Cloud Security Architecture for the Automotive Industry: A Framework for Secure Multi-Cloud Deployment

Authors

  • Geol Kang

Keywords:

cloud security, automotive industry, multi-cloud environment, ISO/SAE 21434, UNECE R155

Abstract

This paper examines the automotive industry since it fundamentally transforms toward Software-Defined Vehicles (SDV) and exponentially increases the reliance on cloud and multi-cloud infrastructures. The attack surface expands in a dramatic way because of a shift to this model. Today cyber risks target centralized cloud backends managing entire fleets not individual vehicles. A comprehensive security architecture should be developed proactively and without delay, as potential threats may escalate, and stringent regulatory frameworks such as UNECE R155 and ISO/SAE 21434 are anticipated to come into effect. In this paper, the Automotive Multi-Cloud Security Framework (AMCSF), which is a conceptual cloud security architecture model for the automotive industry, is proposed based on a systematic literature review as well as comparative analysis of industry practices. ISO/SAE 21434 describes vehicle cybersecurity lifecycle processes the five-layer model would integrate. It works also with modern cloud-oriented technologies like Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platforms (CWPP). The study primarily concludes that risk can be effectively managed in modern automotive ecosystems only if protections are applied synergistically and include both the vehicle itself and its cloud infrastructure. This paper will be helpful to cybersecurity and cloud solution engineers and architects in automotive (OEM, Tier-1/Tier-2), vSOC/DevSecOps teams, cybersecurity and compliance management specialists (CSMS/UNECE R155, ISO/SAE 21434), as well as consultants and executives responsible for designing and operating secure multi-cloud backends.

Author Biography

  • Geol Kang

    Hyundai Autoever America, Senior Security Architect,Fountain Valley, California, USA

References

[1] Autosar, “Limited Edition 20th Anniversary Publication,” Autosar, 2023. Accessed: Sep. 01, 2025. [Online]. Available: https://www.autosar.org/fileadmin/user_upload/AUTOSAR_20th-Book_FINAL_WEB_06-OCT-2023.pdf

[2] “Cyber securing connected cars 2.0: navigating opportunities and risks in the digital era,” EY, 2024. Accessed: Sep. 01, 2025. [Online]. Available: https://www.ey.com/content/dam/ey-unified-site/ey-com/en-in/insights/automotive/documents/ey-cyber-securing-connected-cars-2-navigating-opportunities-and-risks-in-the-digital-era.pdf

[3] T. Weber, A. Koster, M. Quinn, A. Arora, and J. Chapot, “As Auto Software Revs Up, Suppliers Need to Switch Gears,” BCG Global, Nov. 14, 2024. https://www.bcg.com/publications/2024/auto-software-revs-up-suppliers-switch-gears (accessed Sep. 02, 2025).

[4] Tajammul Pangarkar, “Automotive Cyber Security Statistics 2024 By Secure Drive,” Market US, Jan. 2025. https://scoop.market.us/automotive-cyber-security-statistics/ (accessed Sep. 03, 2025).

[5] C. V. Kifor and A. Popescu, “Automotive Cybersecurity: A Survey on Frameworks, Standards, and Testing and Monitoring Technologies,” Sensors, vol. 24, no. 18, p. 6139, Sep. 2024, doi: https://doi.org/10.3390/s24186139.

[6] R. S. Rathore, C. Hewage, O. Kaiwartya, and J. Lloret, “In-Vehicle Communication Cyber Security: Challenges and Solutions,” Sensors, vol. 22, no. 17, p. 6679, Sep. 2022, doi: https://doi.org/10.3390/s22176679.

[7] G. Costantino, M. De Vincenzi, and I. Matteucci, “A Comparative Analysis of UNECE WP.29 R155 and ISO/SAE 21434,” 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Jun. 2022, doi: https://doi.org/10.1109/eurospw55150.2022.00041.

[8] S. Bhunia, M. Blackert, H. Deal, A. DePero, and A. Patra, “Analyzing the 2021 Kaseya Ransomware Attack: Combined Spearphishing through SonicWall SSLVPN Vulnerability,” IET Information Security, Jan. 2025, doi: https://doi.org/10.1049/ise2/1655307.

[9] D. Grimm, A. Lautenbach, M. Almgren, T. Olovsson, and E. Sax, “Gap Analysis of ISO/SAE 21434 – Improving the Automotive Cybersecurity Engineering Life Cycle,” 2023 IEEE 26th International Conference on Intelligent Transportation Systems (ITSC), Sep. 2023, doi: https://doi.org/10.1109/itsc57777.2023.10422100.

[10] M. Sebastian, “Multi-Layer Security Architecture for Cloud-Connected Autonomous Systems,” Journal of Computer Science and Technology Studies, vol. 7, no. 3, pp. 798–803, May 2025, doi: https://doi.org/10.32996/jcsts.2025.7.3.87.

[11] Y. Li, W. Liu, Q. Liu, X. Zheng, K. Sun, and C. Huang, “Complying with ISO 26262 and ISO/SAE 21434: A Safety and Security Co-Analysis Method for Intelligent Connected Vehicle,” Sensors, vol. 24, no. 6, p. 1848, Mar. 2024, doi: https://doi.org/10.3390/s24061848.

[12] M. Moore, A. Sirish, A. Yelgundhalli, and J. Cappos, “Securing Automotive Software Supply Chains,” Symposium on Vehicle Security and Privacy (VehicleSec), 2024, doi: https://doi.org/10.14722/vehiclesec.2024.23015.

Downloads

Published

2025-11-19

Issue

Vol. 56 No. 1 (2025)

Section

Articles

License

Copyright (c) 2025 Geol Kang

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Authors who submit papers with this journal agree to the following terms

How to Cite

Geol Kang. (2025). Cloud Security Architecture for the Automotive Industry: A Framework for Secure Multi-Cloud Deployment. International Journal of Computer (IJC), 56(1), 71-81. https://www.ijcjournal.org/InternationalJournalOfComputer/article/view/2444