A Taxonomy of Cloud Attack Consequences and Mitigation Strategies: The Role of Access Control and Privileged Access Management

Cloud services are now used by many organizations for the computation and storage of both public and sensitive data. Organizations expect that the data stored on clouds will be reasonably protected in terms of confidentiality, integrity and availability (CIA). In this paper, we review the cloud security literature to determine key contemporary attack consequences and mitigation strategies in the cloud environment. We categorize the consequences and mitigation strategies using the people, process and technology (PPT) and CIA classifications. We then construct a taxonomy of consequences and mitigation strategies, and use the themes discovered to present a conceptual privileged access management architecture.