Security of data migration to the cloud. Analysis of challenges and threats

A. Davydiuk, PhD, S. Kulyk, PhD student
G.E. Pukhov Institute for Modeling in Energy Engineering NAS of Ukraine
Ukraine, 03164, Kyiv, Oleg Mudrak Street, 15
This email address is being protected from spambots. You need JavaScript enabled to view it., This email address is being protected from spambots. You need JavaScript enabled to view it.

Èlektron. model. 2025, 47(2):81-91

https://doi.org/10.15407/emodel.47.02.081

ABSTRACT

Migration to cloud technologies has become an integral part of the modern business environment, providing organizations with flexibility, scalability, and cost-effectiveness. However, the process of transferring data to the cloud is accompanied by several challenges, among which ensuring the integrity and confidentiality of information are a priority. In war conditions, backup processes and data migration to the cloud become especially important. Thanks to these processes, it is possible to protect data from destruction as a result of massive kinetic attacks and cyberattacks. More and more organizations are choosing cloud solutions instead of local environments. According to 2022 data, 93 % of technology leaders reported that their organizations rely primarily on cloud solutions in various forms, compared to 83 % two years ago, and 48 % say that their infrastructure is primarily hybrid, compared to 40 % two years ago. At the same time, the number of respondents who indicated that their organizations mainly use on-premises environments has halved to 7 % [1]. The example of the Russian-Ukrainian war shows that migration processes will take a significant amount of time due to resource issues and legal conflicts. Given that the legislation regulating the cloud services sector was adopted shortly before the full-scale invasion, Ukraine did not have much time to implement it. At the same time, it is important to note that Ukraine began to adapt quickly to new realities. The most important requirements for backup and migration processes are ensuring data confidentiality and integrity. Given this, this study will analyze regulatory requirements, threats and countermeasures, and existing gaps.

KEYWORDS

cloud technologies, data migration, data integrity, data confidentiality, regulatory documents, security threats, artificial intelligence, security gaps.

REFERENCES

  1. The Digital Crunch Time: 2022 State of APIs and Applications | Google Cloud. (n. d.). Google Cloud. https://cloud.google.com/resources/state-of-apis-and-applications-report
  2. On Cloud Services, Law of Ukraine No. 2075-IX (2024) (Ukraine). https://zakon.rada.gov.ua/laws/show/2075-20#Text
  3. On approval of Methodological recommendations for ensuring cyber security when using cloud computing technology and Methodological recommendations for assessing the compliance of cloud services with security (assurance) levels, Order of the Administration of the SSSCIP No. 505 (2024) (Ukraine). https://www.cip.gov.ua/ua/ news/nakaz-administraciyi-derzhspeczv-yazku-vid-14-09-2024-505-pro-zatverdzhennya-metodichnikh-rekomendacii- shodo-zabezpechennya-kiberzakhistu-pri-vikoristanni-tekhnologiyi-khmarnikh-obchislen-ta-metodichnikh-rekomendacii-shodo-ocinki-vidpovidnosti- khmarnikh-poslug-rivnyam-bezpeki-vpevnenosti
  4. ISO/IEC 27001:2022. (n. d.). ISO.https://www.iso.org/standard/27001
  5. ISO/IEC 27017:2015. (n. d.). ISO.https://www.iso.org/standard/43757.html
  6. ISO/IEC 27018:2019. (n. d.). ISO.https://www.iso.org/standard/76559.html
  7. SP 800-53 Rev. 5, Security and Privacy Controls for Information Systems and Organizations | CSRC. (n. d.). NIST Computer Security Resource Center | CSRC. https://csrc.nist.gov/ pubs/sp/800/53/r5/upd1/final
  8. SP 800-144, Guidelines on Security and Privacy in Public Cloud Computing | CSRC. (b. d.). NIST Computer Security Resource Center | CSRC. https://csrc.nist.gov/pubs/sp/800/ 144/final
  9. Data Center Risk Assessment. (n. d.). Uptime Institute. https://uptimeinstitute.com/ professional-services/data-center-risk-assessment#:~:text=Uptime%20Institute’s%20Data %20Center%20Risk,people%20and%20skill-sets%20involved.
  10. Uptime Institute Resource Page - Uptime Institute. (n. d.). Digital Infrastructure Authority | Tier Certification & Training — Uptime Institute. https://uptimeinstitute.com/resources/asset/tier-standard-operational-sustainability
  11. Amazon helped Ukraine transfer 10 petabytes of data to its cloud servers. (n. d.). https://minfin.com.ua/ua/2022/06/11/86966942/
  12. Have I Been Pwned: Check if your email has been compromised in a data breach. (n. d.). Have I Been Pwned: Check if your email has been compromised in a data breach. https://haveibeenpwned.com/
  13. AI-based cyberattacks: strategies and countermeasures | Wezom. (n. d.). IT-company of the full cycle of development of software products WEZOM — Kyiv, Ukraine. https://com.ua/ua/blog/ataki-na-osnovi-shtuchnogo-intelektu-novi-vikliki-dlya-kiberbezpeki
  14. Alenezi, MN, Alabdulrazzaq, H., Alhatlani, HM, & Alobaid, FA (2024). On the performance of AES algorithm variants. International Journal of Information and Computer Security, 23(3), 322-337. 
    https://doi.org/10.1504/IJICS.2024.138494
  15. Nguyen, DDA, Alain, P., Autrel, F., Bouabdallah, A., François, J., & Doyen, G. (2024). How fast does malware leveraging eternalblue propagate? The case of wannacry and notpetya. In 2024 IEEE 10th international conference on network software (netsoft). IEEE. 
    https://doi.org/10.1109/NetSoft60951.2024.10588886
  16. A recent security incident involving Dropbox Sign. (n. d.). Dropbox. https://sign.dropbox.com/blog/a-recent-security-incident-involving-dropbox-sign
  17. DesJardins, Sarah, "Cyber attacked: could you be next?". (n. d.). Business/Business Administration. 26. https://scholarsarchive.library.albany.edu/honorscollege_business/26
  18. Kabanov, Ilya and Madnick, Stuart E. A systematic study of the control failures in the Equifax cybersecurity incident (2020). MIT Sloan Research Paper No. 2020-19, Available at SSRN: https://ssrn.com/abstract=3957272 or
    https://doi.org/10.2139/ssrn.3957272
  19. SuperFish Vulnerability. (n. d.). Lenovo Security Advisory: LEN-2015-010. https://support>. lenovo.com/us/en/product_security/ps500035-superfish-vulnerability
  20. Zhang, X., Upton, O., Beebe, NL, & Choo, K.-KR (2020). IoT botnet forensics: A comprehensive digital forensic case study on Mirai botnet servers. Forensic Science International: Digital Investigation, 32, 300926. 
    https://doi.org/10.1016/j.fsidi.2020.300926
  21. Choi, YB (2021b). Organizational cyber data breach analysis of Facebook, Equifax, and Uber cases. International Journal of Cyber Research and Education, 3(1), 58-64. 
    https://doi.org/10.4018/IJCRE.2021010106
  22. Fly to the clouds: the main migration mistakes. (n. d.). Mind.ua. https://mind.ua/openmind/20215250-poletiti-v-hmari-osnovni-pomilki-migraciyi

Full text: PDF