Data Security Framework for Protecting Data in Transit and Data at Rest in the Cloud

Percy Nathan Swanzy

Department of Computer Science, Kwame Nkrumah University of Science and Technology, Kumasi, Ghana.

Arnold Mashud Abukari *

Department of Computer Science, Tamale Technical University, Tamale, Ghana.

Edward Danso Ansong

Department of Computer Science, Kwame Nkrumah University of Science and Technology, Kumasi, Ghana.

*Author to whom correspondence should be addressed.


Abstract

Data stored in the cloud is particularly vulnerable to attacks, especially when at rest or in transit. This makes the security of data in the cloud in terms of its integrity, confidentiality and availability a major security concern. While existing studies on cloud data security have garnered attention from cybersecurity researchers, there has been limited focus on developing a comprehensive data security framework that integrates both technical and social measures. The general objective of the study was to develop a data security framework for protecting data at rest and data in transit in the cloud. The qualitative research approach was chosen using interviews, archival records and physical artefacts as the source of data for the study. Using the purposive sampling technique, ten cyber security experts within the banking sector with not less than five years of practice were selected. Thematic analysis was used in analysing the collected data which led to the identification of the factors for the development of the framework. The study developed the framework for protecting data at rest and data in motion in the cloud based on the encryption technologies, installation of firewalls and antivirus as well as access control techniques. First Homomorphic encryption technologies were implemented in the framework to secure both storage devices and web connections. Other security factors were installation of firewall and antivirus. The findings revealed that access and usage control strategies integrate user identification and authentication. Additionally, these strategies incorporate safeguards for confidentiality, data integrity, and non-repudiation, securing both data-at-rest and data-in-motion. The findings also indicated that audit trails provide electronic records that offer security support documentation and history that is used to authenticate operational actions and mitigate challenges with non-compliance. Additionally, the findings emphasized the importance of social strategies such as staff training and industry collaboration in enhancing data security. These strategies aim to raise awareness of security threats and inform best practices for securing organizational data. The study recommends that banks consider both technical and social aspects when implementing data protection security measures especially implementing homomorphic encryption to secure data and implement Cyber Security training policies.

Keywords: Cloud, deployment model, framework, data security, multi cloud


How to Cite

Swanzy, Percy Nathan, Arnold Mashud Abukari, and Edward Danso Ansong. 2024. “Data Security Framework for Protecting Data in Transit and Data at Rest in the Cloud”. Current Journal of Applied Science and Technology 43 (6):61-77. https://doi.org/10.9734/cjast/2024/v43i64387.

Downloads

Download data is not yet available.

References

Bittencourt LF, Goldman A, Madeira ER, Da Fonseca NL, Sakellariou R. Scheduling in distributed systems: A cloud computing perspective. Computer Science Review. 2018;30:31-54.

Mohamed KS. IOT cloud computing, storage, and data analytics. In The Era of Internet of Things Springer, Cham. 2019; 71-91.

Catteddu D, Hogben G. Cloud computing risk assessment. European Network and Information Security Agency (ENISA). 2009;583-592.

Marston S, Li Z, Bandyopadhyay S, Zhang J, Ghalsasi A. Cloud computing—The business perspective. Decision Support Systems. 2011;51(1):176-189.

Zerfos P, Yeo H, Paulovicks BD, Sheinin V. SDFS: Secure distributed file system for data-at-rest security for Hadoop-as-a-service. In 2015 IEEE International Conference on Big Data (Big Data). IEEE. 2015;1262-1271.

Kaushik S, Gandhi C. Cloud data security with hybrid symmetric encryption. In 2016 International Conference on Computational Techniques in Information and Communication Technologies (ICCTICT). IEEE. 2016;636-640.

Zissis D, Lekkas D. Addressing cloud computing security issues. Future Generation Computer Systems. 2012; 28(3):583-592.

Liu S, Kuhn R. Data loss prevention. IT Professional. 2010;10–13. Available:https://doi.org/10.1109/MITP.2010.52

Spooner D, Silowash G, Costa D, Albrethsen M. Navigating the insider threat tool landscape: Low cost technical solutions to jump start an insider threat program. In 2018 IEEE Security and Privacy Workshops (SPW). IEEE. 2018; 247-257.

Javornik M, Nadoh N, Lange D. Data is the new oil. In Towards User-Centric Transport in Europe . Springer, Cham. 2019;295-308.

Chauhan A, Gupta J. A novel technique of cloud security based on hybrid encryption by Blowfish and MD5. In 2017 4th International Conference on Signal Processing, Computing and Control (ISPCC). IEEE. 2017;349-355.

Krishnan K. Data warehousing in the age of big data. Newnes; 2013.

Zeng X, Garg SK, Strazdins P, Jayaraman PP, Georgakopoulos D, Ranjan R. IOTSim: A simulator for analysing IoT applications. Journal of Systems Architecture. 2017;72:93-107.

Cárdenas AA, Manadhata PK, Rajan SP. Big data analytics for security. IEEE Security and Privacy. 2013;11(6):74-76.

Singh A, Malhotra M. Hybrid two-tier framework for improved security in cloud environment. In 2016 3rd International Conference on Computing for Sustainable Global Development (INDIACom). IEEE. 2016;955-960.

Lagarde C. Estimating Cyber Risk for the Financial Sector. IMF Blog; 2018. Available:https://blogs.imf.org/2018/06/22/estimating-cyber-risk-for-the-financial-sector/

Stewart H, Jürjens J. Data security and consumer trust in Fin Tech innovation in Germany. Information and Computer Security. 2018;26(1):109-128.

Hughes C. The Three States of Digital Data - Advanced Software Products Group; 2014a. Available:http://aspg.com/three-states-digital-data/#.XHXoFriny00

Jouini M, Rabai LBA, Aissa A. Ben. Classification of security threats in information systems. Procedia Computer Science. 2014;32:489–496. Available:https://doi.org/10.1016/j.procs.2014.05.452

Janacek B. Best Practices: Securing Data at Rest, in Use, and in Motion – Data Motion Data Motion; 2015. Available:https://www.datamotion.com/2015/12/best-practices-securing-data-at-rest-in-use-and-in-motion/

Horne CA, Ahmad A, Maynard SB. Australasian conference on information systems information security strategy in organisations: Review, Discussion and Future Research Directions; 2015.

D’Arcy J, Hovav A, Galletta D. User awareness of security countermeasures and its impact on information systems misuse A deterrence approach. Information Systems Research. 2009; 20(1):79–98. Available:https://doi.org/10.1287/isre.1070.0160

Atif Ahmad, Sean B, Maynard, Sangseo Park. Information security strategies: Towards an organizational multi-strategy perspective | 10.1007/s10845-012-0683-0. Springer. 2012;1–23. Available:https://sci-hub.tw/10.1007/s10845-012-0683-0

Liu S, Sullivan J, Ormaner J. A practical approach to enterprise IT security. IT Professional. 2001;3(5):35–42. Available:https://doi.org/10.1109/6294.952979

Bertino E, Sandhu R. Database Security — Concepts, Approaches, and Challenges. 2005;2(1):2–19.

Cooper M. Encryption – Information Security - Cardiff University; 2012. Available:http://sites.cardiff.ac.uk/isf/advice/encryption/

Comodo. What is a Firewall? Explaining How a Firewall Works; 2017. Available:https://personalfirewall.comodo.com/what-is-firewall.html

Herrmann M. Security strategy: From soup to nuts. Information Security Journal. 2009; 18(1):26–32. Available:https://doi.org/10.1080/19393550802656115

Kumar RL, Park S, Subramaniam C. Understanding the value of countermeasure portfolios in information systems security. Journal of Management Information Systems. 2008;25. Available:https://doi.org/10.2753/MIS0742-1222250210

Debar H, Dacier M, Wespi A. Towards a taxonomy of intrusion-detection systems. Computer Networks. 1999;31(8):805–822. Available:https://doi.org/10.1016/S1389-1286(98)00017-6

Armstrong D, Carter S, Frazier G, Frazier T. Autonomic defence: Thwarting automated attacks via real-time feedback control. Complexity. 2003;9(2):41–48. Available:https://doi.org/10.1002/cplx.20011

Abukari AM, Gupta V, Madavarapu JB, Manda VK. A homomorphic block approach to block chain and cloud ERP Implementation. Journal of Applied Intelligent Systems and Information Sciences. 2023;4(1):50-59. DOI: 10.22034/jaisis.2023.412311.1066