An Overview on Data Security in Cloud Computing

Cloud Computing refers to the use of computer resources as a service on-demand via internet. It is mainly based on data and applications outsourcing, traditionally stored on users’ computers, to remote servers (datacenters) owned, administered and managed by third parts. This paper is an overview of data security issues in the cloud computing. Its objective is to highlight the principal issues related to data security that raised by cloud environment. To do this, these issues was classified into three categories: 1-data security issues raised by single cloud characteristics compared to traditional infrastructure, 2-data security issues raised by data life cycle in cloud computing (stored, used and transferred data), 3-data security issues associated to data security attributes (confidentiality, integrity and availability). For each category, the common solutions used to secure data in the cloud were emphasized.

💡 Research Summary

The paper provides a structured overview of data security challenges inherent to cloud computing and categorizes them into three principal groups. The first group examines security issues that arise from the intrinsic characteristics of cloud environments when compared with traditional on‑premise infrastructures. These include multi‑tenancy, virtualization, dynamic resource allocation, and the expanded attack surface presented by cloud provider APIs and management portals. Risks such as tenant isolation failures, VM escape, side‑channel attacks, and service‑denial incidents are highlighted, emphasizing that the shared‑resource model can compromise confidentiality and availability if proper isolation and access controls are not enforced.

The second group focuses on threats that manifest at each stage of the data life‑cycle—storage, processing, and transmission. For stored data, the authors point out the dangers of inadequate encryption, poor key‑management practices, and inadvertent exposure through snapshots or backups. During data usage, in‑memory exposure, cache leakage, and vulnerabilities specific to serverless functions (e.g., code injection, short‑lived execution contexts) are discussed. Transmission‑related risks involve not only external network attacks mitigated by TLS but also internal traffic that may travel unencrypted across a provider’s backbone, making it susceptible to internal man‑in‑the‑middle attacks.

The third group addresses the classic security triad—confidentiality, integrity, and availability—within the cloud context. Confidentiality is tied to robust encryption schemes and fine‑grained access control mechanisms (RBAC, ABAC, MFA). Integrity concerns are tackled through digital signatures, hash‑chain verification, and emerging blockchain‑based audit logs that can detect tampering. Availability is ensured by data replication across multiple availability zones, automated failover, and disaster‑recovery planning, yet the paper warns that provider‑wide outages can still jeopardize service continuity.

To mitigate these challenges, the authors recommend a suite of widely accepted countermeasures. Client‑side encryption combined with hardware security modules (HSM) for key protection is advocated for data at rest. Transport security should employ TLS 1.3 or higher, supplemented by IPsec or mutual TLS for intra‑cloud traffic. Access control policies must follow the principle of least privilege, integrating role‑based and attribute‑based models, multi‑factor authentication, and behavior‑based analytics. Integrity verification can be reinforced by embedding hash chains in databases and recording critical logs on immutable ledgers. Availability strategies include multi‑region replication, automated recovery workflows, and service‑level‑agreement (SLA) driven monitoring.

The paper also stresses the importance of a clear shared‑responsibility model (often expressed as RACI) that delineates security duties between cloud providers and customers. While the taxonomy and solution overview are comprehensive, the authors acknowledge several limitations: the lack of empirical performance evaluations, insufficient coverage of recent container and serverless security concerns, and the absence of concrete implementation guidelines. They suggest future work should involve real‑world case studies, cost‑benefit analyses, and the integration of advanced privacy‑preserving techniques such as homomorphic encryption to further strengthen cloud data security.