research paper on security issues in cloud computing

A Review on Security Vulnerabilities in Cloud Computing

• Conference paper
• First Online: 31 August 2024
• Cite this conference paper

• Juvi Bharti 39 &
• Sarpreet Singh 39  

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 1189))

Included in the following conference series:

• International Conference on Data, Engineering and Applications

Cloud computing is a shared pool of programmable computer system resources and higher-level services that can be instantly delivered through the Internet with minimum administrative work. It offers huge benefits, but it poses numerous security dangers. Before migrating their computing, storage, and applications to the cloud, customers must comprehend upcoming dangers and weaknesses, as well as consider potential responses. Due to the escalating dangers in the cloud environment, the identification of its weaknesses and the most effective instructions for enhancing security have become crucial for all activities conducted there. In this document, for each risk, there is a list of possible countermeasures that are already in place.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save.

• Get 10 units per month
• Download Article/Chapter or eBook
• 1 Unit = 1 Article or 1 Chapter
• Cancel anytime
• Available as PDF
• Read on any device
• Instant download
• Own it forever
• Available as EPUB and PDF
• Durable hardcover edition
• Dispatched in 3 to 5 business days
• Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Grover J, Sharma M et al (2014) Cloud computing and its security issues—A reviews. In: IEEE 5th ICCCNT

Google Scholar  

Zhang Q, Cheng L et al (2010) Cloud computing: state of the art and research challenges. Int J Internet Serv Appl 1(1):7–18

Article   Google Scholar  

Cafaro M, Aloisio G (2010) Grids, clouds and virtualization. Springer, p 7. ISBN 978-1-4471-2592-1

Ma X (2012) Security concerns in cloud computing. In: 4th international conference on computational and information science

Rittinghouse J, Ransom J (2010) Cloud computing: implementation, management and security. CRC Press, Taylor & Francis Group, Boca Raton

Bernsmed et al (2012) Thunder in the clouds: security challenges and solutions for federated clouds. In: 4th IEEE international conference on cloud computing technology and science proceedings

Metheny M (2012) Federal cloud computing : the definitive guide for cloud service providers. Elsevier Science

Chou T-S (2013) Security threats on cloud computing vulnerabilities. Int J Comput Sci Inf Technol 5(3):79–88

Takabi H, Joshi JBD, Ahn G (2010) Security and privacy challenges in cloud computing environments, security & privacy. IEEE 8(6):24–31

Chakraborty R, Ramireddy S, Raghu TS, Rao HR (2010) The information assurance practices of cloud computing vendors. IT Professional 12:29–37

Musa FA, Sani SM (2014) Security threats and countermeasures in cloud computing. Int Res J Electron Comput Eng

Sen J (2018) Security and privacy issues cloud computing. https://pdfs.semanticscholar.org/4dc3/70d253020947a8e66b701e12dd0233161229.pdf . Accessed 11 April 2018

R. Security and privacy in cloud computing. Spring, April 2017

Khormali A, Mohaisen A, Saad M (2018) End-to-End analysis of in-browser cryptojacking

Alhaidary M, Rahman SMM, Gupta BB et al (2018) Vulnerability analysis for the authentication protocols in trusted computing platforms and proposed enhancement of the Off-PAD protocol. IEEE Access 6:6071–6081

Yesilyurt M, Yalman Y (2016) New approach for ensuring cloud computing security: using data hiding methods. Sadhana 41(11):1289–1298

Khalil IM, Khreishah A, Azeem M (2014) Cloud computing security: a survey. Computers 1–35

Ashraf M, Kamel F (2015) Vendor lock-in in the transition to a cloud computing platform. In: Degree project in communication systems second level Stockholm, Sweden, pp 1–42

Dhote C, Potey MM et al (2013) Cloud computing—Understanding risk, threats, vulnerability and controls: a survey. Int J Comput Appl 67:9–14

Jamil D, Zaki H (2011) Security issues in cloud computing and countermeasures. Int J Eng Sci Technol 3(4):2672–2676

Barakat OL et al (2013) Malware analysis performance enhancement using cloud computing,. J Comput Virol Hacking Tech 10(1):1–10

Singh S, Jeong Y-S, Park JH (2016) A survey on cloud computing security: issues, threats, and 86 solutions. J Netw Comput Appl 75:200–222

Rocha F, Abreu S, Correia M (2011) The final frontier: confidentiality and privacy in the cloud. IEEE Comput 44(9):44–50

Pearson S, Yee G (2013) Privacy and security for cloud computing. Springer

Morabito V (2014) Big data in trends and challenges in digital business innovation. Springer Intl. Publishing, pp 3–21

Duncan AJ, Creese S, Goldsmith M (2012) Insider attacks in cloud computing. In: 11th IEEE international conference on trust, security and privacy in computing and communications, TrustCom, pp 857–862

Thampi SM, Zomaya AY, Strufe T, AlcarazCalero JM, Thomas T (2012) Recent trends in computer networks and distributed systems security. In: International conference on security in computer networks and distributed systems, vol 335, Springer

Das SK, Kant K, Zhang N (2012) Handbook on securing cyber-physical critical infrastructure. Morgan Kaufmann

Buyya R, Vecchiola C, Selvi ST (2013) Mastering cloud computing : foundations and applications programming. Morgan Kaufmann

Tang Y, Lee PPC, Lui JCS, Perlman R (2012) Secure overlay cloud storage with access control and assured deletion. IEEE Trans Depend Secur Comput 9(6):903–916

Seddon JJM, Currie WL (2013) Cloud computing and trans-border health data: Unpacking U.S. 95 and EU healthcare regulation and compliance. Health Policy Technol 2(4):pp 229–241

Bansal P, Siddharth S, Agarwal A (2016) Evolution of cloud computing and related security concerns

Alouane M, El Bakkali H (2015) Security, privacy and trust in cloud computing: a comparative study. In: International conference on cloud technologies and applications (CloudTech), pp 1–8

Alani MM (2014) Securing the cloud: threats, attacks and mitigation techniques. J Adv Comput Sci Technol 3(2):202–213

Ardagna CA (2015) From security to assurance in the cloud: a survey 48(50)

Srinivasan S (2014) Security, trust, and regulatory aspects of cloud computing in business environments. IGI-Global

Harfoushi O, Alfawwaz B, Ghatasheh NA, Obiedat R, Abu-Faraj MM, Faris H (2014) Data security issues and challenges in cloud computing: a conceptual analysis and review. Commun Netw 6(1):15–21

Barona R, Anita EAM (2017) A survey on data breach challenges in cloud computing security: Issues and threats. In: International conference on circuit, power and computing technologies

Alhenaki L (2019) A survey on the security of cloud computing. Institute of Electrical and Electronics Engineers

Stallings W (2013) Network security essential: applications and standards. Pearson Education India

Saranya K, Mohanapriya R et al (2014) a review on symmetric key encryption techniques in cryptography. Int J Sci Eng Technol 3(3):539–544

Lal NA, Prasad S, Farik M (2016) A review of authentication methods. Int J Sci Technol Res 5(11)

Chandrasekhar AM, Sahana K, Yashaswini K (2016) Securing cloud environment using firewall and VPN. Int J Adv Res Comput Sci Softw Eng Res 6(1):151–156

Mohammed I, Saleh A, Hamdan HM (2018) On studying the antivirus behavior on Kernel activitie. In: Proceedings of the international conference on frontiers of information technology, April 2018, pp 1–6

Prajapati GI, Surati SB (2017) A review on Ransom ware detection & prevention. Int J Res Sci Innov 4(9):86–91

Anjana, Singh A (2018) Security concerns and countermeasures in cloud computing: a qualitative analysis. Int J Inf Technol

Grabhall K, Jadyal N et al (2016) Data portioning technique to improve cloud data storage security. Int J Adv Res Comput Commun Eng 5

Parisha, Khanna P et al (2017) Hash function based data portioning in cloud computing for secured cloud storage. Int J Eng Res Appl 7(7):1–6

Ouedrogo et al (2015) Security transparency: the next frontier for security research in the cloud. J Cloud Comput: Adv Syst Appl 4(12)

Hashizume et al (2013) An analysis of security issues for cloud computing. J Internet Serv Appl 4(5)

Noura NH, Chenab A et al (2021) Robotics cyber security: vulnerabilities, attacks, countermeasures and recommendations. Int J Inf Secur 115–158

Masud M, Najmi YK et al (2021) A survey on security threats and countermeasures in IoT to achive users confidentiality and realibility

Humayun M, Niazi NZ et al (2020) Cyber security threats and vulnerabilities: a systematic mapping study. Arab J Sci Eng

Janrga A, Singh N (2017) Challenges and prosperity research in cloud computing. Int J Comput Trends Technol 49:200–205

Axon (2018) An introductory paper to the main issues and potential areas for government action Cloud Computing for the Public Sector and its Policy Implications. April

Dar AR, Ravindran D (2018) A comprehensive study on cloud computing paradigm. Int J Adv Res Sci Eng 7(4):235–242

Download references

Author information

Authors and affiliations.

Department of Computer Science, Sri Guru Granth Sahib World University, Punjab, India

Juvi Bharti & Sarpreet Singh

You can also search for this author in PubMed   Google Scholar

Corresponding author

Correspondence to Sarpreet Singh .

Editor information

Editors and affiliations.

Rajiv Gandhi Technical University, Bhopal, Madhya Pradesh, India

Jitendra Agrawal

Oriental Institute of Science and Technology, Bhopal, Madhya Pradesh, India

Rajesh K. Shukla

Sanjeev Sharma

National Kaohsiung University of Science and Technology, Kaohsiung, Taiwan

Chin-Shiuh Shieh

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Cite this paper.

Bharti, J., Singh, S. (2024). A Review on Security Vulnerabilities in Cloud Computing. In: Agrawal, J., Shukla, R.K., Sharma, S., Shieh, CS. (eds) Data Engineering and Applications. IDEA 2022. Lecture Notes in Electrical Engineering, vol 1189. Springer, Singapore. https://doi.org/10.1007/978-981-97-2451-2_16

Download citation

DOI : https://doi.org/10.1007/978-981-97-2451-2_16

Published : 31 August 2024

Publisher Name : Springer, Singapore

Print ISBN : 978-981-97-2450-5

Online ISBN : 978-981-97-2451-2

eBook Packages : Intelligent Technologies and Robotics Intelligent Technologies and Robotics (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Publish with us

Policies and ethics

• Find a journal
• Track your research

We apologize for the inconvenience...

To ensure we keep this website safe, please can you confirm you are a human by ticking the box below.

If you are unable to complete the above request please contact us using the below link, providing a screenshot of your experience.

https://ioppublishing.org/contacts/

• Corpus ID: 18061976

Cloud Computing: Security Issues and Research Challenges

• R. Padhy , M. Patra , +1 author Oracle India Pvt
• Published 2011
• Computer Science, Engineering

Figures from this paper

228 Citations

Challenges and opportunities with cloud computing.

• Highly Influenced

Security and privacy issues for cloud computing and its challenges

A comprehensive review on cloud computing security, security challenges over cloud environment from service provider prospective, cloud security: a big challenge, issues and solutions, cloud computing: security issues and security methods, a survey on security issues and vulnerabilities on cloud computing, confidentiality of database for secure information in cloud computing using table collide storage model, study of data security and privacy preserving solutions in cloud computing, 27 references, cloud security issues, cloud computing: distributed internet computing for it and scientific research, cloud security: a comprehensive guide to secure cloud computing, on technical security issues in cloud computing, a survey on security issues in service delivery models of cloud computing, ensuring data storage security in cloud computing, the insider threat in cloud computing, cloud security and privacy, securing cloud from ddos attacks using intrusion detection system in virtual machine, multi-level authentication technique for accessing cloud services, related papers.

Showing 1 through 3 of 0 Related Papers

• Open access
• Published: 27 February 2013

An analysis of security issues for cloud computing

• Keiko Hashizume 1 ,
• David G Rosado 2 ,
• Eduardo Fernández-Medina 2 &
• Eduardo B Fernandez 1  

Journal of Internet Services and Applications volume  4 , Article number:  5 ( 2013 ) Cite this article

283k Accesses

366 Citations

7 Altmetric

Metrics details

Cloud Computing is a flexible, cost-effective, and proven delivery platform for providing business or consumer IT services over the Internet. However, cloud Computing presents an added level of risk because essential services are often outsourced to a third party, which makes it harder to maintain data security and privacy, support data and service availability, and demonstrate compliance. Cloud Computing leverages many technologies (SOA, virtualization, Web 2.0); it also inherits their security issues, which we discuss here, identifying the main vulnerabilities in this kind of systems and the most important threats found in the literature related to Cloud Computing and its environment as well as to identify and relate vulnerabilities and threats with possible solutions.

1. Introduction

The importance of Cloud Computing is increasing and it is receiving a growing attention in the scientific and industrial communities. A study by Gartner [ 1 ] considered Cloud Computing as the first among the top 10 most important technologies and with a better prospect in successive years by companies and organizations.

Cloud Computing enables ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Cloud Computing appears as a computational paradigm as well as a distribution architecture and its main objective is to provide secure, quick, convenient data storage and net computing service, with all computing resources visualized as services and delivered over the Internet [ 2 , 3 ]. The cloud enhances collaboration, agility, scalability, availability, ability to adapt to fluctuations according to demand, accelerate development work, and provides potential for cost reduction through optimized and efficient computing [ 4 – 7 ].

Cloud Computing combines a number of computing concepts and technologies such as Service Oriented Architecture (SOA), Web 2.0, virtualization and other technologies with reliance on the Internet, providing common business applications online through web browsers to satisfy the computing needs of users, while their software and data are stored on the servers [ 5 ]. In some respects, Cloud Computing represents the maturing of these technologies and is a marketing term to represent that maturity and the services they provide [ 6 ].

Although there are many benefits to adopting Cloud Computing, there are also some significant barriers to adoption. One of the most significant barriers to adoption is security, followed by issues regarding compliance, privacy and legal matters [ 8 ]. Because Cloud Computing represents a relatively new computing model, there is a great deal of uncertainty about how security at all levels (e.g., network, host, application, and data levels) can be achieved and how applications security is moved to Cloud Computing [ 9 ]. That uncertainty has consistently led information executives to state that security is their number one concern with Cloud Computing [ 10 ].

Security concerns relate to risk areas such as external data storage, dependency on the “public” internet, lack of control, multi-tenancy and integration with internal security. Compared to traditional technologies, the cloud has many specific features, such as its large scale and the fact that resources belonging to cloud providers are completely distributed, heterogeneous and totally virtualized. Traditional security mechanisms such as identity, authentication, and authorization are no longer enough for clouds in their current form [ 11 ]. Security controls in Cloud Computing are, for the most part, no different than security controls in any IT environment. However, because of the cloud service models employed, the operational models, and the technologies used to enable cloud services, Cloud Computing may present different risks to an organization than traditional IT solutions. Unfortunately, integrating security into these solutions is often perceived as making them more rigid [ 4 ].

Moving critical applications and sensitive data to public cloud environments is of great concern for those corporations that are moving beyond their data center’s network under their control. To alleviate these concerns, a cloud solution provider must ensure that customers will continue to have the same security and privacy controls over their applications and services, provide evidence to customers that their organization are secure and they can meet their service-level agreements, and that they can prove compliance to auditors [ 12 ].

We present here a categorization of security issues for Cloud Computing focused in the so-called SPI model (SaaS, PaaS and IaaS), identifying the main vulnerabilities in this kind of systems and the most important threats found in the literature related to Cloud Computing and its environment. A threat is a potential attack that may lead to a misuse of information or resources, and the term vulnerability refers to the flaws in a system that allows an attack to be successful. There are some surveys where they focus on one service model, or they focus on listing cloud security issues in general without distinguishing among vulnerabilities and threats. Here, we present a list of vulnerabilities and threats, and we also indicate what cloud service models can be affected by them. Furthermore, we describe the relationship between these vulnerabilities and threats; how these vulnerabilities can be exploited in order to perform an attack, and also present some countermeasures related to these threats which try to solve or improve the identified problems.

The remainder of the paper is organized as follows: Section 2 presents the results obtained from our systematic review. Next, in Section 3 we define in depth the most important security aspects for each layer of the Cloud model. Later, we will analyze the security issues in Cloud Computing identifying the main vulnerabilities for clouds, the most important threats in clouds, and all available countermeasures for these threats and vulnerabilities. Finally, we provide some conclusions.

1.1 Systematic review of security issues for cloud computing

We have carried out a systematic review [ 13 – 15 ] of the existing literature regarding security in Cloud Computing, not only in order to summarize the existing vulnerabilities and threats concerning this topic but also to identify and analyze the current state and the most important security issues for Cloud Computing.

1.2 Question formalization

The question focus was to identify the most relevant issues in Cloud Computing which consider vulnerabilities, threats, risks, requirements and solutions of security for Cloud Computing. This question had to be related with the aim of this work; that is to identify and relate vulnerabilities and threats with possible solutions. Therefore, the research question addressed by our research was the following: What security vulnerabilities and threats are the most important in Cloud Computing which have to be studied in depth with the purpose of handling them? The keywords and related concepts that make up this question and that were used during the review execution are: secure Cloud systems, Cloud security, delivery models security, SPI security, SaaS security, Paas security, IaaS security, Cloud threats, Cloud vulnerabilities, Cloud recommendations, best practices in Cloud.

1.3 Selection of sources

The selection criteria through which we evaluated study sources was based on the research experience of the authors of this work, and in order to select these sources we have considered certain constraints: studies included in the selected sources must be written in English and these sources must be web-available. The following list of sources has been considered: ScienceDirect, ACM digital library, IEEE digital library, Scholar Google and DBLP. Later, the experts will refine the results and will include important works that had not been recovered in these sources and will update these work taking into account other constraints such as impact factor, received cites, important journals, renowned authors, etc.

Once the sources had been defined, it was necessary to describe the process and the criteria for study selection and evaluation. The inclusion and exclusion criteria of this study were based on the research question. We therefore established that the studies must contain issues and topics which consider security on Cloud Computing, and that these studies must describe threats, vulnerabilities, countermeasures, and risks.

1.4 Review execution

During this phase, the search in the defined sources must be executed and the obtained studies must be evaluated according to the established criteria. After executing the search chain on the selected sources we obtained a set of about 120 results which were filtered with the inclusion criteria to give a set of about 40 relevant studies. This set of relevant studies was again filtered with the exclusion criteria to give a set of studies which corresponds with 15 primary proposals [ 4 , 6 , 10 , 16 – 27 ].

2. Results and discussion

The results of the systematic review are summarized in Table  1 which shows a summary of the topics and concepts considered for each approach.

As it is shown in Table  1 , most of the approaches discussed identify, classify, analyze, and list a number of vulnerabilities and threats focused on Cloud Computing. The studies analyze the risks and threats, often give recommendations on how they can be avoided or covered, resulting in a direct relationship between vulnerability or threats and possible solutions and mechanisms to solve them. In addition, we can see that in our search, many of the approaches, in addition to speaking about threats and vulnerabilities, also discuss other issues related to security in the Cloud such as the data security, trust, or security recommendations and mechanisms for any of the problems encountered in these environments.

2.1 Security in the SPI model

The cloud model provides three types of services [ 21 , 28 , 29 ]:

Software as a Service (SaaS). The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email).

Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure his own applications without installing any platform or tools on their local machines. PaaS refers to providing platform layer resources, including operating system support and software development frameworks that can be used to build higher-level services.

Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications.

With SaaS, the burden of security lies with the cloud provider. In part, this is because of the degree of abstraction, the SaaS model is based on a high degree of integrated functionality with minimal customer control or extensibility. By contrast, the PaaS model offers greater extensibility and greater customer control. Largely because of the relatively lower degree of abstraction, IaaS offers greater tenant or customer control over security than do PaaS or SaaS [ 10 ].

Before analyzing security challenges in Cloud Computing, we need to understand the relationships and dependencies between these cloud service models [ 4 ]. PaaS as well as SaaS are hosted on top of IaaS; thus, any breach in IaaS will impact the security of both PaaS and SaaS services, but also it may be true on the other way around. However, we have to take into account that PaaS offers a platform to build and deploy SaaS applications, which increases the security dependency between them. As a consequence of these deep dependencies, any attack to any cloud service layer can compromise the upper layers. Each cloud service model comprises its own inherent security flaws; however, they also share some challenges that affect all of them. These relationships and dependencies between cloud models may also be a source of security risks. A SaaS provider may rent a development environment from a PaaS provider, which might also rent an infrastructure from an IaaS provider. Each provider is responsible for securing his own services, which may result in an inconsistent combination of security models. It also creates confusion over which service provider is responsible once an attack happens.

2.2 Software-as-a-service (SaaS) security issues

SaaS provides application services on demand such as email, conferencing software, and business applications such as ERP, CRM, and SCM [ 30 ]. SaaS users have less control over security among the three fundamental delivery models in the cloud. The adoption of SaaS applications may raise some security concerns.

2.3 Application security

These applications are typically delivered via the Internet through a Web browser [ 12 , 22 ]. However, flaws in web applications may create vulnerabilities for the SaaS applications. Attackers have been using the web to compromise user’s computers and perform malicious activities such as steal sensitive data [ 31 ]. Security challenges in SaaS applications are not different from any web application technology, but traditional security solutions do not effectively protect it from attacks, so new approaches are necessary [ 21 ]. The Open Web Application Security Project (OWASP) has identified the ten most critical web applications security threats [ 32 ]. There are more security issues, but it is a good start for securing web applications.

2.4 Multi-tenancy

SaaS applications can be grouped into maturity models that are determined by the following characteristics: scalability, configurability via metadata, and multi-tenancy [ 30 , 33 ]. In the first maturity model, each customer has his own customized instance of the software. This model has drawbacks, but security issues are not so bad compared with the other models. In the second model, the vendor also provides different instances of the applications for each customer, but all instances use the same application code. In this model, customers can change some configuration options to meet their needs. In the third maturity model multi-tenancy is added, so a single instance serves all customers [ 34 ]. This approach enables more efficient use of the resources but scalability is limited. Since data from multiple tenants is likely to be stored in the same database, the risk of data leakage between these tenants is high. Security policies are needed to ensure that customer’s data are kept separate from other customers [ 35 ]. For the final model, applications can be scaled up by moving the application to a more powerful server if needed.

2.5 Data security

Data security is a common concern for any technology, but it becomes a major challenge when SaaS users have to rely on their providers for proper security [ 12 , 21 , 36 ]. In SaaS, organizational data is often processed in plaintext and stored in the cloud. The SaaS provider is the one responsible for the security of the data while is being processed and stored [ 30 ]. Also, data backup is a critical aspect in order to facilitate recovery in case of disaster, but it introduces security concerns as well [ 21 ]. Also cloud providers can subcontract other services such as backup from third-party service providers, which may raise concerns. Moreover, most compliance standards do not envision compliance with regulations in a world of Cloud Computing [ 12 ]. In the world of SaaS, the process of compliance is complex because data is located in the provider’s datacenters, which may introduce regulatory compliance issues such as data privacy, segregation, and security, that must be enforced by the provider.

2.6 Accessibility

Accessing applications over the internet via web browser makes access from any network device easier, including public computers and mobile devices. However, it also exposes the service to additional security risks. The Cloud Security Alliance [ 37 ] has released a document that describes the current state of mobile computing and the top threats in this area such as information stealing mobile malware, insecure networks (WiFi), vulnerabilities found in the device OS and official applications, insecure marketplaces, and proximity-based hacking.

2.7 Platform-as-a-service (PaaS) security issues

PaaS facilitates deployment of cloud-based applications without the cost of buying and maintaining the underlying hardware and software layers [ 21 ]. As with SaaS and IaaS, PaaS depends on a secure and reliable network and secure web browser. PaaS application security comprises two software layers: Security of the PaaS platform itself (i.e., runtime engine), and Security of customer applications deployed on a PaaS platform [ 10 ]. PaaS providers are responsible for securing the platform software stack that includes the runtime engine that runs the customer applications. Same as SaaS, PaaS also brings data security issues and other challenges that are described as follows:

2.7.1 Third-party relationships

Moreover, PaaS does not only provide traditional programming languages, but also does it offer third-party web services components such as mashups [ 10 , 38 ]. Mashups combine more than one source element into a single integrated unit. Thus, PaaS models also inherit security issues related to mashups such as data and network security [ 39 ]. Also, PaaS users have to depend on both the security of web-hosted development tools and third-party services.

2.7.2 Development Life Cycle

From the perspective of the application development, developers face the complexity of building secure applications that may be hosted in the cloud. The speed at which applications will change in the cloud will affect both the System Development Life Cycle (SDLC) and security [ 12 , 24 ]. Developers have to keep in mind that PaaS applications should be upgraded frequently, so they have to ensure that their application development processes are flexible enough to keep up with changes [ 19 ]. However, developers also have to understand that any changes in PaaS components can compromise the security of their applications. Besides secure development techniques, developers need to be educated about data legal issues as well, so that data is not stored in inappropriate locations. Data may be stored on different places with different legal regimes that can compromise its privacy and security.

2.7.3 Underlying infrastructure security

In PaaS, developers do not usually have access to the underlying layers, so providers are responsible for securing the underlying infrastructure as well as the applications services [ 40 ]. Even when developers are in control of the security of their applications, they do not have the assurance that the development environment tools provided by a PaaS provider are secure.

In conclusion, there is less material in the literature about security issues in PaaS. SaaS provides software delivered over the web while PaaS offers development tools to create SaaS applications. However, both of them may use multi-tenant architecture so multiple concurrent users utilize the same software. Also, PaaS applications and user’s data are also stored in cloud servers which can be a security concern as discussed on the previous section. In both SaaS and PaaS, data is associated with an application running in the cloud. The security of this data while it is being processed, transferred, and stored depends on the provider.

2.8 Infrastructure-as-a-service (IaaS) security issues

IaaS provides a pool of resources such as servers, storage, networks, and other computing resources in the form of virtualized systems, which are accessed through the Internet [ 24 ]. Users are entitled to run any software with full control and management on the resources allocated to them [ 18 ]. With IaaS, cloud users have better control over the security compared to the other models as long there is no security hole in the virtual machine monitor [ 21 ]. They control the software running in their virtual machines, and they are responsible to configure security policies correctly [ 41 ]. However, the underlying compute, network, and storage infrastructure is controlled by cloud providers. IaaS providers must undertake a substantial effort to secure their systems in order to minimize these threats that result from creation, communication, monitoring, modification, and mobility [ 42 ]. Here are some of the security issues associated to IaaS.

2.9 Virtualization

Virtualization allows users to create, copy, share, migrate, and roll back virtual machines, which may allow them to run a variety of applications [ 43 , 44 ]. However, it also introduces new opportunities for attackers because of the extra layer that must be secured [ 31 ]. Virtual machine security becomes as important as physical machine security, and any flaw in either one may affect the other [ 19 ]. Virtualized environments are vulnerable to all types of attacks for normal infrastructures; however, security is a greater challenge as virtualization adds more points of entry and more interconnection complexity [ 45 ]. Unlike physical servers, VMs have two boundaries: physical and virtual [ 24 ].

2.10 Virtual machine monitor

The Virtual Machine Monitor (VMM) or hypervisor is responsible for virtual machines isolation; therefore, if the VMM is compromised, its virtual machines may potentially be compromised as well. The VMM is a low-level software that controls and monitors its virtual machines, so as any traditional software it entails security flaws [ 45 ]. Keeping the VMM as simple and small as possible reduces the risk of security vulnerabilities, since it will be easier to find and fix any vulnerability.

Moreover, virtualization introduces the ability to migrate virtual machines between physical servers for fault tolerance, load balancing or maintenance [ 16 , 46 ]. This useful feature can also raise security problems [ 42 , 43 , 47 ]. An attacker can compromise the migration module in the VMM and transfer a victim virtual machine to a malicious server. Also, it is clear that VM migration exposes the content of the VM to the network, which can compromise its data integrity and confidentiality. A malicious virtual machine can be migrated to another host (with another VMM) compromising it.

2.11 Shared resource

VMs located on the same server can share CPU, memory, I/O, and others. Sharing resources between VMs may decrease the security of each VM. For example, a malicious VM can infer some information about other VMs through shared memory or other shared resources without need of compromising the hypervisor [ 46 ]. Using covert channels, two VMs can communicate bypassing all the rules defined by the security module of the VMM [ 48 ]. Thus, a malicious Virtual Machine can monitor shared resources without being noticed by its VMM, so the attacker can infer some information about other virtual machines.

2.12 Public VM image repository

In IaaS environments, a VM image is a prepackaged software template containing the configurations files that are used to create VMs. Thus, these images are fundamental for the the overall security of the cloud [ 46 , 49 ]. One can either create her own VM image from scratch, or one can use any image stored in the provider’s repository. For example, Amazon offers a public image repository where legitimate users can download or upload a VM image. Malicious users can store images containing malicious code into public repositories compromising other users or even the cloud system [ 20 , 24 , 25 ]. For example, an attacker with a valid account can create an image containing malicious code such as a Trojan horse. If another customer uses this image, the virtual machine that this customer creates will be infected with the hidden malware. Moreover, unintentionally data leakage can be introduced by VM replication [ 20 ]. Some confidential information such as passwords or cryptographic keys can be recorded while an image is being created. If the image is not “cleaned”, this sensitive information can be exposed to other users. VM images are dormant artifacts that are hard to patch while they are offline [ 50 ].

2.13 Virtual machine rollback

Furthermore, virtual machines are able to be rolled back to their previous states if an error happens. But rolling back virtual machines can re-expose them to security vulnerabilities that were patched or re-enable previously disabled accounts or passwords. In order to provide rollbacks, we need to make a “copy” (snapshot) of the virtual machine, which can result in the propagation of configuration errors and other vulnerabilities [ 12 , 44 ].

2.14 Virtual machine life cycle

Additionally, it is important to understand the lifecycle of the VMs and their changes in states as they move through the environment. VMs can be on, off, or suspended which makes it harder to detect malware. Also, even when virtual machines are offline, they can be vulnerable [ 24 ]; that is, a virtual machine can be instantiated using an image that may contain malicious code. These malicious images can be the starting point of the proliferation of malware by injecting malicious code within other virtual machines in the creation process.

2.15 Virtual networks

Network components are shared by different tenants due to resource pooling. As mentioned before, sharing resources allows attackers to launch cross-tenant attacks [ 20 ]. Virtual Networks increase the VMs interconnectivity, an important security challenge in Cloud Computing [ 51 ]. The most secure way is to hook each VM with its host by using dedicated physical channels. However, most hypervisors use virtual networks to link VMs to communicate more directly and efficiently. For instance, most virtualization platforms such as Xen provide two ways to configure virtual networks: bridged and routed, but these techniques increase the possibility to perform some attacks such as sniffing and spoofing virtual network [ 45 , 52 ].

2.16 Analysis of security issues in cloud computing

We systematically analyze now existing security vulnerabilities and threats of Cloud Computing. For each vulnerability and threat, we identify what cloud service model or models are affected by these security problems.

Table  2 presents an analysis of vulnerabilities in Cloud Computing. This analysis offers a brief description of the vulnerabilities, and indicates what cloud service models (SPI) can be affected by them. For this analysis, we focus mainly on technology-based vulnerabilities; however, there are other vulnerabilities that are common to any organization, but they have to be taken in consideration since they can negatively impact the security of the cloud and its underlying platform. Some of these vulnerabilities are the following:

Lack of employee screening and poor hiring practices [ 16 ] – some cloud providers may not perform background screening of their employees or providers. Privileged users such as cloud administrators usually have unlimited access to the cloud data.

Lack of customer background checks – most cloud providers do not check their customer’s background, and almost anyone can open an account with a valid credit card and email. Apocryphal accounts can let attackers perform any malicious activity without being identified [ 16 ].

Lack of security education – people continue to be a weak point in information security [ 53 ]. This is true in any type of organization; however, in the cloud, it has a bigger impact because there are more people that interact with the cloud: cloud providers, third-party providers, suppliers, organizational customers, and end-users.

Cloud Computing leverages many existing technologies such as web services, web browsers, and virtualization, which contributes to the evolution of cloud environments. Therefore, any vulnerability associated to these technologies also affects the cloud, and it can even have a significant impact.

From Table  2 , we can conclude that data storage and virtualization are the most critical and an attack to them can do the most harm. Attacks to lower layers have more impact to the other layers. Table  3 presents an overview of threats in Cloud Computing. Like Table  2 it also describes the threats that are related to the technology used in cloud environments, and it indicates what cloud service models are exposed to these threats. We put more emphasis on threats that are associated with data being stored and processed remotely, sharing resources and the usage of virtualization.

The relationship between threats and vulnerabilities is illustrated in Table  4 , which describes how a threat can take advantage of some vulnerability to compromise the system. The goal of this analysis is also to identify some existing defenses that can defeat these threats. This information can be expressed in a more detailed way using misuse patterns [ 62 ]. Misuse patterns describe how a misuse is performed from the point of view of the attacker. For instance, in threat T10, an attacker can read or tamper with the contents of the VM state files during live migration. This can be possible because VM migration transfer the data over network channels that are often insecure, such as the Internet. Insecure VM migration can be mitigated by the following proposed techniques: TCCP [ 63 ] provides confidential execution of VMs and secure migration operations as well. PALM [ 64 ] proposes a secure migration system that provides VM live migration capabilities under the condition that a VMM-protected system is present and active. Threat 11 is another cloud threat where an attacker creates malicious VM image containing any type of virus or malware. This threat is feasible because any legitimate user can create a VM image and publish it on the provider’s repository where other users can retrieve them. If the malicious VM image contains malware, it will infect other VMs instantiated with this malicious VM image. In order to overcome this threat, an image management system was proposed, Mirage [ 49 ]. It provides the following security management features: access control framework, image filters, provenance tracking system, and repository maintenance services.

2.17 Countermeasures

In this section, we provide a brief description of each countermeasure mentioned before, except for threats T02 and T07.

2.17.1 Countermeasures for T01: account or service hijacking

2.17.1.1 identity and access management guidance.

Cloud Security Alliance (CSA) is a non-profit organization that promotes the use of best practices in order to provide security in cloud environments. CSA has issued an Identity and Access Management Guidance [ 65 ] which provides a list of recommended best practiced to assure identities and secure access management. This report includes centralized directory, access management, identity management, role-based access control, user access certifications, privileged user and access management, separation of duties, and identity and access reporting.

2.17.1.2 Dynamic credentials

[ 66 ] presents an algorithm to create dynamic credentials for mobile cloud computing systems. The dynamic credential changes its value once a user changes its location or when he has exchanged a certain number of data packets.

2.17.2 Countermeasures for T03: data leakage

2.17.2.1 fragmentation-redundancy-scattering (frs) technique.

[ 67 ] this technique aims to provide intrusion tolerance and, in consequence, secure storage. This technique consists in first breaking down sensitive data into insignificant fragments, so any fragment does not have any significant information by itself. Then, fragments are scattered in a redundant fashion across different sites of the distributed system.

2.17.2.2 Digital signatures

[ 68 ] proposes to secure data using digital signature with RSA algorithm while data is being transferred over the Internet. They claimed that RSA is the most recognizable algorithm, and it can be used to protect data in cloud environments.

2.17.2.3 Homomorphic encryption

The three basic operations for cloud data are transfer, store, and process. Encryption techniques can be used to secure data while it is being transferred in and out of the cloud or stored in the provider’s premises. Cloud providers have to decrypt cipher data in order to process it, which raises privacy concerns. In [ 70 ], they propose a method based on the application of fully homomorphic encryption to the security of clouds. Fully homomorphic encryption allows performing arbitrary computation on ciphertexts without being decrypted. Current homomorphic encryption schemes support limited number of homomorphic operations such as addition and multiplication. The authors in [ 77 ] provided some real-world cloud applications where some basic homomorphic operations are needed. However, it requires a huge processing power which may impact on user response time and power consumption.

2.17.2.4 Encryption

Encryption techniques have been used for long time to secure sensitive data. Sending or storing encrypted data in the cloud will ensure that data is secure. However, it is true assuming that the encryption algorithms are strong. There are some well-known encryption schemes such as AES (Advanced Encryption Standard). Also, SSL technology can be used to protect data while it is in transit. Moreover, [ 69 ] describes that encryption can be used to stop side channel attacks on cloud storage de-duplication, but it may lead to offline dictionary attacks reveling personal keys.

2.17.3 Countermeasures for T05: customer data manipulation

2.17.3.1 web application scanners.

Web applications can be an easy target because they are exposed to the public including potential attackers. Web application scanners [ 71 ] is a program which scans web applications through the web front-end in order to identify security vulnerabilities. There are also other web application security tools such as web application firewall. Web application firewall routes all web traffic through the web application firewall which inspects specific threats.

2.17.4 Countermeasures for T06: VM escape

2.17.4.1 hypersafe.

[ 60 ] It is an approach that provides hypervisor control-flow integrity. HyperSafe’s goal is to protect type I hypervisors using two techniques: non-bypassable memory lockdown which protects write-protected memory pages from being modified, and restricted pointed indexing that converts control data into pointer indexes. In order to evaluate the effectiveness of this approach, they have conducted four types of attacks such as modify the hypervisor code, execute the injected code, modify the page table, and tamper from a return table. They concluded that HyperSafe successfully prevented all these attacks, and that the performance overhead is low.

2.17.4.2 Trusted cloud computing platform

TCCP [ 63 ] enables providers to offer closed box execution environments, and allows users to determine if the environment is secure before launching their VMs. The TCCP adds two fundamental elements: a trusted virtual machine monitor (TVMM) and a trusted coordinator (TC). The TC manages a set of trusted nodes that run TVMMs, and it is maintained but a trusted third party. The TC participates in the process of launching or migrating a VM, which verifies that a VM is running in a trusted platform. The authors in [ 78 ] claimed that TCCP has a significant downside due to the fact that all the transactions have to verify with the TC which creates an overload. They proposed to use Direct Anonymous Attestation (DAA) and Privacy CA scheme to tackle this issue.

2.17.4.3 Trusted virtual datacenter

TVDc [ 73 , 74 ] insures isolation and integrity in cloud environments. It groups virtual machines that have common objectives into workloads named Trusted Virtual Domains (TVDs). TVDc provides isolation between workloads by enforcing mandatory access control, hypervisor-based isolation, and protected communication channels such as VLANs. TVDc provides integrity by employing load-time attestation mechanism to verify the integrity of the system.

2.17.5 Countermeasures for T08: malicious virtual machine creation

2.17.5.1 mirage.

In [ 49 ], the authors propose a virtual machine image management system in a cloud computing environments. This approach includes the following security features: access control framework, image filters, a provenance tracking, and repository maintenance services. However, one limitation of this approach is that filters may not be able to scan all malware or remove all the sensitive data from the images. Also, running these filters may raise privacy concerns because they have access to the content of the images which can contain customer’s confidential data.

2.17.6 Countermeasures for T09: insecure virtual machine migration

2.17.6.1 protection aegis for live migration of vms (palm).

[ 64 ] proposes a secure live migration framework that preserves integrity and privacy protection during and after migration. The prototype of the system was implemented based on Xen and GNU Linux, and the results of the evaluation showed that this scheme only adds slight downtime and migration time due to encryption and decryption.

2.17.6.2 VNSS

[ 52 ] proposes a security framework that customizes security policies for each virtual machine, and it provides continuous protection thorough virtual machine live migration. They implemented a prototype system based on Xen hypervisors using stateful firewall technologies and userspace tools such as iptables, xm commands program and conntrack-tools. The authors conducted some experiments to evaluate their framework, and the results revealed that the security policies are in place throughout live migration.

2.17.7 Countermeasures for T010: sniffing/spoofing virtual networks

2.17.7.1 virtual network security.

Wu and et al. [ 51 ] presents a virtual network framework that secures the communication among virtual machines. This framework is based on Xen which offers two configuration modes for virtual networks: “bridged” and “routed”. The virtual network model is composed of three layers: routing layers, firewall, and shared networks, which can prevent VMs from sniffing and spoofing. An evaluation of this approach was not performed when this publication was published.

Furthermore, web services are the largest implementation technology in cloud environments. However, web services also lead to several challenges that need to be addressed. Security web services standards describe how to secure communication between applications through integrity, confidentiality, authentication and authorization. There are several security standard specifications [ 79 ] such as Security Assertion Markup Language (SAML), WS-Security, Extensible Access Control Markup (XACML), XML Digital Signature, XML Encryption, Key Management Specification (XKMS), WS-Federation, WS-Secure Conversation, WS-Security Policy and WS-Trust. The NIST Cloud Computing Standards Roadmap Working Group has gathered high level standards that are relevant for Cloud Computing.

3 Conclusions

Cloud Computing is a relatively new concept that presents a good number of benefits for its users; however, it also raises some security problems which may slow down its use. Understanding what vulnerabilities exist in Cloud Computing will help organizations to make the shift towards the Cloud. Since Cloud Computing leverages many technologies, it also inherits their security issues. Traditional web applications, data hosting, and virtualization have been looked over, but some of the solutions offered are immature or inexistent. We have presented security issues for cloud models: IaaS, PaaS, and IaaS, which vary depending on the model. As described in this paper, storage, virtualization, and networks are the biggest security concerns in Cloud Computing. Virtualization which allows multiple users to share a physical server is one of the major concerns for cloud users. Also, another challenge is that there are different types of virtualization technologies, and each type may approach security mechanisms in different ways. Virtual networks are also target for some attacks especially when communicating with remote virtual machines.

Some surveys have discussed security issues about clouds without making any difference between vulnerabilities and threats. We have focused on this distinction, where we consider important to understand these issues. Enumerating these security issues was not enough; that is why we made a relationship between threats and vulnerabilities, so we can identify what vulnerabilities contribute to the execution of these threats and make the system more robust. Also, some current solutions were listed in order to mitigate these threats. However, new security techniques are needed as well as redesigned traditional solutions that can work with cloud architectures. Traditional security mechanisms may not work well in cloud environments because it is a complex architecture that is composed of a combination of different technologies.

We have expressed three of the items in Table  4 as misuse patterns [ 46 ]. We intend to complete all the others in the future.

Gartner Inc: Gartner identifies the Top 10 strategic technologies for 2011 . Online. Available: . Accessed: 15-Jul-2011 http://www.gartner.com/it/page.jsp?id=1454221 Online. Available: . Accessed: 15-Jul-2011

Zhao G, Liu J, Tang Y, Sun W, Zhang F, Ye X, Tang N: Cloud Computing: A Statistics Aspect of Users. In First International Conference on Cloud Computing (CloudCom), Beijing, China . Heidelberg: Springer Berlin; 2009:347–358.

Google Scholar  

Zhang S, Zhang S, Chen X, Huo X: Cloud Computing Research and Development Trend. In Second International Conference on Future Networks (ICFN’10), Sanya, Hainan, China . Washington, DC, USA: IEEE Computer Society; 2010:93–97.

Chapter   Google Scholar  

Cloud Security Alliance: Security guidance for critical areas of focus in Cloud Computing V3.0. . 2011. Available: https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf Available:

Marinos A, Briscoe G: Community Cloud Computing. In 1st International Conference on Cloud Computing (CloudCom), Beijing, China . Heidelberg: Springer-Verlag Berlin; 2009.

Centre for the Protection of National Infrastructure: Information Security Briefing 01/2010 Cloud Computing . 2010. Available: http://www.cpni.gov.uk/Documents/Publications/2010/2010007-ISB_cloud_computing.pdf Available:

Khalid A: Cloud Computing: applying issues in Small Business. International Conference on Signal Acquisition and Processing (ICSAP’10) 2010, 278–281.

KPMG: From hype to future: KPMG’s 2010 Cloud Computing survey. . 2010. Available: http://www.techrepublic.com/whitepapers/from-hype-to-future-kpmgs-2010-cloud-computing-survey/2384291 Available:

Rosado DG, Gómez R, Mellado D, Fernández-Medina E: Security analysis in the migration to cloud environments. Future Internet 2012, 4(2):469–487.

Article   Google Scholar  

Mather T, Kumaraswamy S, Latif S: Cloud Security and Privacy . Sebastopol, CA: O’Reilly Media, Inc.; 2009.

Li W, Ping L: Trust model to enhance Security and interoperability of Cloud environment. In Proceedings of the 1st International conference on Cloud Computing . Beijing, China: Springer Berlin Heidelberg; 2009:69–79.

Rittinghouse JW, Ransome JF: Security in the Cloud. In Cloud Computing . Implementation, Management, and Security, CRC Press; 2009.

Kitchenham B: Procedures for perfoming systematic review, software engineering group . Australia: Department of Computer Scinece Keele University, United Kingdom and Empirical Software Engineering, National ICT Australia Ltd; 2004. TR/SE-0401 TR/SE-0401

Kitchenham B, Charters S: Guidelines for performing systematic literature reviews in software engineering. Version 2.3 University of keele (software engineering group, school of computer science and mathematics) and Durham . UK: Department of Conputer Science; 2007.

Brereton P, Kitchenham BA, Budgen D, Turner M, Khalil M: Lessons from applying the systematic literature review process within the software engineering domain. J Syst Softw 2007, 80(4):571–583. 10.1016/j.jss.2006.07.009

Cloud Security Alliance: Top Threats to Cloud Computing V1.0 . 2010. Available: https://cloudsecurityalliance.org/research/top-threats Available:

ENISA: Cloud Computing: benefits, risks and recommendations for information Security . 2009. Available: http://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-risk-assessment Available:

Dahbur K, Mohammad B, Tarakji AB: A survey of risks, threats and vulnerabilities in Cloud Computing. In Proceedings of the 2011 International conference on intelligent semantic Web-services and applications . Jordan: Amman; 2011:1–6.

Ertaul L, Singhal S, Gökay S: Security challenges in Cloud Computing. In Proceedings of the 2010 International conference on Security and Management SAM’10 . Las Vegas, US: CSREA Press; 2010:36–42.

Grobauer B, Walloschek T, Stocker E: Understanding Cloud Computing vulnerabilities. IEEE Security Privacy 2011, 9(2):50–57.

Subashini S, Kavitha V: A survey on Security issues in service delivery models of Cloud Computing. J Netw Comput Appl 2011, 34(1):1–11. 10.1016/j.jnca.2010.07.006

Jensen M, Schwenk J, Gruschka N, Iacono LL: On technical Security issues in Cloud Computing. In IEEE International conference on Cloud Computing (CLOUD’09) . 116: 116; 2009:109–116.

Onwubiko C: Security issues to Cloud Computing. In Cloud Computing: principles, systems & applications . Edited by: Antonopoulos N, Gillam L. Springer-Verlag: 2010; 2010.

Morsy MA, Grundy J, Müller I: An analysis of the Cloud Computing Security problem. In Proceedings of APSEC 2010 Cloud Workshop . Sydney, Australia: APSEC; 2010.

Jansen WA: Cloud Hooks: Security and Privacy Issues in Cloud Computing. In Proceedings of the 44th Hawaii International Conference on System Sciences, Koloa, Kauai, HI . Washington, DC, USA: IEEE Computer Society; 2011:1–10.

Zissis D, Lekkas D: Addressing Cloud Computing Security issues. Futur Gener Comput Syst 2012, 28(3):583–592. 10.1016/j.future.2010.12.006

Jansen W, Grance T: Guidelines on Security and privacy in public Cloud Computing . Gaithersburg, MD: NIST, Special Publication 800–144; 2011.

Mell P, Grance T: The NIST definition of Cloud Computing . Gaithersburg, MD: NIST, Special Publication 800–145; 2011.

Zhang Q, Cheng L, Boutaba R: Cloud Computing: state-of-the-art and research challenges. Journal of Internet Services Applications 2010, 1(1):7–18. 10.1007/s13174-010-0007-6

Ju J, Wang Y, Fu J, Wu J, Lin Z: Research on Key Technology in SaaS. In International Conference on Intelligent Computing and Cognitive Informatics (ICICCI), Hangzhou, China . Washington, DC, USA: IEEE Computer Society; 2010:384–387.

Owens D: Securing elasticity in the Cloud. Commun ACM 2010, 53(6):46–51. 10.1145/1743546.1743565

OWASP: The Ten most critical Web application Security risks . 2010. Available: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project Available:

Zhang Y, Liu S, Meng X: Towards high level SaaS maturity model: methods and case study. In Services Computing conference . IEEE Asia-Pacific: APSCC; 2009:273–278.

Chong F, Carraro G, Wolter R: Multi-tenant data architecture . 2006. Online. Available: . Accessed: 05-Jun-2011 http://msdn.microsoft.com/en-us/library/aa479086.aspx Online. Available: . Accessed: 05-Jun-2011

Bezemer C-P, Zaidman A: Multi-tenant SaaS applications: maintenance dream or nightmare? In Proceedings of the Joint ERCIM Workshop on Software Evolution (EVOL) and International Workshop on Principles of Software Evolution (IWPSE), Antwerp, Belgium . NY, USA: ACM New York; 2010:88–92.

Viega J: Cloud Computing and the common Man. Computer 2009, 42(8):106–108.

Cloud Security Alliance: Security guidance for critical areas of Mobile Computing . 2012. Available: https://downloads.cloudsecurityalliance.org/initiatives/mobile/Mobile_Guidance_v1.pdf Available:

Keene C: The Keene View on Cloud Computing . 2009. Online. Available: . Accessed: 16-Jul-2011 http://www.keeneview.com/2009/03/what-is-platform-as-service-paas.html Online. Available: . Accessed: 16-Jul-2011

Xu K, Zhang X, Song M, Song J: Mobile Mashup: Architecture, Challenges and Suggestions. In International Conference on Management and Service Science. MASS’09 . Washington, DC, USA: IEEE Computer Society; 2009:1–4.

Chandramouli R, Mell P: State of Security readiness. Crossroads 2010, 16(3):23–25.

Jaeger T, Schiffman J: Outlook: cloudy with a chance of Security challenges and improvements. IEEE Security Privacy 2010, 8(1):77–80.

Dawoud W, Takouna I, Meinel C: Infrastructure as a service security: Challenges and solutions. In the 7th International Conference on Informatics and Systems (INFOS), Potsdam, Germany . Washington, DC, USA: IEEE Computer Society; 2010:1–8.

Jasti A, Shah P, Nagaraj R, Pendse R: Security in multi-tenancy cloud. In IEEE International Carnahan Conference on Security Technology (ICCST), KS, USA . Washington, DC, USA: IEEE Computer Society; 2010:35–41.

Garfinkel T, Rosenblum M: When virtual is harder than real: Security challenges in virtual machine based computing environments. In Proceedings of the 10th conference on Hot Topics in Operating Systems, Santa Fe, NM. volume 10 . CA, USA: USENIX Association Berkeley; 2005:227–229.

Reuben JS: A survey on virtual machine Security . Seminar on Network Security; 2007. . Technical report, Helsinki University of Technology, October 2007 http://www.tml.tkk.fi/Publications/C/25/papers/Reuben_final.pdf . Technical report, Helsinki University of Technology, October 2007

Hashizume K, Yoshioka N, Fernandez EB: Three misuse patterns for Cloud Computing. In Security engineering for Cloud Computing: approaches and Tools . Edited by: Rosado DG, Mellado D, Fernandez-Medina E, Piattini M. Pennsylvania, United States: IGI Global; 2013:36–53.

Venkatesha S, Sadhu S, Kintali S: Survey of virtual machine migration techniques . Technical report, Dept. of Computer Science, University of California, Santa Barbara: ; 2009. http://www.academia.edu/760613/Survey_of_Virtual_Machine_Migration_Techniques

Ranjith P, Chandran P, Kaleeswaran S: On covert channels between virtual machines. Journal in Computer Virology Springer 2012, 8: 85–97. 10.1007/s11416-012-0168-x

Wei J, Zhang X, Ammons G, Bala V, Ning P: Managing Security of virtual machine images in a Cloud environment. In Proceedings of the 2009 ACM workshop on Cloud Computing Security . NY, USA: ACM New York; 2009:91–96.

Owens K: Securing virtual compute infrastructure in the Cloud . SAVVIS; Available: http://www.savvis.com/en-us/info_center/documents/hos-whitepaper-securingvirutalcomputeinfrastructureinthecloud.pdf Available:

Wu H, Ding Y, Winer C, Yao L: Network Security for virtual machine in Cloud Computing. In 5th International conference on computer sciences and convergence information technology (ICCIT) . DC, USA: IEEE Computer Society Washington; 2010:18–21.

Xiaopeng G, Sumei W, Xianqin C: VNSS: a Network Security sandbox for virtual Computing environment. In IEEE youth conference on information Computing and telecommunications (YC-ICT) . Washington DC, USA: IEEE Computer Society; 2010:395–398.

Popovic K, Hocenski Z: Cloud Computing Security issues and challenges. In Proceedings of the 33rd International convention MIPRO . IEEE Computer Society Washington DC, USA; 2010:344–349.

Carlin S, Curran K: Cloud Computing Security. International Journal of Ambient Computing and Intelligence 2011, 3(1):38–46.

Bisong A, Rahman S: An overview of the Security concerns in Enterprise Cloud Computing. International Journal of Network Security & Its Applications (IJNSA) 2011, 3(1):30–45. 10.5121/ijnsa.2011.3103

Townsend M: Managing a security program in a cloud computing environment. In Information Security Curriculum Development Conference, Kennesaw, Georgia . NY, USA: ACM New York; 2009:128–133.

Winkler V: Securing the Cloud: Cloud computer Security techniques and tactics . Waltham, MA: Elsevier Inc; 2011.

Ristenpart T, Tromer E, Shacham H, Savage S: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM conference on Computer and communications security, Chicago, Illinois, USA . NY, USA: ACM New York; 2009:199–212.

Zhang Y, Juels A, Reiter MK, Ristenpart T: Cross-VM side channels and their use to extract private keys. In Proceedings of the 2012 ACM conference on Computer and communications security, New York, NY, USA . NY, USA: ACM New York; 2012:305–316.

Wang Z, Jiang X: HyperSafe: a lightweight approach to provide lifetime hypervisor control-flow integrity. In Proceedings of the IEEE symposium on Security and privacy . Washington, DC, USA: IEEE Computer Society; 2010:380–395.

Wang C, Wang Q, Ren K, Lou W: Ensuring data Storage Security in Cloud Computing. In The 17th International workshop on quality of service . Washington, DC, USA: IEEE Computer Society; 2009:1–9.

Fernandez EB, Yoshioka N, Washizaki H: Modeling Misuse Patterns. In Proceedings of the 4th Int. Workshop on Dependability Aspects of Data Warehousing and Mining Applications (DAWAM 2009), in conjunction with the 4th Int.Conf. on Availability, Reliability, and Security (ARES 2009), Fukuoka, Japan . Washington, DC, USA: IEEE Computer Society; 2009:566–571.

Santos N, Gummadi KP, Rodrigues R: Towards Trusted Cloud Computing. In Proceedings of the 2009 conference on Hot topics in cloud computing, San Diego, California . CA, USA: USENIX Association Berkeley; 2009.

Zhang F, Huang Y, Wang H, Chen H, Zang B: PALM: Security Preserving VM Live Migration for Systems with VMM-enforced Protection. In Trusted Infrastructure Technologies Conference, 2008. APTC’08, Third Asia-Pacific . Washington, DC, USA: IEEE Computer Society; 2008:9–18.

Cloud Security Alliance: SecaaS implementation guidance, category 1: identity and Access managament . 2012. Available: https://downloads.cloudsecurityalliance.org/initiatives/secaas/SecaaS_Cat_1_IAM_Implementation_Guidance.pdf Available:

Xiao S, Gong W: Mobility Can help: protect user identity with dynamic credential. In Eleventh International conference on Mobile data Management (MDM) . Washington, DC, USA: IEEE Computer Society; 2010:378–380.

Wylie J, Bakkaloglu M, Pandurangan V, Bigrigg M, Oguz S, Tew K, Williams C, Ganger G, Khosla P: Selecting the right data distribution scheme for a survivable Storage system . Pittsburgh, PA: CMU-CS-01–120; 2001.

Somani U, Lakhani K, Mundra M: Implementing digital signature with RSA encryption algorithm to enhance the data Security of Cloud in Cloud Computing. In 1st International conference on parallel distributed and grid Computing (PDGC) . IEEE Computer Society Washington, DC, USA; 2010:211–216.

Harnik D, Pinkas B, Shulman-Peleg A: Side channels in Cloud services: deduplication in Cloud Storage. IEEE Security Privacy 2010, 8(6):40–47.

Tebaa M, El Hajji S, El Ghazi A: Homomorphic encryption method applied to Cloud Computing. In National Days of Network Security and Systems (JNS2) . Washington, DC, USA: IEEE Computer Society; 2012:86–89.

Fong E, Okun V: Web application scanners: definitions and functions. In Proceedings of the 40th annual Hawaii International conference on system sciences . Washington, DC, USA: IEEE Computer Society; 2007.

Goodin D: Webhost hack wipes out data for 100, 000 sites . 2009. The Register , 08-Jun-2009. [Online]. Available: http://www.theregister.co.uk/2009/06/08/webhost_attack/. Accessed: 02-Aug-2011 The Register, 08-Jun-2009. [Online]. Available: http://www.theregister.co.uk/2009/06/08/webhost_attack/. Accessed: 02-Aug-2011

Berger S, Cáceres R, Pendarakis D, Sailer R, Valdez E, Perez R, Schildhauer W, Srinivasan D: TVDc: managing Security in the trusted virtual datacenter. SIGOPS Oper. Syst. Rev. 2008, 42(1):40–47. 10.1145/1341312.1341321

Berger S, Cáceres R, Goldman K, Pendarakis D, Perez R, Rao JR, Rom E, Sailer R, Schildhauer W, Srinivasan D, Tal S, Valdez E: Security for the Cloud infrastructure: trusted virtual data center implementation. IBM J Res Dev 2009, 53(4):560–571.

Ormandy T: An empirical study into the Security exposure to hosts of hostile virtualized environments. In CanSecWest applied Security conference . Vancouver; 2007. http://taviso.decsystem.org/virtsec.pdf

Oberheide J, Cooke E, Jahanian F: Empirical exploitation of Live virtual machine migration. Proceedings of Black Hat Security Conference, Washington, DC 2008. http://www.eecs.umich.edu/fjgroup/pubs/blackhat08-migration.pdf

Naehrig M, Lauter K, Vaikuntanathan V: Can homomorphic encryption be practical? In Proceedings of the 3rd ACM workshop on Cloud Computing Security workshop . NY, USA: ACM New York; 2011:113–124.

Han-zhang W, Liu-sheng H: An improved trusted cloud computing platform model based on DAA and privacy CA scheme. In International Conference on Computer Application and System Modeling (ICCASM), vol. 13, V13–39 . Washington, DC, USA: IEEE Computer, Society; 2010:V13–33.

Fernandez EB, Ajaj O, Buckley I, Delessy-Gassant N, Hashizume K, Larrondo-Petrie MM: A survey of patterns for Web services Security and reliability standards. Future Internet 2012, 4(2):430–450.

Download references

Acknowledgments

This work was supported in part by the NSF (grants OISE-0730065). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the NSF. We also want to thank the GSyA Research Group at the University of Castilla-La Mancha, in Ciudad Real, Spain for collaborating with us in this project.

Author information

Authors and affiliations.

Department of Computer Science and Engineering, Florida Atlantic University, Boca Raton, USA

Keiko Hashizume & Eduardo B Fernandez

Department of Information Systems and Technologies GSyA Research Group, University of Castilla-La Mancha, Ciudad Real, Spain

David G Rosado & Eduardo Fernández-Medina

You can also search for this author in PubMed   Google Scholar

Corresponding author

Correspondence to Keiko Hashizume .

Additional information

Competing interests.

The authors declare that they have no competing interests.

Authors’ contributions

KH, DGR, EFM and EBF made a substantial contribution to the systematic review, security analysis of Cloud Computing, and revised the final manuscript version. They all approved the final version to be published.

Rights and permissions

Open Access This article is distributed under the terms of the Creative Commons Attribution 2.0 International License ( https://creativecommons.org/licenses/by/2.0 ), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Reprints and permissions

About this article

Cite this article.

Hashizume, K., Rosado, D.G., Fernández-Medina, E. et al. An analysis of security issues for cloud computing. J Internet Serv Appl 4 , 5 (2013). https://doi.org/10.1186/1869-0238-4-5

Download citation

Received : 05 February 2013

Accepted : 05 February 2013

Published : 27 February 2013

DOI : https://doi.org/10.1186/1869-0238-4-5

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Cloud computing
• Vulnerabilities
• Countermeasures

Information

• Author Services

Initiatives

You are accessing a machine-readable page. In order to be human-readable, please install an RSS reader.

All articles published by MDPI are made immediately available worldwide under an open access license. No special permission is required to reuse all or part of the article published by MDPI, including figures and tables. For articles published under an open access Creative Common CC BY license, any part of the article may be reused without permission provided that the original article is clearly cited. For more information, please refer to https://www.mdpi.com/openaccess .

Feature papers represent the most advanced research with significant potential for high impact in the field. A Feature Paper should be a substantial original Article that involves several techniques or approaches, provides an outlook for future research directions and describes possible research applications.

Feature papers are submitted upon individual invitation or recommendation by the scientific editors and must receive positive feedback from the reviewers.

Editor’s Choice articles are based on recommendations by the scientific editors of MDPI journals from around the world. Editors select a small number of articles recently published in the journal that they believe will be particularly interesting to readers, or important in the respective research area. The aim is to provide a snapshot of some of the most exciting work published in the various research areas of the journal.

Original Submission Date Received: .

• Active Journals
• Find a Journal
• Proceedings Series
• For Authors
• For Reviewers
• For Editors
• For Librarians
• For Publishers
• For Societies
• For Conference Organizers
• Open Access Policy
• Institutional Open Access Program
• Special Issues Guidelines
• Editorial Process
• Research and Publication Ethics
• Article Processing Charges
• Testimonials
• Preprints.org
• SciProfiles
• Encyclopedia

Article Menu

• Subscribe SciFeed
• Recommended Articles
• Google Scholar
• on Google Scholar
• Table of Contents

Find support for a specific problem in the support section of our website.

Please let us know what you think of our products and services.

Visit our dedicated information section to learn more about MDPI.

JSmol Viewer

Centralized vs. decentralized cloud computing in healthcare.

1. Introduction

• RQ1: What are the benefits and limitations of the use of centralized cloud computing in healthcare that aims to improve HIE?
• RQ2: What are the benefits and limitations of the use of decentralized cloud computing in healthcare that aims to improve HIE?
• RQ3: What are the differences between centralized and decentralized cloud healthcare solutions regarding the system’s performance, response times, latency, the privacy of patient data, and cost efficiency?
• RQ4: What are the research gaps within centralized cloud healthcare solutions?
• RQ5: What are the research gaps within decentralized cloud healthcare solutions?

2. Health Information Exchange

3. cloud computing, 3.1. cloud computing deployment models, 3.2. cloud computing in healthcare, 4. research methodology.

• The identification of the research problem;
• The determination of the research questions.
• The determination of the search strategy;
• The determination of the study selection criteria;
• The determination of the study selection process.
• The definition of the dissemination strategy;
• The formatting of the report;
• The evaluation of the report.

4.1. Planning Phase

4.1.1. defining the need for a paper, 4.1.2. determining the research questions, 4.2. conducting phase, 4.2.1. search strategy.

• Scholarly databases and open-access platforms formed the foundation of this paper, including the following: IEEE Xplore, ACM Digital Library, SpringerLink, Elsevier, and MDPI. These papers were selected based on the most renowned and trusted publishers that researchers widely rely on. They provide subscriptions and free access to the majority of papers;
• To locate pertinent data on cloud computing systems in HIE, specific terminological queries were formulated: “Cloud computing”, “health information exchange in Cloud computing”, “centralized Cloud computing in healthcare”, “decentralized Cloud computing in healthcare”, “Healthcare Integration”, “Electronic Health Records (EHR) Integration”, “Unified Healthcare Records”. Alternative spellings were also taken into consideration while searching through the names of the libraries; the libraries’ basic search operators used OR and AND to allow for a broader search. The keywords in each group were connected using the OR operator, while between the groups of keywords, the connection was made using the AND operator.

4.2.2. Study Selection Criteria

• When choosing the best scientific paper from a pool of research papers, the process involves critically evaluating and refining the set of papers to include only those that are most relevant, high-quality, and suitable for the specific research objectives, which is essential for establishing the criteria for including or excluding them. These criteria usually consider factors such as the following: – The paper is relevant to the research questions; – The paper is highly related to the topic; – Methodological rigor and validity of investigative approaches; – The investigation focused on scholarly works disseminated, spanning from 2011 to 2024. The following ensured that the papers included in this review are relevant and met a certain level of quality:
• Redundant entries and cross-database duplicates were eliminated, ensuring a unique representation of each scholarly work in the final literature pool;
• Bibliographic analysis was conducted to find additional related articles.

4.2.3. Study Selection Process

• The initial phase involved querying predetermined terminological parameters to generate an initial foundational research set. We used Google Scholar to reach the research papers in famous journals. And for identifying the papers, we performed it two ways manually and using RAYYN. Over 324 original articles were reviewed after examining several models adopted by previous researchers. In order to obtain a reasonable number of reviewed articles, over 57 articles from the ACM digital library were downloaded, 73 articles from the IEEE digital library, 64 from MDPI, 49 from ELSEVER, and 81 from Springer. A small number of articles from less popular journals were also included. The articles reviewed were refined to 183, due to the similarity observed in some researchers’ models and approaches. Figure 3 illustrates the PRISMA flow diagram.
• In step two, the study titles were analyzed, the duplicates removed, and the inclusion/exclusion criteria were applied. In total, 141 studies were excluded, due to their irrelevant titles and because they were duplicates or included outdated solutions.
• In the third step, the resulting 98 studies were selected as their abstract and keywords complied with the selection criteria.
• In the fourth step, following a thorough full-text analysis, 53 studies were selected for this paper.

4.3. Reporting Phase

• Adherence to standardized documentation protocols in manuscript preparation;
• The assessment of the document’s accuracy and academic quality is thorough and rigorous.

5. Centralized Cloud Computing

6. decentralized cloud computing, 7.1. rq1: what are the benefits and limitations of the use of centralized cloud computing in healthcare that aims to improve hie, 7.1.1. benefits of the use of centralized cloud computing in healthcare, 7.1.2. limitations of centralized cloud computing in healthcare, 7.2. rq2: what are the benefits and limitations of the use of decentralized cloud computing in healthcare that aims to improve hie, 7.2.1. benefits of the use of decentralized cloud computing in healthcare, 7.2.2. limitations of decentralized cloud computing in healthcare, 7.3. rq3: what are the differences between centralized and decentralized cloud healthcare solutions regarding the system’s performance (response times, latency), the privacy of patient data, and cost efficiency, 7.3.1. architecture, 7.3.2. data management, 7.3.3. system performance and latency, 7.3.4. security and privacy of patient data, 7.3.5. cost efficiency, 7.4. rq5: what are the research gaps within centralized cloud healthcare solutions, 7.5. rq6: what are the research gaps within decentralized cloud healthcare solutions, 8. conclusions, author contributions, institutional review board statement, informed consent statement, data availability statement, acknowledgments, conflicts of interest.

• Lorkowski, J.; Pokorski, M. Medical records: A historical narrative. Biomedicines 2022 , 10 , 2594. [ Google Scholar ] [ CrossRef ]
• Pai, M.M.; Ganiga, R.; Pai, R.M.; Sinha, R.K. Standard electronic health record (EHR) framework for Indian healthcare system. Health Serv. Outcomes Res. Methodol. 2021 , 21 , 339–362. [ Google Scholar ] [ CrossRef ]
• Tertulino, R.; Antunes, N.; Morais, H. Privacy in electronic health records: A systematic mapping study. J. Public Health 2024 , 32 , 435–454. [ Google Scholar ] [ CrossRef ]
• Ayaad, O.; Alloubani, A.; ALhajaa, E.A.; Farhan, M.; Abuseif, S.; Al Hroub, A.; Akhu-Zaheya, L. The role of electronic medical records in improving the quality of health care services: Comparative study. Int. J. Med. Inform. 2019 , 127 , 63–67. [ Google Scholar ] [ CrossRef ]
• Sadoughi, F.; Nasiri, S.; Ahmadi, H. The impact of health information exchange on healthcare quality and cost-effectiveness: A systematic literature review. Comput. Methods Programs Biomed. 2018 , 161 , 209–232. [ Google Scholar ] [ CrossRef ]
• Hettige, B.; Wang, W.; Li, Y.F.; Le, S.; Buntine, W. MedGraph: Structural and temporal representation learning of electronic medical records. In ECAI 2020 ; IOS Press: Amsterdam, The Netherlands, 2020; pp. 1810–1817. [ Google Scholar ]
• Alsahafi, Y. Understanding Healthcare Consumers Intention to Use the Integrated Electronic Personal Health Record System in Saudi Arabia. Ph.D. Thesis, University of Technology Sydney, Ultimo, NSW, Australia, 2021. [ Google Scholar ]
• Zhuang, Y.; Sheets, L.R.; Chen, Y.W.; Shae, Z.Y.; Tsai, J.J.; Shyu, C.R. A patient-centric health information exchange framework using blockchain technology. IEEE J. Biomed. Health Inform. 2020 , 24 , 2169–2176. [ Google Scholar ] [ CrossRef ]
• Anshari, M. Redefining electronic health records (EHR) and electronic medical records (EMR) to promote patient empowerment. Int. J. Inform. Dev. 2019 , 8 , 35–39. [ Google Scholar ] [ CrossRef ]
• Osei-Tutu, K.; Song, Y.T. Enterprise Architecture for Healthcare Information Exchange (HIE) Cloud Migration. In Proceedings of the 2020 14th International Conference on Ubiquitous Information Management and Communication (IMCOM), Taichung, Taiwan, 3–5 January 2020; IEEE: Piscataway, NJ, USA, 2020; pp. 1–8. [ Google Scholar ]
• Pai, D.R.; Rajan, B.; Chakraborty, S. Do EHR and HIE deliver on their promise? Analysis of Pennsylvania acute care hospitals. Int. J. Prod. Econ. 2022 , 245 , 108398. [ Google Scholar ] [ CrossRef ]
• Argaw, S.T.; Troncoso-Pastoriza, J.R.; Lacey, D.; Florin, M.V.; Calcavecchia, F.; Anderson, D.; Burleson, W.; Vogel, J.M.; O’Leary, C.; Eshaya-Chauvin, B.; et al. Cybersecurity of Hospitals: Discussing the challenges and working towards mitigating the risks. BMC Med. Inform. Decis. Mak. 2020 , 20 , 146. [ Google Scholar ] [ CrossRef ]
• Karacic Zanetti, J.; Nunes, R. To Wallet or Not to Wallet: The Debate over Digital Health Information Storage. Computers 2023 , 12 , 114. [ Google Scholar ] [ CrossRef ]
• Chenthara, S.; Ahmed, K.; Wang, H.; Whittaker, F. Security and privacy-preserving challenges of e-health solutions in cloud computing. IEEE Access 2019 , 7 , 74361–74382. [ Google Scholar ] [ CrossRef ]
• Sivan, R.; Zukarnain, Z.A. Security and privacy in cloud-based e-health system. Symmetry 2021 , 13 , 742. [ Google Scholar ] [ CrossRef ]
• Koutsoukos, K.; Symvoulidis, C.; Kiourtis, A.; Mavrogiorgou, A.; Dimopoulou, S.; Kyriazis, D. Emergency Health Protocols Supporting Health Data Exchange, Cloud Storage, and Indexing. In Proceedings of the 15th International Joint Conference on Biomedical Engineering Systems and Technologies (BIOSTEC 2022), Online, 9–11 February 2022; Volume 5: HEALTHINF, pp. 597–604. [ Google Scholar ]
• Sriram, G. Edge computing vs. Cloud computing: An overview of big data challenges and opportunities for large enterprises. Int. Res. J. Mod. Eng. Technol. Sci. 2022 , 4 , 1331–1337. [ Google Scholar ]
• Premarathne, U.; Abuadbba, A.; Alabdulatif, A.; Khalil, I.; Tari, Z.; Zomaya, A.; Buyya, R. Hybrid cryptographic access control for cloud-based EHR systems. IEEE Cloud Comput. 2016 , 3 , 58–64. [ Google Scholar ] [ CrossRef ]
• Spanakis, E.G.; Sfakianakis, S.; Bonomi, S.; Ciccotelli, C.; Magalini, S.; Sakkalis, V. Emerging and established trends to support secure Health Information Exchange. Front. Digit. Health 2021 , 3 , 636082. [ Google Scholar ] [ CrossRef ]
• Symvoulidis, C.; Mavrogiorgou, A.; Kiourtis, A.; Marinos, G.; Kyriazis, D. Facilitating health information exchange in medical emergencies. In Proceedings of the 2021 International Conference on e-Health and Bioengineering (EHB), Iasi, Romania, 18–19 November 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 1–4. [ Google Scholar ]
• Campelo, R.; Casanova, M.; Guedes, D.; Laender, A.H. A brief survey on replica consistency in cloud environments. J. Internet Serv. Appl. 2020 , 11 , 2020. [ Google Scholar ] [ CrossRef ]
• Wu, D.C.; Lin, H.L.; Cheng, C.G.; Yu, C.P.; Cheng, C.A. Improvement the Healthcare Quality of Emergency Department after the Cloud-Based System of Medical Information-Exchange Implementation. Healthcare 2021 , 9 , 1032. [ Google Scholar ] [ CrossRef ]
• Al-Marsy, A.; Chaudhary, P.; Rodger, J.A. A model for examining challenges and opportunities in use of cloud computing for health information systems. Appl. Syst. Innov. 2021 , 4 , 15. [ Google Scholar ] [ CrossRef ]
• Sarkar, I.N. Health Information Exchange as a Global Utility. Chest 2023 , 163 , 1023–1025. [ Google Scholar ] [ CrossRef ]
• Andreas, A.; Mavromoustakis, C.X.; Mastorakis, G.; Do, D.T.; Batalla, J.M.; Pallis, E.; Markakis, E.K. Towards an optimized security approach to IoT devices with confidential healthcare data exchange. Multimed. Tools Appl. 2021 , 80 , 31435–31449. [ Google Scholar ] [ CrossRef ]
• Sa, I.P.; Mb, V.P. Secure ehealth cloud framework for patients’ EHR storage and sharing for Indian Government healthcare model. Proc. Est. Acad. Sci. 2020 , 69 , 266–276. [ Google Scholar ]
• Payne, T.H.; Lovis, C.; Gutteridge, C.; Pagliari, C.; Natarajan, S.; Yong, C.; Zhao, L.P. Status of health information exchange: A comparison of six countries. J. Glob. Health 2019 , 9 , 020427. [ Google Scholar ] [ CrossRef ] [ PubMed ]
• Eze, B.; Kuziemsky, C.; Peyton, L. A configurable identity matching algorithm for community care management. J. Ambient. Intell. Humaniz. Comput. 2020 , 11 , 1007–1020. [ Google Scholar ] [ CrossRef ]
• Gkika, E.C.; Anagnostopoulos, T.; Ntanos, S.; Kyriakopoulos, G.L. User preferences on cloud computing and open innovation: A case study for university employees in Greece. J. Open Innov. Technol. Mark. Complex. 2020 , 6 , 41. [ Google Scholar ] [ CrossRef ]
• Sunyaev, A.; Sunyaev, A. Cloud computing. In Internet Computing: Principles of Distributed Systems and Emerging Internet-Based Technologies ; Springer: Berlin/Heidelberg, Germany, 2020; pp. 195–236. [ Google Scholar ]
• Gourisaria, M.K.; Samanta, A.; Saha, A.; Patra, S.S.; Khilar, P.M. An extensive review on cloud computing. In Data Engineering and Communication Technology: Proceedings of 3rd ICDECT-2K19 ; Springer: Singapore, 2020; pp. 53–78. [ Google Scholar ]
• Raj, R.; Choudhary, S.P. Cloud Computing for Medical Application and Health Care. Int. Res. J. Eng. Technol. 2022 , 9 , 541–546. [ Google Scholar ]
• Breitgand, D.; Glikson, A. Global enterprise cloud transformation: Centralize, distribute or federate? In Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013), Ghent, Belgium, 27–31 May 2013; IEEE: Piscataway, NJ, USA, 2013; pp. 892–895. [ Google Scholar ]
• Benkhelifa, E.; Hani, A.B.; Welsh, T.; Mthunzi, S.; Guegan, C.G. Virtual environments testing as a cloud service: A methodology for protecting and securing virtual infrastructures. IEEE Access 2019 , 7 , 108660–108676. [ Google Scholar ] [ CrossRef ]
• Azumah, K.K.; Maciel, P.R.M.; Sørensen, L.T.; Kosta, S. Modeling and simulating a process mining-influenced load-balancer for the hybrid cloud. IEEE Trans. Cloud Comput. 2022 , 11 , 1999–2010. [ Google Scholar ] [ CrossRef ]
• Souravlas, S.; Anastasiadou, S.D. On Implementing Social Community Clouds Based on Markov Models. IEEE Trans. Comput. Soc. Syst. 2022 , 11 , 89–100. [ Google Scholar ] [ CrossRef ]
• Kumar, S.; Goudar, R. Cloud computing-research issues, challenges, architecture, platforms and applications: A survey. Int. J. Future Comput. Commun. 2012 , 1 , 356. [ Google Scholar ] [ CrossRef ]
• Mathur, P.; Nishchal, N. Cloud computing: New challenge to the entire computer industry. In Proceedings of the 2010 First International Conference On Parallel, Distributed and Grid Computing (PDGC 2010), Solan, India, 28–30 October 2010; IEEE: Piscataway, NJ, USA, 2010; pp. 223–228. [ Google Scholar ]
• Jadeja, Y.; Modi, K. Cloud computing-concepts, architecture and challenges. In Proceedings of the 2012 International Conference on Computing, Electronics and Electrical Technologies (ICCEET), Nagercoil, India, 21–22 March 2012; IEEE: Piscataway, NJ, USA, 2012; pp. 877–880. [ Google Scholar ]
• Jawed, M.S.; Sajid, M. A comprehensive survey on cloud computing: Architecture, tools, technologies, and open issues. Int. J. Cloud Appl. Comput. 2022 , 12 , 1–33. [ Google Scholar ] [ CrossRef ]
• Sachdeva, S.; Bhatia, S.; Harrasi, A.A.; Shah, Y.A.; Anwer, K.J.; Philip, A.K.; Shah, S.F.A.; Khan, A.; Halim, S.A. Unraveling the role of cloud computing in health care system and biomedical sciences. Heliyon 2024 , 10 , e29044. [ Google Scholar ] [ CrossRef ] [ PubMed ]
• Masud, M.; Gaba, G.S.; Choudhary, K.; Alroobaea, R.; Hossain, M.S. A robust and lightweight secure access scheme for cloud based E-healthcare services. Peer-Peer Netw. Appl. 2021 , 14 , 3043–3057. [ Google Scholar ] [ CrossRef ]
• Reid, G.A. Improving HIPAA Compliance Efforts with Modern Cloud Technologies. Ph.D. Thesis, Capitol Technology University, Laurel, MD, USA, 2021. [ Google Scholar ]
• Lee, T.F.; Chang, I.P.; Su, G.J. Compliance with hipaa and gdpr in certificateless-based authenticated key agreement using extended chaotic maps. Electronics 2023 , 12 , 1108. [ Google Scholar ] [ CrossRef ]
• Aceto, G.; Persico, V.; Pescapé, A. Industry 4.0 and health: Internet of things, big data, and cloud computing for healthcare 4.0. J. Ind. Inf. Integr. 2020 , 18 , 100129. [ Google Scholar ] [ CrossRef ]
• Kumar, P. Literature Based Study on Cloud Computing for Health and Sustainability in View of COVID-19. Core. Ac. Uk. 2020. Available online: https://core.ac.uk/download/pdf/327105038.pdf (accessed on 5 August 2024).
• Kitchenham, B.; Charters, S. Guidelines for Performing Systematic Literature Reviews in Software Engineering ; EBSE Technical Report, Ver. 2.3; Department of Computer Science, Keele University: Durham, UK, 2007. [ Google Scholar ]
• Ahmad, M.O.; Khan, R.Z. The cloud computing: A systematic review. Int. J. Innov. Res. Comput. Commun. Eng. 2015 , 3 , 4060–4075. [ Google Scholar ]
• Feuerlicht, G.; Govardhan, S. Impact of cloud computing: Beyond a technology trend. Syst. Integr. 2010 , 2 , 262–269. [ Google Scholar ]
• Youssef, A.E. A framework for secure healthcare systems based on big data analytics in mobile cloud computing environments. Int. J. Ambient. Syst. Appl. 2014 , 2 , 1–11. [ Google Scholar ] [ CrossRef ]
• Thiess, H.; Fiol, G.D.; Malone, D.C.; Cornia, R.; Sibilla, M.; Rhodes, B.; Boyce, R.D.; Kawamoto, K.; Reese, T.J. Coordinated use of Health Level 7 standards to support clinical decision support: Case study with shared decision making and drug-drug interactions. Int. J. Med. Inform. 2022 , 162 , 104749. [ Google Scholar ] [ CrossRef ]
• Pardamean, B.; Rumanda, R.R. Integrated model of cloud-based E-medical record for health care organizations. In Proceedings of the 10th WSEAS International Conference on e-Activities, Island of Java, Indonesia, 1–3 December 2011; pp. 157–162. [ Google Scholar ]
• Almagro, M.; Unanue, R.M.; Fresno, V.; Montalvo, S. ICD-10 Coding of Spanish Electronic Discharge Summaries: An Extreme Classification Problem. IEEE Access 2020 , 8 , 100073–100083. [ Google Scholar ] [ CrossRef ]
• Ganiga, R.; Pai, R.M.; MM, M.P.; Sinha, R.K. Private cloud solution for securing and managing patient data in rural healthcare system. Procedia Comput. Sci. 2018 , 135 , 688–699. [ Google Scholar ] [ CrossRef ]
• Hornback, A.; Shi, W.; Giuste, F.O.; Zhu, Y.; Carpenter, A.M.; Hilton, C.; Bijanki, V.N.; Stahl, H.; Gottesman, G.S.; Purnell, C.; et al. Development of a generalizable multi-site and multi-modality clinical data cloud infrastructure for pediatric patient care. In Proceedings of the 13th ACM International Conference on Bioinformatics, Computational Biology and Health Informatics, New York, NY, USA, 7–10 August 2022; pp. 1–10. [ Google Scholar ]
• Duda, S.N.; Kennedy, N.; Conway, D.; Cheng, A.C.; Nguyen, V.; Zayas-Cabán, T.; Harris, P.A. HL7 FHIR-based tools and initiatives to support clinical research: A scoping review. J. Am. Med. Inform. Assoc. 2022 , 29 , 1642–1653. [ Google Scholar ] [ CrossRef ] [ PubMed ]
• Moorthy, R.; Udupa, S.; Bhagavath, S.A.; Rao, V. Centralized and automated healthcare systems: A essential smart application post COVID-19. In Proceedings of the 2020 3rd International Conference on Intelligent Sustainable Systems (ICISS), Thoothukudi, India, 3–5 December 2020; IEEE: Piscataway, NJ, USA, 2020; pp. 131–138. [ Google Scholar ]
• Karthikeyan, N.; Sukanesh, R. Cloud based emergency health care information service in India. J. Med. Syst. 2012 , 36 , 4031–4036. [ Google Scholar ] [ CrossRef ] [ PubMed ]
• Banerjee, A.; Agrawal, P.; Rajkumar, R. Design of a cloud based emergency healthcare service model. Int. J. Appl. Eng. Res. 2013 , 8 , 2261–2264. [ Google Scholar ]
• Biswas, S.; Akhter, T.; Kaiser, M.; Mamun, S. Cloud based healthcare application architecture and electronic medical record mining: An integrated approach to improve healthcare system. In Proceedings of the 2014 17th International Conference on Computer and Information Technology (ICCIT), Dhaka, Bangladesh, 22–23 December 2014; IEEE: Piscataway, NJ, USA, 2014; pp. 286–291. [ Google Scholar ]
• Weng, X.; Wu, H.; Pan, Y.; Chen, H. Decentralized Personal Cloud Data Model and its Application in Campus Health Information System. In Proceedings of the 2021 IEEE International Conference on Dependable, Autonomic and Secure Computing, IEEE International Conference on Pervasive Intelligence and Computing, IEEE International Conference on Cloud and Big Data Computing, IEEE International Conference on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech), Calgary, AB, Canada, 25–28 October 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 879–883. [ Google Scholar ]
• Pires, A.; Simão, J.; Veiga, L. Distributed and decentralized orchestration of containers on edge clouds. J. Grid Comput. 2021 , 19 , 36. [ Google Scholar ] [ CrossRef ]
• Wang, X.; Liu, X.; Fan, L.; Jia, X. A decentralized virtual machine migration approach of data centers for cloud computing. Math. Probl. Eng. 2013 , 2013 , 878542. [ Google Scholar ] [ CrossRef ]
• Ferrer, A.J.; Marquès, J.M.; Jorba, J. Towards the decentralised cloud: Survey on approaches and challenges for mobile, ad hoc, and edge computing. ACM Comput. Surv. (CSUR) 2019 , 51 , 1–36. [ Google Scholar ] [ CrossRef ]
• Pavani, V.; Narayana, V.L. Multi-level authentication scheme for improving privacy and security of data in decentralized cloud server. In Proceedings of the 2021 2nd International Conference on Smart Electronics and Communication (ICOSEC), Trichy, India, 7–9 October 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 391–394. [ Google Scholar ]
• Abdulnabi, M.; Al-Haiqi, A.; Kiah, M.L.M.; Zaidan, A.; Zaidan, B.; Hussain, M. A distributed framework for health information exchange using smartphone technologies. J. Biomed. Inform. 2017 , 69 , 230–250. [ Google Scholar ] [ CrossRef ] [ PubMed ]
• Yang, Y.; Li, X.; Qamar, N.; Liu, P.; Ke, W.; Shen, B.; Liu, Z. Medshare: A novel hybrid cloud for medical resource sharing among autonomous healthcare providers. IEEE Access 2018 , 6 , 46949–46961. [ Google Scholar ] [ CrossRef ]
• Yan, S.; He, L.; Seo, J.; Lin, M. Concurrent healthcare data processing and storage framework using deep-learning in distributed cloud computing environment. IEEE Trans. Ind. Inform. 2020 , 17 , 2794–2801. [ Google Scholar ] [ CrossRef ]
• Hussein, S.; Badr, S. Healthcare Cloud integration using distributed Cloud storage and hybrid image compression. Int. J. Comput. Appl. 2013 , 80 , 9–15. [ Google Scholar ]
• Dhote, S.; Baskar, S.; Shakeel, P.M.; Dhote, T. Cloud computing assisted mobile healthcare systems using distributed data analytic model. IEEE Trans. Big Data 2023 , 1–12. [ Google Scholar ] [ CrossRef ]
• Weider, D.Y.; Kollipara, M.; Penmetsa, R.; Elliadka, S. A distributed storage solution for cloud based e-Healthcare Information System. In Proceedings of the 2013 IEEE 15th International Conference on e-Health Networking, Applications and Services (Healthcom 2013), Lisbon, Portugal, 9–12 October 2013; IEEE: Piscataway, NJ, USA, 2013; pp. 476–480. [ Google Scholar ]
• Pokharkar, S.T.; Vishwamitra, L. Securing data in decentralized cloud storage for authorized encrypted search with privacy-preserving on healthcare databases. In Proceedings of the 2021 10th IEEE International Conference on Communication Systems and Network Technologies (CSNT), Bhopal, India, 18–19 June 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 755–760. [ Google Scholar ]
• Valluripally, S.; Raju, M.; Calyam, P.; Chisholm, M.; Sivarathri, S.S.; Mosa, A.; Joshi, T. Community cloud architecture to improve use accessibility with security compliance in health big data applications. In Proceedings of the 20th International Conference on Distributed Computing and Networking, Bangalore, India, 4–7 January 2019; pp. 377–380. [ Google Scholar ]
• Choquette, S.J.; Duewer, D.L.; Sharpless, K.E. NIST Reference Materials: Utility and Future. Annu. Rev. Anal. Chem. 2020 , 13 , 453–474. [ Google Scholar ] [ CrossRef ]
• Sharma, D.K.; Boddu, R.S.K.; Bhasin, N.K.; Nisha, S.S.; Jain, V.; Mohiddin, M.K. Cloud computing in medicine: Current trends and possibilities. In Proceedings of the 2021 International Conference on Advancements in Electrical, Electronics, Communication, Computing and Automation (ICAECA), Coimbatore, India, 8–9 October 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 1–5. [ Google Scholar ]
• Al-Issa, Y.; Ottom, M.A.; Tamrawi, A. eHealth cloud security challenges: A survey. J. Healthc. Eng. 2019 , 2019 , 7516035. [ Google Scholar ] [ CrossRef ] [ PubMed ]
• Ahmadi, M.; Aslani, N. Capabilities and advantages of cloud computing in the implementation of electronic health record. Acta Inform. Medica 2018 , 26 , 24. [ Google Scholar ] [ CrossRef ]
• Javaid, M.; Haleem, A.; Singh, R.P.; Rab, S.; Suman, R.; Khan, I.H. Evolutionary trends in progressive cloud computing based healthcare: Ideas, enablers, and barriers. Int. J. Cogn. Comput. Eng. 2022 , 3 , 124–135. [ Google Scholar ] [ CrossRef ]
• Mehrtak, M.; SeyedAlinaghi, S.; MohsseniPour, M.; Noori, T.; Karimi, A.; Shamsabadi, A.; Heydari, M.; Barzegary, A.; Mirzapour, P.; Soleymanzadeh, M.; et al. Security challenges and solutions using healthcare cloud computing. J. Med. Life 2021 , 14 , 448. [ Google Scholar ] [ CrossRef ]
• Dang, L.M.; Piran, M.J.; Han, D.; Min, K.; Moon, H. A survey on internet of things and cloud computing for healthcare. Electronics 2019 , 8 , 768. [ Google Scholar ] [ CrossRef ]
• Liang, P.; Zhang, L.; Kang, L.; Ren, J. Privacy-preserving decentralized ABE for secure sharing of personal health records in cloud storage. J. Inf. Secur. Appl. 2019 , 47 , 258–266. [ Google Scholar ] [ CrossRef ]
• Atieh, A.T. The next generation cloud technologies: A review on distributed cloud, fog and edge computing and their opportunities and challenges. ResearchBerg Rev. Sci. Technol. 2021 , 1 , 1–15. [ Google Scholar ]
• Alamouti, S.M.; Arjomandi, F.; Burger, M. Hybrid edge cloud: A pragmatic approach for decentralized cloud computing. IEEE Commun. Mag. 2022 , 60 , 16–29. [ Google Scholar ] [ CrossRef ]
• Rimal, B.P.; Van, D.P.; Maier, M. Mobile-edge computing versus centralized cloud computing over a converged FiWi access network. IEEE Trans. Netw. Serv. Manag. 2017 , 14 , 498–513. [ Google Scholar ] [ CrossRef ]
• Agapito, G.; Cannataro, M. An overview on the challenges and limitations using cloud computing in healthcare corporations. Big Data Cogn. Comput. 2023 , 7 , 68. [ Google Scholar ] [ CrossRef ]
• Ramanan, P.; Yildirim, M.; Gebraeel, N.; Chow, E. Large-scale maintenance and unit commitment: A decentralized subgradient approach. IEEE Trans. Power Syst. 2021 , 37 , 237–248. [ Google Scholar ] [ CrossRef ]

Click here to enlarge figure

Share and Cite

Abughazalah, M.; Alsaggaf, W.; Saifuddin, S.; Sarhan, S. Centralized vs. Decentralized Cloud Computing in Healthcare. Appl. Sci. 2024 , 14 , 7765. https://doi.org/10.3390/app14177765

Abughazalah M, Alsaggaf W, Saifuddin S, Sarhan S. Centralized vs. Decentralized Cloud Computing in Healthcare. Applied Sciences . 2024; 14(17):7765. https://doi.org/10.3390/app14177765

Abughazalah, Mona, Wafaa Alsaggaf, Shireen Saifuddin, and Shahenda Sarhan. 2024. "Centralized vs. Decentralized Cloud Computing in Healthcare" Applied Sciences 14, no. 17: 7765. https://doi.org/10.3390/app14177765

Article Metrics

Article access statistics, further information, mdpi initiatives, follow mdpi.

Subscribe to receive issue release notifications and newsletters from MDPI journals

IEEE Account

• Change Username/Password
• Update Address

Purchase Details

• Payment Options
• Order History
• View Purchased Documents

Profile Information

• Communications Preferences
• Profession and Education
• Technical Interests
• US & Canada: +1 800 678 4333
• Worldwide: +1 732 981 0060
• Contact & Support
• About IEEE Xplore
• Accessibility
• Terms of Use
• Nondiscrimination Policy
• Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. © Copyright 2024 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.