Gonzalez Alberto, Ana Y
(2017)
A systematic mapping on risks and techniques to enhance security in multi-cloud environments.
[Dissertation (University of Nottingham only)]
Abstract
The technologic shift from an internal centralized system repository to the cloud demands organizations to continuously search for service providers capable to cope with their specific needs and industry standards. This demand has brought competitors in the market offering different cloud services in various scope and responsibilities, while from the other side, to optimize flexibility and scalability, organizations need to integrate these cloud benefits offers guaranteeing that their data, information and/or intellectual property is secure. This research paper aims to help the reader to create an understanding of the current progress made by professionals in the field, by systematically mapping main threats and frameworks studies to enhance security in multi-cloud environments.
Chapter 1 justifies the selection of the topic by analysing the industry and main challenges in multi-cloud, which includes an explanation of research questions, a justification of methodology and the list of limitations of the study. Chapter 2 is conformed by a literature review in cloud computing, multi-cloud and security. In Chapter 3 the systematic mapping research methodology is defined in detail, highlighting the selection criteria and process for the sample and mapping of research papers. Chapter 4 shows results based on type of documents and the papers’ general information after the mapping specified in the methodology. Chapter 5 analyses results in detail, first by grouping them into categories (threats, techniques and tendencies), and second, by using their interpretation to answer the research questions established for the scope of this research paper. Findings in this section include the importance of preserving data and systems integrity, confidentiality, availability and accountability to reach the necessary levels of assurance within an organization. From this, it was found that integrity, associated with threats such as data loss in storage, access and migration are the main issues considered for academic research, following unauthorized access by hackers or malicious entities (confidentiality). As for the security techniques researched, it was found that the security provided by cloud service providers is specified by authors as insufficient, since most of the frameworks rely on the same organization to encrypt data in the clouds. It was possible to analyse different techniques in which cryptographic schemes were structured when managing multi-cloud environments, and how they were combined with each other to enhance security. From this it was found that public key algorithms by their own were the most used model, while models with combinations of private key algorithms and hashing techniques occupied the second place in priority. Finally, Chapter 6 briefly concludes the study by reaffirming the importance of more research in the field of security in multi-cloud, denoting that each situation and conditions are different for each case when designing security models and that it is recommended to organizations to have a security strategy as a priority. More research in limitations, auditing and trust are also suggested for further research.
Actions (Archive Staff Only)
 |
Edit View |
Tools
Tools
![[img]](/style/images/fileicons/application_pdf.png)