Mitigating Cloud Computing Risks
Over the years, cloud computing has grown to be essential within the scientific field. Cloud computing is the model that enables the regular sharing of a pool of network resources requiring minimal management skills. Under this definition, cloud computing comprises five characteristics: broad network access, on-demand self-service capabilities, rapid elasticity, resource pooling, and an examinable service (Pop, 2016). Even though there are numerous benefits and substantial gains from adopting this technology, there are also critical barriers to the adoption process. One of the essential barriers to adoption is security. Since this platform explores an entirely new computing paradigm, the essential concern is its security from the user perspective and the Cloud Service Provider (CSP). Therefore, organizations adopting the cloud computing system must have measures to mitigate the security and privacy risks brought about by conducting operations beyond their data centers (Pop, 2016). This paper evaluates the risks and vulnerabilities associated with public clouds, private clouds, and hybrids and critical control measures to mitigate them.
There are various risks and vulnerabilities associated with moving to clouds that organizations should know. The first risk of progressing to the cloud is that the organization would face misconfigured cloud storage. With an extensive storage space, moving to the cloud provides cybercriminals with an easy route to accessing an organization’s confidential information. The report released by Symantec in 2018 revealed that about 75 million records from organizations had leaked courtesy of misconfigured cloud storage buckets (Kazem & Boostani, 2018). Furthermore, the report also presented the latest tools that hackers are now using in detecting misconfigured cloud storage for informed targeting.
The two broad cloud misconfigurations include AWS security group misconfiguration and lack of access restrictions. The first category is responsible for availing security at the source, destination, and protocol access levels. Therefore, this kind of vulnerability occurs because the misconfiguration provides the hacker with the ability to easily access cloud-based servers and steal confidential information (Kazem & Boostani, 2018). In the second type, inadequate security of the cloud infrastructure makes it easy for hackers to access the data and download it for malicious gains. The other vulnerability of cloud computing is insecure APIs. APIs are incorporated within the cloud computing system to streamline processes. Therefore, if left unprotected, APIs can provide lines of communication that aid hackers in exploiting confidential information (Kazem & Boostani, 2018). This is viewed as a threat because about two-thirds of businesses expose their APIs to the public for easy accessibility by external developers and potential business investors, only to be accessed by unauthorized parties. The two broad ways hackers exploit insecure APIs include inadequate authentication and insufficient authorization.
The other risk associated with cloud computing that an organization may face includes intellectual property theft. Intellectual property is susceptible to security threats with the data stored on an online platform. A recent study discovered that about 25% of the files uploaded for sharing contained essential information, including intellectual property (Kazem & Boostani, 2018). Therefore, a breach of these cloud services denotes that the attackers can easily access the information stored in them. IP is the data that firms own, and losing this data translates to losing their intellectual property. Intellectual theft may take various forms, such as data alteration, data deletion, or even loss of access (Kazem & Boostani, 2018). Data alteration refers to data modification so that it cannot be restored to its previous state; deletion is the permanent removal of data from the cloud, while loss of access refers to attackers holding information for ransom.
Organizations can implement the following control measures to mitigate the risks and vulnerabilities discussed above. For instance, organizations can prevent misconfigured cloud storage by double-checking the storage security configurations after the setup process. Also, the organization can utilize specialized tools in checking the security storage configurations, which goes a long way in identifying the vulnerabilities before they can be leveraged by hackers (Tabrizchi & Rafsanjani, 2020). The IT department within the organization should regulate the number of individuals who can configure cloud resources within organizational settings. Furthermore, the organization can mitigate against insecure APIs by developing strong authentication, encryption, and access control (Tabrizchi & Rafsanjani, 2020). Nevertheless, the IT department should regularly conduct penetration tests that mimic external attacks on the API. Finally, intellectual theft can be prevented by integrating frequent backup systems that prevent data loss from the cloud system. Organizations should develop a schedule for regular backups and a clear distinction of the type of information eligible for backup.
Conclusively, moving to the cloud comes with its benefits and setbacks, evidenced by the security risks and vulnerabilities. For instance, cloud storage provides the organization with sufficient space to preserve their confidential information for later retrieval. However, embracing this digital innovation comes with a set of various risks. This paper considers only three risks: misconfigured cloud storage, insecure APIs, and the theft of intellectual property. Therefore, some of the IT audit tasks that can be undertaken to assess whether the organization is suffering from these risks include but are not limited to examining security configurations, evaluating whether the organization has implemented a secure software development life cycle, and performing TLS encryption tests.
References
Kazemi, U., & Boostani, R. (2018). Analysis of Scalability and Risks in Cloud Computing. International Journal of Academic Research in Computing Engineering, 2(1), 24-33.
Pop, D. (2016). Machine learning and cloud computing: Survey of distributed and SaaS solutions. ArXiv preprint arXiv: 1603.08767. Retrieved on 1st May 2022, from https://arxiv.org/pdf/1603.08767
Tabrizchi, H., & Kuchaki Rafsanjani, M. (2020). A survey on security challenges in cloud computing: issues, threats, and solutions. The journal of supercomputing, 76(12), 9493-9532. Retrieved on 1st May 2022, from https://link.springer.com/article/10.1007/s11227-020-03213-1
ORDER A PLAGIARISM-FREE PAPER HERE
We’ll write everything from scratch
Question 
Week 4 Assignment – Mitigating Cloud Computing Risks
Overview
Imagine you are an information security manager in a medium-sized organization. Your CIO has asked you to prepare a case analysis report and presentation on establishing internal controls in cloud computing. The CIO has seen several resources online that discuss the security risks related to cloud-based computing and storage. One that stood out was Cloud Computing Risk Assessment: A Case Study. You are asked to summarize the information you can find on the Internet and other available sources. The CIO wants to have a firm grasp on the benefits and risks associated with public, private, and hybrid cloud usage. There is also concern over how these systems should be monitored to ensure proper usage and data security.
Mitigating Cloud Computing Risks
Instructions
Write a 3–4 page paper in which you:
Provide a summary analysis of the latest research available in this area.
Examine the risks and vulnerabilities associated with public clouds, private clouds, and hybrids.
Include primary examples applicable from the case studies you reviewed.
Suggest key controls that organizations could implement to mitigate these risks and vulnerabilities.
Develop a list of IT audit tasks that address a cloud computing environment based on the results from the analysis of the case studies, the risks and vulnerabilities, and the mitigation controls.
Use at least three quality resources. Note: Wikipedia and similar websites do not qualify as quality resources.