Proceedings of the 2nd International Conference on Engineering & Emerging Technologies (ICEET), Superior University, Lahore, PK, 26-27 March, 2015. Security issues in cloud computing (User under consideration) Seemab Hameed CS department University of Lahore Abstract: Cloud computing is a term used for resources using internet to avail technology by organizations. Cloud com- plus services offered by internet. It is a way of facilitat- puting has revolutionized the world of IT. ing its consumers as it provides virtual resources. The Types of Cloud Models three layers Offered are SaaS, PaaS and IaaS.IN Cloud computing not only services are rapidly growing all Private cloud over the world but also the security issues are increas- Private cloud is a setup managed on private networks and ing day by day. Although world gained many benefits organizations internal environment. It is more secure than from it but organizations and users are worried about other types because only stakeholders can have access to their confidential data security. In this study, we aimed it. [51] to review the related work and identify major security Public cloud risks in cloud computing due to which the users linked Public cloud is a set up managed by a third party, provid- to it are reluctant to share their confidential data, some ing facilities by using“ pay as you go” model.[52] It is less counter measures were discussed which may help ven- secure than other cloud models. dors to increase security in a cloud computing system Hybrid cloud Hybrid cloud is a “centrally managed setup private Cloud linked and may facilitate users of cloud computing. to one or one or more external resources”. [53] Keywords: Cloud computing, IaaS, PaaS, SaaS. Introduction Cloud deployment services Infrastructure as a service(IaaS) This is the century of cloud computing. Cloud computing is a A model in which Infrastructure is used as a service in- model for delivering services on “pay as you go”. It is a revolu- stead of purchasing .It is on demand use of virtualized re- tionary idea for organizations as one can use its hassle free ser- sources using internet. It facilitates its users by providing vices by using internet without the overhead of infrastructure, infrastructure as a service instead of purchasing it. “Ama- platform and maintenance tasks. “Cloud computing” means us zon EC2” is example of IaaS. Platform as a service(PaaS) Proceedings of the 2nd International Conference on Engineering & Emerging Technologies (ICEET), Superior University, Lahore, PK, 26-27 March, 2015. A model which provides platform as a service to “reduce and their countermeasures. In data security, confidentiality, the cost of platform components management and devel- privacy and data integrity are discussed in detail. For data opment of database tools”. “Google App Engine, Windows confidentiality cryptography technique is proposed in pub- Azure “are its examples. lic clouds. [5]To insure privacy some tips like minimum Software as a service(SaaS) sharing of personal data, maximizing user control and user A model which provides software as a service instead of choice and providing feedback are proposed. Different developing software and it reduces overall cost. “Google security threats proposed by “Cloud Security Alliance” are docs” is its example. abuse of cloud by using botnets in a public cloud, using Insecure interfaces ,shared environment causing threading on others territory and data leakage due to loss of encryp- All these components of cloud offer great convenience, tion key or unauthorized access are discussed in this paper cost reduction, hassle free services and maintenance free [6]. “Man in the middle attacks”, phishing, spam and “de- soft wares but due to its shared environment a lot of securi- nial of service attacks” are some other security threats dis- ty risks are there for confidential data. This paper aimed to review papers and exploring different aspects of security issues as mentioned in those papers. Body cussed. From cloud location point of view, it was discussed that users private data on some others storage space may cause severe damage. “Data combination and commingling” storing multiple data at same place can cause virus attacks and hack attacks. Different data security chal- [1] In this paper, different security challenges are dis- lenges like “MITM, reused IP addresses, and sniffer at- cussed that cloud computing users are facing. Different tacks” are also discussed from network point of view that cloud models are discussed with respect to security and can cause serious data hack threats. At the end some coun- private cloud is declared as a secure model and user‟s se- ter measures are proposed to all these threats. The strength curity issues can be minimized using this model but it of their study is that they have discussed data security works in a limited scenario. Public clouds are presented as challenges and their counter measures W.R.T network, a less secure model. [2] “Cloud Security Alliance (CSA)” cloud location and generally. The deep study is helpful to states that organizations are interested in using cloud but handle these challenges. The limitation of work security is required.[3] The other security issues that are security tool or mechanism is proposed. [Vahid Ashktorab discussed and pose threats to user‟s data are phishing, us- & Seyed Reza Taghizadeh, 2012] is no er‟s data loss and botnet. In addition to that, it is also discussed that hackers may use cloud for arranging botnet as [7]In this paper, it is discussed that cloud computing has it provides cheaper services. These threats are viewed as changed the computing and provided its customers hassle major factors of hindrance of cloud and it needs techniques free services all around the world but along with a lot of and security models to tackle these challenges. The security issues. [8] In cloud computing main concern is to strength of this paper is that different cloud security chal- handle security issues and provide hassle free services and lenges are discussed in detail. The limitation of their work comfort to users.[9]Depending upon the service delivery is that no mechanism is given to tackle with the challenges models different security challenges are pointed out and no security tool is proposed. [Kuyoro S. O et al, 2011] through survey. [10] Public clouds offers multifarious security challenges due to highly interfering environment as [4] In this paper, the researcher has highlighted the benefits of cloud computing along with major security threats compared to private cloud so one should adopt private Proceedings of the 2nd International Conference on Engineering & Emerging Technologies (ICEET), Superior University, Lahore, PK, 26-27 March, 2015. cloud unless public cloud is really needed.[11] Mash up [17] In this paper cloud computing architecture is de- also offers security issues as it collects and manages data scribed in detail. SaaS, PaaS, IaaS are described with real from multiple web sources so a security model is also dis- world service providers. Different cloud service models cussed to secure mash up applications. SaaS uses web 2.0 are discussed. [18] Private cloud is considered safer in as a key technology to avoid installation and maintenance terms of different security issues. In private cloud there is tasks but the security issues are increasing day by day in no need to have additional regulations and legal concerns. this environment [12, 13 and 14]. In web 2.0 different at- Public cloud is not a better choice when high security and tacks like “SQL injection attacks”, “Cross Site Scripting confidentiality is concerned due to its shared environment. (XSS) attacks”, “MITM attacks “are discussed. To avoid [19] Hybrid cloud is combination of two or more clouds MITM attacks different encryption techniques like “Dsniff, with responsibilities shared between cloud service provider Cain, Ettercap, Wsniff, Air jack etc.” are discussed in and concerned companies. In Cloud security architecture [15].In this paper , “Network level security, Application different layers are such as “user layer, service provider level security, data storage security” are the different levels layer, virtualization layer and data center layer” must en- at which security challenges are discussed. “DNS AT- sure security by “authentication, data transmission securi- TACKS, SNIFFER ATTACKS, ISSUE OF REUSED IP ty, virtual machine security and server security respective- ADDRSESSES” are different threats discussed at network ly”. Key security challenges discussed in this paper are level. “DENIAL OF SERVICE ATTACKS, COOKIE “Access to Servers & Applications, Data Transmission POISONING and SECURITY CONCERNS WITH THE ,Virtual Machine Security ,Network Security ,Data Securi- HYPERVISOR” are some of the challenges discussed at ty ,Data Privacy , Data Integrity, Data Location, Data application level. Privacy, confidentiality, Data loss, data Availability, Data Segregation , Security Policy and Com- leakage, hacking, malicious code inserted in databases by pliance , Patch management”.[20] discussed that access to using known domains are some known threats to data stor- server should be regulated by cloud using according to the age and data loss. [16]To solve different security issues security policy of company using cloud in order to avoid some tips are discussed: Use of encryption techniques in a unauthorized access.[21] “Lightweight directory” in small shared environment, less interaction of service providers to organization and “single sign on” in large organization is user data, data back up to avoid data loss, use of “pub- used to manage users to ensure authorized access. “Data lished API” to tackle identity management issues. Differ- loss, encryption, MITM attacks to hack data, virtual ma- ent countermeasures and strategies like “URL FILTER- chine security management” are some basic, of reused IP ING, MULTILAYERSECURITY, ENCRYPTION, AC- address”. Sniffer attack actually captures packets and non- CESS TO DATA BY PASSING CODES, PUBLIC AND encrypted data can be hacked. An algorithm to tackle PRIVATE KEY ENCRPTION,” are presented to handle sniffer attack is discussed in [22].”Encryption, HTTP, the above mentioned challenges at different levels. Com- SSH, single sign on and regular audit of security policies” parative analysis of different strategies is also presented. is discussed as countermeasures to above problems. In The strength of paper is very detailed and comprehensive addition to all these issues some new research issues are study of cloud computing issues at different levels. Com- also discussed in paper. The strength of their work is that parative study of different strategies, their benefits and different security issues are discussed. The drawback is limitations discussed is the best feature. [Rohit Bhadauria that Countermeasures are not discussed in detail. [Rabi et al]. Prasad Padhy et al, 2011] Proceedings of the 2nd International Conference on Engineering & Emerging Technologies (ICEET), Superior University, Lahore, PK, 26-27 March, 2015. [23] In this paper, different Security threats are highlight- crosoft Share Point Services and Microsoft Dynamics ed and categorized as “trust, architecture, identity man- CRM”. Some consider cloud only hype while others con- agement, software isolation, data protection, and availabil- sider it great phenomena for IT Professionals to work with ity”. SaaS, IaaS, PaaS are discussed. Security challenges [32]. Some security disadvantages discussed in this paper discussed at different architecture levels are “attack surfac- are “data location, Investigation, data segregation, long es, virtual networks protection, client side protection, serv- term viability and recovery. This paper also discussed se- er side protection and access management”. [24, 25, curity issues in virtualization. [33]Virtualization is of two 26]Client side protection requires user and websites securi- types named as “full virtualization and Para virtualiza- ty. User security can be implemented easily than web tion”. Different vulnerabilities in virtualization are dis- browser as different plug-ins and website extensions in- cussed. [34] Vulnerabilities in Microsoft server may cause crease the risk of attack. User identity management must access of one guest operator to other guest operator and the include privileges and access to a resource besides authen- host also to run code. At the end current research of these tication. Data protection challenges include data Isolation, cloud service providers about user views is presented. [35] data sanitization and data location S. [27] Encryption can IBMs survey concluded that 77% of the people consider be usually done on data stored in an isolated database in- cloud threat for security, 50% are concerned about data stead of shared database. So according to nature of data, breach. [36] “Microsoft survey reveals 39% of SMB‟s to accurate security management solution is needed. [28, 29] pay for cloud services within three years.” The strength of Data location is also a major issue faced by an organiza- work is survey based services inquiry by different cloud tion in cloud. This paper discusses different issues under providers. The drawback is that security issues are not different categories but solution to these problems is not mentioned in detail. [Vikas Kumar et al, 2012] discussed in detail. No security model or tool is implemented to address these issues. [Wayne A. Jansen, NIST, [37] The paper gives a detailed description of almost all 2011] the old and new security issues in cloud computing. The security is main concern of “researchers [38, 39] business [30]In this paper, huge advantage of cloud computing has decision makers [40] and government organizations [41]”. been discussed. The benefits of cloud deployment models In this paper different security issues have been cited from and services are described along with key security issues. “CSA‟s security guidance [42] and top threats analysis A survey has been done in order to investigate different [43], ENISA‟s security assessment [41] and the cloud security techniques to tackle security issues in cloud com- computing definitions from NIST [44]”. According to puting. Amazon, Google and Microsoft cloud service pro- above mentioned references the paper includes different vider has been selected to carry out survey. Amazon pro- categories of security threats. Network security includes vides following services: “Elastic Compute Cloud (EC2), “transfer security, fire walls and security configurations.” Simple Storage Service (S3) and Simple Queue Service Interfaces include “user interface, authentication, Adminis- (SQS)”. These are difficult to use as it uses command line trative interface and API.” Data security problems include and Linux user can operate it easily [31].Google does not “cryptography, redundancy and disposal.” Similarly virtu- allow write file feature to ensure security. Google provides alization. Compliance and different legal issues have been debugging features. Microsoft also provides services to discussed. In paper security taxonomy is categorized as “manage user identities, workflows and synchronization of “architecture, compliance and privacy” which are further data. Microsoft SQL, Microsoft NET, Live Services, Mi- explained in detail via a tree like diagram. Different securi- Proceedings of the 2nd International Conference on Engineering & Emerging Technologies (ICEET), Superior University, Lahore, PK, 26-27 March, 2015. ty issues and security solutions are discussed. Current sta- is a practical model.” The strength of their work is practi- tus of security is discussed with reference to different enti- cal solution. The drawback of the study is that it is not ties like “ENISA, CSA and NIST”. [45] ENISA is respon- suitable for large cloud environments. sible for managing “network and information security in [50] This paper is a concise analysis of data protection and Europe.” [46]CSA is an agency run by corporations, busi- privacy based on data life cycle ness persons and other stakeholders. [47]NIST has published cloud computing security taxonomy. At the end above mentioned organizations security frame work has been discussed. The strength of paper is that all old and recent security issues have been discussed and categorized. “ENISA, CSA and NIST” proposed security frame work is discussed in detail. Taxonomy of current security issues has been discussed in detail. The drawback of study is that no tool is proposed for implementing security. [Gonzalez et al, 2012] [48] In this paper, different security challenges are discussed with respect to cloud user and cloud service provider. From cloud service users point of view, data security issues discussed are data leakage, data loss and loss of encryption key. As remote connection are used in cloud computing and passwords are reused, if someone accesses your credentials can cause serious damage to data and may provide false information to your customers. They also service provider‟s point of view, it is discussed that due to shared environment and APIs being non-protected can [50] Fig 1 their proposed data life cycle They have discussed the problems at all stages of their proposed data life cycle. “Data ownership, private data storage, availability, authentication, encryption of confidential data, key management in encryption, data integrity, back up, data leakage, data restoration” are the key threats discussed. They have cited various security solutions of different researchers at the end. The strength of their work is that they have proposed a data life cycle and discussed the problems during this life cycle. Limitation of work is the security threats are not discussed in detail. [Deyan Chen & Hong Zhao, 2012] cause unauthorized access to user data and severe damage. The strength of their work is that they have discussed secu- Conclusion rity challenges from user and service provider‟s point of Cloud computing environment is the best choice for small view. The limitation of work is that no tool or security and large organizations. All organizations want to adopt its measures are proposed. [Kangchan Lee, 2012] services. Cloud computing has huge advantages but with [49] In this paper benefits of cloud computing has been some severe threats of security. Due to these security discussed along with increased security threats in cloud threats Organizations are reluctant to use cloud. Organiza- computing. End user is concerned about data security and tions have confidential data and due to shared environment availability. In cloud system users are also concerned in cloud data hacking, manipulation, malicious attacks and about the data access mechanism in cloud computing .To data loss are severe security concerns. Cloud computing is handle the problem of data security; they have proposed a revolutionary concept in IT field. This paper includes the idea of a system which will capture information key security threats and their countermeasures after review movement in cloud. A case study is used to implement the of different research papers. The need of the hour is that proposed system. “They have claimed that proposed model design algorithms and mechanism to tackle these security Proceedings of the 2nd International Conference on Engineering & Emerging Technologies (ICEET), Superior University, Lahore, PK, 26-27 March, 2015. algorithms. So, organizations may use Cloud services feeling safe and secure. References [1] Kuyoro S. O, Ibikunle F, Awodele O. “Cloud Computing Security [14]. Adam A Noureddine, Meledath Damodaran, “Security in Web 2.0 Application Development,” iiWAS '08, Proc.of the 10th International Conference on Information Integration and Web-based Applications & Services, pp. 681685, 2008, ISBN: 978-1-60558-349-5, DOI: 10.1145/1497308.1497443. Issues and Challenges” International Journal of Computer Networks (IJCN), Volume (3): Issue (5): 2011 [2] M. A. Morsy, J. Grundy and Müller I. “An Analysis of the Cloud Computing Security Problem” In PROC APSEC 2010 Cloud Workshop. 2010. [3] S. Ramgovind, M. M. Eloff, E. Smith. “The Management of Security in Cloud Computing” In PROC 2010 IEEE International Conference on Cloud Computing 2010. [4] Vahid Ashktorab2, Seyed Reza Taghizadeh1“Security Threats and Countermeasures in Cloud Computing” Volume (1), Issue (2): October 2012.www.ijaiem.orgEmail: editor@ijaiem.org, editorijaiem@gmail.com [5] Siani Pearson. Taking Account of Privacy when Designing Cloud Computing Services. CLOUD '09: Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing, pages 44-52. May 2009 [6] S. Ghemawat, H. Gobioff, and S. Leung, “The Google file system,” in Proceedings of the 19th Symposium on Operating Systems Principles (OSDI‟2003), 2003, pp. 29–43. [7]Rohit Bhadauria, Rituparna Chaki, Nabendu Chaki and Sugata Sanyal “A Survey on Security Issues in Cloud Computing” [8]. “Security Consideration for Cloud Ready Data-Centers,” Juniper Networks, Oct. 2009. http://www.juniper.net/us/en/local/pdf/whitepapers/2000332-en.pdf. [9]S. Subashini, V. Kavitha, “A survey on security issues in service delivery models of cloud computing”; Journal of Network and Computer Applications, Vol. 34(1), pp. 1–11, Academic Press Ltd., UK, 2011, ISSN: 1084-8045. [10] Jon Marler, “Securing the Cloud: Addressing Cloud Computing Security Concerns with Private Cloud, “Rackspace Knowledge Centre, March 27, 2011, Article Id: 1638. http://www.rackspace.com/knowledge_center/private-cloud/securing-thecloud-addressing-cloud-computingsecurity-concerns-with-private-cloud. [11]. Frederik De Keukelaere, Sumeer Bhola, Michael Steiner, Suresh Chari, Sachiko Yoshihama, “Smash: secure component model for crossdomain mashups on unmodified browsers,” Proc. of the 17th International Conference on World Wide Web, ACM, NY, USA, 2008, ISBN: 978-160558-085-2. [12]. Pradnyesh Rane, “Securing SaaS Applications: A Cloud Security Perspective for Application Providers,”Information Systems Security, 2010. http://www.infosectoday.com/Articles/Securing_SaaS_Applications.htm. [13]. Mashups, SaaS and Cloud Computing: Evolutions and Revolutions in the Integration Landscape. http://www.redcad.org/summerschool09/slides/Bentallah_CTDS09_Mash ups%20and%20SaaS.pdf. [15]. Jonathan Katz, “Efficient Cryptographic Protocols Preventing Man in the Middle Attacks,” Doctoral Dissertation submitted at Columbia University, 2002, ISBN: 0-493-50927-5. http://www.cs.ucla.edu/~rafail/STUDENTS/katz-thesis.pdf [16]Lori M. Kaufman, “Data security in the world of cloud computing,” IEEE Security and Privacy Journal, vol. 7, issue. 4, pp. 61-64, July- Aug 2009, ISSN: 1540-7993. , Suresh [17] Rabi Prasad Padhy, Manas Ranjan Patra Chandra Satapathy: “Cloud Computing: Security Issues and Research Challenges” IRACST International Journal of Computer Science and Information Technology & Security (IJCSITS) Vol. 1, No. 2, December 2011 [18] B. R. Kandukuri, R. Paturi V, A. Rakshit, “Cloud Security Issues”, In Proceedings of IEEE International Conference on Services Computing, pp. 517-520, 2009. [19] Meiko Jensen, Jorg Schwenk, Nils Gruschka, Luigi Lo Iacon, “On technical Security Issues in Cloud Computing,” Proc. of IEEE International Conference on Cloud Computing (CLOUD-II, 2009), pp. 109-116, India, 2009 [20]K. Hwang, S Kulkarni and Y. Hu, “Cloud security with Virtualized defence and Reputation-based Trust management,” Proceedings of 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing (security in cloud computing), pp. 621628, Chengdu, China, December, 2009. ISBN: 978-0-7695- 3929 -4. [21] R. Gellman, “Privacy in the clouds: Risks to privacy and Confidentiality from cloud computing,” The World Privacy Forum, 2009. http://www.worldprivacyforum.org/pdf/WPF_Cloud_ Privcy_Report.pdf. [22]. Krishna Reddy, B. Thirumal Rao, Dr. L.S.S. Reddy, P.Sai Kiran “Research Issues in Cloud Computing “ Global Journal of Computer Science and Technology, Volume 11, Issue 11, July 2011. [23]Wayne A. Jansen, ―Cloud hooks: Security and Privacy Issues in Cloud Computing, 44th Hawaii International Conference on System Sciences 2011. [24]S. M. Kerner, Mozilla Confirms Security Threat from Malicious Firefox Add-Ons, eSecurity Planet, February 5,2010, http://www.esecurityplanet.com/news/article.php/3863331/MozillaConfirms-Security-Threat-From-Malicious-Firefox-Add-Ons.htm [35] S. King ET [25] N. Provos et al., the Ghost in the Browser: Analysis of Web-based Malware, Hot Topics in Understanding Botnets (HotBots), April 10, 2007, Cambridge, MA [26] N. Provos, M. A. Rajab, P. Mavrommatis, Cybercrime 2.0: When the Cloud Turns Dark, Communications of the ACM, April 2009 [27] S. Pearson, Taking Account of Privacy when Designing Cloud Computing Services, ICSE Workshop on Software Engineering Challenges of Cloud Computing, May 23, 2009, Proceedings of the 2nd International Conference on Engineering & Emerging Technologies (ICEET), Superior University, Lahore, PK, 26-27 March, 2015. Vancouver, Canada [45]ENISA (2011) About ENISA. http://www.enisa.europa.eu/aboutenisa [28]B. R. Kandukuri, R. Paturi V, A. Rakshit, Cloud Security Issues, IEEE International Conference on Services Computing, Bangalore, India, September 21-25, 2009 [46]. CSA (2011) About. https://cloudsecurityalliance.org/about/ [29] S. Overby, How to Negotiate a Better Cloud Computing Contract, CIO, April 21, 2010, http://www.cio.com/article/591629/How_to_Negotiate_a_Better_Cloud_ Computing_Contract [30] Vikas Kumar, Swetha, M.S, Muneshwara M. S, Prof NPrakash S: CLOUD COMPUTING: TOWARDS CASE STUDY OF DATA SECURITY MECHANISM ISSN No: 2250-3536 Volume 2, Issue 4, July 2012 1 International Journal of Advanced Technology & Engineering Research (IJATER) [31]http://www.aws.amazon.com/ [32]http://www.code.google.com/appengine [33]http://www.robertwrose.com/vita/rose_virtualization [34]http://www.microsoft.com/technet/security/bulletin/ [35] http://www.microsoft.com/ [36] http://www.securitysquared.com/-29 Oct, 2010 by Sharon J.Watson [37] Nelson Gonzalez1*, Charles Miers1,4, Fernando Red´ıgolo1, Marcos Simpl´ıcio1, Tereza Carvalho1,Mats N¨aslund2 and Makan Pourzandi3: A quantitative analysis of current security concerns and solutions for cloud computing Gonzalez et al. Journal of Cloud Computing: Advances, Systems and Applications 2012, 1:11 http://www.journalofcloudcomputing.com/content/1/1/11 [38] Armbrust M, Fox A, Griffith R, Joseph AD, Katz RH, Konwinski A, Lee G, Patterson DA, Rabkin A, Stoica I, Zaharia M (2009) Above the Clouds: http://www.journalofcloudcomputing.com/content/1/1/11 A Berkeley View of Cloud Computing. Technical Report UCB/EECS-2009-28, University of California at Berkeley, eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.html [39]Rimal BP, Choi E, Lumb I (2009) A Taxonomy and, Survey of Cloud Computing Systems. In: Fifth International Joint Conference on INC, IMS And IDC, NCM ‟09, CPS. pp. 44–51 [40]. Shankland S (2009) HP‟s Hurd dings cloud computing, IBM. CNET News [41] Catteddu D, Hogben G (2009) Benefits, risks and recommendations for Information security. Tech. rep., European Network and Information Security Agency, enisa.europa.eu/act/rm/files/deliverables/cloudcomputingRisk-assessment [42] CSA (2009) Security Guidance for Critical Areas of Focus in Cloud Computing. Tech. rep., Cloud Security Alliance [43]Hubbard D, Jr LJH, Sutton M (2010) Top Threats to Cloud Computing. Tech. rep., Cloud Security Alliance. cloudsecurityalliance.org/research/ projects/top-threats-to-cloud-computing [44] Mell P, Grance T (2009) the NIST Definition of Cloud Computing. Technical Report 15, National Institute of Standards and Technology, www.nist.gov/itl/cloud/upload/cloud-def-v15.pdf [47] NIST (2011) NIST Cloud Computing Reference Architecture: SP 500-292. http://collaborate.nist.gov/twiki-cloud-computing/pub/ CloudComputing/ReferenceArchitectureTaxonomy/NIST SP 500-292 090611. Pdf [48] Kangchan Lee: Security Threats in Cloud Computing Environments” International Journal of Security and Its Applications Vol. 6, No. 4, October, 2012 [49] R. La„Quata Sumter, ―Cloud Computing: Security Risk Classification” ACMSE 2010, Oxford, USA [50]Deyan Chen andHong Zhao: Data Security and Privacy Protection Issues in Cloud Computing” 2012 International Conference on Computer Science and Electronics Engineering [51] S. Arnold (2009, Jul.). “Cloud computing and the issue of privacy.” KM World, pp14-22.Available: www.kmworld.com [Aug. 19, 2009]. [52] A Platform Computing Whitepaper. “Enterprise Cloud Computing: Transforming IT.”Platform Computing, pp6, 2010. [53] Global Netoptex Incorporated. “Demystifying the cloud. Important opportunities, crucial choices.” pp4-14. Available: http://www.gni.com [Dec. 13, 2009].