A Review of Security, Compliance, and Governance Challenges in Cloud-Native Middleware and Enterprise Systems

Jagan Kurma; Jaya Vardhani Mamidala; Avinash Attipalli; Sunil Jacob Enokkaren; Varun Bitkuri; Raghuvaran Kendyala

doi:10.15662/IJRAI.2022.0501003

Authors

Jagan Kurma Computer Information Systems, Christian Brothers University, USA Author
Jaya Vardhani Mamidala Department of Computer Science, University of Central Missouri, USA Author
Avinash Attipalli Department of Computer Science, University of Bridgeport, USA Author
Sunil Jacob Enokkaren Solution Architect, ADP, USA Author
Varun Bitkuri Software Engineer, Stratford University, USA Author
Raghuvaran Kendyala Department of Computer Science, University of Illinois at Springfield, USA Author

DOI:

https://doi.org/10.15662/IJRAI.2022.0501003

Keywords:

Cloud-Native Middleware, Enterprise Systems, Security Challenges, Governance Frameworks, Compliance Standards

Abstract

The implementation of cloud-native notions is also changing the middleware of organizations and is moving the business systems off the monolithic systems to the modular, robust, and scalable systems. The trend that is growing is the use of containerization, microservices, and orchestration systems, including Docker and Kubernetes, by companies to make their business more agile and fast-track their digital transformation. The new technologies contribute to the flexibility of things and also make the situation more complicated in terms of the security of data, adherence to rules, and handling the remote situation. Among the most essential issues to be concerned with are securing vulnerable information, ensuring identities, implementing zero-trust security, and ensuring that various platforms are compatible. It is far more difficult with regulations such as GDPR, HIPAA, and NIS2 and needs powerful structures and automatic implementation of policies. Moreover, governance programs should address the issue of vendor lock-in and cross-border data sovereignty to ensure transparency and accountability. The article provides a comprehensive preview of the security, compliance, and governance issues in cloud-native business systems and middleware. It classifies gaps in research and gives suggestions of how to create sustainable, safe and compliant corporate ecosystems by analyzing foundations, threats, and solutions. The next steps should be AI-based orchestration, governance that is compliance-driven and standards related to secure multi-cloud ecosystems that are cohesive.

References

1. A. N. Toosi, R. N. Calheiros, and R. Buyya, “Interconnected Cloud Computing Environments,” ACM Comput. Surv., vol. 47, no. 1, pp. 1–47, Jul. 2014, doi: 10.1145/2593512.

2. H. P. Kapadia, “Cross-Platform UI/UX Adaptions Engine for Hybrid Mobile Apps,” Int. J. Nov. Res. Dev., vol. 5, no. 9, pp. 30–37, 2020.

3. D. D. Rao, “Multimedia Based Intelligent Content Networking for Future Internet,” in 2009 Third UKSim European Symposium on Computer Modeling and Simulation, 2009, pp. 55–59. doi: 10.1109/EMS.2009.108.

4. V. M. L. G. Nerella, “MIGRATE: A Rollback-Enabled Framework for Automated Oracle XTTS-Based Cross-Platform Database Migrations,” J. Electr. Syst., vol. 14, no. 4, pp. 85–95, Jan. 2018, doi: 10.52783/jes.9054.

5. V. M. L. G. Nerella, “Automated cross-platform database migration and high availability implementation,” Turkish J. Comput. Math. Educ., vol. 9, no. 2, pp. 823–835, 2018.

6. H. Takabi, J. B. D. Joshi, and G.-J. Ahn, “Security and Privacy Challenges in Cloud Computing Environments,” IEEE Secur. Priv. Mag., vol. 8, no. 6, pp. 24–31, Nov. 2010, doi: 10.1109/MSP.2010.186.

7. A. Dalal, “Driving Business Transformation through Scalable and Secure Cloud Computing Infrastructure Solutions,” Available SSRN 5424274, 2018.

8. S. S. S. Neeli, “Serverless Databases: A Cost-Effective and Scalable Solution,” Int. J. Innov. Res. Eng. Multidiscip. Phys. Sci, vol. 7, no. 6, p. 7, 2019.

9. S. S. S. Neeli, “Real-Time Data Management with In-Memory Databases: A Performance-Centric Approach,” J. Adv. Dev. Res., vol. 11, no. 2, p. 8, 2020.

10. J. Ruiter and M. Warnier, “Privacy regulations for cloud computing: Compliance and implementation in theory and practice,” in Computers, privacy and data protection: an element of choice, Springer, 2011, pp. 361–376.

11. M. Rahman, T. Mahbuba, A. Siddiqui, and S. Nowshin, “Cloud-native data architectures for machine learning,” 2019.

12. V. Mandala, “Meta-Orchestrated Data Engineering: A Cloud-Native Framework for Cross-Platform Semantic Integration,” Glob. Res. Dev. ISSN 2455-5703, vol. 3, no. 12, 2018.

13. A. Dalal, “Harnessing the Power of SAP Applications to Optimize Enterprise Resource Planning and Business Analytics,” Available SSRN 5422375, 2020.

14. R. Haryanto, “Cross-Comparative Study of Cloud-Native Security Platforms to Detect and Neutralize Insider Attacks in Online Retail,” J. Adv. Cybersecurity Sci. Threat Intell. Countermeas., vol. 4, no. 12, pp. 1–9, 2020.

15. K. A. Torkura, M. I. H. Sukmana, F. Cheng, and C. Meinel, “Leveraging cloud native design patterns for security-as-a-service applications,” in 2017 IEEE International Conference on Smart Cloud (SmartCloud), 2017, pp. 90–97.

16. M. Uddin and D. Preston, “Systematic Review of Identity Access Management in Information Security,” J. Adv. Comput. Networks, vol. 3, no. 2, pp. 150–156, 2015, doi: 10.7763/jacn.2015.v3.158.

17. S. Sidharth, “Enhancing Security of Cloud-Native Microservices with Service Mesh Technologies,” 2019.

18. M. K. Omopariola, “Zero-Trust Architecture Deployment in Emerging Economies: A Case Study from Nigeria,” Int. J. Comput. Appl. Technol. Res., vol. 5, no. 12, 2016.

19. T. Laszewski, K. Arora, E. Farr, and P. Zonooz, Cloud Native Architectures: Design high-availability and cost-effective applications for the cloud. Packt Publishing Ltd, 2018.

20. S. Mukherjee, “Information governance for the implementation of cloud computing,” Available SSRN 3405102, 2019.

21. H. Al-Aqrabi, L. Liu, J. Xu, R. Hill, N. Antonopoulos, and Y. Zhan, “Investigation of IT Security and Compliance Challenges in Security-as-a-Service for Cloud Computing,” in 2012 IEEE 15th International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops, IEEE, Apr. 2012, pp. 124–129. doi: 10.1109/ISORCW.2012.31.

22. K. P. Joshi, L. Elluri, and A. Nagar, “An Integrated Knowledge Graph to Automate Cloud Data Compliance,” IEEE Access, vol. 8, pp. 148541–148555, 2020, doi: 10.1109/ACCESS.2020.3008964.

23. V. Kodela, “A Comparative Study Of Zero Trust Security Implementations Across Multi-Cloud Environments: Aws And Azure,” Int. J. Commun. Networks Inf. Secur., 2018.

24. D. Yimam and E. B. Fernandez, “A survey of compliance issues in cloud computing,” J. Internet Serv. Appl., vol. 7, no. 1, p. 5, 2016.

25. I. A. Essien, E. Cadet, J. O. Ajayi, E. D. Erigha, and E. Obuse, “Integrated Governance , Risk , and Compliance Framework for Multi-Cloud Security and Global Regulatory Alignment .,” vol. 3, no. 3, pp. 215–224, 2019.

26. S. Srinivasan, S. B. V. Naga, and K. Narukulla, “Hybrid Cloud Security: A Multi-Layered Approach for Securing Cloud-Native Applications,” Int. J. Emerg. Trends Comput. Sci. Inf. Technol., vol. 1, no. 2, pp. 26–36, 2020.

27. R. Rompicharla and B. R. P. V, “Continuous Compliance model for Hybrid Multi-Cloud through Self-Service Orchestrator,” in 2020 International Conference on Smart Technologies in Computing, Electrical and Electronics (ICSTCEE), 2020, pp. 589–593. doi: 10.1109/ICSTCEE49637.2020.9276897.

28. K. K and A. Ahuja, “A Comprehensive Review of EMV Compliance in Cloud-Native Architectures: Challenges and Frameworks,” 2019.

29. K. A. Torkura, M. I. H. Sukmana, F. Cheng, and C. Meinel, “Cavas: Neutralizing application and container security vulnerabilities in the cloud native era,” in International Conference on Security and Privacy in Communication Systems, 2018, pp. 471–490.

30. K. A. Torkura, M. I. H. Sukmana, and C. Meinel, “Integrating Continuous Security Assessments in Microservices and Cloud Native Applications,” in Proceedings of the10th International Conference on Utility and Cloud Computing, New York, NY, USA: ACM, Dec. 2017, pp. 171–180. doi: 10.1145/3147213.3147229.

31. Polam, R. M., Kamarthapu, B., Kakani, A. B., Nandiraju, S. K. K., Chundru, S. K., & Vangala, S. R. (2021). Big Text Data Analysis for Sentiment Classification in Product Reviews Using Advanced Large Language Models. International Journal of AI, BigData, Computational and Management Studies, 2(2), 55-65.

32. Gangineni, V. N., Tyagadurgam, M. S. V., Chalasani, R., Bhumireddy, J. R., & Penmetsa, M. (2021). Strengthening Cybersecurity Governance: The Impact of Firewalls on Risk Management. International Journal of AI, BigData, Computational and Management Studies, 2, 10-63282.

33. Pabbineedi, S., Penmetsa, M., Bhumireddy, J. R., Chalasani, R., Tyagadurgam, M. S. V., & Gangineni, V. N. (2021). An Advanced Machine Learning Models Design for Fraud Identification in Healthcare Insurance. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 2(1), 26-34.

34. Kamarthapu, B., Kakani, A. B., Nandiraju, S. K. K., Chundru, S. K., Vangala, S. R., & Polam, R. M. (2021). Advanced Machine Learning Models for Detecting and Classifying Financial Fraud in Big Data-Driven. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 2(3), 39-46.

35. Tyagadurgam, M. S. V., Gangineni, V. N., Pabbineedi, S., Penmetsa, M., Bhumireddy, J. R., & Chalasani, R. (2021). Enhancing IoT (Internet of Things) Security Through Intelligent Intrusion Detection Using ML Models. International Journal of Emerging Research in Engineering and Technology, 2(1), 27-36.

36. Vangala, S. R., Polam, R. M., Kamarthapu, B., Kakani, A. B., Nandiraju, S. K. K., & Chundru, S. K. (2021). Smart Healthcare: Machine Learning-Based Classification of Epileptic Seizure Disease Using EEG Signal Analysis. International Journal of Emerging Research in Engineering and Technology, 2(3), 61-70.

37. Kakani, A. B., Nandiraju, S. K. K., Chundru, S. K., Vangala, S. R., Polam, R. M., & Kamarthapu, B. (2021).

38. HK, K. (2020). Design of Efficient FSM Based 3D Network on Chip Architecture. INTERNATIONAL JOURNAL OF ENGINEERING, 68(10), 67-73.

39. Krutthika, H. K. (2019, October). Modeling of Data Delivery Modes of Next Generation SOC-NOC Router. In 2019 Global Conference for Advancement in Technology (GCAT) (pp. 1-6). IEEE.

40. Ajay, S., Satya Sai Krishna Mohan G, Rao, S. S., Shaunak, S. B., Krutthika, H. K., Ananda, Y. R., & Jose, J. (2018). Source Hotspot Management in a Mesh Network on Chip. In VDAT (pp. 619-630).

41. Nair, T. R., & Krutthika, H. K. (2010). An Architectural Approach for Decoding and Distributing Functions in FPUs in a Functional Processor System. arXiv preprint arXiv:1001.3781.

42. Gopalakrishnan Nair, T. R., & Krutthika, H. K. (2010). An Architectural Approach for Decoding and Distributing Functions in FPUs in a Functional Processor System. arXiv e-prints, arXiv-1001.

43. Krutthika H. K. & A.R. Aswatha. (2021). Implementation and analysis of congestion prevention and fault tolerance in network on chip. Journal of Tianjin University Science and Technology, 54(11), 213–231. https://doi.org/10.5281/zenodo.5746712

44. Krutthika H. K. & A.R. Aswatha. (2020). FPGA-based design and architecture of network-on-chip router for efficient data propagation. IIOAB Journal, 11(S2), 7–25.

45. Krutthika H. K. & A.R. Aswatha (2020). Design of efficient FSM-based 3D network-on-chip architecture. International Journal of Engineering Trends and Technology, 68(10), 67–73. https://doi.org/10.14445/22315381/IJETT-V68I10P212

46. Krutthika H. K. & Rajashekhara R. (2019). Network-on-chip: A survey on router design and algorithms. International Journal of Recent Technology and Engineering, 7(6), 1687–1691. https://doi.org/10.35940/ijrte.F2131.037619

47. Big Data and Predictive Analytics for Customer Retention: Exploring the Role of Machine Learning in E-Commerce. International Journal of Emerging Trends in Computer Science and Information Technology, 2(2), 26-34.

48. Penmetsa, M., Bhumireddy, J. R., Chalasani, R., Tyagadurgam, M. S. V., Gangineni, V. N., & Pabbineedi, S. (2021). Next-Generation Cybersecurity: The Role of AI and Quantum Computing in Threat Detection. International Journal of Emerging Trends in Computer Science and Information Technology, 2(4), 54-61.

49. Polu, A. R., Vattikonda, N., Gupta, A., Patchipulusu, H., Buddula, D. V. K. R., & Narra, B. (2021). Enhancing Marketing Analytics in Online Retailing through Machine Learning Classification Techniques. Available at SSRN 5297803.

50. Polu, A. R., Buddula, D. V. K. R., Narra, B., Gupta, A., Vattikonda, N., & Patchipulusu, H. (2021). Evolution of AI in Software Development and Cybersecurity: Unifying Automation, Innovation, and Protection in the Digital Age. Available at SSRN 5266517.

51. Polu, A. R., Vattikonda, N., Buddula, D. V. K. R., Narra, B., Patchipulusu, H., & Gupta, A. (2021). Integrating AI-Based Sentiment Analysis With Social Media Data For Enhanced Marketing Insights. Available at SSRN 5266555.

52. Buddula, D. V. K. R., Patchipulusu, H. H. S., Polu, A. R., Vattikonda, N., & Gupta, A. K. (2021). INTEGRATING AI-BASED SENTIMENT ANALYSIS WITH SOCIAL MEDIA DATA FOR ENHANCED MARKETING INSIGHTS. Journal Homepage: http://www. ijesm. co. in, 10(2).

53. Gupta, A. K., Buddula, D. V. K. R., Patchipulusu, H. H. S., Polu, A. R., Narra, B., & Vattikonda, N. (2021). An Analysis of Crime Prediction and Classification Using Data Mining Techniques.