Introduction
There is a lot of talk and debate about cloud computing technology from the time of Web 2.0. it is one of the technologies that has been lauded to be cost-saver. Although this is the case, there is still some laxity with the implementation of cloud computing by most companies. This is because there are still security issues and vulnerabilities that are associated with cloud computing. Cloud computing is vulnerable to attacks just like any other technology. Most companies prefer to secure their resources and assets than let them reside in the cloud (Latif, Abbas, Assar, & Ali, 2014).
Cloud vulnerabilities and threats
There are a lot of connections that are seen to be there with the cloud. This is what makes cloud computing to have a lot of vulnerabilities. One of the vulnerabilities of cloud computing is loss of data due to leakage. This is because data is in the cloud and there are no mechanisms that the owner of the data can do to protect the data from being lost (Zissis, & Lekkas, 2012). The organization that owns the data has no control of the data. There are data protection solutions that have been developed in the market which offer the solution of availability. They are meant to offer availability, and integrity of the data. They do not insure against the loss of data (Bamiah, & Brohi, 2011).
There is another vulnerability that is the insecurity of the application programming interfaces. These are the interfaces that are used by data owners to interact with the cloud. In most of the times, these interfaces are not secure. The security of the cloud computing infrastructure will depend on the security of the APIs. There are security concerns of the use of APIs. Some of these include use of weak passwords, clear-text authentication mechanisms, access control that is not flexible are all issues that could arise with the interaction of APIs (Grobauer, Walloschek, & Stocker, 2011).
Hijacking is a threat that is common and is the responsibility of both the data owner and the cloud service provider. it is important to protect data that is used for accessing the cloud service. This is a threat that is obtained from cyber crime and threats. It is the responsibility of the service provider to ensure that the data and credentials of the data owner is secured and safe. It is also the responsibility of the data owner to ensure that the credentials that they use to access is safe and hard to access. This is done by changing the credentials regularly (Dahbur et al., 2011).
There are also insider threats that are possible with public and private clouds. This is because when data is presented to the cloud service provider, there is no control of who has access to the data in the cloud. It is important to understand the mechanisms that are provided by the cloud service provider. when data is within the confines of an organization, it will be easy to manage security of the data because employees will be screened to assess the people who might have accessed the data for malicious purposes. With the use of cloud computing, it will be hard to understand and know who has access to the data and will be harder to know who has caused some attack in case it occurs (Subashini, & Kavitha, 2011).
Cloud attacks have not been rampant because cloud computing have not been adopted extensively. The attacks that are seen with the use of cloud computing come from loss of data and integrity issues. They arise because of the vulnerabilities which have been stated and mentioned in the paper (Younis, & Kifayat, 2013).
References
Bamiah, M. A., & Brohi, S. N. (2011). Seven deadly threats and vulnerabilities in cloud computing. International Journal of Advanced Engineering Sciences and Technologies, Vol,(9).
Dahbur, K., Mohammad, B., & Tarakji, A. B. (2011, April). A survey of risks, threats and vulnerabilities in cloud computing. In Proceedings of the 2011 International conference on intelligent semantic Web-services and applications(p. 12). ACM.
Grobauer, B., Walloschek, T., & Stocker, E. (2011). Understanding cloud computing vulnerabilities. Security & privacy, IEEE, 9(2), 50-57.
Latif, R., Abbas, H., Assar, S., & Ali, Q. (2014). Cloud Computing Risk Assessment: A Systematic Literature Review. In Future Information Technology(pp. 285-295). Springer Berlin Heidelberg.
Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34(1), 1-11.
Younis, M. Y. A., & Kifayat, K. (2013). Secure cloud computing for critical infrastructure: A survey. Liverpool John Moores University, United Kingdom, Tech. Rep.
Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation Computer Systems, 28(3), 583-592.
