Essay Example on The Security Challenges That Cloud Applications Face

• This paper will address the security challenges that cloud applications face using the following methods:
  
  It will describe the development of a system that has implemented better encryption of data based on its type and sensitivity.
• It will develop a system that can detect attacks such as the dedicated denial of service attack, and provide a method of evading it.
• It will seek to implement a system that implements better authentication methods to ensure that data ends up in the intended recipient.

Literature Review

Cloud applications refer to online-based systems that a business may use to store its data and use it in its computations. These systems offer highly developed systems that are either Infrastructure, platforms, or software to their clients to use according to their needs. Specifically, the three types of cloud applications are Software-as-a-Service (SaaS), which refers to a system that uses the web in providing the service of a business to its clients (Jathanna & Jagli, 2017). The clients do not need to install or download any software, except the plugins that their web browsers will need. Since this system does not install any software in the client's computer, it is accessible from devices of any architecture, and its maintenance is easy. Providers can also offer their systems in the form of Infrastructure-as-a-Service (IaaS), whereby the client gets middleware on which they build their systems (Jathanna & Jagli, 2017). These Infrastructures are usually in the form of hardware that clients will use to develop their services. Finally, these systems can be in the form of Platform-as-a-Service (PaaS), whereby clients design and build their networks without having to worry about the Infrastructure.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

The mode of deployment of a cloud application can be divided into four distinct sections. These deployment models are public, private, community, and hybrid. In the first case of a private system, its Infrastructure is owned and maintained by the organization that it serves (Padma & Neelima, 2014). A public model refers to a system that is served over the internet from a third-party provider, and they serve clients that are different from the providers. The community deployment model refers to a system that belongs to a group of organizations or entities that have similar interests. Finally, a hybrid model incorporates any two of the other models.

The security of cloud applications is a matter of great concern. The importance of this issue reveals itself by considering the amount of money that companies that handle information spend on security systems. These businesses usually allocate a significant amount of resources into building methods for securing data and ensuring that only authenticated users access it. This issue also affects companies that provide cloud applications to their clients. Some of the potential threats that face these online-based systems arise from the way that they conduct their operations. Specifically, these companies take the data of their clients, and therefore, there is a need to ensure they cannot access and use it without the permission of their clients (Sabir, 2018). Secondly, these companies provide their services to many tenants, and thus, they should develop systems that will prevent other clients from accidentally accessing data that does not belong to them. Thirdly, different cloud computing companies implement security differently, which causes integration challenges.

Many people prefer cloud systems due to the notion that these applications are entirely secure. Much of this perception comes from the absence of threat models for these systems. Alhebaishi et al. (2018) decided to solve this problem by developing a threat model for a cloud system using attack graphs, attack trees, and attack surface. They say that the lack of public access to information on the software and hardware configurations for actual cloud data centers has made it hard for researchers to develop these models. However, they deal with this challenge by developing Infrastructure based on fictitious data based on real cloud data centers. Their model show that it is possible for an attacker to access resources in the cloud. This ability for an attacker to access the information arises from the fact that these systems usually have many users with varied privileges. The exploit shows that once an attacker compromises the cloud, he or she can access the Virtual Machines (VM) that run on the Infrastructure and compromise the data it contains.

It is hard to discuss the security of data without talking about the CIA triad, which refers to Confidentiality, Integrity, and Availability. When either of these factors misses, then data is considered to have been breached. Essentially, data undergoes six phases during its life.