Cloud Provider Evaluation

3/5/22, 12:29 PM Data Integrity and Security Issues in Cloud Computing

https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/data-integrity-and-security-issues-in-cloud-computing.html… 1/4

Data Integrity and Security Issues in Cloud Computing

By D. Veerabhadraiah and M. Revathi

Security Challenges of Infrastructure as a Service (IaaS)

Information privacy is one of the security challenges pertaining to infrastructure as a

service (IaaS). Many solutions have come into existence for cloud storage security and

service availability. However, there is much room for further research in the area of data

intrusion [1].

There are many technical and security challenges in the service stack of cloud with

respect to IaaS. The important areas of security concern include digital forensics, new

attack strategies, resource sharing, and operational trust modes.

Trust level is the primary concern in IaaS. Different cloud service providers provide

different trust levels that are used to analyze the risks involved as well. Since the cloud

service provider has access to public data, it must be protected. Encrypted communication

channels, computations support on the encrypted data, and security of cloud computing

resources are to be given paramount importance.

There are certain legal issues involved in the security of IaaS. They include jurisdiction

issues, cloud stakeholder rights, and technical issues [3]. IaaS and software as a service

(SaaS) can be combined effectively for many domains. For instance, in education, these

two together can be used for e-learning services. However, security needs to be part of

the framework of e-learning applications. Single sign-on (SSO) can be enforced to support

secure services with a single authentication process.

There is also inherent security risk involved when virtual machines (VMs) are used in the

cloud computing service stack. Since VMs allow programs to be executed and they might

carry malicious code, there is a hidden security threat. User access policies play an

Learning Resource

3/5/22, 12:29 PM Data Integrity and Security Issues in Cloud Computing

https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/data-integrity-and-security-issues-in-cloud-computing.html… 2/4

important role in securing communications in the cloud layers. Security components are to

be deployed in e-learning applications since the IaaS and SaaS cloud layers are vulnerable

to attacks [4].

A virtualization manager plays an important role in the IaaS layer. However, it might create

security challenges if compromised. Once the virtualization manager is compromised, it

causes security problems in the infrastructure being used by the cloud because the cloud

infrastructure is built on top of virtualization technology, and that is under the control of

the virtualization manager [6].

Security Challenges of Software as a Service (SaaS)

Cloud service architectures provide service architectures that provide more security

features. For instance, the SaaS layer of the cloud takes care of malware detection

through scanning and filtering of content through cloud-based proxies. Some of the

commercial cloud services are also offering enterprise-level security configuration

facilities that can prevent many security attacks, including SQL injection.

Third-party management is the main concern in cloud security. Among the security

concerns are technical issues such as the nonavailability of encrypted communications.

Other security issues are related to the architectural concerns where cloud depends on

the Internet, and that dependence can have inherent security threats since the Internet is

an untrusted network [5]. Cloud security challenges can be related to trust and assurance,

data security, and identity and access management.

The risk of a cloud service provider gaining access to sensitive information of a client

always exists. Cloud service providers can have access to software being deployed in the

cloud to provide software services in pay-per-use fashion. The floating of corporate

architectures and the possibility of social engineering are the other possible security

issues in cloud computing [5].

Security Challenges of Platform as a Service (PaaS)

Platform as a service provides an application development environment that can be used

by cloud application developers across the globe. There are five common challenges that

need to be addressed to improve adaption of the cloud computing service stack: service

life cycle optimization, market and legislative issues, multicloud architectures, adaptive

self-preservation, and dependable sociability [2].

3/5/22, 12:29 PM Data Integrity and Security Issues in Cloud Computing

https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/data-integrity-and-security-issues-in-cloud-computing.html… 3/4

Subashini and Kavitha [6] studied security issues in PaaS. As this service helps

applications developers across the globe to build cloud applications, they are given

freedom to customize features, but those features can lead to security problems. The

usage of web services and the underlying vulnerabilities are a threat to the PaaS layer of

the cloud service stack. The Cloud Security Alliance (2013) reported the top 10 security

challenges, categorized into infrastructure security, data privacy, data management, and

integrity and reactive security. To overcome these issues, many solutions came into

existence. The solutions go toward data integrity in cloud computing. The solutions also

focused on the consistency in the data storage and retrieval. These solutions were

explored in [7], [8], [9], [10], [11], [12] and [13] and [14].

References

[1] Borja, S., Ruben, M., Ignacio, L., & Foster, I. (2007, July 7). An open source solution for

virtual infrastructure management in private and hybrid clouds. IEEE Internet

Computing. Retrieved from http://www.mcs.anl.gov/papers/P1649.pdf

[2] Chen, Z., & Yoon, J. (2010). IT auditing to assure a secure cloud computing. In 2010

6th World Congress on Services (pp. 253-259). IEEE. Retrieved from

http://ieeexplore.ieee.org

[3] Dillon, T., Chen, W., & Chang, E. (2014). Cloud computing: issues and challenges.

In 2010 24th IEEE International Conference on Advanced Information

Networking and Applications. Retrieved from http://ieeexplore.ieee.org

[4] Doelitzscher, F., Sulisto, A., Reich, C., Kuijs, H., & Wokf, D. (2010, July 30). Private

cloud for collaboration and e-learning services: From IaaS to SaaS. Retrieved from

http://wolke.hs-furtwangen.de/assets/downloads/CRL-2010-01.pdf

[5] Dore, P., & Leite, A. (2011). Commentary: Cloud computing — a security problem or

solution? Information Security Technical Report, 16(3–4), 89–96. Retrieved from

http://www.sciencedirect.com/science/article/pii/S1363412711000495

[6] Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery

models of cloud computing. Journal of Network and Computer Applications,

34(1), 1–11. Retrieved from

http://www.sciencedirect.com/science/article/pii/S1084804510001281

[7] Brewer, E. (2012). Pushing the CAP: Strategies for consistency and

availability. Computer, 45(2), 23–29.

3/5/22, 12:29 PM Data Integrity and Security Issues in Cloud Computing

https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/data-integrity-and-security-issues-in-cloud-computing.html… 4/4

[8] Anderson, E., Li, X., Shah, M. A., Tucek, J., & Wylie, J. J. (2010). What consistency does

your key-value store actually provide? In HotDep' 10, Proceedings of the 6th

International Conference on Hot Topics in System Dependability.

[9] Fidge, C. (1988). Timestamps in message-passing systems that preserve the partial

ordering. In Proceedings of the 11th Australian Computer Science Conference,

10(1), 56-66.

[10] Tanenbaum, A., & Van Steen, M. (2002). Distributed systems: Principles and

paradigms. Prentice Hall PTR.

[11] Vogels, W. (2007). Data access patterns in the Amazon.com technology platform.

In Proceedings of the 33rd International Conference on Very Large Data Bases

VLDB ' 07.

[12] Wada, H., Fekete, A., Zhao, L., Lee, K., & Liu, A. (2011). Data consistency properties

and the trade-offs in commercial cloud storages: The consumers' perspective.

In Proceedings of the 5th Biennial Conference on Innovative Data Systems

Research, CIDR '11.

[13] Rahman, M., Golab, W., AuYoung, A., Keeton, K., and Wylie, J. J. (2012). Toward a

principled framework for benchmarking consistency. In HotDep'12, Proceedings

of the Eighth USENIX Conference on Hot Topics in System Dependability.

[14] Liu, Q., Wang, G., & Wu, J. (March 2004). Consistency as a service: Auditing cloud

consistency. IEEE Transactions on Network and Service Management, 11(1), 25–

35.

Licenses and Attributions

Design and Implementation of Audit Cloud for Consistency in Cloud Computing

(https://www.ijsr.net/archive/v4i9/09091502.pdf) by D. Veerabhadraiah and M.

Revathi from International Journal of Science and Research is available under a Creative

Commons Attribution 2.0 Generic

(https://creativecommons.org/licenses/by/2.0/) license. UMGC has modified this work

and it is available under the original license

© 2022 University of Maryland Global Campus

All links to external sites were verified at the time of publication. UMGC is not responsible for the validity or integrity

of information located at external sites.