International Journal of Scientific Research in Science, Engineering and Technology Print ISSN: 2395-1990 | Online ISSN : 2394-4099 (www.ijsrset.com) doi : https://doi.org/10.32628/IJSRSET21852 A Comprehensive Overview of Privacy and Data Security for Cloud Storage Dr. Nikhat Akhtar*1, Dr. Bedine Kerim2, Dr. Yusuf Perwej3, Dr. Anurag Tiwari4, Dr. Sheeba Praveen5 1* Assistant Professor, Department of Computer Science & Engineering, Babu Banarasi Das Northern India Institute of Technology (BBDNIIT), Lucknow, Uttar Pradesh, India 2 Assistant Professor, Department of Computer Science, Faculty of Computer Science & IT, Al Baha Universit, Baha, KSA 3 Associate Professor, Department of Computer Science & Engineering, India 4 Associate Professor, Department of Information Technology, Babu Banarasi Das National Institute of Technology and Management (BBDNITM), Lucknow, Uttar Pradesh, India 5 Assistant Professor, Department of Computer Science & Engineering, Integral University, Lucknow, Uttar Pradesh, India ABSTRACT Article Info People used to carry their documents about on CDs only a few years ago. Many Volume 8, Issue 5 people have recently turned to memory sticks. Cloud computing, in this case, Page Number: 113-152 refers to the capacity to access and edit data stored on remote servers from any Internet-connected platform. Cloud computing is a self-service Internet Publication Issue: infrastructure that allows people to access computing resources at any location September-October-2021 worldwide. The world has altered as a result of cloud computing. Cloud computing can be thought of as a new computing typology that can provide on- Article History demand services at a low cost. By increasing the capacity and flexibility of data Accepted: 08 Sep 2021 storage and providing scalable compute and processing power that fits the Published: 18 Sep 2021 dynamic data requirements, cloud computing has aided the advancement of IT to higher heights. In the field of information technology, privacy and data security have long been a serious concern. It becomes more severe in the cloud computing environment because data is stored in multiple locations, often across the globe. Users' primary challenges regarding the cloud technology revolve around data security and privacy. We conduct a thorough assessment of the literature on data security and privacy issues, data encryption technologies, and related countermeasures in cloud storage systems in this study. Ubiquitous network connectivity, location-independent resource pooling, quick resource flexibility, usage-based pricing, and risk transference are all features of cloud computing. Keywords: Cloud Computing, Data Security, Artificial Intelligence as a Service (AIaaS), Cloud Storage, Data Access Control, Data Privacy. Copyright: © the author(s), publisher and licensee Technoscience Academy. This is an open-access article distributed under the terms of the Creative Commons Attribution Non-Commercial License, which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is properly cited 113 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 I. INTRODUCTION we can use cloud storage. As a result, the cloud will Today scenario, big data [1] is now rapidly developing require sufficient storage space as well as sufficient speed to load data simultaneously. The cloud era is in all research and engineering areas, including arrived! It's a game-changing invention that combines physical, Medical Internet of Things (MIoT) [2], public, private, and business process outsourcing biological, and biomedical sciences, due to the rapid capabilities. Scalability, elasticity, and flexibility are expansion of networking, data storage, and data all advantages of cloud-based services. User groups collection capacity. The rate of data production has and cloud service providers alike are concerned about grown Many data security and privacy [11] in cloud computing. In organizations are looking for cost-effective ways to the context of cloud computing, sensitive information store and analyses large amounts of data generated by covers data from a wide range of various fields and a variety of sources, including high-throughput specialties [12]. As a result of the recent growth of equipment, sensors, and connected devices. Big data new cloud technologies, privacy and data protection [3] technologies can take advantage of cloud computing [4] to deliver major benefits, such as the requirements have evolved to safeguard individuals against monitoring and database exposure. The study capability on data security and privacy in cloud computing significantly to in build, recent connect, years. configure, and reconfigure virtualized resources on demand with systems is summarized in this publication. automated tools. Cloud computing is a new paradigm that is altering how institutions, businesses, organizations, and individuals see and use various software systems [5]. Organizations that use cloudbased solutions don't have to host their software or manage their own servers [6]. The cloud computing is made up of hardware and software resources that are made available as managed external services over the internet. Advanced software applications and high-end server computer networks are used to provide these services. With the rapid expansion of computer, storage, and communication technology, the cloud computing [7] is a new computing model that may give users with programmable and shared resources. Cloud computing [8] providers link a huge number of nodes and network devices [9] to create one or more big data centers. Then they offer infrastructure, platform, storage, and software services, all of which are centered on data centers. The most well-known technology in the world is cloud computing. It offers a variety of services to its customers, and cloud storage is one of the most important aspects of cloud Figure 1 The Organization of Research Paper Framework computing [10]. To store data in the cloud network, International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 114 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 The remaining sections of this work are organized as the major challenge in cloud computing is data follows. The related works is presented in section II. We describe the cloud computing in section III cloud sharing. data storage in section IV. In section V, we present This paradigm shift that comes with cloud computing the security and privacy threats in cloud data storage. usage is increasingly causing security and privacy We are widely discussing the possible solutions for concerns about aspects of cloud computing such security and privacy threat in cloud data storage in multi-tenancy, section VI. We present benefits of cloud computing in accountability [18]. Before consumers and businesses sections VII. We conclude this paper in section VIII. use cloud computing, users' security concerns must be In section IX, we present future work of cloud addressed in order for the cloud environment to be computing. This paper gives an organizational trusted. The trustworthy environment is the basic framework in figure 1 to clearly depict the general prerequisite to win confidence of users to adopt such structure. a technology. The assessment of cloud computing trust, loss of control, and hazards was examined by Latif et al. [19]. In other research, cloud infrastructures are combined with II. RELATED WORKS unique services aimed at specific businesses. To put it Any hosted service offered over the internet is another way, the cloud is designed to provide specific referred to as cloud computing. Servers, databases, services to clients, such as cloud computing for software, analytics, and other computing tasks that manufacturing or cloud computing for health care may be operated over the cloud are frequently [20]. included in these services [13]. The act of operating workloads within clouds is known as cloud Shynu et al. [21] explored several ways of secret computing. IT settings in which scalable resources are communication, such as the secret channel, side abstracted, pooled, and shared across networks. channel attack, and fuzzy technology, addressed secret communication technology in relation to In recent years, cloud computing privacy and security application situations, and demonstrated its benefits issues have been a popular topic [14]. Data privacy, and drawbacks. Lo’ai et al. [22] presented a mobile data protection, data availability, data location, and cloud computing concept that may be applied to a secure transmission are the most pressing concerns in wide range of applications. The proposed architecture cloud data security. Threats, data loss, service can be used to store and analyse data collected by disruption, outside malicious assaults, and multitenancy difficulties are among the security challenges various sensors and IoT devices. In restricted circumstances, the obtained data will be transferred in the cloud [15]. Users of this technology outsource to the mobile [23] cloud model for analysis and their data to a cloud provider's server located outside making the best decision possible. Johanna et al. [24] of their premises [16]. Memory, processor, bandwidth, looked into a variety of covert communication and storage are also visible and accessible via the Internet by a client. By focusing on privacy technologies, including hidden channels, bypass, and fuzzy technology. These approaches, on the other protection, data segregation, and cloud security, Chen hand, are a type of non-mainstream technology and et al. [17] investigated privacy and data security application, with a very limited application scope. challenges in cloud computing. Data security issues Cloud storage is similar to cloud computing in terms are primarily at SPI (SaaS, PaaS, and IaaS) level and of accessible interfaces, scalability, and measurement resources because it is based on virtualization International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 115 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 infrastructure. It consists of four layers [25], cloud et. al [36] investigated several security service storage supplies data access services including data storage, data computation, authentication, and access methods based on Blockchain, such as authentication, confidentiality, access control list, resource sources control. Due to the characteristics of cloud storage, and integrity assurance, and discussed the challenges data security and privacy issues are inevitably of security services. generated in this process. A Blockchain [37] controller, cloud server, and authentication server (AS) are used to establish a Furthermore, the cloud provides the required cloud-based software defined network (SDN). To administration and control capabilities to support obtain the secret key, researchers recommend that all (regulatory) governance [26] rules while also meeting users register with the AS [38]. Nikhat Akhtar at. al. the needs of multinational corporations [27]. Zhang et [39] presents a comprehensive literature review of al. [28] provided a technical review of four SE systems, recent contributions focused on the Medical Internet including searchable symmetric encryption (SSE), of Things (MIoT). Medical Internet of Things-based public key encryption with keyword search (PEK), attribute-based encryption with keyword search healthcare services are expected to improve the user's quality of life, lower prices using clouds. In this (ABK), and proxy re-encryption (PRES). Several SE publication, Jeffrey and colleagues [40] investigate the technologies, effectiveness of deep learning algorithms based on including searchable symmetric encryption (SSE), public key encryption keyword Recurrent search (PEKS), attribute-based encryption keyword identifying malware in cloud Virtual Machines (VMs). search (ABKS), and proxy re-encryption keyword We concentrate on two key RNN architectures: search, were summarised by Zhang et al [29]. (PRES). LSTMs (Long Short-Term Memory RNNs) [42] and Neural Networks (RNNs) [41] for Bidirectional RNNs (Bidirectional RNNs) (BIDIs). They just provided a technical description of the Based on run-time fine-grained processes system searchable encryption paradigm, with no relevant metrics like as CPU, memory, and disk use, these algorithms or performance comparison studies. Yusuf models learn the behavior of malware over time. Perwej et al. [30] in this paper highlight the main Bader et al. [43] conduct a thorough literature review Hadoop and to assess existing research on cloud computing analysis that may affect big data. Moreover, big data security, dangers, and problems. This systematic [31] can be advantageous as a base for the literature review examined the research studies development of the future technologies that will published between 2010 and 2020 within the popular transform the world as we see it, like the cloud computing, Internet of Things (IoT) [32], or on- digital libraries. security, technological viewpoint III. Cloud Computing demand services, and Blockchain [33]. Edemacu et al. [34] examined and analysed the security, revocation This section delves deeper into cloud computing. The ability, and efficiency of various attribute-based Internet of Things (IoT) [44], or the interconnection cooperative electronic health encryption methods. The privacy protection technology mentioned in this of people, devices, and "things," is growing as the study, on the other hand, is relatively simple. Yusuf to the Internet grows. The cloud service provider Perwej and colleagues take a quick look at the platform [45] generates and hosts an unprecedented technical components of IoT security. Because when volume of data. Many applications and services will only two instruments were combined in the field of be hosted in the cloud due to the cloud's high medical care, security was a major concern [35]. Tara performance, scalability, and reliability. The word number of information detecting devices connected International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 116 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 "cloud," often known as "cloud computing," refers to any type of remote data storage solution [46] shown in figure 2. To be clear, your data is saved on remote servers and may be accessed via the Internet, rather than on your hard discs or local memories. You can rent rather than buy your IT using cloud computing. Companies prefer to access their compute capacity over the internet [47], or the cloud, and pay for it as they use it, rather than investing extensively in databases, software, and hardware. Servers, storage, databases, networking, software, analytics, and business intelligence are now among the cloud services available. Cloud computing enables businesses to develop, innovate, and support business IT solutions with the speed, scalability, and flexibility that they require. There has been a substantial growth Figure 2 The Cloud Computing in cloud computing usage over the last several years as firms increasingly [48] appreciate the cost savings, 3.1 Categorized of Cloud Computing easy scalability, and work flexibility afforded by cloud. The global market for cloud-based services is Several kinds of cloud computing models have expected to grow to $436 billion by 2024, up from emerged as the cloud has evolved. Public cloud, edge $326 billion in 2020, with over 64 percent of cloud, private cloud, multi cloud, hybrid cloud, businesses [49] adopting the cloud in some way. distributed cloud, and community cloud are the Cloud computing saves businesses money on both hardware and software upkeep. By ensuring that our different types of cloud computing deployments. Each form necessitates a different level of client control data is always available, an internet cloud architecture and offers varying levels of protection and privacy improves organization productivity and efficiency. [50]. 3.1.1 Public Cloud In a public cloud, the cloud provider's whole computing infrastructure is housed on its premises, while the customer receives services via the internet. Customers don't have to worry about maintaining their own IT, and they can easily add more users or computer power as needed. Multiple tenants share the cloud provider's IT infrastructure in this scenario. Typically, the public cloud is highly [51] segregated to prevent cloud service overlap among different enterprises and to ensure each business's privacy and security. The public cloud's scalability is one of its International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 117 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 most appealing features. Furthermore, most public 3.1.4 Multi Cloud clouds operate on a pay-as-you-go basis, meaning that users only pay for the cloud services that they use. Enterprises are attempting to de-risk themselves by putting various workloads in different clouds, hence a 3.1.2 Edge Cloud multi cloud strategy is the preferred model nowadays. The usage of multiple cloud computing and storage To lower processing costs and provide more low- [54] devices in a single architecture distinguishes latency experiences for consumers, edge clouds hybrid cloud from multi cloud. Some organizations decentralize computing power to clients and devices also prefer multiple clouds, as each cloud may offer a at the network edge. Edge cloud [52] will be a one-of- different a-kind ecosystem of open and interconnected data personalize centers, with data center operators and carrier network with multi cloud. technology and capability. Businesses compartmentalize their may cloud alliances allowing it to reach critical mass Depending on the QoE objectives and resource requirements for a given application, the edge cloud can be located in 3.1.5 Hybrid Cloud any number of network locations. The location of the Hybrid clouds, as the name implies, are a mix of Edge cloud will vary depending on the perspective of public and private clouds meant to work together an end-user, network operator, or application seamlessly, transferring services and applications from provider. one to the other. Hybrid cloud customers typically host business-critical apps on their own servers for 3.1.3 Private Cloud increased protection and control, while storing secondary applications at the cloud [55] provider's A private cloud is a cloud that is only used by one location. With hybrid clouds, business owners can company. It could be hosted on the organization's simply scale up their network infrastructure by premises or in the data center of the cloud provider leveraging the public cloud while keeping their data [53]. The maximum level of protection and control is privacy, security, and access control in the private provided by a private cloud. This private cloud is cloud. The hybrid cloud model is also preferable for exclusively available to customers of a single firm or hosting workloads that must meet compliance or data group of companies, and the [51] organization has the security standards. freedom to build the private cloud to meet its specific needs. Administrative control, privacy, and security are all advantages of private clouds for business 3.1.6 Distributed Cloud owners. Private clouds are often surrounded by high- Distributed cloud is a public cloud computing service security firewalls, with only approved users permitted that allows you to run public cloud infrastructure in access. For businesses that deal with sensitive multiple locations, including on premises, in the data information or that have strict regulatory requirements, using a private cloud enables them to centers of other cloud providers, and in third-party data centers or co-location centers, all while easily make any configuration modifications that are managing everything from a single control plane. relevant to their line of business. According to a current trend, Gartner defines distributed cloud as the distribution of public cloud services to different physical locations, but the original public cloud provider is responsible for the International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 118 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 services' operation, governance, updates, and 3.2 Services of Cloud Computing evolution [56]. Distributed cloud speeds up worldwide service communication while also Cloud services are now available to satisfy almost any allowing for more responsive communications for any IT requirement. It's more about finding the proper given region. Distributed cloud computing provides solution to suit your business and personal needs than repeatability and dependability, as well as geo- there is a one-size-fits-all strategy to cloud. Each replication, which helps to save costs while also service model represents a different component of the providing instantaneous fail-overs via remote replicas cloud stack with its own set of responsibilities for you that may be reset in the event of a failure. Distributed and the service provider [58]. cloud allows breaking complex problems and data into smaller pieces and has multiple computers which can be worked upon in parallel. 3.1.7 Community Cloud A community cloud allows a group of multiple organizations to access systems and services in order to communicate information between the organization and a specific community. The goal of this concept is to allow numerous customers to collaborate on community-owned projects and apps when a centralized cloud infrastructure is required. In other words, Community Cloud is a distributed infrastructure that integrates the services given by many types of cloud solutions to answer the specific concerns of business sectors. With hybrid clouds, business owners can simply scale up their network Figure 3 Types of Cloud Computing Service Models infrastructure by leveraging the public cloud while keeping their data privacy, security, and access control in the private cloud. The hybrid cloud model is also preferable for hosting workloads that must meet compliance or data security standards. Because of the exclusive user group, organizations do not have to be concerned about the security problems associated with public cloud. It is owned, managed, and operated by one or more organizations in the community, a third party, or a combination of them. The community cloud is scalable and versatile since it Infrastructure, platforms, and software that are hosted by third-party providers and made available to consumers via the internet are known as cloud services. Although there's great variety among cloud services, all such services have certain basic features and benefits in common, and all can be categorized into a few basic cloud service types shown in figure 3. 3.2.1 Infrastructure as a Service (IaaS) is generally compatible with all users and may be modified to suit their needs. Infrastructure as a Service (IaaS) is the service paradigm that your cloud technology deployment is built on. You can get on-demand access to essential IT International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 119 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 resources like computers, networking, and storage uses cloud-based services to streamline enterprise through an IaaS provider [59]. IaaS gives you access to a scalable, state-of-the-art hardware resource that communications. Through a partnership with a united communications organization, UCaaS provides can be scaled to match your company's processing and collaboration features such as instant messaging, storage requirements. We're using this infrastructure video conferencing, file sharing, and more. Businesses to provide your company's applications, software, and can save a significant amount of money by using platforms while relieving you of the burden of UCaaS. administering and supporting them. 3.2.4 Software as a Service (SaaS) 3.2.2 Everything as a Service (XaaS) SaaS (Software as a Service) is a cloud service The X in Xaas serves as a variable in the same way as paradigm that gives you access to a fully functional it does in mathematics. As a result, this word might software product that is run and managed by the mean "Anything as a Service" or "Everything as a Service." The name XaaS stands for "everything as a service provider. The majority of SaaS solutions are end-user applications. The customer uses the internet Service," and it refers to a wide range of products, to access those applications. Rather than purchasing tools, and technology that are becoming increasingly and maintaining their own computing infrastructure, popular as a service offering [60]. XaaS is frequently [62] SaaS customers opt for a pay-as-you-go chosen by businesses because the as-a-service subscription to the service. SaaS is the best choice for approach many businesses since it allows them to get up and can implementations. reduce With costs every and simplify additional IT cloud running quickly with available. the A most cutting-edge service, an organization can shed pieces of its in- technology web-based customer house IT infrastructure, leading to fewer servers, hard relationship management (CRM) solution is a drives, network switches, software deployments and frequent SaaS example. We are store and manage all more. The primary financial advantage of employing your contacts via CRM [63] without having to the XaaS model is that it saves money. The Internet of upgrade the software to the latest version or Things (IoT) [61] is another cornerstone of many maintaining the server and operation system the businesses that need to function online, and XaaS is a software is running on. major contributing factor to how well this works for you, too. 3.2.5 Storage as a service (STaaS) 3.2.3 Unified Communications as a Service (UCaaS) Storage as a Service (STaaS) allows businesses to consume storage as needed. Instead of purchasing and In light of recent developments, unified maintaining storage infrastructure, this service allows communications as a service (UCaaS) has gotten a lot businesses to add, delete, or adjust of attention. Unified communications as a service (UCaaS) is a cloud-based solution paradigm for all of a requirements as needed, and only pay for the storage that is used. Enterprises, small and medium company's communication needs. This will typically organisations, home offices, and individuals can use combine tools like email, video conferencing, instant the cloud for multimedia storage, data repositories, messaging and more into a fully-mobile suite that can data backup and recovery, and disaster recovery with be accessed from any device. UCaaS (Unified STaaS. There are other higher-tier managed services Communications as a Service) is a technology that that build on STaaS, such as database as a service, International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 storage 120 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 which allows you to write data into tables hosted by prevention, antivirus management, spam filtering, CSP resources. network security, identity management, and other services may be included. 3.2.6 Platform as a Service (PaaS) 3.2.8 Functions as a Service (FaaS) Platform as a Service (PaaS) is a cloud service model in which you use a service provider to access a Before we can comprehend Functions as a Service, we combination of hardware and software tools. The must first comprehend the most commonly used most prevalent usage of PaaS is for application technical word for FaaS server less computing. Server development. Customers can use the PaaS to get the less computing [69] is a cloud computing approach in developer tools they need to build and manage mobile which and web applications without having to invest in [64] infrastructure decisions and server maintenance. The or maintain the underlying infrastructure. The allocation of resources is handled by the cloud service infrastructure and middleware components are hosted by the provider, and the consumer uses a web provider, so the application architect does not have to worry about it. FaaS is a new cloud computing service browser to access them. PaaS solutions must have that is transforming many industries. It's a server-less ready-to-use programming components that enable computing idea that allows software developers to developers to include new features into their apps, create apps and distribute particular "functions," such as artificial intelligence (AI) [65], chatbots, pieces of business logic, or actions without the need Blockchain [66], and the Internet of Things (IoT) [67]. for a server. It increases the efficiency as developers The right PaaS offering also should include solutions need not to consider server operations because they for are analysts, end users, and professional IT developers hosted are relieved externally. Examples of low-level of FaaS include administrators, including big data analytics [68], Google Cloud Function, Microsoft Azure Functions, content management, database management, systems Webtask.io, Iron.io, Open Whisk, and AWS Lambda. management, and security. 3.2.9 Test environment as a Service (TEaaS) 3.2.7 Security as a Service (SECaaS) The test environment as a service paradigm, which is The Security as a Service (SECaaS) is a service given an on-demand test environment, allows businesses to by a managed security services provider that allows test their software or apps using only a web browser. businesses to free up security resources by having the service provider take full responsibility for security. Clients save money on the deployment of test infrastructure for testing, as well as the tools needed Because it enables secure access to apps and services for testing and maintenance. Clients benefit from regardless of where they are hosted or when users TEaaS since it reduces the costs of physical connect, security as a service has become a key infrastructure, business enabler in the increasingly cloud and mobile world. SECaaS solutions can be scaled up or down as maintenance, testing resources, and so on. Concerns concerning cyber security in a cloud-based test required and are provided on demand where and environment, on the other hand, are a major when you need them. That means you won't have to impediment to the worldwide test environment as a worry service market's growth. about deployment or updates because testing tools, IT support staff everything is handled by your SECaaS provider and accessible via a web-based dashboard. Data loss International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 121 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 3.2.10 Communication as a Service (CaaS) not on individual machines or laptops. The service The “Communications” is represented by the C in provider is responsible for all data management, backup, and storage [73]. DaaS runs across a range of CaaS. This means we'll use a single vendor to handle operating systems and device kinds, which promotes all of your communication needs. This cover, among the trend of employees bringing their own devices to other things, phone over IP, instant messaging, work and relieves the cloud service provider of the collaboration, and video conferencing. The supplier is responsibility of supporting the desktop on all of in charge of all hardware and software administration those devices. Desktop as a Service (DaaS) has a in this situation. They usually charge on an on- number of distinct advantages over the traditional demand basis so you’ll always only pay for what you desktop paradigm. Deploying or decommissioning need. This means that this model is flexible and will active end users with DaaS is much faster and less grow as your need for communication grows. expensive. 3.2.11 Artificial Intelligence as a Service (AIaaS) 3.2.13 Network-as-a-Service (NaaS) Artificial intelligence as a service (AIaaS) is a third- Network-as-a-Service enables us to gain direct and party AI outsourcing service. AIaaS refers to AI secure access to network infrastructure. Custom platforms that allow businesses to implement and routing protocols can be deployed using NaaS. To grow AI approaches for a fraction of the expense of a provide network services to customers, NaaS employs full-fledged AI department [70]. The term "service" virtualized network infrastructure. The network in AIaaS refers not only to the cloud-based software resources must be maintained and managed by the delivery model, but also to the extent to which the NaaS provider. Having a provider work for a customer vendor is involved in the process. The nine yards of reduces the customer's workload. Furthermore, NaaS AI [71] are delivered as a unified platform by IT provides network as a service. NaaS is also based companies on pay-per-use model. delivering AIaaS, from problem conceptualization to keeping the model on track and expanding to new use cases, through constructing the 3.2.14 Disaster Recovery as a Service (DRaaS) model, deploying the solution in production, and sustaining it in real-world settings. AI cloud offerings Disaster recovery as a service, or DRaaS, is the including Amazon Machine Learning, Microsoft replication of physical or virtual servers hosted by a Cognitive Services and Google Cloud Machine Learning [72] can help organizations what might be third party to offer failover in the case of a man-made or natural disaster. DRaaS can be especially useful to possible with their data. AIaaS solutions also provide organizations that lack the necessary expertise to more scalability, flexibility, and also use. provision, configure, and test an effective disaster recovery plan. The goal of DRaaS is to achieve a quick 3.2.12 Desktop as a Service (DaaS) recovery point [74]. This means that the data will be restored as closely as feasible to its current "now" Desktop as a Service (DaaS) is a sort of offering that state. Typical recuperation time goals are 4 hours or provides virtual desktops to end customers. It is less, and equipment that are geographically located in extremely working a different place will be brought up. Third parties robust bear complete responsibility for disaster recovery security, as all information is stored on the server, and under the managed DRaaS paradigm. Choosing this popular environment. Virtual in the desktops remote promise International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 122 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 option requires organizations to work closely with communication DRaaS providers to keep all infrastructure, application, and service changes up to date. If you exchanged as structured text, such as XML or JSON (JavaScript Object Notation) in a specified syntax. don’t have the expertise and time to manage your However, data may also be passed to the service in own disaster recovery, this is the best option. the model’s native format. interface in MDaaS. Data is IV. Cloud Data Storage 3.2.15 Monitoring as a Service (MaaS) Cloud storage is a cloud computing approach in Monitoring as a Service (MaaS) is a security service which data is stored on the Internet and managed and that protects a company's IT assets 24 hours a day, operated by a cloud computing provider. It's on- seven days a week. It is critical in protecting an demand, with just-in-time capacity and costs, and it organization's or government's clientele from cyber saves you money by not having to buy and manage threats. It is a framework that facilitates the your deployment of monitoring functionalities for various other services and applications within the cloud. computing integrates the concepts of [76] grid computing, distribution, and utility computing, MaaS is an outsourced monitoring service with a among others, to create a vast pool of shared virtual flexible and consumption-based [75] subscription resources by connecting a large number of computers, model. However, in order to monitor effectively and storage, and software resources. Cloud data storage is efficiently, the business needs have up-to-date a type of data storage that involves sending data over equipment, professionals with extensive technical the Internet and storing it on remote systems that capabilities, and scalable security processes, all of may span several servers and locations. Cloud storage which come at a significant cost. Online state can be offered by a service provider, installed on- monitoring is the most typical MaaS application, premises in a company's own data center, or a hybrid networks, systems, which continuously monitors of the two. Large data centers are maintained by particular states of apps, instances, or any other cloud service providers in numerous locations across element that can be deployed in the cloud. the world. Depending on the extent of the cloud own data storage infrastructure. Cloud provider's operation, the server with which you 3.2.16 Model as a Service (MDaaS) connect sends your data [78] to a pool of computers situated in one or more data centers. Using a cloud A Model as a Service (MDaaS) is a service that allows service provider's infrastructure to securely store your you to run simulation models. The MDaaS is primarily concerned with the application of a model data, apps, and workloads is known as cloud storage. Users that want to adopt cloud computing are to data. The model can be pre-deployed, has a well- concerned about data security and privacy. This known service endpoint, and extra data services may technology needs proper security principles and be available. This is a regular occurrence in mechanisms to eliminate users concerns. operational models used in a production setting. Before execution, this model can be dynamically 4.1 Cloud Storage Classes deployed from the client. Such behavior is required for the development of model services for research The concept of cloud storage is similar to that of data purposes. Both approaches cater to a distinct storage. Information is saved in logical pools in cloud workflow, as well as the requirements for availability storage, whereas physical storage necessitates a large and security. Web services are used as the client's number of computers and, in certain cases, many International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 123 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 locations. Unmanaged cloud storage and managed metadata, which limits organizational flexibility, and cloud storage are the two primary categories in which cloud storage may be found. The storage [79] is its higher price and complexity. preconfigured for the customer in unmanaged cloud 4.2.2 Object Storage storage. The consumer is unable to format, install his own file system, or change the properties of his hard Object storage is distinct from file and block storage drive. Managed cloud storage provides on-demand in that data is managed as objects. The data in a file, internet storage capacity. The managed cloud storage its accompanying metadata, and an identifier are all system appears to the user to be a raw disk that the included in each object. Objects save data in the user can partition and format. format in which it is received and allow metadata to be customised in ways that make the data easier to 4.2 Type of Cloud Storage Formats access and analyse. An object storage protocol uses the RESTful API to store a file and its associated Cloud storage employs a logical memory paradigm, which enables providers to store your data on several metadata as a single object and assign it an ID number. The user gives the ID to the system to servers in various regions while being completely retrieve content, and the content is assembled with transparent to you. People may now upload all full information, authentication, and security. Objects personal data stored on their mobile phones to their are stored in repositories that provide almost infinite cloud storage accounts with a single click using scalability, rather than being structured in [81] files or specialized software available for various OS versions. folder hierarchies. Object storage helps you to Dropbox and Google Drive are two examples of optimise storage resources in a cost-effective manner popular cloud storage options. The three most because there is no filing hierarchy and the metadata common forms of cloud storage formats are block is customisable. The object storage protocol is used by storage, object storage, and file storage. all backup apps, which is one of the reasons why online backup to a cloud service was the first 4.2.1 Block Storage successful cloud storage application. The main disadvantage of object storage is that data cannot be Block storage, which is commonly used in SANs, is modified segment by segment. Only the whole object also widely used in cloud storage settings. Data is can grouped into big volumes called "blocks" in this performance. We need to restore the object, add a storage model. Each block corresponds to a different hard drive. Cloud storage providers use blocks to split new row, and write the entire object back into the object storage system. As a result, this type of storage large amounts of data among multiple storage nodes. is unsuitable for applications with frequent data Block storage is quick, efficient, and delivers the low changes. latency that database and be changed, which has an impact on high-performance workloads require [80]. Block storage, when used in the cloud, grows effortlessly to meet the development 4.2.3 File Storage of your company's databases and applications. If your The file storage method preserves data in a website collects a lot of visitor data that has to be hierarchical file and folder structure that is familiar to saved, block storage can be a good option. The most of us. It is often used with network attached primary disadvantages of block storage are its lack of storage and personal computer storage discs (NAS). Regardless of whether the data is stored in the storage International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 124 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 system or on the client, the hierarchy makes it easier means that there are significant security and privacy and more natural to search and retrieve files when needed [82]. Development platforms, home folders, problems that must be considered by all parties involved in the cloud computing arena while and repositories for video, audio, and other data all employing cloud computing. Cloud computing has a need file storage. The primary disadvantages of file number of problems. The following are the issues storage, if we plan for your data to grow, there is a that need to be addressed. certain point at which the hierarchy and permissions will become complex enough to slow the system 5.1 Handle Access for Remote Work significantly. One of the most appealing features of cloud V. Security and Privacy Threats in Cloud Data Storage applications is that they can be accessed from any device with an internet connection. However, more Today, the cloud makes software, platforms, apps mean more URLs and passwords to maintain and infrastructure, and storage more flexible and economical for businesses of all sizes. In this part, support, and the rise of mobile devices adds yet another access point to handle. IT departments must we'll discuss the security and privacy risks associated facilitate access across multiple devices and platforms with cloud data storage. Security and privacy are without compromising security. broad topics in cloud computing. In comparison to traditional systems, the cloud has novel security 5.2 Privacy of Cloud Data requirements [83]. Because the consumer no longer security The data on the cloud is distributed all over the architecture is broken. When data is kept on a remote world. The user has no knowledge of the location of server, users lose physical control over it [84], and data and has no control over the physical access they delegate that control to an untrustworthy cloud mechanisms to that data. Many countries, cultures, provider or party. Because cloud computing is made and jurisdictions have vastly different ideas about up of numerous technologies, such as databases, privacy. When an investigation happens, there is also operating systems, different networks, transaction the issue of whose jurisdiction the data belongs under. management, [85] virtualization, it poses a number of There are several databases and applications in a security risks. As a result, security concerns about distributed system. Governments [26] should have at these systems and applications apply to the cloud least a rudimentary policy in place to deal with such computing as well. Privacy is a complex topic that has different interpretations depending on contexts, circumstances. cultures and communities, and it has been recognized 5.3 Administrative Entrance owns the infrastructure, traditional as a fundamental human right by the United Nations [86]. Other difficult challenges in cloud computing Administrative access in cloud computing is done security include the formulation of a legal definition for cybercrime, the issue of jurisdiction (who is liable over the internet, which raises the danger. It is very important to control administrative access to data and for what information and where are they held monitor the access to maintain protocols. responsible for it), and the regulation of data transfers to third nations. Access control, user authentication, and data encryption [87] are all standard security features offered by most cloud storage providers. This International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 125 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 5.4 Access Control techniques to analyse user data. As a result, customers Data security must be given extra attention when data can store and analyze data on the cloud with the help of a cloud service provider. The lack of transparency is outsourced to the cloud, which is untrustworthy might also result in the loss of a significant amount of since it is in a domain where security is not regulated data. by the data owner. When more than one entity wants to exchange data, a method must be in place to limit 5.7 Service Hijacking who has access to that data. The literature [88] has discussed a variety of strategies. Those techniques Phishing, fraud, and software exploitation flaws are were proposed to keep data content confidential and the most common ways to steal an account's keep and credentials and passwords, and they still work. disclosing the data by using access control while Credentials and passwords can be reused, which permitting many authorized entities to share those increases the impact of such assaults. All the data. transactions achieve network traffic between user and cloud service provider. When an attacker acquires 5.5 Data Breaches access to a user's credentials, he can listen in on the unauthorized entity from accessing user's transactions and personal information [92]. A data breach happens when an unauthorized person or group of persons accesses protected, secure, sensitive, or confidential data. Users 5.8 Denial of Service and organizations in a cloud environment all have access Because of the crucial services they provide, certain to the same data. Any breach of this [89] cloud businesses require their systems to be available at all environment would open the door to all users' and times. The cloud services provider makes resources businesses' data. The attacker's primary aim is usually available to a large number of clients. If an attacker not the user, although the user is ultimately affected. uses all available resources, others cannot use those Because of multi-tenancy, customers using different resources, which leads to denial of service and could applications on virtual machines could share the same slow accessing those resources. Customers that use database and any corruption event that happens to it cloud services and are victimized by the botnet could is going to affect others sharing the same database also seek to disrupt the availability of other providers. [90]. 5.9 Transmission of Data 5.6 Cloud Data Control and Loss of Transparency Data is transmitted from one location to another in a Consumers are ignorant of the data loss that is out of cloud system. Although encryption is used to protect their control due to the cloud service provider's data during transmission, most data is not encrypted storage of data. The user's access to confidential data stored in the cloud could be compromised [91]. The during processing, and it must be unencrypted in order to be processed for any purpose. An attacker user has no idea where, how, or when the data is can find a place between communication paths. The handled due to a lack of transparency. To fix this attacker can change the communication. issue, the user must understand what happens to the data. Cloud service providers are technically able to do data mining as well as data abstraction need International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 126 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 5.10 Lack of Trust and Dependence on Cloud Provider 5.14 Keeping Application Integrations Up to Date The availability of cloud services is a key issue. Due to a shortage of funds, the cloud service provider has Enterprise cloud apps of today are built on cutting- ceased to provide services, and users may experience edge, internet-optimized architectures. Vendors can difficulties accessing their data. Some widely used design their services and accompanying interfaces cloud service provider, for instance Google Drive does using the contemporary web technologies that not provide any contract between the user and cloud underpin these apps. service provider. professionals, that also means that every new vendor Unfortunately for the IT may require a new approach when it comes to 5.11 APIs and Storage Gateways integration, particularly concerning user authentication and management. To help them migrate their data to the cloud, several businesses employ cloud storage APIs or storage gateways. Between the [93] user and the storage 5.15 Data Location provider, these products serve as a go-between. They Cloud providers have a slew of data centres strewn may make it easier for your employees to access and over the globe. Users of cloud computing need to manage data in your cloud, but an insecure API or know where their data is stored, hence data location gateway could endanger your data. If you want or is a problem. Depending on the jurisdiction, some need to utilize a storage API or gateway, ensure sure countries compel corporations to retain their data in it has a good reputation for security. their country. Also, there are regulations in some countries where the company can store their data. 5.12 Sharing of Data Also, the data location matters when the user data is stored in a location that is prone to wars and disasters. The utilisation of data is rising as a result of data sharing. The data owners can grant one party access 5.16 Latency to the data, and that party can then share the data with others. This sharing can lead to major issues, Traffic congestion can cause delays in data such as data leaks to an unauthorized people. transmission to and from the cloud, especially when Therefore, during the data sharing especially when using shared public internet connections. Companies, shared with a third party, the data owners need to consider whether the third party continues to on the other hand, can reduce latency by increasing connection bandwidth. maintain the original protection measures and usage restriction. 5.17 Distributed Denial of Service (DDoS) Attacks 5.13 Destruction of Data DDoS attacks aren't new, but they can be particularly debilitating when directed against our company's When data is no longer needed, it is expected to be public cloud. DDoS attacks have a significant impact totally deleted. The data destroyed may still persist on the availability and security of key infrastructure and be restored due to the physical features of the in the cloud [94]. This form of assault can be storage medium. This could lead to the disclosure of crippling, causing systems to slow down or shut sensitive information. down. DDoS attacks also consume significant amounts International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 127 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 of processing power a bill that the cloud customer according to the report [96]. When a denial of service (you) will have to pay. assault is launched against a client's cloud service, the service may be harmed rather than shut down, in 5.18 Multi Tenancy which case the customer will be billed by his cloud service for any resources utilized during the attack. The term “multi-tenancy” refers to the sharing of Cloud computing, on the other hand, has increased physical equipment and virtualized resources among their popularity [97]. These assaults consume a lot of numerous users. An attacker could be on the same computing power and slow down cloud availability. physical machine as the target if this arrangement is The worst part is that there's nothing you can do but used. Multi-tenancy characteristics are used by cloud sit and wait once it happens. providers to create infrastructures that can easily scale to meet customers' needs; nevertheless, because 5.21 Regulatory Compliance resources are shared, it may be easier for an attacker to obtain access to the target's data. Certain industries, such as healthcare and finance, have to comply with strict data privacy and archival 5.19 Virtual Machine Rollback regulations, which may prevent companies from using cloud storage for certain types of files, such as Rolling back a virtual computer to its earlier state is a medical and investment records. Choose a cloud process. This procedure has additional security risks storage provider that enables compliance with any because it gives the user more flexibility. For industry rules that affect your business if at all example, a virtual machine could be rolled back to a possible. previous vulnerable state that has not been repaired [95] or to an out-dated security policy or old 5.22 Loss of Control configuration. In another example, a user could be deactivated in a previous state but still have access Another potential security breach that can occur when the virtual machine's owner rolls back. when customers' data, apps, and resources are housed on the cloud provider's premises is loss of control. As 5.20 Denial of Service (DoS) Attacks the users do not have explicit control over their data, this makes it possible for cloud providers to perform Denials of service assaults are an old approach in the data mining over the users’ data, which can lead to internet world, but they still pose a concern. Before operations are clogged by hundreds of thousands or security issues. Furthermore, because cloud providers store data in multiple data centers, customers cannot millions of automated requests for service, they must be certain that their data is truly deleted when they be discovered and screened out. However, attackers remove it. This could lead to data being misused that have devised increasingly sophisticated and dispersed hasn't been removed. In these types of situations methods of carrying out the attack, making it more difficult to distinguish between malicious actors and where the consumers lose control over their data, they see the cloud provider as a black-box where they legitimate users in a modern-day botnet attack. For cannot directly monitor the resources transparently. cloud customers, "experiencing a denial-of-service attack is like being caught in rush-hour traffic gridlock: there's no way to get to your destination, and nothing you can do about it except sit and wait," International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 128 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 5.23 Cryptojacking clients by ensuring them that their operations are Cryptojacking is a sort of cyber-attack in which a certified to meet organizational safeguards and standards. hacker uses a target's processing capacity to mine crypto money on his or her own behalf. Individual 5.26 Cross Virtual Machine (VM) Side-Channel customers, large institutions, and even industrial Attacks control systems can all be targets of cryptojacking. Cryptojacking virus slows down infected machines The attacker must be in a different virtual computer since the mining process takes precedence over other on the same physical hardware as the victim to carry legitimate tasks [98]. Cryptojacking has become a out this attack. The attacker and the victim are both serious global problem, with cybercriminals gaining using the same CPU and cache in this attack. When unauthorized entry to computer systems to make the attacker switches the virtual machine execution money with minimal risk and effort. Hackers are of the victim, the attacker can learn about the victim's inventing new techniques to steal computer resources and mine for crypto currency, which is known as behaviour. An example of a virtual machine sidechannel attack and how an attacker can deduce cryptojacking. information about a victim can be found here. The timing side channel attack is one kind of virtual 5.24 Accidental Exposure of Credentials machine side channel attacks. This attack is based on calculating how long certain computations take. This In their phishing attempts, phishers frequently attack has the potential to leak sensitive information, leverage cloud apps and environments as a pretext. such as the identity of the person performing the Employees have become accustomed to receiving calculation or information from the cloud provider emails with links that may ask them to confirm their itself. Due to privacy concerns, the owner of the account credentials before gaining access to a virtual machine can check other [99] virtual particular document or website, thanks to the machines, making this attack difficult to detect. growing use of cloud-based email (G-Suite, Microsoft 365, etc.) and document sharing services (Google 5.27 Misconfigured Cloud Storage Drive, Dropbox, OneDrive). This makes it easy for cybercriminals to learn an employee’s credentials for For cybercriminals, cloud storage is a valuable supply cloud services. As a result, 46 percent of firms are of stolen data. Despite the high stakes, businesses concerned about unintentional exposure of cloud credentials, which could endanger the privacy and continue to make the error of misconfiguring cloud storage, which has resulted in significant losses for security of their cloud-based data and other resources. many businesses. According to a report by Symantec, nearly 70 million records were stolen or leaked in 5.25 Trust Chain in Clouds 2018 due to misconfigured cloud storage buckets. The By ensuring on cloud providers, trust plays a key survey also noted the advent of a number of technologies that allow attackers to discover and function in recruiting more customers. Cloud users target misconfigured cloud storage. Cloud storage rely on cloud providers to employ trust mechanisms misconfiguration can quickly escalate into a major as an alternative to offering them visible control over cloud security breach for an organization and its their data and cloud resources due to a loss of control. customers. As a result, cloud providers genuine trust in their International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 129 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 their malicious actions such as the unauthorized 5.28 Snooping collection of a user’s data. Without security precautions in place, files in the cloud are among the most vulnerable to being hacked. 5.32 Data Breaches The fact that they are saved and transmitted across the internet adds to the danger. Snooping in network A data breach occurs when sensitive, protected, or security compromises the privacy of a variety of data confidential information is copied, communicated, that should be kept private on a computer network. viewed, stolen, or exploited by someone who is not allowed to do so. As a result of the huge data held in 5.29 Lack of Backup Services the clouds, cloud providers are an attractive target for hackers. The severity of the attack is determined by One of the most common concerns about storage the confidentiality of the information that will be systems backup disclosed. If the disclosed material is personal, such as capabilities. They expect you to back up the data you put in the cloud instead. This problem does not affect health information, trade secrets, or intellectual property of a person or an organisation, the damage all storage providers; in fact, some will automatically will be serious [101]. This will result in significant backup your data for you. Those that do not provide harm. is that they lack automatic backups, on the other hand, do not provide a safety net in the event of a sudden data loss. 5.33 Synchronization Mechanisms Issues 5.30 Weak Authentication and Identity Management In cloud storage SaaS deployments, synchronisation methods are widespread. When files are modified on Data breaches in businesses are caused by a lack of a local device [102], such technologies allow updates adequate authentication and identity management. to be propagated to all other devices that are Businesses identity interested in those files. Tokens are commonly used management because they try to assign access to each to implement these procedures, which have been user based on their job function [100]. Enterprise found to introduce new vulnerabilities that can lead cyber-security might be endangered by poor identity to data exfiltration. An example of attack exploiting management. For example, cyber-criminals gained such [103] vulnerability is the Man in the Cloud access to 80 million records containing personal and (MitC) attack. Because of its propagation properties, medical information as a result of the Anthem Inc. data breach. Anthem had neglected to implement this type of attack can be carried out on both an IoT device and a Cloud platform, allowing it to be used multi-factor authentications hence this vulnerability against other IoT [104] devices that use the same was the result of stolen user credentials. implementation. 5.31 Trojan Horse 5.34 Abuse of Cloud Services A Trojan horse is a programme that appears to be One of the most significant advantages of cloud useful but is actually destructive to the host PC. A computing is that it gives even tiny businesses access dangerous payload is concealed in some areas of this to massive amounts of processing power. Purchasing sort of malware that can exploit or damage the host and maintaining tens of thousands of servers would system. Trojan horses can also be spyware because of be prohibitively expensive for most businesses, but sometimes struggle with International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 130 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 renting time on tens of thousands of servers from a The security and privacy of cloud storage is a critical cloud computing provider is far cheaper. Not everyone, however, wants to put this power to good problem, especially if your company handles sensitive data such as corporate data, credit card information, use. An attacker could take a year to crack an and medical records, among other things. However, if encryption key using his own constrained gear, but you wish to store information virtually, we must he could crack it in minutes utilising a network of consider the added risk that your information may be cloud computers. accessible to other potentially people who you do not wish to have access. Subscribers to the cloud want 5.35 Shared Technology Vulnerabilities reassurance that their data is protected from cyber threats using the most up-to-date ways [109]. Layered Cloud computing enables the sharing of security and privacy solutions for the cloud subscriber infrastructure, platform, and software to provide will be required, including endpoint protection, services. Different components such as CPUs and content and email filtering, and threat analysis, as GPUs, on the other hand, may not be able to meet cloud security criteria such as absolute isolation. well as best practices such as regular updates and patches. We require clear access and authentication Furthermore, certain apps may be created without the policies, as well as privacy policies. In this section, a use of trusted computing standards [106], resulting in number of techniques have been proposed by in this shared technology dangers that can be exploited in a paper for data protection and to attain highest level of variety of ways. data security and privacy in the cloud storage [110]. Attackers have utilised shared technological weaknesses to launch cloud attacks in recent years. One such attack is gaining access to the hypervisor to run malicious code, get unauthorized access to the cloud resources, virtual machines, and custom subscriber data. VI. Possible Solutions for Security and Privacy Threat in Cloud Data Storage 6.1 Consistent Security Updates How frequently do you ignore the prompts to upgrade your operating system, browser, or email client? In the area of computer security, that's a nono. Such upgrades frequently include capabilities to defend your devices from the most recent viruses and malware. When you save your data on the cloud, Many new technologies are rapidly emerging, each however, the companies in charge of the servers with technological improvements and the promise to should keep their security procedures up to date. We make people's lives easier. Although cloud computing won’t have to worry about forgetting to run an provides numerous benefits, there are still many [106] update. Your cloud service provider's security security and privacy issues. As a result, it is critical to measures will be updated on a regular basis. understand the security and privacy risks associated with using these technologies. Data security [107] and privacy concerns are the biggest roadblocks to cloud computing are rapid growth. It's reasonable to be concerned about the security of your data when it's stored in the cloud infrastructure. After all, your documents, images, and videos are saved on servers that you do not control. You might be wondering if these servers are vulnerable to cyber criminals [108]. 6.2 Encryption Mechanisms These mechanisms are responsible for implementing the encryption technique that is used to conceal or obfuscate data. The majority use on key-based algorithms, which employ either a shared key or a public & private key combination. Tokenization, on the other hand, is a method of replacing anonymous International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 131 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 data tokens with specified token fields. This approach replaces identity with a set of attributes, and only is widely used in business applications such as CRM and other business apps. Data can now be encrypted users whose attribute set fits the access policy can access the encrypted material. The ABE algorithm is in the database and only decrypted when utilised divided into four sections. The setup phase, also with an approved application and allowed user known as the system initialization phase, is where credentials, according to most database software. relevant Another option is to utilise encryption appliances, associated public parameters (PK) and master keys which encrypt data as it leaves a private network and (MK) are generated. The data owner provides their decode it when accessed by a trusted user. The own attributes to the system in the second phase of encryption we use must be compatible with the the KeyGen step, namely the key generation stage, to capabilities of the application we're using and the acquire the private key associated with the attributes. cloud service provider we're utilising. Different The data owner encrypts the data using his or her mechanisms may have a considerable impact on the public key, obtains the cypher text (CT), and delivers user experience, so the impact performance must also be addressed. it to the receiver or to the public cloud in the third part encryption phase. In the last part decryption on end-user security parameters are entered and phase, decryption users get cipher text, decryption 6.3 Formal Change Control Process with their own private key SK. In data sharing The cloud is fast and secure for time-sensitive data if enterprises have a formal control process modification. If the organisation does not have a proper change process control in place during routine upgrades, the servers will fall down and no one will applications, attribute-based encryption promises to give fine-grained access control over encrypted files, allowing the data owner to select who can access the protected data. 6.5 Access Control in Cloud Computing be able to access the data. And if the data is time sensitive than this cloud which do not have formal In cloud computing, access control is a critical change process control, they are not safe for tie security method for ensuring data security. It ensures sensitive data. Organizations that execute changes and that only authorised users have access to the cloud- setup in a specially appointed way will probably based data they've requested. In cloud computing, encounter huge downtime in their condition. Lack of foresight and a lack of progress management are the there are a variety of security techniques that allow for adequate access management. On separate primary causes of system outages. If the data you're network and cloud tiers, intrusion detection systems, sending to the cloud is time-sensitive, we'll need to firewalls, and responsibility separation could be work with a vendor who follows a structured change deployed. Only restricted content is allowed to enter management process, avoiding the inherent risk of over the cloud network due to the firewall. Typically, unplanned modifications. a firewall is configured according to the user's established security policies. 6.4 Attribute Based Encryption 6.6 Homomorphic Encryption For the first time, Sahai et al. presented fuzzy identity-based encryption [111], which is the origin Encryption is commonly used to protect data secrecy. of attribute-based encryption (ABE). In contrast to Rivest et al. [112] devised a type of encryption system identity-based encryption, attribute-based encryption called homomorphic encryption. It assures that the International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 132 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 results of the cypher text algebraic operation are 6.7 Secure Data Destruction compatible with the clear operation following encryption results, and it also eliminates the necessity When data must be destroyed, it must be done safely. to decrypt the data throughout the procedure. The The hazards of data leaking are present if data application of this technology has the potential to destruction is not safeguarded. solve the problem of data and data operations secrecy securely destroyed, anyone can retrieve it. If you in the cloud. Gentry et. al. firstly proposed the fully store classified and sensitive data on the cloud and the homomorphic encryption method [113], which can vendor fails to properly destroy data from defunct do any operation that can be performed in clear text equipment, the data is put at risk unnecessarily. A without decrypting. It's a significant step forward in data deletion service's purpose is to fully obliterate homomorphic encryption technology. In figure 4 sensitive or critical data. Third-party or proprietary shown, the easier for us to understand how software is used to make it possible. After the process, homomorphic encryption works in cloud. The data it is expected that data can no longer be recovered and used for any unauthorised or fraudulent purposes. owner protects the data and sends it to the cloud server using homomorphic encryption. With the associated private keys, authorised users can decrypt the cypher text. User 2 just needs to send the functions corresponding to the operations to the cloud server if he wants to do certain specific operations on cypher text. The servers get operand and perform the operation without decrypt the cipher text and return the encrypted result to user second. Homomorphic encryption effectively protects the security of outsourced data. When data is not 6.8 Multi-Authority Attribute Based Encryption (MAABE) The figure 5 shows how many attributes are managed by distinct authorities. Each attribute creates an encrypted private key to prevent the authority centre from stealing it [114]. To ensure proper decryption, each policy authority has a master key. The total keys of the attribute authority are equivalent to the system's master key [115]. Figure 4 Homomorphic Encryption Figure 5 Multi-Authority Attribute Based Encryption International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 133 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 Different colluding users can recover the master key, 6.11 Encryption of Backups putting the system's security at risk. As a result, the contradiction between the system's correctness and Data backups in the cloud must be encrypted; security is a tough problem in ABE research. Because otherwise, data encryption is worthless if the backups the central authority (CA) guarantees the operation of are not encrypted. If these backups are not decryption, the research of multi-authority is divided safeguarded with adequate encryptions, any hacker into two categories first ABE with CA and second can gain access to them. Data is not secure if backups ABE without CA. In the standard model, Liu et al. are not encrypted. A reinforcement that hasn't been [116] built a new multi-privilege cypher text strategy tested is a useless reinforcement. In the generation ABE scheme for cloud storage data access control condition, a decoded reinforcement overcomes the system, which was shown to be self-adaptive and security secure, and supported monotonous access strategy. throughout its entire existence. 6.9 Encrypted Search and Database 6.12 Built-in firewalls For the privacy and security of sensitive data in an Firewalls are used by cloud providers to protect your untrusted cloud environment, an in-memory database encryption solution is proposed [117]. In order to gain files as well. This technology works in the same way as a wall, keeping your data safe. Firewalls, which can access to the data, a synchronizer exists between the be either hardware or software-based, apply rules to owner and the client. To decode the encrypted shared all network traffic. These rules are intended to filter data, it receives from the owner, the client would out potentially harmful traffic and keep your data safe need a key from the synchronizer. The synchronizer is used to keep track of the associated shared data as behind the firewall. This makes it more difficult for hackers to slip malware or viruses past the security well as the keys. For cloud databases, Huang et al. measures used by your cloud service provider. [118] presented an asymmetric encryption technique. Commutative encryption is employed on data several times in the proposed process, and the order of public/private keys used for encryption/decryption is irrelevant. 6.10 AI Tools and Auto Patching measures. Data should be protected 6.13 Hierarchical Attribute Set Based Encryption (HASBE) Each user or data owner is maintained by a domain authority, which combines the properties of attribute set based encryption (ASBE) and hierarchical identity-based encryption (HIBE). The system can Artificial intelligence, or AI, is also being used by have five types of participants: the first is the data cloud providers to help protect your data. This is owner, the second is the user, the third is the domain critical, yet finding skilled security personnel to authority, the fourth is the parent and trusted supervise data is difficult. Cloud providers, on the authority, and the fifth is the cloud service provider. other hand, can use artificial intelligence to handle at To build the hierarchy of system users, the scheme least the initial level of security assessments. Built-in algorithms are used by these tools to look for and employs the delegation algorithm. Rachel et. al. [119] identify potential security flaws. set, which extended the user hierarchy to ASBE. This proposed a hierarchical encryption based on attribute system inherited flexibility and fine-grained access control in enabling composite attributes, as well as International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 134 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 scalability of hierarchical structure. Wan et al. [120] cloud user's authenticity through one-factor or two- proposed the HASBE system, which expanded attribute set encryption based on a user hierarchical factor authentications, the second layer encrypts the user's data for security and privacy, and the third structure's cypher text strategy while inheriting layer ensures quick data recovery through a fast ASBE's fine-grained access control. Data owners and decryption procedure. service providers are rarely in the same trusted domain in cloud computing. Further, [121] proposed a secure and efficient cloud computing data collaboration scheme based on hierarchical attribute encryption. This approach provided partial decryption structure and produced partial signatures by outsourcing signature calculation when users 6.16 Written Security Policies Plan The security of the data will be guaranteed if the cloud service provider has a written security plan of policies. If the cloud service provider does not have a written security plan of policies, the cloud is not safe decrypted cypher text. A hierarchical attribute-set- and the security of the data cannot be guaranteed based encryption was proposed by Gokuldev et al. [122]. This system inherited not just the scalability of policies. This indicates that they are working on a a hierarchical structure, but also the flexibility and fine-grained access control that ASBE composite because they do not have a written plan of security data security programme. Organizations that have not formalized their security strategies cannot be attributes require. trusted with 6.14 Redundancy (ultra-backed-up data) establishment and without security is just an idea in information. your Strategies touchy shape corporate/ the system client and retrospect What if there's a hardware breakdown or a power outage? Will you be able to access your data in the event of a natural disaster or a large-scale outage at your cloud provider. Because the majority of the world's largest cloud providers use redundancy. This means that they copy your data several times and 6.17 Ranked Keyword Search Ranked keyword search refers to the system's feedback returns sorted by relevant parameters such keyword frequency, which improves the system's store them on many different data centers. You can applicability and meets the real-world need for access your files from a backup server if one machine breaks down. privacy protection in cloud computing. To safeguard privacy, Sun et al. [125] suggested a multi-keyword 6.15 Hybrid Technique on cosine similarity, this approach developed a search For data secrecy and integrity, a hybrid solution [123] index based on word frequency, and the vector space model can gain improved search result precision. A is presented, which combines key sharing and cypher text keyword ranking search technique was authentication techniques. Using strong key sharing proposed by Cao et al. [126]. They use "coordinate and authentication mechanisms, the user's connection matching" and "inner product similarity" to quantify to the cloud service provider can be made more the similarity, according to safe inner product secure. RSA public key algorithm can be used for computation. Wang et al. [127] suggested a ranked secure distribution of the keys between the user and search symmetric encryption (RSSE) system with cloud service providers. A three-layered data security little information leakage. This technique also created method is offered [124]. The first tier ensures the a novel encryption primitive that employed one-to- search technique based on similarity ranking. Based International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 135 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 many mappings to safeguard privacy and verify search visual false data to distort the volume of the real data. results in order to search the encrypted file set. A multi keyword ranked search technique was Authorized users, on the other hand, can quickly distinguish between bogus and authentic data. Data developed to capture the correlation between data concealing techniques boost the overall volume of documents and a genuine data while improving the security of personal coordinate matching mechanism [128]. In addition, information. The goal of data hiding is to protect the scheme used the inner product similarity to sensitive information from harmful users and quantitatively evaluate the related similarity measure. attackers. Watermarking [131] can be used as a key to search queries by creating unlock the real data. Only the authorized users have 6.18 Proper Usage of Administrative Privileges key of watermarking, so the authentication of users is Administrative powers should be limited in cloud computing organisations, and administrative accounts should only be used when absolutely necessary. All the key to ensure the true data to be accessible for right users. 6.20 Key Management Strategy administrator accounts should be inventoried using with This refers to the way you manage your encryption administrative access on laptops, desktops, and servers keys. There are already a number of cloud services should be authorised by a senior executive. All that provide key management solutions, many of administrator passwords should be complicated, which are part of a broader cloud service suite. The containing a combination of digits, letters, and special drawback with these options is that you're still giving characters, and should not contain dictionary words someone else power over your data. An approach that [129]. Before introducing any new devices in the keeps the keys under your organization’s control, networked for either through a key management solution or an operating systems, applications, firewalls, routers, encryption appliance, may provide better risk wireless access points, and other systems should be mitigation, especially in jurisdictions that have strict changed. Passwords for service accounts should be data localization laws. automated techniques, systems, all and each default user passwords changed on a regular basis and should be long and difficult to guess. Passwords should be encrypted or 6.21 Multi-Tenant hashed before being stored. Hashed passwords should follow the guidance supplied in NIST SP 800-132 or The core of cloud computing is virtualization similar guidance. Administrator must use unique and different passwords for their administrative and nonadministrative accounts. This objective can be accomplished by enforcing policies and increasing technology, which paved the way for multi-tenant cloud computing. Multi-tenant software is frequently installed on the same physical host, which might cause problems for other users, such as channel user knowledge. attacks. Because the virtual machine can be 6.19 Data Concealment requirements, and access permissions can be changed, dynamically transferred based on performance and ensuring privacy protection is critical. Landuyt et al. Data hiding could potentially be utilised in the cloud [132] suggested a multi-tenant and flexible access to maintain data secrecy. Delettre et al. [130] control strategy that ensured strong data isolation for proposed a database security concealing concept. Data businesses in cloud stores. It can turn an employee concealing techniques combine genuine data with into an unauthorised user with no access to others International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 136 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 and ensure that cloud data is properly isolated Ngo et Rackspace, etc., enterprises can spin up instances to al. [133] developed a new multi-tenant access control approach based on the safety obligation separation encrypt structured and unstructured data without rearchitecting or recoding applications. principle. CSP may manage the security issues of cloud tenants such as addition, deletion, and management under this approach. Gonzales et. al. [134] proposed a service-oriented multi-tenant access control model that can meet the requirements of the users and automatic generate related roles in the cloud environment. 6.23 Third-Party Security Testing Outside security organizations should be hired by the cloud provider to test their servers and software on a regular basis to ensure that they are safe from hackers, cybercriminals, and the newest malware and viruses. This outside testing boosts the odds that your cloud provider will have the defenses needed to keep 6.22 Strategies for Secure Transition to the Cloud your files away from hackers. Protecting what matters is the most important aspect of data security. Solutions that allow businesses to reliably migrate to the cloud while retaining most of their existing infrastructure and investments provide considerable benefits. By securing data inside the operating environment while setting security policies and keeping management control interface, through a centralized vormetric data security addresses the enterprise cloud security conundrum. Vormetric collaborates with cloud providers and businesses to protect data, regardless of whether it's [135] stored in physical, virtual, or cloud environments. Organizations can establish access policies and achieve complete control of data in 6.24 Reliability of Hard-Drive In the cloud environment, hard drives are now the most used storage medium. The core of cloud storage is the reliability of hard discs. Pinheiro et al. investigated the error rate of hard drives using historical hard-drive data [138]. They discovered that hard-drive error rates are not significantly related to temperature or frequency of usage, and that harddrive error rates have strong clustering characteristics. 6.25 Encrypt Your Data private, public, or hybrid cloud environments. Only To begin, ensure sure your files are sent to a cloud vormetric provides a complete platform for protecting both local data within the internal environment and service provider that encrypts data. We aim to make cloud-based data within infrastructure or hosted possible. The storing your images and files with a application sites when moving to the cloud [136]. The provider that relies on encryption will give hackers combination of structured and unstructured data pause. They have an easier time stealing data that protection, as well as fine-grained user and process hasn't been scrambled. it as difficult for hackers to access your information as access controls that guard against unauthorized access to protected data. Because it is installed atop the file 6.26 Service Abuse system and logical storage volume levels, the vormetric data security transparently secures data Attackers can utilise the cloud service to obtain extra without needing application or database redesign or data or ruin the interests of other users by abusing it. recoding,[137]and users, Other users may misuse user information. In cloud applications, and cloud storage. In IaaS environments storage, de-duplication technology is extensively such as Amazon EC2, IBM Smart Cloud, Savvis, employed, which means that the same data is is transparent to International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 137 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 frequently kept once but shared by several users bank to issue you a code by email or phone. To gain [139]. This reduces storage space and lowers cloud service provider costs, but attackers who know the access to your accounts, we are entering this code into the system. Hackers will have a harder time gaining hash code of the stored files can access the data. The access to your emails, personal information, or sensitive data could then be leaked on the cloud. So, financial information if you take this extra step. proof of ownership approach has been proposed to check the authentication of cloud users. Idziorek et. al. proposed this question and researched on the detection and identification of fraud resource 6.30 Deploy Multi-Factor Authentication (MFA) The conventional username and password consumption [140]. combinations are frequently insufficient to secure 6.27 Perform Data Backups one of the most common ways for hackers to get user accounts from hackers, and stolen credentials are access to your online business data and apps. They can Ensure that you only engage with cloud service log into all of the cloud-based programs and services providers who back up your data. We don't want all that you use every day to run your organization once of your data to be stored on a single server. If that they have your user credentials [141]. Multi factor server goes offline, you won’t be able to access your data. Even if you save your most sensitive data in the authentication (MFA) protects all of your cloud users, cloud, you should consider backing it up on your own your cloud apps and access critical data in your on- or external hard drives. This will provide you with an off-premise environment. MFA is one of the simplest extra layer of protection should something happen yet most effective security measures for preventing with your cloud provider. hackers ensuring that only authorized workers can log in to from gaining access to your cloud applications. In fact, most security experts will warn 6.28 Access to Data Enterprise data must only be accessed and viewed by administrators, not by users. This access will improve you that failing to deploy MFA as part of your infrastructure as a service (IAAS) design is now regarded careless. the security of data stored in the cloud. Although many cloud apps are designed to facilitate client VII. Benefits of Cloud Computing collaboration, free programming trials and join opportunities make cloud administrations accessible To put it another way, cloud computing is computing to unscrupulous clients. DoS attacks, email spam, that is fully based on the internet. People no longer computerised click extortion, and pilfered content are need to download software from a server or a physical only a few of the actual assault types that can ride in computer to run programs or apps; instead, cloud computing services enable them to access those on a download or sign in. applications via the internet [142]. Cloud computing 6.29 Enable Two Factor Authentication is a type of computing in which software and services are supplied virtually across a private or public When you log onto a website using two-factor authentication, you must submit two pieces of network. The cloud's fundamental goal is to provide cost-effective, adaptable resources to improve user information. Let's pretend we're logging into your experience. The practice of installing remote servers bank's website. We begin by providing your login accessed via the internet to store, manage, and process and password, as is customary. We next wait for your healthcare-related data is known as cloud computing International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 138 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 in healthcare [143]. The advantages of cloud 7.4 Flexibility computing are numerous and remarkable. Here are just few of the many cloud computing advantages Clients benefit from a great deal of flexibility discussed. provided by the cloud computing. The cloud makes service testing and deployment a breeze. Customers 7.1 Time-Saving, On-Demand Services can pick and choose which services they want and how much they want to pay for them. By providing a Self-service delivery is a characteristic of cloud variety of services, cloud services can better meet computing for various workloads and requirements. changing business demands. If any application Its allure stems from the fact that any service can be provided by the cloud is not getting our job done, we accessed on demand. This means you can gain new have the flexibility to switch to another cloud. capabilities right away without investing in new hardware or software. 7.5 Easy Data Backup and Restore 7.2 Sustainability Data backup and restore has become a critical requirement for businesses as the number of cyber- Given the current situation of the environment, it is no longer sufficient for businesses to place a recycling attacks and security breaches has increased. Cloud computing solutions can help you store vital data bin in the break room and claim that they are helping offsite, duplicate it, and restore it when needed. the environment. True sustainability necessitates Traditional data backup and restore alternatives are solutions that address waste at all levels of a company. available, but they are inefficient and difficult to Cloud hosting is more environmentally friendly and leaves a smaller carbon footprint [144]. Cloud scale. Cloud-based data backup allows you to save a large amount of data in the cloud and expand your infrastructures help the environment by powering storage space without the need for additional virtual services rather than actual items and hardware. Most of the cloud backup service providers hardware, minimizing paper waste, increasing energy ensure that data is encrypted during upload and efficiency, and lowering commuting emissions. Based download. They also meet data security and on the expansion of cloud computing and other compliance requirements. virtual data alternatives, a Pike research report anticipated that data center energy consumption will 7.6 Improved Mobility decline by 31% from 2010 to 2020. Apps and data may be accessed from anywhere at any 7.3 Flexible Costs time thanks to the cloud. All of this is attributable to the rising number of mobile devices such as The cloud flips the script on traditional capital smartphones and tablets. The “anywhere, anytime” expenditure investment, with the vast bulk of cloud benefit also certainly applies to business. Employees spending being operational. Since a third-party vendor will take care of maintenance, a company gain flexibility, becoming more efficient with doesn’t have to fund a support team to fix problem servers. The initial expenses of infrastructure workflows and customer service. 7.7 Disaster Recovery requirements, such as the purchase of local servers, are significantly reduced. Unexpected events, natural disasters, and operational hiccups are an unavoidable reality for which International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 139 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 everyone must prepare. When such unforeseeable 7.11 Loss Prevention events hit, however, any organisation might suffer significant losses. While physical infrastructure All of your valuable data is inextricably linked to the failure can be remedied, the loss of data has a long- office computers if your company does not invest in a term impact on an organization's structure and cloud-computing solution. This may not appear to be stability [145]. On the other side, storing data in the a concern, but if your local hardware fails, you could cloud protects all of your vital information from lose your data forever. Computers can fail for a damage, even in the face of the most terrifying variety of causes, ranging from viral infections [146] tragedies. With cloud services, you can count on to age-related hardware degeneration to simple user quick data recovery in an emergency, be it a natural error. They can also be misplaced or stolen, despite disaster like a flood or human-made trouble such as a the best of intentions. If we don't use the cloud, you fire or even something as simple as power outages. risk losing all of the data you've saved locally. With a 7.8 Easily Manageable cloud-based server, however, all of the data you've uploaded to the cloud is safe and accessible from any computer with an internet connection, even if your Cloud computing enables IT maintenance and primary computer isn't working. management to be simplified and improved through SLA-backed agreements, central resource 7.12 Economies of Scale administration, and managed infrastructure. We get to enjoy a basic user interface without any Cloud computing saves money by taking advantage of requirement for installation and we are assured economies of scale. According to a study by Booz guaranteed and timely management, maintenance, Allen Hamilton, cloud computing could cut costs by 50 to 72 percent for a deployment of 1000 servers. and delivery of the IT services. Customers who use the cloud can save money by 7.9 Increased Collaboration taking advantage of vendor economies of scale and reducing Cloud computing is primarily designed to enhance their investments in on-premises infrastructure. work operations, which includes data exchange between co-workers and business partners. 7.13 Multimedia Cloud Computing Organizations demand more apps for file sharing and streamlined workflows. Remote workers can instantly Users can now quickly access multimedia information connect and communicate with fellow employees and through the internet at any time thanks to the important clients. invention of cloud computing. After subscribing, the user can easily store multimedia [147] content of any 7.10 Carbon Footprint sort and size in the cloud. Because the calculation time for processing media data is longer in Cloud computing is assisting businesses in reducing their carbon impact. Organizations only use the complicated hardware, the cloud can not only store resources they require, avoiding any unnecessary and image. After processing, processed data can be over-provisioning. simply retrieved from the cloud via a client without but also process media material such as audio, video, the need for complex hardware installation. International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 140 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 7.14 Operational promotes staff communication and cooperation. They Technology will never be perfect, but some of it is can collaborate on papers and projects together, resulting in greater cohesion and teamwork. This is simpler than others. This includes cloud computing made possible by data centralization and real-time infrastructure, which is often hosted on separate cloud server updates. servers by a third-party vendor. So, when problems do arise, it’s the vendor’s job to promptly fix the 7.19 Real-Time Insights problem instead of having on-site IT staffs spend time Millions of data points exist in your business data that and resources file claims or updating servers. can be used to improve it. It can be difficult [149] to 7.15 Quality Control assess how your firm is doing and what route to take next if your data is concealed in silos of data, on local Few things are as damaging to a company's growth as workstations, or in diverse forms. Moving your poor All business systems to the cloud allows you to get better documents are stored in one place and in the same visibility over your business performance, in real- format in a cloud-based system. We can preserve data time, so that you can make informed decisions. consistency, avoid human error, and have a clear record of any edits or updates if everyone has access 7.20 Processing Speed quality and inconsistent reporting. to the same information. Managing information in silos, on the other hand, can result in employees The saving different versions of documents by accident, accessible in the cloud allows you to reap the benefits resulting in confusion and diluted data. of faster processing. Complex workloads that would 7.16 Multi-Sharing Cloud computing allows several users to share architecture and other applications. Multiple users and apps can operate more efficiently and save money by using common infrastructure when using the cloud in a distributed and shared way [148]. 7.17 Automatic Updates Users that use the cloud don't have to worry about practically infinite computational power normally take hours to accomplish on-premises are now completed in minutes. Websites will load faster, and video will render more quickly [150]. The possibilities are endless. When it comes to data crunching, processing speed is equally important. Using the cloud's near-limitless compute resources for services like big data and machine learning allows you to gain deep insights from your data much more quickly than traditional analytics. VIII. Conclusion keeping their software up to date. Instead of involving IT teams and forcing them to do a manual upgrade, cloud-based applications automatically refresh and Cloud computing is a novel means of delivering update themselves. Cloud computing consumers no longer own the resources to users "as a service" over the internet. infrastructure that is completely controlled by these 7.18 improved communication service providers, unlike traditional approaches that are based on hardware ownership where data is stored. Having access to instant messaging, conference, and You may sync your cloud storage service with your video conferencing options through cloud computing smartphone, tablet, or other mobile devices for International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 141 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 convenient access while on the road once you've X. signed up for it and uploaded your files. Cloud computing is a computing model that enables ondemand network access to a pool of configurable computing resources, such as networks, services, [1]. Transaction of Electrical and Computer and released with minimal administration effort or Engineers System (ITECES), USA, Vol. 4, No. service provider contact. Cloud computing is a new 1, concept that allows users to access scalable and and hardware, on demand. Although it has gained a [2]. [3]. No. [4]. insiders are all prospective concerns in cloud security that can be addressed with guidelines. 26-38, 2017, DOI: Y. Zhang, "Research of cloud on the security computing service no. 2, pp. 98-106, Mar. 2016 [5]. P. G. Shynu and K. J. Singh, "A comprehensive survey and analysis on access control schemes in cloud environment," Inf. Technol., vol. 16, no. 1, pp. 19-38, 2016 [6]. R. K. Aluvalu and L. Muddana, "A survey on access control models in cloud computing," in Proc. 49th Annu. Conv. Comput. Soc. India (CSI), vol. 1, pp. 653-664, 2015 [7]. J. Li, Y. Zhang, X. Chen, and Y. Xiang, "Secure attribute-based data sharing for resource- recommend that you discover the best and most appropriate privacy and data security solutions for the data ownership, detrimental competition, and hostile Pages model," Autom. Control Comput. Sci., vol. 50, issues are constantly one of the key study topics for cloud migration, transparency, password security, 1, mechanism online and access information via remote server cloud services you use. Compliance, physical security, Electrical and Computer 10.12691/iteces-4-1-4 will access and share their software applications solutions. From the standpoint of this paper, we International Engineers System (ITECES), USA, Volume 4, IX. Future Work of Cloud Computing researchers and developers to find appropriate Technology”, Transaction of data storage that have been identified in other information hosted on their personal computers in the future. Cloud computing privacy and data security Nikhat Akhtar, Firoj Parwej, Yusuf Perwej, “A Perusal of Big Data Classification and Hadoop solution for the security and privacy issues in cloud networks rather than relying on primary tools and L. Catarinucci, D. De Donno, L. Mainetti, L. 2, no. 6, pp. 515-526, 2015 cloud. This work contributes to the discovery of a Because of the flexibility of cloud computing, users 2017, systems", IEEE Internet of Things Journal, vol. aware of when selecting whether or not to use the solution or approach to secure the cloud. March iot-aware architecture for smart healthcare as the solutions that all users and companies should be techniques, as well as the development of a novel 14-25, Palano, L. Patrono, M.L. Stefanizzi, et al., "An and data security is one of the key roadblocks to cloud computing environments from various angles, as well page DOI:10.12691/iteces-4-1-3. lot of attention in recent years, the issue of privacy computing's progress. In this article, we looked at numerous significant security risks for cloud Yusuf Perwej, “An Experiential Study of the Big Data,” for published in the International storage, and applications, that can be quickly supplied virtualized resources, such as bandwidth, software, REFERENCES limited users in cloud computing," Comput. Secur., vol. 72, pp. 1_2, Jan. 2018 [8]. Z. Xiao andY.Xiao, “Security and privacy in cloud computing,” IEEE Communications Surveys & Tutorials, vol. 15, no. 2, pp. 843– 859, 2013 International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 142 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 [9]. Yusuf Perwej, M. K. Omer, O. E. Sheta, Hani Service Ali M. Harb, M. S. Adrees, “The Future of Internet of Things (IoT) and Its Empowering Federation for Information Processing, pp. 37–45, 2012 Technology”, [10]. International [12]. in Proceeding of the International Conference D. Sun, G. Chang, L. Sun, and X. Wang, on “Surveying and analyzingsecurity, privacy and Engineering (ICCSEE '12), vol. 1, pp. 647– trust 651,Hangzhou, China, March 2012 issues in in cloud computing Proceedings of the Science and Electronics S. Pearson, “Privacy, security and trust in cloud computing,” in Privacy and Security for Control Engineering and Information Science Cloud (CEIS'11), pp. 2852–2856, chn, August 2011 Communications and Networks, pp. 3–42, M. Y. A. Younis and K. Kifayat, “Secure cloud computing for critical infrastructure: a Springer London, 2013 R. Latif, H. Abbas, S. Assar, and Q. Ali, “Cloud [19]. Computing, Computer survey,” Tech. Rep., Liverpool John Moores computing risk assessment: a systematic University, Liverpool, UK, 2013 literature review,” in Future Information J. Yang and Z. Chen, “Cloud computing Technology, pp. 285–295, Springer, Berlin, research Germany, 2014 and security issues,” (CiSE), 2010 in Software [20]. Jemal, H., Kechaou, Z., Ayed, M.B., Alimi, A.M., “Mobile cloud computing in healthcare International Conference on. IEEE, pp. 1–3, 2010 system.”, E. Aguiar, Y. Zhang, and M. Blanton, “An Intelligence. overview of issues and recent developments in Publishing, Cham, pp. 408–417, 2015 High Performance Cloud Auditing [21]. and P. G. Computational Shynu Collective Springer and K. International J. Singh, "A comprehensive survey and analysis on access Applications. Springer, pp. 3–33, 2014 control schemes in cloud environment," Inf. L. Wei, H. Zhu, Z. Cao, X. Dong, W. Jia, Y. Technol., vol. 16, no. 1, pp. 19-38, 2016. Chen, and A. V. Vasilakos, “Security and [22]. Lo'ai, A.T., Bakhader, W., Mehmood, R., privacy for storage and computation in cloud Song, H., 2016. Cloudlet-based mobile cloud computing,” Information Sciences, vol. 258, pp. 371–386, 2014 computing for healthcare applications. In: 2016 IEEE Global Communications A. Behl, “Emerging security challenges in Conference (GLOBECOM). IEEE, pp. 1–6. cloud computing: an insight to cloud security [16]. [18]. Computer International Conference on Advanced in cloud computing and storage security,” in [15]. D. Chen and H. Zhao, “Data security and Vol. 9, Iss., No.3, Pages 20192– 20203, 2019 Engineering [14]. [17]. privacy protection issues in cloud computing,” Computational Intelligence and [13]. of International Engineering Science and Computing (IJESC), environments,” [11]. Journal Management. [23]. Yusuf Perwej, S. A. Hannan, Firoj Parwej, challenges and their mitigation”, Proceedings Nikhat Akhtar ,“A Posteriori Perusal of of the World Congress on Information and Communication Technologies (WICT '11), pp. Mobile Computing”, International Journal of Computer Applications Technology and 217–222, IEEE, 2011 Research, ATS (Association of Technology Z. Zhou and D. Huang, “Efficient and secure and Science), Vol. 3, Issue 9, pp. 569 - 578, data storage operations for mobile cloud 2014, DOI: 10.7753/IJCATR0309.1008 computing,” in Proceedings of the 8th International Conference on Network and [24]. Johanna Ullrich, Tanja Zseby. Network-Based Secret Communication in Clouds: A Survey. International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 143 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 IEEE communications surveys & tutorials, vol. [25]. of Nano Things (IoNT) Existing State and Future Prospects”, GSC Advanced Research Z.Yuhan, "Study on data security policy based and Reviews, Volume 5, Issue 2, Pages 131- on cloud storage," in Proc. IEEE IEEE 3rd Int. 150, 2020, DOI: 10.30574/gscarr.2020.5.2.0110 (HPSC) IEEE Int. Conf. Intell. Data Secur. Applications”, (IDS), China, pp. 145-149, 2017 Electrical Al-Mushayt O, Haq K and Yusuf P., (OSJEEE), New York, USA, Volume 5, No. 4, “Electronic-Government in Saudi Arabia; a Pages 30 - 43, 2018 Revolution in the Peninsula”, Electronic Journal of Engineering K. Edemacu, H. K. Park, B. Jang, and J. W. Sciences, India, 1(1), 87-98, 2009 Oussous, Ahmed, Benjelloun, Fatima-Zahra, Ehealth with attribute-based encryption: Survey, challenges and future directions”, Lahcen, Ayoub Ait, Belfkih, Samir, “Big data IEEE Access, vol. 7, pp. 89614-89636, 2019 in [35]. Yusuf Perwej, Firoj Parwej, Mumdouh Comput. Inf. Sci. 30 (4), 431– 448, 2018 Mirghani Mohamed Hassan, Nikhat Akhtar, R. Zhang, R. Xue, and L. Liu, "Searchable “The Internet-of-Things (IoT) Security: A encryption for healthcare clouds: A survey," Technological IEEE Trans. Service Comput., vol. 11, no. 6, International Journal of Scientific Research in pp. 978_996, Nov./Dec. 2018. Computer Zhang Jie. Fu, Xinle. Wu. Toward Efficient Information Multi-keyword Fuzzy Search over Encrypted Volume 5, Issue 1, Pages 462-482, February Out 2019, DOI: 10.32628/CSEIT195193 sourced Data IEEE with Accuracy Transactions on [36]. Perspective Science and Review”, Engineering Technology and (IJSRCSEIT), Tara Salman, Maede Zolanvari. Security Information Forensics and Security, vol. 11, Services Using Blockchains: A State-of-the- no. 12, pp. 2706-2716, Dec. 2016 Art Survey. IEEE communications surveys & Yusuf Perwej, “ The Hadoop Security in Big tutorials, vol. 21, no. 1, 2019 Data: A Technological Viewpoint and [37]. Yusuf Perwej, Nikhat Akhtar, Firoj Parwej, “A Analysis ”, International Journal of Scientific Research in Computer Science and Technological Perspective of Blockchain Security”, International Journal of Recent Engineering, E-ISSN: 2320-7639, Volume 7, Scientific Research (IJRSR), ISSN: 0976-3031, Issue Volume 9, Issue 11, (A), Pages 29472 – 29493, 3, Pages 1- 14, 2019, DOI: 10.26438/ijsrcse/v7i3.1014 [31]. and Science Kim, “Privacy provision in collaborative Improvement. [30]. [34]. Open Applied Transactions technologies: a survey”, J. King Saud Univ.- [29]. Yusuf Perwej, “A Pervasive Review of Blockchain Technology and Its Potential International [28]. [33]. Int. Conf. High Perform. Smart Comput., Positive [27]. Nikhat Akhtar, Yusuf Perwej, “The Internet 19, no. 2, second quarter 2017 D. Zhe,W. Qinghong, S. Naizheng, and Conf. Big Data Secur. Cloud (BigDataSecurity) [26]. [32]. 2018, DOI: 10.24327/ijrsr.2018.0911.2869 Firoj Parwej, Nikhat Akhtar, Yusuf Perwej, “A Close-Up View About Spark in Big Data Jurisdiction”, Journal J. Cha, S. K. Singh, T. W. Kim, and J. H. Park, "Blockchain-empowered cloud architecture of based on secret sharing for smart city," J. Inf. Engineering Research and Application, Vol. 8, Secur. Appl., vol. 57, Mar. 2021, Art. no. Issue 1, PP. 26-41, 2018 DOI: 10.9790/9622- 102686 0801022641 International [38]. [39]. Nikhat Akhtar, Saima Rahman, Halima Sadia, Yusuf Perwej, “A Holistic Analysis of Medical International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 144 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 Internet of Things (MIoT)”, Journal of [46]. Information and Computational Science (JOICS), ISSN: 1548 - 7741, Volume 11, Issue 4, [40]. Pages 209 - 222, 2021, the decentralized cloud. ACM Comput. Surv. 51 (6), 1–36, 2019 [47]. “An Empirical Analysis of Web of Things Jeffrey C. Kimmell at.al.,”Recurrent Neural (WoT)”, International Journal of Advanced Networks Based Online Behavioural Malware Research in Computer Science, Vol. 10, No. 3, Detection PP. Techniques for Cloud 9, 2021 [42]. DOI: Kameswara Rao Poranki, Yusuf Perwej, Nikhat Akhtar,”Integration of SCM and ERP Method Recognition for Competitive Advantage”, TIJ's Research System”, International Journal of Computer Journal of Science & IT Management RJSITM, Science and Telecommunications, Sysbase Solution (Ltd), UK, London, Vol. 3, Issue 11, International Journal Research Journal of Science & IT Management of Singapore, Pages 43-48, 2012 ISSN:2251-1563, Yusuf Perwej, “The Bidirectional Long-Short- Number 05, Pages 17-24, 2015 in Arabic Words [49]. Singapore, Volume 04, Kameswara Rao Poranki, Asif Perwej,"The Retrieval for Arabic Documents” Transactions buying Attitudes of Consumers of Cosmetic on Artificial Products in Saudi Arabia", TIJ's Research Intelligence (TMLAI), Society for Science and Journal of Social Science & Management Education, RJSSM, Machine Learning Manchester, and United Kingdom International Journal Research (UK), Vol. 03, No.01, Pages 16 – 27, 2015, DOI Journal of Social Science & Management of : 10.14738/tmlai.31.863 Singapore, Bader Alouffi at. al.,” A Systematic Literature December 2014 Page 138-145, 2014 Review on Threats and Cloud Computing Mitigation Security: [50]. Strategies”,IEEE, Volume: 04, Number: 08, J. W. Rittinghouse and J. F. Ransome, Cloud computing: implementation management and security, CRC press, 2016 Yusuf Perwej, Kashiful Haq, Firoj Parwej, M. [51]. Ning Cao, Cong Wang, Ming Li, Kui Ren and M. Mohamed Hassan, “The Internet of Things Wenjing Lou, "Privacy-Preserving Multi- (IoT) and its Application International Journal of Keyword Ranked Search over Encrypted Cloud Data", IEEE Transactions on Parallel Domains”, Computer Applications (IJCA) , USA , Volume 182, No.49, [45]. 2019, Yusuf Perwej, “Recurrent Neural Network VOLUME 9, 2021 [44]. 32-40, 10.26483/ijarcs.v10i3.6434 [48]. Term Memory Neural Network based Word [43]. Firoj Parwej, Nikhat Akhtar, Yusuf Perwej, DOI:10.12733/JICS.2021/V11I3.535569.31023 Infrastructure”,IEEE, PP. 68066 – 68080, Vol. [41]. Ferrer, A.J., Marques, J.M., Jorba, J.,. Towards Pages 36- 49, 2019, DOI: and Distributed Systems, vol. 25, no. 1, 2014 [52]. N. Abbas, A. Zhang, Y. Taherkordi and T. 10.5120/ijca2019918763 Skeie, "Mobile edge computing: A survey", Y.-Y. Teing, A. Dehghantanha, K.-K.-R. Choo, and L. T. Yang, "Forensic investigation IEEE Int. Things J., vol. 5, no. 1, pp. 450-465, Feb. 2018 of P2P cloud storage services and backbone [53]. Cristian Chilipirea at.al.,” A Comparison of for IoT networks: BitTorrent sync as a case Private Cloud Systems”, 30th International study," Comput. Electr. Eng., vol. 58, pp. Conference 350_363, Feb. 2017 Networking and Applications Workshops on Advanced Information (WAINA),IEEE, Switzerland, 2016 International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 145 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 [54]. [55]. [56]. J. Chase and D. Niyato, "Joint optimization of architecture andx pricing models", IEEE international conf. on services computing, pp. vol. 10, pp. 396-409, 2017 597-604, 2014 Kyriakos Kritikos at. al.,” Towards the “Effective Management of In Computing (CLOUD), IEEE, Italy, 2019 Management Journal of KITE Group, Vol. No. X. L. Xingong and X. Lv, "Distributed Cloud 2 & 3, No. 1, 2010 Network", Third [64]. International Banking Industry”. YOJNA The T. F. M. Pasquier, J. Singh and J. Bacon, "Information flow control for strong Conference on Trustworthy Systems and protection with flexible sharing in paas", Their Applications pages 18-22 Wuhan China, Cloud Sept. 2016 M. K. Skadsem, R. Karlsen, G. Blair and K. International Conference on, pp. 279-282, 2015 "Community Cloud – Cloud [65]. Engineering (IC2E) 2015 IEEE Yusuf Perwej, “An Evaluation of Deep Computing for the Community", Proceedings Learning of the 1st International Conference on Cloud Computing”, the International Journal of Computing and Services Science, pp. 418-423, Advanced 2011 Communication Mohamed M. M., "Current Services in Cloud Volume 4, Issue 2, Pages 10 - 16, 2015, DOI: Computing: A Survey", International Journal 10.17148/IJARCCE.2015.4203 Computer Science Engineering and [66]. Miniature Research Concerning in in Computer Engineering Soft and (IJARCCE), Asif Perwej, Kashiful Haq, Yusuf Perwej, “ Information Technology, vol. 3, no. 5, 2013 Blockchain and its Influence on Market”, M. Bist, M. Wariya and A. Agarwal, International Journal of Computer Science "Comparing delta open stack and xen cloud Trends and Technology (IJCST), Volume 7, platforms: A survey on open source iaas", Issue 5, Pages 82- 91, Sep – Oct 2019, DOI: Advance Computing Conference (IACC) 2013 10.33144/23478578/IJCST-V7I5P10 IEEE 3rd International, pp. 96-100, 2013 [61]. Perwej, IEEE 12th International Conference on Cloud of [60]. Asif Customer Relationship Management (CRM) Mitchell, [59]. [63]. Modelling of Hybrid Cloud Applications”, Power [58]. Gabriella Laatikainen and Arto Ojala, "saas resource provisioning in cloud computing", IEEE Transactions on Services Computing, Storage and Parallel Topology Processing of [57]. [62]. [67]. Nikhat Akhtar, Yusuf Perwej, “ The Internet Yucong Duan at. al.,” Everything as a Service of Nano Things (IoNT) Existing State and (XaaS) on the Cloud: Origins, Current and Future Trends ”, IEEE 8th International Con. Future Prospects” , GSC Advanced Research and Reviews, Volume 5, Issue 2, Pages 131- on Cloud Computing, IEEE, USA, 2015 150, 2020, DOI: 10.30574/gscarr.2020.5.2.0110 Yusuf Perwej, M. A. AbouGhaly, Bedine [68]. Yusuf Perwej, Md. Husamuddin, Fokrul Alom Kerim, Hani Ali Mahmoud Harb. “An Mazarbhuiya,“An Extensive Investigate the Extended Review on Internet of Things (IoT) and its Promising Applications”, MapReduce Journal of Communications Engineering (IJCSE), Volume-5, Issue-10, on Applied Electronics Technology”, International Computer Sciences and (CAE), New York, USA, Volume 9, Number Page 26, 10.26438/ijcse/v5i10.218225 Pages 8– 22, 10.5120/cae2019652812 2019, DOI: [69]. No. 218-225, 2017, DOI: T. Lynn et al., "A Preliminary Review of Enterprise Serverless Cloud International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 Computing 146 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 (Function-as-a-Service) [70]. [71]. Platforms", Proc. Lou, "Towards Secure and Dependable Storage Services in Cloud Computing", IEEE Intelligence as a Service”, Bus Inf Syst Eng 63, Transactions on Cloud Computing Date of PP. 441–456, 2021 Publication, vol. 5, no. 2, April-June 2012 Yusuf Perwej , Firoj Parwej, “A [77]. Ooi, et al., ES2: A Cloud Data Storage System Network”, for Supporting Both OLTP and OLAP, PP 34- in Artificial Neural Journal of Scientific & Engineering Research (IJSER), France , ISSN 46, 2018 [78]. "Privacy as a Service: Privacy-Aware Data 2012, DOI: 10.13140/2.1.1693.2808 Storage and Processing in Cloud Computing Nikhat Akhtar, Dr. Yusuf Perwej, Firoj Architectures", Eighth IEEE International Parwej, Jai Pratap Dixit, “A Review of Solving Real Domain Problems in Engineering for Conference on Dependable, 2009 H. Abu-Libdeh, L. Princehouse, and H. Computing” INDIACom; Intelligence Proceedings [79]. Using Soft Weatherspoon. RACS: A Case for Cloud the 11th Storage Diversity. In Proceedings of the 1st IEEE ACM symposium on Cloud computing (SoCC of INDIACom-2017; Conference, 4th International Conference on “Computing for Sustainable Global 2010), Indianapolis, IN, June 10-11 2010 [80]. M. Wajahat, A. Yele, T. Estro, A. Gandhi and Development”, ISSN 0973-7529; ISBN 978-93- E. 80544-24-3, performance modeling for storage traces", Vidyapeeth's Pages 706–711, Institute Bharati of Computer Applications and Management (BVICAM), Zadok, "Distribution fitting and Proc. of IEEE Mascots, pp. 138-151, 2019 [81]. Chang Guo, Ying Li and Zhonghai Wu, "SLA- Delhi, 2017 DO: A SLA-based Data Distribution Strategy S. Kibe, T. Koyama and M. Uehara, "The on Multiple Cloud Storage Systems", IEEE Evaluations of Desktop as a Service in an 22nd Educational Distributed Systems (ICPADS), pp. 602-609, Cloud", 15th International Conference on Network-Based Information Systems, 2015 Int. Conference on Parallel and 2016 [82]. N. Cao, C. Wang, M. Li, K. Ren and W. Lou, T. Wood, E. Cecchet, K. K. Ramakrishnan, P. Shenoy, J. Van der Merwe and A. "Privacy preserving Multi keyword Ranked Search over Encrypted Cloud Data", 30thIEEE Venkataramani, "Disaster recovery as a cloud Conference on Computer Communications, service: Economic benefits & deployment pp. 829-837, 2011 challenges", 2nd USENIX Work. on Hot [75]. Wassim Itani Ayman Kayssi Ali Chehab, 2229 – 5518, Volume 3, Issue 6, Pages 1- 9, Computational [74]. Y. Cao, C. Chen, F. Guo, D. Jiang, Y. Lin, B. Neuroplasticity (Brain Plasticity) Approach to International [73]. C. Wang, Q. Wang, K. Ren, N. Cao and W. CloudCom, 2017 Lins, S., Pandl, K.D., T., H. et al. “Artificial Use [72]. [76]. [83]. Xiaotong Sun, "Critical Security Issues in Topics in Cloud Computing, 2010 Shicong Meng at.al., “Enhanced Monitoring- Cloud Computing: A Survey", 4th IEEE International Conference on Big Data Security as-a-Service on Cloud, 2018 Management”, for IEEE Effective Transactions Cloud on [84]. C. Wang, K. Ren, W. Lou, and J. Li, “Toward Computers, Volume: 62, Issue 9, PP. 1705 – publicly auditable secure cloud data storage 1720, 2013 services,” Network, IEEE, vol. 24, no. 4, pp. 19–24, 2010 International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 147 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 [85]. [86]. L. Wei, H. Zhu, Z. Cao, X. Dong, W. Jia, Y. and Chen, and A. V. Vasilakos, “Security and privacy for storage and computation in cloud 10.1109/icssa.2015.1113 Z. Zhang, C. Wu and D. W. L. Cheung, "A pp. 371–386, 2014 standards United Nations, “The Universal Declaration of Perform. Eval. Rev., vol. 40, pp. 13-22, 2013 Rights.” [94]. S. T. Zargar, J. Joshi and D. Tipper, "A Survey Denial of Service (DDoS) Flooding Attacks", D. Bigo, G. Boulet, C. Bowden, S. Carrera, J. IEEE Communications Surveys & Tutorials, Jeandesboz, vol. 15, no. 4, pp. 2046-2069 and A. Scherrer, “Fighting European Parliament, Rights [95]. K. Hashizume, D. G. Rosado, E. Fern´andez- Policy Medina, and E. B. Fernandez, “An analysis of and security issues for cloud computing,” Journal of Internet Services and Applications, vol. 4, Wei Nie, Xiangfei Xiao, Zhaohui Wu, no. 1, pp. 1–13, 2013 [96]. Kiattikul Treseangrat, Samad Salehi Kolahi "The Research of Information Security for The and Bahman Sarrafpour, "Analysis of UDP Education Cloud Platform Based on AppScan DDoS cyber Flood Attack and Defence Technology", Mechanism on Windows Serevr 2012 and 5th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud), 2018 Linux Ubuntu 13", IEEE, 2015 [97]. Istvan Kiss, Piroska Haller and Adela Beres, Z. Zhou and D. Huang, “Efficient and secure "Denial of Service attack Detection in case of data storage operations for mobile cloud Tennessee Eastman challenge process" in 8th computing,” in Proceedings of the 8th INTER-ENG 2014, Romania, vol. 19, pp. 835- International Conference on Network and 841, 2015 Service Management. International [98]. G. Rydstedt, E. Bursztein, D. Boneh and C. Federation for Information Processing, pp. Jackson, "Busting frame busting: a study of 37–45, 2012 clickjacking vulnerabilities at popular sites", A. M. Farooqi at.al.,“The notorious nine: top IEEE SSP, vol. 2, 2010 cloud computing security challenges in 2017”, International Journal of Advanced Research [99]. H. Hlavacs, T. Treutner, J.-P. Gelas, L. Lefevre, and A.-C. Orgerie, “Energy in Computer Science, Vol. 8, No. 5, PP. 2804 – consumption side-channel attack at virtual 2808, 2017 machines Hongwei Li, Yuanshun Dai1, Ling Tian, Autonomic and Secure Computing (DASC), “Identity based authentication for cloud computing”, Springer-Verlag Berlin 2011 IEEE Ninth International Conference on. IEEE, pp. 605–612, 2011 Heidelberg, pp 157- 166, 2009 [92]. SIGMETRICS shtml, 1948. Retrieved August 2021 Yuanhui Wu, Fang Shen and Xionglan Luo, [91]. practice", of Defense Mechanisms Against Distributed Department C: Citizens' Constitutional Affairs, 2012 [90]. and http://www.un.org/en/documents/udhr/index. cloud.” [89]. doi survey on cloud interoperability: taxonomies cybercrime and protecting privacy in the [88]. 2016, computing,” Information Sciences, vol. 258, Human [87]. [93]. assurance, in a cloud,” in Dependable, [100]. B. C. Neuman and T. Ts'o, "Kerberos: An Priya anand, jungwoo ryoo, hyoungshick kim Authentication "addressing security challenges in cloud Networks", IEEE Communicaion, vol. 32, no. computing a pattern-based approach”, first 9, pp. 33-38, 1994 Service for Computer international conference on software security International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 148 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 [101]. Garbarino S, Holland J,”Quantitative and [109]. H. Takabi, J.B.D. Joshi and G. Ahn, "Security Qualitative Methods in Impact Evaluation and Measuring Results”, GSDRC Emerging Issues and privacy challenges in cloud computing environments", IEEE security privacy Research Service, pp: 1-59, 2009 magazine, vol. 8, pp. 24-31, 2010 [102]. Nakouri, I.; Hamdi, M.; Kim, T.H. A new [110]. lbugmi, A.A., Alassafi, M.O., Walters, R., biometric-based security framework for cloud Wills, G.” Data security in cloud computing”, storage. In IEEE Fifth International Conference on In Proceedings of the 13th International Wireless Communications and Future Mobile Computing Conference (IWCMC), Technologies, pp. 55–59, IEEE, 2016 Valencia, Spain, 26–30, pp. 390–395, 2017 Generation Communication [111]. A. Sahai and B. Waters, "Fuzzy identity-based [103]. Liang, X.,Shetty, S.; Zhang, L. Kamhoua, C., encryption," in Proc. 24th Annu. Int. Conf. Kwiat, K. Man in the Cloud (MITC) Defender: Theory Appl. Cryptograph. Techn. Berlin, SGX-Based User Credential Protection for Germany: Springer, pp. 457- 473, 2005 Synchronization Applications in Cloud Computing Platform. In Proceedings of the [112]. R. L. Rivest, L. Adleman, andM. L.Dertouzos, “On data banks and privacy homomorphisms,” IEEE 10th International Conference on Cloud Foundations of Secure Computation, vol. 4, Computing (CLOUD), Honolulu, CA, USA, no. 11, pp. 169–180, 1978 25–30, pp. 302–309, 2017 [113]. C. Gentry, A fully homomorphic encryption [104]. Yusuf Perwej, Md. Husamuddin, Majzoob K.Omer, Bedine Kerim, “A Comprehend the Apache Flink in Big Data Environments” , scheme Ph.D. thesis], Stanford University, 2009 [114]. Y. Rouselakis and B. Waters, "Ef_cient IOSR Journal of Computer Engineering statically-secure (IOSR-JCE), Volume 20, Issue 1, Ver. IV, authority attribute-based encryption," in Proc. Pages Int. Conf. Financial Cryptogr. Data Secur., pp. 48-58, 2018, DOI: 10.9790/0661- 2001044858 large-universe multi- 315-332, 2015 [105]. L. A. Gordon, M. P. Loeb and W. Lucyshyn, [115]. Q. Li, J. Ma, R. Li, X. Liu, J. Xiong, and D. "Sharing information on computer systems Chen, "Secure, efficient and revocable multi- security: An economic analysis", Journal of authority access control system in cloud Accounting and Public Policy, vol. 22, no. 6, storage," Comput. Secur., vol. 59, pp. 45_59, pp. 461-485, 2003 2016 [106]. Balogh, Z., Turčáni, M.”Modeling of data security in cloud computing”, In IEEE Annual [116]. X. Liu, Y. Xia, S. Jiang, F. Xia, and Y. Wang, "Hierarchical attributebased access control Systems Conference, pp. 1–6. IEEE, 2016 with authentication for outsourced data in [107]. Meng, D.” Data security in cloud computing”, cloud computing," in Proc. 12th IEEE Int. In IEEE International Conference on Computer Science & Education, pp. 810–813. IEEE, 2013 [108]. An, Y.Z., Zaaba, Z.F., Samsudin, N.F.”Reviews Conf. Trust Secur. Privacy Comput. Commun., pp. 477-484, 2013 [117]. F. Pagano and D. Pagano, “Using in-memory encrypted databases on the cloud,” in on security issues and challenges in cloud Proceedings of the 1st IEEE International computing”, Workshop on Securing Services on the Cloud In IOP Conference Series: Materials Science and Engineering, vol. 160, (IWSSC '11), pp. 30–37, 2011 p. 012106. IOP Publishing, 2016 International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 149 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 [118]. K.Huang and R. Tso, “A commutative [126]. N. Cao, C. Wang, M. Li, K. Ren, and W. Lou, encryption scheme based on ElGamal encryption,” in Proceedings of the 3rd "Privacy-preserving multi-keyword ranked search over encrypted cloud data," in Proc. International Conference on Information IEEE INFOCOM, Apr., pp. 829_837, 2011 Security and Intelligent Control (ISIC'12), pp. 156–159, IEEE, 2012 [127]. C. Wang, N. Cao, K. Ren, and W. Lou, "Enabling secure and ef_cient ranked [119]. D. H. Rachel and S. Prathiba, "An enhanced keyword search over outsourced cloud data," Hasbe for cloud computing environment," Int. IEEE Trans. Parallel Distrib. Syst., vol. 23, no. J. Comput. Sci. Mobile Comput., vol. 2, no. 4, 8, pp. 1467_1479, Aug. 2012 pp. 396_401, 2013 [128]. N. Cao, C.Wang, M. Li, K. Ren, andW. Lou, [120]. Z.Wan, J. Liu, and R. H. Deng, "HASBE: A hierarchical attribute-based solution "Privacy-preserving multikeyword ranked for search over encrypted cloud data," IEEE flexible and scalable access control in cloud Trans. Parallel Distrib. Syst., vol. 25, no. 1, pp. computing," IEEE Trans. Inf. Forensics Security, vol. 7, no. 2, pp. 743_754, Apr. 2012 222_233, Nov. 2013 [129]. M. Fujimoto at.al.,” Detecting Abuse of [121]. Q. Huang, Y. Yang, and M. Shen, "Secure and Domain Administrator Privilege Using ef_cient data collaboration with hierarchical Windows Event Log”, IEEE Conference on attribute-based Application, encryption in cloud computing," Future Gener. Comput. Syst., vol. 72, pp. 239_249, Jul. 2017 Information and Network Security (AINS),IEEE, Malaysia, 2019 [130]. C. Delettre, K. Boudaoud, and M. Riveill, [122]. S. Gokuldev and S. Leelavathi, "HASBE: A “Cloud computing, security and data for concealment,” in Proceedings of the 16th flexible and scalable access control by separate IEEE Symposium on Computers and Comm. encryption/ decryption in cloud computing," (ISCC '11), pp. 424–431, Kerkyra, Greece, July Int. J. Eng. Sci. Innov. Technol.,vol. 2, no. 3, 2011 hierarchical attribute-based solution pp. 1_7, 2013 [131]. Yusuf Perwej, Asif Perwej, Firoj Parwej, “An [123]. A. Rao, “Centralized database security in Adaptive Watermarking Technique for the cloud,” International Journal of Advanced copyright of digital images and Digital Image Research in Computer and Communication Protection”, Engineering, vol. 1, pp. 544–549, 2012 Multimedia [124]. E. M.Mohamed, H. S. Abdelkader, and S. ElEtriby, “Enhanced data security model for International & Its Journal Applications of (IJMA), Academy & Industry Research Collaboration Center (AIRCC) , USA , Volume 4, No.2, cloud computing,” in Proceedings of the 8th Pages International Conference on Informatics and 10.5121/ijma.2012.4202 21- 38, 2012, DOI: Systems (INFOS '12), pp. CC-12–CC-17, IEEE, [132]. A. Ra_que, D. V. Landuyt, B. Lagaisse, and W. 2012 [125]. W. Sun, B.Wang, N. Cao, M. Li,W. Lou, Y. T. Joosen, "Policy-driven data management middleware for multi-cloud storage in multi- Hou, and H. Li, "Privacy preserving multi- tenant SaaS," in Proc. IEEE Int. Symp. Big keyword text search in the cloud supporting Data Comput. (BDC), pp. 78_84, Dec. 2015 similarity based ranking," in Proc. 8th ACM [133]. C. Ngo, Y. Demchenko, and C. de Laat, SIGSAC Symp. Inf. Comput. Comm. Secur., "Multi-tenant attribute-based access control pp. 71_82, 2013 International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 150 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 for cloud infrastructure services," J. Inf. Secur. Cloud Storage Security: Concepts Designs and Appl., vol. 27, pp. 65_84, Apr. 2016 [134]. D. Gonzales, J. M. Kaplan, E. Saltzman, Z. Optimized Practices, Berlin:Springer, 2016 [143]. S. M. Riazul, Islam, Daehan Kwak, M.D. Winkelman, and D. Woods, "Cloud-trust_A Humaun Kabir and Mahmud Hossain, "The security assessment model for infrastructure Internet of Things for Health Care: A as a service (IaaS) clouds," IEEE Trans. Cloud Comprehensive Survey", IEEE, vol. 3, pp. 678- Comput., vol. 5, no. 3, pp. 523_536, Jul./Sep. 708, 2015 2017 [144]. T. S. Az-Zahra, "The Advantages from Cloud [135]. J. Zhou et al., "Security and privacy for cloud- Computing Application Towards SMME based IoT: Challenges", IEEE Communications (UMKM)", Journal Online Informatika, vol. 4, Magazine, vol. 55, no. 1, pp. 26-33, 2017 pp. 28-32, 2019 [136]. C. Stergiou et al., "Secure integration of IoT [145]. C. T. S. Xue and F. T. W. Xin, "Benefits and and cloud computing", Future Generation challenges of the adoption of cloud computing Computer Systems, vol. 78, pp. 964-975, 2018 [137]. S. Kianoush et al., "A cloud-IoT platform for in business", International Journal on Cloud Computing: Services and Architecture, vol. 6, passive radio sensing: Challenges and pp. 01-15, 2016 application case studies", IEEE Internet of [146]. Y. Al-Dhuraibi, F. Paraiso, N. Djarallah and P. Things Journal, vol. 5, no. 5, pp. 3624-3636, Merle, "Elasticity in cloud computing: state of 2018 the art and research challenges", IEEE [138]. E. Pinheiro, W.-D.Weber, and L. A. Barroso, “Failure trends in a large disk drive Transactions on Services Computing, vol. 11, pp. 430-447, 2017 population,” in Proceedings of the 5th [147]. Yusuf Perwej, Faiyaz Ahamad, Mohammad USENIX conference on File and Storage Zunnun Khan, Nikhat Akhtar, “An Empirical Technologies (FAST '07), vol. 7, pp. 17–23, Study on the Current State of Internet of 2007 Multimedia Things (IoMT)”, International [139]. C. Cachin and M. Schunter, “A cloud you can Journal of Engineering Research in Computer trust,” IEEE Spectrum, vol. 48, no. 12, pp. 28– Science and Engineering (IJERCSE), Volume 51, 2011 8, Issue 3, Pages 25 - 42, March 2021, DOI: [140]. J. Idziorek, M. Tannian, and D. Jacobson, “Attribution of Fraudulent Resource 10.1617/vol8/iss3/pid85026 [148]. Sultan Aldossary, William Allen, “Data Consumption in the cloud,” in Proceedings of the IEEE 5th International Conference on Security, Privacy, Availability and Integrity in Cloud Computing: Issues and Current Cloud Computing (CLOUD '12), pp. 99–106, Solutions”, International Journal of Advanced June 2012 Computer Science and Applications, Vol. 7, [141]. D. Wang, D. He, P. Wang and C.-H. Chu, "Anonymous two-factor authentication in distributed systems: certain goals are beyond 2016 [149]. I. Nwobodo, "Cloud computing: models services utility advantages security issues and attainment", IEEE Trans. Dependable Secur. prototype", Comput., vol. 12, no. 4, pp. 428-442, 2015 Networking and Applications, pp. 1207-1222, [142]. T. Galibus, V. V. Krasnoproshin, R. Albuquerque and E. Freitas, Elements of Wireless Communications 2016 [150]. P. A. Abdalla and A. Varol, "Advantages to Disadvantages of Cloud Computing for Small- International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 151 Dr. Nikhat Akhtar et al Int J Sci Res Sci Eng Technol, September-October-2021, 8 (5) : 113-152 Sized Business", 7th International Symposium on Digital Forensics and Security (ISDFS), 2019 Cite this article as: Dr. Nikhat Akhtar, Dr. Bedine Kerim, Dr. Yusuf Perwej, Dr. Anurag Tiwari, Dr. Sheeba Praveen, "A Comprehensive Overview of Privacy and Data Security for Cloud Storage", International Journal of Scientific Research in Science, Engineering and Technology (IJSRSET), Online ISSN : 2394-4099, Print ISSN : 2395-1990, Volume 8 Issue 5, pp. 113-151, September-October doi 2021. Available at : https://doi.org/10.32628/IJSRSET21852 Journal URL : https://ijsrset.com/IJSRSET21852 International Journal of Scientific Research in Science, Engineering and Technology | www.ijsrset.com | Vol 8 | Issue 5 152