1) need to collect data from different peer reviewed articles .
Total 10 pages needed of work needed
We need to do data analysis using Collected data for future scope using deedose
-
WhatsAppImage2022-11-28at10.47.54PM.jpeg
-
SameerfinalproposalZipFile1.zip
Sameerfinalproposal.docx
1
Data Security in Cloud Services
Submitted by
Sameer Kumar Prajapat
Judson University
Elgin, Illinois
Abstract
The main goal of this research paper is to explore the current state of data security systems in the cloud service industry. The research proposal will also analyze the ability of the current systems to combat the ever-evolving threats in the industry. The dissertation will collect data from literary sources that focus on cloud security systems to learn more. The primary research methodology for the dissertation will be a thematic analysis. The proposal will analyze the data collected through a comprehensive thematic analysis that will group the data into three main categories: the current data security threats, the current security framework & the future data security threats. This knowledge will be used to understand the current state of data security, the expected future threats, and the avenues of evolution necessary to combat the same. The research team will use purposive sampling to ensure that the research is conducted on relevant literary sources. The data sourcing, extraction, and indexing processes will be handled professionally to eliminate bias and preferences. The proposal wishes to arrive at a valid and reliable result that provides a complete overview of the current cloud data security domain. In addition to the thematic analysis, the research study also provides a brief overview of the current literature about the topic through an insightful literature review. The research proposal also provides a brief overview of the limitations and ethical considerations that might affect the dissertation process.
Table of Contents Abstract 2 Chapter 1: Introduction 5 Background 5 Problem Statement and Significance 6 Theoretical Framework 7 Researcher’s Positionality 10 Purpose 11 Research Question(s) 11 Significance 11 Definitions 12 Summary 12 Chapter 2: Literature Review 14 Data security procedures in the cloud services field 15 Encryption of data in transition end to end. 15 Encryption of important data at rest 15 Vulnerability testing 15 Defined and enforce data deleting policy 16 User –level data security 16 Theoretical Foundation 16 Review of Literature 17 Cloud Data security efficiency 18 Rate of evolution of data security issues 18 Impact of the cloud security to industries 18 Assumption Surrounding Cloud Data security 19 Data Security 19 Growth of Cloud Services 20 Security Evolution 21 Gaps in Literature 23 Conclusion 24 Chapter 3: Methodology 25 Introduction 25 Statement of the Problem 26 Research Question(s) 26 Research Methodology 26 Research Design 27 Study Population and Sample Selection 28 Data Collection Methods 28 Data Analysis and Procedures 30 Validity & Reliability 30 Ethical Considerations 31 Limitations 32 Summary 32 References 34
Chapter 1: Introduction
Background
Cloud services have gained a lot of popularity in the current technological era. With the rapid increase in digital adoption, even small and medium organizations are looking to improve their efficiency and revenue through cloud-based services. Rather than a physical on-site server, cloud services are made available via a remote cloud computing system (Zhe et al., 2017). In today’s business environment, cloud service providers can be seen as third-party suppliers who help organizations run critical services through their remote cloud servers. This makes cloud services less costly to operate and maintain in the longer run. It is also one of the main reasons organizations are moving towards cloud-based organizational frameworks. Cloud services also provide several other benefits to both the organizations and the consumers. Therefore, cloud services have gained wide recognition among organizations as a desirable addition to the present IT infrastructure (Zhe et al., 2017).
It is essential to understand that cloud services also have several disadvantages, and these disadvantages limit the widespread use of cloud services and the growth of cloud services within organizations. One of the major problems with cloud services is that it is not secure. As mentioned earlier, cloud services are not run from a cloud computing service that is on-site. Therefore, there are several data security risks associated with cloud services. A typical cloud provider does not hold the necessary access keys (Zhe et al., 2017). If an organization does not have a strong user identity, an attacker will compromise the entire organization. Moreover, there is a very high risk that employees and non-technical workers may be left behind when a cloud service is shut down. Therefore, if a cloud service is being disrupted, security is compromised for many organizations (Zhe et al., 2017).
With the increasing demand for digitization, we can see that cloud services will play a significant part in organizations (Shaikh&Modak, 2017). Therefore, it is critical to ensure that the data security risks associated with cloud services need to be addressed and mitigated efficiently. We can see several cloud service providers work towards improving their security practices through user audits and peer reviews and by addressing data breach mitigation techniques and strategies (Shaikh&Modak, 2017). However, most of them could be considered stop-gap measures and not permanent solutions. Since technology is constantly evolving, the nature of threats for the field is also constantly changing. Therefore, it is crucial to thoroughly understand the security risks and look for ways to enable a sustainable data security solution for cloud services (Shaikh&Modak, 2017).
Problem Statement and Significance
The rapid increase in digitization and the popularity of cloud computing systems have led to most organizations looking at creating a cloud-based operational framework. This combination makes the organizations more susceptible to data security risks (Kumar et al., 2018). The responsibility of mitigating these risks and keeping the organizations’ safe falls on the hands of the third-party cloud suppliers. Therefore, these data security risks impact the end organizations and the third-party cloud suppliers. With the increase in cloud service users, they will find it hard to manage cloud systems and mitigate risks immediately. It is also important to note that the data security risks that threaten cloud services vary. This creates a significant problem for cloud service providers (Kumar et al., 2018).
An evaluation of current and future threats against cloud services is a challenge for cloud providers and companies within the industry. This research proposal will explore the current data security risks and analyze the security systems that third-party cloud suppliers have in place to understand the current cloud service environment comprehensively. This will help create sustainable solutions to combat the data security risks and issues (Kumar et al., 2018). With this understanding, cloud service providers will be able to reduce the financial risks and help with data security issues, protect their customers and help solve the data security issues of their cloud-based data services. Another important goal of the dissertation is to learn about the new data security threats emerging in the cloud service sector. The challenge highlighted will be experienced as more organization moves their data to the cloud, demanding a better management model to counter it. Therefore, the research proposal will be focused on understanding and evaluating both the current and emerging threats that threaten the data security of cloud services (Kumar et al., 2018). To ensure that the dissertation is focused, the same will be centered upon answering three essential research questions mentioned below.
R1: What are the current data security issues and risks that threaten an organization’s cloud services?
R2: What are the predicted future trends for the data security issues in organizations?
R3: How can current cloud data security be made more efficient to facilitate tighter data security in organizations?
Theoretical Framework
Cloud services refer to services provided through remote cloud servers that third-party service providers set up. Cloud services have started to gain prominence because of their ability to increase organizational efficiency at minimal costs. Many cloud services are designed around remote storage, which reduces infrastructure and administration costs (Udendhran, 2017). The cloud market provides several potential cloud services, including file sharing and data management/analysis. These cloud services are highly beneficial for organizations from all sectors because they can scale without the burden of enormous costs. Cloud services also enable organizations to study, manage and analyze large data sets without having their servers or data centers. Data centers are expensive as they have higher operational and service costs when compared to cloud computing systems (Udendhran, 2017).
With the help of cloud services, organizations can manage complex business operations, including business logic, risk management, data recovery, and transaction management. We can also clearly see that some new technological advancements and innovations are helping the cloud computing field proliferate (Udendhran, 2017). While this is beneficial for organizations, this rapid growth also increases data security risks. Data security is an integral part of both enterprise and corporate security. Data security at an organizational level can be mitigated and eliminated with the help of solid encryption technologies or security protocols. However, these systems have little effect on cloud data security as the threats are highly varied (Udendhran, 2017).
Cloud data security has been a cause for concern for many years, and there have been several developments in this regard. Cloud service providers have created various measures to ensure the security of the data. Data protection systems are also deployed and maintained within the cloud and the organizational end by several technologies (Udendhran, 2017).For instance, companies have made it mandatory for IT staff to download and use encryption software before passing on crucial data to users.It is also essential to understand what role machine learning can play in incorporating cloud storage platforms. Since the data security threats are constantly evolving, many cloud service providers have incorporated AI-based systems like machine learning to help manage the security risks through threat analysis. These strategies have helped cloud service systems operate efficiently and mitigate data security threats to a level. This is further evidenced by several research papers on the topic (Udendhran, 2017).
However, many literary papers that have explored the concept have shown that the service providers are reacting to the threats rather than proactively creating security systems. While this has worked till now, the reactive data security systems might not keep data secure in the current business environment where most of the companies have started to use digital and cloud-based systems (Giri&Shakya, 2019). With the increase in customers, cloud service providers might find it challenging to efficiently manage their data privacy policies and security measures. Therefore, it is crucial to thoroughly analyze the current data security threats to create standardized systems that provide sustainable security results. It is also essential to use the analysis to predict future data security threats that might increase data protection and monitoring solutions (Giri&Shakya, 2019).
This research proposal will analyze the cloud data security threats to know what data security threats are growing the most and propose solutions for the service providers to help them address these threats and protect the data better. The proposal will also show how cloud service providers could develop the needed technologies to deal with the security issues that they might face in the future (Giri&Shakya, 2019). The proposal will also propose data security risk models that could help cloud service providers understand emerging threats in the cloud service sector. This will help them better protect against new data security threats and render faster resolutions to mitigate new data security threats. The dissertation will primarily collect literary papers on data security risks/threats and cloud-based systems (Giri&Shakya, 2019).
The research proposal will collect data from academic libraries to understand the cloud data security framework better. The proposal will use document analysis on the literary reviews to gain new insights into the cloud data security framework. The data collected through the document analysis will be further explored through thematic analysis. This thematic analysis will be focused on three main categories: the current data security threats, the current security framework & the future data security threats. Future threats are predicted using shreds of evidence present in the literary papers. In addition to exploring the current cloud data security frameworks, the thematic analysis will help predict new threats. The same can be used as a guideline for creating new data security systems. The researchers will also use textual analysis to help determine where new and emerging threats could come from and the best security strategy for dealing with these issues/risks (Akhil et al., 2017).
Therefore, the focus is to help improve the current data security systems present in the cloud service sector. This thematic analysis will also help researchers and professionals in cloud data security. To ensure that the research is up to date, this thematic analysis will look at the most recent literary works in the field of data protection (Akhil et al., 2017).It will then predict and analyze which elements of these works hold up the current cloud data security framework.This will include, for example, the current security frameworks and the current data protection solutions within that framework. The latter two features will help us understand how the current cloud data security framework is failing compared to the current threats.
Researcher’s Positionality
Cloud computing systems have become a significant part of the society we live in. Hence, it is essential to understand the benefits and challenges present in the same. While researching the topic of cloud computing and its related services, it was clear that data security has become a significant concern for most service providers (Akhil et al., 2017). Even with the development of various technologies and systems to combat security risks and issues, there are still concerns regarding cloud data security. This prompted the researcher to explore the topic in detail. The researcher was also fascinated by the fact that most organizations are moving to digital and cloud-based systems due to the pandemic. Therefore, the impact of a data security breach has become higher in the current society. Thus, the researcher felt that there needs to be an exploration of the future security risks and issues that could threaten cloud service providers (Akhil et al., 2017).
Purpose
The main goal of the proposal is to explore the efficiency of the current cloud data security systems and understand whether they will handle issues that could arise in the future. The proposal will also provide suggestions and alternatives to improve cloud data security (Kumar et al., 2018).
Research Question(s)
Cloud data security is not an isolated issue that will affect only select organizations. Since most organizations in society are moving towards a digital-only operation, any data security risk will affect a wide range of companies. This is detrimental for the whole society. Therefore, there needs to be extensive research on the data security systems of service providers rendering cloud computing services (Kumar et al., 2018). In this dissertation, the main focus is understanding the current cloud data security scenario and improving the same with the help of extensive research into the field. To ensure that the dissertation is focused, the same will be centered upon answering three essential research questions mentioned below.
R1: What are the current data security issues and risks that threaten an organization’s cloud services?
R2: What are the predicted future trends for the data security issues in organizations?
R3: How can current cloud data security be made more efficient to facilitate tighter data security in organizations?
Significance
As mentioned earlier, a data hack in cloud services would cause significant disruptions in the current society. Data needs to be secured efficiently to ensure that organizations can operate efficiently because of the rapid increase of digitization. Most companies are moving towards a cloud-based infrastructure. With the increasing data flow, security and privacy are of utmost importance. It is considered essential to ensure the security of data and users’ privacy from any attack (Zhe et al., 2017).Therefore, it is crucial to create a data security system capable of handling both current and future data security issues. This dissertation aims to contribute significantly to the field by analyzing the data security issues to find emerging data hacking and security-related trends. The research into the domain is significant to improve the data security frameworks of cloud service providers and enhance them to efficiently mitigate future risks in the domain (Zhe et al., 2017).
Definitions
i. Machine Learning – Machine Learning is a type of Artificial Intelligence that uses systems to learn from data, identify patterns, and make decisions with limited human intervention (Zhe et al., 2017).
ii. Cloud Computing – Cloud computing is a computer system resource that uses on-demand data storage and computing power (Zhe et al., 2017).
Summary
Cloud computing systems have started to gain extensive recognition because of the various benefits it provides organizations from several sectors. Cloud services have become a critical tool for organizational growth and significantly helped several organizations improve their digital frameworks. However, several issues still hinder the implementation and development of cloud services. One of the main issues that cloud service providers face is data security. Data security is a primary concern for cloud service providers and organizations using cloud-based frameworks because the cloud data is located in third-party servers. Even though several cloud service providers are using security systems to enhance data security, the efficiency of the current systems in stopping any future security issues and risks is debatable. This proposal aims to explore the current data security threats faced by cloud service providers and analyze the efficiency of the current data security systems. The proposal will also predict future data security trends with the help of literary sources and propose changes that can be made to the current digital security frameworks based on the same.
Chapter 2: Literature Review
This literature review chapter will focus on identifying the current data security procedures in the cloud services field. The data security threats and issues surrounding the cloud services field is evolving in nature and hence, there is a need for identifying the efficacy of current cloud data security systems and any need for evolution (Kaushik & Gandhi, 2019). Through this literature review, the study will investigate literature that surrounds the technical aspects of the cloud data security systems, their data security threats, vulnerabilities and challenges, and the implications and lessons learnt from these findings for the field of data security. Comment by Microsft User: delete
This section will consider the key terms cloud, data security, data privacy, cybersecurity and confidentiality, vulnerability, data breach, integrity and availability. The objectives of this review are to identify the current technical issues and challenges surrounding the field of data security in cloud services and to review the available literature on cloud services security (Namasudra, 2019). As the technical literature cannot cover all the challenges surrounding data security in the cloud service, we consider this to be a significant limitation of this review.
Since cloud services is a field that is constantly evolving in nature, the need for security in this field is also evolving. One would expect that in any emerging field that is constantly evolving, a significant body of literature is available on these matters. This is however not the case with cloud services. The technical challenges in the field of data security are increasing, and this causes the need for security methods that are constantly evolving. The challenge in identifying a critical review of this field is that the field is evolving in nature and the available literature is relatively small (Arora et al., 2018). This therefore necessitates a more targeted approach to this literature review, and the objective is to identify the major issues within the cloud services field. It is therefore expected that, with time, the field of data security within the cloud services will increase, and therefore a more global approach is taken to this review to identify the major issues in the field.
Data security procedures in the cloud services field
Data security involves a procedures as shown as explained below;
Encryption of data in transition end to end.
All of the interaction in the cloud services are required to happen over the SSL transmission so that the security can be of highest level. The termination of the SSL is suppose only happen within the cloud service provider network. There is a big challenge that arises in case the SSL does not terminate within the cloud service provider. An intruder may access a relevant data in case there is a fault when data encryption is not end to end.
Encryption of important data at rest
The encryption of sensitive data should be enabled at rest, not only in case the data is transmitted over a network. Most of the time is the cloud services only ensures that the only the encryption of the sensitive data that is enabled at the rest and avoid that one that is transmitted over the network. This leads to lowering of the confident complying with the privacy policies, regulatory requirement and contractual obligation in case of a sensitive data.
All the data that is stored in the disk in the cloud storage should be encrypted using AES-256 and the encryption keys should be encrypted with a regularly rotated set of master’s keys. Most of the data stored are not b encrypted with AES-256, thus endangers accessibility with the other unwanted parties.
Vulnerability testing
All the cloud services providers are required to employ the industry-leading vulnerability and incident response. There should be a fully automation of the security assessment so as the system weakness can be tested. The challenge is that most of the organization do not carry out the critical security audit which do not be done on yearly or in monthly basis.
Defined and enforce data deleting policy
There are many cases in which the data of the customer are not deleted even after the retention period. There is a need of a program which can automatically delete the person data after the retention time expires.
User –level data security
Most of the cloud services have a role-based access control (RBAC) that allows the customers to set the user-specific access and editing permission on the data. In the editing process, some customers interferes with the cloud in which it affect its operation mechanism.
Theoretical Foundation
It is important to ensure that the literature review helps identify the general beliefs and assumptions in the field of cloud data security, and help form a theoretical foundation for the proposed study. The literature review will focus on understanding concepts like the cloud data security efficiency, the rate of evolution of data security threats/issues, and the impact of cloud data security on various industries. The literature review will also identify factors that determine the efficacy of data security within the cloud (Surbiryala& Rong, 2017). In addition, some of the basic assumptions that surround cloud data security like data mobility and data storage will be studied, and this will help ensure that the review is not limited in its scope and serves the purpose of answering the research question appropriately. Comment by Microsft User: You did say here that you will use these as sub-headings to present the review of relevant literature covering these issues, btu I do not see that adequately done in the chapter.
One of the most important assumptions in the field of cloud data security is that cloud data security models should be transparent. It is important to ensure that a clear understanding of the concept of cloud data security is present, and this is a very important factor in ensuring that the research question in this field is adequately answered. Another key factor that will determine the validity of the review is that the review must take a cross-section of literature. It is important to ensure that the review does not focus on a single research study but takes a more general perspective (Ransome, 2017). In this context, the review of the research literature will form a foundation of the proposed research and will be an important component of the study. In addition, it is also very important that the literature review does not get influenced by a biased selection or evaluation criteria, and this is a major issue in the area of data security in the cloud.
The literature review will also identify common theories and studies that attempt to provide a solution to the problems surrounding cloud data security, and this will provide context for the research question. These theories and studies will provide a better understanding of the current state of the art of the field and will also lead to the development of more comprehensive approaches that can be used to solve
Data Security in Cloud Services
Introduction
Cloud service providers have a responsibility to keep customer data safe and secure. Before entering into a contract with a cloud provider, know what specific data protection obligations your provider is prepared to make. Scan all documents and contracts for usage rights and restrictions. Be sure you understand the physical and environmental safeguards in place. Ask your provider about their overall security policies, including adherence to industry standards and best practices. Know whether or not you company will be able to exercise full control over the cloud services being provided
Cloud service providers have a responsibility to keep customer data safe and secure.
Cloud service providers have a responsibility to keep customer data safe and secure. The EU General Data Protection Regulation (GDPR) and the European Union’s Directive on the Processing of Personal Data of European Residents sets out clear rules that must be followed by all cloud service providers in order to comply with EU laws.
Cloud service providers must implement appropriate technical and organisational measures to ensure that any personal data they process is secure at all times, including:
Ensuring employees are trained on how to use access control mechanisms such as passwords or two-factor authentication systems;
Using encryption technology when transmitting sensitive information over public networks;
Keeping records of employee training sessions so they can be audited by auditors if needed;
Before entering into a contract with a cloud provider, know what specific data protection obligations your provider is prepared to make.
Before entering into a contract with a cloud provider, know what specific data protection obligations your provider is prepared to make.
Ask: How will they protect my data? Will they offer regular security audits and penetration testing to check for vulnerabilities? What steps are taken if there’s suspected data loss or theft? How much notice do I need to give them before any changes are made to my account (e.g., changing the password)? How does their response time compare with other companies in similar situations like yours, such as Google and Facebook?
Scan all documents and contracts for usage rights and restrictions.
In addition to the general, most comprehensive security policies and procedures that all cloud service providers should have in place, it’s important to scan all documents and contracts for usage rights and restrictions. This can be time-consuming but worth it for two reasons:
You’ll know exactly what you’re getting into before signing up with a new provider
You can avoid serious problems down the road if something goes wrong
Be sure you understand the physical and environmental safeguards in place.
When you’re dealing with sensitive information, it’s important to know what safeguards are in place. Physical and environmental safeguards include things like:
A solid firewall between your network and the cloud provider’s network.
An intrusion detection system that scans for any suspicious traffic entering or exiting your systems.
A secure logging system that monitors activity on servers and systems over time to detect unusual behavior patterns.*
Ask your provider about their overall security policies, including adherence to industry standards and best practices.
Ask your provider about their overall security policies, including adherence to industry standards and best practices.
Ask your provider about their data handling policies.
Ask your provider if they have encryption enabled on all data transmitted between cloud services and/or external systems, or if they use a secure protocol such as TLS (Transport Layer Security).
Ask them what physical safeguards they have in place for protecting their data centers from unauthorized access, such as firewalls and intruder alarms.
Know whether or not you company will be able to exercise full control over the cloud services being provided.
There are a few things that you should know before selecting a cloud services provider. First, your company should be able to manage the cloud services being provided. You need access to all data and need full control over who has access and when they can use it. Second, if you want an audit of security measures by an independent third party such as NCC Group or CloudPassage (we recommend both), then this needs to be part of your contract with the provider. Thirdly, if possible, try to ensure that there is at least one person in IT who has full control over all aspects of security for your organization when moving into the cloud environment—this person may even require their own phone line lines so that they can communicate directly with service providers about any issues related only within their department
Know what your provider considers to be its property, as well as what you consider to be yours.
You should know that if you store your data in the cloud, the provider may consider that to be their property. This means they can do with it what they want, without your approval or consent. You should be able to access the data without interference and move it to another provider at any time if necessary. In addition, when using cloud services—such as Gmail or Dropbox—you should be able to access them from any device (iPad, computer etc.).
Data Security in Cloud Services
Cloud services are becoming increasingly popular, but they also pose new security challenges. Cloud providers have a responsibility to keep customer data safe and secure, so it’s crucial you understand what specific data protection obligations your provider is prepared to make before entering into a contract with them.
Before entering into a contract with a cloud provider, make sure that:
The information that you provide during the signing process is correct. If not then this could lead to issues later on when you want access your account again or want to transfer ownership of any existing accounts (for example). You should also be aware of any maintenance fees associated with using their service – these can occur without warning if needed repairs need doing which may cost extra money too!
Conclusion
It’s a good idea to know exactly what your provider is doing to keep your data secure and how they will do it. It’s also important to make sure you can get updates on any changes that might affect the security of your information, as well as access emergency services if necessary.