Access Control As a Service in Cloud: Challenges, Impact and Strategies

Shibli, Muhammad Awais; Masood, Rahat; Habiba, Umme; Kanwal, Ayesha; Ghazi, Yumna; Mumtaz, Rafia

doi:10.1007/978-1-4471-6452-4_3

Cited by 4 publications

(3 citation statements)

References 67 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The group’s policies can address common issues such as data theft. However, Group 1 still faces some challenges: for example, internal data leakage and unauthorized access (Furfaro et al , 2014; Shibli et al , 2014). If the data protection policy is flawed or the EN key is lost, the system may attack more.…”

Section: Discussionmentioning

confidence: 99%

“…The access controls clause addresses requirements to control access to information assets and information processing facilities (Harter et al , 2018). The controls are focused on the protection against accidental damage or loss (Furfaro et al , 2014), overheating, threats (Shibli et al , 2014), etc. It links to Category 1 IAM in CSA obviously (McLaren et al , 2013; Waters, 2016).…”

Section: Classificationmentioning

confidence: 99%

See 1 more Smart Citation

Security-as-a-service: a literature review

Wang

Yongchareon

2020

IJWIS

View full text Add to dashboard Cite

Purpose This study aims to identify the level of security from existing work, analyze categories of security as a service (SECaaS) and classify them into a meaningful set of groups. Further, the report will advise commercial applications and advice of SECaaS as an extended context to help firms make decisions. Design/methodology/approach This paper compares the SECaaS categories in Cloud Security Alliance (CSA) with the security clauses in ISO/IEC 27002:2013 to give a comprehensive analysis of those SECaaS categories. Reviewed from a number of related literature, this paper analyzes and categorizes SECaaS into three major groups including protective, detective and reactive based on security control perspectives. This study has discussed the three groups and their interplay to identify the key characteristics and problems that they aim to address. Findings This paper also adds new evidence to support a better understanding of the current and future challenges and directions for SECaaS. Also, the study reveals both the positive and negative aspects of SECaaS along with business cases. It advises on various sizes and domains of organizations to consider SECaaS as one of their potential security approaches. Originality/value SECaaS has been demonstrated to be one of the increasingly popular ways to address security problems in Cloud computing. As a new concept, SECaaS could be treated as integrated security means and delivered as a service module in the Cloud. However, it is still in infancy and not very widely investigated. Recent studies suggest that SECaaS is an efficient solution for Cloud and real industries. However, shortcomings of SECaaS have not been well-studied and documented. Moreover, reviewing the existing research, researchers did not classify the SECaaS-related categories.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Classificationmentioning

confidence: 99%

Security-as-a-service: a literature review

Wang

Yongchareon

2020

IJWIS

View full text Add to dashboard Cite

show abstract

“…Unauthorized persons have a bar to access that information outside of the organization. Different social engineering attacks, cybercrime has been employed to penetrate into the cloud storage by any unauthorized hacker [31].…”

Section: Limitation Of Bandwidthmentioning

confidence: 99%

Untitled

2021

JESTR

View full text Add to dashboard Cite

The emergence of the cloud computing paradigm has influenced business organizations for migration over two decades. This has enabled a more incredible communication speed paired with a better fault tolerance of web-based applications and the scope of having practically unlimited storage available for the user and business data. Such colossal data availability over cloud platforms has increased concerns about the security of the same from various threats such as unauthorized eavesdropping, deliberate malicious mutation of data, loss of data integrity, and identity theft. The presence of such security vulnerabilities has rendered cloud security to be an active research area. This article aims to deep dive into the present stateof-the-art in cloud security research and mitigation approaches. It is observed that cloud storage, cloud services are the widely used applications among the organization. However, vulnerabilities and security challenges faced by this two area is maximum. Besides, outsourcing sensitive information to cloud service provider's (CSP) end leads to trust issues among organizations. This article performs a detailed comparative analysis of the security frameworks developed towards cloud storage level, cloud service level, and cloud trust level to date and throws light on future research directives. All the existing research has been evaluated against CIA (confidentiality, Integrity, Availability) principles here.

show abstract

A Survey on Security as a Service

Wang

Yongchareon

2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Access Control As a Service in Cloud: Challenges, Impact and Strategies

Cited by 4 publications

References 67 publications

Security-as-a-service: a literature review

Security-as-a-service: a literature review

Untitled

A Survey on Security as a Service

Contact Info

Product

Resources

About