roles: A Management Accountant's Dream or Nightmare?,” Journal of Management Control, vol. 31, pp. 209-238, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[16] Manesh Thankappan, Helena Rifà-Pous, and Carles Garrigues, “A Signature-Based Wireless Intrusion Detection System Framework for Multi-channel Man-in-the-Middle Attacks Against Protected Wi-Fi Networks,” IEEE Access, vol. 12, pp. 23096-23121, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[17] Umer Ahmed Butt et al., “Cloud Security Threats and Solutions: A Survey,” Wireless Personal Communications, vol. 128, pp. 387-413, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[18] Abhishek, Hrudaya Kumar Tripathy, and Sushruta Mishra, “A Succinct Analytical Study of the Usability of Encryption Methods in Healthcare Data Security,” Next Generation Healthcare Informatics, pp. 105-120, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[19] Apeh Jonathan Apeh et al., “GRC Strategies in Modern Cloud Infrastructures: A Review of Compliance Challenges,” Computer Science & IT Research Journal, vol. 4, no. 2, pp. 111-125, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[20] Hamed Tabrizchi, and Marjan Kuchaki Rafsanjani, “A Survey on Security Challenges in Cloud Computing: Issues, Threats, and Solutions,” The Journal of Supercomputing, vol. 76, pp. 9493-9532, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[21] Fatemeh Khoda Parast et al., “Cloud Computing Security: A Survey of Service-Based Models,” Computers and Security, vol. 114, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[22] Qianru Gong, “Research and Practice of Cloud Application Security Based on Multi Factor Authentication Technology,” Forest Chemicals, pp. 1578-1584, 2022.
[Google Scholar] [Publisher Link]
[23] Tanweer Alam, “Cloud Computing and Its Role in the Information Technology,” IAIC Transactions on Sustainable Digital Innovation, vol. 1, no. 2, pp. 82-93, 2020.
[Google Scholar]
[24] Peter Mell, and Timothy Grance, “The NIST Definition of Cloud Computing,” National Institute of Standard and Technology, 2011.
[Google Scholar]
[25] Ayman Mohamed Mostafa et al., “Strengthening Cloud Security: An Innovative Multi-factor Multi-layer Authentication Framework for Cloud User Authentication,” Applied Sciences, vol. 13, no. 19, pp. 1-14, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[26] Avita Katal, Susheela Dahiya, and Tanupriya Choudhury, “Energy Efficiency in Cloud Computing Data Centers: A Survey on Software Technologies,” Cluster Computing, vol. 26, pp. 1845-1875, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[27] Ze Jin et al., “P-Verifier: Understanding and Mitigating Security Risks in Cloud-Based IoT Access Policies,” Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, Los Angeles CA USA, pp. 1647-1661, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[28] Fayazoddin Mulla Syed, and E.S. Faiza Kousar, “Role of IAM in Data Loss Prevention (DLP) Strategies for Pharmaceutical Security Operations,” Revista de Inteligencia Artificial en Medicina, vol. 12, no. 1, 2021.
[Google Scholar] [Publisher Link]
[29] Gustavo González-Granadillo, Susana González-Zarzosa, and Rodrigo Diaz, “Security Information and Event Management (SIEM): Analysis, Trends, and Usage in Critical Infrastructures,” Sensors, vol. 21, no. 14, pp. 1-28, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[30] Frederik Wulf et al., “IaaS, PaaS, or SaaS? The why of Cloud Computing Delivery Model Selection: Vignettes on the Post-Adoption of Cloud Computing,” Proceedings of the 54th Hawaii International Conference on System Sciences, 2021.
[Google Scholar] [Publisher Link]