Data Breaches in Cloud Computing

Data Breaches in Cloud Computing

Introduction

Data breaching is one of the top security concerns in cloud computing currently. A data breach is simply an incident that has the possibility of disclosing essential and sensitive information to unauthorized people who may cause possible damage with the information obtained most likely to attack the owners of the information. These breaches in cloud computing are usually occurring due to various reasons. Cloud computing is essential in today’s world. Nearly everyone uses the cloud to store information that they probably do not want to lose. Big companies also store their information in the cloud due to the massive amounts of data processed daily, making their servers full after some time.

Currently, there a few companies offering cloud computing services. These are amazon, google, Microsoft, among others. With all these sensitive data in the cloud, there is a high risk of data breaches, which cause the loss, theft, and manipulation of these data, among other risks. From this, it is inevitable for a data breach to occur. It is, therefore, the work of cloud computing providers to come up with strong security and measures to curb data breaching, or else severe implications in their companies will occur. This is a primary concern because sensitive information is transmitted on the internet all the time. The security measures have to get updated almost all the time because hackers are always learning and formulating ways to go past the security, whereby they get paid to do so. This paper will explain data breaching in-depth explaining the causes and the possible solutions to this proposed problem computing providers are currently facing. These solutions might reduce the data breaching instances; hence the research rendered a success.

Many pieces of research have gotten conducted over the past few years to identify the reasons behind and causes of data breaching in cloud computing. According to recent research done, most data breaches occur in the following ways. Firstly, Foreign nationals and business competitors may want to know the secrets of their rivals’ companies and try to get them to work in their favor in methods like blackmail. They might also want to know how their opponents succeeded so that they follow the same methods and experiment if the methods would work on them. This method has been one of the major causes of a data breach.

Secondly, adversaries may have the intention of causing embarrassment and shame to damage organizations (Ramachandra et al.,2017). Through the action, the organization attacked may lose its market and undergo criticism, which will result in people cutting ties with the organization. Also, an attack may get formed, which requires the information obtained from a data breach. It is possible that people working in cloud computing companies to receive bribes and help in the data breaching process. Despite there being many ways and causes of data breaching, the primary victim in this whole process is the cloud users because their information is always at a risk of getting exposed to the whole world anytime any day.

The cloud at most times provides different types of resources that are easily accessible and, therefore, attractive targets to the attackers. According to researchers, every data breach has an associated problem, but in most cases, the degree of the problem is usually determined by the sensitivity of the data subjected to breaching. In many countries, there are laws formed whereby the cloud providing companies must follow to ensure security.

Accidental internet exposure is another cause of data breach (Ahmed et al.,2019). This data breach usually happens when sensitive information gets placed where data is accessible on the internet. This mistake enables internet users to access the information without any restrictions hence information getting public and causing the company data breach lawsuits from its users. In addition to this, employee negligence also causes data breach. This incident may happen when information does not get disposed of in a proper manner or the employee not being keen. Weak data security policies can lead to unintentional data breaches like these. Companies should develop well-formulated strategies to curb against such instances and prevent the company from undergoing trying times.

Apart from the theft of information online, physical robbery can also occur. Instances like these happen when service providers’ devices get stolen with the information inside. These devices can be laptops, computers, and USB. Though not a significant cause of data breach, it still counts as a cause. This instance is because most cloud computing providers have heavy security, which avoids this circumstance. They also have their offices and headquarters under twenty-four hours surveillance with security cameras and physical guards who ensure the safety of both the information and the laptops. In these cases, only a few employees can access particular files preventing the instance from occurring.

Unauthorized access can get caused by service providers using software that is not up to date-analog (Barona et al.,2017). Due to upcoming technology, it is effortless for the analog systems to get hacked since new devices get formulated. This instance makes it easy for hackers to log into the systems and obtain the information they want. Even if they had no intention to hack, once they realize that the system is not up to date, most of them get attracted to that, and some want to experiment with their techniques on it.

Review of literature

Cloud computing is a new model of computing innovated recently whereby users can store their information even after deleting them on their phones are devices used. A survey done by researchers on literature review and possible solutions can be found in research by five Indians (Chirag et al.,2013) In addition to this, some case studies in cloud securities get reviewed here. Various data breaches examples are given. In a case study was done, a firm focused on antivirus named Bit Defender some years back had experienced data breaching vulnerability due to users usernames and passwords which got stolen. The hacker involved demanded the company approximately fifteen thousand dollars, or else the information would get publicized.

Another case study is on a British telecom provider, which had many cases of a data breach. The telecom provider at the time had around four million users. The data breach involved was the theft of the users’ information. After the data breach, then followed scam calls, which aimed to extract sensitive information from the company, which was related to banking. Due to the failure of providing cryptographic security, the company underwent significant criticism which followed by many users switching to rival telecommunication providers due to fear of publicity of their information. The articles on the research give in-depth information about the case study, which will get looked at as the paper goes on.

Various measure for security threats of data breaches in cloud computing provides in research done named security threats and countermeasures in cloud computing (Vahid &Seyed,2012) This article tries to explain the various security threats and of course the possible measures to avoid data breaches and its related problems.

Methodology

With the review on literature completed, further research has to get done to ensure data breaches do not occur and become a story of the past. This research has in mind cloud computing companies and their users. Here, recent case studies in agreement with the matter will get analyzed, and instead of repeating what other researchers have done, ours will be to further the research and take it to a more in-depth level where we analyze every cause, every detail, and give our views and our research answers. We believe that by doing this, most of the companies will get the help they need to avoids such instances from occurring, which is a significant reason for the research to be conducted.

Research design

To some point, the research is both an experimental research and survey research since the cloud computing companies will get interviewed, and their data breach cases analyzed, as stated earlier at the beginning, From the Analysis, different methods will be formulated to curb the problem. These formulated preventive measures will get used by the company for a specific period whereby conclusions will get drawn and results gotten. From these, a review will get done, and ultimately the research will get concluded. As stated earlier, the participants of the research will be significant cloud computing producers who, at one time, had an issue regarding data breaching.

From the research design, then the different methods of data collection can be underway. These methods have to agree with the research design, so that accurate conclusions and results are gotten. Some methods of data collection can not apply in some research designs.

Data collection methods

The first data collection method is interviewing. Member of the group will visit the various participants and talk to them one on one. This method will enable the group members to meet with the involved officials and talk face to face. A tape recorder will record this information for not forgetting the information relayed to the group. An advantage of interviewing as a data collection method is that we obtain first-hand information that is not altered, unlike the information on the internet, which reporters have altered to attract the members of the public. It is important to note that although this is the case, research online will also get conducted to back up the information already obtained in the interviews.

The second data collection method will be the use of questionnaires whereby with the permission of the management in these different companies, employees involved will answer questionnaires related to the subject matter. This data collection method enables the researchers to come up with statistics on the matter. This method will also prevent wasting the time of the employees by interviewing them since they are supposed to be working at this time. Also, while in the companies observation will get done. Some of the researchers will look at how employers use their time in the offices. This method will enable come up with research conclusions from their behavior and decorum at the offices.

These methods will be our primary data collection methods in the various companies scheduled in the research. Emails and letters requesting permission will get sent to the companies human relations managers for the permission and rules that will get followed while in their various premises.

From Data collection, analysis of the data collected will commence. This step is predicted to take the longest time in the research. As stated earlier, the research mission is to give an in-depth on all the issues the companies have faced. With the information obtained from the internet and the results of other researchers, it will be easier to analyze the data. The data obtained will get inspected to ensure that all the information is correct. Various models and algorithms usually get drawn and formed in this stage. Relevant calculations will get re-performed if a breach of information gets discovered. From this stage, the confirmation of data will occur, and lastly, conclusions get made.

The timeline of the research is set to take one month to allow the group members to do an in-depth analysis of the information obtained. The visiting of respective companies to obtain data is set to happen in one week. The rest of the weeks will be purely for Analysis. This decision will help us turn all stones searching for answers and possible prevention security measures for the companies. It is, therefore, essential to note that each company will be analyzed individually and the causes ad various security measures will get prescribed since different companies have different issues and methods of a data breach in their cloud computing servers.

From these, the security measures we came with will get delivered to the companies for them to carry out for a month. This step will analyze if the research was successful or not. Where problems occur, the group members will have a discussion to assess the problem and agree on an alternative method.

Problem fores

A significant problem foreseen is permission from the companies. Some group members argued that from the companies’ experiences, a few of them would want to be involved in research that would publicize and bring the breach issues all over again. In addition to this, most companies are very private, and all their information is confidential. Confidentiality is the most important in these companies. It was also possible that the members of the companies would give false information to clear their names after their breaching scandals. This action is threatening to the whole research because it will result in wrong hypotheses and conclusions. The time-lapse is also not the best to conduct extensive research like this, but for submission and wrapping up of the research, this was inevitable.

Conclusion

Data breaches in cloud computing providers to some point are preventable. The little mistakes that the employees make are the leading causes of data breaches. These conclusions are from the various case studies done by different researchers looked at in the literature review. In most companies, some laws govern breaching, and this enables them to prevent such instances from occurring, It is from these preventive measures that companies avoid lawsuits and loss of customers.

References

Barona, R., & Anita, E. M. (2017, April). A survey on data breach challenges in cloud computing security: Issues and threats. In 2017 International Conference on Circuit, Power and Computing Technologies (ICCPCT) (pp. 1-8). IEEE.

Vahid Ashktorab and Seyed Reza Taghizadeh. (2012). Security Threats and Countermeasures in Cloud Computing. International Journal of Application or Innovation in Engineering & Management. 1 (2), p234-245.

Chirag Modi, Dhiren Patel, Bhavesh Borisaniya, Avi Patel, and Muttukrishnan Rajarajan. (2013). A Survey on Security Issues and Solutions at Different Layers of Cloud Computing. City Research Online,

Ahmed, M., Kambam, H. R., Liu, Y., & Uddin, M. N. (2019, June). Impact of Human Factors in Cloud Data Breach. In International Conference on Intelligent and Interactive Systems and Applications (pp. 568-577). Springer, Cham.

Khan, F. S., Kim, J. H., Moore, R. L., & Mathiassen, L. (2019). Data Breach Risks and Resolutions: A Literature Synthesis.

Ramachandra, G., Iftikhar, M., & Khan, F. A. (2017). A comprehensive survey on security in cloud computing. Procedia Computer Science, 110, 465-472.