C. Security Vulnerabilities
In 2022, a significant proportion of data breaches were
attributed to infiltrations into cloud-based systems. This em-
phasizes the pressing necessity of promptly addressing the
distinct security risks that impact cloud environments. The
vulnerabilities encompass a wide range of issues, including
misconfigurations in cloud settings, inadequate user access
controls, weaknesses in the architecture of cloud service
providers, and advanced attack methodologies. Conducting
research in this field is crucial for the identification of these
vulnerabilities and the formulation of efficient strategies to
protect sensitive data within businesses. Misconfigurations are
identified as a primary contributing factor to data breaches
occurring within cloud infrastructures7. Cloud services provide
a wide range of choices, and enterprises frequently have diffi-
culties configuring them in a secure manner. Misconfigurations
have the potential to inadvertently expose data to unauthorized
access, leakage, or alteration. Research can yield significant
insights into prevalent misconfigurations and effective preven-
tive measures. The infrastructure of cloud service providers
represents an additional factor contributing to vulnerability.
The security of data stored in cloud environments is frequently
contingent upon the security measures implemented by the
cloud service provider. Hence, it is vital to comprehend the
prospective vulnerabilities within the provider’s infrastructure
and their potential impact on the data. Research also plays
a crucial role in enabling enterprises to effectively monitor
and stay updated on the most recent vulnerabilities. This
allows them to ensure that cloud providers swiftly patch these
issues. Furthermore, it is important to note that, with the
continuous evolution of cyber threats, conducting research in
this particular domain might provide valuable insights into
emerging attack strategies and vulnerabilities that are unique to
cloud computing. The acquisition of this knowledge is crucial
for enterprises to adopt a proactive approach to safeguarding
their data against developing dangers. Different scholars assert
that it is important to enable firms to identify and address many
types of attacks, including cryptojacking, denial-of-service,
and server-side request forgery, within their cloud settings. It
is imperative to note that the duty to ensure security in cloud
computing is a collaborative effort between enterprises and
cloud service providers. Gaining insight into the allocation of
this responsibility and acquiring knowledge about successful
collaboration are essential elements in the process of mitigating
security vulnerabilities in cloud computing.
The exposed data included sensitive information such as
authentication credentials, secret API data, and decryption
keys. Moreover, documents contained in these servers revealed
that the databases were storing data for Accenture’s clients,
including high-profile telecommunication companies and other
Fortune 100 firms. The breach could expose Accenture and
its clients to significant risks, including unauthorized data
manipulation, fraud, and targeted phishing attacks. Fortunately,
the exposed databases were discovered by a security researcher
before any known malicious exploitation could occur. This
incident underlines the critical need for stringent security prac-
tices in cloud storage configuration. The primary lesson here
is the importance of regular security audits and implementing
strict access controls. Companies must ensure their cloud
services are correctly configured and regularly monitored for
potential vulnerabilities.
The 2022 Thales Cloud Security Report by 451 Research,
part of S&P Global Market Intelligence, found that 45% of
businesses had a cloud-based data breach or failed audit in
2021, up 5% from 2020, raising increased concerns about
cybercrime. Cloud adoption, especially multicloud usage, is
rising globally. In 2021, enterprises worldwide used 110 SaaS
apps, up from eight in 2015. 72% of enterprises now use
multiple IaaS providers, up from 57% in 2021. One in five
(20%) respondents use three or more providers, virtually
doubling in 2021. Despite their growing popularity, businesses
worry about the complexity of cloud services, with 51%
of IT experts saying cloud privacy and data protection are
harder. Complexity necessitates stronger cybersecurity. Most
respondents (66%) reported that 21–60% of their sensitive data
resides in the cloud. Only 25% indicated they could classify all
the data. About 32% of respondents had to notify a government
agency, client, partner, or employee of a breach. This should
worry sensitive data-holding companies, especially in highly
regulated industries. Cyberattacks continue to threaten cloud
apps and data. Malware, ransomware, and phishing/whaling
assaults increased for 26%, 25%, and 19% of respondents,
respectively. IT professionals consider encryption essential for
multicloud data protection. Most respondents use encryption
(59%) and key management (52%) to secure cloud data. When
asked how much of their cloud data is encrypted, just 11%
replied 81–100%. Enterprises may also face key management
platform sprawl. 10% utilize one to two platforms, 90% use
three or more, and 17% use eight or more. Enterprises should
prioritize cloud data encryption8. The practical usefulness of
encryption platforms was shown when 40% of respondents
said they avoided breach reporting because the stolen or
leaked data was encrypted or tokenized. Positive signals of
businesses investing in Zero Trust were also promising. About
29% of respondents are actually implementing a Zero Trust
strategy, 27% are analyzing and developing one, and 23% are
contemplating it. This is encouraging, but there is potential for
improvement.
D. Financial Ramifications
The occurrence of data breaches inside cloud computing
environments can result in major monetary losses for enter-
prises, impacting their immediate and sustained operational
outcomes. Based on a report published by IBM, it has been
determined that the worldwide mean expense associated with
a data breach in the year 2023 amounted to USD 4.45 million,
reflecting a 15% escalation over a span of three years9.
Nevertheless, the financial implications of a data breach ex-
hibit considerable disparity, contingent upon the geographical
location and sector of the afflicted entity10. In addition to
comprehending the possible financial implications associated
with data breaches, it is imperative for enterprises to adopt
proactive measures aimed at the prevention and mitigation
of such incidents. According to a survey published by IBM,
the utilization of security AI and automation has the potential
to yield a reduction in the average cost of a data breach by
USD 1.76 million in comparison to firms that do not employ
these technologies. The implementation of security AI and
automation within businesses can contribute to the expedited
identification and mitigation of potential threats, thereby reduc-
ing the adverse consequences of security breaches. In addition,
it is advisable for firms to adopt comprehensive cybersecurity
insurance policies, as they can provide coverage for the fi-
nancial ramifications that may arise from security breaches. It
is recommended that organizations allocate resources towards
the implementation of cybersecurity training and awareness
programs.
These initiatives aim to mitigate human errors and in-
sider threats, which are prominent factors contributing to data
breaches. By adhering to these suggestions, firms can enhance
their readiness for the financial consequences associated with
data breaches in cloud computing and mitigate their financial
losses11. Data breaches can potentially lead to significant
ramifications for the financial viability and long-term viability
of companies as shown in Fig. 2 the healthcare sector has the
lion’s share of being attacked. However, these breaches can be
averted and alleviated by implementing appropriate security
measures and strategic investments. Conducting research in
this domain can assist firms in making well-informed decisions
pertaining to their cybersecurity strategy and policies.
E. Escalating Cybersecurity Attacks
The observed surge in cybersecurity attacks throughout the
period spanning from 2022 to 2023 highlights the dynamic
nature of the threat environment, as shown in Fig. 3. Conduct-
ing research in this domain is crucial in order to investigate
the characteristics of these attacks and provide efficacious
strategies to mitigate their impact. The complexity and variety
of cyberattacks are increasing, incorporating a wide array of
strategies like ransomware, zero-day flaws, social engineering,
and supply chain attacks [18]. In recent years, there has been
a notable increase in the occurrence and financial impact
of ransomware attacks. Such attacks consist of an initial
encryption of the victim’s data before requesting a monetary
ransom for the release of the hijacked information. In terms
of ransomware expenditure, according to a survey by IBM in
2023, the global average expenditure was USD 5.66 million,
a whopping hike of 21% from 2022. Zero-day exploits have
increasingly seen their occurrence and impact. The menace
this trend poses to critical infrastructure and the nation’s
security is substantial. These social engineering attacks are
becoming more sophisticated and targeted, taking advantage of
the growing use of social media and online environments. They
are aimed at psychological tricks that would induce people to
give out private data or engage in dangerous acts. Supply chain
attacks that compromise software and hardware components
from trustworthy vendors and partners pose serious challenges
to firms. The assaults are capable of affecting different entities
within several sectors. It is imperative for organizations to
comprehend the dynamic strategies and underlying incentives
driving these attacks. Research can provide valuable insights
into the methods, techniques, and processes employed by
cybercriminals, enabling firms to formulate proactive security
plans. Research plays a crucial role in enabling companies to
discern the indicators of compromise and the assault vectors
employed by diverse threat actors, along with comprehending
their goals and objectives.
Research can also aid firms in comprehending the be-
havioral and psychological elements that impact consumers’
vulnerability to social engineering attacks, as well as in devis-
ing proficient awareness and education initiatives to alleviate
such risks. Moreover, the proliferation of remote work and
the use of cloud-based services have resulted in the expansion
of the attack surface, hence heightening the susceptibility of
enterprises to cyber threats. Research plays a crucial role in
enabling firms to discern the precise issues presented by these
transformations and formulate effective methods to safeguard
remote and cloud-based operations. This encompasses the
enhancement of identity and access management, the imple-
mentation of multi-factor authentication, and the improvement
of threat detection and response capabilities. Research can ad-
ditionally aid organizations in assessing the security stance and
adherence to regulations of their cloud service providers, as
well as establishing explicit roles and duties for the governance
of cloud security [18]. The establishment of partnerships and
cooperation among researchers, cybersecurity professionals,
and other organizations is crucial to proactively addressing
the increasing frequency and severity of cybersecurity threats.
The dissemination of knowledge regarding emerging threats
and vulnerabilities has the potential to facilitate the creation
of enhanced security measures12. The investigation conducted
in this field has the potential to make a valuable contribution
to the collaborative endeavor of protecting data and systems
in an ever more hostile digital environment.
IV. CLOUD COMPUTING SECURITY ASSESSMENT
A. Impact of Security Vulnerabilities in Cloud Computing
Cloud computing refers to providing various computing
services, including storage, servers, databases, networking,
software, analytics, and intelligence, through the Internet.
Cloud computing has numerous advantages for both enterprises
and individuals, encompassing scalability, cost-effectiveness,
performance, reliability, and innovation. Nevertheless, the ad-
vent of cloud computing also presents novel security concerns
and hazards that necessitate attention and resolution from both
cloud service providers and their clientele13. Security vulner-
abilities refer to inherent weaknesses or deficiencies inside a
given system or application that can be potentially exploited
by malicious actors with the intention of compromising the
system’s confidentiality, integrity, or availability, as well as the
data it houses. Security vulnerabilities can result in significant
consequences for both cloud providers and their clients14.
These consequences include, but are not limited to, data
breaches, financial losses, legal liability, reputational harm,
and operational disruptions. The following are the impacts of
security vulnerabilities in cloud computing:
1) Cloud misconfiguration: Cloud misconfiguration is a
prevalent security vulnerability that occurs in cloud computing.
Cloud misconfiguration refers to the situation in which a cloud
resource or service is not appropriately configured in accor-
dance with established security best practices or regulations.
An instance may arise if a cloud storage bucket is inadvertently
made accessible to the general public on the internet, hence
enabling unauthorized individuals to get entry to confidential
information15.
Alternatively, a cloud user may possess an abundance
of permissions or privileges that exceed the requirements of
their designated position or function. Human error, a lack
of knowledge base, or insufficient automation can all lead
to cloud misconfiguration. Misconfigured clouds can have
detrimental effects on both cloud service providers and users,
including: Data breaches: Cloud misconfigurations may lead to
data breaches wherein unauthorized individuals may access,
steal, alter or delete confidential data stored in the cloud16.
Data breaches can have adverse financial implications, legal
obligations, government sanctions, and loss of the reputation
of the customers and the cloud service providers themselves.
Compliance violations: Cloud misconfiguration leads to non-
compliance instances where cloud providers or clients cannot
observe security standards or obligations enshrined in laws,
rules, contracts, or industry frameworks. Non-compliance in-
stances may attract fines, regulatory actions, legal proceedings
or lack of confidence for cloud service providers and their
customers.
Operational disruption: Cloud service/application availabil-
ity and performance may be impacted by cloud misconfigura-
tion. For example, a firewall that is not properly configured can
block the lawful traffic network, and a load balancer that is not
properly configured can cause the quality of service degrada-
tion. Operational disruption can cause customer dissatisfaction,
reduced revenues, and diminished competitive advantage to
cloud providers and their clients.
To prevent or mitigate cloud misconfiguration, cloud
providers and customers should follow some best practices,
such as:
a) Enforce the principle of least privilege: The principle of
least privilege suggests that each user or service should possess
only the essential level of access or permissions necessary
to carry out their designated tasks. The use of this measure
can effectively decrease the attack surface and mitigate the
potential extent of harm in the event of a security breach.
b) Use third-party tools: Third-party technologies can scan
and identify instances of cloud misconfiguration, as well as
offer advice or remedial measures. One illustration of how a
cloud-native application protection platform (CNAPP) might
enhance the visibility and security of cloud resources can be
observed.
c) Review and audit regularly: Regular evaluation and
auditing of cloud configurations by both cloud providers and
clients is critical to ensuring adherence to security policies
and best practices. In addition, it is essential for individuals
to diligently oversee and record any modifications or actions
pertaining to their cloud-based assets, with the purpose of
identifying any irregularities or occurrences.
2) Data leakage: Data leakage is a prevalent security risk
that is frequently seen in the realm of cloud computing. Data
leakage is the unintended or purposeful transfer of data from
a secure source to an unauthorized destination17. Unencrypted
communication lines, unsecured APIs, employees with ill-
intent within the organization, hacked passwords, third party
dependencies may be potential data leakage avenues.
Data leakage is a serious threat for cloud service providers
and their clients. These risks involve data breaches, which can
lead to monetary losses, legal issues, fines, and damage to one’s
reputation. Also, it is worth mentioning that privacy breaches
occur when the personal or confidential data is divulged
without the due authority, therefore leading to identity theft,
fraud, or harassment. Lastly, an unregulated data leakage is
also capable of destroying a company’s competitive advantage
by revealing sensitive information such as secret knowledge,
business strategies, or important assets to competitors. It is
important to follow the current best practices in order to
prevent or mitigate these risks. This involves putting up several
security measures to make sure that the data is not accessed by
individuals without authority to do so. These measures include
encrypting data both when it is stored and when it is being
transmitted, using secure application programming interfaces
(APIs) that comply with recognized security standards, and
deploying data loss prevention (DLP) solutions to identify,
categorize, and safeguard sensitive data. Additionally, access
and usage policies are enforced across both cloud-based and
on-premise environments.
3) Shared technology vulnerabilities: The presence of
shared technology vulnerabilities in cloud computing arises
from the fundamental utilization of common infrastructure,
platforms, and software for the provision of services to numer-
ous consumers. Consequently, any flaw present in the shared
technology possesses the capacity to pose a possible threat
to all users. These vulnerabilities have the potential to result
in data breaches, which can expose sensitive information and
result in financial losses, legal consequences, and reputational
damage for both service providers and customers.
Furthermore, these entities have the potential to interfere
with many services, exemplified by their involvement in denial-
of-service assaults, resulting in the deterioration or complete
cessation of these services. Resource abuse is a significant
worry in the realm of cybersecurity since malevolent actors
exploit communal technology for illicit objectives, resulting
in escalated expenses, diminished operational efficiency, and
compromised availability [19]. In order to address these risks,
it is imperative for both cloud providers and clients to adhere to
established best practices. These include timely patching and
update, resource isolation, segregation. Also, constant tracking
and auditing should ensure prompt detection of irregularities
or any breach in the security.
4) Insecure interfaces and APIs: Cloud computing security
is a great problem due to insecure interfaces and APIs. The
communication and interaction between the services are done
through these interfaces and APIs, but if the interfaces or the
APIs are poorly designed and also not secured, then they can
be the biggest dangers that a system may have. They could
arise through weaknesses in authentication, inappropriate en-
cryption, ineffective input validation, and poor error handling
18. The potential outcomes of these vulnerabilities might have
significant ramifications, such as instances of data breaches
where confidential data may be illicitly accessed, pilfered,
altered, or erased. This can lead to financial detriments, legal
implications, regulatory penalties, and reputational harm for
both cloud service providers and their clientele19. Furthermore,
service disruptions like DDoS attacks can have an impact on
the availability and performance of cloud services and apps.
In summary, the exponential expansion of cloud computing
has undeniably revolutionized the manner in which enterprises
manage their data and information technology requirements,
presenting a multitude of benefits in relation to adaptability,
availability, and cooperation. Nevertheless, this paradigm shift
has concurrently presented a plethora of security concerns and
vulnerabilities that necessitate resolution in order to safeguard
confidential information and uphold the authenticity of cloud
infrastructure.
B. Cloud Security Assessment Techniques
1) Penetration testing: Penetration testing is a technique
employed to assess the security of a cloud environment by
emulating an attack originating from a malevolent entity. This
process facilitates identifying familiar and unfamiliar vulnera-
bilities inside the cloud environment, encompassing miscon-
figurations, inadequate authentication mechanisms, insecure
Application Programming Interfaces (APIs), data breaches,
and more security weaknesses. It contains five stages, as
shown in Fig. 4. By identifying vulnerabilities that malicious
actors could exploit, penetration testing provides valuable
insights and suggestions for improving the security posture
and resilience of the cloud environment.
Penetration testing can be conducted at several levels inside
the cloud environment, including the network, application,
data, and user layers. Penetration testing can be undertaken
from several perspectives, including black-box, white-box, or
gray-box, depending on the test’s scope and objectives. Black-
box testing emulates the actions of an external adversary
without prior knowledge of the cloud environment. White-box
testing involves emulating an internal attacker who possesses
comprehensive access to and understanding of the cloud in-
frastructure. Gray-box testing involves emulating a partially
informed adversary with restricted access to or understanding
of the cloud infrastructure.
An example of penetration testing within cloud computing
is the AWS Penetration Testing service. This service enables
customers to seek authorization to conduct permitted tests
on their AWS resources. An additional illustration may be
in the form of IBM X-Force Red Vulnerability Management
Services. This service provides a comprehensive methodology
for cloud penetration testing, encompassing many aspects
such as infrastructure, apps, data, and users. In our research,
penetration testing is critical for assessing cloud security
vulnerabilities. This methodology is informed by the insights
provided by Vasenius (2022) in his thesis “Best Practices in
Cloud-Based Penetration Testing.” Vasenius’ comprehensive
analysis of cloud-specific penetration testing approaches, tools,
and best practices offers a valuable framework for our pen-
etration testing strategy, particularly in the context of cloud
environments and their unique security challenges20.
In 2022, Khuong et al. in [20] studied a novel architec-
tural approach called deep cascaded reinforcement learning
agents (CRLA). This approach was developed to tackle the
challenge of large discrete action spaces in an autonomous
penetration testing simulator. In such simulators, the number
of available actions grows exponentially as the complexity
of the cybersecurity network being tested increases. Using
an algebraic action decomposition strategy, the Comparative
Reinforcement Learning Algorithm (CRLA) demonstrates su-
perior efficiency and stability in determining the optimal attack
policy in scenarios characterized by extensive action spaces.
This outperforms the conventional deep Q-learning agent,
frequently employed as an artificial intelligence approach for
autonomous penetration testing.
In 2023, a research paper by Hu et al. in [21] introduced
a precise grey box penetration testing methodology known
as TAC. This strategy aims to identify instances of identity
and access management (IAM) vulnerabilities and privilege
escalation (PEs) in third-party services. Third-party cloud
security services are frequently employed to identify potential
PEs resulting from misconfigurations in IAM. In order to
address the dual issues of labor-intensive anonymizations and
potential exposures of sensitive information, TAC engages
with consumers through a selective querying approach that
focuses solely on the relevant information required. The pri-
mary finding of this article is that the IAM configuration
contains a limited amount of pertinent information for the
detection of IAM PE. This study introduces the concept of
IAM modeling, which allows for detecting a wide range of
IAM PEs by utilizing the limited information obtained from
queries. In order to enhance the effectiveness and versatility
of TAC, our objective is to reduce customer contacts by
implementing Reinforcement Learning (RL) in conjunction
with Graph Neural Networks (GNNs). This integration enables
TAC to acquire the ability to minimize the number of queries
made.
Our approach to penetration testing, especially in the
context of mobile cloud computing, is informed by the findings
and methodologies discussed by Bakar et al. in [22] provided
a comprehensive overview of penetration testing techniques
and best practices tailored for mobile cloud environments,
which is particularly relevant for our research as it addresses
the unique challenges and considerations in these settings.
Our penetration testing methodology is significantly influenced
by the groundbreaking work of Vuggumudi et al. in [23]
outlined an innovative approach known as Compliance Based
Penetration Testing (CBPT), specifically tailored for PaaS
environments. This approach underscores the importance of a
collective approach to security in cloud services, highlighting
the necessity for ongoing monitoring and compliance-aligned
testing. Such an approach is vital for our research, considering
the ever-changing landscape of cloud environments and the
continuous evolution of regulatory requirements.
2) Vulnerability scanning: Vulnerability scanning is a tech-
nique of systematically discovering, assessing, and reporting
security vulnerabilities in a cloud environment and It goes
through five stages as shown in Fig. 4. It helps enterprises
uncover gaps in their cloud services, infrastructure, and appli-
cations that potentially threaten the confidentiality, integrity,
or availability of their data and resources. Vulnerability scan-
ning also helps firms comply with security standards and
regulations, such as PCI DSS, HIPAA, GDPR, and more.
Vulnerability scanning can be performed using numerous tools
and approaches, such as automatic scanners, human audits,
code reviews, or ethical hacking. Vulnerability scanning can
be split into two types: active and passive. Active scanning
involves sending probes or queries to the cloud environment to
find vulnerabilities and measure their impact. Passive scanning
involves monitoring the network traffic or records of the cloud
environment to find vulnerabilities and irregularities.
An example of vulnerability scanning in cloud computing
is AWS Amazon Inspector, which is an automated security
evaluation tool that helps clients enhance the security and
compliance of their AWS applications21. Another example is
Digital Defense Frontline VM, which is a cloud-based vul-
nerability management tool that delivers continuous scanning
and reporting of cloud assets. Our research methodology for
vulnerability scanning incorporates insights and techniques
from Mitchell and Zunnurhain’s (2019) study, “Vulnerability
Scanning with Google Cloud Platform,” presented at the CSCI
conference [24]. This paper presents a detailed examination
of vulnerability scanning methods within the Google Cloud
Platform, offering a specific lens on how these scans can be
effectively utilized in cloud-based environments. Their work
provides a valuable perspective on the practical applications
and challenges of conducting vulnerability scans in such
settings, directly relevant to our research focus.
We have heavily referenced the comprehensive analysis
by Kritikos et al. [25] that meticulously evaluated the latest
tools and databases pertinent to vulnerability assessment in the
cloud. The survey’s detailed insights into these tools’ perfor-
mance, range, and functionalities significantly influence our
methodology, particularly in selecting and implementing the
most effective techniques for extensive vulnerability scanning
in cloud-based applications.
C. Future Trends in Cloud Computing Security
As cloud computing evolves, staying ahead of emerging
security challenges is crucial. Cloud security landscape is
expected to undergo significant changes in the coming years,
influenced by technological advancements and shifts in cyber
threats. Below are key trends that are likely to shape the future
of cloud computing security:
1) Increased reliance on AI and Machine Learning (ML):
AI and ML are set to play a pivotal role in cloud security. These
technologies can analyze vast amounts of data to identify
patterns indicative of cyber threats, enabling proactive threat
detection and response. As cyberattacks become more sophisti-
cated, AI-driven security systems will be critical in identifying
and neutralizing threats before they can cause damage[26].
2) Greater emphasis on zero trust architectures: The tradi-
tional security model of ’trust but verify’ is shifting towards a
’never trust, always verify’ approach. Zero Trust Architecture
(ZTA) will become more prevalent, where security protocols
require verification from everyone attempting to access re-
sources in the network, regardless of whether they are inside
or outside the network perimeter. This approach minimizes the
risk of internal threats and data breaches [27].
3) Expansion of edge computing: As the Internet of Things
(IoT) expands, edge computing will become more common,
processing data closer to where it is generated rather than in
a centralized cloud-based data center. This shift will require
new security strategies to protect data across more dispersed
networks22.
4) Enhanced regulatory compliance: With the growing
concern over data privacy and security, regulatory compliance
will become more stringent. Companies must adapt to these
regulations, which will likely require more robust security
measures to protect sensitive data, especially in industries like
healthcare and finance [28].
5) Blockchain for improved security: Blockchain technol-
ogy is expected to be increasingly adopted for cloud security
because it offers decentralized security and reduces single
points of failure. Its potential for ensuring data integrity and
preventing tampering will make it a valuable tool in enhancing
cloud data security23.
6) Rise in cybersecurity mesh: Cybersecurity mesh is a
flexible, modular approach that integrates various security
services. This trend will allow organizations to deploy and
integrate security where it’s most needed and manage it
in a more unified way, thus improving the overall security
posture24.