Data protection is a crucial security issue for most organizations. Before moving into the cloud, cloud users need to clearly identify data objects to be protected and classify data based on their implication on security, and then define the security policy for data protection as well as the policy enforcement mechanisms. For most applications, data objects would include not only bulky data at rest in cloud servers (e.g., user database and/or file system), but also data in transit between the cloud and the user(s) which could be transmitted over the Internet or via mobile media (In many circumstances, it would be more cost-effective and convenient to move large volumes of data to the cloud by mobile media like archive tapes than transmitting over the Internet.). Data objects may also include user identity information created by the user management model, service audit data produced by the auditing model, service problem information used to describe the service instance(s), temporary runtime data generated by the instance(s), and many other application data. Different types of data would be of different value and hence have different security implication to cloud users. For example, user database at rest in cloud servers may be of the core value for cloud users and thus require strong protection to guarantee data confidentiality, integrity and availability. Sensitive business data is more vulnerable today than ever before, putting reputations and the bottom line at risk. Corporate trade secrets, national security information, personal medical records, Social Security and credit card numbers are all stored, used, and transmitted online and through connected devices.

Cloud Service Provider(CSP), Cloud Service Consumer(CSC), Data at Rest, Data in transit, Data in use

[1] Pesante, L. “Introduction to Information Security”, carnegie Mellon University, 2008.
https://www.us-cert.gov/sites/default/files/publications/infosecuritybasics.pdf
[2] Worlany, E. “A Survey of Cloud Computing Security: ISuues, Challenges and Solutions”, November 2015.
[3] P.Ravikumar, P. Herbert Raj, “Exploring security issues and solutions in cloud computing services”, Cybernatics and information technologies, Vol.17, Issue.4, 2017.
[4] F e r r i l l. T. The Best Identity Management Solutions of 2017. 3 July 2017.
[5] Hari Krishna, B., S. Kiran, “Security issues in cloud computing and associated mitigation techniques”, Procedia Computer Science, Vol.87, pp.246-251, 2016.
[6] Sabahi, F., “Secure Virtualization for Cloud Environment using Hypervisor-Based Technology”, International Journal of Machine Learing and Computing, Vol.2, Issue.1, pp.39-45, 2012.
[7] Gallagher, P.R. “ A Guide to Understanding Data Remanence in Automated Information Systems”, The Rainbow Books, Chapter 3 and 4.1991.
[8] Syed Asad Hussain, Mehwish Fatima, “Multilevel Classification of security concerns in cloud computing” Applied Computing and Informatics, Vol. 13, pp.57-65, 2017.
[9] L. Ponemon, Ponemon 2014 SSH security Vulnerability Report.
[10] G. Pek, L. Buttayan,” A survey of security issues in hardware virtualization”, ACM Comput. Surveys 45(3) pp.1-34, 2013.
[11] J. Idziorek, Exploiting Cloud Utility Models for Profit and Ruin Graduate Theses and Dissertations, Lowa State University, 2012.
[12] R. Bhadauria, S. Sanyal, “Survey on Security issues in cloud computing ans associated mitigation techniques”, International Journal of Computer Applications, Vol.47, Issue.18, pp.47-66, 2012.
[13] Reed, A., C.Rezek, P.Simmonds, “Security Guidance for critical Area of focus in cloud computing”, V3.1. Cloud Security Alliance(CSA).2011, pp.1-176.
[14] OWASP Top 10 Application Security Risks – 2017. Open Web Application Security Project (OWASP).
[15] Rathie, I. An Approach to Application Security. SANS Security Essentials White Paper, SANS Institute.
[16] OWASP Top 10 Backdoors, Open Web Application Security Project (OWASP).
[17] Rouse, M. Data Integrity, September 2005.
[18] Rouse, M. Authentication, February 2015.
Cloud Middleware informatiion avialable URL “https://www.techopedia.com/definition/30630/cloud-middleware-software”.
Data Backup: Cloud Computing VS On-Site Options informatiion avialable URL “https://www.staples.com/content-hub/data-backup-cloud-computing-vs-on-site-options/”
[19] Farahzadi, A., P. Shams, “Middleware Technologies for Cloud of Things – A Survey”, Digital Communications and Networks, Elsevier, 18 April 2017.
[20] Nolle, T. “How to Address Security Risks Posed by Middleware Tools”, December 2014.
[21] Role of Cloud Computing Operating Systems. 8 March 2013.
[22] P. Herbert Raj, P. Jelciana “Exploring security issues and solutions in cloud computing services”, Cybernatics and information technologies, Vol.17, Issue.4, 2017.
[23] Chakravarty, A. Importance of the Network in Cloud Computing. 25 January 2012.
[24] Top 7 Network Attack Types in 2016. Calyptix Blog. 13 June 2016.
[25] Rouse, M. DNS Attack. July 2015.
[26] Jakimoski, K. “Security Techniques for Data Protection in Cloud Computing”, International Journal of Grid and Distributed Computing, Vol. 9, 2016, No 1, pp. 49-56.
[27] J. Rezazadeh, R. Farahbakhsh. Middleware Technologies for Cloud of Things – A Survey. – Digital Communications and Networks, Elsevier, 2017.
[28] Minhaj Ahmad Khan, Khaled Salah, “IoT Security: Review, blockchain solutions, and open challenges”, Future Generation Systems, Elsevier, Vol. 82, pp.395-411, 2018.