Potential security threats are observed firstly through the manner in which data in the cloud are stored and processed remotely and, secondly, through the use of virtualization and sharing of platforms between consumers, blurring the ownership boundaries between consumers. Gregg presented a list of possible security threats in cloud computing, indicating that the traditional security threats are prevalent in the cloud, but are more pronounced, such as SQL-injection on the platform level, phishing the cloud provider, and an expanded network attack surface. Furthermore, examples of the attacks in the cloud could be conducted through side channel attacks, authentication attacks, and man-in-the-middle cryptographic attacks. Side channel attacks occur when an attacker attempts to compromise the cloud through the placement of a malicious virtual machine close to a target cloud server, followed by the launch of a side channel threat. Other threats were listed by Jamal and Zaki, reflecting threats related to only the cloud environment. Some of these threats are listed below:
It is imperative to mention the probability of other security threats that can be initiated within the cloud environment, such as attacks from one virtual machine to another, which are difficult to detect. Cloud computing presents organizations with a fundamentally different model of operations as it pertains to information technology; however, security is one of the primary issues and in the case of a security breach, the major concern is the safety of the stored data. One method of addressing this concern is through the implementation of a Service Level Agreement, or SLA. The SLA serves as a binding contract between the selected cloud provider and the entity retaining cloud services. The agreement details the responsibilities of each party as it pertains to cloud access and can be amended to reach amicability among the parties. Several details, such as cloud governance, security specifications, compliance, and performance and uptime statistics, are included in the SLA. When considering which provider to retain for cloud services, it is imperative to obtain the offerings from multiple vendors in order to compare and contrast the specifications presented in key areas to determine which options will best suit the needs. The specific needs of the entity seeking cloud services must be defined during the planning phase by determining which aspects are the most important, regardless if it concerns the location of data storage or uptime guarantees.
Another challenge for a cloud forensics investigation is encountered through multi-location issues. As cloud systems offer seemingly unlimited resources to customers, the produced data are stored in the cloud in various locations along with mirror copies produced by the cloud provider for use in recovery situations. One of the obvious problems in this scenario is that the data may be stored in multiple jurisdictions, where differing laws apply. Data acquisition for cloud forensic investigations encounters the possibility that actions which are legal in one jurisdiction are illegal in another. This issue is further compounded concerning ownership of the data. Data in the cloud is often perceived as being owned by the consumer. In most instances, that is the case; however, in certain circumstances, the data, consisting of content, remains under the ownership of the consumer, while the metadata, which is data about data, which could be owned and controlled by the service provider. While it may be possible to easily collect the content for use in the cloud forensics investigation, the metadata may remain inaccessible.