SEMINAR REPORT

ON

DATA SECURITY AND PRIVACY IN THE AGE OF CLOUD COMPUTING

BY

IBIDUN BUKOLA OPEYEMI

CS/HND/F22/3283
 ABSTRACT

This seminar will explore the critical issues of data privacy and security in the context of cloud
computing. As more and more organizations shift their operations to the cloud. The need to
effectively safeguard sensitive data and maintain user privacy has become paramount. The
seminar will address the challenges and risk associated with data privacy and security in the
cloud, and will provide insights into best practices and strategies for ensuring the protection of
data and compliance with privacy regulations. Additionally the seminar will examine emerging
technologies and approaches for enhancing data privacy and security in the age of cloud
computing overall, the seminar will offer valuable knowledge and practical guidance for
organization looking to navigate the complexities of data privacy and security in the cloud.

Keyword: Cloud Computing, Approach, Data Privacy, Complexity, Paramount.

 1. INTRODUCTION

Cloud computing has been envisioned as the next generation paradigm in computation. In the
cloud computing environment, both applications and resources are delivered on demand over the
Internet as services. Cloud is an environment of the hardware and software resources in the data
centers that provide diverse services over the network or the Internet to satisfy user's
requirements (Leavitt, 2019).

The explanation of “cloud computing” from the National Institute of Standards and Technology
(NIST) (Mell,2019) is that cloud computing enables ubiquitous, convenient, on-demand network
access to a shared pool of configurable computing resources (e.g., networks, servers, storage,
applications, and services) that can be rapidly provisioned and released with minimal
management effort or service provider interaction. According to the explanation, cloud
computing provides a convenient on-demand network access to a shared pool of configurable
computing resources. Resources refer to computing applications, network resources, platforms,
software services, virtual servers, and computing infrastructure (Gupta, 2019).

Cloud computing can be considered as a new computing archetype that can provide services on
demand at a minimal cost. The three well-known and commonly used service models in the
cloud paradigm are software as a service (SaaS), platform as a service (PaaS), and infrastructure
as a service (IaaS). In SaaS, software with the related data is deployed by a cloud service
provider, and users can use it through the web browsers. In PaaS, a service provider facilitates
services to the users with a set of software programs that can solve the specific tasks. In IaaS, the
cloud service provider facilitates services to the users with virtual machines and storage to
improve their business capabilities ( Parikh, 2019).

Cloud computing is closely related to but not the same as grid computing (Berman, 2018). Grid
computing integrates diverse resources together and controls the resources with the unified
operating systems to provide high performance computing services, while cloud computing
combines the computing and storage resources controlled by different operating systems to
provide services such as large-scaled data storage and high performance computing to users. The
overall picture of grid computing has been changed by cloud computing. Distribution of data is
in a new way of cloud computing comparing with the grid computing.
Cloud computing will enable services to be consumed easily on demand. Cloud computing has
the characteristics such as on-demand self-service, ubiquitous network access, location
independent resource pooling, rapid resource elasticity, usage-based pricing, and transference of
risk. These merits of cloud computing have attracted substantial interests from both the industrial
world and the academic research world. Cloud computing technology is currently changing the
way to do business in the world (Li Yan, 2018).

Cloud computing is very promising for the IT applications; however, there are still some
problems to be solved for personal users and enterprises to store data and deploy applications in
the cloud computing environment. One of the most significant barriers to adoption is data
security, which is accompanied by issues including compliance, privacy, trust, and legal matters
(Shah, 2018). The role of institutions and institutional evolution is close to privacy and security
in cloud computing (Kshetri, 2017).

Data security has consistently been a major issue in IT. Data security becomes particularly
serious in the cloud computing environment, because data are scattered in different machines and
storage devices including servers, PCs, and various mobile devices such as wireless sensor
networks and smart phones. Data security in the cloud computing is more complicated than data
security in the traditional information systems.

To make the cloud computing be adopted by users and enterprise, the security concerns of users
should be rectified first to make cloud environment trustworthy. The trustworthy environment is
the basic prerequisite to win confidence of users to adopt such a technology ( Latif et al, 2020).
discussed the assessment of cloud computing risks.

Before the data security issues are discussed, the functions of cloud computing are analyzed first.
Cloud computing is also known as on-demand service. In the cloud computing environment,
there is a cloud service provider that facilitates services and manages the services. The cloud
provider facilitates all the services over the Internet, while end users use services for satisfying
their business needs and then pay the service provider accordingly.

Cloud computing environment provides two basic types of functions: computing and data
storage. In the cloud computing environment, consumers of cloud services do not need anything
and they can get access to their data and finish their computing tasks just through the Internet
connectivity. During the access to the data and computing, the clients do not even know where
the data are stored and which machines execute the computing tasks ( Latif et al, 2020).

Coming to data storage, data protection and security are the primary factors for gaining user's
trust and making the cloud technology successfully used. A number of data protections and data
security techniques have been proposed in the research field of cloud computing. However, data
protection related techniques need to be further enhanced.

Services of cloud computing are provided across the entire computing spectrum. Nowadays,
organizations and companies are moving and extending their business by adopting the cloud
computing to lower their cost. This can contribute to free more man-powers to focus on creating
strategic differentiation and business division of labor is clearer (Chen D, 2019).

The cloud is growing continuously because it could provide high performance computational
services at cheaper rates.

The concept of cloud has a number of implementations based on the services from service
providers. For example, Google Apps Engine, Microsoft Azure, and Amazon Stack are popular
implementations of cloud computing provided by cloud service providers, that is, Google,
Microsoft, and Amazon companies. Besides, the ACME enterprise implemented VMware based
v-Cloud for permitting multiple organizations to share computing resources.

2. UNDERSTANDING DATA PRIVACY AND SECURITY

In the context of data integrity and their updating is included. Even a database that includes the
identification information of a company's employees, in order to allow them access to its
resources. According to this tactic, every time the employee requests access, a check is made as
to whether the information he provides for identification is on this basis. If so, he is allowed
access and can use the resources provided. In case a dissatisfied employee changes company he
wants to cause damage to the first one, he has access to do so, if the identification database is not
update (Chen D, 2019).
The concept of availability is related to ensuring that the user will have exactly the resources he
wants, at the time he wants them. The most typical threat of this term is denial of service.
Temporary or permanent refusal to provide resources or services is not always the result of a
hostile attack. When the number of users of a service is constantly increasing and the resources
reach a point where they cannot serve the numerous requests they receive, the result is the
service is overloaded and does not respond. It is not uncommon for an incident to lead to the
destruction of data or resources in the computing cloud. Such an error will certainly cost the
customer, especially if the provider has not addressed the issue and has not created the necessary
mechanisms to restore the data and Resources to the state they were in before their destruction.
The existence of these mechanisms is not enough, but also their proper operation. In any case,
there must be a measure of comparison of the risks that threaten the virtual resources from the
respective natural ones, so that the user can form a complete and clear picture of what he gains
and what he loses from each choice. For example, storing sensitive data on a physical computer
would be a greater threat if it were stolen than storing it in a database in the computing cloud.
Like any new technology, it has been the subject of several security controversies and the
potential dangers it may pose. Therefore, the real threat is linked to everyone's point of view and
careful management of resources, according to computing cloud security policies.

3. EVOLUTION OF CLOUD COMPUTING

Cloud computing has been envisioned as the next generation paradigm in computation. In the
cloud computing environment, both applications and resources are delivered on demand over the
Internet as services. Cloud is an environment of the hardware and software resources in the data
centers that provide diverse services over the network or the Internet to satisfy user's
requirements (Gupta,2021).

The explanation of “cloud computing” from the National Institute of Standards and Technology
(NIST, 2021) is that cloud computing enables ubiquitous, convenient, on-demand network access
to a shared pool of configurable computing resources (e.g., networks, servers, storage,
applications, and services) that can be rapidly provisioned and released with minimal
management effort or service provider interaction. According to the explanation, cloud
computing provides a convenient on-demand network access to a shared pool of configurable
computing resources. Resources refer to computing applications, network resources, platforms,
software services, virtual servers, and computing infrastructure.

Cloud computing can be considered as a new computing archetype that can provide services on
demand at a minimal cost. The three well-known and commonly used service models in the
cloud paradigm are software as a service (SaaS), platform as a service (PaaS), and infrastructure
as a service (IaaS). In SaaS, software with the related data is deployed by a cloud service
provider, and users can use it through the web browsers. In PaaS, a service provider facilitates
services to the users with a set of software programs that can solve the specific tasks. In IaaS, the
cloud service provider facilitates services to the users with virtual machines and storage to
improve their business capabilities.

Cloud computing is closely related to but not the same as grid computing (Gupta,2021). Grid
computing integrates diverse resources together and controls the resources with the unified
operating systems to provide high performance computing services, while cloud computing
combines the computing and storage resources controlled by different operating systems to
provide services such as large-scaled data storage and high performance computing to users. The
overall picture of grid computing has been changed by cloud computing. Distribution of data is
in a new way of cloud computing comparing with the grid computing.

Cloud computing will enable services to be consumed easily on demand. Cloud computing has
the characteristics such as on-demand self-service, ubiquitous network access, location
independent resource pooling, rapid resource elasticity, usage-based pricing, and transference of
risk. These merits of cloud computing have attracted substantial interests from both the industrial
world and the academic research world. Cloud computing technology is currently changing the
way to do business in the world.

Cloud computing is very promising for the IT applications; however, there are still some
problems to be solved for personal users and enterprises to store data and deploy applications in
the cloud computing environment. One of the most significant barriers to adoption is data
security, which is accompanied by issues including compliance, privacy, trust, and legal matters
(Parikh, 2020). The role of institutions and institutional evolution is close to privacy and security
in cloud computing (Sun, 2020).

Data security has consistently been a major issue in IT. Data security becomes particularly
serious in the cloud computing environment, because data are scattered in different machines and
storage devices including servers, PCs, and various mobile devices such as wireless sensor
networks and smart phones. Data security in the cloud computing is more complicated than data
security in the traditional information systems.
To make the cloud computing be adopted by users and enterprise, the security concerns of users
should be rectified first to make cloud environment trustworthy. The trustworthy environment is
the basic prerequisite to win confidence of users to adopt such a technology. (Latif et al, 2019).
discussed the assessment of cloud computing risks ( Sun,2020).

Before the data security issues are discussed, the functions of cloud computing are analyzed first.
Cloud computing is also known as on-demand service. In the cloud computing environment,
there is a cloud service provider that facilitates services and manages the services. The cloud
provider facilitates all the services over the Internet, while end users use services for satisfying
their business needs and then pay the service provider accordingly.

Cloud computing environment provides two basic types of functions: computing and data
storage. In the cloud computing environment, consumers of cloud services do not need anything
and they can get access to their data and finish their computing tasks just through the Internet
connectivity. During the access to the data and computing, the clients do not even know where
the data are stored and which machines execute the computing tasks.

Coming to data storage, data protection and security are the primary factors for gaining user's
trust and making the cloud technology successfully used. A number of data protections and data
security techniques have been proposed in the research field of cloud computing. However, data
protection related techniques need to be further enhanced.

Services of cloud computing are provided across the entire computing spectrum. Nowadays,
organizations and companies are moving and extending their business by adopting the cloud
computing to lower their cost. This can contribute to free more man-powers to focus on creating
strategic differentiation and business division of labor is clearer.

The concept of cloud has a number of implementations based on the services from service
providers. For example, Google Apps Engine, Microsoft Azure, and Amazon Stack are popular
implementations of cloud computing provided by cloud service providers, that is, Google,
Microsoft, and Amazon companies. Besides, the ACME enterprise implemented VMware based
v-Cloud for permitting multiple organizations to share computing resources.

According to the difference of access scope, cloud can be divided into three types: public
cloud, private cloud, and hybrid cloud. Public cloud is as the property of service provider and
can be used in public, private cloud refers to being the property of a company, and hybrid cloud
is the blends of public and private cloud. Most of the existing cloud services are provided by
large cloud service companies such as Google, Amazon, and IBM. A private cloud is a cloud in
which only the authorized users can access the services from the provider. In the public cloud
anybody can use the cloud services whereas the hybrid cloud contains the concept of both public
and private clouds.

Cloud computing can save an organization's time and money, but trusting the system is more
important because the real asset of any organization is the data which they share in the cloud to
use the needed services by putting it either directly in the relational database or eventually in a
relational database through an application.

4. CHALLENGES IN CLOUD COMPUTING

The following are the challenges faced using cloud computing:
 Data security and privacy

When working with Cloud environments, data security is a major concern as users have to take
responsibility for their data, and not all Cloud providers can assure 100% data privacy. No
identity access management, lack of visibility and control tools, data misuse, and cloud
misconfiguration are the common reasons behind cloud privacy leaks. There are also concerns
about malicious insiders, insecure APIs, and neglect or oversights in cloud data management.

 Multi-cloud environments

Multi-cloud environments present issues and challenges such as – configuration errors, data
governance, lack of security patches, and no granularity. It is difficult to apply data management
policies across various boards while tracking the security requirements of multi-clouds ( Latif et
al, 2020).

 Performance challenges
 The performance and security of cloud computing solutions depend on the vendors, and keep in
mind that if a Cloud vendor goes down, you may lose your data too.

 Interoperability and flexibility

When you try to shift applications between two or multiple Cloud ecosystems, interoperability
is a challenge. Some of the most common issues are:

i. Match the target cloud environment’s specifications by rebuilding application stacks

ii. Managing services and apps in the target cloud ecosystem
iii. Working with data encryption during migration
iv. Configuring networks in the target cloud for operations

 High dependence on network

When transferring large volumes of information between Cloud data servers, a lack of sufficient
internet bandwidth is a common problem. There is a risk of sudden outages, and data is highly
vulnerable. To help prevent business losses from sudden outages, enterprises should ensure
there is high bandwidth without sacrificing performance.

 Reliability and availability

High unavailability of Cloud services, as well as lack of reliability, are the major concerns in
these ecosystems. In order to keep up with ever-changing business requirements, businesses are
forced to seek additional computing resources

 Password security

Account managers manage all their cloud accounts using the same passwords. Password
management poses a critical problem, and it is often found that users resort to using weak and
reused passwords.

5. RISK IN CLOUD COMPUTING

Risk in cloud computing involved the exposure of user information to the public, in cloud
computing there several risk faced when using cloud computing, the risk are explained below:
i. Security risk: data breaches, unauthorized access and malicious attacks are the security
risk in cloud computing
ii. Data privacy concerns: is concern with data compliance with regulations, data
ownership and control.
iii. Data loss and Availability risk: Data Corruption and deletion are the major loss of risk
in cloud computing
iv. Cost and budgeting risks: Unpredictable costs, hidden fees and budget overruns.
6. REGULATORY COMPLIANCE AND LEGAL CONSIDERATIONS
Regulatory Compliance and legal consideration are the principles or rules that need to be
followed when using cloud computing.
i. Data Protection and Privacy: Compliance with data protection regulations like GDPR,
HIPAA, and CCPA when storing and processing personal data in the cloud.
ii. Data Sovereignty: Ensuring data is stored and processed in accordance with local laws
and regulations, such as the EU’s Data protection Directive.
iii. Security and Compliance: meeting cloud security standards like SOC 2, ISO 27001, and
PCI-DSS to ensure data protection.
iv. Contractual Obligations: Reviewing cloud service provider contracts to ensure
compliance with regulatory requirements and organization policies
v. Intellectual Properties: Protecting intellectual properties right in cloud computing,
including patents, trademarks, and copyrights.
vi. Audit and compliance reports: Regularly auditing cloud computing environments to
ensure compliance and generating reports for stakeholders.

7. BEST PRACTICES FOR DATA PRIVACY AND SECURITY IN THE CLOUD

Data privacy and protection have always been a top concern for organizations. Its importance has
only grown as more data is stored on public cloud services, increasingly more sophisticated
cyber attacks take advantage of the inter-connected nature of modern business, and stringent
laws and regulations governing privacy have been put into place in recent years.
The bottom line is that there are several factors making it harder for organizations to protect data.
To start, most organizations have little insight into the data once it gets to the cloud. Many are
using multiple clouds. And the protection of the privacy of that data is increasing under different
rules based on the country it is generated or stored in. These issues are driving the need for better
observability tools and sovereign cloud.

With more data on more cloud platforms being subject to increasingly stringent regulations,
traditional approaches to protecting data fall short. One great challenge is that most enterprises
use many point solutions to monitor and manage the data. These tools generate vast volumes of
alerts, logs, and other data. Those responsible for data protection and security are simply
overwhelmed with this data and have a hard time aggregating it, correlating events, or getting
any insights out of the data.

8. ENCRYPTION AND KEY MANAGEMENT

The main purpose to implement encryption algorithms is to prevent the confidentiality of data
from be-coming a data breach. Security methods and key management implemented to increase
the level of data protection while privileging access-level breaches. The type of encryption
method and key management may affected the level of security in cloud storage.

• Client-side encryption – users encrypt their own data, by their own key.

• Server-side encryption, keys held by server – users upload data to their cloud provider encrypt
the data.

• Server-side encryption, keys held by client – users hold their own key but the server encrypt
the data.

• End-to-End encryption, encrypted on the one end and decrypted on the other end, so only the
sender and receiver can read it by using public/private keys.

Client-side encryption is a mechanism to encrypt the data using a secure key that is constructed
using encryption algorithms at the end-user device. Applying encryption at the client-side
converts plaintext information to Ciphertext, which means that the data is transmitted outside of
the user's side securely (Seltzer, 2016). Server-side encryption is a mechanism to encrypt the data
using a secure key, which is constructed using encryption algorithms at the server but the key
held by the users. Applying encryption at the server-side converts plaintext information to
Ciphertext at rest (in the server), which means the data is transmitted outside of the user's side as
plaintext. Server-side encryption is a mechanism to encrypt the data using a secure key, which is
constructed using encryption algorithms at the server but the key held by the server. Applying
encryption at the server-side converts plaintext information to Ciphertext at rest (in the server),
which means the data is transmitted outside of the user's side as plaintext. End-to-end encryption
defines as a method of communication between the sender and the intended recipient(s) securely
and privately. In end-to-end encryption, the encryption is performed at the device level; the keys
are stored with the participants' devices. The data is encrypted before it transmits the end-user
device and decrypted when reaches its destination (Preveil, 2018). Different security
mechanisms can make a huge difference in the level of security provided.

9. DATA BREACH RESPONSE AND INCIDENT MANAGEMENT

The Cloud Data Processing Addendum defines a data incident as “a breach of Google’s security
leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or
access to, Customer Data on systems managed by or otherwise controlled by Google.” While we
take steps to address foreseeable threats to data and systems, data incidents don't include
unsuccessful attempts or activities that don't compromise the security of customer data. For
example, data incidents aren't unsuccessful login attempts, pings, port scans, denial of service
attacks, and other network attacks on firewalls or networked systems (Preveil, 2018).

Incident response is a key aspect of our overall security and privacy program. We have a
rigorous process for managing data incidents. This process specifies actions, escalations,
mitigation, resolution, and notification of any incidents that impact the confidentiality, integrity,

or availability of customer data.

10. EMERGING TECHNOLOGIES

The following are the emerging technologies of the age of cloud computing:
 i. Artificial Intlligence & Machine Learning

AI and Machine learning are experiencing many add-ons as their new offspring, like chatbots,
business intelligence, AI as a Service (AIaaS), and a lot more. Natural Language processing
models like ChatGPTs, Bing, Gemini, etc., are growing at the fingertips of almost every user.

By combining the power of AI and machine learning capabilities, businesses can drive unbiased
insights by processing raw data, which can lead to increased efficiency, cost savings, well-
equipped staff, and growing customer satisfaction.

AI software integrated with cloud environments like (IaaS, PaaS, & SaaS) delivers intuitive and
connected experiences for users. Alexa, Siri, and Google Assistant are living examples of how
this combination is nailing the world by enabling various operations like searches, calling,
texting, music playback and so on.

Many Public cloud vendors are introducing several AI outsourcing services. These services
allow companies to perform software testing and ML algorithms without disrupting the current
infrastructure. They provide access to ready-made AI applications at a fraction of the cost,
yielding significant CAPEX savings.

Machine learning models require large datasets to train algorithms, needing powerful CPUs and
GPUs for processing. The ideal combination of public, private, or hybrid cloud systems provides
the necessary computing power, ensuring security and compliance. Additionally, AI cloud
computing supports services such as serverless computing, batch processing, and container
orchestration.

Cognitive computing uses AI models to simulate human thought processes in complex situations.
Companies like IBM and Google have developed cognitive cloud platforms that offer cognitive
insights as a service, benefiting industries such as finance, retail, and healthcare.

ii. Data Security

As businesses shift to cloud computing technologies, security breaches are also increasing. Cloud
service providers are tightening their cloud environment security with advanced security
protocols, shielding wire falls, building dedicated cybersecurity teams, and a 24/7/365
monitoring system to protect business and customers’ information.

In addition, regulatory compliance has become a critical factor in shaping security practices.
Cloud users are not only implementing rigorous data security measures but also ensuring that
cloud providers are meeting strict security standards like HIPAA, GDPR, PCI-DSS, and other
national or international regulations to manage and protect personal and corporate data
effectively.

As we move into more innovation, encryption, authentication, and disaster recovery will become
even more important in cloud computing. With the rise of data thefts and breaches, hackers are
using new AI-powered attacks, and no matter which systems you are accessing, they are always
vulnerable to social engineering attacks. Therefore, security and resilience are top priorities for
cloud providers and their customers.

iii. Low Code & No Code Development

Low-code and no-code platforms are driving organizations to prioritize excellent user
experience, especially in web application development, to generate new revenue sources. These
platforms deal with issues like slow performance and high maintenance costs linked with
traditional web portals.

Studies show that 82% of organizations now trust low code/no code development to save time
and resources, with executive belief rising from 10% to 26% since 2020. By 2024, 50% of
enterprises will use low code/no code for core business software, projecting $65 billion in
revenue by 2027.

In IoT systems, 40% of automation relies on low code for handling complex, data-intensive
applications. Low-code platforms facilitate AI development, which is expected to reach a market
size of $187 billion by 2030. They are crucial for automating business processes, with 26% of
executives naming them a top investment. By 2024, low-code development will underpin 66% of
application projects, streamlining workflows and integrating with existing APIs.
Iv Edge Computing

Edge computing involves storing, processing, and analyzing data close to its source, such as
sensors and devices. This approach reduces latency, improves efficiency, and enhances privacy,
security, and data transmission rates.

By 2025, Gartner predicts that over 75% of enterprise-managed data will be created and
processed outside traditional data centres and clouds. For example, a wearable heart monitor
detecting arrhythmias can analyze data locally, saving bandwidth and providing quicker alerts by
avoiding unnecessary data transmission to the cloud.

The partnership of 5G’s high speed and low latency is upgrading edge computing and bringing
real-time projects like remote surgeries and self-driving cars into action. Strategic placement of
edge data centres will not only boost performance but also reduce latency and load from core
cloud infrastructure.

Containerization technologies like Docker are popular for edge deployments due to their
portability, isolation, and resource efficiency. Kubernetes adaptations, such as MicroK8s,
facilitate scalable management of containerized workloads, ensuring efficient resource use and
simplified application lifecycle management.

Edge computing necessitates robust security measures, including secure booting, hardware-based
encryption, and robust authentication protocols. Privacy-sensitive approaches like federated
learning and homomorphic encryption enable data analysis while protecting personal
information. New governance frameworks and regulations are needed to address data security
and privacy at the edge.

iv. IoT (Internet of Things)

IoT’s charm is increasing with each passing day. It uses multiple sensors to generate huge
amounts of data, which is stored on cloud data servers. IoT uses sensors and actuators to collect
and analyze data, helping in business decisions. It connects computers, networks, and servers,
enabling remote data collection and device communication.

Here is what’s ahead in the IoT:

 Blockchain: The adoption of Blockchain in IoT ensures data is safe and sound while
interacting between networks. The global blockchain IoT market is expected to grow by
$2,409 million by 2026 where applications built in this will outshine industries like
banking, agriculture, and transportation. As a distributed ledger, blockchain fits well with
IoT applications.

 IoT Powered with 5G Technology: By 2026, nearly five billion 5G subscriptions are
predicted. 5G technology will bring out the full potential of IoT with lower latency, real-
time data processing, and broader coverage. This makes 5G competent enough to boost
IoT device performance and provide tailored services simultaneously.

 IoT-Empowered AI Applications: By 2025, there will be about 64 billion IoT devices. AI

and IoT are projected to join hands to create intelligent machines that automate processes
and can make decisions without a human. This combination will be cost-effective,
increase productivity, and enable predictive maintenance.

 Voice-Activated IoT Devices: AI-powered assistants like Google Assistant, Amazon

Echo, and Siri are becoming users’ favourites regarding voice-based interfaces. 27% of
the global online population uses voice search on mobile devices. Voice interactions will
spread across industries, and voice biometry will emerge as a reliable method for digital
voice profiling.

FUTURE TRENDS

 Controlling access: Cloud computing solutions typically come with controls that allow
you to control access to data on a granular level. Identity and access management tools
assign permissions to users on an individual basis, allowing them to access select groups
of sensitive information and rebuffing them when they attempt to access blocked-off
data. Authentication measures like two-factor authentication and SSO/SAML
authentication provide extra layers of protection.

 Encryption: Encryption is a last line of defense, but a vital one. Encrypting data at rest
shuts down cyber criminals who manage to break into your systems, rendering your
sensitive data utterly illegible to unauthorized users.
 Backups: In the event of a catastrophe, such as data corruption or data loss, backing up
your data regularly will allow you to quickly recover. Performing regular backups is a
vital insurance policy, as it will empower you to restore lost information on a dime and
treat incidents that would wreck the unprepared as minor hiccups.

 Penetration and disaster recovery testing: Regularly testing network penetration and
your disaster recovery readiness helps identify vulnerabilities and hiccups in your
recovery process. With the information from these tests, you can then add additional
controls to cover holes in your network security and streamline your recovery process to
ensure smooth sailing.

11. CASE STUDIES AND EXAMPLES

Shopify (Cloud to Cloud)

Shopify (est. 2006) provides a proprietary e-commerce software platform upon which
businesses can build and run online stores and retail point-of-sale (POS) systems.

Migration Objective

Shopify wanted to ensure they were using the best tools possible to support the evolution
needed to meet increasing customer demand. Though they’d always been a cloud-based
organization, building and running their e-commerce cloud with their own data centers, they
sought to capitalize on the container-based cloud benefits of immutable infrastructure to
provide better support to their customers. Specifically, they wanted to ensure predictable,
repeatable builds and deployments; simpler and more robust rollbacks; and elimination of
configuration management drift.

Evernote (Bare Metal To Cloud)

Evermore (est. 2008) is a collaborative, cross-platform note-taking and task management

application that helps users capture, organize, and track ideas, tasks, and deadlines.

Migration Objective
Evernote, which had maintained its own servers and network since inception, was feeling
increasingly limited by its infrastructure. It was difficult to scale, and time-consuming and
expensive to maintain. They wanted more flexibility, as well as to improve Evernote’s speed,
reliability, security, and disaster recovery planning. To minimize service disruption, they
hoped to conduct the on-premise to cloud migration as efficiently as possible.

ETSY: Bare Metal to Cloud

Etsy (est. 2005) is a global e-commerce platform that allows sellers to build and run online
stores selling handmade and vintage items and crafting supplies.

Migration Objective

Etsy had maintained its own infrastructure from inception. In 2018, they decided to re-
evaluate whether cloud was right for the company’s future. In particular, they sought to
improve site performance, engineering efficiency, and UX. They also wanted to ensure long-
term scalability and sustainability, as well as to spend less time maintaining infrastructure
and more time executing strategy.

Migration Strategy and Results

Etsy undertook a detailed vendor selection process, ultimately identifying GCP as the right
choice for their cloud migration strategy. Since they’d already been running their own
Kubernetes cluster inside their data center, they already had a partial solution for deploying
to GKE. They initially deployed in a hybrid environment (private data center and GKE),
providing redundancy, reducing risk, and allowing them to perform A/B testing. They’re on
target to complete the migration and achieve all objectives.
12. Conclusion

In conclusion, cloud computing is a game-changer for IT resource management because it

provides a shared virtual resource pool for a variety of applications. Benefits like
accessibility, scalability, and cost-effectiveness are what drive its widespread adoption.
However, security problems still exist, and they require strong fixes. Our study explores
security-related topics, such as unexpected data exposure and API vulnerabilities. Improved
API security, encryption, access control, and cutting-edge methods like homomorphic and
DNA based encryption are some of the solutions. Difficulties arise from the fragmented
workload and the dynamic nature of cloud environments. Organizations must proactively
assess and protect against evolving threats. As physical security control diminishes, the
responsibility for safeguarding data during transfer rests with the customer. Customer
responsibility for data protection during transfer increases as physical security control
decreases. This study offers a thorough analysis that emphasizes the significance of security
in cloud computing while taking into account different deployment models. The solutions
and findings that are being presented are intended to make a valuable contribution to the
current discussion on cloud infrastructure security in an era of exponential data growth and
increased connectivity.
 13. Recommendation

Cloud computing is a promising and emerging technology for the next generation of IT
applications. The barrier and hurdles toward the rapid growth of cloud computing are data
security and privacy issues. Reducing data storage and processing cost is a mandatory
requirement of any organization, while analysis of data and information is always the most
important tasks in all the organizations for decision making. So no organizations will transfer
their data or information to the cloud until the trust is built between the cloud service providers
and consumers. A number of techniques have been proposed by researchers for data protection
and to attain highest level of data security in the cloud. However, there are still many gaps to be
filled by making these techniques more effective. More work is required in the area of cloud
computing to make it acceptable by the cloud service consumers. This paper surveyed different
techniques about data security and privacy, focusing on the data storage and use in the cloud, for
data protection in the cloud computing environments to build trust between cloud service
providers and consumers.
 Reference

Gupta, S., Shankar, G., & Gupta, A. (2021, November 12). Cloud Computing: Services,
Deployment Models and Security Challenges. 2021 2nd International Conference on
Smart Electronics and Communicatio
(ICOSEC).https://ieeexplore.ieee.org/document/9591794

Mell,N, NIIT, (2019)”The NIST Definition of Cloud Computing,” National Institute of

Standards and Technology, Gaithersburg, MD, USA, 2006. [Online]. Available:
https://www.nist.gov/publications/nist-definition-cloud-computing.

Parikh, S., Dave, D., Patel, R., & Doshi, N. (2019). Security and Privacy Issues in Cloud,
Fog and Edge Computing. Procedia Computer Science, 160, 734–739.
https://doi.org/10.1016/j.procs.2019.11.018

Li Yan, Xiaowei Hao, Zelei Cheng, and Rui Zhou. 2018. Cloud Computing Security and
Privacy. In Proceedings of the 3rd International Conference on Big Data and Computing
(ICBDC ’18). Association for Computing Machinery, New York, NY, USA, 119–123.
https://doi-org.ezaccess.library.uitm.edu.my/10.1145/3220199.3220217

Kshetri T, Sun, P. (2020). Security and privacy protection in cloud computing: Discussions
and challenges. Journal of Network and Computer Applications, 160, 102642–102642.
https://doi.org/10.1016/j.jnca.2020.102642

Dinadayalan P, S. Jegadeeswari, & D. Gnanambigai. (2014). Data Security Issues in Cloud

Environment and Solutions. https://doi.org/10.1109/wccct.2014.63

Bokhari M, Q. M. Shallal and Y. K. Tamandani, (2018) ”Security and privacy issues in cloud
computing,” 3rd International Conference on Computing for Sustainable Global
Development (INDIACom), New Delhi, India, 2016, pg. 896-900.

Avižienis A., Laprie J., Randell B., Landwehr C (2015). Basic concepts and taxonomy of
dependable and secure computing IEEE Transactions on Dependable and Secure
Computing 1 1 11 -33.
Mahmood Z (2019). Data location and security issues in cloud computing Proceedings of the
2nd International Conference on Emerging Intelligent Data and Web Technologies
(EIDWT '11) IEEE 49 -54

Sun D., Chang G., Sun L., Wang X (2019). Surveying and analyzing security, privacy and
trust issues in cloud computing environments Proceedings of the International
Conference on Advanced in Control Engineering and Information Science (CEIS '11) chn
2852 -2856

Preveil, Younis M. Y. A., Kifayat K (2019). Secure cloud computing for critical
infrastructure: a survey 2013 Liverpool, UK Liverpool John Moores University.

Kardaş S., Çelik S., Bingöl M. A., Levi A (2018). A new security and privacy framework for
RFID in cloud computing Proceedings of the 5th IEEE International Conference on
Cloud Computing Technology and Science (CloudCom '13) Bristol, UK

Chen D., Zhao H (2022). Data security and privacy protection issues in cloud computing 1
Proceeding of the International Conference on Computer Science and Electronics
Engineering (ICCSEE '12) Hangzhou, China 647 -651