Threats facing cloud security and how to counter them Writing Assignment #2The Four-SourceEssay: Basic Synthesis Summary of assignment• Task: The four-source essay asks you to synthesize the arguments

                                                                       Countering Threats Facing Cloud Computing

                                                                                                     Name

                                                                                                   Institution                              

                                                                                            Date of Submission

          The significance of Cloud computing has quickly gained popularity among organizations and individual computer and mobile devices users. Cloud computing facilitates convenient, ubiquitous, and quick retrieval of vast amounts of data by the requester. The primary goal of this technology is to ensure that data is securely stored and quickly retrieved on demand. Furthermore, cloud computing increases scalability collaboration, availability, agility, and the ability to minimize data storage costs through efficient and optimized computing. Before the advent of cloud computing, unethical hackers were stealing data from computer users hard-disks by dispatching a virus that would corrupt the computers then send the target data to the hacker's computer. To contain this, organizations turned to cloud computing. However, despite the numerous advantages of the technology, the data stored on the cloud by firms is still prone to hacking and other security threats. As technology grows, hackers are coming up with the latest ways of accessing such data for their reasons. Going by this discussion, this paper seeks to address the various mitigation measures that companies and organizations can use to counter threats facing cloud computing.

          Notwithstanding the numerous benefits of cloud computing, the primary concern is the security of the latter. Some of the threats linked with this form of data storage include loss of data, phishing, and data privacy. However, developers have come up with some of the most reliable measures of countering and attenuating the threats to make sure that information and data stored is secure and 100 percent confidential. Data-encryption is the surest method to safeguard data in the cloud. According to Zhang (2018), data is encrypted, making it impossible for cybercriminals to decode or decipher the hidden information. A unique encryption key is encoded to the content by propriety cloud system, making the files appear gibberish. Zhang (2018) further claims that there is an insistence on using a particular application while downloading or uploading the information, which boosts the encryption function. This, therefore, makes encryption the best method that can be used to ensure data security.

          An Insecure application program interfaces (APIs) exposes an organization's data to a third party's consumption. Ensuring that the API is secure presents an opportunity to enjoy a frictionless experience while using cloud services. To identify such vulnerabilities before they become a problem, thorough penetration testing and security-focused code reviews are highly recommended. Consequently, to mitigate the risk, APIs should be treated as the topmost defense while seeking cloud security solutions. According to Suryateja (2018), are the components of the system that are the most exposed and have readily available IP addresses, making it easier for third parties to hack. Therefore, if a virus is introduced, such vulnerabilities will play a critical role in bringing down an organization's application workload. In other words, an insecure API creates a weak link that, if followed by third parties, an organization's data is likely to land in the wrong hands. Therefore, organizations should consider using multi-layered security to seal the vulnerabilities and keep the cloud safe.

          Malicious insiders can compromise the security of cloud computing. Employees are number one danger to company. Current and former employees who are/were charged with the development and protection of the cloud system because they have/had total access (Khan and Yasiri,2018). Khan and Yasiri (2018) back up this by citing a friend who conspired with a group of cybercriminals to sabotage the company's cloud security after losing his job. This was possible because the former employee had vast information regarding the company's cloud system, making it easy for him to temper with it. However, a company can mitigate such incidents by ensuring that cloud access credentials are revoked upon end/termination of the employment contract. Besides, organizations should limit the apps and data access levels to minimize damage caused in case an employee decides to strike. Companies should also consider establishing a secure way of recruiting employees and pay well employees who are privy to company data to avoid such vulnerabilities.

          Account hijacking is a common challenge being faced by cloud developers. Hackers are using strategies like fraud and phishing to circumvent security systems of both cloud and on-premises infrastructure to acquire login credentials from the original owners. The moment hackers gain access to the link the credentials can offer, they steal data and use the weak link to attack further. The impact caused varies depending on the significance attached to the account. To prevent such incidents from taking place, basic account security protocols must be observed across an organization. The basics include using strong passwords, safeguarding personal login credentials, using varied authentication factors like mobile phones, and ensuring that employees are acquainted with phishing identifications knowledge (Tirumala et al.,2015). The proper use of these methods can go a long way in ensuring that data stored in the cloud is safe.

          Besides, the abuse and illegal use of cloud services is another threat involving hackers who attack the cloud space by targeting clouds that are insecure and free trial on services. In such a scenario, the hackers use cloud tools to dispatch DDoS (Distributed Denial of Service) to the target cloud or use one cloud to attack the other. When one's cloud resources are used to launch an attack on another cloud, it may be difficult for the service provider to respond to such a threat because the provider's access to the resources is minimized(Lindemann,2015). Organizations can combat such incidents by enlisting the services of highly secure service providers committed to ensuring proper usage of their services.

          To wrap up, this paper had addressed the various measures that can be used to ensure the cloud is secure. The essay has illustrated how data encrypting can make it impossible for cybercriminals to access data. The paper has also addressed how weak APIs create a weak link when a virus is launched. This can be prevented by using multi-layered security. Furthermore, another threat can emanate from employees. This can be avoided by revoking access credentials of employees upon the end of the contract and restricting the kind of data and apps employees have access to. Account hijacking can be prevented by observing basic strong account protocols. Lastly, cloud attacks originating from cloud companies can be avoided if organizations seek for service providers that are actively working to ensure proper use of their cloud services.

                                                                                              References 

Suryateja, P. S. (2018). Threats and vulnerabilities of cloud computing: A review. International Journal of Computer Sciences and Engineering, 6(3), 297-302.

Khan, N., & Al-Yasiri, A. (2016). Identifying cloud security threats to strengthen cloud computing adoption framework. Procedia Computer Science, 94, 485-490.

Lindemann, J. (2015, August). Towards abuse detection and prevention in IaaS cloud computing. In 2015 10th International Conference on Availability, Reliability and Security (pp. 211-217). IEEE.

Tirumala, S. S., Sathu, H., & Naidu, V. (2015, December). Analysis and prevention of account hijacking based incidents in cloud environment. In 2015 international Conference on Information Technology (ICIT) (pp. 124-129). IEEE.

Zhang, H. (2018, January 25). How secure is your data when it's stored in the cloud? The Conversation. https://www.theconversation.com/how-secure-is-your-data-when-its-stored-in-the-cloud-90000