Security, Privacy, and Digital Forensics in the Cloud

By Lei Chen

In a unique and systematic way, this book discusses the security and privacy aspects of the cloud, and the relevant cloud forensics.

Cloud computing is an emerging yet revolutionary technology that has been changing the way people live and work. However, with the continuous growth of cloud computing and related services, security and privacy has become a critical issue. Written by some of the top experts in the field, this book specifically discusses security and privacy of the cloud, as well as the digital forensics of cloud data, applications, and services. The first half of the book enables readers to have a comprehensive understanding and background of cloud security, which will help them through the digital investigation guidance and recommendations found in the second half of the book.

Part One of Security, Privacy and Digital Forensics in the Cloud covers cloud infrastructure security; confidentiality of data; access control in cloud IaaS; cloud security and privacy management; hacking and countermeasures; risk management and disaster recovery; auditing and compliance; and security as a service (SaaS). Part Two addresses cloud forensics – model, challenges, and approaches; cyberterrorism in the cloud; digital forensic process and model in the cloud; data acquisition; digital evidence management, presentation, and court preparation; analysis of digital evidence; and forensics as a service (FaaS).

• Thoroughly covers both security and privacy of cloud and digital forensics
• Contributions by top researchers from the U.S., the European and other countries, and professionals active in the field of information and network security, digital and computer forensics, and cloud and big data
• Of interest to those focused upon security and implementation, and incident management
• Logical, well-structured, and organized to facilitate comprehension

Security, Privacy and Digital Forensics in the Cloud is an ideal book for advanced undergraduate and master's-level students in information systems, information technology, computer and network forensics, as well as computer science. It can also serve as a good reference book for security professionals, digital forensics practitioners and cloud service providers.

• Language: English
• Publisher: Wiley
• Release date: Feb 5, 2019
• ISBN: 9781119053378

Book preview

List of Contributors

Farzaneh Abazari

School of Computer Engineering, Iran University of Science and Technology, Tehran, Iran

Irfan Ahmed

University of New Orleans, New Orleans, LA, USA

Morteza Analoui

School of Computer Engineering, Iran University of Science and Technology, Tehran, Iran

Nathalie Baracaldo

IBM Almaden Research Center, San Jose, CA, USA

Barry Cartwright

Simon Fraser University, Burnaby, BC, Canada

Paolina Centonze

Iona College, New Rochelle, NY, USA

Lei Chen

Georgia Southern University, Statesboro, GA, USA

Robert Craig

Walworth County Sheriff's Office, Elkhorn, WI, USA

Lucia De Marco

University College Dublin, Dublin, Ireland

Richard Frank

Simon Fraser University, Burnaby, BC, Canada

Frank Ferrese

Electrical and Computer Engineering, Temple University, Philadelphia, PA, USA

Mohammad GhasemiGol

Department of Computer Engineering, University of Birjand, Birjand, Iran

Joseph Glider

SAP Labs, Palo Alto, CA, USA

Jay Iyer

Office of CTO Security Business Group, Cisco Systems, San Jose, CA, USA

Patrick Kamongi

University of North Texas, Denton, TX, USA

M‐Tahar Kechadi

University College Dublin, Dublin, Ireland

Ram Krishnan

University of Texas at San Antonio, San Antonio, TX, USA

Nhien‐An Le‐Khac

University College Dublin, Dublin, Ireland

Michel Mollema

Dutch National High Tech Crime Unit, Driebergen‐Rijsenburg, The Netherlands

Farhan Patwa

University of Texas at San Antonio, San Antonio, TX, USA

James Plunkett

University College Dublin, Dublin, Ireland

Vassil Roussev

University of New Orleans, New Orleans, LA, USA

Steven Ryder

Europol, The Hague, The Netherlands

Ravi Sandhu

University of Texas at San Antonio, San Antonio, TX, USA

Sebastian Schlepphorst

University College Dublin, Dublin, Ireland

Avinash Srinivasan

Computer and Information Sciences, Temple University, Philadelphia, PA, USA

Hassan Takabi

Department of Computer Science and Engineering, University of North Texas, Denton, TX, USA

George R. S. Weir

University of Strathclyde, Glasgow, UK

Lanchuan Xu

Chengdu Railway Public Security Bureau, Chengdu, China

Saman Taghavi Zargar

Office of CTO Security Business Group, Cisco Systems, San Jose, CA, USA

Yun Zhang

University of Texas at San Antonio, San Antonio, TX, USA

Saman Zonouz

Rutgers University, New Brunswick, NJ, USA

Part I

Cloud Security and Privacy

1

Introduction to the Cloud and Fundamental Security and Privacy Issues of the Cloud

Hassan Takabi¹ and Mohammad GhasemiGol²

¹Department of Computer Science and Engineering, University of North Texas, Denton, TX, USA

²Department of Computer Engineering, University of Birjand, Birjand, Iran

1.1 Introduction

Cloud computing is the most popular paradigm in the computer world that provides on‐demand computing and storage capabilities to consumers over the Internet. However, these benefits may result in serious security issues such as data breaches, computation breaches, flooding attacks, etc. On the other hand, the whole IT infrastructure is under the control of the cloud provider, and cloud consumers have to trust the security‐protection mechanisms that are offered by service providers. Therefore, security concerns should be considered to improve the assurance of required security for cloud customers.

The key security constructs in the cloud environment are information, identity, and infrastructure. Cloud information flows into the physical infrastructure from many users across different devices and geographies. The objective of information security is to protect information as well as information systems from unauthorized access, use, disclosure, disruption, modification, or destruction (Winkler 2011). In other words, at the heart of any information security system is the requirement to protect the confidentiality, integrity, and availability of data. It is important to thoroughly understand your organization's security policies in order to implement standards in a cloud environment that will form your security framework (Steiner and Khiabani 2012). Data governance concerns commonly arise in the areas of IP protection, regulatory governance, industry compliance requirements, and data mobility. A consistent set of policies is needed for compliance and governance across cloud platforms that IT may not always control. These policies are required for identifying sensitive information; controlling its transmission, storage, and use in the Cloud; and sharing it among users and devices. These policies must be consistently enforced across private and public clouds, and physical infrastructure. Traditionally, IT has used enterprise identity to control user access and entitlement to a variety of on‐premises information and application assets. This principle must be extended to identities at cloud service providers, controlling what information employees can access in which clouds, from which devices, and in which locations.

This chapter provides an introduction to the Cloud and its fundamental security and privacy issues. We start with a background of cloud computing and security issues in Section 1.2. In Section 1.3, we briefly discuss identity security in cloud computing. Cloud information security issues are investigated in Section 1.4. In Section 1.5, we discuss some cloud security standards. Finally, conclusions are drawn in Section 1.6.

1.2 Cloud Computing and Security Issues

The US National Institute of Standards and Technology ( NIST ) defines cloud computing as follows: "Cloud computing is a model for enabling ubiquitous, convenient, on‐demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models (Mell and Grance 2011)."

NIST defines five major actors: cloud consumer, cloud provider, cloud auditor, cloud broker, and cloud carrier (Hogan et al. 2011):

Cloud consumer – A person or organization that maintains a business relationship with and uses services offered by cloud providers.

Cloud provider – A person, organization, or entity responsible for offering various services to cloud consumers.

Cloud auditor – A party that can conduct independent assessments of cloud services, information system operations, performance, and security of cloud implementations.

Cloud broker – An entity that manages the use, performance, and delivery of cloud services, and negotiates relationships between cloud providers and cloud consumers.

Cloud carrier – The intermediary that provides connectivity and transport of cloud services from cloud providers to cloud consumers.

There are three service‐delivery models and four deployment models in the cloud environment. As shown in Figure 1.1, cloud providers offer Infrastructure‐as‐a‐Service ( IaaS ), Platform‐as‐a‐Service ( PaaS ), and Software‐as‐a‐Service (SaaS) as three fundamental services (Hashizume 2013; Mell and Grance 2011):

Infrastructure‐as‐a‐Service – IaaS is the most basic cloud service model, where cloud providers offer servers, storage, and network, typically in the form of virtual appliances. Consumers can deploy and run any software such as operating systems and applications. IaaS providers are responsible for the underlying infrastructure including housing, running, and maintaining these resources, while consumers are responsible for maintaining the operating system and their applications. Amazon Elastic Compute Cloud (EC2, http://aws.amazon.com/ec2)), Eucalyptus (http://www8.hp.com/us/en/cloud/helion‐eucalyptus.html), and OpenNebula (http://opennebula.org) are some examples of IaaS providers.

Platform‐as‐a‐Service – In PaaS, providers offer environments for developing, deploying, hosting, and testing software applications. Typically, it includes programming languages, databases, libraries, and other development tools. Consumers are not responsible for the underlying infrastructure, operating systems, or storage, but they are responsible for their deployed applications. Examples of PaaS providers include Microsoft Azure (https://azure.microsoft.com/en‐us), Force.com (http://www.force.com), and Google App Engine (https://cloud.google.com/appengine).

Software‐as‐a‐Service – In SaaS, cloud providers offer applications on demand that are hosted on the Cloud and can be accessed through thin clients. Consumers do not manage or control the underlying infrastructure. Some SaaS applications allow limited user‐specific customization. Examples of SaaS providers include Salesforce.com's Customer Relationship Management (CRM, www.salesforce.com) and FreshBooks (www.freshbooks.com).

Image described by caption and surrounding text.

Figure 1.1 Cloud components in the different types of cloud services.

The four cloud deployment models are briefly described as follows (Mell and Grance 2011):

Public cloud – A public cloud is deployed by an organization that offers various services to the general public over the Internet. The infrastructure is owned and managed by the service provider, and it is located in the provider's facilities. Cloud providers are responsible for the installation, management, provisioning, and maintenance of the cloud services. Users' data is stored and processed in the Cloud, which may raise security and privacy issues. It exists on the premises of the cloud provider.

Private cloud – A private cloud is deployed for a single organization and is dedicated entirely to that organization's internal users. The private cloud resides in the organization's facilities; however, it can be hosted and managed by a third‐party provider. The private cloud can be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises, so that data security and availability can be controlled by each of them.

Community cloud – A community cloud is deployed for a specific community of consumers from organizations that share common computing concerns. It may be owned, managed, and operated by one or more of the organization's members, a third party, or some combination of them, and it may exist on or off premises.

Hybrid cloud – This is a combination of the previous types of clouds (private, public, or community) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability. In order to ensure security, an organization should migrate some of its processes to a public cloud while remaining its critical process in‐house.

Several characteristics of cloud computing that are mentioned in the literature are listed next (Hashizume 2013; Kizza and Yang 2014; Mell and Grance 2011):

Accessibility – Cloud services can be accessed from anywhere at any time via browsers or APIs by different client platforms such as laptops, desktops, mobile phones, and tablets. Cloud services are network dependent, so the network (Internet, local area network [LAN], or wide area network [WAN]) has to work in order to access cloud services.

On‐demand, self‐service – Traditionally, acquisition of computing services demanded perpetual ownership of software or computing hardware and sustainable technical support to help with computing services. Those models are being phased out because we have cloud computing as a flexible model: consumers of computing services are no longer restricted to rigid traditional models of ownership or boxed services. Now, a consumer is able to not only automatically provision any computing services and capabilities as needed but also determine the time to begin using provisioned services and how long to use them.

Rapid elasticity – The ability to resize and dynamically scale virtualized computing resources such as servers, processors, operating systems, and others to meet the customer's on‐demand needs is referred to as computing service elasticity. To meet elasticity demands on computing resources, the provider must make sure that there are abundant resources available to ensure that end users' requests are continually and promptly met. Amazon EC2 is a good example of a web service interface that allows the customer to obtain and configure capacity with minimal effort.

Resource pooling – As noted in the NIST report, the provider's computing resources are pooled to serve multiple consumers using a multitenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. These fluctuating and unpredictable customer demands are a result of new cloud computing flexibility, access, and ease of use.

Pay‐as‐you‐go – Depending on the pricing model, customers only pay for the services they consume (computing power, bandwidth, storage, number of users, etc.). Sometimes, services have a flat rate or are free of charge.

Versatility – Cloud computing supports different types of services: IaaS, PaaS, and SaaS. Each service can provide various applications running at the same time.

Shared resources – Cloud resources such as infrastructure, platform, and software are shared among multiple customers (multitenant), which enables unused resources to serve different needs for different customers.

Reliability – Cloud computing supports reliability by adding redundant sites in case an error or attack occurs.

Performance – Application performance can be better in the cloud because computing resources can be assigned to applications when workloads surge. The Cloud can be suitable for data‐intense applications since they require multiple computing resources.

Ubiquitous network access – The recent ubiquitous access to computer networks and services can be attributed to advances in the use of high‐speed Internet and virtualization technology. Advances and development in these technologies have increased the options in the repertoire of computing services a customer can select from. With more options have also come the high degree of specialization and quality of services that customers expect.

Measured service – The increase in the repertoire of services available to users has been enhanced by cloud services' elasticity, flexibility, and on‐demand capabilities, thus allowing for these services to be metered. The concept of metered services allows customers to get the services they want when and for however long they need them. One of the most popular characteristics of cloud computing technology is measured or metered service for most, if not all, cloud services, including storage, processing, bandwidth, and active user accounts. This pick‐what‐you‐can‐afford‐to‐pay‐for principle based on metering results in automatic control and optimization of cloud technology resource use based on the type of service. These statistics can be reported as needed, thus providing transparency for both the provider and consumer.

There are several benefits to adopting cloud computing; however, there are also some significant obstacles to its acceptance. One important issue is security, followed by privacy, standardization, and legal matters. Research in cloud computing security is a new area that is evolving rapidly. Cloud resources are centrally managed, so in theory security should be improved in this type of environment. But security in complex environments is hard to undertake, due to the fact data is stored and processed in unknown places, resources are shared by unrelated users, and other concerns. There are several security challenges that are specific for each delivery model, especially for public cloud adoption. Also, cloud computing inherits security issues from its underlying technologies and presents its own security challenges as well. This makes it even harder to secure the entire system. Most security measures have been developed to mitigate or stop parts of a system, but there is rarely a global security analysis of the complete cloud system (Hashizume 2013).

The following examples illustrate the need for cloud security (Pearson and Yee 2013):

Hackers stole the credentials of Salesforce.com's customers via phishing attacks (2007).

T‐Mobile customers lost data due to the Sidekick disaster of the Microsoft cloud (2009).

A botnet incident at Amazon EC2 infected customers' computers and compromised their privacy (2009).

Hotmail accounts were hacked due to technical flaws in Microsoft software (2010).

Amazon customer services were unavailable for multiple days, and data was lost due to a logical flaw in the cloud storage design (2011).

Numerous research studies address cloud computing security from various perspectives. (Juan Ferrer, 2013). Jansen and Grance organize the key security issues in cloud computing in the following categories: trust, architecture, identity management, software isolation, data protection, and availability (Jansen and Grance 2011). Cloud computing confers the highest level of trust to providers due to the level of insider access available to the provider and other users that share the infrastructure, and also due to providers' lack of transparency about their security practices.

Risk analysis is more important in IaaS due to due to the primary sources of vulnerabilities that exist in the hypervisor and virtual infrastructures, such as leaks of sensitive data through the virtual machines (VMs) and lack of intrusion and detection systems in virtual networking infrastructure. On the other hand, multitenancy is identified as the main source of threats for data protection, and it refers to the cloud characteristic of resource sharing. Jansen and Grance propose data encryption and data sanitization as a means to protect sensitive information. Multitenancy refers to the cloud characteristic of resource sharing. Compliance is also identified as a risk, because there is no way for users to track data location. With regard to availability, they present examples of distributed denial of service (DDoS) attacks and both permanent and temporal outages. They also believe that attacks on the cloud infrastructure will be more difficult to defend against and more common in the future.

Jensen et al. provide an overview of technical security issues of cloud computing environments. They consider diverse technology such as Web Services Security (WS‐Security), Transport Layer Security (TLS), XML Signature, browser security, and integrity and binding issues, such as cloud malware‐injection attacks and metadata‐spoofing attacks based on exploiting Web Services Description Language (WSDL) vulnerabilities (Jensen et al. 2009). They also investigate flooding attacks, described as an attacker sending so many requests to the provider that the result is a denial of service in the provider's hardware. It has to be noted in this case that many public cloud providers already consider this possibility in their architectures by establishing a maximum amount of services a user can request simultaneously (e.g. Amazon Web Services (AWS) specifies that a user cannot launch more than 20 VMs at the same time, and Azure limits non‐identified users to 100 operations per user per day). As enterprises move their computing environments with their identities, information, and infrastructure to the Cloud, they must be willing to give up some level of control.

Grobauer et al. investigate the specific vulnerabilities that are applicable in cloud computing and inherent to its essential characteristics including unauthorized access to management interfaces, Internet protocol vulnerabilities, data‐recovery vulnerability, and metering and billing evasion (Grobauer et al. 2011).

Subashini and Kavitha elaborate on the various security issues of cloud computing due to its service‐delivery models (Subashini and Kavitha 2011). Their work contains a very detailed analysis of SaaS; PaaS and IaaS are analyzed with a lower level of detail. On the other hand, cloud security can be analyzed at three levels: identity security, information security, and infrastructure security (Dokras et al. 2009; Tianfield 2012):

Identity security – Identity security proposes end‐to‐end identity management, third‐party authentication services, and federated identities in order to preserve integrity and confidentiality of data and applications while making access readily available to appropriate users. Identity security requires strong authentication and more granular authorization.

Information security – Data needs its own security that travels with it and protects it while it's in transit and in the Cloud, by means of encryption techniques to protect data privacy and legal compliance. Sensitive data in the Cloud will require granular security, maintained consistently throughout the data lifecycle. Information security requires data isolation, more granular data security, consistent data security, effective data classification, information rights management, and governance and compliance.

Infrastructure security – Infrastructure security includes securing not only the physical machines, but also storage area networks (SANs) and other hardware devices. It also considers securing and monitoring intangibles such as networks, end points, traffic flowing among computers, and software firewalls, to detect unauthorized users or employees. Infrastructure security requires inherent component‐level security, more granular interface security, and resource lifecycle management.

1.3 Identity Security in the Cloud

End‐to‐end identity management, third‐party authentication services, and federated identity are key elements of cloud security. Identity security preserves the integrity and confidentiality of data and applications while making access readily available to appropriate users. Support for these identity‐management capabilities for both users and infrastructure components is a major requirement for cloud computing, and identity must be managed in ways that build trust. The following are required (Dokras et al. 2009):

Strong authentication – Cloud computing must move beyond weak username‐and‐password authentication if it is going to support the enterprise. This means adopting techniques and technologies that are already standard in enterprise IT, such as strong authentication (multifactor authentication with one‐time password technology), federation within and across enterprises, and risk‐based authentication that measures behavior history, current context, and other factors to assess the risk level of a user request. Additional tiering of authentication is essential to meet security service‐level agreements (SLAs), and utilizing a risk‐based authentication model that is largely transparent to users will reduce the need for broader federation of access controls.

More granular authorization – Authorization can be coarse‐grained within an enterprise or even a private cloud. But in order to handle sensitive data and compliance requirements, public clouds need granular authorization capabilities (such as role‐based controls and information rights management [IRM]) that can be persistent throughout the cloud infrastructure and the data's lifecycle.

1.4 Information Security in the Cloud

SysAdmin, Audit, Network, Security (SANS) defines information security as processes and methodologies that are intended to protect sensitive information or data from unauthorized access, disclosure, modification, or use (https://www.sans.org/information‐security). The form of the protected data or information can be electronic, printed, or other forms (Putri 2011). Information security encompasses security attributes such as the following:

Confidentiality– This attribute is concerned with protecting sensitive information from unauthorized disclosure.

Integrity– This attribute is concerned with accuracy, completeness, and validity of information in regard to business requirement and expectations.

Availability– This attribute is concerned with information being operational and accessible whenever it is required by the business process, now as well as in the future. Further, the information must be inaccessible to unauthorized users.

Accountability– This attribute is concerned with from responsibility. An organization is obligated to be answerable for its actions (Ko et al. 2011a).

Nonrepudiation– This attribute is concerned with the ability to prevent users from denying responsibility for the actions they performed.

Security in general is related to the important aspects of confidentiality, integrity, and availability; they thus are building blocks to be used in designing secure systems. These important aspects of security apply to the three broad categories of assets that need to be secured: data, software, and hardware resources. The cloud infrastructure presents unique security challenges that need to be considered in detail.

1.4.1 Confidentiality

Confidentiality refers to only authorized parties or systems having the ability to access protected data. The threat of data compromise increases in the Cloud, due to the greater number of parties, devices, and applications involved, which leads to an increase in the number of points of access. Delegating data control to the Cloud inversely leads to an increase in the risk of data compromise, because the data becomes accessible to more parties. A number of concerns emerge regarding the issues of multitenancy, data remanence, application security, and privacy. Several aspects of the information system (IS) are shared, including memory, programs, networks, and data. Cloud computing is based on a business model in which resources are shared (i.e. multiple users use the same resource) at the network level, host level, and application level. Although users are isolated at a virtual level, hardware is not separated. With a multitenant architecture, a software application is designed to virtually partition its data and configuration so that each client organization works with a customized virtual application instance.

Multitenancy is similar to multitasking in operating systems. In computing, multitasking is a method by which multiple tasks, also known as processes, share common processing resources such as a CPU. Multitenancy, like multitasking, presents a number of privacy and confidentiality threats. Object reusability is an important characteristic of cloud infrastructures, but reusable objects must be carefully controlled lest they create a serious vulnerability. Data confidentiality could be breached unintentionally, due to data remanence. Data remanence is the residual representation of data that has been in some way nominally erased or removed. Due to virtual separation of logical drives and lack of hardware separation between multiple users on a single platform, data remanence may lead to the unintentional disclosure of private data. But in addition, a malicious user may claim a large amount of disk space and then scavenge for sensitive data. Data confidentiality in the Cloud is correlated to user authentication. Protecting a user's account from theft is an instance of a larger problem of controlling access to objects, including memory, devices, software, etc. Electronic authentication is the process of establishing confidence in user identities that are electronically presented to an information system. Lack of strong authentication can lead to unauthorized access to users account on a cloud, leading to a breach in privacy.

Software confidentiality is as important as data confidentiality to overall system security. It refers to trusting that specific applications or processes will maintain and handle the user's personal data in a secure manner. In a cloud environment, the user is required to delegate trust to applications provided by the organization owning the infrastructure. Software applications interacting with the user's data must be certified not to introduce additional confidentiality and privacy risks. Unauthorized access can become possible through the exploitation of an application vulnerability or lack of strong identification, bringing up issues of data confidentiality and privacy.

In addition, the cloud provider is responsible for providing secure cloud instances, which should ensure users' privacy. Privacy refers to the desire of a person to control the disclosure of personal information. Organizations dealing with personal data are required to obey to a country's legal framework that ensures appropriate privacy and confidentiality protection. The Cloud presents a number of legal challenges regarding privacy issues related to data stored in multiple locations in the Cloud, which additionally increases the risk of confidentiality and privacy breaches. Instead of data being stored on the company's servers, data is stored on the service provider's servers, which could be in Europe, Asia, or anywhere else. This tenet of cloud computing conflicts with various legal requirements, such as European laws that require that an organization know where the personal data in its possession is at all times (Zissis and Lekkas 2012).

1.4.2 Integrity

A key aspect of information security is integrity. Integrity means that assets can be modified only by authorized parties or in authorized ways and refers to data, software, and hardware. Data integrity refers to protecting data from unauthorized deletion, modification, or fabrication. Managing an entity's admittance and rights to specific enterprise resources ensures that valuable data and services are not abused, misappropriated, or stolen. By preventing unauthorized access, organizations can achieve greater confidence in data and system integrity. Additionally, such mechanisms offer greater visibility into determining who or what may have altered data or system information, potentially affecting their integrity (accountability). Authorization is the mechanism by which a system determines what level of access a particular authenticated user should have to secure resources controlled by the system. Due to the increased number of entities and access points in a cloud environment, authorization is crucial for assuring that only authorized entities can interact with data.

A cloud computing provider is trusted to maintain data integrity and accuracy. The cloud model presents a number of threats, including sophisticated insider attacks on these data attributes. Software integrity refers to protecting software from unauthorized deletion, modification, theft, or fabrication. Deletion, modification, or fabrication can be intentional or unintentional. For instance, a disgruntled employee may intentionally modify a program to fail when certain conditions are met or when a certain time is reached. Cloud computing providers implement a set of software interfaces or application programming interfaces (APIs) that customers use to manage and interact with cloud services. In addition to the previously mentioned threats, the security of cloud services depends heavily on the security of these interfaces, because an unauthorized user gaining control of them could alter, delete, or fabricate user data. In the Cloud, responsibility for the protection of the software's integrity is transferred to the software's owner or administrator. Hardware and network integrity is an additional issue that needs to be addressed by cloud providers, because they are burdened with protecting the underlying hardware from theft, modification, and fabrication (Zissis and Lekkas 2012).

1.4.3 Availability

Availability refers to the property of a system being accessible and usable upon demand by an authorized entity. System availability includes a system's ability to carry on operations even when authorities misbehave. The system must be able to continue operations even in the event of a security breach. Availability refers to data, software, and hardware being available to authorized users upon demand. There is a heavy reliance on the ubiquitous network's availability when users can access hardware infrastructure on demand. The network is now burdened with data retrieval and processing. Cloud computing services place a heavy reliance on the resource infrastructure and network availability at all times.

1.4.4 Accountability

The concept of accountability is present in finance and public governance, and is becoming more integrated into business regulatory programs as well as emerging privacy and data‐protection frameworks globally. Accountability can decrease regulatory complexity in global business environments, which is especially helpful in the European Union (EU) due to the complex matrix of national laws that makes compliance with data‐protection legislation especially difficult. Further, as the scale of data in the Cloud increases, data processing becomes more sophisticated, and cloud supply chains become more complex, the need for a coherent approach that works from the end user throughout the supply chain and that integrates the legal and regulatory dimensions effectively and efficiently becomes even more pressing (Pearson et al. 2012).

Academics and practitioners have different views and interpretations of the accountability concept. For example, accountability in computer science has been referred to as a limited and imprecise requirement that is met via reporting and auditing mechanisms (Cederquist et al. 2005; Doelitzscher 2014); while Yao et al. consider accountability a way of making the system accountable and trustworthy by a combination of mechanisms (Yao et al. 2010). Muppala et al. refer to accountability as the adherence to accepting ownership and responsibility toward all actions in a standardized way, as regulated by an acknowledged organization such as the Organization for Economic Cooperation and Development (OECD), which published privacy guidelines in 1980 (Muppala et al. 2012). And Ko et al. consider accountability as only one component of trust in cloud computing (Ko et al. 2011b, pp. 432 – 444).

In addition, the Centre for Information Policy Leadership identifies accountability in relation to privacy as the acceptance of responsibility for personal information protection. An accountable organization must have in place appropriate policies and procedures that promote good practices which, taken as a whole, constitute a privacy management program. The outcome is a demonstrable capacity to comply, at a minimum, with applicable privacy laws. Done properly, it should promote trust and confidence on the part of consumers, and thereby enhance competitive and reputational advantages for organizations (https://www.priv.gc.ca/media/2102/gl_acc_201204_e.pdf; Al‐Rashdi et al. 2015).

Castelluccia et al. believe accountability offers three capabilities (Castelluccia et al. 2011):

Validation – It allows users to verify at a later time whether the system has performed data processing as expected.

Attribution – In case of a fault, users can assign responsibility.

Evidence – It can produce evidence that can be used to convince a third party when a dispute arises.

Accountability is often confused with fault tolerance or responsibility. Fault tolerance is defined as the ability of a system to respond gracefully to an unexpected hardware or software failure. What makes accountability different from fault tolerance is that it does not attempt to mask faults, but it provides evidence and may detect arbitrary faults (Kamel 2010).

Customers of an accountable cloud can check whether the cloud is performing as agreed. If a problem occurs, the customer and the provider can use the evidence to decide who is responsible; and, if a dispute arises, they can present the evidence to a third party, such as an arbitrator or a judge. However, existing accountability techniques fall short of the requirements for cloud computing in several ways. Since clouds are general‐purpose platforms, the provider should be able to offer accountability for any service customers may choose to run; this rules out application‐specific techniques like Certified Accountable Tamper‐evident Storage (CATS) and Repeat and Compare (Michalakis et al. 2007; Yumerefendi and Chase 2007). On the other hand, an application‐independent technique such as PeerReview (Haeberlen et al. 2007) requires software modifications and assumes that the behavior of the software is deterministic, neither of which seems realistic in a cloud computing scenario. Finally, even if these limitations are overcome, these techniques can only detect violations of a single property (correctness of execution); they were not designed to check other properties of interest in the Cloud, such as conformance to SLAs, protection of confidential data, data durability, service availability, and so on (Haeberlen 2010).

1.4.5 Nonrepudiation

Nonrepudiation means ensuring that a traceable legal record is kept and is not changed by a malicious entity. A loss of nonrepudiation would result in the questioning of a transaction that occurred. A simple example of nonrepudiation is signing a contract. The signer cannot claim they did not agree to a contract, because there is evidence that they did agree. The difference is that a signature can be forged, but good encryption cannot.

Repudiating interactions (mainly during transmission of data or on storage) is often counteracted by preventing authorized access in the first place. Techniques are therefore often used to address access‐control requirements and are classified as such. Among others, they include the exchange of public keys (PKI), certificates, or (proxy) signatures. The SaaS Application Security model for Decentralized Information Flow Control (DIFC, or SAS‐DIFC) as proposed in (Tingting and Yong 2013), aims to guarantee information security in SaaS applications. Trusted code in this approach controls the dissemination of private data, so that the right user at the right location will receive what belongs to them. It also offers monitoring mechanisms for user‐aware monitoring. Denying another user access to private data that is currently being accessed or transmitted is an issue of guaranteeing integrity and privacy, which research papers connect to nonrepudiation in their proposals of solutions (Höner 2013). Kumar and Subramanian say that a homomorphic distribution verification protocol (classified under Integrity) enforces nonrepudiation implicitly (Kumar and Subramanian 2011).

1.4.6 Key Considerations in Information Security

The key considerations identified in this section for protecting information in cloud deployments are as follows:

Understanding provider security practices and controls is essential for public and community cloud offerings.

Encryption and digital signatures are the primary means of confidentiality and integrity protection for data stored or transmitted in a public or community cloud.

Without appropriate protections, data may be vulnerable while being processed in a public or community cloud.

Deleted data may remain in persistent storage when the storage is released back to the cloud vendor as a shared, multitenant resource.

Existing internal applications may need analysis and enhancement to operate securely in a public or community cloud.

Data replication provided by a cloud provider is not a substitute for backing up to another independent provider or out of the Cloud.

Privacy protection responsibilities should be reviewed if considering moving personally identifiable information (PII) to the Cloud.

Cloud identity and access management (IdAM) capabilities vary widely. Integration of cloud and enterprise IdAM mechanisms may be challenging.

1.4.7 Information Security Analysis in Some Clouds

In this section, Amazon AWS, Force.com, Google App Engine, GoGrid, Rackspace, and Microsoft Azure are compared regarding information security concerns (Mietto and Vitorino 2010):

Amazon AWS – As part of normal operation, data stored in Amazon Elastic Block Store (EBS), Amazon S3, or Amazon SimpleDB is redundantly stored in multiple physical locations. On the initial write, by storing objects multiple times across multiple availability zones, Amazon S3 and Amazon SimpleDB provide object durability. In the event of device unavailability or detected bit rot, further replication is actively done. AWS procedures include a decommissioning process when a storage device has reached the end of its useful life. The process is designed to prevent customer data from being exposed to unauthorized individuals. As part of the decommissioning process, AWS uses the techniques detailed in U.S. Department of Defense (DoD) 5220.22‐M (U.S. Department of Defense 1995) or NIST 800‐88 (Kissel et al. 2006) to destroy data. In accordance with industry‐standard practices, a hardware device is degaussed or physically destroyed if the device cannot be decommissioned.

Force.com –Force.com guarantees that customer data is protected with physical security, application security, user authentication, and data encryption. It also ensures the latest standard‐setting security practices and certifications, including ISO 27001, Sarbanes‐Oxley Act (SOX), SysTrust certifications, protection from third‐party vulnerabilities, and world‐class security specification SAS 70 Type II. It provides secure point‐to‐point data replication for data backups: backup tapes for customer data never leave provider facilities – no tapes are ever in transport. Salesforce.com uses 1024‐bit Rivest–Shamir–Adleman (RSA) public keys and 128‐bit Verisign Secure Sockets Layer (SSL) certification to ensure that the strongest encryption products protect customer data and communications. The lock icon in the browser indicates that data is fully shielded from access while in transit. Using Redundant Array of Independent Disks (RAID) and multiple data paths, customer data is stored on carrier‐class disk storage. On a nightly basis, all customer data is automatically backed up to a primary tape library, up to the last committed transaction. On a regular basis, to guarantee their integrity, backup tapes are cloned and moved to fire‐resistant, secure, off‐site storage.

Google App Engine – A distributed NoSQL data‐storage service is provided by App Engine with transactions and a query engine. The distributed datastore grows with data just as a distributed web server grows with traffic. Two different data‐storage options are available for customers and are differentiated by their availability and consistency guarantees. The App Engine datastore is not like a traditional relational database. Here, data objects, or entities, have a set of properties; using these properties, queries can retrieve entities of a given kind, filtered and sorted. Any of the supported property value types can be property values. Datastore entities are schemaless, and data entity structures are enforced and provided by customers' application code. The datastore uses optimistic concurrency control and is strongly consistent. If other processes are trying to update the same entity simultaneously, an entity update occurs in a transaction that is retried a fixed number of times. To ensure the integrity of customer data, the customer application can execute multiple datastore operations in a single transaction, which either all fail or all succeed. Using entity groups, transactions are implemented across the distributed network. Entities are manipulated through a transaction within a single group. For efficient execution of transactions, the same group's entities are stored together. When the entities are created, the application can assign them to groups. In case of errors or system failure, Google can recover data and restore accounts, because it keeps multiple backup copies of customers' content. When a customer asks to delete messages and content, Google makes a reasonable effort to remove deleted information from its systems as quickly as is practicable (Zahariev 2009).

GoGrid – GoGrid offers disaster‐recovery and backup solutions, including i365 EVault SaaS for online data protection. For small and medium‐sized businesses, a cost‐effective recovery and backup solution is EVault SaaS. It provides efficient, reliable, secure protection of an organization's critical data through the Internet. It automatically backs up server, desktop, and laptop data from across the customer's organization. The customer can configure the retention schedule and monitor backups using a web browser. Customer data is reduplicated, compressed, encrypted, and then transmitted to a vault in one of i365's top‐tier data centers.

Rackspace – For secure collaboration, disaster recovery, and data access, Rackspace provides Cloud Drive. Cloud Drive automatically backs up any file type or file size, with no restrictions. Here, files are kept secure using admin‐controlled keys and Advanced Encryption Standard (AES‐256) encryption.

Microsoft Azure – To minimize the impact of hardware failures, Microsoft Azure replicates data within the Azure Storage Fabric to three separate nodes. Microsoft Azure Storage Fabric is used as the main data management channel to provide unlimited storage capacity that is highly optimized for storing data within the recovery points of the data source (Maturana et al. 2014). By creating a second storage account to provide hot‐failover capability, customers can leverage the geographically distributed nature of the Microsoft Azure infrastructure. To synchronize and replicate data between Microsoft facilities, customers can create custom roles. Customers can also create customized roles to extract data from storage for off‐site private backups. Strict hardware‐disposal processes and data‐handling procedures are followed by Microsoft operational personnel after a system's end of life. Assets are classified to determine the strength of security controls to apply. To determine the required protections, a defense‐in‐depth approach is taken. For example, when data assets reside on removable media or are involved in external network transfers, they fall into the moderate impact category and are subject to encryption requirements. High‐impact data, in addition to those requirements, is also subject to encryption requirements for network transfers, storage, and the internal system. The Security Development Lifecycle (SDL) cryptographic standards list the acceptable and unacceptable cryptographic algorithms, and all Microsoft products must meet those standards. For example, symmetric encryption is required for keys longer than 128 bits. When using asymmetric algorithms, keys of 2048 bits or longer are required (Calder et al. 2011).

1.5 Cloud Security Standards

Although some security requirements may be unique to the cloud implementation, it is important that requirements for cloud security are consistent with appropriate standards, such as International Organization for Standardization (ISO) 27001 and ISO 27002, if you are to leverage a large body of practical experience, best practices, and reviews. Further, all aspects of security should be captured in a cloud security policy, which is best developed as a formal document that has the complete approval and blessing of management. A security policy should be seen as the foundation from which all security requirements derive. It should not detail technical or architectural approaches (as these may change more frequently than the policy); rather, the policy should set forth the underlying requirements from an organizational or business standpoint. For instance, the security policy should explain the need for using standards‐based encryption via a formally evaluated commercial product, rather than spelling out the use of Transport Layer Security, Secure Sockets Layer, or another specific means of communication security (Winkler 2011).

The security standards and regulatory organizations that have the most direct effect on cloud computing security are PCI DSS, FISMA, and HIPAA (Kajiyama 2013):

The Payment Card Industry Data Security Standard(PCI DSS) provides a framework for cloud providers to host applications that require a robust payment card data security process (https://www.pcisecuritystandards.org/documents/PCI_DSS_v3‐2‐1.pdf). By choosing a PCI DSS‐compliant cloud provider, developers can easily build applications with a secure credit card payment system without using a third‐party merchant account provider. PCI DSS is a worldwide information security standard that applies to organizations that hold, process, or exchange cardholder information. Cardholder data includes the primary account number, expiration date, name as it appears on the card, card verification value (CVV), CVV2, and magnetic stripe. This standard helps prevent credit card fraud through increased controls around data and its exposure to compromise. PCI DSS includes requirements for security management, policies, procedures, network architecture, and software design. PCI DSS compliance includes a self‐assessment questionnaire (PCI DSS SAQ) that acts as a validation tool. The SAQ includes a series of yes‐or‐no questions about security posture and practices and depends on the business scenario. The PCI Security Standards Council published new guidelines regarding the PCI DSS Virtualization section to provide guidance on the use of virtualization in accordance with the PCI DSS (https://www.pcisecuritystandards.org/documents/Virtualization_InfoSupp_v2.pdf). They explain how PCI DSS applies to virtual environments, including evaluating the risks of a virtualized environment, implementing additional physical access controls for host systems and securing access, isolating security processes that could put card data at risk, and identifying which virtualized elements should be considered in scope for the purposes of PCI compliance.

The Federal Information Security Management Act(FISMA) requires federal agencies to develop, document, and implement an agency‐wide program to provide information security for the information and information systems (https://csrc.nist.gov/csrc/media/publications/sp/800‐53/rev‐4/archive/2013‐04‐30/documents/sp800‐53‐rev4‐ipd.pdf). FISMA‐accredited cloud providers auto‐comply with the regulations that federal agencies are required to follow for data security.

The Health Insurance Portability and Accountability Act (HIPAA) requires every healthcare provider and organization that handles protected healthcare information (PHI) to adhere to strict information security guidelines that assure the protection of patient privacy. Even though HIPAA does not directly impose these guidelines on cloud providers, if a company chooses to store protected healthcare information in the Cloud, the service provider must either be HIPAA compliant or provide secure infrastructure and policies that satisfy the HIPAA standards and requirements. Sometimes the standard also describes technical security measures that can be implemented to reach security objectives (implement a firewall, encrypt network traffic, have locks on doors, etc.).

The Cloud Security AllianceCloud Controls Matrix(CSACCM) is a list of controls collected from a range of different international Information Security Management System (ISMS) standards, such as ISO 27001, PCI DSS, SOC 2, and others. In this way, the CCM provides a framework for showing compliance to a range of different standards.

Service Organization Control2 (SOC2) is a predefined set of security and privacy requirements. A SOC 2 report can be used to provide customers an overview of security and privacy measures in place.

The Tier standard is a set of requirements for security, protection, and resilience measures for data centers. A Tier 1, 2, or 3 certification can provide customers the assurance that the data center in question is resilient in the face of attacks or disasters.

Information Technology Infrastructure Library(ITIL) is a standard for managing service delivery. By asserting compliance to ITIL, the provider can assure the customer that service‐delivery processes are set up in a structured and predictable way.

Safe Harbor is a streamlined process for U.S. companies to comply with EU Directive 95/46/EC on the protection of personal data. Intended for organizations within the EU or U.S. that store customer data, the Safe Harbor Principles are designed to prevent accidental information disclosure or loss. U.S. companies can opt into the program as long as they adhere to the seven principles outlined in the Directive. The process was developed by the U.S. Department of Commerce in consultation with the EU.

SAS 70 is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA) (http://sas70.com/sas70_overview.html). Service organizations or service providers must demonstrate that they have adequate controls in place when they host or process data belonging to their customers. SAS 70 certifies that a service organization has had an in‐depth audit of its controls (including control objectives and control activities). SSAE 16 effectively replaced SAS