Introduction

Cloud-based business opportunities have witnessed an expo- nential growth in the last ten
years and are expected to grow further with the emerging cloud-enabled applications of Big
Data, IoT, 5G, SDN and NFV [1]. In the cloud paradigm, a pool of computing resources
(hardware, CPU, storage, software, etc.) are managed by cloud service providers [2–4].
They offer their ser- vices in the form of infrastructure, platform, and software to its
consumers, mostly over the Internet using multi-tenancy and resource virtualization
techniques [5]. Cloud service deliv- ery model allows consumers to lease and release
computing resources through self-service interfaces with the pay-as-you-go model. The
unique characteristics of cloud, like pooled sharable resources, on-demand scalability,
customized self-service, ser- vices usage measurement, and broad accessibility, have
propelled the growth engine for cloud-based business use cases and ap- plication [5].
Gartner, a leading research and advisory company, in its report, has forecasted worldwide
public cloud services revenue to reach USD 411.4 billion in 2020 from USD 219.6 billion in
2016 [6]. The promising features of the cloud service delivery model, like no initial capital
investment, pay-per-use, accessibility, lowered operating expenses, fast deployment, rapid
provisioning, scalability, assured service continuity, low-cost dis- aster recovery, reduced
business risks and like others, resulted in its rapid deployment and its adoption by
enterprises [7–10].
The unprecedented growth of cloud-based applications and services have attracted research
communities, both from industry and academia, to find innovative solutions for more
consumer- friendly, cost-effective, technologically efficient and secured cloud systems. In
previous studies, security and privacy high- lighted as major challenge for accelerated
growth of cloud [11– 17]. Most of the security challenges are inherited from the vulner-
abilities in cloud architectural components and technologies used, like, vulnerabilities in
Internet communication, web services, service oriented architecture, web-browsers,
virtualization, hy- pervisors, multi-tenancy, software, virtual machines, self-service
management interfaces, etc. [18]. In cloud-based solutions, user’s data is stored and
managed remotely that creates fear in users for losing control of their data. So, most of the
recommended solutions in literature are around ensuring confidentiality, in- tegrity,
availability, authentication, authorization, accountability and privacy of user data by enforcing
the different mechanism of encryption, identity and access control, intrusion detection and
prevention, software testing and quality control, secured com- munications, secured virtual
machines and hypervisors, secured storage for user data life-cycle management, trust
establish- ment, auditing and logging of user activities along with com- pliance to service
level agreements (SLAs), legal and regulatory framework [19,20].
Table 1 presents a comparative study of the different works published during the year 2010
to 2019. The choice of years (2010–2019), for selection of published works, is inspired by

the phenomenal growth of cloud delivery model during these years [1]. The selected
published works are referenced in different related works on security and privacy in the
cloud. The choice of comparison criterion (Table 1) is based on different aspects of a cloud
system that are discussed in different published works. The main contribution of this survey
is to present an end-to- end mapping of cloud security requirements, identified threats,
known cloud system vulnerabilities and suggested countermea- sures using a unified
taxonomy of cloud security. Additionally, it provides cloud architectural components view,
used technologies and cloud model taxonomy. Trust-based solutions suggested by different
researchers, to address cloud requirements, are also discussed. Further, this work includes
an overview of the impact on the emerging cloud-enabled applications of Big Data, IoT, 5G,
SDN and NFV due to cloud security and privacy issues.
In subsequent sections, Section 2 analyzes related work in cloud security and privacy. A
brief understanding of the cloud computing paradigm is provided in Section 3. Section 4
presents a unified cloud security taxonomy and describes cloud security requirements,
identified threats, vulnerabilities in the cloud ar- chitectural components and technologies
along with suggested countermeasures in different published works. Section 5 pro- vides
inter-related analysis and mappings of countermeasures for identified security requirements,
threats and vulnerabilities. It presents an approach for selection and prioritization of coun-
termeasures. It also highlights security aspects of cloud-enabled emerging applications.
Section 6 provides a conclusion and ex- plores further research possibilities for trust-based
adaptive se- curity and privacy solution for cloud systems.

Conclusion and further research opportunity

In the last ten years, there has been enormous growth for cloud-based business
opportunities. However, the cloud threat spectrum also has been widened. This narrative
review examines the cloud service and deployment models, cloud architectural components,
cloud security taxonomy, security requirements, CSA’s treacherous twelve threats, known
vulnerabilities in cloud architectural components and suggested countermeasures. This
survey has provided some of the missing aspects of previous works on security and privacy
for a cloud computing system, especially the formulation of a unified cloud security taxonomy
to analyze the end-to-end inter-related mapping between cloud security requirements to
identified threats, known vulnerabilities, and suggested countermeasures. The inter-related
analysis of se- curity requirements, threats, vulnerabilities and countermeasures
presented here will assist in choosing the appropriate counter- measures to mitigate the
risks associated with the threats due to vulnerabilities in the cloud component. These
implemented coun- termeasures will limit the attack vectors for identified threats and fulfill
the desired level of security and privacy requirements.
Apart from different countermeasures suggested, implemen- tation priority should be given
to those measures which can build trust and confidence in cloud-based solutions and sys-
tems to its users. Like implementing countermeasures providing control and visibility on data
life-cycle management to users for their outsourced data, a proven user identity,
authentication and authorization mechanism, and use of software engineering and system
design principles for cloud platforms and applica- tions software used in delivering cloud
services. It will help in building trust in cloud computing solutions and accelerate its adoption.
Trust-based countermeasures seem to be promising for addressing cloud security
requirements. Hard Trust approach uses vTPM and TTP with certificates, and Soft Trust
evaluates the trust factor dynamically from user behavior perspective us- ing
reputation-based, content-based, context-based, or evidence- based approaches.
The work presented here, however, is limited to the narrative review of research works from
academia, industry, and recom- mendations of the standards organizations. This work
scoped itself for modeling security in cloud computing based on the published works and
analyzed mappings can be used as a quick reference for effective planning the
implementation of recom- mended countermeasures to address the vulnerabilities in cloud
computing architectural components.
To cater the changing landscape of threats and dynamism of cloud computing environment,
security countermeasures should be implemented in a self-adaptive way. The statically
beforehand selected security mechanism will not be sufficient and effective to address
evolving threat vectors. So, adaptive security, especially trust-based adaptive security, for
cloud computing systems seems to be an exciting area for future research that can enable
the secure and innovative business service offerings from the cloud provider to leverage
technological evolution of IoT, Big Data, 5G, SDN, and NFV based applications and services.

SUMMERIZE

Introduction:

The document begins by addressing the rapid growth of cloud-based applications and

services, which has spurred both industry and academia to seek innovative solutions for

creating consumer-friendly, cost-effective, technologically advanced, and secure cloud

systems. Despite the progress, security and privacy remain significant challenges due to

vulnerabilities inherent in cloud architecture and technologies. This has led to concerns over

user data control and the push for various security mechanisms to ensure data

confidentiality, integrity, and availability .

Conclusion:

The conclusion of the paper reiterates the significant challenges posed by security and

privacy issues in cloud computing, emphasizing the need for adaptive security solutions. It

notes the development and implementation of cloud security countermeasures as crucial for

advancing cloud technology. Additionally, the integration of security solutions in cloud

architecture is essential for maintaining robust defense mechanisms against evolving threats

Future Directions:

The future research directions suggest focusing on adaptive security mechanisms that can

dynamically adjust to new threats in the cloud computing environment. This is particularly

relevant for emerging technologies like the Internet of Things (IoT), Big Data, 5G, Software

Defined Networking (SDN), and Network Function Virtualization (NFV). The document points

out the need for innovative security solutions that can evolve alongside these technologies,

ensuring secure and reliable cloud service offerings in the future .