Cloud Computing and Security - Term Paper Example

Cloud Computing and Security In the last few years, the paradigm of cloud computing has evolved from a talented business idea to one of the rapidly developing tools of information technology all over the world. Additionally, with its talent to offer users animatedly extendable and collective business resources over the web based technology like internet cloud computing prevents from large level business expenses. In addition, cloud computing guarantees to modernize the future of business as well as corporate computing environment extensively. At the present, recession-hit businesses are progressively considering that only by establishing a strong connection with the cloud they could be able to get rapid access to most valuable corporate applications and considerably enhance their communications resources, and can get all the facilities and technology based solutions at minor outlay. On the other hand, when more critical information of corporations and individuals is stored on corporate cloud framework, fears are starting to elevate regarding just how protected an arrangement it could be considered. In addition, storing a large amount of data creates a circumstance similar to keeping massive funds, which means drawing additional normal attacks from increasingly experienced and extremely provoked invaders in computing environment. Accordingly, communication security is a particular concern which users contemplate when thinking about using cloud computing structure (Binning), (Hanna) and (Marston, Li and Bandyopadhyay). This paper will discuss the security issues in cloud computing enveironment. Security Risk and Cloud Computing While building safe and protected IT systems, organizations typically have to face a lot of customary security and privacy management issues and challenges on the other hand in case of cloud computing there is an additional extent of menace dues to the fact that in cloud computing environment necessary services are frequently subcontracted to a 3rd party security management. In this scenario, the “external existence” feature of subcontracting or outsourcing enables the tough hold up to data integrity, privacy, maintain data and service accessibility, and exhibits conformity. In addition, cloud computing transfers a great deal of the operational and security management control over data and business functions from customer business to their cloud service suppliers. In this scenario, a great deal of similar businesses hand over some part of their information technology working aspects and processes to outsourcing businesses. However, the fundamental jobs like that implementing patch technologies and installation and configuration of system firewalls are included in the responsibilities of the cloud service supplier, not the end-user of cloud services. In addition, users should build strong interactions with their contributors and stakeholders as well as recognize threats regarding how these cloud service suppliers apply, organize and administer security on their own. In this scenario, the idea “trust” describes the association between cloud service suppliers and users and it is important for the reason that the client users are accountable for conformity and safety of their important business and financial data, yet if that particular burden has transferred to the cloud. Moreover, a number of businesses select mixed or private paradigms over open clouds due to the threats linked with the process of services subcontracting (IBM), (Shen and Tong) and (Sumter). Additional features of cloud computing also demand reconsideration of threats and protection. Additionally, inside a cloud, it is a complicated job to find out where data is located. In addition, the security procedures that were formerly perceptible are currently concealed under the covers of thought. In this overall structure the lack of perceptibility can cause creation of several observance and security problems (IBM), (Shen and Tong) and (Sumter). The distribution of large size data and information in cloud computing produces various major issues such as cloud security and security in more conventional IT backgrounds. In addition, clients on both sides of businesses and their confidence levels to cooperate with each other vary from business to business. Moreover, in cloud computing arrangement the information and data based interactions and distribution calls for a high level of consistent and process automation are able to facilitate in implementation of enhanced business security by removing the threat of workers’ errors and omission. However, the threats generated from extremely shared arrangements indicate that paradigms of cloud computing have to still put focus on identity, privacy and observance (IBM), (Shen and Tong) and (Sumter). Origin of Security Issues Cloud computing offers services and diverse facilities related to internet, computing, communication and storage for the businesses as well as individual users working in all the marketplaces such as healthcare, economic, government and management areas. In addition, this latest method to computing allows the users to enjoy liberty from open software and hardware savings, work in cooperation with others, achieve limberness moreover take benefit of the refined services that are offered by the cloud computing services suppliers. On the other hand, there is a critical issue for the users inside the cloud and that is security. According to the cloud services suppliers, the cloud security issues are functioning in directions of making the cloud impartial as well as resolving such security related problems. In this scenario, cloud security is turning out to be a key cutthroat point and discriminator among cloud suppliers. However, by implementing the competent security methods and practices, cloud security can quickly be increased far away the point that information technology sectors attain from their own sophisticated software and hardware services (Trusted Computing Group), (Teixeira, Azevedo and Pinto) and (Zhang, Chen and Zhang). Main Security Issues This section outlines some security issues regarding cloud computing infrastructure. These main security and privacy issues are outlined below: Governance In cloud computing infrastructure the governance refers to the authority and lapse over operational procedures, guidelines and principles intended for building the application, accomplishment, design, checking and investigation of the services hereby installed in cloud computing environment. In this scenario some security concerns can emerge in the way of effective management and supervision of overall services of the business. Here conflict between business and cloud service suppliers can cause of serious security problems (Jansen and Grance) and (Brodkin). Compliance Cloud computing infrastructure involves compliance with a recognized standard, requirement, rule or regulation. In this scenario, a broad variety of security and privacy laws and regulations are proficiently applied in different countries at the state level, nationwide and at domestic grounds. In such situations formulating conformity or compliance is an extremely complex matter for cloud computing infrastructure. Consequently, these issues can definitely lead to complications regarding the establishment and fulfillment of standards at business level. In this scenario, non effective compliance factors lead to extensive problems (Jansen and Grance) and (Brodkin). Trust In cloud computing environment, a business involves a lot of confidential processes of the business in addition to its operational security, thus in performing such activities, demands an extraordinary degree of confidence on the cloud services supplier. Moreover, in case of less effective trust management on the cloud services suppliers we can face a lot of problems regarding business data safety and management (Jansen and Grance) and (Brodkin). User Access In cloud computing environment secret business data is distributed externally. In this scenario, this process brings with it an intrinsic intensity of danger, for the reason that subcontracted business management services avoid the reasonable, substantial and personnel restrains. Moreover, at this level various user access based issues emerge, since business data resides outside the business (at 3rd party) so any person with some privileges can access it. In this way we can face various user access related issues (Jansen and Grance) and (Brodkin). Data Location In cloud computing infrastructure application at the business, we almost certainly would not be acquainted with specifically where our business information is placed and stored. Actually, we might not still be familiar with the reality that in which state it will be stored. Moreover, at such level main concerns and issues regarding illegal access to the business data and information in addition to processes management emerge extensively (Jansen and Grance) and (Brodkin). Data Segregation Business information in the cloud computing based arrangement is normally stored in a shared structure beside information and data from other business and market competitors. In this scenario, encryption could be an efficient however not an ultimate solution at all. Moreover, at this stage we can face the danger that a number of market competitors could have illegally access to the business data and information and consequently can cause huge damage to our business infrastructure (Jansen and Grance) and (Brodkin). Recovery In case we face a disaster and we even do not know where our data is located and if that data can possibly be taken back. Thus, to deal with this issue each cloud service supplier should offer us assurance however in case of any big natural disaster we cannot depend upon the cloud service suppliers and in case of their failure to get back the data the working of our business can definitely collapse (Jansen and Grance) and (Brodkin). Investigative Support In cloud computing infrastructure it is not possible to avail some investigating services and support for the ideal assessment and investigation of wrong or prohibited action. In addition, the cloud computing based services are particularly hard to examine, for the reason that classification and data along with business information for numerous clients can be placed together and can also be dispersed all-through ever-altering group of terminals and data centers. Therefore it is a huge risk factor for business and customer areas (Jansen and Grance) and (Brodkin). Long-term Viability In fact, a cloud computing services provider will never be obtained, ruined and taken over by large size corporations. In this scenario, we have to make sure that business operational data will be obtainable yet besides such an incident takes place. On the other hand, in case we acquire the cloud computing services from our business competitor will affect our business information security (Jansen and Grance) and (Brodkin). Hypervisor Complexity In traditional computing the security of a computer system relies on the quality of the fundamental software kernel that manages and handles the detention and implementation processes. On the other hand, in scenario of cloud computing such controlling mechanism is not available to the business arrangement that could successfully handle and manage the business areas. Thus this factor may cause some vital security and privacy issue (Jansen and Grance) and (Brodkin). Availability In cloud computing services, availability is the biggest factor of concern for a business. In scenario of cloud computing availability means the degree to which a corporation’s complete collection of computational resources is offered and they are utilized properly. Additionally, the availability could be affected forever or momentarily. In such situations we can face some internal or external security attacks. These concerns can cause huge damage to stability of the business (Jansen and Grance) and (Brodkin). Denial of Service In huge business setting especially in a web based arrangement the denial of service attack engages flooding the destination system with fake resources in addition to data requests to stop it from replying to valid requests in an appropriate way. In case of cloud computing services we can face challenges from such kind of attacks those may cause extensive business problems and concerns for the enhanced business and operations management (Jansen and Grance) and (Brodkin). Conclusion Cloud Computing is the technology of future for the small to large scale business frameworks. This technology has promised to offer more enhanced business services as well as facilities at lowest cost. On the other hand, this technology also involves some extensive business security and privacy related issues. This paper has presented a detailed overview of some fundamental security and privacy issues in cloud computing platforms. works cited Binning, David. Top five cloud computing security issues. 24 April 2009. 21 March 2011 . Brodkin, Jon. Gartner: Seven cloud-computing security risks. 02 July 2008. 24 March 2011 . Hanna, Steve. A Security Analysis of Cloud Computing. 09 December 2009. 22 March 2011 . IBM. IBM Point of View: Security and Cloud Computing. White Paper. New York: IBM Corporation, 2009. Jansen, Wayne and Timothy Grance. Guidelines on Security and Privacy in Public Cloud Computing. January 2011. 23 March 2011 . Marston, Sean, et al. "Cloud computing - The business perspective ." Decision Support Systems, Volume 51 Issue 1 (2011): 176-189. Shen, Zhidong and Qiang Tong. "The security of cloud computing system enabled by trusted computing technology." 2nd International Conference on Signal Processing Systems (ICSPS). Dalian: IEEE, 2010. 2-11. Sumter, La'Quata. "Cloud computing: security risk." ACM SE '10 Proceedings of the 48th Annual Southeast Regional Conference. ACM New York, USA, 2010. 112. Teixeira, Claudio, et al. "User Provided Cloud Computing ." CCGRID '10: Proceedings of the 2010 10th IEEE/ACM International Conference on Cluster, Cloud and Grid Computing . IEEE Computer Society Washington, DC, USA, 2010. 727-732. Trusted Computing Group. Cloud Computing and Security –A Natural Match. April 2010. 22 March 2011 . Zhang, Shuai, et al. "The comparison between cloud computing and grid computing." International Conference on Computer Application and System Modeling (ICCASM). Taiyuan: IEEE, 2010. 11-72. Zhang, Shufen, et al. "Analysis and Research of Cloud Computing System Instance." Second International Conference on Future Networks, 2010. ICFN '10. Sanya, Hainan : IEEE, 2010. 88. Read More