Research and analysis of issues and challenges in ensuring cyber security in cloud computing ⋆ Olha Mykhaylova1,†, Marta Korol1,† and Roman Kyrychok2,*,† 1 Lviv Polytechnic National University, 12 Stepana Bandery str., 79013 Lviv, Ukraine 2 Borys Grinchenko Kyiv Metropolitan University, 18/2 Bulvarno-Kudriavska str., 04053 Kyiv, Ukraine Abstract Cloud services provide information tools in a virtual environment with the opportunity to expand the software and hardware resources of the user’s computer device. Information is permanently stored on servers on the Internet and temporarily cached on client devices, such as personal computers, game consoles, laptops, smartphones, etc. To gain constant access to remote Internet resources, users use cloud services. They are a key element of rapidly evolving modern technologies, and cloud services are a strategic issue for many companies. Although the innovative capabilities of cloud services attract users, they can also create new threats to their information security. This is why research into cloud computing is important to understand its potential and effectiveness. This study will look at the security aspect of cloud services and compare several different platforms because the lack of sufficient protection can lead to the theft of personal data and other confidential information. The study will also look at the most common threats faced by cloud services, such as DDoS attacks, data leaks, data abuse, etc. In particular, the security measures provided by leading cloud platforms such as AWS, GCP, and Azure will be analyzed to determine their effectiveness and reliability. Our analysis will be useful for companies considering moving to the cloud and everyday users trying to keep their data safe online. The results of the study will provide a clear understanding of the benefits and limitations of using various cloud platforms from a security perspective. Keywords cloud computing security, cybersecurity in cloud services, cloud platform comparison, data protection, threats to cloud services, DDoS attack, data leakage prevention, security measures in AWS, GCP, Azure, cloud migration considerations 1 1. Introduction Microsoft Azure allows you to deploy applications not only using Microsoft .NET and Visual Studio but In today’s digital world, large amounts of data are stored also using various tools. and processed in cloud services. Cloud services are known  Google Cloud Platform (founded April 7, 2008) [4]— to provide many benefits, including increased availability, a set of cloud services developed by Google, running flexibility, and cost-effectiveness. However, with these on the same infrastructure that Google uses for its benefits come several challenges, such as increased security end-user products. The service provides a range of threats, potential vulnerabilities, and potential risks to data modular cloud services such as computing, data privacy [1]. storage, data analytics, and machine learning. In the modern world, the cloud computing market is experiencing increased competition among cloud service providers. In recent years, there has been a constant increase in the number of companies offering cloud services. The most popular of them are:  Amazon Web Services (AWS) [2] (established in March 2006) is a division of Amazon.com that offers a cloud computing platform for rent to individuals, businesses, and governments via subscription.  Microsoft Azure (created February 1, 2010) [3] is a Microsoft Corporation infrastructure that provides Figure 1: Popularity of cloud service providers [5]. a cloud platform for application developers to facilitate the process of creating programs. CPITS-II 2024: Workshop on Cybersecurity Providing in Information 0000-0002-3086-3160 (O. Mykhaylova); and Telecommunication Systems II, October 26, 2024, Kyiv, Ukraine 0009-0002-8079-1799 (M. Korol); ∗ Corresponding author. 0000-0002-9919-9691 (R. Kyrychok) † These authors contributed equally. © 2024 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). olha.o.mykhailova@lpnu.ua (O. Mykhaylova); marta.korol.kb.2022@lpnu.ua (M. Korol); r.kyrychok@kubg.edu.ua (R. Kyrychok) CEUR Workshop ceur-ws.org ISSN 1613-0073 30 Proceedings With increasing popularity, developers are forced to using cloud technologies. Below is an overview of types of constantly improve their platforms, including improving cloud computing attacks to help you better understand automatic threat detection and response mechanisms, these threats and take steps to prevent them. expanding data encryption capabilities, improving user These threats pose serious risks to cloud computing identification and authentication, and improving security. Denial-of-service attacks can disrupt access to monitoring and vulnerability analysis tools [6]. Collaborate cloud services, misconfiguration of security can open the with information security experts, conduct independent door to attackers, and cloud malware attacks threaten data security audits, and improve incident response processes. privacy and integrity. This may allow an attacker to use the The topic of cloud computing has attracted the attention associated resources for their purposes or to steal or of various researchers. Many scholars and experts are manipulate data stored in the cloud. All these threats require actively engaged in research and analysis of the problems important monitoring and the provision of appropriate and challenges associated with cybersecurity in cloud security measures to protect cloud services and user data. computing. Using an example, work [7] examines security in the AWS computing service; it demonstrates the 2.1. Denial of service in cloud computing importance and relevance of research in the field of DoS attacks attempt to make a service unavailable to its cybersecurity, in particular in the context of the use of AWS users. The attack consumes a large amount of system cloud services. Also, in [8], the authors compared AWS and resources such as computing power, memory, and Azure Cloud Platforms services for 2021, where they bandwidth. This consumption will make the service recognize the differences between AWS and Azure in unavailable to users or unbearably slow. database management systems, architectures, resource DoS attacks and their variant distributed denial of management patterns, and complexity, which can affect service (DDoS) attract a lot of media attention mainly scalability, performance, and pricing. because of their magnitude. In 1988, reports show only six The method of this research is to analyze and identify DDoS attacks. DDoS attacks targeted major websites such the key issues and challenges that are used in cybersecurity as CNN, Yahoo, and Amazon in 2000 with an attack rate of inactivity processes in external computing to further align approximately 1 GB/s. DDoS attacks achieved a speed of 70 Amazon Web Services, Microsoft Azure, and Google Cloud GB/s in 2007. In 2013, there was a large-scale attack on a Platform. To do this you will also need to use: service. Over the past decade, DDoS attacks on cloud services have become increasingly sophisticated and  Updated downloads and resources without additional dangerous, affecting various industries and operations services related to cloud resources [11].  Identify non-response criteria in general descriptions. The attack on Spamhaus in 2013 stands out for its scale,  Test AWS, AZURE, and GCP in the context of using a traffic volume of 300 Gbps, which led to disruptions selected cybersecurity blocking criteria. not only to Spamhaus itself but also to global Internet traffic.  Evaluate each platform on 10 balloon systems A politically motivated attack on GitHub in 2015  Focus on the platform that is effective and relevant. showed the use of compromised devices to flood the website with traffic and disrupt its operations. Thus, reviewing and analyzing the issues and challenges A 2016 Dyn attack that used compromised IoT devices associated with cybersecurity in general terms remains to create a botnet overwhelmed Dyn’s infrastructure, extremely important for developing effective data causing major sites like Netflix and PayPal to become preservation strategies. unavailable. Attacks on Google and AWS in 2020, using 2. Analysis of threats and security amplification techniques, resulted in extremely high traffic risks of cloud services speeds (2.5 Tbsp. for Google and 2.3 Tbsp. for AWS), which posed a major threat to their infrastructure [12]. Small and medium-sized enterprises, like global companies, In 2022, Microsoft discovered protection against are increasingly relying on cloud computing security extremely high-throughput attacks, registering the largest services to support day-to-day business functions and attack at the time at 3.47 Tbit/s. Also noted is the shift to software development, and even to provide the technology multi-vector attack strategies, where attackers combine infrastructure needed to operate. In this regard, cloud different methods to maximize disruption. services often face many cyber-attacks. Look closer at DoS attacks, which occur when security A cloud attack [9] is a cyber-attack that targets cloud is compromised. This prevents legitimate clients from service platforms, such as computing services, storage accessing its target cloud systems, devices, or other cloud services, or hosted applications in a platform as a service resources. (PaaS) or software as a service (SaaS) model. A network of zombies controlled remotely by well- According to [10], in recent years the number of attacks structured and widely distributed nodes perform DDoS on cloud services has increased rapidly. Cloud cyberattacks attacks. The attacker initiates the attack with the help of accounted for 20% of all cyberattacks in 2020, making cloud zombies called secondary victims. DDoS attacks are divided computing platforms the third most targeted cyber into 3 categories [12]. environment. Therefore, we will look at the different types of attacks and their characteristics, as well as the possible 1. Volume/Bandwidth-Based Attacks: This attack consequences of these attacks for users and organizations tries to overwhelm the user with a lot of garbage 31 data, using network bandwidth and resources in destroyed by leakage or falsification, causing significant the process. costs for businesses. There are also possible legal 2. Protocol attacks: The attack tries to overload the consequences for companies and organizations with strict target’s resources using the disadvantage regulation industries, such as healthcare, if sensitive associated with several network protocols. customer or patient data is exposed when a cloud account is 3. Application Layer Attacks: These attacks target compromised [14]. specific online applications and send HTTP requests that exceed program capacity. 2.3. Malware injection in cloud computing Malware injection in cloud computing is when an attacker 2.2. Account Hijacking tries to step in and inject malicious code or a fake service In this type of security breach, hackers attempt to hijack an that masquerades as an existing service running in the account by stealing security credentials and then cloud. This type of attack is also known as a download or eavesdropping on user actions and transactions. metadata spoofing attack. Attacks of this type allow Hackers can also manipulate data, insert false attackers to steal information from the Internet by causing information, and redirect customers to illegitimate sites. automatic downloads of malicious software without prior This type of vulnerability is particularly scary because consent from users. This undermines the reliability of the hackers know how to use the reputation and trust of users service and may lead to unwanted behavior. This may be the to manipulate customers. first serious attack attempt to introduce a malicious service In 2010, Amazon faced an attack [12–14] that allowed or virtual machine in a cloud environment [11]. hackers to steal the session IDs that give users access to The goal of a cloud-based malware attack is to harm their accounts after entering passwords. This left the anything of interest, which may include data modification, customer’s credentials open to hackers. The bug was functionality/behavior modification, or blocking. In such an removed 12 hours after it was discovered, but many Amazon attack, an attacker creates his implementation of a malicious users were unwittingly exposed to the attack during that service or module (for example, SaaS or PaaS) or a virtual time [15]. machine instance (for example, IaaS) and adds it to a cloud Account hijacking is done using the stolen credentials system. The attacker then pretends to the cloud system that of the real user. By using credentials a hacker can access it is a new service or implementation instance among the sensitive data and manipulate the data to suit his likeness. valid instances for the service being attacked. If this action The traffic hijacking service involves hacker eavesdropping, is successful, the cloud automatically redirects the valid data manipulation, data access, and return of falsified user’s requests to the implementation of the malicious information. There are three states in which a security service and the malicious code is executed. The basic cloud breach can occur. ware Injection attack scenario is that an attacker transfers a manipulated/incorrect copy of a service instance to the 1. Transfer of confidential data to a cloud server. victim so that the malicious instance can access the victim’s 2. Transfer of confidential data from the cloud server service requests. To achieve this goal, the attacker must gain to the client’s computer. control over the victim’s data in the cloud [11]. 3. Storage of confidential client data in the cloud An SQL injection attack is aimed at a database that is servers that are remote and not owned by the outside the client’s input fields in the application. A client [16]. malicious SQL command is inserted as part of an information field, which, when changed to a query, turns it In account hijacking, a hacker uses a compromised into a meaningful, but unsafe, query. email account to impersonate the account owner. Typically, A Cross-Site Scripting (XSS) attack is where an attacker account hijacking is done through phishing [17], sending gains access to sensitive information on the server by fake emails to the user, picking a password, or several other injecting code into the context of the document data used hacking tactics. In many cases, a user’s email account is on the client-side HTML. This method allows the attacker linked to various online services, such as social networks to execute his script in the victim’s web browser. XSS and financial accounts. attacks are classified as stored and displayed according to A hacker can use an account to obtain a person’s OWASP. According to WHID (2011), about 12.6% of all account personal information, conduct financial attacks on the Internet are related to XSS. There is virtually transactions, create new accounts, and request the account no limit to the various XSS-based attacks. owner’s contacts for money or assistance in illegitimate A command injection attack is a form of command activities. Cloud account hijacking is a common tactic for injection in which commands entered by vulnerable identity theft schemes. The attacker uses the stolen account programs are executed. These entered commands can be information for malicious or unauthorized activity. When a executed at the root level or in a separate runtime cloud account is hijacked, the attacker usually uses a environment, depending on the conditions. The commands compromised email account or other credentials to entered, such as ls, ps, cat, etc., are executed in the context impersonate the account owner. of the running environment with similar privileges as the Hijacking an enterprise-level cloud account can be application being used. One of the most important particularly devastating, depending on what the attackers consequences of this attack is increased latency for alternate do with the information. A company’s integrity and clients using applications running on the same virtual reputation can be destroyed, and confidential data can be machine as the vulnerable application [11]. 32 2.4. Insecure APIs availability. Cloud management software is vulnerable to this type of attack because it uses web technology in API The API plays a crucial role in the communication of the services and many cloud administrators have drawn cloud computing infrastructure because it allows different attention to this problem bug tracking portal and users and cloud components to interact and share data. vulnerability database [15, 20]. Thus, an attacker can exploit weaknesses in cloud management software such as Open Stack and its API 2.5. Security misconfiguration implementation for malicious intent [18, 19]. The first type of attack is an attack on API The latest report highlights that 75% of medium and large authentication services. This type of attack can be initiated companies have switched to cloud computing. However, by exploiting weaknesses in the cloud API that provides misconfiguration errors remain a major security concern in authentication services in the cloud infrastructure. Cloud cloud computing. These errors are often the result of human management software such as OpenStack or CloudStack has errors that can occur when configuring cloud instances such provided an API to interact with authentication services. as compute resources and storage, which can increase the The relationship between hosts and authentication is system’s vulnerability to data security breaches [26]. sensitive because credentials such as passwords and session For example, improper configuration of an Amazon S3 tokens are usually exchanged during the session. instance can lead to improper access to protected Most APIs in cloud management software are based on documents via a web browser. This problem extends to REST or SOAP, which are web standards [20]. Thus, it is insecure data stores on the Internet without any form of vulnerable to Internet-based attacks such as eavesdropping, authentication, allowing all users of the platform to access session hijacking, malicious code execution, XSS, and the data. These errors impact the ability of cloud denial-of-service attacks [20]. One important OpenStack administrators to adequately control and secure complex service is the API that handles authentication, a module hybrid and multi-cloud deployments [18]. known as Keystone. Work [21] revealed that the Keystone Various factors can lead to misconfiguration errors. For API is also susceptible to eavesdropping attacks because, example, a lack of understanding of cloud security policies, during the authentication procedure, credential data is congestion, and misuse of APIs can complicate this transmitted to users in clear text. Additionally, Keystone’s situation. Ensuring that software components have proper token exchange-based authentication mechanism is also default security settings is also an important reason, which flawed. This is because hackers will be able to gain user facilitates the attempts of attackers to gain access to data. privileges and access the services of other cloud All this shows that misconfiguration errors can have serious components if they can get the password contained in the consequences for data security in cloud environments [25]. authentication token [18, 19]. The second type of attack is the API Exhaustion Attack. 3. Cybersecurity assessment criteria This is a type of DOS attack on cloud API services. A denial in cloud computing of service (DOS) occurs when an attacker disrupts services by intentionally sending a large volume of traffic to Given that cyberattacks are becoming more sophisticated overload the system. This prevents the system from and cybersecurity threats are constantly growing, the processing the request of legitimate users and thus denying importance of developing a comprehensive security them access to the service. In the context of cloud strategy for cloud services becomes imperative. For effective computing, a DOS attack can target applications running in protection against cyberattacks in cloud services, it is the cloud or the infrastructure of the cloud platform [22, 23]. recommended to use a variety of measures and protection When a DOS attack targets a cloud platform API, it can methods that allow to guarantee a higher level of security cause an API exhaustion attack. Most cloud management for users. software offers a web API for interoperability and simplicity. For example, CloudStack and OpenStack APIs 3.1. Security misconfiguration are built on REST, and during a communication session, While AWS, Azure, and Google Cloud are the leading cloud data is formatted as JSON [24, 25]. Work [21] found that the service providers, they each have specific mechanisms in OpenStack Keystone API, which uses web protocols to place to ensure cybersecurity. provide identity and authentication services, is vulnerable One of the key mechanisms is access demarcation and to information disclosure, DOS, and replay attacks. security management in the cloud computing environment. An API exhaustion attack is when attackers maliciously Identity and Access Management (IAM) allows you to exploit a cloud platform’s API by sending many malicious create and manage permissions for resources. IAM API requests to overload the system. Cloud components will combines access control to services into a single system and not be able to respond to legitimate API requests from other is a consistent set of operations. IAM policies contain a role, components and users while it is full. This is because web user, or user group. Each role contains a list of permissions. protocols (HTTP) use TCP as the transport protocol, thus, Identity and access management is based on such when the server receives API requests using HTTP; it will principles as: allocate additional resources for a new TCP session. The physical hosts of the cloud management system  Multi-factor authentication adds an extra layer of components will eventually wear out if this continues for a security. This means that a user will need to verify long period. Therefore, it cannot handle a legitimate API their identity using two or more authentication request, resulting in a DOS attack and violation of its 33 methods, such as a password and an SMS code, to fields of science and technology, especially for information access your account. protection.  Centralized management, with which users can create and manage access policies for users, groups, 3.2. Protection against DDoS attacks and and roles from one place, which simplifies the other network threats administration process. One of the most common and most threatening forms is a  Role-based Access Control (RBAC) allows you to DDoS (Distributed Denial of Service) attack, which can define access rights for users based on their cause significant disruption to work networks, lead to the responsibilities and needs. This allows you to fine- loss of availability of services and important data, and even tune access to resources based on the specific needs cause significant financial losses. Protection against a DDoS of your organization. attack is based on the following points [26–28]:  IAM provides auditing and reporting capabilities that allow you to log access events, analyze resource  Scalability and elasticity of the infrastructure usage, and track changes to access policies to meet  Distribution regulatory requirements. This allows you to maintain  Network filters control over your data and ensure compliance with  Traffic optimization security standards.  Monitoring and analytics services. The main conclusions of our research include: Algorithm Development: A new algorithm based on 3.3. Measures to prevent unauthorized data the Taylor series has been proposed that provides the changes generation of pseudorandom sequences. This approach is In the world of cloud services, where data security is based on the numerical properties of the natural logarithm important, preventing unauthorized changes to information of number 2 (ln2), which is mathematically stable and becomes an important task. Ensuring data privacy requires accurate. Using ln2 to initialize the generator allows the implementation of effective security measures. In this achieving a high degree of randomness in the created context, it is important to note the measures to prevent data sequences. changes without permission, which becomes the main Algorithm Analysis: A detailed analysis of the component of information reliability and security. developed algorithm was conducted, which includes In cloud services, several functions and mechanisms checking its statistical characteristics and testing for help avoid data changes without permission: compliance with NIST requirements. Testing showed that the algorithm could not initially provide a uniform  Auditing and monitoring: Auditing and monitoring distribution of pseudorandom numbers, leading to its systems provided by cloud providers can track all improvement. activities with data and resources. Some threats and Algorithm Improvement: The basic algorithm has unusual activity are detected in time. been improved, which provides better performance and  Data encryption: Data encryption features such as improved statistical characteristics of the generated AWS Key Management Service, Google Cloud Key sequences. Optimization of the algorithm allows for Management Service, and Azure Key Vault can significantly reducing the computational complexity, protect data from unauthorized access even if making it effective for use in real-world applications where attackers gain access to it. computation time is a critical parameter.  Tracking changes: Some cloud services provide the The results of this research are an important step ability to track changes in data using audit logs. This towards improving the reliability and quality of allows you to identify who, when, and what changes pseudorandom number generators. The proposed approach were made to the data. may find wide application in various fields such as  Backup: Backup features offered by regular cloud cryptography, numerical modeling, simulations, and other providers can back up data and restore it in case of numerical methods that require high-quality randomness unauthorized changes or loss. and computational efficiency. Furthermore, the improved algorithm proposed in this 3.4. The shared responsibility model paper can be used to create new generators or to enhance existing solutions, for example through optimization of The shared responsibility model is a concept that defines the calculations or application of new generation methods. level of responsibility for security and data protection Future research may focus on expanding the algorithm to between a cloud service and its customers. This model other mathematical constants, which may further improve chooses who is responsible for various aspects of the quality of pseudorandom numbers. It is also possible to infrastructure and data in a cloud environment. create an algorithm based on formula (5) using intervals (for Also, choose 1 of 3 types of platform services: example, as in Hamming matrices) or using other Taylor infrastructure as a service (IaaS), platform as a service series for generating new pseudorandom sequences. Using (PaaS), and software as a service (SaaS). such methods opens new horizons for the development of SaaS [29] is a model that puts the most responsibility on number theory and computational mathematics, providing the cloud service provider and the least on the user. In a powerful tools for solving a wide range of tasks in various SaaS environment, you are responsible for the data you add 34 to the systems, the devices you allow to connect to the cloud services to ensure a high level of data and systems, and the users who have access. Almost everything infrastructure protection. else belongs to the cloud provider. The cloud provider is Criteria for determining its effectiveness and responsible for the physical security of the data centers, adaptability to security requirements include: power, network connectivity, and application development The assessment of the security policy in cloud services and updates [30]. includes several criteria that allow for determining its PaaS [31] divides the responsibility between you and the effectiveness and adaptability to security requirements. cloud provider. The cloud provider is responsible for Some of the key evaluation criteria include: maintaining the physical infrastructure and its access to the Internet, just like in IaaS. In the PaaS model, the cloud  Certainty and consistency. provider also supports operating systems, databases, and  Compliance The security policy must meet the development tools. Think of PaaS as using a domain-joined requirements of legislation, standards, and regulatory computer: IT staff maintain the device with regular updates, requirements that apply to a specific industry or patches, and upgrades. region. IaaS places the greatest responsibility on the user. The  Monitoring and analysis. cloud provider is responsible for maintaining the physical  Sustainability and renewal. infrastructure and its access to the Internet. You are  Support and involvement of employees. responsible for installation and configuration, patches and updates, and security. Evaluating a security policy against these criteria helps ensure that it meets the needs and requirements of security 3.5. The shared responsibility model in cloud services. The availability and effectiveness of security policies is one of the most critical aspects. Well-designed security policies 4. Conducting testing of each can protect against a wide range of threats, from cyber platform according to defined attacks to unauthorized access and data loss. They define criteria the rules, procedures, and controls that govern access to information and resources, and establish security standards Taking into account the criteria of the Criteria for that must be followed by all users and system evaluating cyber security in cloud computing, which were administrators. In this context, it is important to investigate compiled in the previous points, we will compare 3 cloud both the presence and effectiveness of security policies in services: AZURE, AWS, and GCP. Table 1 Platform comparison in the context of access demarcation Criterion/Platform AWS AZURE GCP Multi-factor Yes, supported through IAM Yes, including Azure AD and Yes, available to users and services Authentication and other services other mechanisms through the Identity Platform Centralized Yes, through Identity and Yes, via Azure Active Directory Yes, with Cloud Identity and Access Management Access Management (IAM) (AAD) and other tools Management (IAM) Role-based Access Yes, roles and access rights can Yes, through Azure RBAC and Yes, available for configuring access Control be defined through IAM other mechanisms rights for users and services Audit and Yes, provides capabilities for Yes, provides audit and reporting Yes, provides capabilities for logging Reporting logging events and resource capabilities through Azure events and analyzing resource access usage analysis Monitor and other tools Evaluating access separation for each of the platforms provides extensive configuration options for roles, (Azure, AWS, GCP) on a scale from 1 to 10, where 10 is the policies, and API access. Many built-in roles and best, you can make the following rating: categories refused to fine-tune access to resources. 3. GCP (Google Cloud Platform): 7. IAM in GCP is 1. Azure (Microsoft Azure): 8. The service has a also a powerful access management tool, but it can powerful and easy-to-use access control be less flexible in some aspects together with AWS mechanism through Azure Active Directory and Azure. However, it provides advanced (AAD). It provides the ability to manage many functionality for managing projects and resources. built-in roles, but some functionality can be difficult to configure with other platforms. Then we compare platforms with points of protection 2. AWS (Amazon Web Services): 9. IAM in AWS is a against DDoS attacks and other network threats: powerful and flexible tool for delimiting access. It 35 Table 2 Comparison of platforms in the context of protection against DDoS attacks and other network threats Criterion/Platform AWS Azure GCP Free Basic Level of DDoS Protection Yes, available to all users Yes, through Azure DDoS No Protection Enhanced Protection for an Additional Fee Yes, available through No, enhanced protection is Yes, available through AWS Shield Advanced not available for an Google Cloud Armor and additional fee other mechanisms Web Application Firewall (WAF) Yes, AWS WAF No, but Azure Firewall and Yes, Google Cloud Armor Azure Security Center are available Event Logs and Security Analysis Yes, available through Yes, available through the Yes, available through the AWS CloudTrail and AWS Azure Security Center Google Cloud Security Config Command Center Having familiarized ourselves with the platforms in terms Security Center, and many others. Azure has a of protection against DDoS attacks and other network well-developed threat monitoring and detection threats, we can give them the following ratings: system that allows you to quickly respond to any attacks. 1. AWS (Amazon Web Services): 9. AWS provides a 3. GCP (Google Cloud Platform): 7. Google Cloud high level of protection against DDoS attacks and Platform provides a significant level of protection other network threats, including services such as against DDoS attacks and other network threats AWS Shield, AWS WAF, AWS Firewall Manager, with services such as Google Cloud Armor, Google Amazon GuardDuty, and others. These services Cloud DDoS Protection, VPC Service Controls, and provide different levels of protection, both basic others. However, according to some experts, and advanced, allowing you to adapt protection GCP’s security tools may be less integrated and measures to the needs of users. Multi-factor less easy to use with AWS and Azure, which may authentication, protection of network resources, pose some risk to users with less expertise in and tracking of unusual activity are also network security. components of AWS security systems. 2. Azure (Microsoft Azure): 8. Microsoft Azure also Below is a table that compares measures to prevent offers a wide range of tools to protect against unauthorized data changes across AWS, Azure, and GCP DDoS attacks and other network threats, including based on criteria such as auditing and monitoring, data services such as Azure DDoS Protection, Azure encryption, change tracking, and backup: Firewall, Azure Application Gateway, Azure Table 3 Comparison of platforms in the context of measures to prevent unauthorized data changes Criterion/Platform AWS Azure GCP Tools and services IAM, AWS Shield, AWS WAF, Azure Active Directory GC IAM, GC Armor, Google and other (AAD), Azure DDoS Cloud Security Command Protection, and other Center, and other Service Models IaaS, PaaS, SaaS IaaS, PaaS, SaaS IaaS, PaaS, SaaS Security Policies and Standards Uses own security policies and Uses own security policies Uses own security policies and standards, such as PCI DSS, and standards, such as PCI standards, such as PCI DSS, HIPAA, SOC, ISO DSS, HIPAA, SOC, ISO HIPAA, SOC, ISO, and others The evaluation schedule can be justified as follows: may find Azure a bit more difficult to configure and use, which may result in a slight loss of points 1. AWS (Amazon Web Services): Score 9. AWS has compared to AWS. several powerful tools such as IAM for access 3. GCP (Google Cloud Platform): Score 7. GCP also management, AWS KMS for data encryption, has some effective data protection tools but may CloudTrail for auditing and monitoring, and be less flexible in some aspects compared to AWS Amazon S3 for backup. These tools provide and Azure. While tools like Cloud IAM, Key extensive opportunities for data protection and a Management Service, and Cloud Audit Logs offer high level of security. a high level of security, GCP’s interface and 2. Azure (Microsoft Azure): Score 8. Azure also has a documentation may be less intuitive for some similar set of data protection tools, such as Azure users, which lowers the overall score. Active Directory, Azure Key Vault, Azure Audit Next, the aspect of the joint responsibility model will be Logs, and Azure Backup. However, some users considered. 36 Table 4 Comparison of platforms in the context of shared responsibility models Criterion/Platform AWS Azure GCP Audit and AWS CloudTrail, Amazon Azure Monitor, Azure Cloud Audit Logs, Monitoring CloudWatch Security Center Cloud Monitoring AWS Key Management Key Management Azure Key Vault, Data Data Encryption Service (KMS), Amazon S3 Service, Data Encryption at Rest Encryption Encryption at Rest Change Tracking AWS CloudTrail Azure Audit Logs Cloud Audit Logs Google Cloud Storage, Backup Amazon S3, Amazon Glacier Azure Backup Cloud Storage Nearline The evaluation schedule can be justified as follows: 2. GCP (Google Cloud Platform) 8. GCP also provides a shared responsibility reporting model, but some 1. Azure (Microsoft Azure): 9. Azure provides a well- users feel that some aspects may be less obvious or defined shared responsibility model that chooses difficult to understand with Azure or AWS. which parts of the infrastructure are the 3. AWS (Amazon Web Services): 9. AWS has a well- responsibility of the cloud provider and which are defined and reported shared responsibility model the responsibility of the user. This will avoid that allows users to clearly understand their confusion and understand the responsibilities of responsibility for the security and protection of all parties for data and infrastructure security. data in the cloud environment. Table 5 Comparison of platforms in the context of shared responsibility models Criterion/Platform AWS Azure GCP SOC 1, SOC 2, ISO 27001, SOC 1, SOC 2, ISO 27001, SOC 1, SOC 2, ISO 27001, Availability of Certifications HIPAA, PCI DSS, FedRAMP HIPAA, PCI DSS, FedRAMP HIPAA, PCI DSS, FedRAMP Google Cloud Security AWS Config, AWS Inspector, Azure Security Center, Command Center, Google Virtualization Support AWS Trusted Advisor Azure Policy, Azure Firewall Cloud IAM, Google Cloud Armor The evaluation of the effectiveness of security policies in Table 6 different cloud platforms can be as follows: Comparison of platforms in the context of shared 1. Azure (Microsoft Azure) 9. Azure provides responsibility models extensive capabilities for creating and configuring Criterion/Platform AWS Azure GCP security policies through Azure Security Center Access Control 9 8 7 and Azure Policy. Thanks to these services, Protection from 9 8 7 administrators can effectively control and monitor DDoS and Other the state of security of resources in the Azure Network Threats cloud environment. Azure also provides Measures to Prevent 9 8 7 Unauthorized Data opportunities for integration with other security Changes monitoring and management systems, which Shared Responsibility 9 9 8 increases its effectiveness. Models 2. GCP (Google Cloud Platform) 8. GCP also has an Effectiveness of 9 9 8 extensive set of tools for configuring security Security Policies policies, including Cloud Security Command Overall Score 45 42 37 Center and Google Cloud IAM. However, some users may find GCP’s user interface and documentation to be less intuitive compared to From the ratings provided, it can be noted that Amazon Web Azure or AWS, which can make it difficult to set Services (AWS) received the highest overall rating, which is up and debug security policies. 45 points. This is a subjective opinion that was built on the 3. AWS (Amazon Web Services): 9. AWS offers a fact that AWS stands out in terms of technical aspects with wide range of tools for creating and managing its broad set of services, deep level of customization, and security policies, including AWS Identity and high geographical spread. The biggest advantage of AWS is Access Management (IAM), AWS Config, AWS a powerful and selective toolkit for delimiting access, as well CloudTrail, and many others. These services allow as a wide range of tools to protect against DDoS attacks and administrators to effectively control and monitor other network threats. Considering this, it can be concluded the security of resources in the AWS cloud that AWS is the best choice for organizations that want environment. optimal security in cloud computing. 37 5. Conclusions of Protection Against Cyber Attacks on Cloud Services, Ternopil: TNTU (2023). Based on the research and analysis of the issues and [8] S. Galiveeti, et al., Cybersecurity Analysis: challenges associated with ensuring cyber security in cloud Investigating the Data Integrity and Privacy in AWS computing, several key conclusions can be drawn. and Azure Cloud Platforms, Artificial Intelligence and First of all, it is determined that protection against cyber Blockchain for Future Cybersecurity Applications. threats in cloud computing requires a comprehensive and Studies in Big Data, 90 (2021) doi: 10.1007/978-3-030- in-depth approach, the latter areas provide a wide range of 74575-2_17. services and capabilities that require constant monitoring [9] A. Sheps, Top 10 Cloud Attacks and What You Can Do and management. Key challenges in this context include About Them (2023). URL: ensuring data security and protection, detecting and https://www.aquasec.com/cloud-native- responding to cyber threats, and managing access and user academy/cloud-attacks/cloud-attacks/ identity. [10] Triskele Labs, Cloud Cyber Attacks: The Latest Cloud Another aspect of security is the continuous updating Computing Security Issues. URL: and improvement of security measures since cyber threats https://www.triskelelabs.com/blog/cloud-cyber- are constantly evolving and remain increasingly complex. attacks-the-latest-cloud-computing-security-issues This means that cloud computing providers such as AWS, [11] P. Kumar, Cloud Computing: Threats, Attacks and Azure, and GCP must constantly improve their tools and Solutions, Int. J. Emerging Technol. Eng. Res. services to ensure the highest level of security for their (IJETER), 4(8) (2016) 24–28. customers. [12] A. V. Songa, A Review of DDoS Attacks and its In addition, it is found that the choice of cloud Countermeasures in Cloud Computing, in computing platform can affect the level of cyber security, International Conference on Information Systems and the second provider has its unique features and capabilities. Computer Networks (2022). doi: The decisive factor when choosing a platform should be its 10.1109/ISCON52037.2021. ability to provide reliable and effective protection against [13] A. A. Christina, Proactive Measures on Account cyber threats to the needs and requirements of a specific Hijacking in Cloud Computing Network, Asian J. organization. Comput. Sci. Technol. 4(2) (2015) 31–34. Therefore, based on these findings, it can be argued that [14] I. Ranjan, R. Bhushan, Ambiguity in Cloud Security ensuring cyber security in cloud computing is a challenging with Malware-Injection Attack, in: 3rd International task, but at the same time, there are ample opportunities for Conference on Electronics, Communication and innovation and development. With an understanding and Aerospace Technology (ICECA) (2019) 1–5. doi: timely response to the problems and challenges in this area, 10.1109/ICECA.2019.8821844.CClo. organizations can maximize the security of their data. [15] D. Shevchuk, et al., Designing Secured Services for Authentication, Authorization, and Accounting of Users, in: Cybersecurity Providing in Information and References Telecommunication Systems II, vol. 3550 (2023) 217– [1] B. Bebeshko, et al., Application of Game Theory, 225. Fuzzy Logic and Neural Networks for Assessing Risks [16] Y. Martseniuk, et al., Automated Conformity and Forecasting Rates of Digital Currency, J. Theor. Verification Concept for Cloud Security, in: Appl. Inf. Technol. 100(24) (2022) 7390–7404. Cybersecurity Providing in Information and [2] Sabahi, F., & Movaghar, A. (2023). A Survey on Cloud Telecommunication Systems, vol. 3654 (2024) 25–37. Computing Security: Challenges and Opportunities. [17] O. Deineka, et al., Designing Data Classification and IEEE Access, 11, 34501-34519. doi: 10.1109/ Secure Store Policy According to SOC 2 Type II, in: ACCESS.2023.3258591 Cybersecurity Providing in Information and [3] Kumar, P., Singh, G., & Rathore, S. (2023). Cloud Telecommunication Systems, vol. 3654 (2024) 398– Computing Services and Platforms: A Detailed Review 409. and Future Perspectives. Future Generation Computer [18] O. Vakhula, I. Opirskyy, O. Mykhaylova, Research on Systems, 143, 1023-1038. doi: 10.1016/j.future. Security Challenges in Cloud Environments and 2023.07.003 Solutions based on the security-as-Code Approach, in: [4] M. A. Shah, M. Khan, M. Ahmed, Cloud Computing: Cybersecurity Providing in Information and Principles, Systems and Applications. Springer (2023). Telecommunication Systems II, vol. 3550 (2023) 55–69. doi: 10.1007/978-3-031-25711-2 [19] CWE: Individual Dictionary Definition. “Improper [5] F. Richter, Worldwide Market Share of Leading Cloud Neutralization of Special Elements used in a Infrastructure Service Providers (2024). URL: command” (2017) 209–217. https://www.statista.com/chart/18819/worldwide- [20] F. Qazi, Application Programming Interface (API) market-share-of-leading-cloud-infrastructure- Security in Cloud Applications, EAI Endorsed service-providers/ Transactions on Cloud Systems, 7(23) (2023) e1. doi: [6] Practical Aspects of Using Fully Homomorphic 10.4108/eetcs.v7i23.3011. Encryption Systems to Protect Cloud Computing [21] H. Albaroodi, S. Manickam, P. Singh, Critical Review [7] V. M. Mazur, Assessment of the Security of the Use of of Openstack Security: Issues and Weaknesses, J. Cloud Technologies and the Development of Methods Comput. Sci., 10(1) (2014) 23–33. 38 [22] M. Ali, et al., Mobile Cloud Computing with SOAP and REST Web Services, Journal of Physics: Conference Series, 1018 (2018) 012005. doi: 10.1088/1742- 6596/1018/1/012005. [23] J. Somorovsky, et al., All Your Clouds Are Belong to Us, in: 3rd ACM workshop on Cloud computing security workshop – CCSW’11 (2011). [24] B. Cui, T. Xi, Security Analysis of Openstack Keystone, in: 9th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (2015). [25] O. Mykhaylova, et al., Mobile Application as a Critical Infrastructure Cyberattack Surface, in: Cybersecurity Providing in Information and Telecommunication Systems II, vol. 3550 (2023) 29–43. [26] C. N. Nobles, Investigating Cloud Computing Misconfiguration Errors using the Human Factors Analysis and Classification System, Scientific Bulletin 27(1) (2022). doi:10.2478/bsaft-2022-0007. [27] Developer.openstack.org. OpenStack Docs: OpenStack APIs (2016). URL: http://developer. openstack.org/api-guide/quick-start/api-quick- start.html#openstack-api-quick-guide [28] S. Goasguen, Intro to CloudStack API, Slideshare.net (2013). URL: http://www.slideshare.net/ sebastiengoasguen/intro-to-cloudstack-api. [29] A. Alkahtani, M. A. Khan, S. Hariri, A Comprehensive Survey on Cloud Computing Service Models. IEEE Access, 11 (2023) 34792–34810. doi: 10.1109/ ACCESS.2023.3262599 [30] P. Anakhov, et al., Protecting Objects of Critical Information Infrastructure from Wartime Cyber Attacks by Decentralizing the Telecommunications Network, in: Workshop on Cybersecurity Providing in Information and Telecommunication Systems, vol. 3050 (2023) 240–245. [31] M. Silic, A. Back, A Comparative Study of PaaS and SaaS Cloud Models: Current Trends and Future Directions. J. Cloud Comput. Adv. Syst. Appl., 12(1) (2023) 14–28. doi: 10.1186/s13677-023-00211-8 39