Journal of Internet Services Applications 2010, 1(1):7–18. This is true in any type of organization; however, in the cloud, it has a bigger impact because there are more people that interact with the cloud: cloud providers, third-party providers, suppliers, organizational customers, and end-users. A security checklist for SaaS, PaaS and IaaS cloud models Key security issues can vary depending on the cloud model you're using. Syst. Security Issues, Data Security, Private Protection. Furthermore, web services are the largest implementation technology in cloud environments. In IaaS environments, a VM image is a prepackaged software template containing the configurations files that are used to create VMs. Available: https://downloads.cloudsecurityalliance.org/initiatives/mobile/Mobile_Guidance_v1.pdf Available: Keene C: The Keene View on Cloud Computing. Traditional security mechanisms may not work well in cloud environments because it is a complex architecture that is composed of a combination of different technologies. International Journal of Ambient Computing and Intelligence 2011, 3(1):38–46. Ju J, Wang Y, Fu J, Wu J, Lin Z: Research on Key Technology in SaaS. Also, some current solutions were listed in order to mitigate these threats. Web application firewall routes all web traffic through the web application firewall which inspects specific threats. Moreover, most compliance standards do not envision compliance with regulations in a world of Cloud Computing . Data security is a common concern for any technology, but it becomes a major challenge when SaaS users have to rely on their providers for proper security [12, 21, 36]. <> Implementation, Management, and Security, CRC Press; 2009. Accessing applications over the internet via web browser makes access from any network device easier, including public computers and mobile devices. There are several security standard specifications  such as Security Assertion Markup Language (SAML), WS-Security, Extensible Access Control Markup (XACML), XML Digital Signature, XML Encryption, Key Management Specification (XKMS), WS-Federation, WS-Secure Conversation, WS-Security Policy and WS-Trust. However, both of them may use multi-tenant architecture so multiple concurrent users utilize the same software. The studies analyze the risks and threats, often give recommendations on how they can be avoided or covered, resulting in a direct relationship between vulnerability or threats and possible solutions and mechanisms to solve them. But rolling back virtual machines can re-expose them to security vulnerabilities that were patched or re-enable previously disabled accounts or passwords. According to the Cloud Security Alliancethe list of the main cloud security threats includes the following: In SaaS, organizational data is often processed in plaintext and stored in the cloud. We will discuss three models of cloud-based computing: public, private, and hybrid. In Proceedings of the 3rd ACM workshop on Cloud Computing Security workshop. Washington, DC, USA: IEEE Computer Society; 2012:86–89. In Proceedings of the 10th conference on Hot Topics in Operating Systems, Santa Fe, NM. Security Issues in Cloud Deployment Models. Available: http://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-risk-assessment Available: Dahbur K, Mohammad B, Tarakji AB: A survey of risks, threats and vulnerabilities in Cloud Computing. Later, the experts will refine the results and will include important works that had not been recovered in these sources and will update these work taking into account other constraints such as impact factor, received cites, important journals, renowned authors, etc. In some cases, this switch has required major changes in software and caused project delays and even productivity losses. For example, an attacker with a valid account can create an image containing malicious code such as a Trojan horse. An analysis of security issues for cloud computing. They concluded that HyperSafe successfully prevented all these attacks, and that the performance overhead is low. Hashizume K, Yoshioka N, Fernandez EB: Three misuse patterns for Cloud Computing. OWASP: The Ten most critical Web application Security risks. Han-zhang W, Liu-sheng H: An improved trusted cloud computing platform model based on DAA and privacy CA scheme. The capability provided to the consumer is to deploy onto the cloud infrastructure his own applications without installing any platform or tools on their local machines. As mentioned before, sharing resources allows attackers to launch cross-tenant attacks . In this paper we are going to some major security issues of current cloud computing environments. The goal of this analysis is also to identify some existing defenses that can defeat these threats. Zissis D, Lekkas D: Addressing Cloud Computing Security issues. Viega J: Cloud Computing and the common Man. Thus, PaaS models also inherit security issues related to mashups such as data and network security . They control the software running in their virtual machines, and they are responsible to configure security policies correctly . Available: http://www.cpni.gov.uk/Documents/Publications/2010/2010007-ISB_cloud_computing.pdf Available: Khalid A: Cloud Computing: applying issues in Small Business. SSL is the underpinnings of most of the "security" utilized in the cloud and, for that matter, the Internet in general. KPMG: From hype to future: KPMG’s 2010 Cloud Computing survey.. 2010. 10.1016/j.future.2010.12.006. Virtual machine security becomes as important as physical machine security, and any flaw in either one may affect the other . Even when developers are in control of the security of their applications, they do not have the assurance that the development environment tools provided by a PaaS provider are secure. In Proceedings of the 1st International conference on Cloud Computing. Using covert channels, two VMs can communicate bypassing all the rules defined by the security module of the VMM . If the data location is not safe physically and logically then there is always a threat to the CSCâ€™s data. Washington, DC, USA: IEEE Computer Society; 2009:1–4. These applications are typically delivered via the Internet through a Web browser [12, 22]. Owens K: Securing virtual compute infrastructure in the Cloud. The inclusion and exclusion criteria of this study were based on the research question. Terms and Conditions, Available: http://www.techrepublic.com/whitepapers/from-hype-to-future-kpmgs-2010-cloud-computing-survey/2384291 Available: Rosado DG, Gómez R, Mellado D, Fernández-Medina E: Security analysis in the migration to cloud environments. Although there are many benefits to adopting Cloud Computing, there are also some significant barriers to adoption.