A Study on Cloud Computing Security Challenges

Abstract: Context: Scientific computing in the 21st century has evolved from fixed to distributed work environment. The current trend of Cloud Computing (CC) allows accessing business applications from anywhere just by connecting to the Internet. Evidence shows that, switching to CC organizations' annual expenditure and maintenance are being reduced to a greater extent. However, there are several challenges that come along with various benefits of CC. Among these include security aspects. Objectives: This thesis aims to identify security challenges for adapting cloud computing and their solutions from real world for the challenge that do not have any proper mitigation strategies identified through literature review. For this the objective is to identify existing cloud computing security challenges and their solutions. Identify the challenges that have no mitigation strategies and gather solutions/guidelines/practices from practitioners, for a challenge with more references but no mitigation strategies identified (in literature). Methods: This study presents a literature review and a snowball sampling to identify CC security challenges and their solutions/mitigation strategies. The literature review is based on search in electronic databases and snowball sample is based on the primary studies searched and selected from electronic databases. Using the challenges and their solutions identified form literature review, challenges with no mitigation strategies are identified. From these identified challenges with no mitigation strategies, a challenge with more references is identified. The surveys are employed in the later stages to identify the mitigation strategies for this challenge. Finally the results from the survey are discussed in a narrative fashion. Results: 43 challenges and 89 solutions are identified from literature review using snowball sampling. In addition to these mitigation strategies few guidelines are also identified. The challenge with more (i.e., more articles mentioning the challenge) and no mitigation identified is incompatibility. The responses identified for the three insecure areas of incompatibility (i.e., interoperability, migration and IDM integration with CC) in cloud computing security are mostly guidelines/practices opined by experienced practitioners. Conclusions: This study identifies cloud computing security challenges and their solutions. Where these (challenges and solutions) are common to cloud computing applications and cannot be generalized to either service or deployment models (viz. SaaS, PaaS, IaaS, etc.). The study also identifies that there are methods guidelines/practices identified from practitioners) to provide secure interoperability, migration and integration of on-premise authentication systems with cloud applications, but these methods are developed by individuals (practitioners/organization) specific to their context. The study also identifies the non-existence of global standards for any of these operations (providing interoperability/migration/IDM integration with cloud). This identified non-existence of global standards and guidelines could be help academics to know the state of practice and formulate better methods/standards to provide secure interoperability. The identified cloud computing security challenges (43) and solutions (89), can be referred by practitioners to understand which areas of security need to be concentrated while adapting/migrating to a cloud computing environment.