多云和混合云环境中的安全和隐私：挑战、策略和未来方向

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-07-24 DOI:10.1016/j.cose.2025.104599

Sijjad Ali , Dhani Bux Talpur , Adeel Abro , Khulud Salem Alshudukhi , Ghadah Naif Alwakid , Mamoona Humayun , Farhan Bashir , Shuaib Ahmed Wadho , Asadullah Shah

{"title":"多云和混合云环境中的安全和隐私：挑战、策略和未来方向","authors":"Sijjad Ali , Dhani Bux Talpur , Adeel Abro , Khulud Salem Alshudukhi , Ghadah Naif Alwakid , Mamoona Humayun , Farhan Bashir , Shuaib Ahmed Wadho , Asadullah Shah","doi":"10.1016/j.cose.2025.104599","DOIUrl":null,"url":null,"abstract":"<div><div>The rapid adoption of multi-cloud and hybrid cloud environments has revolutionized modern computing by enhancing scalability, flexibility, and cost-efficiency. However, these environments introduce significant security and privacy challenges due to the distributed nature of data storage, heterogeneous infrastructures, and intercloud communications. This review comprehensively examines the critical security and privacy concerns associated with multi-cloud and hybrid cloud architectures, including data confidentiality, access control, secure communication, regulatory compliance, and emerging attack vectors such as cross-cloud threats and side-channel attacks. We analyze existing security strategies, including cryptographic techniques, identity and access management (IAM) mechanisms, AI-driven threat detection, and privacy-preserving methodologies. Furthermore, we provide a comparative evaluation of these approaches, highlighting their trade-offs in terms of security effectiveness, computational overhead, and deployment feasibility. In addition, we explore emerging trends such as post-quantum cryptography, zero-trust architectures, decentralized security frameworks, and AI-powered security automation to mitigate evolving threats. Finally, we outline open research challenges and future directions, emphasizing the need for scalable, adaptive, and regulation-compliant security solutions. This review serves as a foundation for researchers and practitioners aiming to enhance security and privacy in multi-cloud and hybrid cloud infrastructures, ensuring robust and resilient cloud computing ecosystems.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104599"},"PeriodicalIF":5.4000,"publicationDate":"2025-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Security and privacy in multi-cloud and hybrid cloud environments: Challenges, strategies, and future directions\",\"authors\":\"Sijjad Ali , Dhani Bux Talpur , Adeel Abro , Khulud Salem Alshudukhi , Ghadah Naif Alwakid , Mamoona Humayun , Farhan Bashir , Shuaib Ahmed Wadho , Asadullah Shah\",\"doi\":\"10.1016/j.cose.2025.104599\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>The rapid adoption of multi-cloud and hybrid cloud environments has revolutionized modern computing by enhancing scalability, flexibility, and cost-efficiency. However, these environments introduce significant security and privacy challenges due to the distributed nature of data storage, heterogeneous infrastructures, and intercloud communications. This review comprehensively examines the critical security and privacy concerns associated with multi-cloud and hybrid cloud architectures, including data confidentiality, access control, secure communication, regulatory compliance, and emerging attack vectors such as cross-cloud threats and side-channel attacks. We analyze existing security strategies, including cryptographic techniques, identity and access management (IAM) mechanisms, AI-driven threat detection, and privacy-preserving methodologies. Furthermore, we provide a comparative evaluation of these approaches, highlighting their trade-offs in terms of security effectiveness, computational overhead, and deployment feasibility. In addition, we explore emerging trends such as post-quantum cryptography, zero-trust architectures, decentralized security frameworks, and AI-powered security automation to mitigate evolving threats. Finally, we outline open research challenges and future directions, emphasizing the need for scalable, adaptive, and regulation-compliant security solutions. This review serves as a foundation for researchers and practitioners aiming to enhance security and privacy in multi-cloud and hybrid cloud infrastructures, ensuring robust and resilient cloud computing ecosystems.</div></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"157 \",\"pages\":\"Article 104599\"},\"PeriodicalIF\":5.4000,\"publicationDate\":\"2025-07-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404825002883\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825002883","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

多云和混合云环境的快速采用通过增强可伸缩性、灵活性和成本效率，彻底改变了现代计算。然而，由于数据存储、异构基础设施和云间通信的分布式特性，这些环境引入了重大的安全和隐私挑战。本文全面研究了与多云和混合云架构相关的关键安全和隐私问题，包括数据机密性、访问控制、安全通信、法规遵从性以及新兴的攻击媒介，如跨云威胁和侧信道攻击。我们分析了现有的安全策略，包括加密技术、身份和访问管理（IAM）机制、人工智能驱动的威胁检测和隐私保护方法。此外，我们对这些方法进行了比较评估，强调了它们在安全性有效性、计算开销和部署可行性方面的权衡。此外，我们还探讨了新兴趋势，如后量子密码学、零信任架构、分散的安全框架和人工智能安全自动化，以减轻不断变化的威胁。最后，我们概述了开放的研究挑战和未来的方向，强调需要可扩展、自适应和符合法规的安全解决方案。本综述为旨在增强多云和混合云基础设施的安全性和隐私性的研究人员和实践者提供了基础，以确保强大和有弹性的云计算生态系统。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Security and privacy in multi-cloud and hybrid cloud environments: Challenges, strategies, and future directions

The rapid adoption of multi-cloud and hybrid cloud environments has revolutionized modern computing by enhancing scalability, flexibility, and cost-efficiency. However, these environments introduce significant security and privacy challenges due to the distributed nature of data storage, heterogeneous infrastructures, and intercloud communications. This review comprehensively examines the critical security and privacy concerns associated with multi-cloud and hybrid cloud architectures, including data confidentiality, access control, secure communication, regulatory compliance, and emerging attack vectors such as cross-cloud threats and side-channel attacks. We analyze existing security strategies, including cryptographic techniques, identity and access management (IAM) mechanisms, AI-driven threat detection, and privacy-preserving methodologies. Furthermore, we provide a comparative evaluation of these approaches, highlighting their trade-offs in terms of security effectiveness, computational overhead, and deployment feasibility. In addition, we explore emerging trends such as post-quantum cryptography, zero-trust architectures, decentralized security frameworks, and AI-powered security automation to mitigate evolving threats. Finally, we outline open research challenges and future directions, emphasizing the need for scalable, adaptive, and regulation-compliant security solutions. This review serves as a foundation for researchers and practitioners aiming to enhance security and privacy in multi-cloud and hybrid cloud infrastructures, ensuring robust and resilient cloud computing ecosystems.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.