When a company or individual uses cloud they would not know where their data is being held, including the personal, sensitive and critical documents. The data are obviously residing in a specific county and is unknown to the cloud user. Different countries have various privacy policies and laws according to their jurisdiction. A concern is that, if the cloud provider would commit themselves to obeying the privacy requirements of the holding country on behalf of the cloud users, who are their valuable customers. User Access
According to the EU Law personal information can only be obtained due to a valid reason by a service provider. If an organization or hosting service such as cloud obtains and maintains a company’s confidential and critical data they have to protect it from being misused, and provide protection for its users as mentioned by the EU Law. Therefore A firm using cloud to store its confidential data must know who has access over its documents instead of being concerned and doubtful wondering if they should trust the service provider when storing their critical data, because a firm’s data processed outside of the firm brings about an inherent level of risk. Most Hackers are people who have access to the data and are entrusted with it. In this case it would include the administrators or anyone who has access to the specific cloud. Therefore it is important for the companies to know who have access to their data stored on cloud. There are some main cloud attacks, hackers would attempt to, and these include DoS attacks, Authentication attacks and Side channel attacks.
It is mentioned by certain professionals that Cloud computing is exposed widely to DoS Attacks as this service is shared among and used by many firms. Authentication attacks is a commonly targeted method for hackers when it comes to hosted sites such as Cloud, because there are many methods of authenticating users easily such as what a person knows, has or is. A hacker may attempt to Side channel attacks by placing an effective malevolent machine to the cloud server in order to launch the attack. Consequences of a security breach
A user is always protective over the data stored on cloud. As cloud is an attractive target to hackers, they have a concern of what support the cloud provider would provide them with if a security problem occurs. The provider has to explain if the data will be available to the firms in case of any disaster or security breach and how data can be recovered, because a hosting site which does not have a recovery plan would be a failure. Data Segregation
As data of all firms are stored on a shared environment, the users of cloud are concerned if their own data is classified and separated from the rest, and how the data is separated from the other’s data. The cloud provider must provide the client with valid proof and guidelines explaining the segregation of data, as it’s very important that data of various firms do not get combined together, which will lose each company’s privacy. Regulatory requirements
If the cloud provider is working from a country such as the United States, they have to make sure that they would meet the requirements such as undergoing certification, review and authorization which is very important for organizations in countries...