ISS And Cloud Computing - CS 632 Information Systems Securit ✓ Solved

Posted on December 13, 2025

ISS AND CLOUD COMPUTING 10 CS 632 Information Systems Securi

ISS AND CLOUD COMPUTING 10 CS 632 Information Systems Security Project Assignment

This paper briefly explains Cloud Computing and its security practices that must be implemented to secure cloud infrastructure. Include: background/introduction; problem statement; goal; research questions; relevance and significance; barriers and issues; literature review (covering cloud deployment models: public, private, community, hybrid; and service models: SaaS, PaaS, IaaS); approach/methodology; findings, analysis, and summary of results; conclusions; and references. Address security concerns (confidentiality, integrity, availability), authentication and authorization challenges, potential risks during migration and usage, and recommended mitigation strategies. Provide a structured academic paper.

Paper For Above Instructions

Abstract

Cloud computing provides on-demand access to compute, storage, and platform services. While offering operational and cost advantages, cloud adoption introduces security, privacy, and trust issues that must be managed to protect confidentiality, integrity, and availability (CIA) of organizational assets. This paper synthesizes background, problem statement, goals, research questions, relevant literature, methodology, findings, and recommendations for securing cloud environments across public, private, community, and hybrid deployments and across SaaS, PaaS, and IaaS service models.

Introduction and Background

Cloud computing centralizes resources and delivers services over networks, enabling scalability and reduced capital expenditure (Mell & Grance, 2011). Organizations migrate applications and data to cloud platforms to improve agility, performance, and cost-efficiency, but this shift relocates control to cloud service providers (CSPs), raising unique security and governance challenges (Subashini & Kavitha, 2011).

Problem Statement

Storing software, hardware management, and sensitive data in third-party clouds can obscure visibility and control. Key concerns include authentication and authorization robustness, data leakage, multi-tenancy risks, regulatory compliance, and service availability. Without strong controls, users cannot readily verify that requests and accesses are legitimate or that data handling adheres to policy (Hashizume et al., 2013).

Goal and Research Questions

Goal: Provide practical security guidance for cloud resources, identify migration and operational risks, and specify mitigations.

Research questions:

What security factors should organizations consider when using cloud services?
How can consumers and providers ensure confidentiality, integrity, and availability in cloud deployments?

Relevance and Significance

As organizations across sectors move to cloud platforms, robust security frameworks are essential to preserve trust, meet compliance, and maintain business continuity. Understanding deployment and service models enables appropriate control selection and risk management (ENISA, 2015).

Barriers and Issues

Major barriers include lack of cloud-specific policies, limited visibility into CSP operations, inadequate identity and access management (IAM), configuration errors, weak encryption practices, and uncertain shared-responsibility boundaries (CSA, 2016).

Literature Review

Definitions and models: NIST defines cloud characteristics and service models (Mell & Grance, 2011). Deployment models—public, private, community, hybrid—affect risk profiles: public clouds increase multi-tenant exposure; private clouds reduce external exposure but may retain internal threats (NIST SP 800-144, 2011).

Threat landscapes: Common threats include data breaches, insecure APIs, malicious insiders, account hijacking, and service outages (Cloud Security Alliance, 2016; ENISA, 2015). Studies recommend layered controls: IAM, encryption, logging, monitoring, configuration management, and incident response (Subashini & Kavitha, 2011; Hashizume et al., 2013).

Standards and guidance: ISO/IEC 27017 and 27018 offer cloud-specific control guidance and privacy protections; NIST and CSA provide implementation-focused recommendations. Cloud provider best practices (AWS, Microsoft Azure) add operational safeguards (ISO/IEC 2015; AWS Security Best Practices).

Approach and Methodology

This paper applies a synthesis methodology: reviewing authoritative standards and peer-reviewed research, mapping common threats to CIA objectives, and deriving mitigation strategies for each deployment and service model. The approach prioritizes controls by risk impact and feasibility for typical enterprise environments.

Findings and Analysis

1) CIA mapping: Confidentiality risks stem from data exposure due to misconfiguration, weak encryption, or compromised credentials. Integrity threats include unauthorized modification and insecure APIs. Availability risks arise from DDoS, provider outages, and configuration errors (ENISA, 2015).

2) Authentication and authorization: Strong IAM practices are essential. Multi-factor authentication (MFA), federated identity (SAML/OAuth/OpenID Connect), least-privilege roles, and periodic entitlement review reduce account compromise and privilege escalation risks (CSA, 2016).

3) Data protection: Apply encryption at rest and in transit with robust key management. Use tokenization or format-preserving encryption for sensitive fields. Retain control of keys when regulatory or confidentiality concerns are high (ISO/IEC 27018, 2019).

4) Shared responsibility: Clarify responsibilities in contracts and SLAs. Understand which controls are provider-managed (e.g., physical security) and which are customer-managed (e.g., application access control) (NIST SP 800-144, 2011).

5) Configuration and change management: Misconfiguration is a leading cause of cloud breaches. Automated configuration scanning, infrastructure-as-code with policy-as-code (e.g., Terraform + Sentinel/OPA), and drift detection minimize exposure (Hashizume et al., 2013).

6) Monitoring and incident response: Centralized logging (SIEM), continuous monitoring, anomaly detection, and tested incident response playbooks reduce detection and recovery times (AWS & Microsoft guidance).

Recommended Mitigation Strategies

Establish a cloud security governance framework aligned with ISO 27001/27017 and NIST guidelines.
Implement strong IAM with MFA, least-privilege, and federation for centralized identity management (CSA, 2016).
Encrypt data in transit and at rest; use customer-managed keys for sensitive data where feasible (ISO/IEC 27018, 2019).
Adopt infrastructure-as-code and automated configuration scanning to prevent misconfigurations.
Define SLAs and shared-responsibility models in contracts; require transparency and audit rights from CSPs.
Deploy continuous monitoring, logging, and incident response playbooks; run regular tabletop exercises.
Evaluate service model risks: SaaS demands stronger data access controls; PaaS requires secure application lifecycle; IaaS needs host-level hardening.

Conclusions

Cloud computing can deliver significant benefits, but it requires a deliberate, layered security strategy. By addressing authentication, authorization, encryption, configuration management, monitoring, and contractual governance, organizations can mitigate the primary risks to confidentiality, integrity, and availability. Applying standards (NIST, ISO) and provider best practices, combined with automation and continuous monitoring, enables secure cloud adoption across deployment and service models.

References

Mell, P., & Grance, T. (2011). The NIST Definition of Cloud Computing. NIST Special Publication 800-145. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf
NIST. (2011). Guidelines on Security and Privacy in Public Cloud Computing (NIST SP 800-144). https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf
Cloud Security Alliance (CSA). (2016). Top Threats to Cloud Computing. https://cloudsecurityalliance.org
ENISA. (2015). Cloud Computing Risk Assessment. European Union Agency for Cybersecurity. https://www.enisa.europa.eu/publications
Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34(1), 1–11. https://doi.org/10.1016/j.jnca.2010.07.006
Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of security issues for cloud computing. Journal of Internet Services and Applications, 4(1), 5. https://doi.org/10.1186/1869-0238-4-5
ISO/IEC 27017. (2015). Code of practice for information security controls based on ISO/IEC 27002 for cloud services. International Organization for Standardization.
ISO/IEC 27018. (2019). Protection of personally identifiable information (PII) in public clouds acting as PII processors. International Organization for Standardization.
AWS. (2020). AWS Security Best Practices. Amazon Web Services Whitepaper. https://aws.amazon.com/whitepapers/
Microsoft Azure. (2019). Azure Security Documentation and Best Practices. Microsoft Docs. https://docs.microsoft.com/azure/security

« Previous Next »

Hire Dr Jack for Homework & Academic Writing Help

Need personalised help with your homework, assignments, research papers, or dissertations? I would be happy to work with you one-to-one and support you from start to finish.

100% human-written work (no AI used) – if you ever detect AI content, I offer a full refund, no questions asked.
Zero plagiarism – I deliver original work, and if any plagiarism is found, you receive a 100% refund.
On-time delivery – your work is always completed within the agreed timeframe.
Available 24/7 – you can reach out whenever it is convenient for you.
Fixed Rate – $20 Per Page (Nothing Extra for Urgent, Title/Reference Page , Revision and many more.).

To discuss your requirements, please email me at drjack9650@gmail.com . I will respond as soon as possible.