Access Control Challenges Faced When Organizations Implement Private And Public Cloud Solutions

Abstract

Cloud compuying is a syetem of combined and diverses networked device that are mean to offer and support demanded services. Most of the organizations are now moving towards the cloud because of the big data, security issues, and privacy concerns. Cloud services have multitude benefits including innovation, cost benefits, scalability, agility, and business growth, and these are some of the reasons why organization prefer cloud services. Cloud services have benefits and opportunities, however, there are also many challenges and risks associated with the services. As a result, organizations across the world are investing in cloud services to address the problems. Some of the problems include availability, security observance, and connectivity.  

Access Control Challenges Faced When Organizations Implement Private And Public Cloud Solutions

A survey on 930 IT professionals revealed that though security is a big challenge, it is no longer a top concern. Some of the now biggest obstacles in cloud computing are adopting the right skills, expertise and managing costs. Despite the risks and challenges, it is clear that cloud computing is revolutionizing the IT industry, hence they do not make it less important (Nepal, Pathan & SpringerLink, 2014). This paper is about access control challenges organizations face in implementing public and private cloud solutions. Major access control challenges on implementing public and private cloud solutions include; Data Loss and Leakage, Cyber Attacks, Misconfiguration of Cloud Platform, Data Breaches, Vulnerable Access Controls, and Specter and Meltdown.

Datalose leakage is one of the major access challenges faced in cloud computinf. The provision of remote access to users is a bane of cloud but there are always chances of human error. Therefore, the challenge of data loss or leakage is one of the biggest concerns when it comes to cybersecurity professionals. The loss or leakage makes organizations loss faith in providers of cloud services due to the security of their data (Munir & Mohammed, 2019). Moreover, these issues could result in legal disputes. As a result, the cloud services provider should have I mind data security and the end-users’ privacy. 

Cyber-attack are a big challenge to cloud computing. Online stored data is always at risk of cyber-attack and cloud storage is not an exception. Cloud data storage is vulnerable to cyber-attacks, hence the risk of losing data or the data landing in bad hands (Colombo & Ferrari, 2019). The increase in threats level is majorly a result of recurring attacks by virtual machines, brute force attacks, and bot malware. According to the service providers, security measures against the attacks is important when it comes to determining the security level offered in cloud storage (Taimoor, Hala & Shahzeb, 2018). However, the bad news is the cyber-attack is an endless problem because it will still be there regardless of how serious security measures are addressed or implemented.

Misconfiguration of Cloud Platform is one of the prevalent but preventable issues. According to one of the US-based software firm known as Threat Stack, 73% of the companies have been a victim of crucial AWS cloud security misconfigurations. A small mistake during cloud configuration can cause major security risks (Dave et al., 2018). Two years ago, a Californian-based data analytics company by the name of Alteryx unintentionally exposed details of more than 120 million households in the US. The mishap was a result of misconfigured AWS S3 Bucket. The data compromised involved mortgage information and consumer details together with contact details and the addresses of the customers. 

Data breach confirms the vulnerability of sensitive data. The challenge can happen due to an intended or an unintended attack, but it is a threat to the usual operations, stock price, and credibility of the organizations (Dave et al., 2018). Often, insecure data is prone to cyber theft. Data breaches are a common challenge, for example, 1253 incidents of public data breach were reported in 2017 (Colombo & Ferrari, 2019). The challenge could be prevailing because only network infrastructure is under the control of IT professional whereas most of the cloud controls stay with the trusted partner. 

Cloud services offer anywhere, anytime access to all the users. The flexible access to the cloud gives away more susceptible access controls (Nepal et al., 2014). APIs can give hackers an easy entry point since they are always on the look for vulnerabilities to exploit. Towards the end of 2017, researchers discovered that computer chips manufactured for the last two decades had Spectra and Meltdown – a fundamental security flaw. Spectra affects cloud servers, laptops, desktops, and smartphones (Deka, 2019). While Meltdown can help attackers in the viewing of the data stored on virtual servers which are hosted on the same hardware. 

A solution to the access control challenges

There are several solutions to access control challenges in cloud storage. Among the solutions is provenance-based access control. Provenance offers all information on different processes and specific data actions and is used in mitigating the access control challenges experienced in cloud computing. Three main goals are achieved by the system: provenance based access control model, remote data objects’ assessment, and provenance in a dynamic cloud environment (Nguyen & University of Texas at San Antonio, 2014). Moreover, based on the first goal, provenance is a significant component besides basic access control subjects, objects, and rights. Apart from the Policy Decision Point (PDP) and Policy Enforcement Point (PEP), the system also has policy database modules and an additional provenance database. 

Access control proposed mechanism supports the least privilege where organizations are allowed to only use mandatory data objects in performing certain actions based on provenance policies of their data. An obstacle, in this case, could be a lack of specific rules or procedures defined to assure duty separation principle, which is a necessity when it comes to limiting access subjects for the elimination of security breaches. The operating system does not consist of access control policies: however, transferring between policies is not a walk in the park even at API level because provenance records associated with every single object of data are large in number (Munir & Mohammed, 2019). Thus, in the provenance-based control model, there is lower configuration flexibility. According to Nguyen and the University of Texas at San Antonio (2014), Cloud Provenance Authority core components the PEP and PDP can be deployed easily in any independent underlying infrastructure environment; thus providing high horizontal scope. 

Conclusion

Access to control challenges are setbacks to cloud services. Though there are solutions to the challenges, some of them like cyber-attack have prevailed despite the measures taken to solve them. As a result, multiple procedures, controls, applications, technologies, and policies have been implemented to protect data and related cloud storage. A solution to access control challenges like provenance-based access control ensures the data is well protected and the cloud providers maintain confidentiality and integrity as well as follow defined regulations in handling the organizations’ data. Understanding the access control challenges helps in providing a serious consideration, adopting the best technology and staying safe with organizations’ data.

References

Munir, K., & Mohammed, L. A. (January 01, 2019). Access Control Framework for Cloud Computing.

Colombo, P., & Ferrari, E. (December 01, 2019). Access control technologies for Big Data management systems: literature review and future trends. Cybersecurity, 2, 1, 1-13.

Dave, D., Meruliya, N., Gajjar, T. D., Ghoda, G. T., Parekh, D. H., & Sridaran, R. (January 01, 2018). Cloud Security Issues and Challenges.

Deka, G. C. (January 01, 2019). Cloud Database Security Issues and Challenges.

Nepal, S., Pathan, M., & SpringerLink (Online service). (2014). Security, Privacy and Trust in Cloud Systems. (Springer eBooks.) Berlin, Heidelberg: Springer Berlin Heidelberg.

Nguyen, D., & the University of Texas at San Antonio. (2014). Provenance-based access control models.Taimoor Ahmad, Hala Aslam, & Shahzeb Shahzad. (January 01, 2018). Security of Provider sides in Data Privacy and Data Accessibility Issues in Cloud computing. University of Sindh Journal of Information and Communication Technology, 2, 1, 7-10.