2115883181 – Addressing Security Challenges in Cloud-Based Systems: Examining Organisational Management Techniques and Practical Security Solutions




Information Technology

Module Code

2115883181 - Addressing Security Challenges in Cloud-Based Systems: Examining Organisational Management Techniques and Practical Security Solutions

A broad overview of cloud computing challenges will be provided in this section. Also emphasised is the fact that organisations confront security issues that will be resolved due to the use of cloud-based solutions. Real security measures and the significance of organisational management strategies will be given to properly address these issues.

2.2. Different Security Issues and Their Impacts on Organisations

“Cloud security issues” are problems with data, application, and infrastructure security in cloud computing environments. Vulnerabilities have been evaluated in cloud apps, settings, and infrastructure using both manual and automated techniques.

2.2.1. Data Breaches:

Due to the large amounts of data they possess from various clients, cloud service providers become attractive targets for hackers. Careless access controls, vulnerabilites in cloud infrastructure, or compromised user accounts can bring on data breaches (Shaukatet al. 2020). Data breaches may result in significant financial loss, particularly involving sensitive customer data. Businesses could face legal penalties, fines, litigation costs, and company loss due to a damaged reputation and eroded consumer trust (Odun-Ayoet al. 2019).Customers lose faith in a company’s capacity to secure their sensitive information when there is a big security breach or when data exposure occurs often. Customer attrition, trouble attracting new clients, and long-term harm to the company’s brand can all result from it.

2.2.2. Data Loss and Unauthorised Access:

As per Liao and Lin (2020), Application Programming Interfaces (APIs) allow data interchange and communication across various cloud services and applications. Attackers may use poorly designed or inadequately secured APIs to access data without authorisation or interfere with cloud services (Alam, 2020). Unauthorised access to private data and cloud resources can result from weak authentication techniques, negligent access rules, and insufficient user identity management. A frequent reason for data vulnerability is improperly established access rights (Jouini and Rabai, 2019). Data loss can still happen due to hardware malfunctions, natural catastrophes, human mistakes, or criminal activity, even though cloud service providers frequently have backups and recovery systems in place.A data breach or unauthorised access can seriously affect organisations if intellectual property (IP) or trade secrets are compromised(Subramanian and Jeyaraj, 2018). Competitors or hostile actors may gain access to important research, product ideas, or company strategies, resulting in economic and competitive disadvantages.

2.2.3. DoS Attacks:

Attackers may target cloud services using denial-of-service (DoS) assaults, which overwhelm the cloud infrastructure, impairing its performance or making it unreachable (Namasudra, 2019). This may interfere with business operations and affect the provision of services. Critical company activities may be interfered with and experience extended downtime due to security events like DoS attacks or infrastructure breaches. Subramanian and Jeyaraj, (2018) explained that it may also influence income sources and lead to lost productivity, missed deadlines, and unhappy customers.

For instance, “The 2013 Target Data Breach” exposed personal information for an additional 70 million persons and around 40 million customers’ credit and debit card numbers (nbcnews.com, 2017). As the vendor’s credentials had already been made public, the problem affected Target’s payment systems. Financial losses, damage to Target’s reputation, legal action, and heightened scrutiny of data security in the retail industry were all consequences (nbcnews.com, 2017). The event also illustrated the necessity of external vendor security procedures.