A. Davydiuk, PhD, S. Kulyk, PhD student
G.E. Pukhov Institute for Modeling in Energy Engineering NAS of Ukraine
Ukraine, 03164, Kyiv, Oleg Mudrak Street, 15
Èlektron. model. 2025, 47(2):81-91
https://doi.org/10.15407/emodel.47.02.081
ABSTRACT
Migration to cloud technologies has become an integral part of the modern business environment, providing organizations with flexibility, scalability, and cost-effectiveness. However, the process of transferring data to the cloud is accompanied by several challenges, among which ensuring the integrity and confidentiality of information are a priority. In war conditions, backup processes and data migration to the cloud become especially important. Thanks to these processes, it is possible to protect data from destruction as a result of massive kinetic attacks and cyberattacks. More and more organizations are choosing cloud solutions instead of local environments. According to 2022 data, 93 % of technology leaders reported that their organizations rely primarily on cloud solutions in various forms, compared to 83 % two years ago, and 48 % say that their infrastructure is primarily hybrid, compared to 40 % two years ago. At the same time, the number of respondents who indicated that their organizations mainly use on-premises environments has halved to 7 % [1]. The example of the Russian-Ukrainian war shows that migration processes will take a significant amount of time due to resource issues and legal conflicts. Given that the legislation regulating the cloud services sector was adopted shortly before the full-scale invasion, Ukraine did not have much time to implement it. At the same time, it is important to note that Ukraine began to adapt quickly to new realities. The most important requirements for backup and migration processes are ensuring data confidentiality and integrity. Given this, this study will analyze regulatory requirements, threats and countermeasures, and existing gaps.
KEYWORDS
cloud technologies, data migration, data integrity, data confidentiality, regulatory documents, security threats, artificial intelligence, security gaps.
REFERENCES
- The Digital Crunch Time: 2022 State of APIs and Applications | Google Cloud. (n. d.). Google Cloud. https://cloud.google.com/resources/state-of-apis-and-applications-report
- On Cloud Services, Law of Ukraine No. 2075-IX (2024) (Ukraine). https://zakon.rada.gov.ua/laws/show/2075-20#Text
- On approval of Methodological recommendations for ensuring cyber security when using cloud computing technology and Methodological recommendations for assessing the compliance of cloud services with security (assurance) levels, Order of the Administration of the SSSCIP No. 505 (2024) (Ukraine). https://www.cip.gov.ua/ua/ news/nakaz-administraciyi-derzhspeczv-yazku-vid-14-09-2024-505-pro-zatverdzhennya-metodichnikh-rekomendacii- shodo-zabezpechennya-kiberzakhistu-pri-vikoristanni-tekhnologiyi-khmarnikh-obchislen-ta-metodichnikh-rekomendacii-shodo-ocinki-vidpovidnosti- khmarnikh-poslug-rivnyam-bezpeki-vpevnenosti
- ISO/IEC 27001:2022. (n. d.). ISO.https://www.iso.org/standard/27001
- ISO/IEC 27017:2015. (n. d.). ISO.https://www.iso.org/standard/43757.html
- ISO/IEC 27018:2019. (n. d.). ISO.https://www.iso.org/standard/76559.html
- SP 800-53 Rev. 5, Security and Privacy Controls for Information Systems and Organizations | CSRC. (n. d.). NIST Computer Security Resource Center | CSRC. https://csrc.nist.gov/ pubs/sp/800/53/r5/upd1/final
- SP 800-144, Guidelines on Security and Privacy in Public Cloud Computing | CSRC. (b. d.). NIST Computer Security Resource Center | CSRC. https://csrc.nist.gov/pubs/sp/800/ 144/final
- Data Center Risk Assessment. (n. d.). Uptime Institute. https://uptimeinstitute.com/ professional-services/data-center-risk-assessment#:~:text=Uptime%20Institute’s%20Data %20Center%20Risk,people%20and%20skill-sets%20involved.
- Uptime Institute Resource Page - Uptime Institute. (n. d.). Digital Infrastructure Authority | Tier Certification & Training — Uptime Institute. https://uptimeinstitute.com/resources/asset/tier-standard-operational-sustainability
- Amazon helped Ukraine transfer 10 petabytes of data to its cloud servers. (n. d.). https://minfin.com.ua/ua/2022/06/11/86966942/
- Have I Been Pwned: Check if your email has been compromised in a data breach. (n. d.). Have I Been Pwned: Check if your email has been compromised in a data breach. https://haveibeenpwned.com/
- AI-based cyberattacks: strategies and countermeasures | Wezom. (n. d.). IT-company of the full cycle of development of software products WEZOM — Kyiv, Ukraine. https://com.ua/ua/blog/ataki-na-osnovi-shtuchnogo-intelektu-novi-vikliki-dlya-kiberbezpeki
- Alenezi, MN, Alabdulrazzaq, H., Alhatlani, HM, & Alobaid, FA (2024). On the performance of AES algorithm variants. International Journal of Information and Computer Security, 23(3), 322-337.
https://doi.org/10.1504/IJICS.2024.138494 - Nguyen, DDA, Alain, P., Autrel, F., Bouabdallah, A., François, J., & Doyen, G. (2024). How fast does malware leveraging eternalblue propagate? The case of wannacry and notpetya. In 2024 IEEE 10th international conference on network software (netsoft). IEEE.
https://doi.org/10.1109/NetSoft60951.2024.10588886 - A recent security incident involving Dropbox Sign. (n. d.). Dropbox. https://sign.dropbox.com/blog/a-recent-security-incident-involving-dropbox-sign
- DesJardins, Sarah, "Cyber attacked: could you be next?". (n. d.). Business/Business Administration. 26. https://scholarsarchive.library.albany.edu/honorscollege_business/26
- Kabanov, Ilya and Madnick, Stuart E. A systematic study of the control failures in the Equifax cybersecurity incident (2020). MIT Sloan Research Paper No. 2020-19, Available at SSRN: https://ssrn.com/abstract=3957272 or
https://doi.org/10.2139/ssrn.3957272 - SuperFish Vulnerability. (n. d.). Lenovo Security Advisory: LEN-2015-010. https://support>. lenovo.com/us/en/product_security/ps500035-superfish-vulnerability
- Zhang, X., Upton, O., Beebe, NL, & Choo, K.-KR (2020). IoT botnet forensics: A comprehensive digital forensic case study on Mirai botnet servers. Forensic Science International: Digital Investigation, 32, 300926.
https://doi.org/10.1016/j.fsidi.2020.300926 - Choi, YB (2021b). Organizational cyber data breach analysis of Facebook, Equifax, and Uber cases. International Journal of Cyber Research and Education, 3(1), 58-64.
https://doi.org/10.4018/IJCRE.2021010106 - Fly to the clouds: the main migration mistakes. (n. d.). Mind.ua. https://mind.ua/openmind/20215250-poletiti-v-hmari-osnovni-pomilki-migraciyi