Keywords

1 Introduction

Cloud computing is a computing which provides on-demand, self-managed and efficient use of virtual resources. In recent years, cloud computing and storage have developed into well-liked topics. These two changing our way of living and have increased production efficiency in some areas. To use cloud base services, one requires only a decent internet connection. At present, if we store data locally, we’ve to accommodate numerous overheads along with the risks. Because of the defined storage resources and need for convenient usage, we select cloud servers to accumulate every kind of information, which is simple to access for companies and organizations too. For everybody, the cloud server gives an open and favorable storage platform, but it also announces risks of data security. Cloud computing is becoming famous for its three distinguishing qualities. Firstly, it can scale up or scale down quickly as per the user requirement. Secondly, users have to pay only for what they use and require no capital expenditure to start using cloud services. And finally, it is self-service for which there is no need for IT experts to install or use any resources. Along with these, cloud computing also provides fast access to resources and applications, it gives you the latest applications for use without wasting your time and expenditure on installations.

As every coin has two sides, which means along with these many pros of clouds, there are some major cons associated with data security, as cloud consumer even stores confidential data on the cloud such as documents, organizations policies, etc. Due to easy and remote access control, i.e., we can use our data from anywhere in the world where the only requirement is a good internet connection, this feature attracts users the most and makes cloud computing popular for storing data and sharing information through it, due to which security becomes major concern among cloud service providers and we are going to explain some of the data security-related concerns of cloud computing and further techniques used to resolve security risks and make cloud computing more secure and most trusted third-party resource to store data.

Data of consumers are stored on a shared cloud system rather than the devices of cloud service providers, so consumers don’t have the knowledge about how the data is stored on the cloud or how their data is encrypted and stored on the cloud to maintain integrity and confidentiality of data so that only authorized person can access it and if an attacker somehow manages to get the data, still the information cannot be decrypted easily. The NIST defines cloud computing as: “Cloud computing is a model for enabling ubiquitous, convenient and on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models” [1] explained in Fig. 1.

Fig. 1
figure 1

Cloud model

Full size image
  1. A.

    Deployment models:

  • Public Cloud: In a public cloud, the cloud service provider owns the cloud infrastructure and makes it available to every user. By tapping on the public cloud, consumers can get new capabilities on demand just by paying the subscription fee for the resources they wish to use.

  • Private Cloud: In a private cloud, a single organization owned the cloud infrastructure. It may be handled by the organization itself or by a third-party, where the storage network and hardware assume the top levels of security. Only the clients who owned this private cloud are able to access the data stored in the data centre.

  • Community Cloud: In community Cloud, cloud infrastructure is shared among different organization (ex. security requirements, policy, etc.). It would be handled by either organization or by a third party and may be located locally or across the internet.

  • Hybrid Cloud: In a hybrid cloud, the cloud infrastructure is a combination of public and private cloud in a single environment and by standardized or proprietary technology. Clouds are bound together that permits application and data portability.

  1. B.

    Service models:

  2. Software as a Service (SaaS): This service is totally managed and hosted by the cloud service providers in which a cloud consumer is directly going to use the applications. Consumers can use the services via a web browser or mobile application.

  3. Platform as a Service (PaaS): PaaS is concerned with abstraction and providing integrated development environments or platforms such as databases, application platforms (ex. to run Python, PHP, or other code), file storage and collaboration, or even proprietary application processing. The main inequality lies in the fact that with PaaS, there isn’t any load of handling the underlying networks, servers, etc.

  4. Infrastructure as a Service (IaaS): IaaS is responsible for providing the infrastructure where the consumer can deploy and runs arbitrary software such as operating systems and applications. IaaS provides virtual resources to the consumers on a pay per usage basis so that consumers do not require to buy and maintain their own physical servers, they use resources in a convenient and as per their requirement.

  5. C.

    Essential characteristics:

  • Resource pooling is known to be the most elementary characteristic where the cloud service provider basically hide resources and the provider itself is responsible for collecting them in a pool which is then partitioned so as to allocate them to different consumers.

  • By using on-demand self-service, Consumer’s provision for the resources from the pool is fulfilled They themselves are required to manage their resources. The administrator has no role to play in this task.

  • Broad network is actually the availability of the resources over a network without the requirement of any physical access. An important point to note here is that the network is not necessarily part of the service

  • Rapid elasticity simply allows consumers to expand or contract the resources, i.e., provisioning and de-provisioning of resources they use from the pool of resources. This task, as it sounds is quite delicate but is accomplished automatically. This helps to match the level of resource consumption with the demands.

  • The usage of resources is a measured service. Which is used to monitor and report that consumer can only use what they are allotted. And utility computing term comes from here. Since the cloud computing resources can now be consumed like water and electricity, so similarly user have to pay for what they use.

The remaining paper flow: Sect. 2 introduces the different types of data security threats, risks, and challenges present in cloud computing, Sect. 3 contains the solution to those problems discussed in Sect. 2, and then finally, Sect. 4 concludes the whole paper.

2 Related Works

Many researchers have published their paper on cloud computing by taking different aspects like: observed attacks, identified vulnerabilities, and some suggested remedies.

  1. 1.

    “Morsy et al. [18] explained cloud security issues in virtualization and service-oriented technologies along with security dimensions related to isolation and multitenancy. Based on the analysis they recommended for an integrated and adaptive configuration-based security model. However, their study does not have a detailed analysis of the security requirements, related threats, associated vulnerabilities, and corresponding countermeasures, and their mappings.”

  2. 2.

    Zhang et al. [19] defined cloud architecture into four layers to provide the services of cloud. And highlighted some security measures as the challenges for the cloud like: Automated security provisioning, virtual machine migration, hardware server consolidation, energy management, software framework, data security, storage technologies.

  3. 3.

    Pearson [20] to address the cloud related trust and privacy issues, the classical techniques are no longer flexible. Also defines the relation between the threats, vulnerabilities and privacy issues.

  4. 4.

    Modi et al. [25] discussed security issues in the cloud architecture deliberated as a layered architecture. However, by taking the data storage and data life cycle management techniques into account they could have given more privacy-related issues and their solutions.

  5. 5.

    Dahbur et al. [24] provide guidance to address the threats, vulnerabilities, risks that cloud environment brings itself. However, they did not provide the insight view of these issues.

  6. 6.

    Cong Wang et al. [21] discuss about data security issues and proposed a scheme provides data manipulation and security.

  7. 7.

    Subashini and Kavitha [23], they give study of security issues on the basis of delivery models of cloud. Explains different threats possible on each model (SaaS, PaaS, and IaaS).

  8. 8.

    Raj Kumar [22] explained about the security threats using transmission of information in cloud computing. Encryption and decryption techniques for providing to the cloud computing.

3 Security Threats in Cloud Computing

3.1 Threats

In cloud computing, trust is a major issue between the cloud service provider and the cloud consumer and also raises the number of security issues. The cloud security alliance (CSA) did a survey aimed to raise awareness of threats, risks, and vulnerabilities in the cloud and find the top 11 threats listed in the below Table 1:

Table 1 List of threats
Full size table

3.2 Security Risks of Data

From the generation of data to the destruction of it, the data goes from many stages called data life cycle [2, 3]. The data life cycle can be divided into 7 stages and these seven stages are categorized into 3 layers [4] illustrated in Fig. 2, Many data security issues in the cloud is involved in all stage of the data life cycle some of them are discussed:

Fig. 2
figure 2

Data life cycle

Full size image
  1. [1]

    Data creation: The data creation phase involves two activities, creating new data sets or manipulating older data. Only authorized users can make changes to the existing data. In cloud computing, cloud consumers and cloud service providers communicate with the help of interfaces and APIs [5]. Cloud computing posses certain data protection risks for cloud entities. Between the cloud entities, different kinds of service-level-agreement (SLA) are involved which lead to certain kinds of data leaks. It often happens, that checking the data handling practices of the provider becomes difficult for the cloud user [5].

  2. [2]

    Data transfer: By default, data transmission is done through transport level security (TLS), which transfers data in a secured channel [6]. But there may be some chances of issues and threats possible. Tracing the path of data, auditing. It is tedious to trace the path because of the non-linear behaviour of the cloud [7]. While data is transferred an eavesdropper can take confidential data and may inject some malicious information with original data. Therefore, along with the confidentiality, integrity of data is also required in the cloud.

  3. [3]

    Data use: To gain better data access performance, the management layer caries out the task of collaboration between various storage devices through the cluster computing, distributed file system, and grid computing technology [4]. When a user accesses the data present in the cloud, to protect data from unauthorized user access is a major issue. Because once the attacker gets access privileges the privacy of data is broken and the attacker can change the encryption keys to prevent authorized users from the use services. Because of the metered feature of cloud computing many organizations adopting cloud computing without knowing about the threats [5].

  4. [4]

    Data share: Increasing the usage range of data and information is made accessible between users, customers, and partners [8]. When data owner authorizes data access to other partners there may be chances that malicious insiders can take advantage and misuse the information and cannot maintain original security measures and usage restriction.

  5. [5]

    Data storage: In the cloud, the user is not aware where their data is stored in the cloud due to the shared resources property of cloud i.e. data location is unknown, which leads questions of security, legal and requirement of regulatory compliance [6]. To store the massive amount of data, the data erasure technique is used by the service provider to satisfy users demand for storage. Due to this data integrity, transparency and availability issues arise in the cloud [4]. Multitenancy is also the main characteristic provided by cloud. Therefore, multiple consumers can store data on the same platform which makes data more vulnerable to data breach and loss of data [9].

  6. [6]

    Archiving: The process of identifying and moving older inactive data to an independent storage device for long-term possession is called data archival. Archived data is important and can be used in the future so it focuses on the storage system. If storage media is portable then media is out of control and there is a risk of data leakage. If off-site archiving is not provided by the cloud service provider, the availability of the data will be threatened [2].

  7. [7]

    Destroy: When data is no longer in use it is permanently destroyed using physical or digital means [8]. The data deleted may be still present and can be restored and inadvertently disclose sensitive information, due to the physical characteristic of storage medium [2].

4 Solutions for Security Issues

4.1 Access and Application Programing Interface (API) Layer

Protect the system from unauthorized user access. Before the user starts using cloud services, it is necessary to identify them whether the user is authorized or not. Roy I and Ramadan gave a fourth privacy protection system named “Airavat,” which can prevent system from privacy leakage. This system uses decentralized information flow control (DIFC) and differential privacy protection protocols [10]. Khalid, develop a protocol for authentication and authorization. This protocol gave information about anonymous users and by using this, we can protect systems from unauthorized user access [6]. Lalitha proposed a work in which if the malicious user tries to access the system then an alert goes to admin with IP address through which admin can scrutinize the activities of the malicious user and can also block that IP address to prevent the system from unauthorized access [16]. Arora, build a secure cloud ecosystem, in which 2-step verification is applied, the first user enters the username and password after this they get one-time-password (OTP) to prove their identity, if the attacker gets password then also, he cannot enter into the system. For data transmission, SSL and TSL 1.2 are used and at the end uses a hybrid cryptographic system for encryption of data [9]. Puthalin proposed a security verification scheme using Dynamic prime numbers. Which reduces communication overhead [6].

4.2 Management Layer

To protect data from illegal user access, the basic requirement is the encryption of data. Which provides confidentiality to the user data. But the problem with encryption is the management of keys. User is not able to manage large amount keys therefore cloud service provider needs to maintain encryption keys. The Organization for the Advancement of Structured Information Standards (OASIS) Key Management Interoperability Protocol (KMIP) working to overcome key management problems [12]. With personal privacy information protection sharing of data is a challenge. Randike Gajanayake proposed a framework for privacy protection depends on Information Accountability (IA) components. IA agents monitor the activity of users. When the user tries to de illegal activity, IA agents detect it and apply some methods that force the user to accept his mistake [17]. Dong, defines a security policy for effective, scalable and privacy-preserving data sharing. The policy is made with the combination of two techniques i.e. CP-ABE and IBE [6].

4.3 Storage Layer

In cloud computing, it is necessary to use a secure storage system. R. Nivedhaa and J. Jean Justus, explain a secure erasure coding technique in which users data is divided and then encrypted using advanced encryption standard algorithm and proxy re-encryption [14]. Mowbray proposed a client-based security management tool. In which the user can configure it according to their requirement and can store and use their confidential information in the cloud in a secured manner [13]. Wei proposed a first protocol that makes storage and computation secure [15].

5 Conclusion

Over time, the use of cloud computing and inventing new features and techniques in it are increasing rapidly due to its prominent characteristics. At the same time, data security risks, threats, and challenges are also increasing and need to be solved as soon as possible. Because cloud computing is now used in health care, banks, private and public organizations, and many other fields. Where the user stores their confidential data, which cannot be compromised at any cost and for that it requires the highest security measures for data. In this paper, analysis of some data security threats and their solutions over the stages of the data life cycle and structural properties of the storage system are covered.