Making Cloud Computing Secure: Cloud security Alliance Promotes Security Assurance; Vulnerability in Cyber Security: Evolving Organizational Responses to Cyberthreats in the United States

Ahmed, Tanjim, School of Engineering and Applied Science, University of Virginia
Morrison, Briana, EN-Comp Science Dept, University of Virginia
Baritaud, Catherine, EN-Engineering and Society, University of Virginia

As the use of the internet increases in recent years and more companies transition to cloud, the number of cyber attacks and cloud security failures are increasing. The technical research report identifies the main reasons for the failures of cloud security and proposes both long term and immediate solutions. The STS paper demonstrates evolving organizational responses to cyber attacks and also analyzes why cyber attacks are increasing every year despite the strong security measures taken by the cyber security professionals. The main focus of both the technical report and the STS research paper is about the security of computing services used by the internet. The technical report first identifies the reasons for cloud security failures. Many organizations use hybrid clouds or multi-clouds which are very complex cloud infrastructures that can cause misconfigurations and lack of security controls. The long term suggested solution for those organizations struggling to ensure cloud security is to create their own cloud infrastructure from scratch to have more control over their security controls and other cloud features. However, most of the organizations do not have enough experienced cloud security professionals. The immediate solutions for the cloud professionals would be to get help and utilize the resources from the Cloud Security Alliance (CSA). The CSA launched multiple programs to ensure cloud security; they also promote security assurance by providing educational resources, training, certifications, vendor-neutral and consensus driven research and guidance to cloud professionals through examination programs. Cloud professionals who do not have enough experience can be trained and learn more from the CSA courses and training programs, and they will have a better understanding of cloud security controls. If they ever have trouble deploying their cloud environment, they can ensure cloud security by working with a network of trusted security professionals from CSA Global Consulting Program. Cloud engineer candidates can get the certifications from CSA, which will make it easier for employers to identify qualified individuals. As experience grows over time, most of the big organizations will have enough cloud professionals to build their own cloud infrastructure. Ensuring data security is a top priority for everyone so immediate action is required, and this is the main reason CSA is a great resource to utilize. The immediate research question for the STS paper was - how are security organizations and law enforcement striving to reduce the cybercrime threat to small businesses, healthcare, education, and government agencies? The thesis statement is - despite the security organizations and government agencies taking strong cyber security measures, cyber attacks to those industries are increasing every year and will continue to increase in the future. To understand why these cyber attacks are increasing every year, the research approach is to use the theory of technological momentum to analyze the actions taken by government agencies and large security organizations. Technological momentum is a theory about technological determinism and social construction, developed by Thomas P. Hughes (1987). How cyber attacks are increasing every year and how it will be in the future can both be explained using the theory of technological momentum. As technology advanced and the use of the internet increased, the number of cyber criminals also increased with advanced cyber attacks. As all the industries started adapting to perform their tasks online in recent years, they also need to adapt to have protections against cyber attacks. As a result of technological momentum, the cyber criminals are also performing advanced cyber attacks every year, and the cyber security professionals also have to come up with new security measures to give protection against these cyber attacks. There is no way to know how cyber criminals will perform their attacks, so the number of cyber attacks will increase more in the future. More steps need to be taken to raise awareness and prevent cyber attacks as much as possible such as having required cyber security courses in high school, required cyber security certifications for different companies, and advanced protection software being free for everyone. Coupling the STS paper with the technical report can show how security can be improved through identifying the main issues causing these cyber attacks and cloud security failures. In both papers, one of the main focuses was to raise awareness about cyber security in general. Both papers also help finding the right resource and security measures to prevent those types of security attacks or mitigate the security risks as much as possible.

BS (Bachelor of Science)
Cyber Security, Cloud Computing, Technological Momentum, Cyber Attacks

School of Engineering and Applied Science
Bachelor of Science in Computer Science
Technical Advisor: Briana Morrison
STS Advisor: Catherine Baritaud

All rights reserved (no additional license for public reuse)
Issued Date: