Analysis of Approaches to Ensure the Security of Cloud Services
Stand with Ukraine. Boosty is already actively helping Ukraine. Support our initiative

Analysis of Approaches to Ensure the Security of Cloud Services

The article is devoted to the analysis of modern approaches to ensure the security of cloud services. Cloud computing systems provide process security and reliability, ensuring process security and reliability, ensuring a secure interaction between the customer and the cloud service provider.

Considering that fears of data loss and data compromise are one of the main reasons why some companies are not migrating their computing to the cloud. The object of research and analysis of this work is cloud services that are provided by various cloud service providers. 

The purpose of the study of this work is to compare existing approaches that ensure information security of cloud services, as well as to propose a new approach based on the principle of diversion.

There are many approaches to ensure their security, using both traditional and cloud-specific methods. The multi-cloud approach is one of the most promising strategies for increasing reliability by backing up cloud resources on the servers of various cloud service providers. It is shown that it is necessary to use sabotage to ensure the reliability and safety of critical components of systems.

The principle of diversity is to use a unique version of each resource through a specific combination of cloud provider, geographic location of data centers, cloud service presentation models, and cloud infrastructure deployment models.

It details the differences between cloud providers and what combinations of services are preferred over others in terms of performance. It also discusses best practices for securing cloud resources.

As a result, this paper concludes that there is a problem of insufficient security and reliability of cloud computing and how threats can be mitigated to avoid common cause failure and, as a consequence, loss of confidential data or system downtime, using the diversification of cloud services.

Introduction

Today, cloud computing is one of the fastest growing areas of information technology. More and more projects are migrating computing resources from their data centers to cloud storage, entrusting their data to cloud providers. However, there are still many skeptics who believe that this is too dangerous and their data will be lost or they will fall into the hands of intruders. Of course, the information security of cloud computing is not perfect, but it should be noted that there are many ways to reduce risks.

The debate about solving this problem has been going on for a long time. Many cloud providers take a number of measures to significantly increase security, and also provide recommendations on how users of their services can contribute to improving the situation on their part.

Since the responsibility for security lies not only with the provider, but also with the companies that use their services. At the same time, the human factor remains the main vulnerability, since malicious or accidental neglect of security policies can nullify all security measures.

One of the most common approaches to ensuring the reliability and safety of cloud users' data is redundancy, despite this, the vulnerability in one version can spread to all the others, since they are identical copies.

Based on the above, creating unique copies will reduce the risk of data loss due to common cause failure (COMF). OBOR is an accidental failure of two or more structures, systems or components caused by any latent design or manufacturing flaw. due to errors in operation or maintenance. which is caused by any event caused by a natural phenomenon, operation of the technological process of the installation, or an action caused by a person or any internal event in the control and measuring system.  [1].
One of the most effective solutions to the OBOR problem is the principle of diversion, according to which each version of the system must be unique. Based on the above, the likelihood of the occurrence of OBOR is reduced to a minimum [2].

Diversion is a principle in measurement systems that allows different parameters to be determined, different technologies are used, different logic circuits or algorithms are used, or different actuation means are used to provide multiple ways of detecting and responding to significant events.

Cloud computing security problems and ways to solve them are discussed by various researchers in many countries of the world. The work "Security and Security and Privacy IssuesinCloud Computing" proposed a generalized classification of threats and security tools for cloud computing [3]. Authors of "Cloud Computing Use Case Discussion Group" [4] discuss various cloud computing use cases and related requirements. They look at use cases from a variety of perspectives, including customers, developers, and security engineers. In the article "Cloud computing: benefits, risks and recommendations for information security" [5], various information security risks associated with the use of cloud computing are investigated, as well as the topic of the likelihood of risks arising from the existence of vulnerabilities in cloud computing. Similar issues were discussed in the Cloud Security Alliance (CSA) [6]. Cloud Security Issues [7] discusses the specifications and goals of the Amazon Compute Service Level Agreement (ACSLA) related to data location, partitioning, and recovery. The next work, "Cloud computing security issues and challenges" [8] discusses high-level security issues in the cloud computing model, such as data integrity, security of confidential information. Also reported on various safety management standards. In the article "On Technical Security Issues in Cloud Computing ” [9] discusses technical security issues arising from the cloud computing model, such as XML browser-based attacks and SYN flood attacks. The authors of "Understanding Cloud Computing Vulnerabilities" [10] discuss security vulnerabilities in the cloud platform. They grouped the possible vulnerabilities associated with cloud computing technology, its characteristics and the security measures used. Study "A survey on security issues in service delivery models of cloud computing" [11] discusses the security issues of the cloud service delivery model, with a particular focus on the SaaS model. The main idea of ​​"Organizational cloud security and control: a proactive approach" [12] is to consider the security controls of cloud computing from the point of view of their ethical use.  “Security, Privacy, and Digital Forensics in the Cloud [13] explores many aspects of cloud security and privacy in detail.

The purpose of this article is to compare existing approaches that ensure information security of cloud services, as well as to propose a new approach based on the principle of diversion. First, it reviewed the current security situation of cloud services and provided some best practices for securing cloud computing based on practice (Section 1). Secondly, a promising approach, such as multi-cloud computing, was highlighted and described, which can significantly increase the reliability of cloud services, based on the use of several cloud providers simultaneously (Section 2).  Further, the implementation of the principle of sabotage is proposed to ensure the security of critical, from the point of view of security, cloud resources (Section 3).  The last section examines the pros and cons of approaches to securing cloud services, and outlines plans for the next stages of the study.

1 Cloud Services Security Analysis 

1.1 Introduction to Cloud Services

Cloud computing has four service delivery models and three core deployment models. Deployment models are of the following types [14-16]:

  • a private cloud, in which the cloud platform is designed for a specific organization;
  • public cloud, in which the cloud platform is available for public users who can register there and use the existing infrastructure;
  • hybrid cloud - a private cloud that can be distributed over the use of resources in public clouds.

Public clouds are the most vulnerable deployment model because they are available to a wide range of users, who can host their services there, which are used by attackers for cyberattacks. Cloud service delivery models include:

  • Infrastructure as a Service (IaaS) - a model in which cloud providers provide computing resources, data storage and networking as Internet services. This service model is based on virtualization technology. AmazonEC2, Compute engine by Google cloud, Virtual machine by  Microsoft Azure are the most famous services of the IaaS model.
  • Platform as a service (PaaS) - a model in which cloud providers provide platforms, tools and other business services that allow users to develop, deploy and manage their own applications without the need to install these platforms and maintain tools on their computers.

The PaaS model can be located at the top of the IaaS model or directly above cloud infrastructures. At the same time, Google App Engine, Microsoft AzureWeb App and AWS Elastic Beanstalk are the most famous representatives of the PaaS model.

  • Software as a Service (SaaS) - a model in which cloud providers provide applications located on the cloud infrastructure as Internet services for end-users, without requiring service customers to install software on their computers.

This model can be located at the top of the PaaS, IaaS, or directly above cloud infrastructures. It's worth noting that Atlassian (Jira, Bitbucket, Bamboo), G Suite (Gmail, GoogleDrive, Docs) and Microsoft Office 365 (Word, Out-look, OneDrive) are the leading SaaS service providers known to a wide range of users around the world.

  • Function as a service (FaaS) - a model in which cloud providers provide the ability to run code for almost any kind of application or server service without the need to administer it. Then this code can be executed in response to an event that occurred at the request of the user, for example, pressing  mouse buttons or keyboard input. This model can be located at the top level of any cloud service from previous models. Notable examples of this model are AWS Lambda, Google Cloud Functions, and Microsoft Azure Functions.

Each service delivery model has different possible implementations, which complicates the development of a standard security model for each service delivery model. Moreover, these service delivery models can coexist on the same cloud platform, which further complicates the security management process.

The cloud computing model involves different stakeholders: a luggage provider (an entity that delivers infrastructure to cloud computing consumers), a service provider (an entity that uses the cloud infrastructure to deliver applications or services to end users), and a service consumer (entity that uses services hosted in the cloud infrastructure), as well as a third party that provides support to the cloud provider, or a service provider

1.2. Threats to the security of cloud computing

We classify the key security threats to cloud computing, which are typical for specific models of service provision, as well as for all cloud services in general, the results are presented in Table 1 [1].
However, it is important to understand that some of these threats are run by the cloud providers, while others are the responsibility of the cloud providers or their users, therefore, understanding this division helps to better resist these threats.

1.3. Approaches to Cloud Computing

In a multi-user environment that is used in cloud computing, information security is not an easy task. Security must be implemented at every level of the cloud application architecture. Physical security is of course provided by the cloud provider, which is an added benefit of using the cloud.The user is responsible for securing the network and applications, and there are a number of techniques to mitigate the risks of a security breach:

Table 1 Threat classification for cloud computing

 

A threat

Description

Threats emanating from within (insiders): 

- the attacker is on the side of the cloud provider; 

- the attacker is on the side of the cloud service provider; 

- the attacker is a third party that provides support to either the provider, or users.

The threat of insider access to the data of customers using cloud services is increasing, since each of the delivery models can create a need for several internal users: 

SaaS administrators of the cloud provider and service provider; 

PaaS application developers and test environment managers;

 IaaS - third-party cloud platform consultants.

Outside threats: 

- remote software attack on cloud infrastructure; 

- remote software attack on cloud applications; 

- remote hardware attack on the cloud; 

- remote software and hardware attack on software and hardware endpoints of cloud user organizations; 

- social engineering of users of cloud providers and users of cloud services.

It can be assumed that the threat from external attackers is more spread to public clouds, but all types of cloud service delivery models are susceptible to the influence of external attackers, especially in private clouds where user endpoints can be specified. Cloud providers with large data stores that store credit card data, personal information, and confidential or intellectual property will be attacked by resource-rich groups trying to obtain this data.


 

Data leakage: 

- denial of secure access rights in multiple domains; 

- failure of electronic and physical transport systems for cloud data and backup.

The threat of mass data leakage among many potentially competing organizations using the same cloud provider can be caused by human error or faulty equipment, which will lead to information compromise.

Data separation: - incorrectly defined security perimeters; - incorrect configuration of virtual machines and hypervisors.

Data integrity in complex cloud hosting environments such as SaaS, configured to share computing resources among customers, can compromise data integrity.


 

User access: 

- weak identification and access control procedure.

The implementation of ineffective access control procedures creates many vulnerabilities. For example, disgruntled former employees of organizations that supply cloud services maintain remote access to administer clients' cloud services and can deliberately damage their data sources.


 

Data quality: 

- introduction of faulty application components or infrastructure.

The threat of data quality impact is increasing as cloud providers host the data of many customers.Introducing a faulty or misconfigured component required by another cloud user can potentially impact data integrity for other cloud users sharing the infrastructure.

Change management: 

- customer penetration testing, which affects other cloud customers; 

- infrastructure changes in the systems of providers, customers and third-party users of cloud services that affect cloud customers.

As the cloud service provider takes on greater responsibility for managing change across all cloud delivery models, there is a threat that change could have negative consequences. This can be caused by software or hardware changes to existing cloud services.

Denial of service threat: 

- distributed bandwidth of the network with denial of service; 

- denial of service for network DNS; 

- denial of application data.

The threat of denial of service in relation to available cloud computing resources, as a rule, is an external threat to public cloud services. However, a threat can affect all cloud service models as external and internal threat agents can inject components of applications or hardware that cause denial of service.

Physical disruption: 

- disruption of IT services of a cloud provider through physical access; 

- disruption of cloud IT services of customers through physical access; 

- disruption of third-party WAN providers' services

The threat of physical disruption to cloud services is different for large cloud providers and their customers. These vendors must have experience in securing large data centers, and must consider resilience among other availability strategies. There is a threat that the user's infrastructure in the cloud can be physically disrupted both internally and externally, where less secure office environments or telecommuting are standard practice.

Use of weak recovery procedures: 

- calling inadequate disaster recovery or business continuity processes.

The threat of initiating inadequate recovery and incident management procedures is heightened when cloud users consider recovering their own systems in parallel with systems managed by third-party cloud service providers. If these procedures are not tested, they can significantly affect recovery time.


 

– Information-based security – a data self-protection technique that requires intelligence to be embedded in the data itself. Data should be self-describing and secure, regardless of its environment.When accessing them, the data refers to its policy and tries to recreate a secure environment that has been verified to be reliable using a trusted computing infrastructure. 

– Highly reliable remote server certification – a promising approach to solving the problem of lack of transparency, which is based on reliable calculations. In a trusted computing environment, a trusted monitor is installed on a cloud server that can monitor or verify cloud server operations. A trusted monitor can provide proof of compliance with the owner of the data, ensuring that certain access policies have not been violated. To ensure the integrity of the monitor, trusted computing also allows this monitor to be safely booted side by side (and securely isolated) from the operating system and applications.

The monitor can enforce access control policies and perform monitoring or audit tasks. To confirm compliance, a monitor code and a declaration of conformity issued by the monitor are signed.  When the data owner receives this attestation, they can verify that the correct monitor code is being executed and that the cloud server has complied with access control policies.

– Privacy-Enhanced Business Intelligence – another approach for maintaining control over the data is the need to encrypt all cloud data. The problem with this approach is that encryption limits the use of the data. In particular, finding and indexing data becomes a problematic, or even impossible task. For example, if your data is stored in clear text, you can efficiently search for a document by specifying a keyword. This cannot be done using traditional randomized encryption schemes, although there are universal encryption schemes that allow operations and calculations on cipher texts.

– Bastion hosts are virtual machines that reside on the public subnet of the client and are usually accessible using SSH or RDP. Once a remote connection is established with the bastion host, it acts as a "hop" server, allowing clients to use SSH or RDP to log into other virtual machines (within private subnets) deeper in the user's virtual private cloud ( VPC).

When properly configured using security groups and network ACLs (NACLs), the basement essentially acts as a bridge to the user's private virtual machines over the Internet [17].

However, the main principle of ensuring the security of cloud computing is following the recommendations from cloud providers [18-20]. Consider the key advice they provide. First, cloud consumers must fully understand their networks and applications to determine how to provide functionality, resilience, and security for cloud applications and systems. Due diligence should be performed throughout the lifecycle of applications and systems deployed in the cloud, including planning, development and deployment, operations, and decommissioning. It is important to understand that both the cloud provider and the user are responsible for responsibility for cloud security.

The next important point is access control. Access control typically requires three capabilities: the ability to identify and authenticate users, the ability to assign access rights to users, and the ability to create and enforce resource access control policies. You should use multi-factor authentication to reduce the risk of compromised credentials.

The stolen superuser credentials allow an attacker to control and configure the cloud consumer's resources. The use of multiple factors requires an attacker to acquire several independent authentication elements, which reduces the likelihood of compromise.

A set of roles should be planned to fulfill general and individual responsibilities. These roles are designed to ensure that no one can negatively impact the entire virtual datacenter. Service providers offer several different types of storage services such as virtual disks, blob storage, and content delivery services.
Each of these services can have unique access policies that must be assigned to protect the data they store. Cloud customers must understand and configure these service-specific access policies. In addition to access control, data protection includes three separate tasks: protecting data from unauthorized access, ensuring continuous access to critical data in the event of errors and failures, and preventing accidental disclosure of data that is believed to have been deleted.

It is important to encrypt data at rest to protect it from disclosure due to unauthorized access. ISPs typically provide encryption capabilities for the storage services they offer. You should also properly manage associated encryption keys to ensure effective encryption. Providers offer consumers a choice of keys, either themselves or the consumer.

Providers provide significant guarantees against permanent data loss. However, no system is perfect, and large cloud providers can accidentally lose customer data. In addition to ISP errors, cloud service users can also make errors that can lead to data loss.

You need to ensure that your data backup and recovery processes meet the needs of your organization using the cloud. Service providers often copy data to ensure consistency. During the operation of the system, confidential data can get into registration and monitoring services, backup copies, content distribution services and other places. Analyze your cloud deployment to understand where sensitive data might be copied or cached, and determine what needs to be done to get those copies deleted.

The provider is responsible for monitoring infrastructure and services provided to consumers, but is not responsible for monitoring systems and applications created by users using the provided services. However, they provide the user with monitoring information related to the use of the user services. This information can be used as a first line of monitoring to detect unauthorized access to systems and applications or their use, as well as unexpected behavior or use of systems and applications or their users.

In a hybrid cloud deployment that moves some resources to the provider's storage, but saves a lot of resources in place, you need to combine the provider-provided cloud-based user monitoring information and local user monitoring information to create a complete picture of the organization's information security.
Information security threats can appear anywhere in the cloud infrastructure. If these vulnerabilities are not discovered and closed, the enterprise leaves the opportunity for security threats to enter a cloud-based deployment.

Many cloud providers will allow users to perform penetration tests to find these vulnerabilities. Some providers may do this testing themselves. Ensuring that these tests are performed on a regular basis allows you to search for any vulnerabilities that have appeared in the user's system of cloud services.

2. Multi-cloud computing 

2.1. Introduction to the multi-cloud strategy 

A multi-cloud strategy is the use of two or more services from different cloud providers, as well as the use of different service delivery models [21]. Initially, many organizations stuck with a multi-cloud strategy because they were not confident in the reliability of the cloud.

Multi-cloud computing is still viewed as a way to prevent data loss or downtime due to the failure of a localized component in the cloud. The ability to avoid being tied to specific providers was also an important incentive early in the multi-cloud deployment.

While redundancy and provider lock-in issues continue to drive many deployments in multi-cloud environments, they are also largely driven by broader business or technical goals of the enterprise. These goals may include using more competitively priced cloud services, or taking advantage of the speed, capacity, or features offered by a particular cloud provider in a particular geography.

In addition, some organizations use multi-cloud strategies for data sovereignty reasons. Certain laws, regulations, and corporate policies require corporate data to be physically located in specific locations. Multi-cloud computing can help organizations meet these requirements because they can choose from multiple data centers or Availability Zones of multiple IaaS service providers.

This flexibility in hosting cloud data also allows organizations to place computing resources as close as possible to end users for optimal performance and minimal latency. However, there are a number of overheads associated with using this strategy, for example, deploying multiple clouds requires that the technical staff have the skills to work with several types of cloud platforms or to resort to the consultation of the provider. Workload or application management in multi-cloud environments can also be a problem as information moves from one cloud platform to another.

It is also important to understand the difference with the hybrid deployment model. Multi-cloud and hybrid cloud computing are similar but differ in purpose and application. In general, hybrid cloud refers to a cloud computing environment that uses a combination of an on-premises private cloud and a third-party public cloud, with negotiation between the two. An enterprise often uses a hybrid cloud to solve a specific problem, such as the ability to run workloads at home, and then break into a public cloud when computing resources spike.

However, as noted above, multi-cloud computing usually refers to the use of multiple public cloud providers and represents a more general approach to managing and paying for cloud services in a way that feels best for a given organization. Although, it should be noted that using multiple clouds does not exclude the possibility of using a hybrid cloud, and it can be part of a multi-cloud deployment. The two models are not mutually exclusive, their use simply depends on what the cloud computing user hopes to achieve.

2.2. Analyzing Cloud Computing Performance 

An important factor in planning for a multi-cloud strategy is the performance of cloud services. This topic is considered in many works, such as “Exploring Uncertainty of Delays as a Factor in End-to-End Cloud Response Time” [22] and “Dependability of Service-Oriented Computing: Time-Probabilistic Failure Modeling” [23].

For the latest results in this area, you can refer to the interesting report "Thousand Eyes Cloud-Performance Benchmark 2019-2020" [24], which analyzed the performance of the five largest cloud providers (AWS, GCP, Azure, AlibabaCloud, IBMCloud). They also considered applying a multi-cloud strategy. As a result, they concluded that although network performance was not a traditional metric to consider when developing a multi-cloud strategy, global changes performance confirms the need for multiple cloud environments. Thus, AWS, Azure and GCP interact directly with each other on a full network of connections, eliminating the dependence on third-party Internet providers for multi-cloud communications. These three cloud providers have extensive networks and are well connected by several popular hosting media.

Based on the combinations tested and tested, IBM demonstrated a tight relationship with GCP and Azure, but had an uneven relationship with AWS and Alibaba Cloud. On the Alibaba Cloud, they have noticed strong interactions with Azure and GCP in well-connected geographic regions such as the US East, West and London, but not Asia. For the most part, Alibaba Cloud and AWS did not have direct peering regardless of geography, so it is important to consider the peering and direct connection to the cloud provider, which improves performance over ISP, when choosing areas of size - a cloud service provider for designing the architecture of multi-cloud applications. In fig. 1 [24] presents the results of measurements of the average latency in the availability zone for 4 weeks for the largest cloud providers.

3. Ensuring the security of cloud resources based on the principle of diversification Diversion is a widely used principle of ensuring the security and reliability of mission-critical systems, based on the creation of redundancy not through system redundancy, but by designing several unique versions for each component.

Thus, the failure of one version will not lead to the failure of the other versions, which means that the failure of the entire system will be avoided. Although the implementation of such a principle in practice is not always rational due to the increased costs of developing the system in which it is applied. Despite this, for the most critical system components, this approach can be extremely beneficial. Since it allows you to save critical data or avoid system downtime

For software, diversion can be applied at any stage of the software life cycle, depending on which the types of diversion will differ. The most popular of which is the use of diversion in system design. Which, in turn, is divided into N-version programming, Self-checking programming and Recovery blocks [25]. N-versioned programming usually uses different programming languages, operating systems, development teams, etc., thereby making the versions of the program different from each other.

Figure 1 Average Zone Latency Measurement Results

In cloud computing, the closest thing to diversification is a multi-cloud strategy that uses different services from different cloud providers. However, in most cases, such a strategy is not intended to improve security, but rather reduces the cost of maintaining cloud computing. Thus, multi-cloud strategy and diversification, similar in implementation, but different in goals, can be applied simultaneously, while it is important to find a balance between security and performance and the cost of cloud resources.

Based on the foregoing, it is possible to propose the implementation of the principle of diversification for the use of cloud resources. As shown in fig. 2, it is proposed to use three cloud providers simultaneously, for each of which three models of providing cloud services and placement in different regions should be applied. It is also possible to use both public and private deployment of cloud resources. Particular attention should be paid to the diversification of cloud services, since, in addition to different presentation models, services may differ in the technologies used, programming languages, operating systems, tools for developing and maintaining infrastructure.

If we consider the services of the IaaS model, then the obvious solution would be to choose virtual machines with different operating systems, for example, Ubuntu, Centos, Windows Server.

At the PaaS model level, users deal with a service-oriented architecture, which means they can apply the principle of diversity by using various off-the-shelf services. One of the most popular types of services for this model are services that provide databases, for which the principle of diversification can also be applied, for example, use MySQL, PostgreSQL and SQL Server database management systems .  In general, the set of services provided by the PaaS model is the main difference between cloud service providers, so it makes sense to get acquainted with their solutions and use various services simultaneously, both from the point of view of security and reliability, and to increase the flexibility of the system and reduce the cost of its maintenance.

There are a large number of SaaS cloud services provided by various companies, resulting in a natural emergence of diversification driven by market competition. One of the examples of the implementation of the principle of diversification of services of this model is the use of various cloud data storages.

For example, a large number of people use GoogleDrive, OneDrive, or Dropbox to store both their personal and business information. The simultaneous use of various storage facilities allows you to increase the amount of information that can be placed there for free. However, it can also be used to improve the reliability of the information stored there by placing the same critical information in different cloud data stores.

One of the most promising areas in cloud services is the FaaS model, which allows users to upload only their own program code, and the entire process of maintaining and maintaining the program and the necessary infrastructure for it is transferred to the cloud provider. Thus, the scaling of the application is carried out at the level of a specific function that is called in response to a user request.

In such a situation, developers should only choose what language their application will be in and load the corresponding functions written in this language. In such a situation, the principle of diversion can be applied when choosing a programming language. For example, use program functions of the same functionality, but written in different languages, such as Java, Python and Node.js. However, among different cloud providers, the choice of languages ​​may differ, therefore, this should be taken into account when using several clouds at the same time. The diversification scheme of cloud services for various presentation models is given in Fig. 3.

Conclusion

Ensuring the security of cloud services is largely delegated to the cloud computing provider itself, but despite this, he is not responsible for how they use its services. Therefore, it is necessary to carefully monitor vulnerabilities and reduce the likelihood of threats emanating from the features of cloud computing, and traditional for the information space. The weak point of any cloud computing is the people who use it and the access environment from the cloud to end users.

The use of a hybrid deployment model, combined with a multi-cloud strategy in conjunction with the principle of diversion, will minimize the risks of information security breaches. Do not forget to balance the cost of security and maintaining high performance to maximize the benefits of the cloud.

There are a number of approaches to ensuring the security of cloud resources, most of which are aimed at raising awareness of what is happening in the cloud, or at secure access to cloud services. Otherwise, all approaches are similar to the traditional security measures for information resources. At the same time, the basic rules to reduce the risk of losing your data or compromising it are described in the security recommendations from the cloud providers themselves.

Diversion can increase the reliability and security of services for the most part as a hedge against threats emanating from the provider, both accidental and deliberate. However, insufficiently high-quality training of personnel on safe work with clouds can overshadow all other measures to ensure the security of cloud services.

In the future, an experiment should be conducted to assess the impact of the diversification of cloud services on the reliability and information security of the system in which they are used. Also, to apply the principle of diversification in practice, one should analyze the cost of its implementation in cloud services in order to assess how cost-effective the use of this approach is and for what cases it will be appropriate.

Literature

1. Diversity strategies for nuclear power instrumentation and control systems (NUREG/CR-7007, ORNL/TM-2009/302) [Text] / R. T. Wood, R. J. Belles, M. S. Cetiner, D. E. Holcombetal. – U.S. Nuclear Regulatory Commission, Office of Nuclear Reactor Regulation, Washington, DC, 2010.– 225 p. DOI: 10.2172/1000417.
2. Yastrebenetsky, M. Nuclear Power Plant Instrumentation and Control Systems for Safety and Security[Text] /M.Yastrebenetsky, V.Kharchenko. – IGI Global, USA, 2014.– 450 p.
3.Sen, J. Security and Privacy Issues in Cloud Computing [Electronic resource]/J. Sen.– Access mode: https://arxiv.org/ftp/arxiv/papers/1303/1303.4814.pdf – 10.06.2019.
4. Cloud Computing Use Cases White Paper. Version 4.0. 2010. Cloud Computing.Use Case Discussion Group [Electronic resource]. – Access mode: http://www.cloud-council.org/Cloud_Computing_Use_Cases_Whitepaper-4_0.pdf. –10.06.2019.
5.ENISA– Cloud computing: benefits, risks and recommendations for information security [Electronic resource]. – Access mode:https://www.sbs.ox.ac.uk/cy-bersecurity-capacity/system/files/ENISA%20Cloud%20Computing%20Security%20Risk%20Assessment.pdf.– 21.12.2019.
6.Cloud Security Alliance (CSA)[Electronic resource].– Access mode: http://www.cloudsecurityalli-ance.org/ – 20.12.2019.
7. Kandukuri,B. R. Cloud Security Issues[Text]/ B. R. Kandukuri, R. Paturi, A. Rakshit // Proceedings of the 2009 IEEE International Conference on Services Computing, Bangalore, 21-25 September 2009.– P. 517-520.
8. Popovic, K. Cloud computing security issues and challenges [Text] / K.Popovic, Z. Hocenski// The Third International Conference on Advances in Humanoriented and Personalized Mechanisms, Technologies, and Services, 2010.– P. 344-349.
9. On Technical Security Issues in Cloud Computing [Text] /M.Jensen, J.Schwenk, N.Gruschka, L. L.Iacono//IEEE ICCC.– Bangalore, 2009. – P. 109-116.
10. Grobauer,B, Walloschek,T.,Stöcker,E. Understanding Cloud Computing Vulnerabilities [Text]/B.Grobauer, T.Walloschek, E. Stöcker//IEEE Security and Privacy.– 2011. – Vol. 9, No. 2.– P. 50-57. DOI:10.1109/MSP.2010.115
11. Subashini, S. A survey on security issues in service delivery models of cloud computing [Text] / S.Subashini, V. Kavitha// Journal of Network and Com-puter Applications. – 2011. –Vol. 34, No. 1. – P. 1-11. DOI:10.1016/j.jnca.2010.07.006.
12. Organizational cloud security and control: a proactive approach [Text] / K. Spanaki., Z.Gürgüç, C.Mulligan,E.Lupu// Information Technology & People. – 2019.– Vol. 32, No. 3.– P. 516-537. DOI: 10.1108/ITP-04-2017-0131.
13. Chen,L.Security, Privacy, and Digital Forensics in the Cloud [Text] / L.Chen, H.Takabi, N.-A. Le-Khac (Eds.).– Higher Education Press, 2019. – 351 p.DOI:10.1002/9781119053385.
14. Runtime Security Policy Enforcement in Clouds [Text] / S. Majumdar et al. // In: Cloud Security Auditing. Advances in Information  Security. – Springer, Cham, 2019. – Vol.76.– P. 145-156.
15. Wu, Y. Cloud storage security assessment through equilibrium analysis [Text] / Y.Wu, Y.Lyu, Y. Shi//Tsinghua Science and Technology. – 2019. –Vol.  24,  No. 6. – P. 738-749. DOI: 10.26599/TST.2018.9010127.
16. Kumar, R. On cloud security requirements, threats, vulnerabilities and countermeasures: A survey [Text] / R.Kumar, R. Goyal// Computer Science Review. – 2019. – Vol.33.– P.1-48.DOI: 10.1016/j.cosrev.2019.05.002.
17. Scott, S.Effective security requires close control over your data and resources. Bastion hosts, NAT instances, and VPC peering can help you secure your AWS infrastructure [Electronic resource] /S. Scott. – Access mode: https://cloudacademy.com/blog/aws-bastion-host-nat-instances-vpc-peering-security/ – 22.12.2019.
18. AWS security best practices [ Electronic resource].– Access mode: https://aws.amazon.com/white-papers/aws-security-best-practices/ –22.12.2019.
19. Microsoft Azure security best practices [Electronic resource]. – Access mode: https://docs.mi-crosoft.com/en-us/azure/security/security-best-prac-tices-and-patterns – 22.12.2019.
20. Google cloud platform security best practices[Electronic resource]. – Access mode: https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations – 22.12.2019.
21. Multi-cloud strategy [Electronic resource]. – Access mode: https://searchcloudcomputing.tech-target.com/definition/multi-cloud-strategy – 22.12.2019.
22. Dependability of Service-Oriented Computing: Time-Probabilistic Failure Modelling [Text] / A.Gorbenko, A.Romanovsky,V.Kharchenko, O. Tarasyuk//Software Engineering for Resilient Systems. – SERENE 2012. – Springer, Berlin, Heidelberg, 2012.– Lecture Notes in Computer Science vol.7527. – P.121-133. DOI: 10.1007/978-3-642-33176-3_9.
23. Exploring Uncertainty of Delays as a Factor in End-to-End Cloud Response Time [Text] / A.Gorbenko, V. Kharchenko, S. Mamutov, O. Tarasyuk, A .Romanovsky //Proceedings -9th European Dependable Computing Conference, EDCC 2012. DOI: 10.1109/EDCC.2012.10.
24. A Comparative Study of Cloud Performance [Electronic resource]. – Access mode: https://www.thou-sandeyes.com/resources/cloud-performance-bench-mark-report-november2019 – 22.12.2019.
25. Frolov, V.Classification of Diversity for Dependable and Safe Computing [Electronic resource]/ V.Frolov, O.Frolov,V. Kharchenko //COLINS, 2019.– Access mode: http://ceur-ws.org/Vol-2362/paper32.pdf – 22.12.2019. 
References  
1. Wood,R. T., Belles,R. J., Cetiner,M. S., Holcomb,D. E. et al. Diversity strategies for nuclear power instrumentation and control systems (NUREG/CR-7007, ORNL/TM-2009/302). U.S. Nuclear Regulatory Commission, Office of Nuclear Reactor Regulation, Washington, DC, 2010. – 225 p. DOI: 10.2172/1000417.
2. Yastrebenetsky, M., Kharchenko, V.Nuclear Power Plant Instrumentation and Control Systems for Safety and Security. IGI Global, USA, 2014.450 p.
3.Sen, J. Security and Privacy Issues in Cloud Computing. Available at:https://arxiv.org/ftp/arxiv/pa-pers/1303/1303.4814.pdf (accessed 10.06.2019).
4. Cloud Computing Use Cases White Paper. Version 4.0. 2010. Cloud Computing. Use Case Discussion Group. Available at: http://www.cloud-council.org/Cloud_Computing_Use_Cases_Whitepaper-4_0.pdf (accessed 10.06.2019).
5. ENISA – Cloud computing: benefits, risks and recommendations for information security. Available at: https://www.sbs.ox.ac.uk/cybersecurity-capacity/system/files/ENISA%20Cloud%20Computing%20Security%20Risk%20Assessment.pdf.(accessed 21.12.2019).
6. Cloud Security Alliance (CSA).Available at: http://www.cloudsecurityalliance.org/   (accessed 20.12.2019).
7. Kandukuri, B.R., Paturi, R., Rakshit, A. Cloud Security Issues. Proceedings of the 2009 IEEE International Conference on Services Computing, Bangalore, 21-25 September 2009, pp. 517-520.
8. Popovic, K., Hocenski, Z. Cloud computing security issues and challenges. The Third International Conference on Advances in Humanoriented and Personalized Mechanisms, Technologies, and Services, 2010, pp. 344-349.
9. Jensen, M., Schwenk, J., Gruschka,N., Iacono, L. L. On Technical Security Issues in Cloud Computing. IEEE ICCC, Bangalore, 2009, pp. 109-116.
10. Grobauer, B, Walloschek, T., Stöcker, E. Understanding Cloud Computing Vulnerabilities. IEEE Security and Privacy, 2011, vol. 9, no. 2, pp. 50-57. DOI:10.1109/MSP.2010.115.
11. Subashini,  S., Kavitha, V. A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 2011,vol. 34, no. 1, pp. 1-11. DOI: 10.1016/j.jnca.2010.07.006
12. Spanaki, K., Gürgüç, Z., Mulligan, C., Lupu, E. Organizational cloud security and control: a proactive approach. Information Technology & People, 2019, vol. 32,no. 3, pp. 516-537. DOI: 10.1108/ITP-04-2017-0131.
13. Chen, L., Takabi, H., Le-Khac, N.-A. (Eds.). Security, Privacy, and Digital Forensics in the Cloud,2019, Higher Education Press Publ.,DOI:10.1002/9781119053385.
14. Majumdar,S. et al. Runtime Security Policy Enforcement in Clouds. In: Cloud Security Auditing.  Advances in Information Security, Springer, Cham, 2019, vol.76, pp. 145-156. 
15. Wu, Y., Lyu, Y., Shi, Y. Cloud storage security assessment through equilibrium analysis. Tsinghua Sci-ence and Technology, 2019, vol. 24, no. 6, pp. 738-749. DOI: 10.26599/TST.2018.9010127.
16. Kumar, R., Goyal, R. On cloud security requirements, threats, vulnerabilities and countermeasures: A survey. Computer Science Review,2019, vol.33,pp.1-48.DOI: 10.1016/j.cosrev.2019.05.002.
17. Scott, S.Effective security requires close control over your data and resources. Bastion hosts, NAT in-stances, and VPC peering can help you secure your AWS infrastructure. Available at: https://cloudacad-emy.com/blog/aws-bastion-host-nat-instances-vpc-peer-ing-security/ (accessed 22.12.2019).
18. AWS security best practices. Available at: https://aws.amazon.com/whitepapers/aws-security-best-practices/ (accessed 22.12.2019).
19. Microsoft Azure security best practices. Available at: https://docs.microsoft.com/en-us/azure/secu-rity/security-best-practices-and-patterns (accessed 22.12.2019).
20. Google cloud platform security best practices. Available at: https://cloud.google.com/docs/enter-prise/best-practices-for-enterprise-organizations (accessed 22.12.2019).
21. Multi-cloud strategy. Available at: https://searchcloudcomputing.techtarget.com/defini-tion/multi-cloud-strategy (accessed 22.12.2019). 
22. Gorbenko,A., Romanovsky, A., Kharchenko,V., Tarasyuk, O.Dependability of Service-Oriented Computing: Time-Probabilistic Failure Modelling. In: Software Engineering for Resilient Systems. SERENE 2012, Springer, Berlin, Heidelberg, 2019, Lecture Notes in Computer Science, vol 7527, pp.121-133. DOI: 10.1007/978-3-642-33176-3_9.
23. Gorbenko, A.,Kharchenko, V., Mamutov, S.,Tarasyuk, O., Romanovsky, A. Exploring Uncertainty of Delays as a Factor in End-to-End Cloud Response Time. Proceedings - 9th European Dependable Computing Conference,  EDCC 2012. DOI: 10.1109/EDCC.2012.10.
24. A Comparative Study of Cloud Performance. Available at: https://www.thousandeyes.com/re-sources/cloud-performance-benchmark-report-novem-ber-2019  (accessed 22.12.2019).
25. Frolov, V., Frolov O., Kharchenko V. Classification of Diversity for Dependable and Safe Computing. COLINS, 2019. Available at: http://ceur-ws.org/Vol-2362/paper32.pdf  (accessed 22.12.2019).

1610540297889.jpg

WRITTEN BY

Viktor Ihnatiuk

Founder at Boosty Labs, SNO Growth Lead at Storj Labs

You might like it

1607517866405.jpg
Diversity And Inclusion (DEI) In Tech Startups

Today, with humanity focused on simply surviving, you need to make sure your organization's ongoing efforts, especially in the areas of Diversity, Equity, and Inclusion (DEI), stay a priority.

Dec 9, 2020 by Viktor Ihnatiuk
1612166289969.png
Boosty Labs and Baseline Protocol

Jan 13, 2021 by Viktor Ihnatiuk

Copyrights are reserved. All works are protected by copyright of the corresponding authors.