**1. Introduction**

Many scientific articles, many conferences, many projects are aimed at solving the issue of cloud computing security. Questions suited to this have theoretical and practical significance nevertheless, the problems and significance of this issue have not been identified in its acuteness and clear wording. In all likelihood, the problematization process lacks additional emphasis, namely, the emphasis on determining the positional structure of places for which this issue is significant; emphasis on creating an organizational structure and a system of interactions in which this issue would acquire practical significance and organizational certainty; finally, the emphasis on security and cloud computing as objects with which you can operate and technological chain of operations with objects.

The methodological approach in which we intend to pose a problematization, with the inclusion of the three accentuations described above, was developed for 30 years by a group of developers since 1954. In 1984, it had acquired the form of a pattern of thought activity, such as a scheme of organization of thinking and activity. It has its applications in the context of practical activity of the multidisciplinary group [1, 2]. The practice of applying this methodological principle has become an organizational-activity game. The application of this methodology made it possible to organize extensive research and development material in the field of cloud technology security and to reveal the inadequacy of a number of topics.

The material of our research is 368 articles published in the world press over the past 15 years, with rare exceptions when we turn to earlier works (e.g., on membrane calculations, which were reported in Heidelberg at the 1982 symposium) [3]. It is worth noting that in 2005 in Baltimore, Maryland, the 14th Symposium on Security (USENIX Security 2005) took place, in 2009—the 25th Conference on Computer Security Applications (ACSAC 2009); in the same year in Bangalore, India, an international conference on cloud computing took place. With a relatively stable number of conferences devoted to this topic, it is worth noting the surge in interest in this topic in 2012, 2014, and 2016. The topic of cloud computing has been especially updated since 2016. John Willey & Sons published the Computer Computing Encyclopedia (2016), held the 9th International Conference on Utility and Cloud Computing ACM, 2016; Honorulu hosted the 10th International Conference on Cloud Computing (CLOUD), IEEE, 2017; Workshop on Cloud Computing Security took place in Dallas. Among other things, 31 conferences in Taipei, Taiwan 2017, and the IEEE International Conference on Cloud Engineering (IC2E 2018) were held; the book edited by W Rivera "Sustainable Cloud and Energy Services: Principles and Practice" (Springer International Publishing, Cham, 2018) has wide expansion. The emphasis of research and development is moving toward the development of the computing industry, its applied aspects, such as advanced computing and IT, convergent cognitive IT, Security and privacy (SP), parallel and distributed processing, offensive technologies, Internet of Everything, defined network and network function virtualization, moving target defense, Internet of Things (IoT), and dependable computing (15th European Dependable Computing Conference 2019).

### **2. Literature review**

The topic of cloud computing security has a wealth of development and generalization material. Farnga [4] provides a risk assessment table for the cloud computing environment, introducing three attributes: Probability of Vulnerability (improbable 1, probable 2, occasional 3, frequent 4); Risk Impact (negligible A, marginal B, critical C, fatal D); and Severity Category (low 1A, 2A, 1B; medium 3A, 4A, 2B, 3B, 1C, 2C; high 4B, 3C, 4C, 2D, 3D, 4D). He marks vulnerabilities (Session Riding and Hijacking 4D, Virtual Machine Escape 2D, Reliability and Availability of Service 2C, Insecure Cryptography 3C, Vendor Lock-in, Data Protection and Portability 2C, Internet Dependency 3A) and prescribes protocols to prevent them (**Table 1**). He also defines threats and marks them: Abuse and Nefarious Use of Cloud services 4A, Insecure Interfaces and APIs 3C, Insider threat 3D, Data Loss and Leakage 2D, Account or Service Hijacking 4B, Unknown Risk profile 3D, and recommends risk mitigation protocols. Operational risks (4D) are the following: implementing too quickly, integration issues, moving the wrong data or applications to the cloud, compliance, and cost implications.

which is why fog computing inherits all of the security and privacy issues inherent in cloud computing. They report that they have developed a new key management and user authentication security scheme, named by them as SAKA-FC. The development is based on the well-known Real-Or-Random (ROR) model and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The scheme finds its effectiveness for its use in smart devices with a one-way cryptographic hash function. Guan et al. [6] discuss issues related to data security protection of personal data in fog computing. Fog computing, as an intermediary layer between the cloud and the end user, according to the authors, is precisely the solution to the problems of cloud computing security. This chapter discusses the design of a solution to ensure data security and privacy in fog computing. It is

**Protocol Description**

*A General Systems Approach to Cloud Computing Security Issues*

*DOI: http://dx.doi.org/10.5772/intechopen.92143*

AC-11 Session lock AT-2 Security awareness SC-13 Cryptographic protection SC-23 Session authenticity SC-24 Fail in known state

AC-2 Account management AC-5 Separation of duties AC-6 Least privilege

AC-10 Concurrent session control

SC-27 Operating system—independent applications

SI-7 Software, firmware, and information integrity

SI-15 Development process, standards and tools

CP-11 Alternate communications protocols

AR-4 Privacy monitoring and auditing DM-2 Data retention and disposal

SC-28 Protection of information at rest SI-3 Malicious code protection SI-4 Information system monitoring

SI-13 Predictable failure prevention

SI-14 Nonpersistence

CM-2 Baseline configuration CM-6 Configuration setting CM-7 Least functionality CA-7 Continuous monitoring CA-8 Penetration testing

PM-12 Insider threat program

AU-12 Audit generation

*Source: Farnga [4].*

*Risk mitigation tools.*

**Table 1.**

**41**

In addition to such purely practical manuals, literature is replete with a variety of areas of research and development in the field of cloud computing. Here are some of them. Wazid et al. [5] view fog computing as an add-on for cloud computing,


### *A General Systems Approach to Cloud Computing Security Issues DOI: http://dx.doi.org/10.5772/intechopen.92143*

**Table 1.**

30 years by a group of developers since 1954. In 1984, it had acquired the form of a pattern of thought activity, such as a scheme of organization of thinking and activity. It has its applications in the context of practical activity of the multidisciplinary group [1, 2]. The practice of applying this methodological principle has become an organizational-activity game. The application of this methodology made it possible to organize extensive research and development material in the field of cloud technology security and to reveal the inadequacy of a number of topics.

*Cloud Computing Security - Concepts and Practice*

The material of our research is 368 articles published in the world press over the past 15 years, with rare exceptions when we turn to earlier works (e.g., on membrane calculations, which were reported in Heidelberg at the 1982 symposium) [3]. It is worth noting that in 2005 in Baltimore, Maryland, the 14th Symposium on Security (USENIX Security 2005) took place, in 2009—the 25th Conference on Computer Security Applications (ACSAC 2009); in the same year in Bangalore, India, an international conference on cloud computing took place. With a relatively stable number of conferences devoted to this topic, it is worth noting the surge in interest in this topic in 2012, 2014, and 2016. The topic of cloud computing has been especially updated since 2016. John Willey & Sons published the Computer Computing Encyclopedia (2016), held the 9th International Conference on Utility and Cloud Computing ACM, 2016; Honorulu hosted the 10th International Conference on Cloud Computing (CLOUD), IEEE, 2017; Workshop on Cloud Computing Security took place in Dallas. Among other things, 31 conferences in Taipei, Taiwan 2017, and the IEEE International Conference on Cloud Engineering (IC2E 2018) were held; the book edited by W Rivera "Sustainable Cloud and Energy Services: Principles and Practice" (Springer International Publishing, Cham, 2018) has wide expansion. The emphasis of research and development is moving toward the development of the computing industry, its applied aspects, such as advanced computing and IT, convergent cognitive IT, Security and privacy (SP), parallel and distributed processing, offensive technologies, Internet of Everything, defined network and network function virtualization, moving target defense, Internet of Things (IoT), and dependable computing (15th European Dependable Computing Conference 2019).

The topic of cloud computing security has a wealth of development and generalization material. Farnga [4] provides a risk assessment table for the cloud computing environment, introducing three attributes: Probability of Vulnerability (improbable 1, probable 2, occasional 3, frequent 4); Risk Impact (negligible A, marginal B, critical C, fatal D); and Severity Category (low 1A, 2A, 1B; medium 3A, 4A, 2B, 3B, 1C, 2C; high 4B, 3C, 4C, 2D, 3D, 4D). He marks vulnerabilities (Session Riding and Hijacking 4D, Virtual Machine Escape 2D, Reliability and Availability of Service 2C, Insecure Cryptography 3C, Vendor Lock-in, Data Protection and Portability 2C, Internet Dependency 3A) and prescribes protocols to prevent them (**Table 1**). He also defines threats and marks them: Abuse and Nefarious Use of Cloud services 4A, Insecure Interfaces and APIs 3C, Insider threat 3D, Data Loss and Leakage 2D, Account or Service Hijacking 4B, Unknown Risk profile 3D, and recommends risk mitigation protocols. Operational risks (4D) are the following: implementing too quickly, integration issues, moving the wrong data or applica-

In addition to such purely practical manuals, literature is replete with a variety of areas of research and development in the field of cloud computing. Here are some of them. Wazid et al. [5] view fog computing as an add-on for cloud computing,

tions to the cloud, compliance, and cost implications.

**2. Literature review**

**40**

*Risk mitigation tools.*

which is why fog computing inherits all of the security and privacy issues inherent in cloud computing. They report that they have developed a new key management and user authentication security scheme, named by them as SAKA-FC. The development is based on the well-known Real-Or-Random (ROR) model and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The scheme finds its effectiveness for its use in smart devices with a one-way cryptographic hash function. Guan et al. [6] discuss issues related to data security protection of personal data in fog computing. Fog computing, as an intermediary layer between the cloud and the end user, according to the authors, is precisely the solution to the problems of cloud computing security. This chapter discusses the design of a solution to ensure data security and privacy in fog computing. It is

reported that simply transferring the protection techniques used in the cloud to the fog does not produce the desired effect. Alamer et al. [7] explore the safety of road traffic systems (CVCC) by modeling a network of cloud-based moving mechanisms in the form of a two-phase heterogeneous public good game (HPGG Model). This development helps develop security solutions for communications such as vehicleto-vehicle and vehicle-to-infrastructure, as well as the ability to integrate smart devices and various CVCC applications. Sharma et al. [8] considers that the best solution to protect the cloud from attacks is to use intrusion detection systems (IDS) in combination with different detection techniques. The chapter presents various architectures based on the cloud IDS, which are embedded cloud environments to address various security issues. Fadi and Hemayed [9] provide a literature review of the proven clouds that are used in infrastructure as a service contracts. The authors argue that the integration of the new technology, which is trust computing, with cloud computing can be provided by the proposed architectural solutions of the infrastructure as a service and on the grounds on which user trust in cloud service providers arises. Remote certification and a trusted virtual domain are important security considerations for cloud computing. A security model based on the separation of the security domain was proposed by Xu and Zheng [10] for telecommunication services. Security measures cover the storage, processing, and transmission of data in the cloud. Instead of traditional computational models of cryptographic protection, Maharajan and Paramasivan [11] offer molecular protocol (DNA) membrane computing protocol. Qui and Kung [12] as invited editors provide a clear overview of 14 articles on the topic of cloud computing security. They were selected from 57 proposed articles. The urgent need for the development of techniques and tools for cybersecurity of clouds is noted. Among the authors of the articles are noted groups Ali, Zhang, Lee, Li; Fowley, Chen, Islam, and Sha; Chi, Luna, Awad, Cafaro, Zhang, and Xu are well known in the professional community. The various cybersecurity techniques and tools described by these research and development teams are described. Xu et al. [13] analyze the relationship between openness and cloud security by addressing the results of this analysis (quantitative methods and qualitative analysis of investments in security and openness) to cloud computing providers to adopt an optimal investment strategy for openness and security. Sajai et al. [14] offer a hybrid technology of cryptographic data protection in the cloud, combining homographic and blowfish algorithms. Wei et al. [15] noted that, according to data released by the Cloud Security Alliance (CSA) and the Institute of Electrical and Electronics Engineers (IEEE), there has been an increasing involvement of cloud computing for manufacturing purposes. The authors draw attention to the complex nature of the cloud system, introduce indicators for evaluating the cloud computing system, and propose a rule of believe (BRB)-based model for predicting the safe state of the cloud. This model combines a system of expert assessments and long-term data analysis and has three levels focused on the safety of equipment, software, and services. Bhandari and Zheng [16] describe 12 cloud security threats, such as data breach, insufficient identity, credential and access management, insecure interface and APIs, system vulnerabilities, account hijacking, malicious insiders, advance persistent threats, data loss, insufficient due diligence , abuse and nefarious use of cloud services, denial of services, and shared technologies issues. Donno et al. [17] analyze the situation in which every "thing" is connected to the Internet. From the point of view of security, the technological revolution brings with it many dramatic moments. The authors offer a comprehensive overview of cloud computing security issues in the Internet of Things era. The bibliography for the article has 149 sources. Matheus and Vieira [18] at the student forum of the 15th European Dependable Computing Conference (EDCC 2019) presented a four-step sequential change model for a cloud architecture model,

extending the availability and security model to a holistic cloud presentation model

This diversity is striking in its diversity and, in order to deal with the fundamental, essential side of the problem, the proposed methodologies are of little use due to their inconsistency. But the first layer of ideas is nevertheless lined with them. So, we have a certain field of practice and a subject built on it, which combines problems and tasks, knowledge, models and experiments, languages and

megamachine's plan, it is worth building a block of private methodologies, as well as blocks of methodological design, research, and auto-reflection. So, in relation to the world of things covered by the new digital context, the following can be said. (1) The Internet of things, this new era in the sociocultural development of mankind, requires a certain environment in which each thing has its digital counterpart. A new layer of material organization is taking shape when, by referring a digital double to a thing, the latter reveals itself not only in the localities, but also in new qualities, in new directions of its use. (2) This environment, being distributed everywhere, resembles a certain smart layer covering the entire terrestrial space of things, it contains the systemic representation of a thing in its dynamics, the totality of all kinds of actions with a thing. (3) Speaking of the world of things, we include their interacting and developing aggregates in it, we expand the world of things to the world of activity, with the help of which things are not only created and consumed, but also undergo the influence of constructive thought. In this sense, we can talk about the world of thought activity. Ideal objects of scientific substantive thinking, cult rituals, customs of communication and polemics—all these—form this intelligent world of activity. (4) In a sense, the Internet of things with its infrastructure and cloud computing platforms should be considered one of the forms of such a world of thought activity. (5) An industrial structure is taking shape in which a thing is made with its digital counterpart. This makes the thing more convenient and at the first stage more expensive. Issues of owning a thing, transferring it by inheritance, its commercial use, that is, giving a thing a certain active beginning, can also have their object form and their digital counterpart. (6) Customs, ethics of relationships, trust, and control are things in our world. How will they evolve with the development of the digital era? What customs need rethinking? Is it always necessary to duplicate the predominantly conflict-free world of things in the world of cloud computing? Is activity based on principles other than the order of the real world? Data in our world, everywhere is gaining special significance, both in business and in the social environment. He pointed out that only 17% of companies make data-driven decisions. By 2025, the global data volume will grow 10 times and reach 163 Zettabytes (one Zettabyte contains 10 to the 21st power of bytes), and most of these data will be generated by enterprises, not consumers. Sixty percent of the world's data will be created by business organizations. Almost 20% of all data in the global infosphere will play a critical role in everyday life, and about 10% will be "supercritical." Almost 90% of all data will require a certain level of security, but only half of them will be really protected. The growth of big data and metadata will lead to the fact that by 2025 each average inhabitant of the Earth will begin to interact with devices connected to networks about 4800 times a day, according to one interaction procedure every 18 seconds. The share of the global information sphere under analysis will increase by 50 times compared to the current one, reaching 5.2 ZB; and the amount of data analyzed with the participation of cognitive systems will grow 100 times, amounting to 1.4 ZB. Almost 20% of the data generated will be real-time information, with more than 95% of the data coming from IoT devices [19]. These estimations mean that the problem of security of calculating and computing media will remain actual one.

methods. For the purpose of generalizing and translating this design into a

and security assessment using Moving Target Defense.

*A General Systems Approach to Cloud Computing Security Issues*

*DOI: http://dx.doi.org/10.5772/intechopen.92143*

**43**

#### *A General Systems Approach to Cloud Computing Security Issues DOI: http://dx.doi.org/10.5772/intechopen.92143*

reported that simply transferring the protection techniques used in the cloud to the fog does not produce the desired effect. Alamer et al. [7] explore the safety of road traffic systems (CVCC) by modeling a network of cloud-based moving mechanisms in the form of a two-phase heterogeneous public good game (HPGG Model). This development helps develop security solutions for communications such as vehicleto-vehicle and vehicle-to-infrastructure, as well as the ability to integrate smart devices and various CVCC applications. Sharma et al. [8] considers that the best solution to protect the cloud from attacks is to use intrusion detection systems (IDS) in combination with different detection techniques. The chapter presents various architectures based on the cloud IDS, which are embedded cloud environments to address various security issues. Fadi and Hemayed [9] provide a literature review of the proven clouds that are used in infrastructure as a service contracts. The authors argue that the integration of the new technology, which is trust computing, with cloud computing can be provided by the proposed architectural solutions of the infrastructure as a service and on the grounds on which user trust in cloud service providers arises. Remote certification and a trusted virtual domain are important security considerations for cloud computing. A security model based on the separation of the security domain was proposed by Xu and Zheng [10] for telecommunication services. Security measures cover the storage, processing, and transmission of data in the cloud. Instead of traditional computational models of cryptographic protection, Maharajan and Paramasivan [11] offer molecular protocol (DNA) membrane computing protocol. Qui and Kung [12] as invited editors provide a clear overview of 14 articles on the topic of cloud computing security. They were selected from 57 proposed articles. The urgent need for the development of techniques and tools for cybersecurity of clouds is noted. Among the authors of the articles are noted groups Ali, Zhang, Lee, Li; Fowley, Chen, Islam, and Sha; Chi, Luna, Awad, Cafaro, Zhang, and Xu are well known in the professional community. The various cybersecurity techniques and tools described by these research and development teams are described. Xu et al. [13] analyze the relationship between openness and cloud security by addressing the results of this analysis (quantitative methods and qualitative analysis of investments in security and openness) to cloud computing providers to adopt an optimal investment strategy for openness and security. Sajai et al. [14] offer a hybrid technology of cryptographic data protection in the cloud, combining homographic and blowfish algorithms. Wei et al. [15] noted that, according to data released by the Cloud Security Alliance (CSA) and the Institute of Electrical and Electronics Engineers (IEEE), there has been an increasing involvement of cloud computing for manufacturing purposes. The authors draw attention to the complex nature of the cloud system, introduce indicators for evaluating the cloud computing system, and propose a rule of believe (BRB)-based model for predicting the safe state of the cloud. This model combines a system of expert assessments and long-term data analysis and has three levels focused on the safety of equipment, software, and services. Bhandari and Zheng [16] describe 12 cloud security threats, such as data breach, insufficient identity, credential and access management, insecure interface and APIs, system vulnerabilities, account

*Cloud Computing Security - Concepts and Practice*

hijacking, malicious insiders, advance persistent threats, data loss, insufficient due diligence , abuse and nefarious use of cloud services, denial of services, and shared technologies issues. Donno et al. [17] analyze the situation in which every "thing" is connected to the Internet. From the point of view of security, the technological revolution brings with it many dramatic moments. The authors offer a comprehensive overview of cloud computing security issues in the Internet of Things era. The bibliography for the article has 149 sources. Matheus and Vieira [18] at the student forum of the 15th European Dependable Computing Conference (EDCC 2019) presented a four-step sequential change model for a cloud architecture model,

**42**

extending the availability and security model to a holistic cloud presentation model and security assessment using Moving Target Defense.

This diversity is striking in its diversity and, in order to deal with the fundamental, essential side of the problem, the proposed methodologies are of little use due to their inconsistency. But the first layer of ideas is nevertheless lined with them. So, we have a certain field of practice and a subject built on it, which combines problems and tasks, knowledge, models and experiments, languages and methods. For the purpose of generalizing and translating this design into a megamachine's plan, it is worth building a block of private methodologies, as well as blocks of methodological design, research, and auto-reflection. So, in relation to the world of things covered by the new digital context, the following can be said. (1) The Internet of things, this new era in the sociocultural development of mankind, requires a certain environment in which each thing has its digital counterpart. A new layer of material organization is taking shape when, by referring a digital double to a thing, the latter reveals itself not only in the localities, but also in new qualities, in new directions of its use. (2) This environment, being distributed everywhere, resembles a certain smart layer covering the entire terrestrial space of things, it contains the systemic representation of a thing in its dynamics, the totality of all kinds of actions with a thing. (3) Speaking of the world of things, we include their interacting and developing aggregates in it, we expand the world of things to the world of activity, with the help of which things are not only created and consumed, but also undergo the influence of constructive thought. In this sense, we can talk about the world of thought activity. Ideal objects of scientific substantive thinking, cult rituals, customs of communication and polemics—all these—form this intelligent world of activity. (4) In a sense, the Internet of things with its infrastructure and cloud computing platforms should be considered one of the forms of such a world of thought activity. (5) An industrial structure is taking shape in which a thing is made with its digital counterpart. This makes the thing more convenient and at the first stage more expensive. Issues of owning a thing, transferring it by inheritance, its commercial use, that is, giving a thing a certain active beginning, can also have their object form and their digital counterpart. (6) Customs, ethics of relationships, trust, and control are things in our world. How will they evolve with the development of the digital era? What customs need rethinking? Is it always necessary to duplicate the predominantly conflict-free world of things in the world of cloud computing? Is activity based on principles other than the order of the real world? Data in our world, everywhere is gaining special significance, both in business and in the social environment. He pointed out that only 17% of companies make data-driven decisions. By 2025, the global data volume will grow 10 times and reach 163 Zettabytes (one Zettabyte contains 10 to the 21st power of bytes), and most of these data will be generated by enterprises, not consumers. Sixty percent of the world's data will be created by business organizations. Almost 20% of all data in the global infosphere will play a critical role in everyday life, and about 10% will be "supercritical." Almost 90% of all data will require a certain level of security, but only half of them will be really protected. The growth of big data and metadata will lead to the fact that by 2025 each average inhabitant of the Earth will begin to interact with devices connected to networks about 4800 times a day, according to one interaction procedure every 18 seconds. The share of the global information sphere under analysis will increase by 50 times compared to the current one, reaching 5.2 ZB; and the amount of data analyzed with the participation of cognitive systems will grow 100 times, amounting to 1.4 ZB. Almost 20% of the data generated will be real-time information, with more than 95% of the data coming from IoT devices [19]. These estimations mean that the problem of security of calculating and computing media will remain actual one.

## **3. Methodologies**

The data used in this study is taken from open sources. The methodologies used by researchers can be expanded to private system-structural methodologies of management, sciences, engineering, and production. We are trying to look at the situation associated with the use of cloud computing from a wider angle by introducing another add-on—the general methodological system-structural design and prospecting ([1], p. 103). You can implement several plans: (1) look through all the literature and write an attitude toward it, making some kind of system generalizations and arrangements; (2) write independently of the literature your understanding of the situation and construct a certain field for assembling sources and identifying niches for their subsequent filling; (3) and design the futures.

When we retrospect to the past studies on this issue, we focus on the following passage from G. Schedrovitsky's paper of 1981, titled "Principles and general plan of the methodological organization of the systems and structures studies and elaborations" ([1], pp. 88-114). He wrote: We distinguish eight projects in which the system principle is developing.

new techniques and new methods created in one subject do not apply to others. Each science creates its own ontological picture, which is not compatible with the ontological pictures of other objects. All attempts to build a unified or at least

*Four squares, diagonal (a), triagonal (b), quadrogonal (c), and hexagonal (d) images depict a form of*

The second point is the existence of highly specialized transferring channels of fragmented culture. The mathematician does not know and understand physics well, not to mention biology or history. The philologist, as a rule, does not know mathematics and physics, but is equally poorly versed in history and its methods. Already at school, we begin to divide children into those who are capable of mathematics and capable of literature. The idea of general education is increasingly being

The third point is the crisis of classical non-Marxist philosophy, caused by the realization of the fact that this philosophy has lost its means of controlling science and has lost the role of coordinator in the development of sciences, the role of mediator, transferring methods and means from one science to another. This circumstance became clear already in the first quarter of the nineteenth century and became the subject of special discussion. K. Marx and F. Engels paid much attention to it in their works, which redefined the functions of philosophy in relation to the natural and human sciences. The loss of a direct connection with philosophy led various sciences to develop their own forms of awareness, their own individual philosophy. This has provided the basis for various forms of positivism, and in

The fourth point is the design of engineering as a special activity that combines design with various forms of quasi-scientific analysis. The traditional academic sciences, which were developed in many ways immanently, were divorced from new areas of engineering, and this forced engineers to create new types of knowledge systems that did not meet traditional patterns and standards. Information theory and cybernetics are just the most striking examples of such systems. At the same time, the problem of the relationship between design and research appeared

The fifth (very important) moment is the continued isolation within the activity and the isolation of various production technologies, which acquire self-sufficient importance and become, as it were, a new principle and an objective law in the organization of our entire life activity and ultimately subordinate to ourselves both the activity, nature and behavior of people. Maintenance of these technologies is becoming the primary need and almost the main goal of all social activities. At the same time, technological forms of organizing activities are constantly formalizing

The sixth point is the formation, design, and partial isolation of design as a special kind of activity. As a result, the issue of the relationship and correlation of the actual design and research developments arose even sharper. Designing directly

connected picture of our reality run up against great difficulties.

*A General Systems Approach to Cloud Computing Security Issues*

destroyed by the idea of specialized schools.

*research organization of a certain set of practices* EK*.*

*DOI: http://dx.doi.org/10.5772/intechopen.92143*

**Figure 1.**

recent times has given rise to the so-called "scientism."

and becoming increasingly important, which apply to thinking.

and began to be intensively discussed.

**45**

This is a project for the development of specific sciences and areas of engineering and practice due to systemic representations, concepts, and methods of analysis [20–22]; three projects of the "general theory of systems," similar to the natural science theories, such as physics, chemistry, biology [23–31], similar to traditional mathematics such as geometry and algebra or Shannon information theory [22, 32–37], according to the type of metamathematics in the sense of Hilbert and Klinn [38, 39], a practical methodology or methodology of the type of disciplines such as the study of operations, decision analysis [40–42], an engineering methodology such as systems engineering of Good and Mackoll [43–47], the so-called system philosophy [48] and system-structural methodology as a division of the general methodology [49–58].

The first seven proposals have a historical prototype already implemented on another material. This is their forte. At the same time, in our opinion, this raises major objections. When each of the participants in the systemic movement offers his own professional solution to systemic problems, he acts as an agent of the already existing and functioning sphere of thinking and activity—science, engineering, mathematics, philosophy, etc. He has formed as a "system engineer" inside of the sphere, and by virtue of this, he is always connected and limited to that particular cultural and historical situation in which he understood the meaning and importance of systemic problems and tasks. Consequently, in the final analysis, he always only develops, due to systemic means and methods, the professional organization of his initial thought activity. However, it is well known (and can even be considered universally recognized) that the systemic movement has developed and is developing as an interdisciplinary and interprofessional formation. This means that it must form and create an organization that goes beyond the scope of each individual scientific discipline and each individual profession. Consequently, the system movement in its formation and development should take into account the contemporary sociocultural situation as a whole, and proceed from an extremely wide understanding of the possibilities and prospects of its development.

In our opinion, in the current sociocultural situation, at least eight points that have the most direct connection with the systemic movement can be distinguished.

The first of these is the process of an ever-deepening differentiation of sciences and professions. Progressive in the eighteenth and nineteenth centuries, it has now led to the design of a mass of isolated sciences, *S* and *PM* (see **Figure 1**), each of which develops almost independently of the others. These subjects now not only organize but also limit the thinking of researchers. Receptions and ways of thinking, *A General Systems Approach to Cloud Computing Security Issues DOI: http://dx.doi.org/10.5772/intechopen.92143*

#### **Figure 1.**

**3. Methodologies**

*Cloud Computing Security - Concepts and Practice*

system principle is developing.

general methodology [49–58].

**44**

The data used in this study is taken from open sources. The methodologies used

When we retrospect to the past studies on this issue, we focus on the following passage from G. Schedrovitsky's paper of 1981, titled "Principles and general plan of the methodological organization of the systems and structures studies and elaborations" ([1], pp. 88-114). He wrote: We distinguish eight projects in which the

This is a project for the development of specific sciences and areas of engineering and practice due to systemic representations, concepts, and methods of analysis [20–22]; three projects of the "general theory of systems," similar to the natural science theories, such as physics, chemistry, biology [23–31], similar to traditional mathematics such as geometry and algebra or Shannon information theory [22, 32–37], according to the type of metamathematics in the sense of Hilbert and Klinn [38, 39], a practical methodology or methodology of the type of disciplines such as the study of operations, decision analysis [40–42], an engineering methodology such as systems engineering of Good and Mackoll [43–47], the so-called system philosophy [48] and system-structural methodology as a division of the

The first seven proposals have a historical prototype already implemented on another material. This is their forte. At the same time, in our opinion, this raises major objections. When each of the participants in the systemic movement offers his own professional solution to systemic problems, he acts as an agent of the already existing and functioning sphere of thinking and activity—science, engineering, mathematics, philosophy, etc. He has formed as a "system engineer" inside of the sphere, and by virtue of this, he is always connected and limited to that particular cultural and historical situation in which he understood the meaning and importance of systemic problems and tasks. Consequently, in the final analysis, he always only develops, due to systemic means and methods, the professional organization of his initial thought activity. However, it is well known (and can even be considered universally recognized) that the systemic movement has developed and is developing as an interdisciplinary and interprofessional formation. This means that it must form and create an organization that goes beyond the scope of each individual scientific discipline and each individual profession. Consequently, the system movement in its formation and development should take into account the contemporary sociocultural situation as a whole, and proceed from an extremely

wide understanding of the possibilities and prospects of its development.

In our opinion, in the current sociocultural situation, at least eight points that have the most direct connection with the systemic movement can be distinguished. The first of these is the process of an ever-deepening differentiation of sciences and professions. Progressive in the eighteenth and nineteenth centuries, it has now led to the design of a mass of isolated sciences, *S* and *PM* (see **Figure 1**), each of which develops almost independently of the others. These subjects now not only organize but also limit the thinking of researchers. Receptions and ways of thinking,

by researchers can be expanded to private system-structural methodologies of management, sciences, engineering, and production. We are trying to look at the situation associated with the use of cloud computing from a wider angle by introducing another add-on—the general methodological system-structural design and prospecting ([1], p. 103). You can implement several plans: (1) look through all the literature and write an attitude toward it, making some kind of system generalizations and arrangements; (2) write independently of the literature your understand-

ing of the situation and construct a certain field for assembling sources and identifying niches for their subsequent filling; (3) and design the futures.

*Four squares, diagonal (a), triagonal (b), quadrogonal (c), and hexagonal (d) images depict a form of research organization of a certain set of practices* EK*.*

new techniques and new methods created in one subject do not apply to others. Each science creates its own ontological picture, which is not compatible with the ontological pictures of other objects. All attempts to build a unified or at least connected picture of our reality run up against great difficulties.

The second point is the existence of highly specialized transferring channels of fragmented culture. The mathematician does not know and understand physics well, not to mention biology or history. The philologist, as a rule, does not know mathematics and physics, but is equally poorly versed in history and its methods. Already at school, we begin to divide children into those who are capable of mathematics and capable of literature. The idea of general education is increasingly being destroyed by the idea of specialized schools.

The third point is the crisis of classical non-Marxist philosophy, caused by the realization of the fact that this philosophy has lost its means of controlling science and has lost the role of coordinator in the development of sciences, the role of mediator, transferring methods and means from one science to another. This circumstance became clear already in the first quarter of the nineteenth century and became the subject of special discussion. K. Marx and F. Engels paid much attention to it in their works, which redefined the functions of philosophy in relation to the natural and human sciences. The loss of a direct connection with philosophy led various sciences to develop their own forms of awareness, their own individual philosophy. This has provided the basis for various forms of positivism, and in recent times has given rise to the so-called "scientism."

The fourth point is the design of engineering as a special activity that combines design with various forms of quasi-scientific analysis. The traditional academic sciences, which were developed in many ways immanently, were divorced from new areas of engineering, and this forced engineers to create new types of knowledge systems that did not meet traditional patterns and standards. Information theory and cybernetics are just the most striking examples of such systems. At the same time, the problem of the relationship between design and research appeared and began to be intensively discussed.

The fifth (very important) moment is the continued isolation within the activity and the isolation of various production technologies, which acquire self-sufficient importance and become, as it were, a new principle and an objective law in the organization of our entire life activity and ultimately subordinate to ourselves both the activity, nature and behavior of people. Maintenance of these technologies is becoming the primary need and almost the main goal of all social activities. At the same time, technological forms of organizing activities are constantly formalizing and becoming increasingly important, which apply to thinking.

The sixth point is the formation, design, and partial isolation of design as a special kind of activity. As a result, the issue of the relationship and correlation of the actual design and research developments arose even sharper. Designing directly and with all acuteness ran into the problem of the ratio of natural and artificial in the objects of our activity [45, 51]. None of these problems has been resolved within the framework of traditional sciences.

should not be identified either with the philosophical proper or with the scientific

The methodology takes into account the differences and the multiplicity of different positions of the figure in relation to the object; hence, work with different ideas about the same object, including different professional ideas, in this case, knowledge itself and the fact of their multiplicity, are considered as an objective

**Figure 1** depicts four squares, we will call them diagonal (a), triagonal (b), quadrogonal (c), and hexagonal (d) images; they depict a form of research organization of a certain set of practices *E*k. By practices, we mean the entire existing set of activities related to the use of cloud computing, as well as ensuring the security of the use of the cloud. These practices are described within the framework of the *S*<sup>k</sup> description languages that cover them. Note that these languages are different, and translation from one language to another is hardly possible. Means and methods, as well as a description of problem areas and their resolution tasks, are provided by a layer of partial applied methodologies (in the figure they are designated as *PM*k). The triagonal image (b) defines the organizational form of the structure of the

In special logical and methodological studies (see, in particular, [62];

computing in some unified system language. To this end, we turn to the quadrogonal image, introducing another layer—the general system-structural methodology (in the figure, it is indicated by the letters GM). As part of this add-in, work is underway to design and prospect the system area including as a part PMk, Sk, and Ek. To the extent that the diagonal image is not complete, the same tetragonal image is also not complete. Let us explain how this layer is built. Following the "Principles and basic schemes of organizing systemic structural studies" ([1], pp. 88-114), we turn to the hexagonal image. It adds two more add-ons, which we marked with the letters R and A, methodological reflection, or auto-reflection (metamethodological area) and audit (the type of methodological research by which the layers of practice, descriptions, applied and general methodology are added and adjusted). The problem areas identified in the layer of private methodologies are also accompanied by a general description that includes, in addition to the technical, engineering, and managerial contexts (determined by the practitioners of experiences), a certain general sociocultural context. This is generated by audits at all levels of the methodological organization, from specific practices to the

organization of the design and futures of partial methodologies.

pp. 106-190), it was established that in every scientific subject there are at least nine different epistemological units: (1) problems, (2) tasks, (3) "observable facts," (4) "experimental data," (5) the totality of the general knowledge that is built in this scientific subject, (6) ontological schemes and pictures, (7) models, (8) tools (languages, concepts, categories), and (9) methods and techniques. This is a set

Our task is to find a solution to the problem of ensuring the security of cloud

We used the kinematic scheme [60] for organizing methodological work in the field of cloud computing security. The kinematics of the scheme lies in the fact that it combines several methodological schemes, both early in appearance and subsequent ones. The scheme by which David Zilberman tries to build a modal methodology as a sum of methodologies (1973) is supplemented by a scheme of thought activity (1980)([1], pp. 281-298), a scheme of organizing a system-structural methodology (1981) ([1], pp. 88-114), and scheme (2016) that we use when working on the theme of Observation and Audit of the Processes in Experiences with Uncertainty [63] and the scheme (2000) when we were working on the topic of Reflexive Control [64]. We also used our ideas about the inclusion of thinking technologies, such as problematization, objectification, self-determination, and

forms of organization of thinking and activity.

*DOI: http://dx.doi.org/10.5772/intechopen.92143*

*A General Systems Approach to Cloud Computing Security Issues*

moment in the research situation.

simplest scientific subject.

**47**

of basic blocks of a scientific subject.

The seventh point is an increase in the importance and role of organizational and managerial activity in our entire social life. Its effectiveness depends primarily on scientific support. However, traditional sciences do not provide the knowledge necessary for this activity; this is primarily due to the complex, synthetic, or, as they say, complex, the nature of this activity and the analytical, or "abstract," nature of traditional scientific disciplines.

The eighth point (also especially important) is the appearance of a new type of science, which could roughly be called "complex sciences." These include the sciences serving pedagogy, design, military affairs, management, etc. Now these complex types of practices are served by chaotic agglomerations of knowledge from various scientific disciplines. But the complexity and versatility of this practice, its orientation at the same time both on normative, artificial, and on implementation, natural plans of activity require a theoretical unification and theoretical systematization of artificial and natural knowledge, which cannot be achieved.

Contemporary situation in general systems theory looks like the same described by G. Schedrovitsky in 1981 ([1], pp. 88-114). Some additions to this domain make it more clear. An article in Wikipedia [59] pays attention to the point that systems theory is the interdisciplinary study of systems. "The goals of systems theory are to model a system's dynamics, constrains, conditions, and to elucidate principles (such as purpose, measure, methods, tools) that can be discerned and applied to other systems at every level of nesting, and in wide range of fields for achieving optimized equifinality."

Dubrovsky ([60], p. 20) makes endeavor to reinterpret the system approach of G. Schedrovitsky. Zilberman [61] identifies six types of cultural traditions. The Vedanta scheme characterizes the Indian type of tradition (methodological thinking as actually "understanding"), the mimansa scheme is the Tibetan type (conceptual or "substantive" thinking), and the Vaisheshika scheme is the new European type "imaginative," axiological, or historical thinking. Further, the nyaya scheme characterizes the Hellenic type of tradition (organizational, axiomatic, mathematicaltheoretical, formal-logical thinking), the Sankhya scheme—the Chinese type ("projective," "preformative," praxeological thinking), the yoga scheme—the Japanese type (phenomenological, or existential thinking). All these complex calculations, however, are necessary for Zilberman to label or draw another universal picture of world cultures and civilizations, in the manner of Spengler or Toynbee. Here, rather, a method of intercultural interaction is proposed, with the help of which one can describe any system of culture and at the same time not fall into naturocentrism. By modifying the types of philosophical systems, Zilberman focuses on the ideal of complete modalization of all philosophies so that a "sum of philosophy" arises and the true history of this discipline begins. The thread of modal methodology lies in the fact that for the first time it consciously and intentionally refers not to versions of "reality" as unconditionally natural and therefore problematic for consciousness, but to typological thoughts that it improves. In this sense, the modal methodology plays the role of Philosophia Universalis [61].
