Data Security in Cloud Services
Sameer Kumar Prajapat
The main goal of this research paper is to explore the current state of data security systems in the cloud service industry. The research proposal will also analyze the ability of the current systems to combat the ever-evolving threats in the industry. The dissertation will collect data from literary sources that focus on cloud security systems to learn more. The primary research methodology for the dissertation will be a thematic analysis. The proposal will analyze the data collected through a comprehensive thematic analysis that will group the data into three main categories: the current data security threats, the current security framework & the future data security threats. This knowledge will be used to understand the current state of data security, the expected future threats, and the avenues of evolution necessary to combat the same. The research team will use purposive sampling to ensure that the research is conducted on relevant literary sources. The data sourcing, extraction, and indexing processes will be handled professionally to eliminate bias and preferences. The proposal wishes to arrive at a valid and reliable result that provides a complete overview of the current cloud data security domain. In addition to the thematic analysis, the research study also provides a brief overview of the current literature about the topic through an insightful literature review. The research proposal also provides a brief overview of the limitations and ethical considerations that might affect the dissertation process.
Table of Contents
Chapter 1: Introduction 5
Problem Statement and Significance 6
Theoretical Framework 7
Researcher’s Positionality 10
Research Question(s) 11
Chapter 2: Literature Review 14
Data security procedures in the cloud services field 15
Encryption of data in transition end to end. 15
Encryption of important data at rest 15
Vulnerability testing 15
Defined and enforce data deleting policy 16
User –level data security 16
Theoretical Foundation 16
Review of Literature 17
Cloud Data security efficiency 18
Rate of evolution of data security issues 18
Impact of the cloud security to industries 18
Assumption Surrounding Cloud Data security 19
Data Security 19
Growth of Cloud Services 20
Security Evolution 21
Gaps in Literature 23
Chapter 3: Methodology 25
Statement of the Problem 26
Research Question(s) 26
Research Methodology 26
Research Design 27
Study Population and Sample Selection 28
Data Collection Methods 28
Data Analysis and Procedures 30
Validity & Reliability 30
Ethical Considerations 31
Chapter 1: Introduction
Cloud services have gained a lot of popularity in the current technological era. With the rapid increase in digital adoption, even small and medium organizations are looking to improve their efficiency and revenue through cloud-based services. Rather than a physical on-site server, cloud services are made available via a remote cloud computing system (Zhe et al., 2017). In today’s business environment, cloud service providers can be seen as third-party suppliers who help organizations run critical services through their remote cloud servers. This makes cloud services less costly to operate and maintain in the longer run. It is also one of the main reasons organizations are moving towards cloud-based organizational frameworks. Cloud services also provide several other benefits to both the organizations and the consumers. Therefore, cloud services have gained wide recognition among organizations as a desirable addition to the present IT infrastructure (Zhe et al., 2017).
It is essential to understand that cloud services also have several disadvantages, and these disadvantages limit the widespread use of cloud services and the growth of cloud services within organizations. One of the major problems with cloud services is that it is not secure. As mentioned earlier, cloud services are not run from a cloud computing service that is on-site. Therefore, there are several data security risks associated with cloud services. A typical cloud provider does not hold the necessary access keys (Zhe et al., 2017). If an organization does not have a strong user identity, an attacker will compromise the entire organization. Moreover, there is a very high risk that employees and non-technical workers may be left behind when a cloud service is shut down. Therefore, if a cloud service is being disrupted, security is compromised for many organizations (Zhe et al., 2017).
With the increasing demand for digitization, we can see that cloud services will play a significant part in organizations (Shaikh&Modak, 2017). Therefore, it is critical to ensure that the data security risks associated with cloud services need to be addressed and mitigated efficiently. We can see several cloud service providers work towards improving their security practices through user audits and peer reviews and by addressing data breach mitigation techniques and strategies (Shaikh&Modak, 2017). However, most of them could be considered stop-gap measures and not permanent solutions. Since technology is constantly evolving, the nature of threats for the field is also constantly changing. Therefore, it is crucial to thoroughly understand the security risks and look for ways to enable a sustainable data security solution for cloud services (Shaikh&Modak, 2017).
Problem Statement and Significance
The rapid increase in digitization and the popularity of cloud computing systems have led to most organizations looking at creating a cloud-based operational framework. This combination makes the organizations more susceptible to data security risks (Kumar et al., 2018). The responsibility of mitigating these risks and keeping the organizations’ safe falls on the hands of the third-party cloud suppliers. Therefore, these data security risks impact the end organizations and the third-party cloud suppliers. With the increase in cloud service users, they will find it hard to manage cloud systems and mitigate risks immediately. It is also important to note that the data security risks that threaten cloud services vary. This creates a significant problem for cloud service providers (Kumar et al., 2018).
An evaluation of current and future threats against cloud services is a challenge for cloud providers and companies within the industry. This research proposal will explore the current data security risks and analyze the security systems that third-party cloud suppliers have in place to understand the current cloud service environment comprehensively. This will help create sustainable solutions to combat the data security risks and issues (Kumar et al., 2018). With this understanding, cloud service providers will be able to reduce the financial risks and help with data security issues, protect their customers and help solve the data security issues of their cloud-based data services. Another important goal of the dissertation is to learn about the new data security threats emerging in the cloud service sector. The challenge highlighted will be experienced as more organization moves their data to the cloud, demanding a better management model to counter it. Therefore, the research proposal will be focused on understanding and evaluating both the current and emerging threats that threaten the data security of cloud services (Kumar et al., 2018). To ensure that the dissertation is focused, the same will be centered upon answering three essential research questions mentioned below.
R1: What are the current data security issues and risks that threaten an organization’s cloud services?
R2: What are the predicted future trends for the data security issues in organizations?
R3: How can current cloud data security be made more efficient to facilitate tighter data security in organizations?
Cloud services refer to services provided through remote cloud servers that third-party service providers set up. Cloud services have started to gain prominence because of their ability to increase organizational efficiency at minimal costs. Many cloud services are designed around remote storage, which reduces infrastructure and administration costs (Udendhran, 2017). The cloud market provides several potential cloud services, including file sharing and data management/analysis. These cloud services are highly beneficial for organizations from all sectors because they can scale without the burden of enormous costs. Cloud services also enable organizations to study, manage and analyze large data sets without having their servers or data centers. Data centers are expensive as they have higher operational and service costs when compared to cloud computing systems (Udendhran, 2017).
With the help of cloud services, organizations can manage complex business operations, including business logic, risk management, data recovery, and transaction management. We can also clearly see that some new technological advancements and innovations are helping the cloud computing field proliferate (Udendhran, 2017). While this is beneficial for organizations, this rapid growth also increases data security risks. Data security is an integral part of both enterprise and corporate security. Data security at an organizational level can be mitigated and eliminated with the help of solid encryption technologies or security protocols. However, these systems have little effect on cloud data security as the threats are highly varied (Udendhran, 2017).
Cloud data security has been a cause for concern for many years, and there have been several developments in this regard. Cloud service providers have created various measures to ensure the security of the data. Data protection systems are also deployed and maintained within the cloud and the organizational end by several technologies (Udendhran, 2017).For instance, companies have made it mandatory for IT staff to download and use encryption software before passing on crucial data to users.It is also essential to understand what role machine learning can play in incorporating cloud storage platforms. Since the data security threats are constantly evolving, many cloud service providers have incorporated AI-based systems like machine learning to help manage the security risks through threat analysis. These strategies have helped cloud service systems operate efficiently and mitigate data security threats to a level. This is further evidenced by several research papers on the topic (Udendhran, 2017).
However, many literary papers that have explored the concept have shown that the service providers are reacting to the threats rather than proactively creating security systems. While this has worked till now, the reactive data security systems might not keep data secure in the current business environment where most of the companies have started to use digital and cloud-based systems (Giri&Shakya, 2019). With the increase in customers, cloud service providers might find it challenging to efficiently manage their data privacy policies and security measures. Therefore, it is crucial to thoroughly analyze the current data security threats to create standardized systems that provide sustainable security results. It is also essential to use the analysis to predict future data security threats that might increase data protection and monitoring solutions (Giri&Shakya, 2019).
This research proposal will analyze the cloud data security threats to know what data security threats are growing the most and propose solutions for the service providers to help them address these threats and protect the data better. The proposal will also show how cloud service providers could develop the needed technologies to deal with the security issues that they might face in the future (Giri&Shakya, 2019). The proposal will also propose data security risk models that could help cloud service providers understand emerging threats in the cloud service sector. This will help them better protect against new data security threats and render faster resolutions to mitigate new data security threats. The dissertation will primarily collect literary papers on data security risks/threats and cloud-based systems (Giri&Shakya, 2019).
The research proposal will collect data from academic libraries to understand the cloud data security framework better. The proposal will use document analysis on the literary reviews to gain new insights into the cloud data security framework. The data collected through the document analysis will be further explored through thematic analysis. This thematic analysis will be focused on three main categories: the current data security threats, the current security framework & the future data security threats. Future threats are predicted using shreds of evidence present in the literary papers. In addition to exploring the current cloud data security frameworks, the thematic analysis will help predict new threats. The same can be used as a guideline for creating new data security systems. The researchers will also use textual analysis to help determine where new and emerging threats could come from and the best security strategy for dealing with these issues/risks (Akhil et al., 2017).
Therefore, the focus is to help improve the current data security systems present in the cloud service sector. This thematic analysis will also help researchers and professionals in cloud data security. To ensure that the research is up to date, this thematic analysis will look at the most recent literary works in the field of data protection (Akhil et al., 2017).It will then predict and analyze which elements of these works hold up the current cloud data security framework.This will include, for example, the current security frameworks and the current data protection solutions within that framework. The latter two features will help us understand how the current cloud data security framework is failing compared to the current threats.
Cloud computing systems have become a significant part of the society we live in. Hence, it is essential to understand the benefits and challenges present in the same. While researching the topic of cloud computing and its related services, it was clear that data security has become a significant concern for most service providers (Akhil et al., 2017). Even with the development of various technologies and systems to combat security risks and issues, there are still concerns regarding cloud data security. This prompted the researcher to explore the topic in detail. The researcher was also fascinated by the fact that most organizations are moving to digital and cloud-based systems due to the pandemic. Therefore, the impact of a data security breach has become higher in the current society. Thus, the researcher felt that there needs to be an exploration of the future security risks and issues that could threaten cloud service providers (Akhil et al., 2017).
The main goal of the proposal is to explore the efficiency of the current cloud data security systems and understand whether they will handle issues that could arise in the future. The proposal will also provide suggestions and alternatives to improve cloud data security (Kumar et al., 2018).
Cloud data security is not an isolated issue that will affect only select organizations. Since most organizations in society are moving towards a digital-only operation, any data security risk will affect a wide range of companies. This is detrimental for the whole society. Therefore, there needs to be extensive research on the data security systems of service providers rendering cloud computing services (Kumar et al., 2018). In this dissertation, the main focus is understanding the current cloud data security scenario and improving the same with the help of extensive research into the field. To ensure that the dissertation is focused, the same will be centered upon answering three essential research questions mentioned below.
R1: What are the current data security issues and risks that threaten an organization’s cloud services?
R2: What are the predicted future trends for the data security issues in organizations?
R3: How can current cloud data security be made more efficient to facilitate tighter data security in organizations?
As mentioned earlier, a data hack in cloud services would cause significant disruptions in the current society. Data needs to be secured efficiently to ensure that organizations can operate efficiently because of the rapid increase of digitization. Most companies are moving towards a cloud-based infrastructure. With the increasing data flow, security and privacy are of utmost importance. It is considered essential to ensure the security of data and users’ privacy from any attack (Zhe et al., 2017).Therefore, it is crucial to create a data security system capable of handling both current and future data security issues. This dissertation aims to contribute significantly to the field by analyzing the data security issues to find emerging data hacking and security-related trends. The research into the domain is significant to improve the data security frameworks of cloud service providers and enhance them to efficiently mitigate future risks in the domain (Zhe et al., 2017).
Machine Learning – Machine Learning is a type of Artificial Intelligence that uses systems to learn from data, identify patterns, and make decisions with limited human intervention (Zhe et al., 2017).
Cloud Computing – Cloud computing is a computer system resource that uses on-demand data storage and computing power (Zhe et al., 2017).
Cloud computing systems have started to gain extensive recognition because of the various benefits it provides organizations from several sectors. Cloud services have become a critical tool for organizational growth and significantly helped several organizations improve their digital frameworks. However, several issues still hinder the implementation and development of cloud services. One of the main issues that cloud service providers face is data security. Data security is a primary concern for cloud service providers and organizations using cloud-based frameworks because the cloud data is located in third-party servers. Even though several cloud service providers are using security systems to enhance data security, the efficiency of the current systems in stopping any future security issues and risks is debatable. This proposal aims to explore the current data security threats faced by cloud service providers and analyze the efficiency of the current data security systems. The proposal will also predict future data security trends with the help of literary sources and propose changes that can be made to the current digital security frameworks based on the same.
Chapter 2: Literature Review
This literature review chapter will focus on identifying the current data security procedures in the cloud services field. The data security threats and issues surrounding the cloud services field is evolving in nature and hence, there is a need for identifying the efficacy of current cloud data security systems and any need for evolution (Kaushik & Gandhi, 2019). Through this literature review, the study will investigate literature that surrounds the technical aspects of the cloud data security systems, their data security threats, vulnerabilities and challenges, and the implications and lessons learnt from these findings for the field of data security.
This section will consider the key terms cloud, data security, data privacy, cybersecurity and confidentiality, vulnerability, data breach, integrity and availability. The objectives of this review are to identify the current technical issues and challenges surrounding the field of data security in cloud services and to review the available literature on cloud services security (Namasudra, 2019). As the technical literature cannot cover all the challenges surrounding data security in the cloud service, we consider this to be a significant limitation of this review.
Since cloud services is a field that is constantly evolving in nature, the need for security in this field is also evolving. One would expect that in any emerging field that is constantly evolving, a significant body of literature is available on these matters. This is however not the case with cloud services. The technical challenges in the field of data security are increasing, and this causes the need for security methods that are constantly evolving. The challenge in identifying a critical review of this field is that the field is evolving in nature and the available literature is relatively small (Arora et al., 2018). This therefore necessitates a more targeted approach to this literature review, and the objective is to identify the major issues within the cloud services field. It is therefore expected that, with time, the field of data security within the cloud services will increase, and therefore a more global approach is taken to this review to identify the major issues in the field.
Data security procedures in the cloud services field
Data security involves a procedures as shown as explained below;
Encryption of data in transition end to end.
All of the interaction in the cloud services are required to happen over the SSL transmission so that the security can be of highest level. The termination of the SSL is suppose only happen within the cloud service provider network. There is a big challenge that arises in case the SSL does not terminate within the cloud service provider. An intruder may access a relevant data in case there is a fault when data encryption is not end to end.
Encryption of important data at rest
The encryption of sensitive data should be enabled at rest, not only in case the data is transmitted over a network. Most of the time is the cloud services only ensures that the only the encryption of the sensitive data that is enabled at the rest and avoid that one that is transmitted over the network. This leads to lowering of the confident complying with the privacy policies, regulatory requirement and contractual obligation in case of a sensitive data.
All the data that is stored in the disk in the cloud storage should be encrypted using AES-256 and the encryption keys should be encrypted with a regularly rotated set of master’s keys. Most of the data stored are not b encrypted with AES-256, thus endangers accessibility with the other unwanted parties.
All the cloud services providers are required to employ the industry-leading vulnerability and incident response. There should be a fully automation of the security assessment so as the system weakness can be tested. The challenge is that most of the organization do not carry out the critical security audit which do not be done on yearly or in monthly basis.
Defined and enforce data deleting policy
There are many cases in which the data of the customer are not deleted even after the retention period. There is a need of a program which can automatically delete the person data after the retention time expires.
User –level data security
Most of the cloud services have a role-based access control (RBAC) that allows the customers to set the user-specific access and editing permission on the data. In the editing process, some customers interferes with the cloud in which it affect its operation mechanism.
It is important to ensure that the literature review helps identify the general beliefs and assumptions in the field of cloud data security, and help form a theoretical foundation for the proposed study. The literature review will focus on understanding concepts like the cloud data security efficiency, the rate of evolution of data security threats/issues, and the impact of cloud data security on various industries. The literature review will also identify factors that determine the efficacy of data security within the cloud (Surbiryala& Rong, 2017). In addition, some of the basic assumptions that surround cloud data security like data mobility and data storage will be studied, and this will help ensure that the review is not limited in its scope and serves the purpose of answering the research question appropriately.
One of the most important assumptions in the field of cloud data security is that cloud data security models should be transparent. It is important to ensure that a clear understanding of the concept of cloud data security is present, and this is a very important factor in ensuring that the research question in this field is adequately answered. Another key factor that will determine the validity of the review is that the review must take a cross-section of literature. It is important to ensure that the review does not focus on a single research study but takes a more general perspective (Ransome, 2017). In this context, the review of the research literature will form a foundation of the proposed research and will be an important component of the study. In addition, it is also very important that the literature review does not get influenced by a biased selection or evaluation criteria, and this is a major issue in the area of data security in the cloud.
The literature review will also identify common theories and studies that attempt to provide a solution to the problems surrounding cloud data security, and this will provide context for the research question. These theories and studies will provide a better understanding of the current state of the art of the field and will also lead to the development of more comprehensive approaches that can be used to solve data security challenges (Arora et al., 2018). The analysis of the theories and studies that are identified will provide critical insights that will help to form a more refined research question, and these insights will also form a basis for the future research directions. It is also important to consider the research methodologies that have been used in the development of the theory and the identification of important concepts in the field.
Review of Literature
A cloud service is a field that has gained significant popularity in the current era because of the wide deployment of cloud services and the convenience that it provides. The major concern with cloud services is the loss of data. Data loss may take place through hacking, device failure, or malicious activities. Data loss can lead to significant economic losses as well as to privacy loss and personal security. This threat can potentially be much more severe in the context of the cloud because of the ease with which data can be lost. Data security is one of the major problems with the deployment of cloud services (Ransome, 2017). Various studies have attempted to address this challenge, and we aim to provide a comprehensive review of the literature that has been conducted in this context.
Cloud Data security efficiency
The cloud data security efficiency is looked as the possibility of using the cloud resources with lowest cost and minimal waste of the unnecessary efforts. The efficiency yardstick of the cloud vary from one organization to another. Though the efficiency of the cloud data security have shown a great improvement in its efficiency, there are cases in which the efficiency varies from one organization to another. In the field of business, the cloud have shown to provide a reliable and efficient data storage and protection. There are some cases in which retrieving of the data become delays which lowers the efficiency of the cloud data storage. A number of organization finds that some of the data is missing due to buildup of the viruses. This lowers the efficacy of the cloud data.
Rate of evolution of data security issues
In the cloud data security, there have been a rise of cases of unauthorized changes in the metadata that leads to wrong data set. This makes the accessibility of the needed data difficult. The rate of the data security issues have risen rapidly due to the change in the technology and the level of expertise in the field of technology information. Many organization such yahoo and LinkedIn have been reported cases of the data security issues. This is a clear indication that this field need to cheek so as to prevent database accessibility with an authorized bodies.
Impact of the cloud security to industries
The cloud security has played a remarkable role in many industries all over the world. It has shifted the resources out of the capital spending into profitable and innovation. The scalability of the cloud computing has allowed companies to grow effectively due to having a predictive servers. Unfortunately, there are many companies such as Amazon which have lost a lot due to the cybercrimes. There is high need to secure the cloud data.
Assumption Surrounding Cloud Data security
Assumption 1: The servers are physically not in this country! How can we be sure that they are not being copied onto USB drives and sold on the black market?
Assumption 2: The public cloud is on the internet; anyone can get into the dashboard and then into your instances.
Assumption 3: The AWS passwords are not part of our Active Directory domain and therefore are not governed by the same rigorous password policy
Assumption 4: Username and password management can be notoriously lax, with important information being slapped onto post-it notes all over someone’s monitor. I might not be able to guess your password, but I doubt you will be able to remember it either. You’ve written it down somewhere obvious. I am going to find it.
Assumption 5: Data transferred from your internal network to the cloud can be intercepted
Assumption 6: With no physical firewall, you are open on all ports.
Assumption 7: All code has bugs in it
Assumption 8: The safest computer is one switched off
Most of the literature that study the current cloud data security environment have focused on the issue of data loss and the different solutions that are being deployed in this context. Numerous factors, which include security threats, service providers, and the nature of the cloud platform that is being used, influence the development of data security strategies. Experts in the field state that the nature of the issues and threats that are prevalent in the cloud data security environment will affect the future development of this domain (Arora et al., 2018). Therefore, there is a need to understand the current situation and identify the most appropriate ways to cope with data security threats. Some research work has focused on the deployment of a security framework for data in the cloud. Most of the existing literature is focused on the deployment of service security and system security solutions.
It is also important to note that current research studies have adopted an empirical approach to the study of the security of cloud services. These studies have adopted a variety of different perspectives and used various methods in order to study this domain. Most of these studies have adopted a performance-based perspective, while a few have focused on the deployment of security solutions. Other approaches, which include developing a security classification system that utilizes service-oriented architecture, have also been adopted. A service-based approach is the most common one that is adopted. There are also studies that adopt a hybrid approach in their research. Moreover, other researchers have adopted a qualitative approach to the study of this domain.
Through the analysis of various literary sources concerning the topic of cloud data security, the current cloud security systems are threatened by various issues and risks including but not limited to malware, unauthorized access, and privacy issues (Kaushik & Gandhi, 2019). This can be attributed to the increasing demand for access to cloud services and services hosted on cloud data security systems. The threats to data security are mainly due to the ease of access to large amounts of data, which is available through various devices such as smart mobile devices, desktops, laptops, and other portable devices. In this section, we discuss some of the vulnerabilities, risks, and threats that occur due to the increasing adoption of cloud services. In particular, the current focus of this section is on cloud data security and its threats.
Growth of Cloud Services
In recent years, the use of the cloud to host various applications and services has been increasing, especially with the advent of cloud-based content management. The rapid growth of cloud services has led to the increasing adoption of the cloud-based model. The cloud-based services offer a wide variety of functionality and resources to customers in the form of utility and subscription-based services. These services provide customers with applications such as database storage, email and web hosting, and storage of various media files. Due to its convenience and ease of use, many cloud-based services are being used to store and host confidential and sensitive data and intellectual property that include databases, multimedia content, large media files, and other formats.
Many researchers and experts are speculating that cloud services is in its growth phase and is poised to become a major driver of the digital economy in the future. With the increase in the adoption of cloud-based services, it is very likely that there will be a huge increase in the security and privacy issues. With this growth in cloud-based services, many companies are also adopting cloud services (Kaushik & Gandhi, 2019). For example, a research study shows that about 50% of the most important businesses in Europe are currently using cloud services. Furthermore, cloud-based services are expected to increase by nearly $300 billion in the US by 2016. In 2015, Google and Facebook spent more than $30 billion to build out and run data centers and server clusters. A report states that by 2015, about 43% of web traffic is expected to come from web services on the cloud. As the number of companies that have moved their data to the cloud is on the rise, so is the need for security.
The growth trend of cloud services is a clear indicator for the need for increased security in the field. Since the threats and issues are evolving, many organizations are looking for ways to prevent security breaches. Literature pertaining to the future of cloud data security state that there is a clear need for evolution because of the rapid advancement in cloud service security. The number of incidents is rapidly increasing, and in fact, it will continue to increase with the adoption of cloud services. Furthermore, organizations that operate in the cloud need to constantly invest in security and privacy enhancements (Namasudra, 2019). The data that companies store on the cloud servers is the most vulnerable and is always vulnerable to attack. A report highlights that the biggest security threat to companies using cloud-based services is malware attacks, followed by phishing attacks, and denial of service (DoS) attacks. This research study also states that the cloud attacks are increasing at a fast pace and can cripple a cloud service business.
Another important indicator for the data security evolution is the increasing number of data breaches. Organizations with sensitive information are increasingly vulnerable to security breaches. Furthermore, the number of security breaches continues to grow and they have become more damaging (Ransome, 2017). In fact, a report published by IBM highlights that the increase in the number of security breaches, the rising costs of remediation and data recovery, and the lack of qualified staff to identify and prevent security breaches are among the challenges. A report states that this is further complicated by the fact that cloud providers are also increasing their cloud security and customer service. Therefore, the cloud service providers will need to spend more time and resources to prevent security breaches from taking place and will also need to put more resources to address customer service issues in case of any security breaches.
However, some authors state that cloud security technology has progressed significantly in the last few years and is now being accepted by large enterprises. It is a fact that in the case of cloud security, the biggest problem remains cloud-based identity management (Surbiryala& Rong, 2017). Furthermore, this is a very important trend for the future as the growth in the cloud is expected to continue. The cloud is a great way to reduce the cost of computing and to get more benefits from the cloud. More and more customers are using the cloud to manage the infrastructure. However, the question is how enterprises will make their businesses and their data more secure and how they will be able to control the security and privacy.
Gaps in Literature
One of the major gaps that is notable from the literature review is that most of the cloud data security literature is based on cloud systems present in large organizations from developed countries such as the United States, Japan, China, and Australia. These systems are either based on single domain or based on multiple domains. These large organizations have highly diverse business operations and data requirements, which cannot be met by single cloud systems. However, a single enterprise-scale cloud system may not provide complete data protection, as it does not consider the special requirements of the data protection and security for each business operation (Surbiryala& Rong, 2017). Furthermore, there is a need for understanding cloud data security from the perspective of developing countries such as India and Brazil that are known to have an exponential growth of the cloud usage. The current knowledge about cloud data security also does not consider mobile devices. In the future, most of the cloud data systems will be adopted by business users, who rely on mobile devices, such as smart phones and tablets, to communicate and work.
In addition, there is also a lack of research on the privacy and security of IoT devices, which is a hot issue for mobile operators, government agencies, and researchers. For example, we will be able to know a lot of details of our personal lives, such as where we live and where we work. This information can be obtained through mobile devices that allow their owners to exchange sensitive information with one another. Many organizations want to keep such information private for their business purposes (Ransome, 2017). On the other hand, there are several reasons for an organization to share such information, such as to keep the employees safe, to improve sales, and to reduce costs and improve customer service. However, there is a need to learn about the impact of cloud data security in mobiles and tablets. Therefore, this should also be considered in future research and education.
In conclusion, the literature review encapsulates the current cloud data security environment by highlighting the impact of cloud data security threats and issues, and also the corresponding vulnerabilities in the field of cloud data security. The cloud data security landscape is further explored in order to understand the impact of the increasing cloud usage. The literature review helps provide a basic understanding of the nature of threats and issues related to cloud data security, thus aiding in providing a foundational understanding of cloud data security (Surbiryala& Rong, 2017). The perspective of literature that explore the impact of the data security issues on cloud systems is explored in the literature review. This was important because as researchers, it is necessary to understand the threats and issues that impact the cloud systems and help design more secure solutions.
The knowledge about the cloud data security in mobile devices and mobile services is also an essential subject in this context. To ensure the data security in the cloud, it is important to understand the threats, identify the vulnerabilities, and secure the systems against the attacks. In addition, it is also important to focus on how to protect against the threats in the mobile devices and mobile services (Ransome, 2017). This paper also highlights the importance of the cloud data security in mobile devices and mobile services for the success of the businesses and its employees. There is a need to continue with the current studies and extend the research with relevant content that is up to date.
The literature review also focused on identifying and analyzing literature on the evolving nature of data security issues in cloud computing and mobile devices. The literature review conducted in this paper reveals that there are increasing security risks associated with data storage, data leakage, and network security, among others. Furthermore, there is an increasing need to design more secure systems to protect against the existing threats in the current cloud computing and mobile computing and to identify new threats. Thus, there is a need for designing secure solutions in the cloud and mobile computing and mobile devices.
Chapter 3: Methodology
In this methodology section, the researcher will provide an overview of the research methodology and framework used in the study. Therefore, the focus of the study is directed on understanding the data security standards of current cloud networks and checking their ability to handle the ever-evolving threats faced by cloud service providers. The dissertation will also render alternative suggestions for deficiencies in the current cloud security strategies (Kritikos et al., 2017) to study the efficiency of cloud data security. Additionally, the research proposal will identify peer-reviewed literary sources for thematic document analysis. In addition to the research methodology, the section will also explore the data collection methodologies and the validity and ethical consideration for the research.
Statement of the Problem
This proposal will explore both the current data security risks and the future data risks/issues that threaten the current cloud security frameworks. The main goal is to provide a comprehensive understanding of the current cloud service environment and create sustainable solutions to combat data security risks that threaten the field and help reduce companies’ financial and operational risks. The research focus will also include the exploration of future cloud data security frameworks to keep up with the increased complexity of the data management business model.
The cloud data security dissertation will answer four core research questions about the field. They are:
R1: What are the current data security issues and risks that threaten cloud service providers?
R2: What are the predicted future trends for the data security issues?
How can current cloud data security be made more efficient to facilitate tighter data security?
The proposal uses qualitative research methodology, and the design is the qualitative research design to dissect the cloud data security environment through analyzing the risks that may likely occur. The thematic analysis is a research methodology focused on analyzing qualitative data that would be collated from a set of texts, especially literary documents and interview transcripts (Kritikos et al., 2017). The literature review will be conducted on sets of peer-reviewed literary sources that will focus on combating the ever-evolving threats in the industry. The methodology involves identifying and analyzing informative sections from the selected sources. With thematic analysis, researchers can identify common topics, ideologies, and patterns that highlight the data security efficiency of current cloud computing and service systems. The thematic analysis also helps researchers identify the significant data/information security risks that will affect the cloud environment. The research study will use thematic analysis to identify the current data security issues and learn the efficacy of current cloud data security systems. The thematic analysis focuses on identifying and analyzing textual samples based on three major themes, namely current data security threats, cloud security frameworks, and future threats and capabilities. This research study will be able to provide fact-based inferences that can lead to better results through this methodology. (Kritikos et al., 2017).
The approach to cloud data security research will be conducted where the data collected from the literary sources are subjected to a qualitative research design. The core research framework will be a thematic analysis of peer-reviewed literary sources sourced from authentic public websites. By identifying and synthesizing these sources, it will be easier to identify a significant subset of the topics and ideologies that have impacted the cloud computing security landscape and how these themes will impact cloud security systems (Vaismoradi & Snelgrove, 2019). These core topics will then be analyzed concerning data security requirements, how they relate to the cloud and service infrastructure, and which data security tools will be helpful. Various research instrumentation such as social networking applications, website crawling tools, document-tracking and mobile data analysis will be used to select the most relevant literary sources. The analysis of the literary sources will help analyze this relevant information and identify specific security trends. The research methodology design will include multiple steps, and each step requires careful selection and validation of the data sources that will be utilized for the document analysis (Vaismoradi & Snelgrove, 2019).
Study Population and Sample Selection
This proposal will analyze the efficacy of data security measures in the current cloud computing environment through collecting data from literary sources that focus on cloud security systems. This is because the proposal will analyze the data collected through a comprehensive thematic analysis that will group the data into three main categories: the current data security threats, the current security framework & the future data security threats. Therefore, the dissertation concerns all the sectors dependent on cloud computing and cloud service systems. The proposal mainly concerns cloud service providers, the most vulnerable to cyber security concerns in the current cloud computing environment (Vaismoradi & Snelgrove, 2019).
The research methodology and sample selection will be developed based on research requirements and executed with utmost sincerity. All the research material (including source files) will be acquired from research institutes and commercial libraries. The literary documents for the study will be acquired from relevant and reliable sources. Purposive sampling, a sampling method where researchers can select sources based on their judgment, will be used for selecting literary documents. With purposive sampling, documents with the most relevant subject matter, information sources, or platforms will be sought. In addition, various categories of sources will be included. The document selection will be then performed over three weeks, during which several samples were collected from various sites.
Data Collection Methods
The research proposal will primarily use purposive document selection to select the relevant literary sources, making it easier to draw sample generalizations. The sequential document selection will be used in connection with purposive sampling to determine which topics will be the most relevant to the research question at hand.
R1: What are the current data security issues and risks that threaten cloud service providers?
R2: What are the predicted future trends for the data security issues?
How can current cloud data security be made more efficient to facilitate tighter data security?
For this purpose, the peer-reviewed sources (categorized themes) are identified through the information available in the most recent academic publications from the same subjects in cloud data security to arrive at an informed and factual decision. The selection of relevant documents and the study’s goals, strategies, and results will be performed through the data extraction, indexing, or comparison processes (Bunkar&Rai, 2017). These processes will be conducted by the researcher physically.
Data extraction – The selected documents will be analyzed for data related to the themes of cloud data security and data security issues.
Data Indexing – The relevant data will be grouped into themes.
Data Comparison – The data will be analyzed to identify the most prominent issue, the current data security framework, and the avenues for improvement. With the aid of purposive sampling methodology, literary sources with specific characteristics, including topic relevance, data security exploration, and cloud storage, as well as the subject matter themselves, will be systematically selected from the available literature (Bunkar & Rai, 2017).
The complete step-by-step data collection procedure is explored in detail in this section.
Research and identification of literary source pools from reputed scholarly sources.
Examination and judgment-based selection of literary documents using purposive sampling with specific criteria (topic/data relevance, depth of exploration, etc.)
Information selection and collection using sequential data selection methodology.
Data extraction, categorization & thematic matching using physical identification and interpretation (Bunkar & Rai, 2017).
Data Analysis and Procedures
Much like the previous section, this section will explore the data analysis procedures of this study. The core data analysis procedure used in the proposal is the thematic analysis based on categorizing themes to arrive at an informed and factual decision (Powell et al., 2018).The analysis will also be based review on the secondary data. The step-by-step exploration of the same is as follows. In the first step, the theme determination is using topic and information necessity. The identified literary sources will be studied to identify and infer the relevant themes selected from the sources. The themes will then be categorized into solid and well-defined data sets for future research and analysis (Powell et al., 2018).
The grouped themes will be analyzed to understand the critical research answers for interrelated variables. With the help of the analysis, this study hopes to learn about the current state of the Cloud Security environment and the data security efficacy, deficiencies, and limitations. The focus will also be on identifying future data security risks and the necessary innovations and adaptations required to combat the same.
Validity & Reliability
The dissertation seeks to conclude that the current data security procedures require constant monitoring and evolution to combat ever-evolving threats. The lack of comprehensive cloud security frameworks capable of combating new threats regarding data security is also seen as a significant concern (Powell et al., 2018). The validity of the dissertation conclusion about the need for evolution was derived from factual interpretation of the current cloud security frameworks and the information sources that come with them. In addition to the Data that come with the framework, essential factors like the latest technologies that are being developed in that framework and, in fact, for the new data will also be explored in the dissertation. This will add further validity to the research conclusion.
The principal research instruments used in the research are sequential data analysis and thematic analysis on literary sources. The reliability of the research instruments will be verified to ensure that they are sound, and their involvement will be able to resolve some of the issues related to the research. The research content and the data provided for the research are unique to the field and are of high quality. The research on literary sources has a higher chance of providing the same results. This study hopes that the information collection procedure can be replicated. There will be a higher chance of arriving at the exact inference in the “second” round of validation. The primary consideration for the validity of the research is the research methodology. For this reason, the research instrument must be performed on a real dataset that is selected from peer-reviewed literary sources (Nowell et al., 2017).
The document analysis is a research methodology that needs solid ethical behavior from the researchers. The research team can misuse the research instruments and methodology, and the information needs to be monitored for falsification of the data and in the research with an appropriate policy. Ethical behavior needs to be observed from the start when it comes to scientific research in academic areas (Vaismoradi & Snelgrove, 2019). It is not something that can be done quickly. One must work through the scientific process to obtain the necessary understanding and the appropriate ethical behavior from the researchers. Ethical issues based on data misuse and sampling bias are primary considerations for the dissertation team. Therefore, the team will monitor and review the document selection and thematic analysis procedures to make sound ethical decisions.
This research on cloud data systems will provide significant insights and the need to evolve data security tools and strategies. However, the research might limit in scope and scale. The research methodology focuses on thematically analyzing the cloud security system based on literary sources. Future research needs to focus on analyzing threats and vulnerabilities based on recent real-life scenarios (Kritikos et al., 2017). This will provide a better understanding of future security threats and present an excellent approach to the researchers and professionals in the cloud data security field. The research is also centered on prevalent security threats. Most generic and popular security threats are covered in literary sources. Therefore, the need to analyze specific threats that are rare will also be an avenue for future research works. This will help data security service providers better understand the field (Kritikos et al., 2017).
The third chapter of the proposal will be focused entirely on exploring the research methodology used. The proposal will use qualitative document analysis and thematic analysis to categorize information collected from peer-reviewed literary sources. The information will then be analyzed using factual interpretations and cross-relation analytics to answer the core research question(s) comprehensively. In addition to the research methodology, the chapter also explores the central data collection methodology. The academic articles will be selected based on specific criteria and topical relevance. The data analysis methodology and the step-by-step procedure were also provided to enhance the researcher’s understanding.
Furthermore, the chapter also provides proof of validity and reliability for the research methodology and the instruments. The limitations of the research and the ethical considerations that were part of the dissertation were also explored to provide a comprehensive overview of the process. The research methodology hopes to conclude that data security systems need significant levels of evolution to combat future security threats and issues.
Akhil, K. M., Kumar, M. P., &Pushpa, B. R. (2017, June). Enhanced cloud data security using the AES algorithm. In 2017 International Conference on Intelligent Computing and Control (I2C2) (pp. 1-5). IEEE.
Bunkar, R. K., &Rai, P. K. (2017). Study on security model in cloud computing. International Journal of Advanced Research in Computer Science, 8(7), 841.
Giri, S., &Shakya, S. (2019). Cloud computing and data security challenges: A Nepal case. International Journal of Engineering Trends and Technology, 67 (3), 146, 150.
Kritikos, K., Laurenzi, E., &Hinkelmann, K. (2017, September). Towards business-to-IT alignment in the cloud. In European Conference on Service-Oriented and Cloud Computing (pp. 35-52). Springer, Cham.
Kumar, P. R., Raj, P. H., &Jelciana, P. (2018). Exploring data security issues and solutions in cloud computing. Procedia Computer Science, 125, 691-697.
Nowell, L. S., Norris, J. M., White, D. E., &Moules, N. J. (2017). Thematic analysis: Striving to meet the trustworthiness criteria. International journal of qualitative methods, 16(1), 1609406917733847.
Powell, C., Miura, K., &Munetomo, M. (2018, July). Optimal cloud resource selection method considering hard and soft constraints and multiple conflicting objectives. In 2018 IEEE 11th International Conference on Cloud Computing (CLOUD) (pp. 831-835). IEEE.
Shaikh, R. A., &Modak, M. M. (2017, August). Measuring Data Security for a Cloud Computing Service. In 2017 International Conference on Computing, Communication, Control and Automation (ICCUBEA) (pp. 1-5). IEEE.
Udendhran, R. (2017, March). A hybrid approach to enhance data security in cloud storage. In Proceedings of the Second International Conference on Internet of things, Data and Cloud Computing (pp. 1-6).
Vaismoradi, M., &Snelgrove, S. (2019, September). The theme in qualitative content analysis and thematic analysis. In Forum Qualitative Sozialforschung/Forum: Qualitative Social Research (Vol. 20, No. 3).
Zhe, D., Qinghong, W., Naizheng, S., &Yuhan, Z. (2017, May). Study on data security policy based on cloud storage. In 2017 IEEE 3rd international conference on extensive data security on cloud (significant data security), IEEE international conference on high performance and intelligent computing (hpsc), and IEEE international conference on intelligent data and security (ids) (pp. 145-149). IEEE.
Kaushik, S., & Gandhi, C. (2019). Ensure hierarchal identity based data security in cloud environment. International Journal of Cloud Applications and Computing (IJCAC), 9(4), 21-36.
Goyal, V., & Kant, C. (2018). An effective hybrid encryption algorithm for ensuring cloud data security. In Big data analytics (pp. 195-210). Springer, Singapore.