Wednesday, May 6, 2020
Cloud Computing Security Issues
Question: Discuss about the Cloud Computing Security Issues. Answer: Introduction The concept of cloud computing is based on the set of resources that are being allocated for making use of a network of servers which are hosted at a remote location on the Internet for the purpose of storing, managing, and processing data, in place of using a personal computer or a local server. Cloud computing is basically a collection of resources which could be allocated to the users on the basis of demand. Cloud computing suggests new methods to deliver facilities. the method in which businesses are operated undergo changes because if these novel advanced, technical and assessing prospects. Cloud computing is thus considered as a unparalleled computing technology and beginning of new era in the world of computing. Although the idea of sharing resources is an old one, but cloud computing is a new version of those old notions. A cloud service provider operates to provide a collection of resources and services in this concept. These services can be made available from data canters located anywhere in the world. It allows the users to make use of various virtual resources through the internet in accordance with their needs. With the increase in famous computing companies bringing in their cloud computing services and products the entire concept of cloud computing has gained a great impetus. Some of the famous services of cloud computing in the market are Oracle Cloud, Google Engine and Office 365 (Rittinghouse and Ransome, 2016). With the rapid development in the cloud computing in the computing industry so are the risk and threats associated with the security becoming matter of greater concerns. Unless the security issues are managed and fixed the success and universal acceptance of the cloud computing services are not possible. The fast enhancement in the popularity of cloud computing proves to bring in higher security challenges for the users as well as providers. It is correct that there are risks involved with the use and application of cloud computing. However, the benefits of cloud computing far outweigh the risks. With the use of cloud computing the small organizations can also have effective IT infrastructure at place. With cloud computing, the small organizations are not expected to make heavy investment to procure IT hardware and software. Literature review A lot of studies have been done in the area of cloud computing. The literature review for cloud computing can be sub divided into sections like: Models of Cloud Service For implementation of the cloud computing concepts various models are available in the market. The cloud could be used for software to be used as a service, Platform to be used as a service or Infrastructure to be used as a service. These models of cloud computing can be discussed as: Model: Cloud Software as-a-Service (SaaS) is software supply arrangement with the purpose of giving authority to access remotely a software and its functions, in the form of a web-based facility (Ercolani, 2013). Software-as-a-Service authorizes companies to get access of the various business functionality of a software at relatively low price, these prices are generally much less than the actual cost of licensed applications. SaaS costs are made up on a monthly fee basis (Ojala, 2013). Also because of remote hosting of the software, users can also save money as they do not require any extra hardware. Software-as-a-Service abolishes the all likelihoods for companies to manage the set-up, installation, daily protection or upkeep (Jadeja and Modi, 2012). Model: Cloud Platform-as-a-Service (PaaS): the competence given to the operators to make use of the cloud infrastructure or platform (Zaslavsky, Perera and Georgakopoulos, 2013). In this PaaS model, the supplier or the cloud technology collaborates with a computing platform, comprising of Programming language, Operating System, implementation of database, environment and wed servers. In this scenario, the developers of applications or software can make and execute their software using the cloud platform without incurring extra cost and trouble of obtaining and management of the chief software films or hardware (Pandey and Varshapriya, 2014). We can consider the example of Oracle cloud platform-as-a-service. In this Oracle offers the database services as a platform to be accessed remotely. PaaS can mainly be categorized as environments for application development projected as a Service through the suppliers of the cloud. The platforms have an Integrated Development Environment (IDE), which are accessed by the users uses. These IDEs mainly includes the compiler, editor, build or execute and deploy structures to progress their applications. Thus by using the infrastructure given by the cloud supplier users deploy their applications (Zhou et al., 2013). Model: Cloud Infrastructure-as-a-Service (IaaS): in case of the IaaS cloud, the infrastructure like servers, hardware, routers, storage and other networking elements all are arranged by the IaaS provider (Manvi and Shyam, 2014). As per their individual requirements the user takes advantage of these accessible amenities and accordingly make payments for the facilities used by them. The applications, Operation Systems etc. are used by the end user, which has ability to organize and run any software (Dykstra and Sherman, 2012). The liability of supervising and monitoring the core could infrastructure does not come on the end user, however, he can use the operation systems and deployed his application (Kar and Rakshit, 2014). In order to use the IaaS effectively, the end user has to understand the resource necessities or the exact applications. Thus making scaling and flexibility as the end users responsibility and liability instead of the supplier. Models of Cloud Deployment There are various models that can be used in order to deploy a cloud computing model. Some of these models are as follows: Private Cloud: in this model the cloud forms the facility to give services to only selected organization. This could be controlled by the user organisation itself or by some external third party. When it service provider is an external entity is called an externally hosted private cloud, while if it is done by the company using it, its called an on premise private cloud (Goyal, 2014). Public Cloud Model: this is the type of deployment model where the cloud amenities like software applications, storages capacities, etc. are being made available on the publicly accessible network. A user can use such public clouds by paying the fees as schedules, which maybe according to per usage or other monthly purchases, yearly offers, etc. (AlZain, Pardede, Soh and Thom, 2012). Hybrid Cloud: it is a combination of private and public cloud choices. Community Cloud: in this model, the computing resources and infrastructure is shared among the companies which have similar community (Bora and Ahmed, 2013). Security Threats in Cloud Computing Even though there has been increase in popularity of the cloud computing, its complete acceptance and utilisation would only be possible when the various security issues associated with it are recognised and resolved. These threats are of numerous types, according to the 2013 research by the Cloud Computing Alliance some of the most dangerous threats are, insecure interface and APIs, traffic hijacking, malicious insider, denial of service, abuse of cloud facilities, insufficient due diligence, breaches in data, vulnerabilities of the shared technologies, breaking of perimeter security model and unknown risk profiles (Qaisar and Khawaja, 2012). Security issues in the cloud computing Cloud computing is attractive because of its effective ease and efficient saving of costs, however, it has various major upsetting security issues that are essential to be taken care. Especially when the highly crucial application and delicate data is made public by using the cloud computing environment. The chief characteristic of any latest computing technology could be seen by examining the extent of security that is provided by that system (Asma, Chaurasia and Mokhtar, 2012). Thus it is important to have thorough knowledge that the important data present on the cloud is rightfully protected from unsolicited access. Among major security issues some are: The issue of confidentiality of data: with the highly competitive business world, information is the real power. The importance of critical data cannot be undermined and thus the significance of confidentiality is paramount. Confidentially can be considered as a contract or guidelines which restrict the free admission or put on boundary on the location for some critical information available in the cloud data publicly. Thus in cloud computing scenario, the confidentiality means keeping the clients applications and data close for access for other cloud users as well as the cloud service provider. The only possible scenarios where the service provider can disclose the confidential user data, is when the service provider has knowledge about the location of user data in the cloud systems, or when the service provider has the right authority to admission and collect the clients private data from the cloud systems. Another possibility is when the service provider is able to recognise the s ignificance of clients data on the cloud (Gonzalez et al., 2012). The present cloud computing contains three layers, the Software layer, the Platform layer and the Infrastructure layer. The Software layer offers the clients access to the user interface for the applications that runs in the infrastructure of the cloud. The platform layer gives the necessary platform like as environment for software operation to be executed by making use of the available resources of the system. The infrastructure layer gives the required hardware support for the computing, such as network, storage, etc. the different service providers use their individual layers of software, platform and infrastructure, therefore the client which is using the application of the software layer of the cloud provided by a service provider, tends to use the platform along with the infrastructure offered by that service provider, thereby making it evident the location of critical user data which could be accessed by the service provider (Hashizume, Rosado, Fernndez-Medina and Fernandez, 2013). Issue of data availability: since the critical data is kept at a remote location, which is owned and managed by the service provider, the owner of data at times might have to deal with the issues like system failure from the side of service provider. In the case the cloud fails to work properly, the client will not be able to access his own data because of dependence on the single service provider. The denial of service (DOS) or the Direct Indirect (DOS) attack are dome of the major threats with respect to the data availability. The facility of giving on-demand services at various levels must be done by the cloud computing service provider. The Service Leve l Agreement (SLA) is drown to gain the trust of the clients for the usage of cloud computing by the service providers. Issue of data integrity: for information technology the integrity of data is of paramount importance, the data must be complete and whole. Similar to the data integrity om the local databases, the importance of data integrity in the cloud storage system is also crucial. This forms one of the prime factor to decide the effectiveness and performance of the cloud. The integrity of data gives evidences of the data validity, reliability and uniformity. Issue of data security: with respect to idea of the software deployment scheme or the storing of data in the cloud computing system, which is on the user premise, the delicate information of the company remains to exist in the company premises and could be subjected to the logical, physical as well as personnel arrangements of security and control of access. However, in the cases like, the public cloud or Software-as-a-Service model, the client data is stored separately beyond the physical company boundary, by the cloud service provider. Therefore, the could service provider must have proper agreement with the client to use extra security checks so as to ensure complete data security necessary for prevention of illegitimate breaches. Because of vulnerability of the security in the software application or because of some employee with malicious intentions (Chou, 2013). There is very strong need for using a good and impenetrable encryption procedures for ensuring to present the above mentioned security issues from materialising. Because of the remoteness of data and accessibility to greater number of clients and potential clients, availability of cloud in public domain and the main purpose of the cloud to be available for access to greater number of users makes the classical encryption techniques insufficient for the protection of the clients interest. Therefore, strong techniques for data protection are required to safeguard data from the uncertainties like the trust issues, location of data issues, etc. In the information technology business, whether it is traditional or the cloud based, trust is very essential between the client and the service providers. In the cloud computing business, the trust is one of the major issues. Similarly, the location of data, on the cloud without the knowledge of the client could also lead to some legal implication s if not dealt appropriately. Potential solution for the Cloud Computing Security issues It is necessary for the success of cloud computing to sort its security issues and build trust among the clients. Some of the potential solutions could be to the availability of support for scrutinizing the cloud facilities provided by the service provider. The location of data is unknown to the clients using cloud storage, thus if the proper audit tools are offered by the cloud service provider would ensure building of trust as well as confidence of the client in the cloud services. The client can indulge in legal examination, regulation and scrutiny of the data stored by them (Rong, Nguyen and Jaatun, 2013). Availability of robust recovery facilities would also enable the uses to make more use of the cloud facilities. In case of loss of data or severe fragmentation, the strong and easy recovery methods would make cloud services more attractive (Ryan, 2013). Likewise, the backup facility in case of physical damage or natural disasters would ensure increase in clients using the cloud facilities. Moreover, use of strong encryption algorithm techniques to safeguard the user data confidentiality, integrity and availability would further enhance the appeal of using cloud services. Also the enhance enterprise infrastructure with the ease of hardware installation and configuration like servers, fire walls, routers, proxy server, etc. would facilitate the clients and encourage them to use the cloud facilities (Zissis and Lekkas, 2012). Conclusion The attractiveness of the revolutionary cloud computing lies its ability to provide is high performance in the rapid and cost effective manner. The sharing of resources leads to greater integration of available resources and thereby enabling the clients to profit from the concept of cloud computing. However, the serious security issues are inbuilt in the virtue of the concept of cloud computing. The concerns of data integrity, confidentiality, security of resources and authorisation of access are of paramount importance for any organisation. These issues must be managed and sorted out effectively for the desired improvement in the usage of the cloud computing facilities and overall success of this idea. The above report highlights that cloud computing is attractive because of its effective ease and efficient saving of costs, however, it has various major upsetting security issues that are essential to be taken care. Especially when the highly crucial application and delicate data is made public by using the cloud computing environment. Therefore, it is important that the organizations should assess all the threats associated with the use of cloud compuing. It is also important that the organizations should conduct the training sessions for employees. It would help the organizations to overcome the security threats associated with cloud computing. The complete benefits of cloud computing can be achieved if the organization has a vision for the effective use of Information Technology. References AlZain, M.A., Pardede, E., Soh, B. and Thom, J.A., 2012, January. Cloud computing security: from single to multi-clouds. In System Science (HICSS), 2012 45th Hawaii International Conference on (pp. 5490-5499). IEEE. Asma, A., Chaurasia, M.A. and Mokhtar, H., 2012. Cloud Computing Security Issues. International Journal of Application or Innovation in Engineering Management, 1(2), pp.141-147. Bora, U.J. and Ahmed, M., 2013. E-learning using cloud computing. International Journal of Science and Modern Engineering, 1(2), pp.9-12. Chou, T.S., 2013. Security threats on cloud computing vulnerabilities. International Journal of Computer Science Information Technology, 5(3), p.79. Dykstra, J. and Sherman, A.T., 2012. Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques. Digital Investigation, 9, pp.S90-S98. Ercolani, G., 2013. Cloud Computing Services Potential Analysis. An integrated model for evaluating Software as a Service. Cloud Computing, pp.77-80. Gonzalez, N., Miers, C., Redigolo, F., Simplicio, M., Carvalho, T., Nslund, M. and Pourzandi, M., 2012. A quantitative analysis of current security concerns and solutions for cloud computing. Journal of Cloud Computing: Advances, Systems and Applications, 1(1), p.1. Goyal, S., 2014. Public vs private vs hybrid vs community-cloud computing: A critical review. International Journal of Computer Network and Information Security, 6(3), p.20. Hashizume, K., Rosado, D.G., Fernndez-Medina, E. and Fernandez, E.B., 2013. An analysis of security issues for cloud computing. Journal of Internet Services and Applications, 4(1), p.1. Jadeja, Y. and Modi, K., 2012, March. Cloud computing-concepts, architecture and challenges. In Computing, Electronics and Electrical Technologies (ICCEET), 2012 International Conference on (pp. 877-880). IEEE. Kar, A.K. and Rakshit, A., 2014. Pricing of Cloud IaaS Based on Feature Prioritization-A Value Based Approach. In Recent Advances in Intelligent Informatics (pp. 321-330). Springer International Publishing. Manvi, S.S. and Shyam, G.K., 2014. Resource management for Infrastructure as a Service (IaaS) in cloud computing: A survey. Journal of Network and Computer Applications, 41, pp.424-440. Ojala, A., 2013. Software-as-a-Service Revenue models. Pandey, S. and Varshapriya, J.N., 2014. Using Platform-As-A-Service (Paas) for Better Resource Utilization and Better Quality Applications. International Journal of Innovative Research in Advanced Engineering (IJIRAE) ISSN, pp.2349-2163. Qaisar, S. and Khawaja, K.F., 2012. Cloud computing: network/security threats and countermeasures. Interdisciplinary journal of contemporary research in business, 3(9), p.1323. Rittinghouse, J.W. and Ransome, J.F., 2016. Cloud computing: implementation, management, and security. CRC press. Rong, C., Nguyen, S.T. and Jaatun, M.G., 2013. Beyond lightning: A survey on security challenges in cloud computing. Computers Electrical Engineering, 39(1), pp.47-54. Ryan, M.D., 2013. Cloud computing security: The scientific challenge, and a survey of solutions. Journal of Systems and Software, 86(9), pp.2263-2268. Zaslavsky, A., Perera, C. and Georgakopoulos, D., 2013. Sensing as a service and big data. arXiv preprint arXiv:1301.0159. Zhou, J., Leppnen, T., Harjula, E., Ylianttila, M., Ojala, T., Yu, C. and Jin, H., 2013, June. Cloudthings: A common architecture for integrating the internet of things with cloud computing. In Computer Supported Cooperative Work in Design (CSCWD), 2013 IEEE 17th International Conference on (pp. 651-657). IEEE. Zissis, D. and Lekkas, D., 2012. Addressing cloud computing security issues. Future Generation computer systems, 28(3), pp.583-592.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.