Uncovering Cloud Security Complexities-A Comprehensive Five-Perspective Taxonomic Review

doi:10.21203/rs.3.rs-4506913/v1

Download PDF

Systematic Review

Uncovering Cloud Security Complexities-A Comprehensive Five-Perspective Taxonomic Review

https://doi.org/10.21203/rs.3.rs-4506913/v1

This work is licensed under a CC BY 4.0 License

Version 1

posted

You are reading this latest preprint version

In the rapidly evolving realm of cloud computing, the surging adoption and its profound role in modern IT infrastructures necessitate a vigilant exploration of emerging security challenges and threats. While prior studies have categorized threats, the need for integrated solutions is evident, and an integrated study is evident, with only a limited few addressing this requirement and providing critical correlations among the factors influencing cloud computing security.

This paper conducts a state-of-the-art, in-depth exploration of multifaceted cloud security challenges, organized into a five-perspective taxonomy spanning cloud service models, architecture, networking, stakeholders, and data. It begins by contextualizing the rapid ascent of cloud computing within contemporary IT landscapes. This taxonomy offers a structured framework that dissects challenges and provides a roadmap for problem-solving. Extracting four critical variables from the five perspectives and 8 key metrics for security issues related to cloud service models, this review article bridges the gap between theory and practice, emphasizing the need for precision in navigating these complexities.

Theoretical Computer Science

Cloud Service Models

Cloud Security

Data Security

Privacy

Virtualization

Stakeholders Security

The vista of cloud computing has ignited a paradigm shift, revolutionizing computational landscapes and catalyzing broader societal, economic, and environmental transformations. This shift is more than just a technological breakthrough; it signifies an imperative response to dynamic changes in our world. The fusion of recent technological strides with evolving social needs has prompted individuals, organizations, and governments to seek innovative strategies for maintaining a competitive edge. Amidst this backdrop, cloud computing (CC) technology emerges as a pivotal enabler of progress.

Cloud computing is a standard solution to address the escalating demands of a resource-hungry digital age. Cloud computing introduces a dependable framework for service provisioning by seamlessly merging existing computing technologies. It delineates its dominion through Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS), each catering to distinct service paradigms. However, orchestrating these cloud services introduces a myriad of complexities.

This research embarks on an exploration of these intricacies, propelled by an overarching concern for security. As cloud computing intertwines with emergent forces like the Internet of Things (IoT) and 5G, an array of intricate challenges emerge. The bedrock of this study rests upon addressing these multifaceted challenges, encompassing availability, load balancing, auto-scaling, resource provisioning, and security and privacy. Furthermore, integrating cloud computing with IoT and 5G technology has brought forth an array of additional complexities, from trust management to traffic analysis.

Amidst these complexities, the role of security looms large[1]. The surging popularity of cloud computing has cast a spotlight on data security and privacy issues. These challenges and risks reverberate from the very architecture and paradigms of cloud computing[2]. This work assumes the mantle of illuminating these issues, weaving a narrative that unveils emergent patterns and lingering challenges. In cycle, the study maps the maze of security concerns, potential threats, and countermeasures onto the sprawling canvas of cloud computing infrastructure.

Central to this endeavour is a holistic taxonomy, a discernment tool across five distinct perspectives. This meticulous framework unfurls the layers of vulnerability within cloud computing, spanning service models, architecture, networking, stakeholders, and data. Its potency lies in providing a structured methodology, empowering stakeholders to grasp the intricate intricacies and challenges intrinsic to cloud computing security. Researchers, practitioners, and policymakers stand to glean invaluable insights poised at the intersection of cloud computing and security. This taxonomy serves as a lodestar, illuminating uncharted territories, and orchestrating a symphony of ideas and solutions.

By marrying these perspectives, this study aspires to decode the evolving challenges of cloud computing. It casts a spotlight on emerging trends and unresolved puzzles, propelling us towards informed future research and resolute practices.

The rest of the paper is categorized as follows. Section 2 gives an overview of Cloud computing architecture and its working, Section 3 has the methodology echoing the diligent route charted by SLR's systematic exploration, Section 4 is the heart of this study; Cloud Computing challenges, it has the Five-perspective taxonomy, Current Literature Summary, all the statistical analysis and the comparison between related works and taxonomy. Subsequent sections, i.e. Sections 5 to 9, are the inter-weaved sections discussing the taxonomy in detail, whereas Section 6 has the key metrics identified for IaaS, PaaS and SaaS challenges. The final Section 10 is the conclusion section.

1.1. Motivation:

The pursuit of exhaustive and nuanced insights into the multifaceted challenges posed by cloud computing becomes increasingly important in a constantly changing landscape. As cloud computing assumes an increasingly central role in contemporary IT infrastructures, it has far-reaching consequences for individuals, organizations, and governments. Understanding and mitigating cloud security vulnerabilities and attacks has never been more critical.

While the literature has indeed delved into cloud computing challenges and threats, what sets our review apart is its unwavering commitment to intricately weaving together the myriad challenges that cloud computing confronts. Unlike previous studies that have often approached these challenges from singular vantage points, this review thoroughly examines these complexities from five distinct and interrelated perspectives.

This review equips researchers and practitioners with a comprehensive comprehension of the formidable obstacles cloud computing must overcome by examining these challenges through these five lenses. In addition, it facilitates the identification of crucial intersections and overlaps among these perspectives, paving the way for integrated and holistic approaches to the current challenges.

In essence, this review transcends the fragmented landscape of cloud computing analysis by providing a unified perspective highlighting the magnitude of the challenges and enabling stakeholders to chart a course toward secure and resilient cloud solutions.

The study's contributions are:

A five-perspective taxonomy that offers a structured framework for dissecting and understanding multifaceted security issues in cloud computing.
A detailed correlation and factor analysis is needed to identify and summarize key cloud computing challenges, elucidate the relationships and interdependencies among security issues, and provide a roadmap for addressing them.
Extracted four critical variables from the five perspectives and eight key metrics for security issues related to cloud service models.
SLR with Frequency analysis and holistic examination of interrelated perspectives for layered Security needs

These analytical offerings directly respond to the need for structured insight, aiding practitioners in navigating the web of cloud security challenges with informed precision.

Cloud computing (CC) offers substantial benefits in terms of high resource utilization, scalability, and flexibility. It provides the ability to rapidly deliver on-demand services, enabling clients to pay only for the resources they utilize while ensuring anywhere, anytime accessibility.

The National Institute of Standards and Technology (NIST) defines cloud computing as: “A model for enabling convenient, on-demand network access to a shared pool of configurable computing resources such as networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction " [3]. Figure 1 depicts the NIST definition well.

2.1. Cloud computing service models

There are three primary cloud computing models: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). Each model represents a distinct component of the cloud computing stack with varying degrees of control, flexibility, and administration, allowing users to pick the most appropriate collection of services [4], [5], [6].

2.1.1. Infrastructure as a service (IaaS)

IaaS is the most comprehensive way for cloud providers to deliver virtual servers and data storage. Model users can install and run their apps and OSes on the service's infrastructure without maintaining it. Customers just pay for the services they use and can increase or decrease resources because cloud computing is a utility. One of the most popular IaaS models is Amazon Ec2. IaaS aids data warehousing and big data analytics [4], [5], [6].

2.1.2. Platform as a service (PaaS)

This service architecture facilitates the deployment, hosting, and development of consumer software applications. In this arrangement, a third-party provider offers the consumer access to software and hardware resources via the Internet. PaaS eliminates the requirement for users to install hardware and software to construct applications. In addition, it can give computing power that is impossible for a single user to get [4] [5] [6].

2.1.3. Software as a service (SaaS)

SaaS is a popular service model in cloud computing, with widespread usage among clients. It falls under the cloud application services category and is also known as web-based software, software-on-demand, or hosted software. SaaS offers a cloud-based application along with its underlying IT infrastructure and platforms, accessible to end-users via the Internet without the need for installation or maintenance. In addition, the majority of apps operate directly within the browser, offering users of this way a greater degree of flexibility and convenience [4] [5] [6].

2.2. Cloud computing deployment models

The nist defines four cloud models, public, private, community, and hybrid. A cloud deployment paradigm can be told apart by how the services are made available to users, where the infrastructure for the deployment is located, and who owns it.

2.2.1. Public cloud

The public cloud is a deployment model where clients can subscribe to hardware and software resources, including OS, CPU, memory, storage, application servers, and databases. It's commonly used for tasks like application development, testing, file sharing, and email. Services are offered by a specialized provider either for free or on a pay-per-use basis, with resources hosted off-site.

2.2.2. Private Cloud

A single organization often utilizes private cloud technology. The business may maintain this infrastructure to serve several user classes or be handled on-site or remotely by a service provider. Private clouds are much more expensive than public clouds because they demand a more extensive initial and ongoing financial investment. On the other hand, private clouds are suitable for addressing the current security and privacy challenges, yet they have some limitations.

2.2.3. Hybrid cloud

Applications are said to run in a hybrid cloud if they are deployed and run in multiple environments. These hybrid cloud platforms connect public and private resources in various ways; nevertheless, they frequently combine standard industry technologies, like Kubernetes, to organize container-based service deployments.

2.2.4. Community cloud

The community deployment model is comparable to private cloud deployments. In the private Cloud, the cloud server is owned by a single user or company. In the community Cloud, multiple businesses with similar histories share a cloud server. If all businesses or organizations share the same security protocols, performance needs, and objectives, this multi-tenant design can help them save money and increase productivity. This approach can be used for project development, execution, and maintenance. The community cloud environment has restricted access to community members only. Table 1 discusses the Security states for Cloud deployment models on different metrics. These metrics collectively provide a comprehensive framework for evaluating the security posture of various cloud deployment types.

Table 1

Summary of Security states for Cloud deployment models
Metrics	Private	Public	Community	Hybrid
Confidentiality	High	Low	Moderate	Moderate
Integrity	High	Low	Moderate	Moderate
Availability	High	Low	Moderate	Moderate
Number of Threats	Low	High	Moderate	Moderate
Access Control	High	Low	Moderate	Moderate
Multi-Tenancy	Low	High	Moderate	Moderate
Performance	High	Low to Moderate	High	Moderate to High
Difficulty of Implementation & Maintenance	High	Low	Moderate	Moderate
Implementation Cost	High	Low	Moderate	Moderate

2.3. Actors/Stakeholders in NIST Cloud Computing Architecture

According to NIST, there are five primary stakeholders or actors in cloud computing: cloud consumers, cloud providers, cloud carriers, cloud auditors, and cloud brokers. A individual or organization that engages in a transaction or process and fulfills responsibilities is a cloud computing actor. Actors play several roles. These are all affected by cloud computing and security [4], [5]. The NIST cloud computing reference model lists players in Table 2.

Table 2

Stakeholders in Cloud Computing Architecture
Actors/Stakeholders	Definition
Cloud Consumer	A person or organization that has an ongoing commercial agreement with a cloud provider and uses the Cloud provider's services.
Cloud Provider	A person, company, or institution makes a service accessible to those interested in receiving it.
Cloud Auditor	A third-party organization capable of conducting an impartial analysis of cloud services, information system operations, performance, and the level of security provided by the cloud deployment.
Cloud Broker	An entity that controls the use of cloud services, the performance of those services, and the delivery of those services, as well as that entity's role in negotiating the connection between cloud providers and consumers.
Cloud Carrier	A third party that facilitates the delivery of cloud services by linking Cloud Providers and Cloud Users.

The interactions between the actors are depicted in Fig. 2. A cloud consumer can ask a cloud provider directly or through a cloud broker for cloud services. An impartial cloud auditor conducts audits and may contact others to get Information.

Usage Scenario 1

As shown in Scenario Fig. 3, the cloud consumer interacts directly with the cloud broker, and the cloud provider remains invisible. The broker creates and offers the most affordable and efficient services by combining cloud service providers.

Usage Scenario 2

Cloud carriers connect service providers and consumers. Cloud providers negotiate service level agreements with cloud consumers and carriers (Fig. 4). Cloud providers and carriers often sign service level agreements (SLAs) to ensure that cloud services are constantly available and meet user contractual commitments. Cloud providers may use dedicated, encrypted connections. In SLA2, the provider may explain what capability, flexibility, and functionality it requires to achieve SLA's basic requirements.

Usage Scenario 3

Figure 5 depicts cloud auditors' usage scenario, where they independently assess the operation and security of a cloud service implementation. Interactions with both the Cloud Consumer and the Cloud Provider may be required during the audit.

2.4. Section Summary: Understanding Cloud Security; Setting the Stage for Challenges

The previous sections explored the complex world of cloud computing (CC) architecture. This section has built a solid understanding of cloud service models, deployment patterns, and stakeholder roles by carefully analyzing them. Analyzing the cloud's structure from infrastructure-centric Infrastructure-as-a-Service (IaaS) to user-centric Software-as-a-Service (SaaS) has revealed its control, flexibility, and accessibility. Our examination of deployment models—public, private, hybrid, and community—has helped us understand how cloud resources are used to satisfy different needs. The section saw the complex cloud ecosystem as users, providers, auditors, brokers, and carriers converged. Our conversation centers on this extensive examination, which helps us understand cloud computing. This understanding drives the ongoing inquiry of cloud computing's future challenges. With the knowledge from the previous parts, this study examines the many complexities and susceptibilities of creating a safe, resilient, and efficient cloud computing environment. The Research Methodology section will guide the article through the complexity ahead.

The idea that data gathering method greatly affects analysis endures. This research used a Systematic Literature Review after a careful approach selection process.

A Systematic Literature Review (SLR) is a powerful tool for discovering, assessing, and interpreting the vast literature on a single topic, thematic realm, or target phenomenon. Systematic reviews are secondary since each study that makes up a systematic review is a primary study[4]. Following Kitchenham and Charters' concept, an SLR goes through planning, implementation, and reporting. SLR's systematic investigation approach was followed to analyze, synthesize, and understand cloud computing's complex difficulties.

3.1. Search Strategy

Initially, the following trail search was used to search in the Web of Science (WoS) database. The papers accessed through the following search string were used for the final search term.

Trail Search String: (“cloud computing”)

Synonyms and Boolean operations are used to construct the final search string. “AND” and “OR” are the key terms in this search string. Up to 10 Queries were formulated on the advanced search option of WoS. When left with the broad Selections like “Cloud Computing” or “ Cloud Computing AND Publications Year” a Maximum of 64, 637 results were obtained as shown below in Fig. 6.

Figure 6 Search Results from WoS

3.2. Publication Selection

Initially, the review process commenced with an examination of the titles, keywords, and abstracts of retrieved publications, as depicted in Table 3. Subsequently, a comprehensive evaluation of the contents of the initially selected papers was conducted by reading their full texts. Figure 7 illustrates the utilization of inclusion and exclusion criteria for assessing the quality of publications.

3.3. INCLUSION EXCLUSION CRITERIA

3.3.1. Inclusion Criteria (IC)

IC1: Studies present CC in general

IC2: Studies that addressed the challenges/issues/risks in the domain of CC.

3.3.2. Exclusion Criteria (EC)

EC1: Studies which does not describe challenges/risks in the CC adoption

EC2: Excludes those papers and articles which do not discuss Security and Privacy in CC

EC3: Published paper other than the English Language

3.3.3. Study Quality Assessment

The following questions were used to assess the quality of the final selected publications:

QA1: Are there fine pieces of evidence provided by the study?

QA2: Is the author unbiased regarding the positive and negative results?

These questions were marked ‘YES,’ ‘NO,’ ‘Partial,’ and ‘N.A.’

In conclusion, the research methodology, based on a meticulous Systematic Literature Review (SLR), serves as the cornerstone for the current exploration of cloud computing challenges. Through this systematic approach, this study has carefully identified and analyzed relevant literature to prepare us for a comprehensive understanding of these challenges. Transitioning into the core of this study, the examination of multifaceted cloud computing challenges is undertaken with a solid methodological foundation.

Several publications have developed taxonomies or frameworks for categorizing security issues or vulnerabilities in cloud computing [5].

The dimensions encapsulated within the discussed classification system, as vividly depicted in Fig. 8, lay the groundwork for the journey to explore, dissect, and shed light upon the manifold challenges, limitations, and risks that cloud computing unfolds in the chapters that follow.

Security is one of the critical concerns that have hampered the growth of CC. Since several problems and issues can compromise cloud computing security, it is vital to take all the essential safety measures. Various security problems, influenced by data, devices, and other factors, persist throughout the sector. While the literature landscape has been adorned with numerous review papers addressing threats and security measures in cloud computing, the focal points have often converged on security aspects tethered to services, data storage, and access control, to name a few [6]. Our pursuit, however, has been distinct.

A comprehensive analysis has been conducted, culminating in the development of a taxonomy for security requirements deeply rooted in the architecture and fundamental nature of cloud computing. This taxonomy encompasses all the factors emphasized by [6] that resonate with their influence on security within the domain of cloud computing.

From the end user's standpoint, cloud computing appears unsafe due to security issues, loss of privacy, and lack of user control over data and computing applications [11]. Similarly, when seen from the perspective of cloud service providers, fewer users prioritize Scalability, flexibility, monitoring, and management, making CC services vulnerable [12]. This study included a wide range of viewpoints, exploring the several difficulties associated with cloud computing. The analysis explores a range of complex difficulties that are intrinsic to cloud computing, including security and privacy concerns, scaling complexity, and the dynamic interactions between users and providers.

The summary Table 3 functions not only as a compilation but also as a navigational tool, providing guidance in navigating the landscape of recognised issues. This work amalgamates the combined endeavours of previous research into a format that is easily understandable, providing a complete overview of the obstacles that characterise the cloud computing domain.

Table 3

Summary of Existing Literature
Reference	Years	Objectives	Remarks
Nafiseh et al.[7]	2023	security and privacy in cloud-based business	• Identified a gap in research regarding the monitoring, analysis and adaptation phases of cloud-based workflows • Identified a need for a standard workflow modelling notation.
Sheik et al. [8]	2023		• Highlighted need for intra and inter-cloud authentications • Highlighted potential application of Artificial Neural Networks (ANNs) in cloud security.
El Kafhali et al. [2]	2022	Security Threats, Defense Mechanisms	• Categorized the many cloud-based attacks and privacy challenges • It discusses several countermeasures, protection mechanisms, and mitigating approaches for attacks
G. Umarani Srikanth et al. [9].	2022	Security Issues in Cloud and Mobile Cloud	• Analyzed security concerns about data, storage, network, information, and application in cloud computing. • Explored and evaluated the various algorithms and tools utilized for addressing security challenges in cloud computing
Fatemeh Khoda Parast et al. [10]	2022	Security taxonomy of CC service models	• Exposing Vulnerabilities in Cloud Services • IaaS, PaaS, SaaS, and general security flaws were identified and categorized. • An extensive taxonomy of cloud service security flaws and mitigation strategies is proposed.
Ometov A. et al. [11]	2022	Security and Privacy of Computing Paradigms( cloud, edge & fog computing)	• Comparisons, contrasts, assaults, and defences are laid out for the three computing paradigms from the perspective of security and privacy. • in terms of mobility, real-time response and security and privacy to end devices, the fog paradigm is better • In terms of homogeneity, the virtualized system and constraints of the resources cloud paradigm are better
Mehrdad Jangjou et al. [5]	2022	Security issues and attacks in CC network layers	• Classification of Computer Network Security Challenges Across Multiple Layers • The probabilities, effects, and frequencies of security threats at various computer network layers were provided.
Dinesh Kumar et al.[12]	2022	IoT and CC Service Models security issues	• It investigated the various deployment models of cloud computing services and IoT (Internet of Things) as well as the data security risks related to them. • Presented a metric-based vulnerability assessment technique to evaluate cloud service security
Alouffi, B et al. [13]	2021	Security Threats and Mitigation Strategies	• Outlined a comprehensive list of seven significant security vulnerabilities that pose a threat to the reliability and security of cloud computing services. • Blockchain was selected as a partner technology to reduce security concerns.
Mr Nikhil S. et al.[14]	2021	Issues and open challenges of cloud database in CC storage	• Categorized cloud storage into two parts, highlighting their applicability, Scalability, protocols, and performance. • Focused on application-based Database-as-a-service while discussing multiple data storage and management options (DBaaS).
Ahmed M. Alwakeel [15]	2021	Security and privacy issues threaten cloud and edge computing	• Reviewed the security and privacy features of fog computing and edge computing • Demonstrated various types of attacks that are common to both parties and also some distinct attacks specific to each environment. • Presented several potential strategies that could reduce the Impact of some of the listed assaults
D. M. Bamasoud, et al.[16]	2021	Privacy and Security Issues in Cloud Computing	• Examined security and privacy issues • Cloud computing difficulties have been addressed. • Identified security issues and vulnerabilities in the layers of cloud computing.
Tahirkheli et al. [6]	2021	Threats, Vulnerabilities, Consequences, Countermeasures, and Challenges of CC over Smart City Networks	• The article delves into security and privacy concerns related to cloud computing, specifically regarding smart city technologies, Internet of Things (IoT) devices, and associated platforms. • Models, approaches, and frameworks for security and privacy protection have been researched and enlisted.
Ahmad Salah Al et al. [17]	2021	Mobile cloud computing (MCC) models security issues	• Three criteria were used to evaluate MCC models: security challenges, strengths, and common issues. • Discussed available models that handle MCC security concerns
Pan Yang et al. [18]	2020	Enhancing Security and Privacy Measures for Cloud-Based Data Storage	• Provided analysis of data security and privacy issues and mechanisms in the cloud storage system • Data encryption technologies and protection methods are summarized•
Hussain Mutlaq Alnajrani et al. [19]	2020	Privacy and data protection in MCC	• Presented evidence of present threats and attacks on data privacy and alternatives to protect personal Information. • A compilation of metrics and measurements to evaluate the many existing safeguards for users' privacy in MCC
Tabrizchi et al. [20]	2020	Cloud computing issues, threats, and solutions	• A novel classification of security challenges and complexities in cloud environments was proposed based on their security posture. • The STRIDE threat modeling framework was utilized to provide an overview of the cloud security threat landscape, including the latest threats to cloud computing • According to the OWASP attack classification, these attacks have been categorized.
Sandra Dinora Orantes Jiménez et al. [21]	2020	Security issues in cloud computing(CC)	• Presented Security problems of cloud computing based on models of service provision • The presented security risk of the underlying technology in CC
Adnan Abid et al.[22]	2020	Issues of resource Allocation Techniques in Cloud Computing	• Presented Resource allocation techniques domain in the form of taxonomy • Highlighted and discussed important parameters for consideration of resource allocation
Nadiah M. Almutairy et al. [23]	2019	Virtualization Challenges and security issues in CC	• Categorized Security Vulnerabilities and risks of virtualization technology • Provided taxonomy for virtualization challenges • Proposed mitigation strategies and remedial measures for enhancing the security posture of cloud virtualization
Pan Jun Sun [24].	2019	Privacy Protection and Data Security in the Cloud	• Discussed shortcomings of Cloud computing privacy security risk • proposed a framework of privacy protection • Analyzed several attribute-based encryption (ABE) modes • Discussed and compared cloud computing privacy and security issues based on trust and reputation
M. Swathy Akshaya and G. Padmavathi [25].	2019	Security Attacks and Risk Assessment	• Cloud security risks were categorized according to the type of attack and the degree of exposure they posed. • Taxonomy of attacks presented, organized according to network categories and systems, attack categories, attack strategies, and protection technologies
Jin B. Honga et al. [26].	2019	Threats, attacks, and vulnerabilities	• Classified threats using the STRIDE threat model • Proposed a method for identifying threats in the Cloud.
Shahin Fatima et al. [27].	2019	Cloud Security Issues	• Categorized cloud security issues as Communication, Architectural, and Client management issues
N. Thirupathi Rao et al. [28].	2019	Space and security issues in cloud computing	• Addressed storage space issues for cloud-based applications. • The data Storage model and its security issues were discussed.
Vijay Varadharajan et al. [29]	2018	Secure services in networked cloud infrastructures.	• Elaborated on security protocols for managing trustworthy virtual domains • Proposed methodologies for safeguarding services hosted on networked cloud infrastructures shared by multiple tenants • The suggested architecture offers mechanisms for improving the reliability of communications between virtual machines situated in different domains.
Shareeful Islam et al. [30]	2018	Security and Privacy Requirements for Cloud Deployment Models	• Applied principles of requirements engineering to extract and evaluate security and privacy requirements. • introduced the notion of assurance as proof of fulfilling security and privacy criteria in terms of comprehensiveness and the ability to reveal a security incident through auditing. • Proposed a framework for supporting the elicitation and analysis of an organization’s security and privacy needs.
HAN XU et al. [31]	2018	Cloud Service Addressing Attributes of Security	• Markov model to measure Cloud computing security • A hierarchical modelling approach to link security and service performance and • correlated random service performance
Nalini Subramanian et al. [32]	2018	Security challenges for cloud entities	• Analyzed security issues in communication, computational and Service Level Agreement • Highlighted issues at the Virtual Machine level, Hypervisor level and Hardware level
I. Indu, P. et al. [33]	2018	Identity and Access management challenges in a cloud environment	• Addressed concerns with cloud-based authentication, access control, security, and service provisioning. • Conducted a comparison study of the many approaches that are already in use to address issues that arise when using cloud services from both the standpoint of cloud service providers and cloud users.
Xiaotong Sun [34]	2018	Mitigating Security Challenges in Cloud Infrastructures	• Compiled an overview of the most significant risks and weaknesses posed by cloud computing, as well as the defence strategies and potential remedies corresponding to those issues. • Depicted significant cloud computing security concerns stemming from both internal and external sources
Gayatri, P. et al. [35]	2018	Securities and threats of Cloud Computing	• Summarized the issues of reliability, availability and security (RAS) issues of cloud computing • Provided feasible and accessible solutions
Kritikos et al. [36]	2017	Security in multi-cloud applications	• Developed a model-driven approach to securing multi-cloud platforms • Optimal application deployment, vendor lock-in prevention, and data security are only some of the concerns that the proposed multi-cloud application management would address.
Syed, Hassan Jamil Gani et al. [37]	2017	Cloud monitoring for different cloud models	• Examined cutting-edge options for private and public cloud monitoring • A thematic taxonomy for classifying existing cloud monitoring systems was presented based on a set of parameters. • Based on the proposed thematic taxonomy, a complete analysis of existing solutions has been proposed.
Singh, Ashish Chatterjee, Kakali [38].	2017	Cloud security issues and challenges	• Discussed the issues originating due to the virtualized, distributed, shared and public nature of the Cloud • Presented different countermeasures to address the security issues in different areas of the Cloud.
Syed Noorulhassan et al. [39].	2017	Security and Resilience in an extended cloud	• Presented security and resilience-related challenges in Mobile Edge Computing and Fog Computing • Approaches to security and resilience-related mechanisms have been examined in the Cloud (specifically, anomaly detection and policy-based resilience management)
Gonzalez, Nelson et al. [40]	2017	Cloud resource management	• Presented a comprehensive analysis of prior work in cloud resource management • Based on the consolidation of features and properties used to classify the selected works, a taxonomy was presented. • Focusing on large-scale applications and workflows, further analysis was offered to improve the detection of cloud resource management gaps and issues.
Khan, Minhaj et al. [41].	2016	Security issues for cloud computing	• Analyzed and categorized working mechanisms of security issues and solutions • Presented a comparative analysis of the threats encountered in different cloud computing platforms based on various parameters. • Conducted a comparison of different intrusion detection and prevention frameworks to determine their effectiveness in cloud security.
Iqbal, Salman et al. [42]	2016	Cloud security attacks and potential mitigation strategies	• Classification of Cloud-based attacks and vulnerabilities is presented. • Presented a taxonomy of cloud security attacks and potential mitigation strategies. • The significance of intrusion detection and prevention as a service has been emphasized.
Joshi et al. [43]	2016	Security Threats in IaaS	• The security threats of IaaS are identified through two approaches: component-level threats and service-wide threats.
Kholidy et al. [44]	2016	Optimizing Risk Response in Autonomous Cloud Security	• A scalable and elastic cloud defence strategy is proposed, an Autonomous Cloud Intrusion Response System (ACIRS).
Ouedraogo et al. [45]	2015	Security transparency for Security research in the Cloud	• Brought attention to the importance of simultaneous auditability and security transparency in cloud computing. • Solutions that are similar and can help improve security transparency between service providers and their customers are suggested.
Bauman et al. [46]	2015	Hypervisor-Based Monitoring	• Highlighted potential applications and deployment strategies for Virtual machine Introspection.

4.1. Insights from Table 3

The insights gleaned from this diverse body of literature in Table 3 will serve as a solid foundation for the subsequent statistical analysis. By analyzing trends, commonalities, and correlations within this wealth of information, the aim is to extract meaningful patterns that will inform and guide decision-making in the domain of cloud computing security.

The transition from the last section of the literature review to the statistical analysis phase is methodologically and strategically sound. Applying statistical analyses becomes essential to elevate our study beyond the qualitative domain and impart it with quantitative rigour.

4.2. frequency and factor analysis

Cloud computing difficulties were examined using frequency analysis in the five-perspective taxonomy. This entails counting how often a challenge is stated across perspectives. The research quantifies the frequency of these difficulties to better assess their importance and set a priority framework.

Similar tasks were organized into coherent factors to uncover higher-order patterns beyond individual challenges.

Our five perspective taxonomy frequency study revealed the biggest challenges for cloud computing solutions. These are:

Cloud Service Models: Scalability, Trust, Integration, Vendor lock-in.
Cloud Computing Architecture: Virtualization, Fault tolerance, Interoperability, Elasticity.
Network: Bandwidth, Latency, Reliability, Throughput, Network Security.
Stakeholders: Lack of standards, Privacy concerns, Compliance issues, Lack of control.
Data: Data privacy, Data security, Data availability, Data ownership.

4.2.1. Correlation matrix between each pair of perspectives

This section generates correlation matrices from numerical data. These matrices show how each pair of perspectives and difficulties and perspectives are related.

From − 1 to 1, + 1 signifies a perfect positive correlation and − 1 a perfect negative correlation.

We used the Pearson correlation coefficient calculation to calculate the correlation between each pair of challenges.

$$r=\frac{n\left(\sum XY\right)-\left(\sum X\right)\left(\sum Y\right)}{\sqrt{\left[n\sum {X}^{2}-{(\sum X)}^{2}\right]\left[n\sum {Y}^{2}-{(\sum Y)}^{2}\right]}}$$

Where,

r is the correlation coefficient,

n is the number of samples,

X and Y are the two variables being compared,

Σ is the summation symbol,

and sqrt() represents the square root function.

Initially, a correlation matrix was generated based on the five perspectives obtained from the table below:

Table 4

Correlation matrix between each pair of perspectives
Perspectives	Cloud Service Models	Cloud Computing Architecture	Network	Stakeholders	Data
Cloud Service Models	1.000	0.634	0.675	0.343	0.659
Cloud Computing Architecture	0.634	1.000	0.604	0.544	0.664
Network	0.675	0.604	1.000	0.658	0.677
Stakeholders	0.563	0.644	0.658	1.000	0.576
Data	0.659	0.664	0.677	0.576	1.000

4.2.2. Insights from Table 4

To derive conclusions from Table 4, let's consider an illustrative case between Cloud Service Models (CSM) and Cloud Computing Architecture (CCA) perspectives.

The correlation coefficient (r) indicates the degree of linear relationship between these two perspectives. In this case, we have:

Correlation between (CSM) and (CCA):

r(CSM, CCA) = 0.634

The positive value of the correlation coefficient (0.634) suggests a moderate positive linear correlation between Cloud Service Models and Cloud Computing Architecture. This implies that challenges about these perspectives tend to co-occur.

In contrast, when considering Cloud Service Models (CSM) and Stakeholders (SH), the observation reveals:

Correlation between (CSM) and (SH):

r(CSM, SH) = 0.343

The positive correlation coefficient (0.343) between Cloud Service Models and Stakeholders indicates a weak positive linear correlation. Challenges associated with these perspectives are somewhat related, although not strongly.

The correlation matrix illuminates the relationships between views, aiding analysis and decision-making. However, the Kaiser-Meyer-Olkin (KMO) test heavily weights the extracted variable. To confirm the literature study findings, we tested.

4.2.3. Kaiser-Meyer-Olkin (KMO) test

Before proceeding with factor analysis, it is crucial to assess the sampling adequacy of each variable (challenges) for all the perspectives. The Kaiser-Meyer-Olkin (KMO) test was conducted to assess the suitability of the challenges obtained for factor analysis.

Table 5

KAISER-MEYER-OLKIN (KMO) TEST
Variables (Challenges)	MSA for each variable
Scalability	0.718
Trust	0.755
Integration	0.733
Vendor Lock-In	0.768
Virtualization	0.744
Fault Tolerance	0.738
Interoperability	0.784
Elasticity	0.713
Latency	0.774
Reliability	0.828
Throughput	0.765
Network Security	0.786
Lack Of Standards	0.825
Privacy Concerns	0.680
Compliance Issues	0.711
Lack Of Control	0.787
Data Privacy	0.717
Data Security	0.714
Data Availability	0.754
Data Ownership	0.738
In the KMO (Kaiser-Meyer-Olkin) test,

MSA = Measure of Sampling Adequacy (degree of common variance among the variables included)

Where, 0 ≤ MSA ≤ 1

with higher values indicating better correlations among variables and, therefore, more suitability for factor analysis. A value above 0.5 is considered to be acceptable for factor analysis.

The overall MSA is 0.719, which is good enough for factor analysis. All variables have an MSA greater than 0.6, indicating they are suitable for factor analysis.

To conduct the factor analysis, a numerical score was assigned to each challenge based on its severity or importance, using a 1–5 scale, where 1 indicates a minor challenge and 5 indicates a significant challenge.

Table 6

Categorized challenges marked on a scale of 1–5
Perspective	Identified Challenges (Score)	What Previous Studies Says
Cloud Service Models	Scalability (4)	[47] Showcased the presence and proposed a solution for the untrusted problems such as denial and tampering in the process of cloud service due to scalability and system anomaly at runtime. [48] Showcased the presence and proposed an approach to mitigate the vendor locked-in issue and interoperability problems in cloud computing. [49] Proposed a new cloud service, Dependable Compute Cloud (DC2), that automatically scales the infrastructure to meet the user-specified performance requirements, hence tackling the risk of exposed resource overallocation. [50] Showcased that Security concerns about the service deployment models are directly affected by trust and service policies
	Trust (5)
	Integration (3)
	Vendor Lock-In (2)
Cloud Computing Architecture	Virtualization (5)	[51] Highlighted the major security and trust requirements for secure VM migration for virtualization in cloud environments and proposed a mechanism for the same. [52] Highlighted the security vulnerabilities that decrease system efficiency rate due to lack of preventive and fault tolerance systems. [53] The article defines a security architecture that integrates trust mechanisms with embedded virtualization, providing security from hardware to applications. [54] Showcased that the rapid provisioning and de-provisioning of resources in an elastic environment can create vulnerabilities and introduce security challenges.
	Fault Tolerance (4)
	Interoperability (4)
	Elasticity (4)
Network	Latency (3)	[55] Showcased that the reduction in end-to-end latency of application traffic is directly proportional to provisioned security services. [56]Showcased varying latency, and reliability and adds to security threats and custom network monitoring tools in cloud environments are required. [57] Showcased that improving latency performance and the feasibility of physical-layer security of the network layer in industrial environments is co-related. [58] Stated that high throughput can make a cloud service more vulnerable to Distributed Denial of Service (DDoS) attacks and can also facilitate rapid data exfiltration by attackers.
	Reliability (4)
	Throughput (3)
	Network Security (5)
Stakeholders	Lack Of Standards (3)	[59] Showcased a positive relationship between the adoption of controlling mechanisms and overall cloud security, which increases with ethical behaviour. [60] Showcased that there is a major threat concerning data breaches because of the lack of standards and control in the management of the use of cloud computing services and their defence mechanisms. [61] Stated the concerns about the correctness of data computation results. And the need for a Cloud Service Provider (CSP) to provide a commitment for its computation result, allowing users to verify the correctness of the result.
	Privacy Concerns (5)
	Compliance Issues (4)
	Lack Of Control (4)
Data	Data Privacy (5)	[61] Stated that Data Ownership is critical as loss of ownership can lead to breaches and unauthorized access. [9] Showcased that vulnerabilities in Data Security are directly proportional to threats and vulnerabilities in Encryption, Access Control, Storage and Transmission. [62] Showcased that data availability is closely tied to data integrity and reliability and is a significant criterion for trust in CSP.
	Data Security (5)
	Data Availability (4)
	Data Ownership (3)

4.2.4. Insights from Table 6

The frequency analysis identified several categories where cloud computing solutions face significant challenges. Factor analysis indicated higher-order patterns beyond specific concerns in these challenges. This revealed cloud computing's complex interdependencies through deeper insights and correlations.

Table 6 provides a complete summary of cloud computing difficulties from several angles. Cloud computing concerns including trust and data protection had high severity rankings, highlighting their importance. Previous investigations confirmed these difficulties and provided remedies.

4.2.5. Factor Loading

Based on the information presented in Table 6, a Factor analysis was conducted on the correlation matrix of the common factors that underlie the challenges.

Factor analysis seeks to unveil latent factors that elucidate the correlations between observable variables.

HereFactor loading (λ_ij), measures the magnitude and direction of the connection between the variables (V_i) and the latent factors (F_j). This scalar coefficient, ranging from − 1 to + 1, signifies the extent of the linear relationship. Larger absolute values of λ_ij indicate stronger associations between the variable and the underlying factor.

Here are the factor loadings obtained from the analysis:

Table 7

Factor Loading Matrix
Variable	Factor 1 (Cloud Service Models)	Factor 2 (Cloud Computing Architecture)	Factor 3 (Network)	Factor 4 (Stakeholders)	Factor 5 (Data)
Scalability	0.758	0.292	0.215	0.065	0.055
Trust	0.737	0.354	0.624	0.105	0.603
Integration	0.517	0.184	0.07	0.225	0.123
Vendor lock-in	0.218	0.085	0.44	0.501	0.109
Virtualization	0.148	0.714	0.066	0.184	0.118
Fault tolerance	0.181	0.714	0.188	0.133	0.119
Interoperability	0.037	0.467	0.416	0.212	0.157
Elasticity	0.156	0.363	0.23	0.044	0.672
Latency	0.03	0.132	0.818	0.135	0.02
Reliability	0.029	0.166	0.783	0.156	0.018
Throughput	0.055	0.042	0.836	0.161	0.033
Network Security	0.104	0.035	0.676	0.08	0.031
Lack of standards	0.199	0.059	0.038	0.71	0.084
Privacy concerns	0.054	0.014	0.118	0.76	0.509
Compliance issues	0.156	0.188	0.177	0.745	0.098
Lack of control	0.171	0.079	0.165	0.584	0.16
Data privacy	0.073	0.075	0.056	0.758	0.856
Data security	0.144	0.195	0.026	0.635	0.855
Data availability	0.017	0.054	0.117	0.593	0.748
Data Ownership	0.228	0.25	0.261	0.744	0.785

4.2.6. Insights from Table 7

To get the insights from the table we can comprehend the data obtained in the following manner:

For instance, consider the variable "Trust" and its association with the "Cloud Service Models" factor. The factor loading λ(Trust, Cloud Service Models) = 0.737 implies a substantial positive correlation. In graph theory terms, this can be visualized as an edge between the "Trust" node and the "Cloud Service Models" node with a strong weight.

Moreover, the factor loading matrix unveils additional insights. Take the variable "Data Privacy" concerning Factor 5 (Data). Its loading λ(Data Privacy, Factor 5) = 0.856 highlights a robust positive correlation. This signifies that the "Data Privacy" variable is a pivotal determinant of the "Data" factor, reflecting a potent edge between these nodes in the graph.

Vendor lock-in demonstrates a loading of 0.44 for Factor 4 (Stakeholders), indicating a moderate positive relationship between 'Vendor lock-in' and Stakeholders, represented as a moderate-weight edge in the graph.

The significance of this factor analysis lies in its ability to provide a refined understanding of the diverse challenges in cloud computing from various perspectives. By categorizing the fundamental factors behind these challenges, researchers gain profound insights into the complex dynamics of cloud computing and a comprehensive understanding of how to address these challenges. The insights from this analysis shed light on the intricacies of cloud computing challenges and their interactions with various factors.

Table 8

Comparison of related works
Article	Year	Topic Discussed	Comparative Evaluation Criteria
Article	Year	Topic Discussed	Security issues identified	Multifaceted or Specific Taxonomy	Security Solutions	Key Metrics Associated with challenges identified	Statistical Validation of identified Metrics	Correlation Presented between Metrics
Parast et al.[10]	2022	security issues in service-based cloud computing models, with a focus on IaaS, PaaS, and SaaS layers. generic security issues	YES	Specific Taxonomy	YES	YES	NO	NO
A. Ometov et al.[11]	2022	vulnerabilities, threats, and countermeasures associated with Cloud, Edge, and Fog Computing	YES	Not Present	YES	NO	NO	NO
Jangjou et al[5]	2022	security challenges in different network layers of cloud computing, Preventive measures and solutions are discussed for each layer	YES	Specific Taxonomy	YES	NO	NO	NO
D.Saini et al.[12]	2022	security risks and issues associated with various deployment models of cloud computing services	YES	Not Present	YES	YES	NO	NO
Srikanth et al.[63]	2022	security issues and pertaining to data, storage, network, information, and application, algorithms and tools deployed for solutions	YES	Multifaceted Taxonomy	YES	YES	NO	NO
Kafhali et al.[2]	2021	security concerns, vulnerabilities and frameworks associated with cloud computing, categorized attacks and privacy challenges	YES	Multifaceted Taxonomy	YES	YES	NO	NO
Alouffi et al.[13]	2021	security threats in cloud computing services, data tampering, intrusion, storage risks and leakage are being highly discussed	YES	Multifaceted Taxonomy	YES	YES	NO	NO
Alghofaili et al.[64]	2021	security issues include data auditing, encryption, classification, and secure data modelling	YES	Specific Taxonomy	YES	NO	NO	NO
Farsi et al.[65]	2020	data security issues in single and multi-cloud	YES	Specific Taxonomy	YES	YES	NO	NO
Tabrizchi et al.[20]	2020	security policies, user-oriented security, data storage security, application security, and network security	YES	Not Present	YES	NO	NO	NO
GargDeepak et al. [66]	2020	vulnerabilities, threats, and attacks, security techniques such as encryption, access control, authentication, and trust computing	YES	Specific Taxonomy	YES	YES	NO	NO
Fatima et al.[27]	2019	data security and privacy, secret sharing schemes and visual cryptography	YES	Specific Taxonomy	YES	YES	NO	NO
This Review	2023	Security Challenges from five perspectives, Architecture, Network, Service Model, Stakeholders and Data level	YES	Multifaceted Taxonomy	YES	YES	YES	YES

Prior articles predominantly emphasized particular aspects such as data security and privacy concerns in cloud computing. Nevertheless, our comprehensive approach, which incorporates important metrics and offers statistical validation while highlighting correlations, distinguishes this article and makes significant progress in the field. We excel in connecting important measurements with recognized obstacles, providing a numerical aspect to evaluating security, a feature that is often missing in previous studies. Adding statistical validation is another unique feature. This deepened comprehension closes the divide between theoretical concepts and practical approaches. Now, let's delve into specific domains within cloud architecture, each with its own set of challenges.

Entering the realm of cloud architecture reveals three fundamental components: the client, cloud resources, and APIs for bridging. Yet, within this symphony of components lies a tapestry of challenges. This section dissects the intricacies of security and stability, unraveling issues across client infrastructure, applications/APIs, resource management, and provisioning. Each difficulty reveals vulnerabilities, paving the way for inventive solutions. The study voyage investigates the core of cloud architecture, where obstacles become opportunities for innovation and fortification.

5.1. Challenges and security issues in client infrastructure

Threats to cloud computing services encompass system vulnerabilities, natural disasters, user errors, government interference, and unauthorized access from both internal and external sources, including intruders or cloud service providers' employees [19]. Vulnerabilities can exist at the client-side due to the absence of anti-malware, inadequate security updates, and insider threats. Cloud architecture can face unique internal threats that traditional security methods may not fully address [19].

Mitigating these risks involves strong access controls, deactivating unused ports and services, and reducing privilege usage. Role-based access control (RBAC) is a widely used approach to enforce access policies based on user roles and responsibilities. Continuous monitoring and analysis of system logs and network traffic are vital for detecting and preventing insider threats. Additionally, the security of cloud systems can be enhanced through robust encryption protocols and the enforcement of secure communication channels..

5.2. Challenges and security issues in Applications/APIs

Cloud and technology integration present challenges necessitating universal standards. The demand for standard conventions, models, and APIs to interconnect heterogeneous smart objects and enhance cloud-based services is evident, despite existing standards. When vulnerabilities in a cloud provider's API combine with social engineering or browser-based attacks, the impact can be significant [8]. APIs, used for connecting with cloud services, impact the security and access level of cloud platform users. Intrusions through these APIs could jeopardize all three key cloud service types, given their roles in authentication, access management, encryption, and activity monitoring. Monitoring and prioritizing API security within SLAs are crucial. API security defends against attempts to bypass user interfaces [7] and helps identify insecure interfaces by assessing SSL use or exploiting the password reset process for account enumeration. Additionally, APIs contribute to insecure Virtual Machine (VM) migration and insufficient authorization checks [33].

5.3. Challenges and security issues in resources and Management

In cloud computing, "resources" encompass physical and logical components like CPU, memory, storage, operating systems, network bandwidth, energy, and load-balancing mechanisms [47]. Effective resource management is crucial to maximize throughput, scalability, availability, and dependability, ensuring optimal resource utilization. High throughput boosts virtual machine (VM) productivity, scalability enhances resource mapping, availability reduces processing time, and reliability showcases system resilience [48]. However, variable CPU consumption can lead to over-utilization at the beginning and under-utilization at the end of VM lifecycles, resulting in resource imbalances [48]. Fluctuating user requests create diverse workloads for pooled computing devices, leading to potential over- or under-provisioning of edge resources. Over-provisioning, allocating more resources than necessary, escalates edge system costs. Conversely, under-provisioning, insufficient resources for expected loads, degrades quality of service (QoS) and task completion. Addressing these issues requires dynamic resource allocation to reduce costs while meeting users' QoS needs [49].

5.3.1. Challenges and Security issues in Storage

Cloud storage is a distributed data storage pool in various physical locations, encompassing blocks, files, objects, and relational databases (SQL and NoSQL). Multiple users share cloud storage, offering consistency and scalability. Moving data-intensive applications to the cloud brings advantages like reduced deployment time, cost savings, lower operational expenses, and unlimited throughput [14].

However, aligning resources with data in a scalable manner is a significant challenge. In a cloud scenario, data is replicated and stored recursively [50]. Cloud storage systems are categorized as unstructured (block, file, and object storage) and structured (RDBMS and NoSQL).

Cloud researchers tackle issues such as data management, elasticity, data replication, consistency, live migration, SLA management, and security. Managing data across geo-distributed data centers presents a major challenge, involving parallelism, recovery, replication consistency, and dependability. Data management systems must handle network failures, be scalable, and maintain data uniformity, accessibility, availability, and tolerance. A comprehensive review of deployment perspectives for data-intensive cloud applications is presented in [67], discussing scalability, consistency, and data processing costs. Table 9 provides details on various challenge-related factors.

Table 9 Data Storage challenges based on different factors

S. No.	Factors	Challenges
1	Fragmentation	Dynamic fragmentation of data with awareness of workload: a method for limiting data migration.
2	Data Placement	Incorporating considerations like predicted resource usage and data location into a strategic plan for data placement.
3	Data Management	Data management strategy development, taking memory cost and buffer management into account.
4	Replication	High overhead in terms of memory usage, consistent management in a geo-dispersed cloud, data pattern and network load considerations at the forefront.
5	Data Security	Ensuring data privacy and security by developing scalable and adaptable mechanisms for controlling access to it and encrypting stored Information in the Cloud.

5.3.2. Challenges and Security issues in computing

The MVED (Multitenancy, Virtualization, Elasticity, and Deployment) paradigm raises concerns about data security. Multitenancy allows Cloud Service Providers (CSPs) to share resources among multiple customers, but it also introduces vulnerabilities as multiple users share a single physical device. Elasticity, while providing the flexibility to adjust resource sizes, poses security risks as residual information from previous users may linger [15]. Virtualization is a key technology in cloud computing, abstracting the construction of virtual machines (VMs) to enable resource sharing. VMs allow users to pool resources using images. However, hypervisors, acting as operating systems for VMs, are potential security targets, especially in bare-metal hypervisors [46]. Multitenancy architecture enables multiple users to access the same software instance, sharing hardware resources hosted on a single server. Increased usage can impact performance, and while isolated user spaces should theoretically protect against data leaks, real-world implementations often fall short, introducing new risks to the cloud computing model [9].

5.3.3. Challenges and security issues in provisioning

Cloud computing relies on virtualization for efficient resource delivery, making proper provisioning of virtual machines (VMs) and bandwidth crucial. This challenge is divided into two categories: VM allocation and bandwidth allocation, with various studies addressing the issue from different perspectives [52].

a) Challenges and security issues in discovery: To meet latency and reliability requirements, machine learning (ML) is employed to anticipate VM deployment attributes from telemetry data, preparing for VM needs [51]. Identifying demands with adequate lead time is crucial, requiring data integration from multiple sources.

b) Challenges and security issues in Selection: Rapid adaptation to fluctuating demand patterns poses an additional challenge, especially for applications migrating to the cloud. Resource allocation must respond quickly to shifts, necessitating the identification of new models that fit future demand patterns [52]. This dynamic nature of cloud computing demands strong authentication, integrity, and confidentiality to prevent data misuse.

c) Challenges and security issues in allocation: Cloud resource allocation is intricate due to its dynamic nature. Ensuring data protection requires maintaining strong authentication, integrity, and confidentiality in resource selection. VM mapping on physical machines and workload optimization are two allocation methods. The former considers resources like processors, storage, bandwidth, memory, and network, while the latter focuses on efficiently processing workloads [53]. Cloud service providers control various allocation aspects, including resource type, frequency, quantity, and location.

1. Strategic allocation: A method of allocating resources that aims to satisfy the constantly changing demands of consumers while maximizing return on investment.

2. Targeted allocation: A technique that focuses on allocating resources to fulfil specific requests.

3. Optimization-based allocation: A technique that optimizes the allocation of resources to improve efficiency and reduce waste.

4. Scheduled allocation: A method of allocating resources that prioritizes tasks based on their importance and urgency to improve performance.

5. Power-efficient allocation: A technique that aims to allocate resources in a way that reduces power consumption while still maintaining optimal performance [24][54][55][56][57].

5.4. SECTION SUMMARY: The Intersection of Cloud Computing Security and Architecture Challenges

In the realm of cloud computing, securing cloud services is paramount for protecting data, applications, and resources. Security challenges are deeply intertwined with the architectural aspects of cloud computing. Cloud architecture encompasses key dimensions, including client infrastructure, APIs, resource management, computing, and storage, each presenting unique challenges and vulnerabilities.

"In Section 5, we explore the intricate challenges and security concerns surrounding client infrastructure in the domain of cloud computing." The "client" refers to end-user devices connecting to the cloud for services, giving rise to critical issues.

These challenges encompass potential threats, including system vulnerabilities, natural disasters, user errors, governmental actions, and unauthorized access by both external attackers and internal parties, like cloud service provider employees. Client-side vulnerabilities may arise from factors such as the absence of robust anti-malware or antivirus programs, inadequate security updates, and insider-related issues. Internal threats at the architecture level demand innovative security solutions, as traditional authentication and cryptography have limited effectiveness.

Table 10 provides a comprehensive overview of security issues in cloud architecture challenges, highlighting vulnerabilities and threats in specific architectural dimensions, from client infrastructure and APIs to resource management and storage.

Table 10 Security Issues Related to Cloud Architecture Challenges

Security Issue	Architecture Challenge
Vulnerabilities	Client Infrastructure, APIs, Resource Management, Storage
Unauthorized Access	Client Infrastructure, APIs
User Errors	Client Infrastructure
Data Breaches	Client Infrastructure, Storage
Insecure APIs	APIs, Resource Management
Social Engineering	APIs
Resource Allocation	Resource Management
Data Protection	Resource Management, Storage
Sensitive Data Handling	Computing, Storage
Unauthorized Computing Access	Computing, Resouce Management
Data Management	Storage, Resource Management, Computing
Encryption	Storage, Client Infrastructure
Access Control	Storage, Client Infrastructure, Resource Management
Authentication	Client Infrastructure, Resource Management
Monitoring	Client Infrastructure, Resource Management
Regular Updates	Client Infrastructure, Resource Management

Mitigation strategies involve enforcing stringent access controls, deactivating unused ports and services, and reducing privilege usage. Role-based access control (RBAC) is a common method for implementing access policies based on user roles and responsibilities. Continuous monitoring of system logs and network activity is crucial for detecting and preventing insider threats. Additionally, the use of robust encryption protocols and secure communication channels enhances the security of cloud systems. Cloud computing security issues are intertwined with architectural challenges, as vulnerabilities and risks can emerge at various layers of the cloud architecture. Addressing these concerns requires a holistic approach covering client infrastructure, APIs, resource management, computing, storage, and provisioning to ensure the integrity, availability, and confidentiality of cloud resources and data. Moving to Section 6, the focus shifts to higher tiers of cloud architecture. In this section, we explore the challenges associated with delivering and maintaining resilient cloud services.

Challenges at the cloud services level significantly impact the cloud computing landscape. In this section, we investigate the intricate web of security and operational concerns in cloud service models. Cloud computing relies on technologies like multitenancy and virtualization to deliver services. Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) offer varying levels of abstraction and distinct security requirements.This section is divided into three subsections, each focusing on one service model (IaaS, PaaS, SaaS) to provide a comprehensive understanding of the challenges. We delve into their complexities, uncovering security vulnerabilities and operational intricacies. Recognizing the significance of these cloud computing challenges is essential. They impact the performance and security of cloud services, with far-reaching implications for individuals, organizations, and governments relying on cloud computing. As new technologies emerge, there is an ongoing effort to develop solutions to address these issues [15] [58].

6.1. Challenges and security issues in INFRASTRUCTURE-AS-A-Service (IaaS)

In the Infrastructure-as-a-Service (IaaS) model, users access virtualized hardware as a service, but this layer faces various security threats, particularly related to virtualization. The primary vulnerabilities include VM images, virtual networks, hypervisors (HV), and hardware [15]. Despite offering increased security control, IaaS is only secure if the virtualization manager is free from security flaws [15]. In practice, the implementation of virtual machines often introduces security concerns [59]. The level and type of security issues in IaaS depend on the cloud deployment method—public Cloud poses more risks than private Cloud. Maintaining physical infrastructure security and disaster management is crucial in case the infrastructure is compromised [58]. In a typical cloud environment, various third-party infrastructure devices handle data transmission from source to destination [58]. Numerous vulnerabilities exist in current virtualization technologies, which attackers can exploit to compromise cloud computing security and privacy systems. These vulnerabilities include incorrect VM isolation, unsecured VM migration, uncontrolled scaling, insecure hypervisors, VM image sharing, poor VMM resource allocation, and insecure APIs. Access and communication issues, like weak authentication, hidden identity, and insecure channels, can lead to security risks. Data security concerns, control and monitoring issues, and security policy deficiencies make virtualization exploitable by attackers [46][25].

[13] has presented the following principal security issues related to virtualizations which make the computing part of cloud computing vulnerable to threats:

· Hypervisor Compromise: Hypervisors, while designed securely, can still be compromised. If a hacker gains control of the hypervisor, they can access everything running on virtual machines accessible through the hypervisor.

· Hypervisor Responsibility: The hypervisor is central in virtualized settings, governing how virtual machines access physical resources. It may be responsible for system crashes.

· VM Escape: Virtual machines can be isolated from the host computer, but vulnerabilities in underlying operating systems can make them susceptible to attacks.

· VM Sprawling: Multiple VMs coexisting without proper administration can lead to resource issues, affecting performance. Uncontrolled creation and deletion of VMs can disrupt communication and resource allocation.

· Cross-VM Side-Channel Attacks: Hosting multiple VMs on the same physical machine can make them vulnerable to cross-VM side-channel attacks. These attacks exploit shared hardware and cache locations to access sensitive data in neighboring VMs.

6.2. Challenges and security issues in Platform-as-a-Service (PaaS)

Platform-as-a-Service (PaaS) inherits security vulnerabilities from IaaS due to its foundation. It operates under a Service-Oriented Architecture (SOA) model, offering crucial services for client deployment. Resource sharing in SOA introduces security concerns. SOA aims to enhance interoperability and reusability through decentralized component connections. Resource sharing becomes complex when clients have competing priorities. The Chinese Wall Model divides users into factions to restrict unintended or deliberate access to shared resources [15]. PaaS clients deploy applications on a shared infrastructure through SOA. While beneficial, this setup poses challenges for clients in developing security solutions since they can't reach the lowest layer. Consequently, Man in the Cloud (MiTC), DoS, injection, and XML-related attacks are possible in the current system configuration. To enable higher-layer user access, strict security measures must be in place in the PaaS API [60]. PaaS also faces lock-in risks, as there is no universal standard among providers. Clients may encounter lock-in when demanding services not available in the principal provider's environment [37].

6.3. Challenges and security issues in Software-as-a-Service (SaaS)

SaaS is a crucial component of cloud computing, composed of PaaS, which is built upon IaaS. It has its unique business model, development processes, and computational infrastructure. Ensuring data protection against leaks is vital, as organizations store sensitive data within the SaaS service provider's environment [7]. Security concerns related to data ownership, backup, access, location, and availability are potential obstacles in this service delivery model. Authentication and identity management are key aspects, given that most security threats originate from authorized users [43]. Cloud application security faces constant threats from various sources, including web API security, data breaches, authentication bypass, absence of security logs, insecure APIs, malware injection attacks, insecure middleware, and the lack of isolated applications (multi-tenancy). Insecure direct object references (IDOR) also pose significant vulnerabilities requiring attention to prevent unauthorized access to sensitive data [7][15].

Table 11 presents a structured representation of the challenges discussed earlier. This table offers a comprehensive overview of the challenges and their impact on stakeholders in IaaS, PaaS, and SaaS. It serves as a valuable reference to understand the multifaceted nature of cloud computing challenges and their significance in the cloud computing landscape.

Table 11 Challenges in IaaS, PaaS and SaaS models based on 8 Metrics.

Metrics	IaaS Challenges and Security Issues	Effect on Stake holders	PaaS Challenges and Security Issues	Effect on Stake holders	SaaS Challenges and Security Issues	Effect on Stake holders
Service-level agreement-related issues [37][68][69][70]	· Ambiguity in SLA · Monitoring & enforcing SLA. · Monitor QoS attributes.	High Impact on User in comparison to the Service provider	· Customers and providers have varied objectives regarding SLA consistency and veracity. · Blocked lawful data	High Impact on User in comparison to the Service provider	· Inability to maintain regulatory/ standard compliance	Impact on the User minimized as compared to the Service provider
Utility computing-related issues [27][40][71][72]	· Complexity to meter the services for the charges. · Possible access to services without paying any money	High Impact on the Service Provider	· Runtime engine that runs customer’s applications	High Impact on the Service Provider	· Effective Recovery and fault-tolerance mechanisms also the system scalability.	High Impact on user
Cloud software-related issues [20][38][40][73]	· Breaches of security standards for XML services and web services attacks	High Impact on both Service Providers and Users	· Isolation between platforms · Resource monitoring · Uncertain system calls and imperfect memory isolation	High Impact on Service providers and	· Insecure interfaces and APIs, · Unauthorized access Application drawbacks, masked code injection	High Impact on user
Computer Hardware Issues [9][13][17][25]	· Physical assaults on computer hardware. · Data security on storage devices that have been retired or replaced.	High Impact on Service providers as well as cloud user	· Untrustworthy computing, Critical errors at the root level during backups, migration, and restoration · Inadequate security measures for computing models, Fictitious utilization of resources	High Impact on Service providers as well as cloud user	· Compatibility and trust issues with the Resource (Storage, Compute, etc.) providers · Shared Technology issues/ multi-tenancy nature	High Impact on the cloud user
Networks related issues [29][38][60][74]	· DDOS Man-in-the-middle attack (MITM). IP Spoofing. Port Scanning. DNS security.	High Impact on Service providers as well as cloud user	· Network traffic · Rooting and jailbreaking, rootkits, the openness of privilege, · Cloud syncing, mobile application vulnerabilities	High Impact on cloud user and infrastructure loss to the service provider	· Loss of access to software and data in case of network failure	High Impact on Service users and service providers
Insider Threats [26][38][75][76]	· System admin could take advantage of the position and exploit the features.	High Impact on cloud users as they might lose their resources.	· Threats are similar to those of IaaS	High Impact on cloud users as they might lose access to data and resources.	· Negligible or less knowledge about the policies and procedures, · Third-party dealers can take advantage and misuse their powers	High Impact on the user as well as the service provider
Physically different locations [14][18][77][39]	· Complexity in routing rules to handle traffic for the same users using resources in different locations	High Impact on the cloud service provider as they have to invest more in resources.	· Threats are similar to those of IaaS	High Impact on the cloud service provider as they have to invest more in resources.	· Operations, deployment, agility, security, and scale can be affected by a geographically distributed SaaS model.	High Impact on Service Users
Platform Virtualization [20][25][46][62]	· Control of administrator on a host and guest operating systems · Vulnerability in Virtual PC and Virtual Servers could allow the elevation of privilege · The current Virtual Machine Monitor (VMM) does not offer perfect isolation	High Impact on cloud users as they might lose access to data and resources.	· Virtual machine sprawl · Hypervisor failure, single point failure, un-trusted VMM components · Memory deduplication issues	High Impact on cloud users as they might lose access to data and resources.	· Monitoring kernel and middleware integrity method issues · Virtual network-related security issues and the compromise of hypervisor	High Impact on service users

6.4. SECTION SUMMARY: THE INTERSECTION OF CLOUD SECURITY CHALLENGES WITH CLOUD SERVICE MODEL COMPLEXITIES

In this section, we've delved into the multifaceted challenges facing cloud computing, with a focus on IaaS, PaaS, and SaaS. These challenges vary across service models, demanding constant vigilance and innovative solutions. We've presented Table 11, which categorizes these challenges across eight essential metrics. This table serves as a valuable reference for stakeholders, offering insights into the impact of these challenges on cloud service models.

These challenges highlight the need for precise SLAs and simplified resource management. Security concerns across data, hardware, and network layers underscore the importance of robust security measures and vigilant monitoring for both users and service providers. Insider threats remain a concern for all service models, necessitating stringent policies. Physical location complexities result in increased provider expenditures, while platform virtualization vulnerabilities can disrupt user access. Network-related issues, such as DDoS attacks, pose significant risks to both users and providers, emphasizing the importance of comprehensive security protocols. These insights underscore the complexity of cloud security, requiring concerted efforts to address these challenges comprehensively. Our journey through the cloud security landscape will continue in the next section, where we will explore challenges and security intricacies at the network level, spanning from the perimeter to the data layer.

This section focuses on the network, the circulatory system of cloud computing, with its crucial role in supporting cloud services and presenting unique security risks. As cloud services interconnect and rely on shared resources within centralized data centers, addressing these network-specific challenges becomes vital. The exploration of network-level challenges in this section is a natural progression in comprehensively addressing cloud security concerns. The following section delves deep into network security intricacies, spanning from the perimeter to the data layer, providing a holistic view of cloud security at the network level. As cloud services become more interconnected and reliant on shared resources within centralized data centers, understanding and mitigating security risks at the network level is increasingly critical. Each layer presents unique security challenges with varying requirements, complexities, and potential vulnerabilities.

The following subsections outline derived challenges, key metrics related to those challenges, examples, and mitigation strategies.

7.1. Challenges and security issues in the perimeter layer

Working with precisely defined, physically separated, and delimited networks makes comprehending and enforcing perimeters easy. As more cloud services become networked and frequently rely on shared resources in a centralized data centre, designing and enforcing a perimeter becomes progressively more challenging. Because of this, no high-value assets are located at the network’s edge. The perimeter layer acts as a middle layer between the user and the internet, and the user can access the cloud infrastructure.

Securing the Perimeter Layer across different cloud service models—Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS)—poses unique challenges. Let's delve into these challenges with concrete examples.

i. Varied Security Requirements:

Key Metric- Security Control Granularity

Example: In IaaS, users have extensive control over their virtual machines (VMs) and networks, demanding robust security policies. In contrast, SaaS providers manage application security, relieving users but requiring trust in the provider's security measures.

ii. Access Control Complexity:

Key Metric- User Base Complexity

Example: SaaS applications may serve a vast user base, requiring intricate access control to ensure data privacy. PaaS environments, while simplifying some aspects, introduce complexities when integrating applications with different access needs.

iii. Data Handling Divergence:

Key Metric- Data Processing

Example: Data processing in IaaS may entail data transfers between VMs and storage, necessitating encryption. PaaS, on the other hand, abstracts much of this, making encryption transparent but requiring trust in the platform's security.

iv. Compliance Challenges:

Key Metric- Compliance Standards

Example: PaaS providers, handling platform-level security, must adhere to industry-specific compliance standards, posing unique compliance challenges compared to IaaS and SaaS.

v. Customization vs. Abstraction:

Key Metric- Configuration Flexibility

Example: IaaS users can tailor security configurations for VMs, while SaaS consumers rely on provider-defined security measures, striking a balance between customization and abstraction.

Understanding these challenges and their interplay with specific cloud service models is essential for devising effective security strategies. Cloud Service Providers (CSPs) employ security features like UTM (unified threat management) and WAF (Web application firewall) to thwart DoS attacks. In a DDoS attack, the victim's server is overwhelmed with numerous requests for CSP-provided services. Attackers typically use malware to commandeer a network of Internet-connected computers, forming a "zombie botnet" often used for spam emails and DoS attacks [61]. DDoS attacks primarily target the processing capabilities, memory, and bandwidth of one or more servers. These attacks come in network-level and application-level forms, with examples including HTTP flood attacks, Sync flood attacks, and XML flood attacks, which exploit network and transport layer protocols [61].

7.2. Challenges and security issues in the network layer

The network layer plays a crucial role in cloud computing, and any vulnerabilities within it can directly impact overall security. Common security challenges at this layer include activating unused ports, IP address reuse, Sybil attacks, eavesdropping, and neglecting firmware updates and security patches. Intrusions, backdoor attacks, session hijacking, and vulnerabilities stemming from flaws in the TCP/IP communication architecture are significant concerns affecting network security in the cloud [62]. In virtualized environments, all virtual machines (VMs) share a single network layer, which can introduce security risks. To address these concerns, a Demilitarized Zone (DMZ) can be used. The DMZ is a subnet that separates a local area network (LAN) from untrusted networks like the internet, enhancing security by preventing direct access to internal servers and data from the internet. It also aids in logical network segmentation and security [7], [63].

i. Resource Accessibility:

Key Metric- Network Control

Example: In IaaS, users configure networks to grant or restrict access to VMs, demanding meticulous network security planning. SaaS abstracts this complexity, but users lose control over network-level security.

ii. Virtualization Vulnerabilities:

Key Metric- Virtualization Risks

Example: Virtualized environments in IaaS introduce security concerns like VM escape attacks. PaaS simplifies network aspects but requires trust in the provider's secure management of underlying networks.

iii. Network Architecture Flaws:

Key Metric-TCP/IP Vulnerabilities

Example: TCP/IP communication architecture flaws can lead to vulnerabilities in network security across all cloud service models, affecting data transmission and user access.

iv. DMZ and Logical Disruption:

Key Metric- Network Segmentation

Example: IaaS users might implement DMZs to segregate networks, preventing unauthorized access. This strategy mitigates logical network disruption, a concern when VMs share physical servers.

v. Common Network Attacks:

Key Metric- Network Threats

Example: Threats like DNS poisoning, ARP spoofing, and packet sniffing can compromise network security in all cloud service models, emphasizing the importance of robust network-level defenses.

Similarly, cloud customers' virtual machines (VMs) are typically housed on the same physical server(s) that house the VMs of other cloud customers. There will be a physical interruption of the network due to security concerns, including sniffer, unauthorized access, man-in-the-middle attacks, and service outages [7][63].

DNS poisoning, password-based attacks, port scanning, compromised key attacks, Cross-site scripting, passive attacks, ARP spoofing, identity spoofing, packet sniffer, and phishing assaults are some common network layer techniques used to obtain access to Cloud services.

7.3. Challenges and security issues in the host layer

Security challenges in the host layer of cloud computing are influenced by the specific service delivery methods (SaaS, PaaS, and IaaS) and deployment models (private, public, and hybrid). In SaaS and PaaS services, cloud service providers typically handle host security responsibilities, while IaaS clients are generally responsible for securing the cloud hosts they provision, including virtualization software security and customer guest OS or virtual server security [64]. It's worth noting that these host layer security challenges are interconnected with broader challenges at the cloud computing architecture level. Therefore, we are summarizing these challenges here:

i. Security Responsibility Shift:

Key Metric- Host Security Ownership

Example: In SaaS and PaaS, host security responsibilities are outsourced to cloud providers, reducing user management burdens. However, in IaaS, users must safeguard their provisioned cloud hosts, covering aspects like virtualization security.

ii. Authentication and Unauthorized Access:

Key Metric- Bypassing Authentication

Example: External users or Cloud Service Providers (CSPs) may attempt to bypass authentication, gaining unauthorized access to OS, VMs, and Virtual Machine Monitors (VMMs). This security challenge impacts all cloud service models.

iii. Logging and Event Handling:

Key Metric- Threat Detection

Example: Failure to log security events or provide log files to cloud users can hinder threat detection and response, emphasizing the importance of robust logging mechanisms across IaaS, PaaS, and SaaS.

iv. Resource Impact of DoS Attacks:

Key Metric- Denial of Service Impact

Example: A Denial of Service (DoS) attack targeting a Virtual Machine Monitor (VMM) can severely impact resources like memory, processor, and network bandwidth, leading to VM service interruptions—a concern across IaaS deployments.

v. Secured VM Removal:

Key Metric- Data Security Management

Example: Attackers may attempt to restore VM data when its storage is moved to another VM, highlighting the need for secure VM data management, especially in IaaS and PaaS scenarios.

7.4. Challenges and security issues in the application layer

The application layer is a prime target for cyberattacks, situated between the user and the network. This vulnerability arises because lower network layers primarily engage with security-aware users, while web applications and Software as a Service (SaaS) are integral to cloud services. The overall security and availability of cloud services hinge on the absence of vulnerabilities in web browsers, APIs, and applications. Cloud-based applications can be exploited for malicious purposes, often through techniques like code injection. Malware is consistently introduced into the cloud ecosystem via malicious web links and websites. With the ever-growing number of internet-connected users and devices, attackers are drawn to this expanding attack vector [62].

Application security threats in the SaaS delivery model and within the Cloud computing architecture sections have been previously discussed. Here, the 10 most critical security risks to web applications, as outlined by the Open Web Application Security Project (OWASP), are presented. A comparison between these risks for the years 2017 to 2021 is depicted in Figure 9.

As per the 2021 OWASP reports, some of the security risk categories have increased from 2017 to 2021; categories like Broken Access Control, Sensitive Data Exposure, i.e., Cryptographic Failure, Security Misconfiguration, Vulnerable Outdated Components, and Insufficient Logging and Monitoring, have moved up in their positions. Surprisingly, 94% of the applications tested had broken access control and injections.

7.5. Challenges and security issues in the data layer

In a conventional on-premises application deployment model, sensitive enterprise data remains within the company's perimeter and is subject to the enterprise's physical, logical, and human access control regulations and security measures. However, in cloud architecture, enterprise data is stored outside the company's boundaries at the Cloud Service Provider's (CSP) end. This is particularly relevant in a Software as a Service (SaaS) deployment model, where sensitive data is acquired from businesses, processed by the SaaS application, and stored on the SaaS vendor's end. Ensuring the security of this data in the cloud involves addressing two key categories of challenges: protecting data during its transit and protecting data while it's stored.

Data must be encrypted during transmission over the network to prevent the leakage of sensitive information. Even though data must be encrypted within the CSP's environment, it remains accessible to end users with authorized access [60]. Security challenges at the Data Layer level also involve the potential for adversaries to gain unauthorized access to enterprise data by exploiting vulnerabilities in the data security model. These vulnerabilities encompass issues like cross-site scripting (XSS), access control weaknesses, operating system and SQL injection flaws, cross-site request forgery (CSRF), cookie tampering, hidden field tampering, insecure storage, and insecure configuration. Addressing these vulnerabilities is crucial for safeguarding enterprise data stored on the infrastructure of cloud service providers (CSP) [58]. In addition to these challenges, cloud security extends to end-to-end identity management, third-party authentication services, and identity management. Identity security plays a key role in securing data and applications while ensuring authorized access. Any weaknesses in these areas can result in data sniffing, which threatens data confidentiality, unauthorized data access and modification, data integrity, availability, and authentication features [65].

In summary, the challenges discussed in this section emphasize the complexities of ensuring data security within the Data Layer of cloud computing. These challenges collectively contribute to the broader set of issues explored in the next section, 'CHALLENGES AT THE DATA LEVEL,' where a more detailed examination of data-related challenges and their implications in the cloud computing landscape will be undertaken.

7.6. SECTION SUMMARY: THE INTERSECTION OF NETWORK-LEVEL SECURITY CHALLENGES WITH CLOUD SERVICE MODEL VULNERABILITIES

The section navigates the complex terrain of network-level cloud computing security challenges. With increasing interconnection and dependence on shared resources in centralized data centres, network layer security has assumed utmost significance. The investigation reveals that these issues affect all network layers, including the perimeter layer, network architecture, host layer, and application layer. Notably, challenges in the perimeter layer were highlighted, such as diverse security requirements, complex access controls, data management nuances, compliance complexities, and the delicate balance between customization and abstraction across various cloud service models (IaaS, PaaS, SaaS). In addition, the author delves into the complexities of the network layer, including resource accessibility, virtualization vulnerabilities, architecture faults, DMZ implementation, and common network attacks, accompanied by illustrative examples. Reflecting shifts in security responsibilities, authentication complexities, logging importance, resource impacts of DoS attacks, and secure VM data administration, host layer challenges have emerged.

In addition, the application layer's susceptibility to assaults and its central role in cloud services were emphasized, along with security risks and common threats. Lastly, the author examines data layer challenges, differentiating between protecting data in transit and at rest, emphasizing encryption, and spotlighting vulnerabilities such as XSS, access control flaws, and SQL injection. These insights collectively highlight the complexity of network-level cloud security, paving the way for a more in-depth examination of data-related challenges in the section titled 'Challenges at the Data Level.

Security from CSPs may be too expensive for smaller businesses. However, data exploitation is potential when two or more companies share a resource. Under these conditions, it is crucial to safeguard data storage facilities. Data should be safeguarded not just when it is being stored, transported, or processed; this includes the actual data repositories themselves. Given the pervasiveness of this type of resource sharing in the context of cloud computing, data protection has emerged as the most critical challenge among other hurdles associated with cloud computing. The cloud allows for collaborative file storage and retrieval across users. So, it's crucial to keep each user's information separate. CSPs must adopt adequate security measures to avoid data loss and unlawful access by other parties. For example, user rights and access control policies must be examined and applied with care [7], [63]. Data Security properties in Fig.10, which are essential for securing CC data are discussed in further sections.

8.1. Challenges and security issues in data confidentiality

Data confidentiality is crucial to protecting data from unauthorized or unintended access, theft, or disclosure. The rise in the number of cloud users presents significant challenges to maintaining data confidentiality. It becomes increasingly complex to ensure data confidentiality when several users interact with data in the cloud environment. This problem is exacerbated by the lack of control that organizations have over the cloud infrastructure and the need to trust cloud service providers to enforce access control policies and protect data confidentiality. Data is outsourced in the cloud; the user does not know where their data is and has no idea who is accessing it. Insider threats are inevitable and pose threats, making it very dangerous for users to store their sensitive data in cloud storage directly. Public cloud computing environments pose access control regulation risks, which can compromise data[13]. Encryption methods, encryption key specifications, and data protection measures can help address data confidentiality, authentication, and access control issues[66]. Increasing the reliability and trustworthiness of the cloud can also mitigate these challenges. Using encryption solely for confidentiality is insufficient; cloud architecture must also enhance data confidentiality. [67].

8.2. Challenges and security issues in data integrity

Data integrity ensures the correctness and consistency of data throughout its lifecycle, protecting it from unauthorized changes, deletions, and falsifications [13][66]. Human errors, such as data entry mistakes and data duplication or loss, are common challenges [39][68]. Security threats are a significant concern and can take various forms, including OS and SQL injection flaws, Cross-site request forgery (CSRF), Cookie manipulation (Cookie poisoning), Hidden field manipulation (Hidden field poisoning), and other threats related to cloud service models and architecture [7][12]. Hardware and software issues can also compromise data integrity. Hardware problems often stem from physical issues, while software failures can leave systems outdated and vulnerable. To maintain data integrity, it's crucial to use secure storage, follow backup best practices, segregate user data, implement Security Information and Event Management (SIEM), and secure Ghost VMs and Virtual Machine Managers against attacks [9][13].

8.3. Challenges and security issues in data availability

One of the primary concerns for businesses in the Cloud is ensuring availability, as downtime can result in a significant negative impact on operations. The level of data availability is typically established by the contractual agreement between the client and the service provider. Availability is closely linked with system uptime and reliability, which can be affected by a range of factors, including hardware failures, software outages, human error, cyberattacks, and insider threats. Attackers may leverage denial of service (DoS) attacks to disrupt data availability from the service provider's end. Network penetration attacks are also a commonly employed tactic by attackers, along with authentication attacks, credential theft, high volumes of malicious traffic, and targeted attacks on mobile devices, all of which can cause data unavailability. In addition to these:

· Elevation of privileges - where an attacker bypasses all system protections to get access to the trusted system.

· SLAs (Weak Service Level Agreements)

· Vendor lock-in

· Data unavailability at the vendors' end

· Non-transparent infrastructure

· Inefficient Auditing policies – where the system is incompatible with examining and scrutinising authorization and authentication records to determine compliance with predefined security standards and rules. This can lead to data unavailability for the service users [19][69].

8.4. Challenges and security issues in data management

Managing data across geographically dispersed data centers in the cloud presents significant challenges, including parallelism, recovery, replication consistency, and dependability. The central focus in data management as a service is the development of a scalable and flexible data management system. While IT corporations and organizations widely embrace Cloud Computing, big data in the cloud still poses several challenges, encompassing scalability, availability, data integrity, data transformation, data quality, data heterogeneity, privacy, and legal considerations [18]. Notably, there is a growing need for enhanced access control systems with audit mechanisms and the establishment of a central organization to create authentication keys for users [70]. For effective system setup and data management, a scalable control environment for data management is indispensable. This includes domain control, user permission management, file creation and deletion, and file access control. In the realm of cloud data management, managing heterogeneous hardware capabilities, dynamic resource sharing, and ensuring reliable and consistent data replication are vital considerations [71]

8.5. Challenges and security issues in data replication

Data replication serves a distinct purpose beyond standard backups, ensuring data synchronization between a publisher and a subscriber server. It allows for automatic updates to the subscriber as changes occur in the publisher, enhancing parallelism and distributed memory systems. However, it can impose memory overhead, necessitating a trade-off between speed benefits and memory requirements.

Data replication in the cloud introduces various challenges, including migration, placement, security, fault tolerance, and strategies[67]. Effective scheduling mechanisms are essential for timely access and migration execution, with a focus on minimizing network congestion and maintaining efficient replica sizes while ensuring access efficiency. Security aspects must consider replica availability, transfer methods, and replication consistency and integrity. Balancing consistency methods with performance can impact replica availability and system performance. Fault tolerance, encompassing reliability, availability, and dependability, is crucial for addressing defects within the cloud storage environment where data replication software, hardware, and services are used [71]. Creating a replication plan involves considering factors like response time, data usage, network optimization, power efficiency, request serving capacity, load balancing across replicas, request processing time, the number of replications, efficiency, and bandwidth utilization. These elements are integral to effective replication plan design [72].

8.6. SECTION SUMMARY: The Intersection of Cloud Computing Security and Data LEVEL Challenges

In this section, the challenges related to data in cloud computing are examined comprehensively. It is noted that smaller businesses may find security from Cloud Service Providers (CSPs) cost-prohibitive, yet data exploitation risks arise in resource-sharing scenarios, necessitating robust safeguards. Beyond securing data during transit, storage, and processing, protecting the underlying data repositories is highlighted due to the prevalence of resource sharing. Data confidentiality (8.1) is a major issue with the expanding number of cloud users, limited corporate control over cloud infrastructure, and CSP trust. Insider threats are dangerous. Encryption, authentication, and trustworthy cloud architectures are stressed to protect data. Data integrity (8.2) means accuracy, consistency, and protection from unauthorized modifications. Human error, security threats, and hardware/software vulnerabilities are issues. Businesses must ensure data availability (8.3) due to hardware failures, cyberattacks, and insider risks. Security, access control, and dependability improvements are highlighted. Data management (8.4) in geographically distributed data centers requires parallelism, recovery, and flexible access control. Finally, data replication (8.5) migration, security, and dependability issues are discussed, emphasizing the requirement for dependable scheduling and security.This section underscores the intricate nature of data security, management, and replication within cloud computing.

Table 12 Table summarizing key metrics and challenges at the data level in cloud computing.

Data Level Challenge	Key Metrics and Considerations
Data Confidentiality (8.1)	- Number of Cloud Users
[13] [18] [26] [63] [65]	- Organizational Control Over Cloud Infrastructure
	- Insider Threats
	- Encryption Methods and Key Specifications
	-Trustworthiness of Cloud Architecture
Data Integrity (8.2)	- Human Errors in Data Handling
[13] [24] [26] [38] [63]	- Security Threats (e.g., OS and SQL injection)
	- Hardware/Software Vulnerabilities
Data Availability (8.3)	- Downtime Impact on Business Operations
[13] [14] [28] [38] [78]	- Hardware Failures
	- Cyberattacks and Insider Threats
	- Accessible Service Level Agreements (SLAs)
Data Management (8.4)	- Challenges in Geographically Distributed Data Centers
[14] [18] [38] [40] [78]	- Scalability and Access Control
	- Data Consistency and Reliability
Data Replication (8.5)	- Data Migration Complexity
[14] [27] [62] [79] [80]	- Security During Replication
	- Reliability and Timely Access
	- Network Efficiency During Replication

Table 12 outlines the key challenges at the data level in cloud computing and the corresponding metrics and considerations for each challenge.

According to NIST, cloud computing architecture involves five primary actors, with a primary focus on threats to cloud customers and providers [81]. These actors participate in various roles within cloud computing processes and transactions, and their roles have been defined in Table 2 of Sub-section 2.2. Stakeholders in cloud computing security face numerous challenges, with a central concern being the protection of data and privacy.

Scenario 1: Cloud Customer Interactions with Cloud Broker

In the first scenario, cloud customers directly interact with a cloud broker, remaining unaware of the actual cloud provider. Cloud users are deeply concerned about the confidentiality and integrity of their data stored in the cloud. They require assurance that their sensitive information is adequately protected from unauthorized access or data breaches [81]. This concern leads to potential SLA violations and trust issues between the consumer and service provider. Furthermore, the broker must efficiently select the most secure, cost-effective, and trustworthy service provider, posing a challenge in keeping CSP information up to date [73].

Scenario 2: Cloud Carriers and Service Delivery

In the second scenario, cloud carriers are responsible for delivering cloud services from providers to customers, bonded by SLAs with the cloud provider. Carriers face not only the threats discussed in section 7 but also internal threats arising from the telecommunications infrastructure used for service delivery. Additionally, underlying devices like Mobile Internet Devices (MIDs) introduce hardware threats [74]. The provisioning of "Everything-as-a-Service" emerges as a crucial and challenging task for carriers.

Scenario 3: Cloud Auditors and Security Evaluation

In the third scenario, cloud auditors assess the functionality and security of cloud service deployments. The audit may require communication with both the cloud consumer and provider while ensuring SLAs are implemented without constraints. Cloud audits aim to determine essential details such as anticipated expenses for service implementation [82]. Auditors must address cloud-specific security risks, including issues related to confidentiality due to multiple users across a broad scope. Auditors must pay close attention to various security elements, such as transparency, encryption, co-location, scalability, scope, and complexity, as these factors become more critical in the context of cloud security auditing processes [74], [73].

The summary table 12 with novel metrics and additional context provides a more comprehensive view of the challenges at the stakeholders' level in cloud computing:

Table 12 Table summarizing key metrics and challenges at the data level in cloud computing.

Challenge	Key Metric	Novel Metric	Examples and Explanations
Cloud Consumer Challenges	Trust in Cloud Broker	Service Diversity	In Usage Scenario 1, cloud consumers rely on cloud brokers, necessitating trust in the broker's ability to select secure and cost-effective services. However, evaluating the diversity of available services is also crucial for meeting specific needs.
Cloud Carrier Challenges	SLA Compliance	Data Transit Security	Usage Scenario 2 involves cloud carriers ensuring SLA compliance, including connectivity and encryption requirements. Additionally, focusing on secure data transit, including protection against interception during transport, is paramount.
Cloud Auditor Challenges	Security Assessment	Resilience to Zero-Day Vulnerabilities	Cloud auditors in Usage Scenario 3 assess security elements, including transparency, encryption, and scalability. They should also evaluate the cloud service's resilience to emerging zero-day vulnerabilities and threats.

By introducing the "Service Diversity" metric for cloud consumer challenges and the "Data Transit Security" and "Resilience to Zero-Day Vulnerabilities" metrics for cloud carrier and auditor challenges, respectively, the section provides a more nuanced perspective on the challenges stakeholders face. These novel metrics consider the evolving landscape of cloud computing and the need to address diverse service options, data security during transit, and the ability to withstand emerging security threats.

In the preceding sections, we conducted a comprehensive analysis of the multifaceted challenges in cloud security. As we categorize these solutions, it is vital to emphasize that they are not standalone recommendations but directly address the specific challenges discussed earlier. Each solution category is aligned with one or more challenge areas, offering a comprehensive roadmap for addressing the complexities of cloud security..

Solution Categories:

1. Technology Integration:

I. Increased adoption of AI and machine learning:

Incorporate AI and machine learning algorithms to analyze network traffic and user behaviour in real-time, enabling proactive threat detection and response.

Example: Utilize a cloud-based AI-driven security platform like Darktrace or CrowdStrike. These platforms employ AI and machine learning algorithms to continuously analyze network traffic and user behavior.

II. Adoption of zero-trust security model:

Implement granular access controls, continuous monitoring, and micro-segmentation to enforce the zero-trust model effectively.

Example: Use of Zscaler Private Access or Palo Alto Networks Prisma Access for ZTNA. The above methods verify persons and devices' identities and security before granting access to resources. Continuous monitoring ensures access credentials adapt to changing situations. Network security approach micro-segmentation separates workloads and inhibits lateral movement, reducing the attack surface.

III. DevSecOps Integration:

In DevSecOps, security is seamlessly integrated into the software development and delivery process, allowing for the early identification and remediation of security vulnerabilities.

Example: Use of OWASP ZAP or Checkmarx in the CI/CD process. Each code commit triggers automatic security testing, finding vulnerabilities early in development. This proactive approach prevents security issues from reaching production settings, preventing security breaches and assuring secure application development.

IV. Security Information and Event Management (SIEM):

SIEM solutions provide centralized monitoring and analysis of security events across the cloud environment, helping organizations detect and respond to security incidents in real-time.

Example: Real-time security log analysis from cloud services and applications can be done with an SIEM solution like Splunk or Elastic Security. SIEM notifications for immediate examination of unauthorized access or suspicious behavior. This allows security teams to respond quickly to threats, reducing security incidents and improving cloud security.

2. Standardization and Governance:

I. Regulatory Compliance Frameworks:

Develop a comprehensive regulatory compliance framework that aligns with industry standards and regional regulations. This framework should address data protection, privacy, and security requirements specific to different geographic regions and industries.

Example: Create a framework that aligns with the General Data Protection Regulation (GDPR) and develop a framework that incorporates GDPR's data protection principles. This ensures that cloud services operate and adhere to GDPR requirements, promoting compliance and data privacy.

II. Development of globally accepted standards:

Collaborate with industry stakeholders to create comprehensive standards that cover data encryption, identity management, incident response, and compliance, ensuring consistency and interoperability.

Example: Creating the "Global Cloud Security Standard" with prominent cloud service providers, industry associations, and cybersecurity experts. These standards address data encryption, identity management, incident response, and compliance. We want a global framework to ensure cloud service consistency and interoperability. GCSS helps cloud providers and consumers meet worldwide security standards, improving cloud security and trustworthiness.

III. Certification programs:

Establish certification programs that validate cloud service providers' adherence to these standards, giving users confidence in their security practices.

Example: Developing a Global Cloud Security Standard certification scheme for cloud service providers. Cloud providers are rigorously audited and assessed for GCSS compliance. After completion, they earn the "CloudTrust Certified" seal, demonstrating their strong security measures. Users can trust cloud services and use secure cloud services by choosing certified providers that fulfil global security requirements.

3. Communication and Collaboration:

I. Incident Response Plans and Drills:

Develop comprehensive incident response plans that outline the steps to take in the event of a security incident. Conduct regular incident response drills and simulations to ensure that teams are well-prepared to respond effectively.

Example: Create a simulated data breach situation whereby there is a potential exposure of sensitive customer data. Conduct an evaluation of the incident response plan, encompassing communication, containment, and recovery protocols, in order to ascertain potential areas that may benefit from enhancement.

II. Threat Intelligence Sharing:

Participate in industry-specific threat intelligence sharing groups or platforms where organizations can share information about emerging threats, vulnerabilities, and attack patterns. Collaboration on threat intelligence can help organizations proactively defend against common threats.

Example: Join the relevant Information Sharing and Analysis Center. These groups make it easy for member organizations to share information about cybersecurity threats. This lets member organizations stay up-to-date on new threats and take proactive steps to protect their networks and data.

4. Research and Innovation:

I. Quantum-Safe Encryption:

Research and implement quantum-safe encryption methods to protect data from future quantum computing threats. Quantum-safe encryption algorithms are designed to resist attacks from quantum computers, which have the potential to break traditional encryption methods.

Example: Engage in collaborative efforts with cryptography specialists and esteemed research institutes to facilitate the development and implementation of encryption methods that are resilient against quantum computing threats within the cloud architecture. This measure guarantees the preservation of sensitive data's security, even in a future characterized by the advent of quantum computing.

II. Next-Generation Authentication Technologies:

Investigate next-generation authentication technologies beyond traditional username/password methods. These technologies include biometric authentication, behavioural biometrics, and passwordless authentication.

Example: Implementing biometric authentication for cloud access, enabling users to verify their identity using fingerprint or facial recognition. In addition, investigate password-free authentication methods, such as one-time passwords (OTP) sent to mobile devices and hardware-based security keys or passkeys.

III. Security Orchestration and Automation:

Invest in security orchestration and automation platforms that streamline security operations and response. These platforms can automate routine security tasks, freeing up security teams to focus on more complex threats.

Example: Deploy a platform for security automation and orchestration, such as Palo Alto Networks Cortex XSOAR or Splunk Phantom. Configure automated playbooks that can respond without human intervention to common security incidents, such as malware infections or suspicious activities.

IV. Blockchain for data integrity:

Explore blockchain technology to ensure data integrity and prevent unauthorized modifications or access.

Example: Secure critical cloud documents and records with a blockchain-based data integrity solution. Blockchain can provide an immutable, tamper-proof medical record ledger in healthcare. Every new patient record entry is cryptographically secured in a blockchain transaction. Any attempt to change or erase previous medical data would require network consensus, making illegal changes impossible. This keeps patient records accurate, trustworthy, and tamper-resistant, improving data integrity and privacy.

5. Maintenance and Auditing:

I. Compliance Auditing and Reporting:

Conduct regular compliance audits to assess whether cloud environments adhere to security standards, regulatory requirements, and internal policies. Generate compliance reports for documentation and transparency.

Example: Perform quarterly compliance audits against industry standards such as CIS benchmarks or specific regulatory frameworks such as GDPR, HIPAA, or SOC 2. Auditors examine configurations, access controls, and data handling procedures to ensure conformity with compliance standards.

II. Security Log Retention and Analysis:

Establish a robust security log retention policy that mandates the collection and retention of security logs from cloud services and applications. Implement log analysis tools to identify security incidents.

Example: Configure cloud services to export security logs to a centralized system for log management, such as Splunk or ELK Stack. Configure alerts and automated analysis rules based on log data to detect suspicious activities or security breaches.

III. Security Configuration Management:

Implement security configuration management tools and practices to enforce consistent security configurations across cloud resources.

Example: Utilize configuration management platforms like Puppet or Ansible to define and enforce security baselines for cloud virtual machines (VMs). These tools ensure that VMs are configured securely and consistently according to predefined policies.

IV. Backup and Disaster Recovery Testing:

Regularly test backup and disaster recovery mechanisms for cloud data and services to ensure data resilience and availability in case of unexpected outages or data loss.

Example: Carry out disaster recovery testing on a quarterly basis by modeling various scenarios, such as the failure of a data center or an online attack. Evaluate recovery time objectives (RTOs) and recovery point objectives (RPOs), as well as validate the restoration of essential cloud resources from backups.

V. Automated security patch management:

Invest in automated patch management systems to promptly apply security updates and mitigate vulnerabilities.

Example: Automate cloud infrastructure security patch management. Use Azure Update Management in a Microsoft Azure cloud. This service automatically finds and applies virtual machine security patches and updates according to schedules or compliance standards. Your firm can quickly deploy essential security upgrades throughout the cloud infrastructure by automating patch management, decreasing the risk of attackers exploiting known vulnerabilities.

In the current context of accelerated cloud computing adoption, driven by remote work and digital transformation, the imperative for robust data security and privacy measures has reached unprecedented levels. Organizations must prioritize the implementation of these solutions to fortify their cloud environments and safeguard data privacy. Additionally, with the advent of transformative technologies such as edge computing and 5G networks, the pursuit of research and development remains essential to tackle the distinctive security challenges posed by these innovations. The cloud computing paradigm encompasses a spectrum of critical elements, including end-user devices, communication networks, access management systems, stakeholders, and cloud infrastructures. Our objective has been to illuminate the diverse vulnerabilities, threats, and attacks that encumber the adoption of cloud computing. The emergence of novel computer architectures and technologies like IoT, 5G Communication, and Fog Computing builds upon cloud computing as its foundational technology, extending the landscape of vulnerability and security concerns. In our comprehensive survey, we scrutinized the challenges and security apprehensions in cloud computing from the vantage point of all stakeholders involved. We performed a factor analysis on the categories of challenges to unearth the underlying factors contributing to cloud computing challenges. Our findings affirm that cloud computing presents unique and distinct challenges demanding a holistic and comprehensive approach.

Our factor analysis underscores that the five-perspective taxonomy comprises the primary determinants of cloud computing challenges. Each factor encapsulates a unique concern that necessitates attention to ensure the adoption and implementation of cloud computing solutions.

1. Cloud Service Models: This foundational factor, encompassing Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS), emerges as the most significant contributor to cloud computing challenges. It encompasses issues relating to service level agreements, vendor lock-in, and compatibility across service models.

2. Cloud Computing Architecture: The second most influential factor is the cloud computing architecture, representing the underlying infrastructure and technologies that enable cloud computing. It encompasses concerns related to scalability, reliability, and resource availability, chiefly impacting those responsible for cloud infrastructure management.

3. Data Ownership and Control: The third major factor addresses concerns surrounding data ownership, access, and control. Particularly relevant for end-users, it underscores apprehensions about third-party access to their data without consent.

4. Data Privacy and Security: This crucial factor ranks fourth and addresses data privacy, confidentiality, and security concerns. Stakeholders managing and securing cloud-based data bear primary responsibility in this domain.

5. Legal and Compliance Issues: The fifth major factor underscores regulatory and legal frameworks governing cloud computing use. It includes issues related to data protection regulations, intellectual property rights, and liability for data breaches, with a focus on compliance assurance.

In addition to these factors, our analysis uncovers security vulnerabilities across different cloud layers, with threats cascading from IaaS to PaaS, and from networking to data storage and privacy. This intricate interplay complicates the implementation of security measures. Notably, computation privacy in cloud computing remains a topic ripe for further research, while addressing insider threats poses an ongoing challenge. The absence of globally accepted standard privacy and security criteria for service providers necessitates research into Cloud-based trust establishment. Moreover, the integration of AI and machine learning into security platforms offers the promise of heightened intelligence for distinguishing insider from external threats. By embracing these technological tools, we aim to elevate the standards of Trust establishment, Data Security, and Privacy in the realm of cloud computing. As cloud technology continues to evolve, so too must our approach to safeguarding it..

CONFLICT OF INTEREST:

The authors whose names are listed in the manuscript, certify that they have NO affiliations with or involvement in any organization or entity with any financial interest (such as honoraria; educational grants; participation in speakers’ bureaus; membership, employment, consultancies, stock ownership, or other equity interest; and expert testimony or patent-licensing arrangements), or non-financial interest (such as personal or professional relationships, affiliations, knowledge or beliefs) in the subject matter or materials discussed in this manuscript.

Ramachandra G, Iftikhar M, Khan FA (2012) A Comprehensive Survey on Security in Cloud Computing, Procedia Comput. Sci., vol. 110, no. pp. 465–472, 2017, 10.1016/j.procs.2017.06.124
Kafhali SE, Mir IE, Hanini M (2022) Security Threats, Defense Mechanisms, Challenges, and Future Directions in Cloud Computing. Arch Comput Methods Eng 29(1):223–246. 10.1007/s11831-021-09573-y
NIST, NIST Cloud Computing Reference Architecture (2011) : Recommendations of NIST, Natl. Inst. Stand. Technol., vol. Special Pu, pp. 1–35, [Online]. Available: https://pmt-eu.hosted.exlibrisgroup.com/permalink/f/gvehrt/TN_cdi_ieee_primary_6012797
Weidt F, Silva RLS (2016) Systematic Literature Review in Computer Science - A Practical Guide
Jangjou M, Sohrabi MK (2022) A Comprehensive Survey on Security Challenges in Different Network Layers in Cloud Computing. Arch Comput Methods Eng 012345678910.1007/s11831-022-09708-9
Tahirkheli AI et al (2021) A survey on modern cloud computing security over smart city networks: Threats, vulnerabilities, consequences, countermeasures and challenges. Electron 10(15). 10.3390/electronics10151811
Soveizi N, Turkmen F, Karastoyanova D (2023) Security and privacy concerns in cloud-based scientific and business workflows: A systematic review. Futur Gener Comput Syst 148:184–200. 10.1016/j.future.2023.05.015
Sheik SA, Muniyandi AP (2022) Secure authentication schemes in cloud computing with glimpse of artificial neural networks: A review, Cyber Secur. Appl., vol. 1, no. July p. 100002, 2023, 10.1016/j.csa.2022.100002
Srikanth GU, Jaffrin LCC (2022) Security Issues in Cloud and Mobile cloud: A Comprehensive Survey. Informa UK Limited, pp 1–25. 10.1080/19393555.2022.2035470
Khoda Parast F, Sindhav C, Nikam S, Izadi Yekta H, Kent KB, Hakak S (2022) Cloud computing security: A survey of service-based models. Comput Secur 114:102580. 10.1016/j.cose.2021.102580
Ometov A, Molua OL, Komarov M, Nurmi J (2022) A Survey of Security in Cloud, Edge, and Fog Computing. Sensors 22(3):1–27. 10.3390/s22030927
Saini DK, Kumar K, Gupta P (2022) Security Issues in IoT and Cloud Computing Service Models with Suggested Solutions, Secur. Commun. Networks, vol. no. iv, 2022, 10.1155/2022/4943225
Alouffi B, Hasnain M, Alharbi A, Alosaimi W, Alyami H, Ayaz M (2021) A Systematic Literature Review on Cloud Computing Security: Threats and Mitigation Strategies. IEEE Access 9:57792–57807. 10.1109/ACCESS.2021.3073203
Gajjam MNS, Gunasekhar DT (2021) Key challenges and research direction in cloud storage, Mater. Today Proc., no. xxxx, 10.1016/j.matpr.2021.01.609
Alwakeel AM (2021) An overview of fog computing and edge computing security and privacy issues. Sensors 21:1–20. 10.3390/s21248226
Bamasoud DM, Al-Dossary AS, Al-Harthy NM, Al-Shomrany RA, Alghamdi GS, Algahmdi RO (2021) Privacy and Security Issues in Cloud Computing: A Survey Paper, 2021 Int. Conf. Inf. Technol. ICIT 2021 - Proc., pp. 387–392, 10.1109/ICIT52682.2021.9491632
AlAhmad AS, Kahtan H, Alzoubi YI, Ali O, Jaradat A (2021) Mobile cloud computing models security issues: A systematic review. J Netw Comput Appl 190:103152. 10.1016/j.jnca.2021.103152
Yang P, Xiong N, Ren J (2020) Data Security and Privacy Protection for Cloud Storage: A Survey. IEEE Access 8:131723–131740. 10.1109/ACCESS.2020.3009876
Alnajrani HM, Norman AA, Ahmed BH (2020) Privacy and data protection in mobile cloud computing: A systematic mapping study. PLoS ONE 15(6):1–28. 10.1371/journal.pone.0234312
Tabrizchi H, Kuchaki Rafsanjani M (2020) A survey on security challenges in cloud computing: issues, threats, and solutions. no 12 Springer US 76. 10.1007/s11227-020-03213-1
Jiménez SDO, Anaya EA (2020) A Survey on Information Security in Cloud Computing. Comput y Sist 24(2):819–833. 10.13053/CyS-24-2-3119
Abid A, Manzoor MF, Farooq MS, Farooq U, Hussain M (2020) Challenges and issues of resource allocation techniques in cloud computing, KSII Trans. Internet Inf. Syst., vol. 14, no. 7, pp. 2815–2839, Jul. 10.3837/TIIS.2020.07.005
Almutairy NM, Al-Shqeerat KHA, Al Hamad HA (Jan. 2019) A Taxonomy of Virtualization Security Issues in Cloud Computing Environments. Indian J Sci Technol 12(3):1–19. 10.17485/IJST/2019/V12I3/139557
Sun PJ (2019) Privacy Protection and Data Security in Cloud Computing: A Survey, Challenges, and Solutions. IEEE Access 7:147420–147452. 10.1109/ACCESS.2019.2946185
Swathy Akshaya M, Padmavathi G (2019) Taxonomy of Security Attacks and Risk Assessment of Cloud Computing. Springer Singap 750. 10.1007/978-981-13-1882-5_4
Hong JB, Nhlabatsi A, Kim DS, Hussein A, Fetais N, Khan KM (2019) Systematic identification of threats in the cloud: A Survey. Comput Networks 150:46–69. 10.1016/j.comnet.2018.12.009
Fatima S, Ahmad S (2019) An exhaustive review on security issues in cloud computing. KSII Trans Internet Inf Syst 13(6):3219–3237. 10.3837/tiis.2019.06.025
Rao NT, Bhattacharyya D (2019) Review on Space and Security Issues in Cloud Computing, Int. J. Secur. Its Appl., vol. 13, no. 2, pp. 1–8, 10.33832/ijsia.2019.13.2.01
Varadharajan V, Tupakula U (2018) Securing services in networked cloud infrastructures. IEEE Trans Cloud Comput 6(4):1149–1163. 10.1109/TCC.2016.2570752
Islam S, Ouedraogo M, Kalloniatis C, Mouratidis H, Gritzalis S (2018) Assurance of Security and Privacy Requirements for Cloud Deployment Models. IEEE Trans Cloud Comput 6(2):387–400. 10.1109/TCC.2015.2511719
Xu H, Qiu X, Sheng Y, Luo L, Xiang Y (2018) A qos-driven approach to the cloud service addressing attributes of security. IEEE Access 6:34477–34487. 10.1109/ACCESS.2018.2849594
Subramanian N, Jeyaraj A (2018) Recent security challenges in cloud computing, Comput. Electr. Eng., vol. 71, no. June, pp. 28–42, 10.1016/j.compeleceng.2018.06.006
Indu I, Anand PMR, Bhaskar V (2018) Identity and access management in cloud environment: Mechanisms and challenges, Engineering Science and Technology, an International Journal, vol. 21, no. 4. Elsevier B.V., pp. 574–588, Aug. 01, 10.1016/j.jestch.2018.05.010
Sun X (2018) Critical Security Issues in Cloud Computing: A Survey, Proc. – 4th IEEE Int. Conf. Big Data Secur. Cloud, BigDataSecurity 4th IEEE Int. Conf. High Perform. Smart Comput. HPSC 2018 3rd IEEE Int. Conf. Intell. Data Secur., no. 1, pp. 216–221, 2018, 10.1109/BDS/HPSC/IDS18.2018.00053
Gayatri P, Venunath M, Subhashini V, Umar S (2018) Securities and threats of cloud computing and solutions, Proc. 2nd Int. Conf. Inven. Syst. Control. ICISC no. Icisc, pp. 1162–1166, 2018, 10.1109/ICISC.2018.8398987
Kritikos K, Kirkham T, Kryza B, Massonet P (2017) Towards a security-enhanced PaaS platform for multi-cloud applications. Futur Gener Comput Syst 67:206–226. 10.1016/j.future.2016.10.008
Syed HJ, Gani A, Ahmad RW, Khan MK, Ahmed AIA (2017) Cloud monitoring: A review, taxonomy, and open research issues, J. Netw. Comput. Appl., vol. 98, no. July, pp. 11–26, 10.1016/j.jnca.2017.08.021
Singh A, Chatterjee K (2016) Cloud security issues and challenges: A survey, J. Netw. Comput. Appl., vol. 79, no. November pp. 88–115, 2017, 10.1016/j.jnca.2016.11.027
Shirazi SN, Gouglidis A, Farshad A, Hutchison D (2017) The extended cloud: Review and analysis of mobile edge computing and fog from a security and resilience perspective. IEEE J Sel Areas Commun 35(11):2586–2595. 10.1109/JSAC.2017.2760478
Gonzalez NM, de Carvalho TCM, Miers CC (Dec. 2017) Cloud resource management: towards efficient execution of large-scale scientific applications and workflows on complex infrastructures. J Cloud Comput 6(1). 10.1186/S13677-017-0081-4
Khan MA (2016) A survey of security issues for cloud computing. J Netw Comput Appl 71:11–29. 10.1016/j.jnca.2016.05.010
Iqbal S et al (2016) On cloud security attacks: A taxonomy and intrusion detection and prevention as a service. J Netw Comput Appl 74:98–120. 10.1016/j.jnca.2016.08.016
Joshi BK, Shrivastava MK, Joshi B (Sep. 2016) Security threats and their mitigation in infrastructure as a service. Perspect Sci 8:462–464. 10.1016/J.PISC.2016.05.001
Kholidy HA, Erradi A, Abdelwahed S, Baiardi F (Nov. 2016) A risk mitigation approach for autonomous cloud intrusion response system. Computing 98(11):1111–1135. 10.1007/S00607-016-0495-8
Ouedraogo M, Mignon S, Cholez H, Furnell S, Dubois E (2015) Security transparency: the next frontier for security research in the cloud. J Cloud Comput 4(1). 10.1186/s13677-015-0037-5
Bauman E, Ayoade G, Lin Z (2015) A survey on hypervisor-based monitoring: Approaches, applications, and evolutions. ACM Comput Surv 48(1). 10.1145/2775111
Gao T, Jia X, Jiang R, He Y, Zhang T, Yang M (2022) Trusted Cloud Service System Based on Block Chain Technology, Wirel. Commun. Mob. Comput., vol. 2022, 10.1155/2022/3704720
Abbas G, Mehmood A, Lloret J, Raza MS, Ibrahim M (Sep. 2020) FIPA-based reference architecture for efficient discovery and selection of appropriate cloud service using cloud ontology. Int J Commun Syst 33(14). 10.1002/dac.4504
Gandhi A, Dube P, Karve A, Kochut A, Zhang L (Jan. 2020) Providing Performance Guarantees for Cloud-Deployed Applications. IEEE Trans Cloud Comput 8(1):269–281. 10.1109/TCC.2017.2771402
Sheikh A, Munro M, Budgen D (2020) A Service Scheduling Security Model for a Cloud Environment. Int J Adv Comput Sci Appl 11(5):1–9. 10.14569/IJACSA.2020.0110501
Aslam M, Bouget S, Raza S (Mar. 2021) Security and trust preserving inter- and intra‐cloud VM migrations. Int J Netw Manag 31(2). 10.1002/NEM.2103
Caglar E, Kirsal Y (2019) Analytical Modelling and Performance Evaluation of Security Issues for Cloud Computing, 27th Signal Process. Commun. Appl. Conf., Apr. 2019, 10.1109/SIU.2019.8806450
Tiburski RT et al (2019) Feb., Lightweight Security Architecture Based on Embedded Virtualization and Trust Mechanisms for IoT Edge Devices, IEEE Commun. Mag., vol. 57, no. 2, pp. 67–73, 10.1109/MCOM.2018.1701047
Kaur S, Kaur G, Shabaz M (2022) A Secure Two-Factor Authentication Framework in Cloud Computing, Secur. Commun. Networks, vol. 2022, 10.1155/2022/7540891
Doriguzzi-Corin R, Scott-Hayward S, Siracusa D, Savi M, Salvadori E (2020) Dynamic and Application-Aware Provisioning of Chained Virtual Security Network Functions, IEEE Trans. Netw. Serv. Manag., vol. 17, no. 1, pp. 294–307, Mar. 10.1109/TNSM.2019.2941128
Popescu DA, Moore AW (2021) Measuring Network Conditions in Data Centers Using the Precision Time Protocol, IEEE Trans. Netw. Serv. Manag., vol. 18, no. 3, pp. 3753–3770, Sep. 10.1109/TNSM.2021.3081536
Jiang X, Pang Z, Luvisotto M, Pan F, Candell R, Fischione C (2019) Using a Large Data Set to Improve Industrial Wireless Communications: Latency, Reliability, and Security, IEEE Ind. Electron. Mag., vol. 13, no. 1, pp. 6–12, Mar. 10.1109/MIE.2019.2893037
Nassif AB, Talib MA, Nasir Q, Albadani H, Dakalbab FM (2021) Machine Learning for Cloud Security: A Systematic Review. IEEE Access 9:20717–20735. 10.1109/ACCESS.2021.3054129
Spanaki K, Gürgüç Z, Mulligan C, Lupu E (2019) Organizational cloud security and control: a proactive approach, Inf. Technol. People, vol. 32, no. 3, pp. 516–537, Jun. 10.1108/ITP-04-2017-0131
Aljumah A, Ahanger TA (2020) Cyber security threats, challenges and defence mechanisms in cloud computing, IET Commun., vol. 14, no. 7, pp. 1185–1191, Apr. 10.1049/IET-COM.2019.0040
Liang W et al (2022) PDPChain: A Consortium Blockchain-Based Privacy Protection Scheme for Personal Data. IEEE Trans Reliab 1–13. 10.1109/TR.2022.3190932
Shakarami A, Ghobaei-Arani M, Shahidinejad A, Masdari M, Shakarami H (2021) Data replication schemes in cloud computing: a survey, Cluster Comput., vol. 24, no. 3, pp. 2545–2579, Sep. 10.1007/S10586-021-03283-7/FIGURES/17
Srikanth GU, Jaffrin LC (Feb. 2022) Security Issues in Cloud and Mobile cloud: A Comprehensive Survey. Inf Secur J Glob Perspect 1–25. 10.1080/19393555.2022.2035470
Alghofaili Y, Albattah A, Alrajeh N, Rassam MA, Al-Rimy BAS, Secure Cloud Infrastructure: A Survey on Issues, Current Solutions, and, Challenges O (2021) Appl. Sci. Vol. 11, Page 9005, vol. 11, no. 19, p. 9005, Sep. 2021, 10.3390/APP11199005
Farsi M, Ali M, Shah RA, Wagan AA, Kharabsheh R (2020) Cloud computing and data security threats taxonomy: A review. J Intell Fuzzy Syst 38(3):2529–2537. 10.3233/JIFS-179539
Garg D, Sidhu J, Rani S (2020) A note on cloud computing security. Int J Ad Hoc Ubiquitous Comput 33(3):133–154. 10.1504/IJAHUC.2020.106644
Shakarami A, Ghobaei-Arani M, Shahidinejad A, Masdari M, Shakarami H (2021) Data replication schemes in cloud computing: a survey. no 3 Springer US 24. 10.1007/s10586-021-03283-7
Shafiq DA, Jhanjhi NZ, Abdullah A, Alzain MA (2021) A Load Balancing Algorithm for the Data Centres to Optimize Cloud Computing Applications. IEEE Access 9:41731–41744. 10.1109/ACCESS.2021.3065308
Tiwari PK, Joshi S (2020) Dynamic management of resources in cloud computing, Int. J. Softw. Innov., vol. 8, no. 1, pp. 65–81, Jan. 10.4018/IJSI.2020010104
Remesh Babu KR, Samuel P (2019) Service-level agreement–aware scheduling and load balancing of tasks in cloud, Softw. Pract. Exp., vol. 49, no. 6, pp. 995–1012, Jun. 10.1002/SPE.2692
Alghofaili Y, Albattah A, Alrajeh N, Rassam MA, Al-Rimy BAS (2021) Secure cloud infrastructure: A survey on issues, current solutions, and open challenges. Appl Sci (Switzerland) 11:19. 10.3390/app11199005
Metwally K, Jarray A, Karmouch A (2020) A Distributed Auction-based Framework for Scalable IaaS Provisioning in Geo-Data Centers, IEEE Trans. Cloud Comput., vol. 8, no. 3, pp. 647–659, Jul. 10.1109/TCC.2018.2808531
Jayathilaka H, Krintz C, Wolski R (2020) Detecting Performance Anomalies in Cloud Platform Applications, IEEE Trans. Cloud Comput., vol. 8, no. 3, pp. 764–777, Jul. 10.1109/TCC.2018.2808289
Gupta R, Tanwar S, Tyagi S, Kumar N (2019) Machine Learning Models for Secure Data Analytics: A taxonomy and threat model, Comput. Commun., vol. 153, no. November pp. 406–440, 2020, 10.1016/j.comcom.2020.02.008
Greitzer FL, Purl J, Leong YM, Sticha PJ (Apr. 2019) Positioning Your Organization to Respond to Insider Threats. IEEE Eng Manag Rev 47(2):75–83. 10.1109/EMR.2019.2914612
Zeng M, Dian C, Wei Y (2022) Risk Assessment of Insider Threats Based on IHFACS-BN, Sustain. 2023, Vol. 15, Page 491, vol. 15, no. 1, p. 491, Dec. 10.3390/SU15010491
Moura J, Hutchison D (2016) Review and analysis of networking challenges in cloud computing. J Netw Comput Appl 60:113–129. 10.1016/j.jnca.2015.11.015
Al Mudawi N, Beloff N, White M (2020) Issues and challenges: Cloud computing e-government in developing countries. Int J Adv Comput Sci Appl 11(4):7–11. 10.14569/IJACSA.2020.0110402
Mansouri N, Javidi MM, Mohammad Hasani B, Zade (2021) A CSO-based approach for secure data replication in cloud computing environment. J Supercomput 77(6):5882–5933. 10.1007/s11227-020-03497-3
Luo Q, Hu S, Li C, Li G, Shi W (2021) Resource Scheduling in Edge Computing: A Survey. IEEE Commun Surv Tutorials 23(4):2131–2165. 10.1109/COMST.2021.3106401
Verma G, Adhikari S (Nov. 2020) Cloud Computing Security Issues: a Stakeholder’s Perspective. SN Comput Sci 1(6):1–8. 10.1007/S42979-020-00353-2/METRICS
Ponnuviji N, Prem V (2018) Comprehensive challenges on Cloud Service Broker architecture for efficient Cloud Service selection for secured data transmission. Int J Pure Appl Math 118(24):1–13

The authors declare no competing interests.

Download PDF

Version 1

posted

You are reading this latest preprint version

Uncovering Cloud Security Complexities-A Comprehensive Five-Perspective Taxonomic Review

Status:

Version 1

Abstract

Figures

1. Introduction

1.1. Motivation:

2. Cloud computing architecture and its working overview

2.1. Cloud computing service models

2.1.1. Infrastructure as a service (IaaS)

2.1.2. Platform as a service (PaaS)

2.1.3. Software as a service (SaaS)

2.2. Cloud computing deployment models

2.2.1. Public cloud

2.2.2. Private Cloud

2.2.3. Hybrid cloud

2.2.4. Community cloud

2.3. Actors/Stakeholders in NIST Cloud Computing Architecture

2.4. Section Summary: Understanding Cloud Security; Setting the Stage for Challenges

3. Research methodology

3.1. Search Strategy

3.2. Publication Selection

3.3. INCLUSION EXCLUSION CRITERIA

3.3.1. Inclusion Criteria (IC)

3.3.2. Exclusion Criteria (EC)

3.3.3. Study Quality Assessment

4. Cloud computing challenges

4.1. Insights from Table 3

4.2. frequency and factor analysis

4.2.1. Correlation matrix between each pair of perspectives

4.2.2. Insights from Table 4

4.2.3. Kaiser-Meyer-Olkin (KMO) test

4.2.4. Insights from Table 6

4.2.5. Factor Loading

4.2.6. Insights from Table 7

5. Challenges at the cloud architecture level

6. Challenges at the cloud services level

7. Challenges at the Network Level

8. Challenges at the Data Level

9. Challenges at Stake Holders' Level

10. Possible Solutions and Conclusion

Conclusion

Declarations

CONFLICT OF INTEREST:

References

Additional Declarations

Status:

Version 1