: 449
CLOUD COMPUTING SECURITY
AND SECURITY FACTORS THAT IMPACT MULTI TENANCY IN CLOUD
Acknowledgement
It provides me the greatest satisfaction to make the final submission of the research that focuses on Cloud computing security and security factors that impact multi tenancy in cloud . I am grateful to various fellow members behind the successful completion of this research.
I would like to express thanks to the number of people who have guided me in preparing this research. I would like to thank my higher authority, since without their guidance my project work would not have been achievable. I would also like to thank my peer group members.
Abstract
In the introduction section, a detailed cloud computing security factor
has been analysed. In terms of research
strategy and data collection, a detailed analysis profile has been adjusted by
the design feature. Based on the key programming elements only a separated
profile has been accommodated within the design feature. As a result, only the
key controlling services have been supported through the network adjustment
units. Cloud security operations are controlled by the designed specification,
which has been managed by the design opportunities. All the evaluation form
factors of the key controlling elements have been distributed within the
program management.
In the literature review section of this paper, different factors
affecting the multi tenancy issues in cloud computing have been described. For
this purpose, a concept definition of cloud computing has been discussed. In
addition to this, models that have been adopted to solve the multitenancy
problem in cloud computing has been described within the literature review
section. Security policies, data protection, encryption process have been
briefly discussed within this section. Impact of cloud computing in
organizations also has been discussed within this section.
In the methodology section, methods taken into consideration to develop
this research paper have been discussed. For this purpose, data collection
method (secondary qualitative), research philosophy, research approach,
research design (descriptive), data sources and data analysis plan have been
discussed. Secondary data collection method has been adopted to collect
information for this research paper and to help with understanding multitenancy
in cloud. Within the methodology section of this paper, justification of the
method that has been adopted to collect information from various secondary
resources have been discussed. In addition to this, ethical and legal
considerations have been also discussed within this section.
In chapter 5 of this research paper, information that
has been found from secondary qualitative data analysis have been briefly
discussed. For this purpose, major findings of this research paper have been
taken into consideration. Themes that have been developed within chapter 3 of
this research paper, have been discussed briefly within this chapter. These
themes have been used in this paper, to define the scope of multi-tenancy
within the domain of cloud computing. These themes have been discussed within this
chapter by analysing the objective of this paper in mind. Discussion made
within this chapter will help the readers to make further evaluation. Within
chapter 5 a discussion of categorising the developed themes have been included.
Process as well as ideas that have been taken into consideration while
categorizing the developed themes for this research paper, have been included
within this section.
Within chapter 6 of this
research paper, conclusions have been made from the discussion that has been
done throughout this research paper. In addition to this, objectives of this
research paper have been linked within this section. A discussion after linking
the objectives also has been made within this section. Recommendations and
future prospect of the study has also been discussed.
Table of Contents
1.8 Significance of
the research
2.3) Industry
Models for securing cloud multi tenancy
2.4) The impact of
the cloud model on organizations
3.8 Data sources
and data types
4.3 Findings of
secondary qualitative data
5.2 Analysis of the secondary qualitative research
Chapter 6: Conclusion and recommendation
6.4 Future prospect
of the study
List
of figures
Figure 1.3.1: Cloud
computing security factors
Figure 1.9.1: Dissertation
structure
Figure 2.3.1.1: Proposed
security model of cloud computing
Figure 2.3.2.1: Encryption
Process
Figure2.3.2.2: Decryption
process
Figure2.3.3.1: Architecture
of Implemented Trust Model
Figure 2.3.3.2: Result of
Trust Model
Figure 2.4.1.1: Overview of
the CSCCRA model
Figure 2.4.1.2: Supply
chain mapping of CSP-A
Figure 2.4.1.3: Assessing
csp-a supplier list using cssa.
Figure 3.5.1: Research
approach
Figure 3.8.1: Data sources
and data types
Figure 4.1.1: Mind map of
theme selection
Figure 4.2.1 :
Multi-tenancy in cloud computing
Figure 4.2.2 : Thematic
analysis
Figure 4.3.1: Public Cloud
Services Market Share
Figure 5.2.1: Different cloud models
Figure 5.2.2: Information security challenges
Figure 5.2.3: Cloud computing multi-tenancy threats
List
of tables
Table
2.4.1.1: CSP-A Supplier list
Chapter 1: Introduction
1.1 Background of the study
Cloud computing enables multiple opportunities
towards the flexible networking operation which connects all the digital
appliances. Based on the control mechanism associated logical solutions are
considered to be maintained by the deployment. There is multiple security
factors present in cloud computing that impact multi-tenancy in the cloud. The
account of service hijacking maintains the security department in a
standardised security mechanism. In order to provide smart scalable security,
multiple unencrypted network factors have been controlled by the encryption
format. Misconfiguration, unauthorised access, insecure interfaces, hijacking
of accounts, malicious insiders and cyber attacksare part of the
security factors which affect cloud computing.
Data loss and DDoS attack are the
most common types of threats faced by the cloud providers. Different third-party
authorization parameters are affected by the control opportunities, which are
based on role-based access control. Mainly the security vulnerabilities will be
observed based on the transformative elements. Skafi, Yunis and Zekri (2020, p.255) have commented that
a high-level trade-off between system and performance has been managed by the
control features of the cloud environment. In case of data ownership, multiple
malicious insiders will be discussed in this dissertation based on the resource
concentration.
1.2 Aim and objectives
The aim
of the research is to analyse the multiple security factors based on cloud
computing. In addition, it will also be discussed how these security
factors impact the multi-tenancy of cloud computing.
The objectives are:
● To analyse cloud computing security
which affects multi tenancy
● To understand the industry standard
for security cloud multi-tenancy
● To analyse the industry standard
benefits for businesses in the real world
● To understand the most understudied
aspects of cloud security
1.3 Feasibility of the topic
Figure 1.3.1: Cloud computing security factors
(Source: Alassafi et al. 2017, p.454)
In shared hosting procedure a single
software instance, can provide multiple opportunities based on the resource
elements. Based on the software architecture single software can provide
multiple architectural profiles within a cloud-computing environment. Based on
the key factors, security parameters are attached with the multi-tenancy
program. However, since there are several security parameters attached towards
the program, a shared hosting profile should be maintained in an effective manner(Alassafi
et al. 2017, p.454).Based on the programming functionality a detailed
analysis needs to be provided by the user groups. Computing resources can be
established by the factors that are part of multi-tenancy programs.
Security issues related to multi-tenancy are basically related to the
confidentiality and integrity risks in the process of sharing resources. It is observed the main arises when multiple
users shared the same set of resources (Mbongue et al. 2020, p.127). Thus, in
that position, the associated malicious user can take this opportunity on his
behalf in order to get unauthorized access to the personal details of the
associated users. Another issue that may arise in this case is related to the
overall configured architecture. It
is required to maintain an adequately configured infrastructure so that no
corrupted data can spread from one Tennant to the others.
In this case, one of the common terms
that are associated with the multi-tenancy of thecloud computing system is Shared hosting. In this approach,
server resources are divided evenly among various numbers of customers. There
are various security factors that affect cloud computing mainly in its
parameter of functionality. Various security features like Integrity, physical protection, privacy and
confidentiality, access control are the primary factors in this case. It
is observed that in the multi-tenancy
environment, several customers are using the same set of hardware, the same
infrastructure of the associated operating systems, and the same set of
mechanisms of the data storage. The only distinction is observed in the application design processing order to
control the easy access of personal data to others (Mbongue et al. 2020,
p.127).
In case of different distributive
elements, the service opportunities are enabled within the controlling network
itself. In the case of a single software instance, the misconfiguration factor
should be considered to be the biggest security factor. Not only the category
but also the key opportunities will be evaluated in this dissertation based on
the controlling tools. Based on the computing resources a distributed service
property has been evaluated from the analysing factors. Software as a service
platform is important to be secured for maintaining the programming
functionality within the control units.
1.4 Research question
The research
questions are:
● How to analyse the cloud computing
security which affects multi-tenancy?
○ What needs to be understood about
the industry standard for security cloud multi-tenancy?
○ How to analyse the industry
standard benefits for businesses in the real world?
○ What needs to be understood about
the most understudied aspects of cloud security?
1.5 Problem statement
It is important to identify the
network types before analysing the security scaling factors (Gao and Sunyaev, 2019, p.121).
Based on the key programming multiple opportunities are evaluated based on the
key findings.
The most important issue is related to
the security factors in the segment of cloud computing. Thus, confidentiality
and integrity issues are mainly associated with this type of case. Various
security issues like lack of visibility,
issues related to data theftexist. It is observed that there is an insufficient mechanism in case of sensitive
data which has a high chance to get corrupted. The overall monitoring process of data is also
affected by this technique. Thus, the main issue lies in the security portion
related to the available data. Capacity
optimization is also the biggest issue in this case. The data in cloud
computing may have faced several attacks (M rhaoaurh et al. 2018). Some issues
of contract breaches with thee respective clients are also observed in this case.
Only a single version of
multi-tenancy programming needs to be determined within the control frame.
However, because of different network architecture, the cloud delivered service
should be determined at first.
1.6 Rationale
The issue
is to determine different types of industry standards for maintaining the
network architecture.
The issue arose because the
controlling elements of network opportunities could not be managed in software
functionality.
The issue is now arising because of the availability of third-party
providers that have included some changes within the network operation. Based
on the network profile cloud computing security must be secured to provide a
better system support.
The research will highlight
different types of security factors, which manage the programming functionality
based on the programming elements.
1.7 Scope of the research
Various security factors that mostly
affect the process of multi-tenancy have been discussed here. It is very
significant to analyse all these factors in the cloud computing environment.
The associated benefits of cloud computing have also been discussed in this
research process. Various control
mechanisms have also been discussed based on the built-in driver
functionality. It is observed that shared infrastructure provides a lower-cost environment compared to the
other infrastructure (M rhaoaurh et al. 2018). Thus, this approach can be taken
by all the companies irrespective of their sizes. The overall process also has
an effective mechanism in the segment of operational
cost.
1.8 Significance of the research
The
research will shed light on all the key factors regarding security parameters
of cloud computing. Senarathna
et al. (2018, p.655) have opined that in terms of distributing different
network elements a key controlling facility have to be installed within the
program functionality. A better framework design has been developed by
understanding the key opportunities related to the topic. By giving permission
to authorize properties every social ethical and legal issue should be resolved.
1.9 Dissertation structure
Figure 1.9.1: Dissertation structure
1.10 Summary
In this
introductory section, a detailed analysis of dissertation structure has been
discussed. All
the research aims and objectives have been discussed in a brief manner. The
issues related to the security factors that affect the multi-tenancy
environment have also been discussed in this section (Subramanian& Jeyaraj,
2018, p.32). It comprises the significance and scope of the associated research
process. The background of the research provides the main idea about the
overall processes. The rationale of the research process has been discussed in
an elaborate manner so that a better understanding will be achieved throughout
the section.
Chapter 2- Literature review
2.1) Introduction
This
literature review investigates how multi-tenancy in the cloud affects security
and what security factors businesses look for when accepting cloud as a
solution. This will help address the investigation topic of multi-tenancy
security within the cloud. Cloud computing is promoted as a less expensive
alternative to traditional on-premise computing for users, as it enables more
accessibility and reliability, as well as scalable sales for organisations
(Kumar & Reddy, 2020). Syed, et al., (2020) make an excellent point
regarding cloud computing serving as a bridge between local storage on hard
drives and enormous virtual data centres. This mainly entails exchanging and
sharing data on a regular basis across numerous organisations and individuals
using cloud platforms.Syed, et al., (2020) points out
that, despite the fact that businesses have become more scalable due to the
multi-tenancy concept. Data isolation and traffic bandwidth should be major
considerations for cloud service providers (CSPs).
According to Taneja&Tyagi (2017),
cloud adoption may be accelerated if security concerns are addressed.
Traditional security techniques may not perform effectively in cloud
environments, because it is a complicated architecture made up of a variety of
complicated technologies. This is why the authors empathise due diligence is a
must before adopting cloud computing. Alassafi et al.,2019 mentioned,
consumers interacting with cloud interfaces and APIs should know and understand
the associated security risks. The goal of the
literature review is to address security issues by giving a critical discussion
on the topic that could lead to new solutions.The next
section of this literature review will go through the definition of cloud
computing, industry
standards for securing cloud multi tenancy, factors that influence cloud
security, and the impact of multi-tenancy in the cloud.
2.2) Concept Definition
Most
people are aware that the cloud is an outsourced method for storing data, and
that data centres are used to maintain servers in order to keep data safe and
secure. When a user accesses a file that is stored remotely, they are doing it
through the cloud. Cloud Service providers (CSP) are third party companies
which own and operate public cloud and this allows customers to share
applications provided by a CSP; this sharing model is known as Multi-tenancy (Odun-Ayo, et al., 2017).
Multi-Tenancy is best described in (Brown, et al., 2012) conference paper, which portrays it being
similar in nature to multiple families in the same condominium . This explains
how multiple tenants (organisation) are placed on the same physical hardware of
the server to a plurality of client organizations (i.e., tenants) to reduce
costs to the users, allowing their own space at the same time (Wang et al., 2012).
There are several types of cloud services
such as Infrastructure as a service (IaaS), Platform as a service (PaaS),
server-less computing and multi-tenancy concepts developed from the technology
known as Software as a Service (SaaS) (Matthew, O. (2016). According to Microsoft Azure, SaaS is a
method for providing on-demand and usually subscription software applications
over the Internet. By using the internet as the delivery mechanism, the CSP
hosts and manages the software application, infrastructure and maintenance such
as security patches and software upgrades. In order to build a VCE (virtual
computing environment), the cloud computing model has evolved to bring together
large-scale computing, storage resources and data service services (Matthew, O.
(2016). This results in multi-tenancy being economical because the cost of
software development and maintenance is shared. In addition, the multi-tenant
architecture allows it to make updates only once in order to disseminate with
all of its tenants (company).
2.3) Industry Models for securing cloud multi tenancy
Bunkar
and Rai stated in a 2017 International study journal on cloud security models
that there are no standard security models and frameworks in cloud computing.
However, numerous investigations of other cloud security models, such as the
Jerico Forum's model, the National Institute of Standards and Technology's
(NIST) Cloud Reference architecture, and the cloud multi-tenancy model, have
been conducted.
2.3.1) Bunkar and Rai (2017)
Bunkar
and Rai proposed a new cloud security model that includes authentication
through verification and validation, security components such as OTP, 2 factor
authentication, and security policies - through guidelines and procedures, and
security controls - through privilege control. The below figure delineates the
following security components: 1) Verification and validation 2) security
policies 3) Privilege control 4) data protection 5) data security services and
6) threats/attacks detections.
Figure 2.3.1.1: Proposed security model of cloud computing
(Source:
Bunkar& Rai, 2017)
Verification and validation:Bunkar
and Rai's cloud model address the necessity for Cloud Service Providers (CSPs)
to demonstrate to users that their services and data are accurate, for example,
an appropriate signature algorithm. As a result, users will be able to utilise
digital signatures to authenticate the legitimacy of information and services
made available to them. This security component is critical in the cloud for
authenticating users and ensuring the accuracy of data and services. This is
also done to determine whether the person or the application is authorised to
access or claim to be the person. One Time Password (OTP) is a good example for
verification.
Security policies: CSPs
establish policies to ensure that only legitimate users have access to
resources and services. The authors mentioned that; frequently, businesses
employ technological security solutions without first laying the groundwork for
policies, standards, and firewall security policies.
Privilege Control: This
security component is required to regulate cloud usage by individuals and
organisations. Depending on their account type, cloud users are granted
different levels of access authorisation and resource ownership. To enable
this, engineers use an anthology of rules and regulations to preserve user
privacy and assure data integrity and confidentiality. The identity-based
decryption algorithm allows only authorised users to access the authorised
parts of the encrypted data. In a healthcare cloud, for example, not all
practitioners have the same privileges to access patient data; this may depend
on how involved/specialized a practitioner is in treatment; patients can also
choose whether or not to share their information with other healthcare
practitioners or hospitals.
Data Protection: Cloud
storage resources may hold sensitive and vital data. For example, clouds may
host electronic healthcare records (EHR), which contain patients' confidential
information and medical histories. Bunkar and Rai suggest some techniques such
as truncation, redaction and
obfuscation for data protection. Encryption techniques can also be used to
protect data such as the hash functions and Message Authentication Code (MAC)
to ensure data integrity.
Security Services: Security-as-a-Service
(SECaaS) is a subscription-based service that incorporates security services
into the cloud. SECaaS has applications such as anti-virus software. Anti-virus
software given over the internet is an example of security-as-a-service, although
the term can also refer to security administration offered in-house by an
external organisation which can ease the in-house security team's
responsibilities. Authentication, authorisation, auditing, and accountability
are additional aspects that directly affect cloud software assurance and are
employed in cloud security services.
Threats/Attacks
Detections: Any collection of actions that
jeopardise cloud security standards such as "Confidentiality, Integrity,
and Availability , according to Bunkar and Rai, should be considered attacks.
Denial-of-service attacks are the most common type of cloud attack, and they
should be kept to a bare minimum to ensure optimum availability of critical
data and services. It is essential to protect cloud resources from various
abnormalities. Intrusion detection and prevention components are deployed within
the standard cloud security system.
Bunkar
and Rai's cloud security model recommends authentication via verification and
validation, as well as the usage of security components such as one-time
passwords, two-factor authentication, security policies via standards, and
security control via privilege control. By applying a collection of rules and
policies that control the authority to the cloud, this strategy appears to
protect user privacy and assure data integrity and confidentiality.
2.3.2)Sharma et al. (2019)
According to Sharma et al, most
businesses employ cloud computing for data storage, which allows cybercriminals
to easily access consumer information because current cryptographic algorithms
only provide single-level encryption. Sharma et al. developed multi-level
encryption in this model, which is difficult to crack as an unauthorised user.
In order to view or retrieve data, the user attempting access would require
both the encryption and decryption keys, which would be a challenging job to
complete without a legitimate key. Data for cloud storage would be safer with
this advanced multi-level encryption than with single-level encryption. For
multi-level encryption, the authors utilise the RSA and AES algorithms, and the
benefit of this combination method reduces the challenges in data security.
Sharma backs up his assertion by claiming that the AES algorithm has proven to
be more secure, trustworthy, and faster than the DES method. According to Indu
et al. (2018), the AES method is 6 times faster than the DES algorithm since it
outperforms DES in terms of reliability, data storage space, and data retrieval
speed.
Figure 2.3.2.1: Encryption Process
(Source: Sharma et al. 2019)
This
figure shows the route for encryption of text files using secure block ciphers,
AES and RSA. This encryption will let individuals feel more secure about the
data they're storing, which will go through many levels of encryption and
decryption, effectively improving data security.
Steps for Encryption of
Text Files
1) To
encrypt a text file, upload it and proceed to the next level of encryption.
2) Implement
the RSA encryption technique, which will generate the first level of encryption
for the text file in question.
3) The
next stage in the encryption process is to apply the AES algorithm to the text
that was generated during the previous steps, resulting in the creation of a
second level of encryption for the file (AES).
4) The
encrypted text generated by executing the above steps is then stored in a
database to finish the encryption process of a text file.
Figure2.3.2.2: Decryption process
(Source: Sharma
et al. 2019)
This
diagram depicts the decryption process, which is similar to that of encrypting
a file. All of the phases in the encryption process must be completed in
reverse chronological order, beginning with the last and ending with the first.
Steps for Decryption of
Text Files
1) Read
the encryption text stored in the database for the text file in question.
2) When
the AES decryption method is applied to a text file, the first level of
decryption is generated.
3) The
RSA decryption algorithm, which generates the plain text file, is the next step
in the decryption process.
4) Finally,
the user sees the plain text generated by decrypting the cipher file in plain
text format.
2.3.3)Rathi&Kolekar (2018)
Rathi&Kolekar s
paper, suggested a cloud computing trust model that focuses on many security
aspects such as Identity Management, Data Security, and Server Availability.
They presented the model based on the notion that assessing cloud security is a
critical concern for both customers and service providers. Moreover, for the
cloud user, selecting the best cloud service provider is critical. This is why
Rathi and Kolekar developed the model to assist cloud clients in choosing a
suitable cloud service provider by analysing the services they offer. The
model, on the other hand, will assist the cloud service provider in identifying
vulnerabilities and improving their services. Figure 4 depicts the architecture
of the trust model.
Figure2.3.3.1: Architecture of Implemented Trust Model
(Source: Rathi&Kolekar, 2018)
As
an input, the above trust model shows several parameters that must be
considered by cloud consumers. The trust value is calculated by considering the
various parameters. The trust value, according to Rathi&Kolekar, is the
ratio of points earned to total points achievable. Each security parameter,
such as identity management, data security, and server availability, is worth a
certain number of points. This number of points is calculated for each vendor's
trust value, with one point assigned to each security parameter. As a result,
the total points earned by various security parameters are totalled and divided
by the entire number of points available. The final interface will display the
estimated value to the user, allowing them to make an informed decision about
which cloud service provider to use.
Rathi&Kolekar
state, similarly to Sharma et al. 2019, that using a single algorithm to
achieve security while considering various parameters is extremely difficult.
AES: files encrypted and decrypted to recover original information is one of
the algorithms used to accomplish various security parameters. RSA is another
parameter in cryptographic technique that encrypts data and then decrypts it to
recover the original contents from a file.
Rathi&Kolekar
created a cloud environment to apply this trust model. CloudSim, a generalised
and flexible simulation framework that provides seamless modelling and
simulation of app performance, was used to develop the cloud environment. They
used CloudSim to create the trust model, and in addition to DES, they used the
above-mentioned techniques such as AES and RSA. Figure 5 depicts the results
combined and the trust value generated. Customers are shown this value, which
aids them in selecting whether or not to trust a service.
Figure 2.3.3.2: Result of Trust Model
(Source:
Rathi&Kolekar, 2018)
2.4) The impact of the cloud model on organizations
One
of the drawbacks of existing cloud models is that they are only available as
proposals or prototypes, with no way of determining their efficacy in practical
situations. Akinrolabu et
al. (2019) used their Cloud Supply Chain Cyber Risk Assessment (CSCCRA) model
to evaluate the risk of a multi-tenant cloud service provider, called CSP-A
(for anonymity reasons). This should imply that the model allows cloud service
providers (CSPs) to identify essential suppliers, map their supply chain,
identify weak security points along the way, and assess the risk of CSP-A
cloud application. The CSCCRA model, as applied to CSP-A, examines the
interdependence between the components of a cloud service, assesses the
cybersecurity quality of its suppliers, and finally establishes the monetary
value of a risk. This is to present CSP-A' or any other CSP a consistent,
traceable, repeatable, and comprehensible format that encourages cloud risk
mitigation.
2.4.1 CSCCRA Model
Akinrolabu
et al. (2019) developed the CSCCRA model to address the gap in cloud supply
chain transparency, specifically how the lack of visibility of suppliers'
security controls has contributed to a lack of cloud risk assessment. Figure 5
shows the model, which takes a systematic approach to cloud risk assessment by
mapping cloud services into components (managed by different suppliers). The
mapping of the supply chain necessitates the use of a multi-criteria decision
support tool to assess cybersecurity quality. According to Akinrolabu et al.,
(2019) the model reflects a system thinking approach, which allows cloud risk
assessors to see the cloud service as a complex system and understand its
interconnections. This approach entails analysing the interdependencies of a
cloud service while using modelling and simulation methods to arrive at a
conclusion. The CSCCRA model is made up of three components:
1) Cloud
Quantitative Risk Analysis (CQRA)
2) Cloud
Supplier Security Assessment (CSSA)
3) Cloud
Supply Chain Mapping (CSCM)
Figure 2.4.1.1: Overview of the CSCCRA model
(Source: Akinrolabu et al. 2019)
The
following are the processes done to assess cloud risks using the CSCCRA model
and applied to CSP-A:
- Deconstruct
the cloud application into its component services and create a supply
chain map.
Figure 2.4.1.2:Supply chain mapping of CSP-A
(Source: Akinrolabu et al. 2019)
Figure
7 depicts CSP- A's supply chain map, which aids in detecting comparable risks,
such as when a second, third, or fourth tier supplier is unable to operate for
any reason, potentially affecting several CSP-A cloud
services. The majority of CSP- A's components such as emails, payments, and
moniApi's, are supplied by Laas providers and hosted on the applications
internally. The figure depicts the CSP-A-SaaS application's reliance on
IaaS-Pro-A, which is also used by another component provider (Email-API-A) for
data hosting.
Table 2.4.1.1: CSP-A Supplier list
With
the help of information in table 1 and figure 7, Akinrolabu et al., (2019) was
able to assess the cybersecurity posture of the suppliers. The technique aids
CSPs in reviewing and comparing suppliers' security postures by providing a
uniform approach to assessing and comparing suppliers across nine security
target characteristics.
These are:
Availability
of Service (AOS), Data & System hosting (DSH), Data Security Controls (DSC), The Maturity of
Security Assessment (MSA), The Maturity of Operational Security (MOS),
Encryption & Key Management(EKM), Identity &
Access Management (IAM).
CSP-A can identify weak suppliers who are
vulnerable to cyber-attack or those who have a high chance of failure based on
these characteristics. Since CSP-A lacked knowledge into their suppliers'
controls and information, the study confirmed that not only would a cloud risk
assessment be insufficient, but customers would also be hesitant to trust their
services. Availability of free credit, provider reputation, past working
experience, recommendation, and ease of setup were among the factors
considered by CSP-A to set-up their cloud services. This would imply security.
Because cloud customers are uninformed of what CSP-A suppliers deliver, and
CSP-A s security is out of their control and that their service does not comply
with actual implementation of security controls.
Figure 2.4.1.3: Assessing csp-a supplier list using cssa
Figure
8 depicts CSP-A stakeholders rating CSP-A as the weakest link in the supply
chain, making it extremely vulnerable to a cyber-attack. This could be because
CSP-A customers don't have access to information about a supplier's security
controls or operational procedure. In areas where CSP-A lacked effective
controls over the components they managed, they put a low score. Disaster
Recovery (DR), backup and storage, authentication (no multi-factor
authentication, encryption, and ongoing security assessment were among the
areas where deficiencies were discovered. Some of these areas were important
components in the cloud security models proposed by Bunkar and Rai (2017),
Sharma et al. (2019), and Rathi&Kolekar (2018). The participants of CSP-A
found the supplier assessment instructive, considering the systems approach,
according to Akinrolabu et al., (2019) cloud security model. This is because it
caused them to go through their paperwork and realise that the majority of the information,
they had on their suppliers is limited to compliance, availability, and other
SLA-related information. The main technical or operational security is limited.
On the other hand, the study made them aware of their lack of information
security on suppliers that were critical to their multi-tenancy cloud
application.
In
essence, the goal of this study is to utilise the CSCCRA model to analyse the
risks of multi-tenancy, and then to demonstrate the model's applicability and
feasibility, as well as validate its use within organisations. Lack of
authentication, logging, and encryption, were identified as security control risks;
exposing them to some of the 2018 OWASP top 10 web application vulnerabilities.
This study confirms the need to strengthen existing controls because they are
related to confidentiality and availability concerns, which might have a
negative impact on CSP-A's reputation. Some of Akinrolabu et al. suggested
improvements were (i) Improving on the privileged access management; (ii)
Improving operational security (redundancy, event notification); (iii) Improving
data classification, protection and encryption processes; (iv) Deploying Web
Application Firewalls (WAF); and (v) Conducting privacy impact assessment .
Chapter 3: Methodology
3.1 Introduction
Research methodologies are crucial
to conduct further investigation on the topic of cloud computing security and
security factors that impact multitenancy in the cloud. Research methodologies
define the significance of this study as well as considerations that have been
adopted to develop this research paper are defined through research
methodologies. Possible outcomes of this research paper have been defined from
the methodologies that are adopted for this paper. In this section, all the
important aspects of cloud computing have been highlighted. In addition to
this, each identified process of the research work have also been represented
with proper justifications.
3.2 Method outline
|
Key elements |
Attributes chosen |
|
Research
philosophy |
Positivism |
|
Research
approach |
Deductive |
|
Research
design |
Descriptive |
|
Data
sources |
Secondary |
|
Data
collection method |
Secondary
Qualitative |
|
Data
analysis plan |
Thematic
analysis |
Table 3.2.1: Research outline
3.3 Research onion
Figure3.3.1: Research onion
3.4 Research philosophy
Research philosophy defines the way
through which data have been gathered, analysed as well as applied. Several
types of research philosophies are available such as Realism, positivism and interpretive
research philosophy respectively.
Realism research philosophy
Within this research philosophy key
assumptions are generally taken into consideration. Using this research
philosophy, researchers have the option to think freely to get a new direction
on research (Parket al.
2020). Critical factors of a research paper can be discussed by the researcher
using this research philosophy.
Positivism research philosophy
Using this research philosophy, a
brief, concise and clear discussion can be made by the researchers. Using this
philosophy, certain theories are applied to research papers that help to
achieve the objective of the study (Alharahsheh and Pius, 2020). Main advantage of using this
research philosophy is that researchers will be able to compare various ideas
as well as selecting the best approach.
Interpretivism research philosophy
Principles of this research
philosophy states that specific roles are performed by researchers using this
research philosophy. Researchers' interest for research is reflected by this
research philosophy.
For this research paper, Positivism
research philosophy has been adopted. This philosophical approach has been
adopted for this paper; different dimensions of the research can be reflected
through this approach. In this research work, it can be seen that it is quite
important to observe the outcome and facts of the existing evidence. In order
to represent a clear discussion about the research topic, this particular
research philosophy has been chosen. Additionally, this research philosophy has
helped to interpret the social trends. Moreover, with the help of this
philosophy, certain theories can be used to obtain the aims of the research.
Therefore, this philosophy is the best suited for this respective research.
3.5 Research approach
Research approach is one of the
crucial areas of any research paper, as this helps researchers to support the
information that has been retrieved from data collection methods. Several types
of research approaches are available such as inductive and deductive research
approaches.
Figure 3.5.1: Research approach
Inductive research approach
This research approach is followed
by researchers to build new ideas as well as hypotheses. Through this research approach observation as
well as theories is generally proposed. Practical viewpoints are considered by
the researchers using this research philosophy.
Deductive research approach
Within this research approach,
existing theories as well as observations are used. Using the known theories of
this research approach new ideas are developed (Pearse, 2019). Conclusive evidence is used by this
research approach to support their viewpoints.
In this research paper, deductive
research approach has been taken into consideration. Using this approach
new ideas have been developed for this research paper using existing theories.
Previous evidence has been reflected on this paper using the deductive research
approach. It has helped to define the findings of this paper. Using deductive
approach in this study has helped to identify casual relationships between
concepts and variables. As mentioned earlier, in order
to conduct a research work, it is quite important to demonstrate the theories
and concepts. Therefore, this approach not only helped to define the study but
also to support the concepts and variables related to the study. Moreover, the
concepts are also evaluated with the help of this approach. Smith (2019) has
stated that it can be seen that this approach is used particularly when the
available time for the research is too short and it may create risk in the
future. Additionally, the resources used in the research work are plenty enough
to conduct research. In this research work, it can be seen that previous
literature have been considered in this study. Therefore, using this approach
for this work is beneficial as it has avoided all the risks in the future.
3.6 Research design
Figure 3.6.1: Research design
Cloud computing security and factor
analysis can only be possible based on the existing contents. There are mainly
three research designs used: exploratory, explanatory and descriptive.
Among these three types of research designs, descriptive design has
been followed in this research for better evaluation of the problem statement.
In terms of analysing cloud computing factors different types of network
controls have been evaluated from different viewpoints. Gao et al. (2018, p.1004) have commented that only
the associated profiling elements of cloud security have been controlled by the
network programming. In order to deploy the control features by network
adjustments, every security alignment tool will be used. A descriptive design model is very
effective for the research process when it is based on the existing evidence/literature.
Various viewpoints are discussed for achieving a suitable perspective for
managing the required research outcomes. This design process helps the
researcher in order to achieve the research objectives in an efficient manner.
The descriptive research design will
be followed based on the key understanding of the project specification. Only
the available resources have been considered based on the objective overview.
Only the system artefacts will be controlled by the secondary research which
represents different opportunities. Kumar (2018, p.112) has opined that in terms of maintaining the
same evaluation factor, a separate design feature has been installed by the
study analysis. A different type of associated functionality management has
also been used for maintaining the activity control. In terms of multi-tenancy,
resource control elements have been considered first for justifying the
security concern. The isolated accelerated units have to be managed by the
multi-tenancy concept based on the algorithm generation process.
In this research study, in order to
develop the validity and reliability of the data, the descriptive research
methods are quite useful. This has helped to demonstrate demographics of the
selected information. Daniel & Harland
(2017) have stated that the descriptive research design has helped to support the
prevailing conditions. In this case, all the underlying patterns are analysed
in a proper way. Moreover, as this research design helps to evaluated any
number of variables, using this design is beneficial to verify the prevailing studies.
On the other hand, it has ensured the high-quality data. Therefore, it can be
said that this design is the best suited for this particular research work.
3.7 Research strategy
A systematic process within the
cloud-computing environment has been followed to conduct the research. Since
the research is based on qualitative study, a detailed thematic analysis has
been developed to complement the research objectives. Sehgal and Bhatt (2018) have stated that based
on the associative subject oriented profile, a network channelling process has
been installed to support the research process. A programming control unit has
been represented in a different format to maintain the programming analysis.
Variable components have been maintained in a different format from which the
associated profiles are controlled.This research process is based on the secondary qualitative process. Thus,
it is required to have a detailed strategy including the process of the
development of themes so that all the research objectives have been met. It is
required that all the developed themes are effective enough in order to relate
with the various models in order to secure the multi-tenancy environment of
cloud computing.
Several key findings suggested that
the network management frequencies are the main factor of security breach in
cloud computing. In terms of the research process, every associated perspective
has been considered for profiling elements adjustment. Mainly the research
process has been controlled by the network opportunities. Only the designed
variables have taken to make the adjustment through orientation profile. Based
on the data leakage security features, the adjustments are processed within the
network encryption. Only the regulations are controlled by the distributive
features altogether.
While considering different
approaches and opinions, it is helpful to use thematic analysis for any
research work. The theoretical framework from this analysis has helped the
study to identify proper information. Additionally, it can be seen that
researchers usually use this approach to develop own framework by analysing the
existence studies. Analysis of different approach or opinions may sometimes be
difficult. However, this thematic analysis has helped to understand the
opinions in an easy manner. Different themes have been created with the help of
analysing different opinions related to the study. Each developed theme has
contributed a huge part to the study.
3.8 Data sources and data types
Figure 3.8.1: Data sources and data types
Primary and secondary are two data
sources that are used for research purposes. In order to analyse the impact,
multiple relevant data sources from the internet have been fetched out.
Therefore, only the secondary data source has been used for this research purpose.
Relevant and available information regarding cloud security factors have been
discussed. In order to provide thematic analysis, a secondary data source is
the only option. Snyder
(2019, p.178) has commented that mainly the network control features are
adjusted by the design profile through the encrypted data formats. Kumar (2018, p.112) has opined
that information based on the client-side encryption procedures are
available in the information. A verification feature can control the
standardised resource utilisation factor. Based on the management profile, a
detailed analysis process can be fetched out from secondary data sources. In order to mitigate various cyber
risks, it is important to have a cloud audit for ensuring various security
policies in the associated framework (Subramanian& Jeyaraj, 2018, p.32).
These security policies should be effective enough in order to mitigate all the
common areas exploited by hackers. However, it is also kept in mind that the
audit process must have a broad visible approach so that it could ensure
effective security posture in the associated could assets.
Quantitative and qualitative data
types available for the data evaluation. However, cloud security auditing can
be maintained by the distribution features altogether. Quantitative is related
to numbers and qualitative data type associated with the facts. Since thematic
analysis has been featured in this dissertation, qualitative data type has
been used. In terms of shared technologies, a malicious insider program has
been evaluated by maintaining the design feature. Not only the design frame but
also the key factors are adjusted through regular component features (Cloudsecurityalliance.org, 2021).
The multi-tenant architecture can be designed based on the modelling elements
of associative properties.
Secondary data sources had been used
to collect information for this research paper. Secondary data sources have
been used to gather relevant information as secondary data sources are more
economic as compared with primary data sources (Martins, da Cunha & Serra,
2018). Using the secondary data sources efforts that have been made to gather
relevant information from several secondary data sources have been managed. In
addition to this, collecting information from different secondary data sources
saves a lot of time in data collection. Secondary sources have been used within
this research paper, to gather information as gaps as well as deficiencies in
research data collection can be determined effectively.
3.9 Data collection process
This
section plays a major part in describing how the research process has been
done. All the information related cloud computing has been collected in a
proper way. The entire data collection process has been conducted with the help
of Google Scholar. By fetching out information from the articles, journals and
bols from different authentic sources, objective overview has been developed.
By extracting different formats of the control elements, every key opportunity
factor has been analysed by supporting elements. Senarathna et al. (2018, p.655) have opined that an
average problem analysis description has been controlled by the design features
which are adjusted by the control elements. It can be seen that the industry
standards have been analysed for accessing benefits for businesses in real
world. Each and every key analysis has been justified. In the case of
transmitting separate distributive features, every analysing factor has been
featured. Service and data integration profiles are attached with the scalable
security maintenance.
By adjusting the design components,
a separated network feature has been controlled by the distributive feature.
Only the adjusted profile elements have been considered to be main profile
elements which can be analysed through verification. The adopted design feature
has been accommodated to the building block concept, which has been verified by
the supporting tool. Mainly the decision regarding the design profile has been
complemented through the network frame support. Different variables of the
cloud computing factor have been verified by each control source. Every sourced
material is verified by the control source of different specification
management. In case of verification source, different journals and articles are
considered to be adjusted. By controlling every design opportunity, a separate
profile has been adjusted by this.
Secondary data collection process
has been adopted for this research paper, to gather information. Using this
data collection method relevant information has been obtained from various
secondary resources. Secondary data collection method has been adopted for this
paper, to gather relevant information as information from secondary data
sources can be availed easily as it is available all over the internet
(Jindal‐Snape et al. 2020).
Using this method of data collection, a lot of time has been saved while collecting
relevant information for this research paper. Secondary data collection method
is also relatively cost effective than the primary data collection method. In
addition to this, new insights from the collected information have been
generated as well as reflected within this paper using the secondary data
collection method.
3.10 Data analysis plan
This section has demonstrated the
plan for analysing the collected data. Information regarding the cloud security
has been analysed through the control units available on verification units. By
maintaining the same design format, a specification feature is maintained by
the control elements. In terms of data analysis, every service design of the
network feature has been adjusted through the computing factors. Gao et al. (2018, p.1004) have
commented that in case of featuring the service profile, distributive
control components have been managed through the service opportunities. A fixed point statement should be developed from where the distribution
features will be discussed. As a result the decisions
regarding the developing units are presented in a unique format
altogether.
Based on the computer system and
application profile the service opportunities will be adjusted within the
network profile. The resolution within the service opportunities have been
controlled by the specific network elements altogether. In terms of operational
requirement every key facility is served with the design frame operation. There
are multiple operations, which are supported through the variable components.
Different technical deployment has been featured by the control elements, which
are analysed through existing material.The analysis of the associated data is
mainly done by the information stated in the section of the Literature review.
It is the process that comes after the end of the data collection process. The
impact of cloud model has also been discussed based on the CSCCRA model. Thus, it is required to have a shifting perspective
to the associated thinking process of the assessors so that it can reflect in
developing an effective mechanism. Various industrial
models have also been discussed in the literature review section in order
to have a secured cloud multi-tenancy infrastructure.
Thematic data analysis approach has
been adopted within this research paper, to analyse the information collected
from different secondary resources. This qualitative data analysis method has been
adopted throughout this paper, to determine patterns of information gathered
from a diverse range of secondary sources (Kiger & Varpio, 2020). Using this flexible data
analysis approach, new insights as well as concepts have been derived from the
information collected from different secondary resources. Thus, this data
analysis plan will help the readers to analyse qualitative data who are new to
this process.
3.11 Ethical consideration
Based on
the service elements a different control opportunity has been assessed by the
network elements. This
section has addressed the ethical considerations so that the research can be
conducted in an easy manner. In case of maintaining the design feature, the description
regarding the authority style has been included within the network elements. In
this case, trustable sources have only been considered while conducting the research.
By analysing the control elements, different distributive operations have been
accommodated within the service feature (Thesai.org, 2021). As a result, the theoretical
perspectives have been made through the overall procedure. In case of secondary
research study, proper referencing and acknowledgement have been done to
prevent any issue in the future.
In case of
separating the distributive properties, a network alignment has been developed
through network analysis. Better key elementary function has also been taken
care of while designing the control units.
Ethical considerations
also have been well managed within this research paper, while collecting
information from various secondary resources. Thus, for this purpose, relevant
information has been collected from several authentic secondary resources. In
addition to this, integrity of the collected secondary information has been
managed well within this research paper. Information has been collected from
authentic sources such as Google Scholars and ProQuest. In addition, with this,
legal considerations also have been
well managed within this paper. GDPR guidelines as well as principles have been
followed well within this paper as while managing legal considerations. In
addition to this, it also has been ensured that certain regulations have been
maintained while managing information according to the GDPR law. UK Data
Privacy Act 2018 has been followed throughout this paper, to manage
sensitive information (The UK Government, 2018). Professional concerns also have been well managed within this
paper, by ensuring that the code of conduct has been followed by the researcher
while gathering information for this research paper. Health as well as safety
regulations also have been managed well within this paper.
3.12 Time plan
Figure 3.12.1 Time plan
3.13 Summary
In this methodology section, a
proper overview of the chosen approaches and strategies has been developed. In
case of maintaining the design feature a separated profile control elements
have been distributed through the network operation. In case of separating the
design profile, a framework unit has been managed by the service profile. A detailed
description has been controlled by the service elements. The indicated network
profiles are adjusted by the network components that have been attached to the
network components.
Chapter 4: Findings
4.1 Introduction
This is
quite an important chapter as it has included all the major findings from
conducting the research work. As the study has only included secondary
qualitative data, this section has represented some major findings. In addition
to this, themes have been created to provide an insight about cloud
computing.
Figure 4.1.1: Mind map of theme selection
Above
figure expresses the mind of the themes that have been developed within this
research paper. Themes of this research paper have been derived from the mind
map.
4.2 Identification of themes
Themes
that have been developed within this research paper, have been identified using
the attributes that have been added within the developed mind map.
Identification of themes is very crucial for any research paper, as it helps to
define the fundamental activities involved within a research paper (Braun &
Clarke, 2019). Themes that have been developed within this research paper, have
been derived from personal experience as well as memories that have been
obtained by the researcher, from the course lecture. In addition to this,
themes that have been included within this research paper have been developed
by using the related concepts. Concepts such as cloud computing, cloud
computing security issue, cloud computing multi-tenancy, and multi-tenancy
issues in cloud computing, multi-tenancy threats, benefits that are obtained by
organizations after having systems of multi-tenancy have been used as concepts
to develop themes for this research paper.
Figure 4.2.1 : Multi-tenancy in cloud computing
(Source:
Kumar & Reddy, 2020)
In
addition to this, different concepts of cloud computing as well as concepts of
multi-tenancy have been used within this research paper to develop themes.
Several concepts cloud computing have been linked to determine as well as using
those concepts themes have been developed for this research paper.
Identification of themes is the primary task in qualitative data analysis
(Terry et al. 2017). Themes that have
been developed within this research paper, have been derived from the
information that were collected from qualitative secondary data analysis. In
order to identify themes, concepts that have been made within the literature
review section of this research paper, have been reviewed. The characteristics
of the themes that have been developed within this research paper, have been
identified from the discussion that have been made within the literature review
section of this paper.
For
this purpose, different concepts of cloud computing have been integrated to
determine as well as develop themes for this research paper. In addition, with
this, feelings of the researcher have been taken into consideration to develop
themes for this research paper. Different concepts of cloud computing as well
as multi-tenancy factors within the area of cloud computing have been taken
into consideration while determining themes for this research paper. In
addition to this, personal beliefs by the researchers also have been taken into consideration
while developing themes for this research paper. Various examples of cloud
computing, cloud computing security factors, multi-tenancy factors,
multi-tenancy issues, multi-tenancy factors that affect the security of cloud
computing environments have been taken into consideration to determine themes
for this research paper. All the concepts of cloud computing as well as
multi-tenancy factors of cloud computing have been actively integrated to
determine themes for this research paper.
Various
techniques such as analysis of words, comparison as well as contrasting of
contents and linguistic features have been used within this research paper to
determine themes.
Analysis
of words
Word
analysis has been conducted to determine themes for this research paper. For
this purpose, repetitive words that have been used within this research paper
such as cloud computing, cloud computing security, multi-tenancy factors have
been analysed properly to determine themes for this research paper. In addition
to these major key terms as well as key contexts of this research paper, have
been taken into consideration to determine themes. Word repetition is used to
determine themes of any research paper and analysed both formally as well as
informally (Maguire & Delahunt, 2017). After analysing the repetitive words
that have been throughout this research paper, certain themes have been
identified for this research paper. In addition to this, within the proceeds of
determining themes for this research paper, frequencies of words also have been
maintained effectively.
Several
unique words have been identified from the discussion that have been made
within this research paper. In addition to this, occurrence of words within
this research paper have been taken into consideration to develop themes for this research
paper. For this purpose, several unique words that have been used throughout
this research paper such as multi-tenancy, cloud computing, multi-tenancy
factors have been taken into consideration to determine as well as suitable themes
for this research paper.
Figure 4.2.2 : Thematic analysis
(Source:
Maguire & Delahunt, 2017)
Above
figure explains the thematic analysis process that have been considered for
this research paper.
Comparison
and contrasting
Compare
as well as contrast approach has been taken into consideration to develop
themes for this research paper. Within this approach, discussions that have
been made are carefully analysed line by line (Neuendorf, 2018). Using this
themes detection approach each line of this research paper has been analysed
carefully. This theme detection approach acts as a purpose statement. Scope of
the information that have been included within this research paper, have been
determined by comparing as well as contrasting each line contexts of this
research paper. This comparison has been conducted within this research paper,
by comparing the context of a line with its previous line context. All the
lines as well as discussion that have been made throughout this research paper,
have been compared with its previous context to determine themes for this
research paper.
Linguistic
features
Linguistic
features of this research paper such as metaphors as well as analogies have
been analysed properly to determine themes for this paper. Metaphors such as
thoughts, behaviours as well as experience by the researcher are used to
develop themes using the linguistic feature theme detection approach (Sundler et al. 2019). For this purpose, the
patterns of the texts of this research paper have been taken into
consideration. In addition, identification of text patterns, keywords used
within this research paper, have been taken into consideration to determine
themes for this research paper.
Occurrence
of thematic concepts that have been made within this research paper, also have
been taken into consideration to develop themes for this research paper. For
this purpose, the transition of the linguistic forms has been taken into
consideration while determining certain themes for this research paper.
Transitions of the content that have been included within this research paper,
have been analysed properly to identify suitable themes for this research
paper.
In
addition, the connector linguistic approach also has been taken into
consideration to determine themes for this research paper. Connector linguistic
approach defines the relationship between different words as well as phrases
used within a research paper (Kiger & Varpio, 2020). For this purpose,
certain connectors that have been used throughout this research paper have been
taken into consideration. Specific connectors that have been used within this
paper, between words as well as key phrases such as because, since, as results of this, rather than have been taken
into consideration to determine themes for this research paper.
Unmarked
texts
This
theme detection approach also has been used to determine themes for this
research paper. Using this theme detection approach, texts included within this
research paper that are not associated or linked with any themes have been
identified. For this purpose, contents that have been included within this
research paper, have been read multiple times. After first reading salient
themes of this research paper have been identified. After marking the salient
themes, certain themes have been identified from the rest of the contents of
this research paper. Using this theme detection technique certain themes have
been identified quickly for this research paper.
Cutting
as well as sorting
This
specific theme detection technique has been utilised within this research paper
in order to determine themes effectively. This specific theme detection
approach involves reading the texts throughout as well as identifying important
quotes (Sherif, 2018). This themes detection approach has been adopted within
this research paper to determine as well as develop suitable themes. Using this
theme detection methodology, discussions that have been made throughout this
research paper, have been red as well as analysed. After analysing the contents
of this research paper, important keywords as well as quotes have been
highlighted. After highlighting important key words as well as quotes, marked
quotes have been organized according to their relevance for this research
paper. Systematic description of themes is obtained through the cutting as well
as sorting theme detection approach (Sundler et al. 2019). Using this theme detection approach, variation among
the determined themes have been managed effectively throughout this research
paper. After that meaningful theme have been identified as well as developed
from the contents of this research paper.
4.3 Findings of secondary qualitative data
Theme 1: Cloud Service Providers (CSPs) are necessary to
demonstrate the accuracy of the services.
This theme has discussed the
importance of CSP in providing accurate services. In this modern age, the
cloud-first approach is simply anchoring the risks. Alhanahnah et al., (2017, p.55) have stated that in
2021, the public cloud services spending has been accounted to total $332.3
billion. The growth has been calculated as 23.1%. The capabilities proposed by
cloud are quite useful in leveraging the improving technologies. Considering
all the facts, it can be stated that Cloud Services Providers (CSPs) help the
customers to avail the cloud services. The services provided by CSP are
Infrastructure as a Service (IaaS) , Platform as a Service (PaaS) , and
Software as a Service (SaaS) . In the case of IaaS , physical computing
resources are included. The set of services are servers , networks , storage
and hosting infrastructure . In this case, the customers make their
selection on the basis of the computer resources. The computer resources are processing ,
memory , capacity and bandwidth .
Figure 4.3.1: Public Cloud Services Market Share
(Source: Azadi et al., 2019, p.85)
In the case of Platform as a Service (PaaS) ,
computing infrastructure of the platform is also included. This
infrastructure helps the cloud software to run smoothly. The components are
such as runtime software execution stack , databases , and other middleware
components. Cheng et al.,
(2018) have opined that in this case, the customers make their choices
on the basis of their required applications. In the case of Software
as a Service (SaaS) , the customers have limited administrative
control and customization capabilities . All these capabilities provided by
CSPs are beneficial for customers as they exhibit accurate services.
Figure 4.3.2: Cloud Providers
(Source: Halabi & Bellaiche, 2017, p. 99)
The above figure demonstrates five
major activities played by CSPs . The models of Service Deployment by the
CSP are such as public cloud , private cloud and hybrid cloud . Lang et al., (2018, p.335) have
opined that in order to provide cloud services to consumers, the
activities related to computing cloud such as arrangement , coordination and
management of computing resources . All these activities ensure better and
quality services to the customers.
Theme 2: In practical situations, the cloud models are only
available as prototypes and proposals.
This theme
has demonstrated the only drawback of the existing cloud models. In most cases,
the existing cloud models are not practical. They are usually available in the
form of prototypes and proposals. Therefore, there is no way one can determine
how the models are effective. In this case, there are several disadvantages in
cloud models. The significant challenges identified in these cases are as
follows:
While working in a cloud
environment, any attack on the tenant can affect the performance. In the case
of cloud computing, the performances of shared resources can vary. The outage
and technological issues are also included in cloud technology. The technical
issues are quite common in every company. Rădulescu & Rădulescu (2017, p.16) have
claimed that the companies with the best cloud services also face the
same situations although they maintain high standards of maintenance. Security
risk is the most common threat in cloud services. This drawback is not good for
organization. While adopting technology, the organizations should be aware of
sharing sensitive information. As the information is shared to cloud computing
service providers, the hackers can easily access the information and cause harm
to the customer.
On the other hand, downtime is also
a considerable issue for the customers as the provider may face low internet
connectivity and service maintenance. Razaque et al., (2020, p.36) have opined that in cloud computing,
good internet connectivity is always appreciated as without this customer
cannot access the cloud. There is no other way for collecting information from
the cloud. The limit on bandwidth is also a crucial factor as it restricts the
users. In some cases, the additional charges on this can easily be expensive.
Failing to provide support to the customers is another disadvantage of cloud
services. Here, it can be noticed that non-technical persons face huge issues
while handling the services.
Theme 3: Multi-tenancy improves
the security of organizations.
Multi-tenancy represents sharing. In this case of
cloud computing, the multi-tenancy simply represents multiple customers. All
the customers are served with a single application. Each of the tenants share
computing resources and they are separated logically. Both private and public
clouds use multi-tent architecture. The advantages of using this multi-tenant
structure specifically help the organizations. Azadi et al., (2019, p.78) have said that the
organizations can easily increase their competitive advantages by passing on
the bottom line cost savings to customers. On the other hand, the business
agility is also increased with the help of this. In cases of new offerings, the
market speed is also improved with this. In case of customers or end users, the
basic requirements are fulfilled where flexibility is also involved. The
customers usually have the burden of in-house IT resources. With Multi-tenant systems, the burdens are also lightened.
Besides all these advantages, there
are various security risks involved within the multi-tenant architecture. This
is not a new issue in terms of resource sharing. The multi-tenant users are
usually separated at the virtual level. However, the integration between them
is physical. The inadequate configured infrastructure corrupts the data. There
are other issues such as co-tenant, external attacks, tenant workload
interference and incorrectly assigned resources. Cheng et al., (2018, p.88) have opined that irrespective
of all these risks, the system has helped the organization in multiple ways.
This theme has identified how the multi-tenant system is enhancing the
activities in organizations. The wide use of this system simply exhibits how
this has been helping the industry to grow.
Theme 4: Multi-tenancy cloud
security threats impact cloud computing
Multitenancy within the domain of
cloud computing imposes a significant challenge as the same physical resources
are utilised by various tenants. In addition to this, in case of multi-tenancy
the same software as well as data resources are used by various tenants that
pose a serious security concern within the area of cloud computing. A
significant number of challenges are observed within a cloud infrastructure
having multi-tenancy issues in terms of compliance, security as well as privacy
concerns (Kumar & Bhatt, 2020). Data management within the area of cloud
computing is crucial as different users will be using the same computer
resources thus, managing privacy as well as security of the sensitive
information needs to be reviewed of the cloud computing system having
multi-tenancy issues. Absence of network isolation as well as multi-tenancy
issues has made the public cloud infrastructures are vulnerable to
cyber-attacks.
Traffic isolation in addition with
efficient bandwidth management needs to be done to solve the multi-tenancy
problem within the area of cloud computing. This needs to be done, as attacks
can be launched by malicious tenants to their co-residence tenants using the
shared cloud data centre. Kumar & Bhatt (2020) suggest that several threats
are associated within the cloud computing system having multi-tenancy issues
such as control and auditing, configuration and change management, logical
security, and access control respectively. In case of governance and auditing, these risks
pretend to be CSP providers as well as roles of tenants such as users,
customers, and clients have in governing these risks. This multi-tenancy threat
is applied on
various cloud platforms such as IaaS, PaaS, and SaaS respectively (Ahmed, 2019).
Configuration,
design and change management risks are also involved within the domain of
multi-tenancy issues in cloud computing. Specific cloud architectures having
multi-tenancy issues are generally targeted by these cloud computing risks. In
addition, this multi-tenancy threats of cloud computing can be generated from
cloud technologies such as virtualization as well as internetworking
respectively. These multi-tenancy threats of cloud computing generally target
specific cloud environments such as IaaS and PaaS (Kadhim et al. 2018). Access control, encryption and logical control are
some of the multi-tenancy threats within the domain of cloud computing. These
types of multi-tenancy risks are generally very application driven. Specific
cloud environments such as SaaS and PaaS are targeted by the multi-tenancy
threats. Security systems of cloud computing are often targeted by these
multi-tenancy risks. In addition to this, exposure of cloud computing databases
has caused the increased number of multi-tenancy threats within the cloud
computing environment. Interference among the tenants using
the same physical resources also causes multi-tenancy problems within cloud
computing environments.
4.3 Summary
In this section of this research
paper, findings of the secondary qualitative information that have been
collected have been discussed. After collecting information from several
secondary sources, obtained information has been organised according to their
relevance. From the obtained information from secondary resources, findings of
this paper have been generated. Several themes have been discussed within this
chapter that focuses on the findings of this research paper. Themes have been
generated to show the meaningful findings obtained through secondary
qualitative data analysis. All the developed themes suggest that multi-tenancy
issues within the domain of cloud computing imposes a serious security concern
of the tenants using the same physical resources. Malicious tenants as well as
interference between the tenants using the same resource often impose a serious
security concern for the tenants. Lack of traffic isolation has caused the
increased number of multi-tenancy problems within cloud environments.
Chapter 5 : Discussion
5.1 Introduction
This chapter is very important for
this paper, as results that have been found from various secondary qualitative
data will be discussed briefly within this section. For this purpose, findings
of this research paper will be analysed within this section. These findings
will be analysed by keeping the aim of this research paper in mind. Discussing
the finding will help to achieve the objectives of this research paper. In
addition, with this, further insight of the findings will be evaluated within
this chapter. Thus, this chapter will help the readers to understand the
findings better as well as in a clear way.
5.2
Analysis of the secondary qualitative research
Theme 1: Cloud Service Providers (CSPs) are
necessary to demonstrate the accuracy of the services .
This specific theme focuses on the
approach that CSP providers are essential to demonstrate the accuracy of cloud
services. Cloud Service Provider (CSP) is referred to as the third-party
company that provides cloud-oriented infrastructure, application as well
storage services (Khan, Parkinson & Qin, 2017). Cloud service providers
provide cloud infrastructure for their clients. Cloud environments must be
multi-tenant enabled to obtain cloud services from CSP providers. Isolation
within the domain of cloud computing is an essential factor for the tenants
having cloud services from CSP providers. Proper traffic isolation needs to be
enabled within the cloud infrastructure provided by the CSP providers to their
clients (Ochei, 2020). In addition, this specific theme focuses on the need of
CSP providers to manage the accuracy of various cloud service operations.
Apart from providing suitable cloud
infrastructure for clients, CSP providers also provide security measurements
for the offered cloud infrastructure. Various third party CSP providers
available such as Amazon Web Service (AWS), IBM cloud, Oracle, Google cloud,
SAP, and Microsoft Azure respectively. Various security features are provided
by the CSP providers for their clients. In addition to this, cloud security
compliance is also provided by the CSP providers with their offered cloud
infrastructure (Ochei, 2020). GDPR, HIPA are some of the cloud compliances
security standards offered by the CSP providers to their clients. In addition
to this, cloud architecture is also managed as well as handled by the CSP
providers. CSP providers help to make the cloud infrastructure according to the
requirements of their clients. Cloud security levels are also managed by the
CSP providers. Security levels are handled by the CSP providers while managing
the GDPR regulations (Indu,
Anand & Bhaskar, 2018).
Thus,
through this theme it has been shown that CSP providers are very much needed to
manage the accuracy of cloud service operations.
Theme 2: In
practical situations, the cloud models are only available as prototypes and
proposals .
This
specific theme of this paper, mainly focuses on the availability of different
types of cloud models. Cloud models are used by the cloud service provider to
offer cloud services within the cloud infrastructure. In addition to this cloud
models also improves the processing power as well as the storage ability of the
cloud information system (Alashhab et al.
2021). This theme helps to define the objective of this research paper,
that states that cloud computing securities are affected by multi-tenancy problems.
In addition, with this, the maintenance of cloud security infrastructure is
done by the CSP providers by scaling as well as securing the cloud IT
infrastructure. Several cloud models are available such as software as a
service (SaaS), platform as a service (PaaS) and infrastructure as a
service (IaaS) respectively. According to this theme these cloud models are
only available as prototypes.
Figure 5.2.1: Different cloud models
(Source:
Akshaya & Padmavathi, 2019)
From
this figure various cloud service models such as IaaS, SaaS and PaaS can be
seen. As SaaS applications can only be accessed over the internet but can be
managed by the CSP providers, not by the clients. Thus, it eliminates the
concern for managing the infrastructure, maintenance, network security, data
availability while managing the application. In the case of the PaaS, cloud
model a link between the IaaS and SaaS is established (Akshaya &
Padmavathi, 2019). This model can be accessed by the clients to build locations.
In addition to this, the scope of using IDE also gets reduced significantly
within this cloud model. This cloud model has relatively low market share as
compared with other available cloud models.
In
the case of the IaaS cloud model, computer capabilities are effectively used by
the users. Capabilities of this specific cloud model can be utilised by the
clients to facilitate storage, network and to manage the processing power of
cloud environments (Ochei, Bass & Petrovski, 2018). Thus, through this
theme, the objective of this research paper, in understanding cloud security
having multi-tenancy issues has been discussed.
Figure 5.2.2: Information security
challenges
(Source:
Adewojo & Bass, 2018)
Above
figure explains the information security challenges within the domain of cloud
computing of the system having multi-tenancy.
Theme 3: Multi-tenancy improves the security of organizations .
This
specific theme of this research paper, mainly focuses on the factor that states
that multi-tenancy improves organization s security. In the case of a cloud
system having multi-tenancy, a single instance of the system is used by
multiple users (core.ac.uk, 2020). In systems having multi-tenancy single
resources such as instances, configuration as well as data can be used by
multiple tenants on the same server. Security of organizations having systems
of multi-tenancy improve their security as system resources can be maintained
conveniently. System resources such as interface, configuration, asset monitoring along user
provision activities can be done effectively of the system having
multi-tenancy. In addition to this, security of organizations gets improved by
multi-tenancy faster deployment of systems can be seen with the systems having
multi-tenancy in organizations. It eliminates the need of several manual
operations such as adding a new user as well as managing time for the end users
(Sharma, 2018). According to this theme, multi-tenancy improves an
organization s security by enhancing the system by sharing system analytics.
In
addition to this, threat intelligence is also shared within the organization's
system having multi-tenancy. System analytics such as reports, dashboards, are
shared with the users. Thus, organization's systems having multi-tenancy help
MSSP to determine threats effectively. In addition to this, privacy as well as
security of organization s sensitive information is also well managed by
systems having multi-tenancy (Akshaya & Padmavathi, 2019). Effective thrust
detection as well as response allows in systems having multi-tenancy to secure
the privacy of organization s sensitive information.
Thus,
through this theme, the objective of this research paper in determining the
benefits that can be obtained in the real world of systems having multi-tenancy
has been achieved.
Theme 4: Multi-tenancy cloud security threats impact cloud
computing
This
theme of this paper primarily focuses on the threats that are present in
systems having multi-tenancy within the cloud computing environment. As in case
of cloud computing systems having multi-tenancy, single system instances are
used by multiple users, thus a concern of security is always present in cloud
systems having multi-tenancy. Side channel attacks pose security
threats for the system having multi-tenancy. Information that has been obtained
from bandwidth management is used to conduct this attack. Absence of proper authentication
mechanism is the primary reason behind this attack in cloud systems having
multi-tenancy (Akshaya & Padmavathi, 2019). In addition to this,
interference among the tenants using the same system resources can also be
referred to as multi-tenancy threats.
Figure 5.2.3: Cloud computing
multi-tenancy threats
(Source:
Sharma, 2018)
From
the above figure the multi-tenancy threats with cloud computing can be seen.
According to this theme, a malicious tenant using the same cloud resources can
conduct an attack against their co-residence tenants as a single instance is
used by multiple users. Thus, privacy as well as confidentiality of information
is breached within the systems having multi-tenancy in the cloud environment. Absence
of proper bandwidth management as well as lack of network traffic isolation has
caused the increased number of multi-tenancy threats within the cloud
environment. Thus, this theme effectively explains objectives of this research
paper that states that multi-tenancy in cloud computing impacts its security.
5.3 Categorization of themes
After
the determination of suitable themes for this research paper, developed themes
have been categorised according to their relevance for this paper. Themes
within a research paper are generally used as descriptors, elements, attributes
as well as concepts (Maguire &Delahunt, 2017). Themes that have been
developed within this research paper have been used as implicit topics. These themes have
been used as well as categorised to help the researcher in answering the
research questions. In addition to, these themes have been categorized within
this research paper for organising several repeating ideas as well as concepts
that have been discussed throughout this research paper.
Certain
themes that have been developed within this paper, have been categorised
managing a general point of reference. In addition, a high extent of generality
has been used to categorise the developed themes within this research paper.
For this purpose, different concepts as well as ideas that have been made
within this research paper have been integrated to develop as well as
categorising the developed theme for this research paper. Themes within a
research paper are used as components of subjective understanding by the
researcher (Braun & Clarke, 2019). Themes within a research paper are used
as threads that define implicit at imperative level.
Information
that has been gathered from the undertaking qualitative data analysis method
has been integrated to develop themes for this research paper. After collecting
information from various secondary resources gathered, information has been
organised according to their relevance within this research paper. This
organised information has been taken into consideration to develop themes for
this research paper. Comparative view of the information that have been
included within this research paper, has been taken into consideration while
categorising the developed themes. In addition to this, patterns of the
contents that have been discussed throughout this research paper have been
considered to categorize the developed themes. Within the process of categorising
the developed themes, ambiguity of inventions has been managed effectively.
In
addition, with the above discussed procedures, important key words that have
been used repeatedly throughout this research paper, also have been taken into
consideration. For this purpose, important key words such as cloud computing,
security in cloud computing, multi-tenancy, multi-tenancy factors, and
multi-tenancy threats have been taken into consideration to develop themes for
this research paper. In addition, these important key words have helped to
categorise the themes that have been developed within this research paper.
Themes that have been developed within this research paper, have been
categorised according to their descriptive level.
The
developed themes within this research paper, have been categorized in such a
way that each developed themes are capable to describe the contents of this
research paper explicitly. In addition to this, developed themes within this research paper,
have been categorized according to their effectiveness in satisfying the
objectives of this specific research paper. Category is the primary product
within the process of thematic analysis (Kiger & Varpio, 2020). Themes that have been
identified within the findings of this research paper, have been categorized at
the beginning of the qualitative data
analysis method that has been adopted within this research paper. After
determination of themes, the identified themes have been categorized according
to the content level for this research paper. Certain conceptualization levels
have been managed by the researchers while developing as well as categorising
the developed themes for this research paper. Underlying meaning of important
key words used throughout this research paper, have been taken into
consideration while categorising themes for this specific research paper.
5.4
Summary
Within this chapter of this research
paper, information that has been found from secondary qualitative data analysis
has been discussed. For this purpose, the themes that have been developed in
the findings section have been evaluated within this chapter of this research
paper. Different aspects of systems having multi-tenancy have been discussed
within this section. In addition to this, benefits that are obtained by
organisations from systems having multi-tenancy also have been briefly
discussed within this section. This section will help to define suitable
conclusions for this research paper.
Chapter 6:
Conclusion and recommendation
6.1 Conclusions
This chapter is very important for
this research paper, as it summarizes all the discussions that have been made
throughout this paper. Through this section of this paper, conclusion has been
made after analysing the data obtained from secondary qualitative analysis. It
has been concluded that having multi-tenancy in systems within the domain of
cloud computing improves its operational functionality; however, multi-tenancy
threats also cause concerns for organizations. Data confidentiality as well as
privacy of information is breached as single system resources are used by
multiple users.
6.2 Linking with objectives
Objectives of this research paper
have been connected within this section for further evaluation. This has been
done linking the conclusion section of this paper, with the mentioned
objectives.
Objective 1: To analyse cloud computing security which
affects multi tenancy
This objective has been discussed
briefly within the 2.3 literature review section of this paper. Cloud
computing security factors affect the functionality of the system having
multi-tenancy. As in the case of systems having multi-tenancy, single system
resources are used by multiple users that pose serious security threats within
the domain of cloud computing (Ahmed, 2019). A security concern of cloud computing such as integrity as
well as confidentiality of the system resource that has been used by multiple
tents gets affected. One malicious tenant can conduct an attack against their
co-residence tenants as a single system instance is used as well as shared by
multiple tenants (Kadhim et al. 2018).
Objective 2: To understand the
industry standard for security cloud multi-tenancy
This objective has been described
clearly within the 2.3 literature review section of this research paper.
Provision of security within the domain of cloud computing is very essential to
manage the integrity as well as privacy of information (Kadhim et al. 2018).
Certain industry security standards need to be applied to the systems having
multi-tenancy within the domain of cloud computing. These security standards
need to be applied according to the GDPR principles and guidelines.
Objective 3: To analyse the
industry standard benefits for businesses in the real world
This objective of this paper has
been described briefly within the 2.4 literature review section of this
research paper. As in case of systems having multi-tenancy, a single system
instance is utilised by multiple users within the same server thus, cost for
maintenance of system resources gets reduced significantly (cyber.gov.au, 2020). In addition to this, interface, configuration, asset
monitoring is some of the operations that are done by the system having
multi-tenancy.
Objective 4: To understand the most understudied aspects of
cloud security
This objective also has been
discussed clearly within the 2.4 literature review section of this research
paper. Security aspects within the domain of cloud computing is very important
as these aspects help to define as well as manage the security mechanism of
various cloud platforms. Response to cloud security events is one of the
understudied aspects of cloud security. These aspects need to be considered to
run security responses to manage security of cloud environments.
6.3 Recommendation
● Minimal on-demand network access needs
to be configured based on the service model
In case of adjusting the
multi-tenancy feature, security of the cloud architecture should be managed in
an effective manner. Virtualization, which enables different control
opportunities, can maintain different formats based on the computing strategy.
The entire hardware should be configured in a way that only resource pooling
operation can operate by the system characteristics. On-demand services need to
be installed in a large format within the resource units. Every networking unit needs to be indicated based
on the resources that are allocated within the platform.
● Software as a Service needs to be
monitored to manage the infrastructure
In case of resource pooling operation,
a better system infrastructure can be maintained by the security support within
SaaS. Since multiple versions of cloud service are operated by the application
format, a significant control version needs to be used. In multi-tenancy
software features, the authorised browsing facility maintained by the SaaS to
provide better scalability features. In case of providing better support, only
accessible database features need to be installed within the network
components. Processing applications are controlled by licensed access units
which maintain a better efficiency within the database design.
● Layered resource should be
maintained for enhancing security of cloud multi-tenancy
In order to enhance the security of
multi-tenancy programs, different programming tools are used for saving
confidential data. Only the data-controlling network mainly controls the
application formats that are used to program. Based on the operational environment
a development platform needs to be used. Based on the network resource every key design formats need to be installed based on the
software version. The management process of the cloud infrastructure needs to
be sustained in a specific format for distributing the database feature.
6.4 Future prospect of the study
Hybrid- tenancy will be used for
single and multi channel processing software s. This loud environment will
provide a cost-efficient management facility within the industrial format. The
application format controls the whole identification format based on the
multi-tenancy program. Only scalable and storage functionality controls the
virtualization format within the network. Different perspectives of the cloud
features are maintained by the application storage. There are multiple formats
based on the platform analysis presenting into the single database. Cloud
computing resources need to be applied in a single format within the industrial
format. Only the multi-tenancy reliable methods are used based on the computing
resource. Main design portal within the database development is used within the
mainframe application.
The cloud components maintain a
separate profile based on the virtualization elements. Only the physical
development of the controlling elements is controlled by the formats that are
supported within the industrial format. The computational elements are adjusted
according to the application format. Based on the security perspective, better
programming support is enabled within the multi-tenant functionality. Only the
resource elements are part of the application channel that is used to support
organizational format. Hardware configuration support enables these controlling
elements to be featured within the same format.
APA 7th Edition References
Adewojo, A. A., &
Bass, J. M. (2018, March). Evaluating the effect of multi-tenancy patterns in
containerized cloud-hosted content management system. In 2018 26th
Euromicro International Conference on Parallel, Distributed and Network-based
Processing (PDP) (pp. 278-282). IEEE.http://usir.salford.ac.uk/id/eprint/48443/1/PDP2018_paper_139%20submission.pdf
Akinrolabu, O., New, S., & Martin, A.
(2019, June).Assessing the security risks of
multicloudsaas applications: A real-world case study.In2019 6th IEEE International Conference on Cyber Security and Cloud
Computing (CSCloud)/2019 5th IEEE International Conference on Edge Computing
and Scalable Cloud (EdgeCom) (pp. 81-88).IEEE.
Akshaya, M. S., & Padmavathi, G. (2019). Taxonomy of
security attacks and risk assessment of cloud computing. In Advances in
big data and cloud computing (pp. 37-59). Springer, Singapore.<https://www.researchgate.net/profile/Zouhair-Chiba/post/Please_tell_me_the_recent_methodologies_used_in_cloud_computing_security/attachment/5cbf632ecfe4a7df4aeb057e/AS%3A750928181338115%401556046638683/download/Taxonomy+of+Security+Attacks+and+Risk+Assessment+of+Cloud+Computing-2019.pdf>
Alashhab, Z. R., Anbar, M., Singh, M. M., Leau, Y. B.,
Al-Sai, Z. A., &Alhayja a, S. A. (2021). Impact of coronavirus pandemic
crisis on technologies and cloud computing applications. Journal of
Electronic Science and Technology, 19(1), 100059.<https://reader.elsevier.com/reader/sd/pii/S1674862X20300665?token=751C90939984A42A36DE9D5EA283D9B05A85E31E3D725B8A8D89DD429887A7E7BD838BC35AF3BCF75CBC39E58D05F1F6&originRegion=eu-west-1&originCreation=20211001044105>
Alassafi, M. O.,
Alharthi, A., Walters, R. J., & Wills, G. B. (2017). A framework for
critical security factors that influence the decision of cloud adoption by
Saudi government agencies. Telematics and Informatics, 34(7),
996-1010.https://eprints.soton.ac.uk/412432/1/A_framework_for_critical_security_factors_that_influence_the_decision_of_cloud_adoption_by_Saudi_government_agencies_003_.pdf
Alassafi, M. O., Atlam, H. F., Alshdadi,
A. A., Alzahrani, A. I., AlGhamdi, R. A., &Buhari, S. M. (2019). A
validation of security determinants model for cloud adoption in Saudi
organisations context.International Journal of Information Technology,
1-11.
Alhanahnah, M., Bertok,
P., & Tari, Z. (2017). Trusting cloud service providers: trust phases and a
taxonomy of trust factors. IEEE Cloud Computing, 4(1),
44-54.
<https://www.researchgate.net/profile/Mohannad-Alhanahnah/publication/315301243_Trusting_Cloud_Service_Providers_Trust_Phases_and_a_Taxonomy_of_Trust_Factors/links/5b58ddcaa6fdccf0b2f7d02c/Trusting-Cloud-Service-Providers-Trust-Phases-and-a-Taxonomy-of-Trust-Factors.pdf>
Alharahsheh, H.H. and
Pius, A., 2020. A review of key paradigms: Positivism VS interpretivism. Global
Academic Journal of Humanities and Social Sciences, 2(3),
pp.39-43. https://www.gajrc.com/media/articles/GAJHSS_23_39-43_VMGJbOK.pdf
Amron, M. T., Ibrahim,
R., Bakar, N. A. A., &Chuprat, S. (2019). Determining factors influencing
the acceptance of cloud computing implementation. Procedia Computer
Science, 161,
1055-1063.https://pdf.sciencedirectassets.com/280203/1-s2.0-S1877050919X00174/1-s2.0-S1877050919319271/main.pdf?X
Azadi, M., Emrouznejad,
A., Ramezani, F., & Hussain, F. K. (2019). Efficiency measurement of cloud
service providers using network data envelopment analysis. IEEE
Transactions on Cloud Computing.
<https://publications.aston.ac.uk/id/eprint/39653/1/CLOUD_SERVICE_PROVIDERS.pdf>
Braun, V., & Clarke,
V. (2019). Reflecting on reflexive thematic analysis. Qualitative
Research in Sport, Exercise and Health, 11(4), 589-597.<https://edisciplinas.usp.br/pluginfile.php/6170845/mod_resource/content/1/Reflecting%20on%20reflexive%20thematic%20analysis%20(2).pdf>
Brown, W. J., Anderson, V., & Tan, Q.
(2012, September). Multitenancy-security risks and countermeasures.In2012 15th International Conference on
Network-Based Information Systems (pp. 7-13).IEEE. https://www.researchgate.net/publication/261342160_Multitenancy_-_Security_Risks_and_Countermeasures
Bunkar, R. K., & Rai, P. K. (2017).
Study on security model in cloud computing. International
Journal of Advanced Research in Computer Science, 1
Cheng, M., Li, J., &
Nazarian, S. (2018, January). DRL-cloud: Deep reinforcement learning-based
resource provisioning and task scheduling for cloud service providers. In 2018
23rd Asia and South pacific design automation conference (ASP-DAC) (pp.
129-134). IEEE.
<https://d1wqtxts1xzle7.cloudfront.net/55437717/2018_ASP-DAC_DRL-Cloud-with-cover-page-v2.pdf?Expires=1633006776&Signature=Sq6xPzJhvfk4I~i9jUZilCQzXWe~9XKDr7KngbUihtTMj2M4iPwEqwNd0ujW~-CNnCNNMUotm8g3hB9K9iZCarRAkcEeabq385vUVUJf0d-ZYxz~cnpWMtUyUXxiOLnGjtiGGVnlrl9OJw6ZgiqEdNtXRBi~aQgNlpjoaYoESK6ZD-YNr6hCdXNnZPnlgjG8eEpiw~QQPJ17BmIinDdUM83aUuX3cjWErdgOXEVZfhOtNUeMvnMNaF5ASjumUjj~~NmTBFxK59JZVZQnYZZp758u2DLQ6UlA38P5agf-G5WvVS8PrwLWPmjmWjTymUTD9F3Z12q5L97r-htVDjjROg__&Key-Pair-Id=APKAJLOHF5GGSLRBV4ZA>
Cloudsecurityalliance.org,
2021 Cloud Security Challenges in 2020 https://cloudsecurityalliance.org/blog/2020/02/18/cloud-security-challenges-in-2020/
core.ac.uk (2020).Multitenancy - Security Risks and
Countermeasures.
https://core.ac.uk/download/pdf/58776725.pdf
cyber.gov.au, (2020).Cloud Computing Security for Tenants.<https://www.cyber.gov.au/acsc/view-all-content/publications/cloud-computing-security-tenants>
Daniel,
B. K., & Harland, T. (2017). Higher education research methodology: A
step-by-step guide to the research process. Abingdon: Routledge. https://www.routledge.com/Higher-Education-Research-Methodology-A-Step-by-Step-Guide-to-the-Research/Daniel-Harland/p/book/9781138556003
Gao, F., &Sunyaev,
A. (2019). Context matters: A review of the determinant factors in the decision
to adopt cloud computing in healthcare. International Journal of
Information Management, 48, 120-138.[Online]
https://www.sciencedirect.com/science/article/pii/S0268401218307266
Gao, F., Thiebes, S.,
&Sunyaev, A. (2018). Rethinking the meaning of cloud computing for health
care: a taxonomic perspective and future research directions. Journal
of medical Internet research, 20(7), e10041. [Online]
https://www.jmir.org/2018/7/e10041/
Halabi, T.,
&Bellaiche, M. (2017). Towards quantification and evaluation of security of
Cloud Service Providers. Journal of Information Security and
Applications, 33, 55-65. <https://doit.express/upload/drive/18/04/10-1016-j-jisa-2017-01-007-towards.pdf>
Indu, I., Anand, P. R., & Bhaskar, V. (2018). Identity
and access management in cloud environment: Mechanisms and challenges. Engineering
science and technology, an international journal, 21(4), 574-588.<https://reader.elsevier.com/reader/sd/pii/S2215098617316750?token=7660FAC1B075C98D3664DBE4432363009A2E55456252C02F3CACF586FA617AC5A71DE2933E9094FEFE2BC861180DD1B8&originRegion=eu-west-1&originCreation=20211001044027>
Indu, I., Anand, P. R., &Bhaskar, V.
(2018). Identity and access management in cloud environment: Mechanisms and
challenges. Engineering science and
technology, an international journal, 21(4),
574-588.
Jindal‐Snape, D.,
Hannah, E. F., Cantali, D., Barlow, W., & MacGillivray, S. (2020).
Systematic literature review of primary‒secondary transitions:
International research. Review of Education, 8(2), 526-566.<https://aura.abdn.ac.uk/bitstream/handle/2164/17030/Barlow_etal_RER_Systematic_Literature_Review_AAM.pdf?sequence=1>
Johnston, M. P. (2017).
Secondary data analysis: A method of which the time has come. Qualitative
and quantitative methods in libraries, 3(3), 619-626.<http://www.qqml-journal.net/index.php/qqml/article/download/169/170>
Kadhim, Q. K., Yusof, R., Mahdi, H. S., Al-Shami, S. S. A.,
&Selamat, S. R. (2018, May). A review study on cloud computing issues.
In Journal of Physics: Conference Series (Vol. 1018, No. 1, p.
012006). IOP Publishing.<https://iopscience.iop.org/article/10.1088/1742-6596/1018/1/012006/pdf>
Khan, S., Parkinson, S., & Qin, Y. (2017). Fog computing
security: a review of current applications and security solutions. Journal
of Cloud Computing, 6(1), 1-22.<https://journalofcloudcomputing.springeropen.com/track/pdf/10.1186/s13677-017-0090-3.pdf>
Kiger, M. E., &
Varpio, L. (2020). Thematic analysis of qualitative data: AMEE Guide No.
131. Medical teacher, 42(8), 846-854.<https://www.plymouth.ac.uk/uploads/production/document/path/18/18247/Kiger_and_Varpio__2020__Thematic_analysis_of_qualitative_data_AMEE_Guide_No_131.pdf>
Kumar, M. U., & Reddy, 2020. A. Y. A
STUDY ON DESIGN AND DEVELOPMENT OF MULTI TENANCY SECURITY ISSUES IN E-CLOUD
IDS.
Kumar, P., & Bhatt, A. K. (2020). Enhancing multi-tenancy
security in the cloud computing using hybrid ECC-based data encryption
approach. IET Communications, 14(18), 3212-3222.<https://ietresearch.onlinelibrary.wiley.com/doi/pdfdirect/10.1049/iet-com.2020.0255>
Kumar, R. (2018). Research
methodology: A step-by-step guide for beginners. Sage.
Lang, M., Wiesche, M.,
&Krcmar, H. (2018). Criteria for selecting cloud service providers: a
Delphi study of quality-of-service attributes. Information &
Management, 55(6), 746-758.
<https://www.researchgate.net/publication/323670366_Criteria_for_Selecting_Cloud_Service_Providers_A_Delphi_Study_of_Quality-of-Service_Attributes>
M rhaoaurh, I., Okar, C., Namir, A.,
&Chafiq, N. (2018). Challenges of cloud computing use: A systematic
literature review. In MATEC Web of
Conferences (Vol. 200, p. 00007). EDP Sciences.https://www.matec-conferences.org/articles/matecconf/pdf/2018/59/matecconf_iwtsce2018_00007.pdf
Maguire, M., &
Delahunt, B. (2017). Doing a thematic analysis: A practical, step-by-step guide
for learning and teaching scholars. All Ireland Journal of Higher
Education, 9(3).<https://ojs.aishe.org/index.php/aishe-j/article/download/335/553>
Martins, F. S., da
Cunha, J. A. C., & Serra, F. A. R. (2018). Secondary data in research uses
and opportunities. PODIUM sport, leisure and tourism review, 7(3).<https://periodicos.uninove.br/podium/article/download/12908/6363>
Matthew, O. (2016). Establishing a
Standard Scientific Guideline for the Evaluation and Adoption of Multi-Tenant
Database.
Mbongue, J. M., Shuping, A., Bhowmik, P.,
&Bobda, C. (2020, July). Architecture support for FPGA multi-tenancy in the
cloud. In 2020 IEEE 31st International
Conference on Application-specific Systems, Architectures and Processors (ASAP)
(pp. 125-132). IEEE.https://arxiv.org/pdf/2006.08026.pdf
Microsoft
(2018).What is cloud computing? A beginner s guide |
Microsoft Azure. [online] Azure.microsoft.com. Available at: https://azure.microsoft.com/en-gb/overview/what-is-cloud-computing/
Mishra, S. K., Sahoo,
B., &Parida, P. P. (2020). Load balancing in cloud computing: a big
picture. Journal of King Saud University-Computer and Information
Sciences, 32(2), 149-158.[Online]
https://www.sciencedirect.com/science/article/pii/S1319157817303361
Neuendorf, K. A. (2018).
Content analysis and thematic analysis. In Advanced research methods
for applied psychology (pp. 211-223).
Routledge.<https://d1wqtxts1xzle7.cloudfront.net/60533259/_Paula_Brough__Advanced_Research_Methods_for20190909-80496-18tab5h-with-cover-page-v2.pdf?Expires=1633154231&Signature=XF0ZYcZnWVjbA6qBkRCf8qcg4csY52zCeroKmR-~llC2lgan0sZ~Td2T4-WvnSkSTqk0w9aRcg1cmHe6nHtnOAQ3tps3e7XISUcvGmz9CmKBX3OhBfdUPZ2nX24B-y-DXRR5z1U5WVGdKBp1SZaISlFbBO7HMoDK1wB4oZWyygO0pDVZj4gukhiZ3CPENATJMk2MVnsCySrnZkBBr~nC7aYxYnos-IfeJLUJfp4BN7so4oOk2Rk4a~dGPUdAXKFrmWTeBoZ-baAB~RQoH3J109d6bQVhgg4AvuL4D8zaIg4Mux11ldA270yNoIstf4AN3lXfx2vjk~mqJctZl4LWVg__&Key-Pair-Id=APKAJLOHF5GGSLRBV4ZA#page=224>
Ochei, L. C. (2020). Securing the Deployment of Cloud-Hosted
Services for Guaranteeing Multitenancy Isolation. Cloud Computing
Security: Concepts and Practice, 77.<DOI: 10.5772/intechopen.92142>
Ochei, L. C., Bass, J. M., & Petrovski, A. (2018).
Degrees of tenant isolation for cloud-hosted software services: a cross-case
analysis. Journal of Cloud Computing, 7(1), 1-39.<https://journalofcloudcomputing.springeropen.com/track/pdf/10.1186/s13677-018-0121-8.pdf>
Odun-Ayo, I., Misra, S., Abayomi-Alli,
O., &Ajayi, O. (2017, December). Cloud multi-tenancy: Issues and
developments. In Companion Proceedings of
the10th International Conference on Utility and Cloud Computing (pp.
209-214).ACM.
Park, Y. S., Konge, L.,
&Artino, A. R. (2020).The positivism paradigm of
research. Academic Medicine, 95(5), 690-694.
https://www.researchgate.net/profile/Anthony-Artino/publication/337693284_The_Positivism_Paradigm_of_Research/links/6051f803458515e8344ed4d2/The-Positivism-Paradigm-of-Research.pdf
Pearse, N., 2019. An
illustration of a deductive pattern matching procedure in qualitative
leadership research. Electronic Journal of Business Research Methods, 17(3),
pp.pp143-154.
https://academic-publishing.org/index.php/ejbrm/article/download/1398/1361
Rădulescu, C. Z.,
&Rădulescu, I. C. (2017). An extended TOPSIS approach for ranking
cloud service providers. Studies in Informatics and Control, 26(2),
183-192.
<https://www.researchgate.net/profile/Constanta-Radulescu-2/publication/318334034_An_extended_TOPSIS_approach_for_ranking_cloud_service_providers/links/59c232c3458515af306070d6/An-extended-TOPSIS-approach-for-ranking-cloud-service-providers.pdf>
Rathi, S. R., &Kolekar, V. K. (2018,
August). Trust model for computing security of cloud. In 2018 Fourth international conference on computing communication control
and automation (ICCUBEA) (pp. 1-5). IEEE
Razaque, A., Amsaad, F.,
Hariri, S., Almasri, M., Rizvi, S. S., &Frej, M. B. H. (2020). Enhanced
grey risk assessment model for support of cloud service provider. IEEE
Access, 8, 80812-80826.
<https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=9064787>
Sehgal, N. K., &
Bhatt, P. C. (2018). Cloud computing. UK: Springer, Heidelberg.
Senarathna, I., Wilkin,
C., Warren, M., Yeoh, W., & Salzman, S. (2018). Factors that influence
adoption of cloud computing: An empirical study of Australian SMEs. Australasian
Journal of Information Systems, 22.
http://journal.acs.org.au/index.php/ajis/article/download/1603/832
Sharma, N. 2018 CRUCIAL FACTORS AFFECTING ADOPTION OF CLOUD
COMPUTING IN MODERN INDUSTRIES: CHALLENGES AND PERSPECTIVES.<https://www.researchgate.net/profile/Neeta-Sharma-7/publication/345948203_CRUCIAL_FACTORS_AFFECTING_ADOPTION_OF_CLOUD_COMPUTING_IN_MODERN_INDUSTRIES_CHALLENGES_AND_PERSPECTIVES/links/5fb2b19c45851518fdac8848/CRUCIAL-FACTORS-AFFECTING-ADOPTION-OF-CLOUD-COMPUTING-IN-MODERN-INDUSTRIES-CHALLENGES-AND-PERSPECTIVES.pdf>
Sharma, Y., Gupta, H., & Khatri, S.
K. (2019, February). A security model for the enhancement of data privacy in
cloud computing. In 2019 Amity
International Conference on Artificial Intelligence (AICAI) (pp. 898-902).IEEE.
Sherif, V. (2018, May).
Evaluating preexisting qualitative research data for secondary analysis.
In Forum: qualitative social research (Vol. 19, No. 2, pp.
26-42). Freie Universit t Berlin.<https://www.qualitative-research.net/index.php/fqs/article/download/2821/4211?inline=1>
Skafi, M., Yunis, M. M.,
&Zekri, A. (2020). Factors influencing SMEs adoption of cloud computing
services in lebanon: an empirical analysis using toe and contextual
theory. IEEE Access, 8,
79169-79181.https://ieeexplore.ieee.org/iel7/6287639/8948470/09064559.pdf
Smith,
L. T. (2019). Decolonizing research: Indigenous storywork as methodology. UK: Bloomsbury
Publishing. https://www.jstor.org/stable/10.5250/amerindiquar.45.1.0085
Snyder, H. (2019).
Literature review as a research methodology: An overview and guidelines. Journal
of business research, 104, 333-339. [Online] https://www.sciencedirect.com/science/article/pii/S0148296319304564
Subramanian, N., & Jeyaraj, A.
(2018). Recent security challenges in cloud computing. Computers & Electrical Engineering, 71, 28-42.http://www.download-paper.com/wp-content/uploads/2018/10/2018-elsevier-Recent-security-challenges-in-cloud-computing.pdf
Sundler, A. J.,
Lindberg, E., Nilsson, C., & Palm r, L. (2019). Qualitative thematic
analysis based on descriptive phenomenology. Nursing open, 6(3),
733-739.<https://onlinelibrary.wiley.com/doi/pdfdirect/10.1002/nop2.275>
Syed, A., Purushotham, K.,
&Shidaganti, G. (2020, November). Cloud Storage Security Risks, Practices
and Measures: A Review. In 2020 IEEE
International Conference for Innovation in Technology (INOCON) (pp. 1-4).IEEE.
Taneja, D., &Tyagi, S. S. (2017).
Information Security in cloud computing: A Systematic Literature Review and
analysis. International Journal of
Scientific Engineering and Technology, 6(1),
50-55
Terry, G., Hayfield, N.,
Clarke, V., & Braun, V. (2017). Thematic analysis. The SAGE
handbook of qualitative research in psychology, 2, 17-37.<https://uwe-repository.worktribe.com/OutputFile/888534>
The UK Government (2018). Data Protection Act.
<https://www.gov.uk/data-protection>
Thesai.org, 2021
Security issues in cloud computing
https://thesai.org/Downloads/Volume9No11/Paper_47-Security_Issues_in_Cloud_Computing.pdf
Wang, Z. H., Guo, C. J., Sun, W., An, W.
H., Gao, B., Wang, C., & Zhang, Z. (2012). U.S. Patent No. 8,200,705. Washington, DC: U.S. Patent and
Trademark Office.