Cloud services provide information tools in a virtual environment with the opportunity to expand the software and hardware resources of the user's computer device. Information is permanently stored on servers on the Internet and temporarily cached on client devices, such as personal computers, game consoles, laptops, smartphones, etc. To gain constant access to remote Internet resources, users use cloud services. They are a key element of rapidly evolving modern technologies, and cloud services are a strategic issue for many companies. Although the innovative capabilities of cloud services attract users, they can also create new threats to their information security. This is why research into cloud computing is important to understand its potential and effectiveness. This study will look at the security aspect of cloud services and compare several different platforms because the lack of sufficient protection can lead to the theft of personal data and other confidential information. The study will also look at the most common threats faced by cloud services, such as DDoS attacks, data leaks, data abuse, etc. In particular, the security measures provided by leading cloud platforms such as AWS, GCP, and Azure will be analyzed to determine their effectiveness and reliability. Our analysis will be useful for companies considering moving to the cloud and everyday users trying to keep their data safe online. The results of the study will provide a clear understanding of the benefits and limitations of using various cloud platforms from a security perspective.
In today’s digital world, large amounts of data are stored
and processed in cloud services. Cloud services are known
to provide many benefits, including increased availability,
flexibility, and cost-effectiveness. However, with these
benefits come several challenges, such as increased security
threats, potential vulnerabilities, and potential risks to data
privacy [
In the modern world, the cloud computing market is experiencing increased competition among cloud service providers. In recent years, there has been a constant increase in the number of companies offering cloud services. The most popular of them are:
Microsoft Azure (created February 1, 2010) [
Microsoft Azure allows you to deploy applications not only using Microsoft .NET and Visual Studio but also using various tools.
Google Cloud Platform (founded April 7, 2008) [
With increasing popularity, developers are forced to
constantly improve their platforms, including improving
automatic threat detection and response mechanisms,
expanding data encryption capabilities, improving user
identification and authentication, and improving
monitoring and vulnerability analysis tools [
The topic of cloud computing has attracted the attention
of various researchers. Many scholars and experts are
actively engaged in research and analysis of the problems
and challenges associated with cybersecurity in cloud
computing. Using an example, work [
The method of this research is to analyze and identify the key issues and challenges that are used in cybersecurity inactivity processes in external computing to further align Amazon Web Services, Microsoft Azure, and Google Cloud Platform. To do this you will also need to use:
Small and medium-sized enterprises, like global companies, are increasingly relying on cloud computing security services to support day-to-day business functions and software development, and even to provide the technology infrastructure needed to operate. In this regard, cloud services often face many cyber-attacks.
A cloud attack [
According to [
These threats pose serious risks to cloud computing security. Denial-of-service attacks can disrupt access to cloud services, misconfiguration of security can open the door to attackers, and cloud malware attacks threaten data privacy and integrity. This may allow an attacker to use the associated resources for their purposes or to steal or manipulate data stored in the cloud. All these threats require important monitoring and the provision of appropriate security measures to protect cloud services and user data.
DoS attacks attempt to make a service unavailable to its users. The attack consumes a large amount of system resources such as computing power, memory, and bandwidth. This consumption will make the service unavailable to users or unbearably slow.
DoS attacks and their variant distributed denial of
service (DDoS) attract a lot of media attention mainly
because of their magnitude. In 1988, reports show only six
DDoS attacks. DDoS attacks targeted major websites such
as CNN, Yahoo, and Amazon in 2000 with an attack rate of
approximately 1 GB/s. DDoS attacks achieved a speed of 70
GB/s in 2007. In 2013, there was a large-scale attack on a
service. Over the past decade, DDoS attacks on cloud
services have become increasingly sophisticated and
dangerous, affecting various industries and operations
related to cloud resources [
The attack on Spamhaus in 2013 stands out for its scale, using a traffic volume of 300 Gbps, which led to disruptions not only to Spamhaus itself but also to global Internet traffic.
A politically motivated attack on GitHub in 2015 showed the use of compromised devices to flood the website with traffic and disrupt its operations.
A 2016 Dyn attack that used compromised IoT devices to create a botnet overwhelmed Dyn’s infrastructure, causing major sites like Netflix and PayPal to become unavailable.
Attacks on Google and AWS in 2020, using
amplification techniques, resulted in extremely high traffic
speeds (2.5 Tbsp. for Google and 2.3 Tbsp. for AWS), which
posed a major threat to their infrastructure [
In 2022, Microsoft discovered protection against extremely high-throughput attacks, registering the largest attack at the time at 3.47 Tbit/s. Also noted is the shift to multi-vector attack strategies, where attackers combine different methods to maximize disruption.
Look closer at DoS attacks, which occur when security is compromised. This prevents legitimate clients from accessing its target cloud systems, devices, or other cloud resources.
A network of zombies controlled remotely by
wellstructured and widely distributed nodes perform DDoS
attacks. The attacker initiates the attack with the help of
zombies called secondary victims. DDoS attacks are divided
into 3 categories [
Volume/Bandwidth-Based Attacks: This attack tries to overwhelm the user with a lot of garbage
data, using network bandwidth and resources in the process.
Protocol attacks: The attack tries to overload the target’s resources using the disadvantage associated with several network protocols.
Application Layer Attacks: These attacks target specific online applications and send HTTP requests that exceed program capacity.
In this type of security breach, hackers attempt to hijack an account by stealing security credentials and then eavesdropping on user actions and transactions.
Hackers can also manipulate data, insert false information, and redirect customers to illegitimate sites. This type of vulnerability is particularly scary because hackers know how to use the reputation and trust of users to manipulate customers.
In 2010, Amazon faced an attack [
Account hijacking is done using the stolen credentials of the real user. By using credentials a hacker can access sensitive data and manipulate the data to suit his likeness. The traffic hijacking service involves hacker eavesdropping, data manipulation, data access, and return of falsified information. There are three states in which a security breach can occur.
Transfer of confidential data from the cloud server to the client’s computer.
Storage of confidential client data in the cloud
servers that are remote and not owned by the
client [
In account hijacking, a hacker uses a compromised
email account to impersonate the account owner. Typically,
account hijacking is done through phishing [
A hacker can use an account to obtain a person’s account personal information, conduct financial transactions, create new accounts, and request the account owner’s contacts for money or assistance in illegitimate activities. Cloud account hijacking is a common tactic for identity theft schemes. The attacker uses the stolen account information for malicious or unauthorized activity. When a cloud account is hijacked, the attacker usually uses a compromised email account or other credentials to impersonate the account owner.
Hijacking an enterprise-level cloud account can be
particularly devastating, depending on what the attackers
do with the information. A company’s integrity and
reputation can be destroyed, and confidential data can be
destroyed by leakage or falsification, causing significant
costs for businesses. There are also possible legal
consequences for companies and organizations with strict
regulation industries, such as healthcare, if sensitive
customer or patient data is exposed when a cloud account is
compromised [
Malware injection in cloud computing is when an attacker
tries to step in and inject malicious code or a fake service
that masquerades as an existing service running in the
cloud. This type of attack is also known as a download or
metadata spoofing attack. Attacks of this type allow
attackers to steal information from the Internet by causing
automatic downloads of malicious software without prior
consent from users. This undermines the reliability of the
service and may lead to unwanted behavior. This may be the
first serious attack attempt to introduce a malicious service
or virtual machine in a cloud environment [
The goal of a cloud-based malware attack is to harm
anything of interest, which may include data modification,
functionality/behavior modification, or blocking. In such an
attack, an attacker creates his implementation of a malicious
service or module (for example, SaaS or PaaS) or a virtual
machine instance (for example, IaaS) and adds it to a cloud
system. The attacker then pretends to the cloud system that
it is a new service or implementation instance among the
valid instances for the service being attacked. If this action
is successful, the cloud automatically redirects the valid
user’s requests to the implementation of the malicious
service and the malicious code is executed. The basic cloud
ware Injection attack scenario is that an attacker transfers a
manipulated/incorrect copy of a service instance to the
victim so that the malicious instance can access the victim’s
service requests. To achieve this goal, the attacker must gain
control over the victim’s data in the cloud [
An SQL injection attack is aimed at a database that is outside the client’s input fields in the application. A malicious SQL command is inserted as part of an information field, which, when changed to a query, turns it into a meaningful, but unsafe, query.
A Cross-Site Scripting (XSS) attack is where an attacker gains access to sensitive information on the server by injecting code into the context of the document data used on the client-side HTML. This method allows the attacker to execute his script in the victim’s web browser. XSS attacks are classified as stored and displayed according to OWASP. According to WHID (2011), about 12.6% of all attacks on the Internet are related to XSS. There is virtually no limit to the various XSS-based attacks.
A command injection attack is a form of command
injection in which commands entered by vulnerable
programs are executed. These entered commands can be
executed at the root level or in a separate runtime
environment, depending on the conditions. The commands
entered, such as ls, ps, cat, etc., are executed in the context
of the running environment with similar privileges as the
application being used. One of the most important
consequences of this attack is increased latency for alternate
clients using applications running on the same virtual
machine as the vulnerable application [
The API plays a crucial role in the communication of the
cloud computing infrastructure because it allows different
users and cloud components to interact and share data.
Thus, an attacker can exploit weaknesses in cloud
management software such as Open Stack and its API
implementation for malicious intent [
The first type of attack is an attack on API authentication services. This type of attack can be initiated by exploiting weaknesses in the cloud API that provides authentication services in the cloud infrastructure. Cloud management software such as OpenStack or CloudStack has provided an API to interact with authentication services. The relationship between hosts and authentication is sensitive because credentials such as passwords and session tokens are usually exchanged during the session.
Most APIs in cloud management software are based on
REST or SOAP, which are web standards [
The second type of attack is the API Exhaustion Attack.
This is a type of DOS attack on cloud API services. A denial
of service (DOS) occurs when an attacker disrupts services
by intentionally sending a large volume of traffic to
overload the system. This prevents the system from
processing the request of legitimate users and thus denying
them access to the service. In the context of cloud
computing, a DOS attack can target applications running in
the cloud or the infrastructure of the cloud platform [
When a DOS attack targets a cloud platform API, it can
cause an API exhaustion attack. Most cloud management
software offers a web API for interoperability and
simplicity. For example, CloudStack and OpenStack APIs
are built on REST, and during a communication session,
data is formatted as JSON [
An API exhaustion attack is when attackers maliciously
exploit a cloud platform’s API by sending many malicious
API requests to overload the system. Cloud components will
not be able to respond to legitimate API requests from other
components and users while it is full. This is because web
protocols (HTTP) use TCP as the transport protocol, thus,
when the server receives API requests using HTTP; it will
allocate additional resources for a new TCP session. The
physical hosts of the cloud management system
components will eventually wear out if this continues for a
long period. Therefore, it cannot handle a legitimate API
request, resulting in a DOS attack and violation of its
availability. Cloud management software is vulnerable to
this type of attack because it uses web technology in API
services and many cloud administrators have drawn
attention to this problem bug tracking portal and
vulnerability database [
The latest report highlights that 75% of medium and large
companies have switched to cloud computing. However,
misconfiguration errors remain a major security concern in
cloud computing. These errors are often the result of human
errors that can occur when configuring cloud instances such
as compute resources and storage, which can increase the
system’s vulnerability to data security breaches [
For example, improper configuration of an Amazon S3
instance can lead to improper access to protected
documents via a web browser. This problem extends to
insecure data stores on the Internet without any form of
authentication, allowing all users of the platform to access
the data. These errors impact the ability of cloud
administrators to adequately control and secure complex
hybrid and multi-cloud deployments [
Various factors can lead to misconfiguration errors. For
example, a lack of understanding of cloud security policies,
congestion, and misuse of APIs can complicate this
situation. Ensuring that software components have proper
default security settings is also an important reason, which
facilitates the attempts of attackers to gain access to data.
All this shows that misconfiguration errors can have serious
consequences for data security in cloud environments [
Given that cyberattacks are becoming more sophisticated and cybersecurity threats are constantly growing, the importance of developing a comprehensive security strategy for cloud services becomes imperative. For effective protection against cyberattacks in cloud services, it is recommended to use a variety of measures and protection methods that allow to guarantee a higher level of security for users.
While AWS, Azure, and Google Cloud are the leading cloud service providers, they each have specific mechanisms in place to ensure cybersecurity.
One of the key mechanisms is access demarcation and security management in the cloud computing environment.
Identity and Access Management (IAM) allows you to create and manage permissions for resources. IAM combines access control to services into a single system and is a consistent set of operations. IAM policies contain a role, user, or user group. Each role contains a list of permissions.
Identity and access management is based on such principles as:
Multi-factor authentication adds an extra layer of security. This means that a user will need to verify their identity using two or more authentication methods, such as a password and an SMS code, to access your account.
Centralized management, with which users can create and manage access policies for users, groups, and roles from one place, which simplifies the administration process.
Role-based Access Control (RBAC) allows you to define access rights for users based on their responsibilities and needs. This allows you to finetune access to resources based on the specific needs of your organization.
IAM provides auditing and reporting capabilities that allow you to log access events, analyze resource usage, and track changes to access policies to meet regulatory requirements. This allows you to maintain control over your data and ensure compliance with security standards.
Algorithm Development: A new algorithm based on the Taylor series has been proposed that provides the generation of pseudorandom sequences. This approach is based on the numerical properties of the natural logarithm of number 2 (ln2), which is mathematically stable and accurate. Using ln2 to initialize the generator allows achieving a high degree of randomness in the created sequences.
Algorithm Analysis: A detailed analysis of the developed algorithm was conducted, which includes checking its statistical characteristics and testing for compliance with NIST requirements. Testing showed that the algorithm could not initially provide a uniform distribution of pseudorandom numbers, leading to its improvement.
Algorithm Improvement: The basic algorithm has been improved, which provides better performance and improved statistical characteristics of the generated sequences. Optimization of the algorithm allows for significantly reducing the computational complexity, making it effective for use in real-world applications where computation time is a critical parameter.
The results of this research are an important step towards improving the reliability and quality of pseudorandom number generators. The proposed approach may find wide application in various fields such as cryptography, numerical modeling, simulations, and other numerical methods that require high-quality randomness and computational efficiency.
Furthermore, the improved algorithm proposed in this paper can be used to create new generators or to enhance existing solutions, for example through optimization of calculations or application of new generation methods. Future research may focus on expanding the algorithm to other mathematical constants, which may further improve the quality of pseudorandom numbers. It is also possible to create an algorithm based on formula (5) using intervals (for example, as in Hamming matrices) or using other Taylor series for generating new pseudorandom sequences. Using such methods opens new horizons for the development of number theory and computational mathematics, providing powerful tools for solving a wide range of tasks in various fields of science and technology, especially for information protection.
One of the most common and most threatening forms is a
DDoS (Distributed Denial of Service) attack, which can
cause significant disruption to work networks, lead to the
loss of availability of services and important data, and even
cause significant financial losses. Protection against a DDoS
attack is based on the following points [
Monitoring and analytics services.
In the world of cloud services, where data security is important, preventing unauthorized changes to information becomes an important task. Ensuring data privacy requires the implementation of effective security measures. In this context, it is important to note the measures to prevent data changes without permission, which becomes the main component of information reliability and security.
In cloud services, several functions and mechanisms help avoid data changes without permission:
Auditing and monitoring: Auditing and monitoring systems provided by cloud providers can track all activities with data and resources. Some threats and unusual activity are detected in time.
Data encryption: Data encryption features such as AWS Key Management Service, Google Cloud Key Management Service, and Azure Key Vault can protect data from unauthorized access even if attackers gain access to it.
Tracking changes: Some cloud services provide the ability to track changes in data using audit logs. This allows you to identify who, when, and what changes were made to the data.
Backup: Backup features offered by regular cloud providers can back up data and restore it in case of unauthorized changes or loss. The shared responsibility model is a concept that defines the level of responsibility for security and data protection between a cloud service and its customers. This model chooses who is responsible for various aspects of infrastructure and data in a cloud environment.
Also, choose 1 of 3 types of platform services: infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS).
SaaS [
PaaS [
IaaS places the greatest responsibility on the user. The cloud provider is responsible for maintaining the physical infrastructure and its access to the Internet. You are responsible for installation and configuration, patches and updates, and security.
The availability and effectiveness of security policies is one of the most critical aspects. Well-designed security policies can protect against a wide range of threats, from cyber attacks to unauthorized access and data loss. They define the rules, procedures, and controls that govern access to information and resources, and establish security standards that must be followed by all users and system administrators. In this context, it is important to investigate both the presence and effectiveness of security policies in Evaluating access separation for each of the platforms (Azure, AWS, GCP) on a scale from 1 to 10, where 10 is the best, you can make the following rating:
Azure (Microsoft Azure): 8. The service has a powerful and easy-to-use access control mechanism through Azure Active Directory (AAD). It provides the ability to manage many built-in roles, but some functionality can be difficult to configure with other platforms.
AWS (Amazon Web Services): 9. IAM in AWS is a powerful and flexible tool for delimiting access. It
Audit and Reporting
Yes, provides capabilities for logging events and resource usage analysis Yes, provides audit and reporting capabilities through Azure Monitor and other tools Yes, provides capabilities for logging events and analyzing resource access cloud services to ensure a high level of data and infrastructure protection.
Criteria for determining its effectiveness and adaptability to security requirements include:
The assessment of the security policy in cloud services includes several criteria that allow for determining its effectiveness and adaptability to security requirements. Some of the key evaluation criteria include:
Compliance The security policy must meet the requirements of legislation, standards, and regulatory requirements that apply to a specific industry or region.
Monitoring and analysis.
Sustainability and renewal.
Support and involvement of employees.
Evaluating a security policy against these criteria helps ensure that it meets the needs and requirements of security in cloud services.
Taking into account the criteria of the Criteria for evaluating cyber security in cloud computing, which were compiled in the previous points, we will compare 3 cloud services: AZURE, AWS, and GCP.
provides extensive configuration options for roles, policies, and API access. Many built-in roles and categories refused to fine-tune access to resources. GCP (Google Cloud Platform): 7. IAM in GCP is also a powerful access management tool, but it can be less flexible in some aspects together with AWS and Azure. However, it provides advanced functionality for managing projects and resources.
Then we compare platforms with points of protection against DDoS attacks and other network threats: Criterion/Platform
Multi-factor Authentication
AWS Yes, supported through IAM and other services AZURE Yes, including Azure AD and other mechanisms GCP Yes, available to users and services through the Identity Platform Centralized Management
Yes, through Identity and Access Management (IAM) Yes, via Azure Active Directory (AAD) and other tools Yes, with Cloud Identity and Access Management (IAM) Role-based Access
Control
Yes, roles and access rights can be defined through IAM Yes, through Azure RBAC and other mechanisms Yes, available for configuring access rights for users and services Having familiarized ourselves with the platforms in terms of protection against DDoS attacks and other network threats, we can give them the following ratings: AWS (Amazon Web Services): 9. AWS provides a high level of protection against DDoS attacks and other network threats, including services such as AWS Shield, AWS WAF, AWS Firewall Manager, Amazon GuardDuty, and others. These services provide different levels of protection, both basic and advanced, allowing you to adapt protection measures to the needs of users. Multi-factor authentication, protection of network resources, and tracking of unusual activity are also components of AWS security systems.
Azure (Microsoft Azure): 8. Microsoft Azure also offers a wide range of tools to protect against DDoS attacks and other network threats, including services such as Azure DDoS Protection, Azure Firewall, Azure Application Gateway, Azure 3.
Security Center, and many others. Azure has a well-developed threat monitoring and detection system that allows you to quickly respond to any attacks.
GCP (Google Cloud Platform): 7. Google Cloud Platform provides a significant level of protection against DDoS attacks and other network threats with services such as Google Cloud Armor, Google Cloud DDoS Protection, VPC Service Controls, and others. However, according to some experts, GCP’s security tools may be less integrated and less easy to use with AWS and Azure, which may pose some risk to users with less expertise in network security.
Below is a table that compares measures to prevent unauthorized data changes across AWS, Azure, and GCP based on criteria such as auditing and monitoring, data encryption, change tracking, and backup: AWS (Amazon Web Services): Score 9. AWS has several powerful tools such as IAM for access management, AWS KMS for data encryption, CloudTrail for auditing and monitoring, and Amazon S3 for backup. These tools provide extensive opportunities for data protection and a high level of security.
Azure (Microsoft Azure): Score 8. Azure also has a similar set of data protection tools, such as Azure Active Directory, Azure Key Vault, Azure Audit Logs, and Azure Backup. However, some users
Azure (Microsoft Azure): 9. Azure provides a welldefined shared responsibility model that chooses which parts of the infrastructure are the responsibility of the cloud provider and which are the responsibility of the user. This will avoid confusion and understand the responsibilities of all parties for data and infrastructure security. 2. 3.
GCP (Google Cloud Platform) 8. GCP also provides a shared responsibility reporting model, but some users feel that some aspects may be less obvious or difficult to understand with Azure or AWS.
AWS (Amazon Web Services): 9. AWS has a welldefined and reported shared responsibility model that allows users to clearly understand their responsibility for the security and protection of data in the cloud environment. The evaluation of the effectiveness of security policies in different cloud platforms can be as follows: 1. Azure (Microsoft Azure) 9. Azure provides extensive capabilities for creating and configuring security policies through Azure Security Center and Azure Policy. Thanks to these services, administrators can effectively control and monitor the state of security of resources in the Azure cloud environment. Azure also provides opportunities for integration with other security monitoring and management systems, which increases its effectiveness. 2. GCP (Google Cloud Platform) 8. GCP also has an extensive set of tools for configuring security policies, including Cloud Security Command Center and Google Cloud IAM. However, some users may find GCP’s user interface and documentation to be less intuitive compared to Azure or AWS, which can make it difficult to set up and debug security policies. 3. AWS (Amazon Web Services): 9. AWS offers a wide range of tools for creating and managing security policies, including AWS Identity and Access Management (IAM), AWS Config, AWS CloudTrail, and many others. These services allow administrators to effectively control and monitor the security of resources in the AWS cloud environment. From the ratings provided, it can be noted that Amazon Web Services (AWS) received the highest overall rating, which is 45 points. This is a subjective opinion that was built on the fact that AWS stands out in terms of technical aspects with its broad set of services, deep level of customization, and high geographical spread. The biggest advantage of AWS is a powerful and selective toolkit for delimiting access, as well as a wide range of tools to protect against DDoS attacks and other network threats. Considering this, it can be concluded that AWS is the best choice for organizations that want optimal security in cloud computing.
Based on the research and analysis of the issues and challenges associated with ensuring cyber security in cloud computing, several key conclusions can be drawn.
First of all, it is determined that protection against cyber threats in cloud computing requires a comprehensive and in-depth approach, the latter areas provide a wide range of services and capabilities that require constant monitoring and management. Key challenges in this context include ensuring data security and protection, detecting and responding to cyber threats, and managing access and user identity.
Another aspect of security is the continuous updating and improvement of security measures since cyber threats are constantly evolving and remain increasingly complex. This means that cloud computing providers such as AWS, Azure, and GCP must constantly improve their tools and services to ensure the highest level of security for their customers.
In addition, it is found that the choice of cloud computing platform can affect the level of cyber security, the second provider has its unique features and capabilities. The decisive factor when choosing a platform should be its ability to provide reliable and effective protection against cyber threats to the needs and requirements of a specific organization.
Therefore, based on these findings, it can be argued that ensuring cyber security in cloud computing is a challenging task, but at the same time, there are ample opportunities for innovation and development. With an understanding and timely response to the problems and challenges in this area, organizations can maximize the security of their data.