Cloud Security and Privacy Issues - Research Paper Example

Cloud Security and Privacy Issues Cloud computing is basically a computer science term that implies using the internet and servers in order to maintain and secure data and its applications. The technology of cloud computing allows consumers and business owners admission to all types of applications and their personal documents over the internet. This occurs without them installing any files at a computer with internet access. As a result of this technology, computing efficiency has been increased by offering centralized storage of data. On the whole, cloud computing security is thus the application of all the sets of policies and controls in order to protect data and this should not be confused with the available security software’s that are cloud based. Without cloud computing the web server will run as a single computer or a group of owned computers hence they will be powerful enough to serve a given amount of request per minute and with a certain amount of latency per request. This paper critically presents an elaborate discussion on cloud security and privacy issues from a wide perspective. Security and Privacy With the intention to make sure that data is secure and that its privacy is well maintained, cloud providers focus on the following areas. The first area is data protection. In order to be considered protected, data from one client are correctly separated from that of the other (Brandau & Tempest, 189). In that sense; data must be securely stored, and must be capable to move steadily from one point to the other. Identity management is the other area of consideration. Every business is entitled to a private system of identity management in order to manage access to computing resources and information. Companies like Google, Amazon, and Microsoft are the pioneer in using cloud computing technology. Just like any form of technology, cloud security contains reasonable share of confronts ranging from government intervention in foreign countries and attacks from hackers and they have been able to rise up from these challenges by securing and encrypting their servers through the SLL technologies and upgrading of their firewalls. With the support of stable operating systems like UNIX Google has been able to secure its E-mail system. With the flexibility and fixing of the security loopholes, cloud computing technology has proven to be a great success. Discussion: Cloud Security and Privacy Issues In the event when an organization adapts to cloud computing technology, it implies that the organization users will be using one server power. In one way or the other, this greatly helps in conserving the computer power and diverse applications can be offered for the users and managed under the cloud server (Chakraborty, Remireddy, Raghu & Rao, 10). This is a clear implication that the client does not require going to the extent of downloading and installing the application on the computer system, but all the procedures will be stored and managed under the cloud server. With reference to different statistics, cloud computing model guarantees ease and on require network entree to a distributed pool of resources that are configurable (Brandau & Tempest, 184). For example; servers, networks, storage device application, and service can swiftly process with negligible management effort. By means of cloud computing, all this work is accomplished without the awareness of the end user on the physical location of the system that is delivering him with the service (John & Grier, 2). For this reason the phrase cloud computing is related with processing work from an identified static place. The Cloud Computing Architecture A more detailed module of the computing architecture is known as the back end and the front end. While the front end is the section that the customers or computer users can observe and it comprises the nodes and applications on the system. These are the elements which allow the user to achieve access to the internet through the end user interface from his personal system. On the contrary, the back end comprises of diverse “servers, data storage devices and the computers (Chakraborty, Remireddy, Raghu & Rao, 8).” Big Companies similar to Microsoft, Yahoo, and Google have apprehended the importance of this technology and proven that the technology is safe but with it risks. Evidently through research, cloud computing technology has played a great deal in the lessening of cost for both the website owners and the system users. That is been the case, it essentially becoming promising for users to access cloud security from any point and still acquire the data they require as the site owner only requires to buy space in the server (Brandau & Tempest, 190). Cloud computing permits automatic updates; the server obtains the updates and applies it to anybody using the service. This means that any given user does not require going through troubles of updating. Cloud security has proven to be flexible and movable. That is been the case, the user can work from anywhere in the globe, since the only thing required is a computer access and internet link. Cloud security eliminates the problems of nonstop downloading, and so saving time and the hard drive space given that all users require logging in a network. Organizations using this technology find it easy sharing resources, therefore saving business money and time. This is attained by them placing their resources on a one network location that is easy for the workers to access. Some of the gains accomplished revolve around securing data and minimizing loss of business files. With all this advantages been mentioned, their security fear and privacy issue require to be addressed as relocating to cloud computing. Such concerns fall under the cloud computing providers and the customers of cloud computing. Providers of cloud computing have to make sure that the communications in use for the provision of cloud computing to the user and their data is safe and well protected. Consequently, it is the obligation of the user to guarantee that earlier than transmitting receptive and private information over the network; the provider has taken each and every security gauge to assure the safety of their information (Brandau & Tempest, 182). Users are reminded to keep up with this responsibility in order to ensure their safety in the long run. This is one measure being used widely, and in that way ensuring effective security. There are a variety of principles of security that cloud security requires to guarantee to its users. Such principles are: availability, integrity, and confidentiality, authenticity, and information security and users privacy (Chakraborty, Remireddy, Raghu & Rao, 2). Users of cloud computing technology need to be assured of confidentiality in the event when using the system. Confidentiality revolves around promising the client that there stored information will not be revealed with or without their right. In one way or the other, this is significant even to the organizations that use cloud security and transact their commerce online, and it could engage the use of credit cards. This security measure needs to be considered given that organizations and businesses will lose their clients if not guaranteed of the security of their private information (Brandau & Tempest, 181). Data integrity is another measure which cloud security technology has realized. Online organizations such as Google and Amazon who use this type of technology have managed to endure internet attacks from hackers who attempt to acquire access to information been broadcasted over the network. Availability with reference to computer science and technology is a procedure of making sure that information is voluntarily available to the end users any time they need it. Towards ensuring this, cloud computing employs the use of the security controls in safeguarding data at the same time as extending the channels of communication (John & Grier, 4). Given the growth of technology, several organizations are shifting to online businesses. As a result, it is important to validate the data transactions, communications and documents moving across the networks. Particularly, this is aimed towards ensuring that they are authentic and free from malicious computer virus. To some extent, cloud security has attempted in guarantying this issue at large. The next security principle is the non repudiation. This happens when two or more parties are involved in a transaction over the internet and one party happens to claim or deny receiving the transaction. The use of digital signatures through authenticity and non repudiation can be used to challenge this form of claims. Through the use of computing services to store information, clients are usually in full coverage to potential infringement of their privacy. Through research, there have been cases where, Google and Yahoo mail customers have been exposed to such attacks and their personal privacy desecrated (Chakraborty, Remireddy, Raghu & Rao, 10). The ownership of user’s private information is only delegated to the cloud security providers. Any hacker access to this information could affect the connection between the cloud computing service providers and its customers. In scenarios concerning the use of wireless cloud computing, the use safety risk is high and noted to increase. With the revelation of personal information and of current a new security threat has been noted through international or cyber spying. One more security threat is during data relocation in the cloud service provider. This occur when the user requires switching or changing the cloud providers. Well set standard between operators does not exist and the alteration procedure is known to be difficult. Cloud security, regardless of the frequent benefits provided by cloud computing, security is a great problem concerned with cloud computing. In general, there are a variety of security issues and concerns related with cloud computing. Among such privacy issues, data loss, phishing, and data privacy are the most threatening (John & Grier, 2). There are special improvement measures that cloud experts are at present implementing in order to make sure data stored in the cloud remain protected and classified as intended. Encryption is one alleviation technique used to guarantee safety in cloud computing. According to studies, encryption engages coding of the information stored within the computing cloud, in a way that hackers cannot get right of entry to the data. Data encryption appears to be the most valuable technique of guaranteeing security in computing. Nonetheless, it is of supreme significance to note that encrypted information or data is more often than not difficult to look for or carry out diverse calculations on it. Toward ensuring information security and discretion, Google employs the use of data encryption. GovCloud is an extraordinary cloud founded by Google for keeping government associated information and data. Based on the sensitivity of the data kept in GovCloud, Google encrypts the information in a manner that it is not available to unintended users. The entire data kept in GovCoud is regularly accumulated in United States-based servers and admission to it is only through authorized users of the state (Brandau & Tempest, 189). Amazon as well makes use of the principle of information or data encryption in order to make sure that data is secure in its cloud. Vormetric Data Security is the providers of information and data security in Amazon cloud and they achieve this through data encryption (Chakraborty, Remireddy, Raghu & Rao, 7). With reference to Vormetric, users using the Amazon computing cloud are capable of controlling and protecting their confidential data all the way through encryption. Authoritative encryption and elastic key administration Vormetric provided for Amazon guarantees that both unstructured and structured data in Amazon cloud is safe and sound (John & Grier, 3). For itself, customers using Amazon cloud security can self-assuredly keep and search for databases and files in the cloud. Founding and maintaining of physical security at information storage centers is as well vital towards ensuring that data kept in the cloud is secure. Of significance is that information stored in the cloud is secure in opposition to accidental loss particularly when there is a collapse of infrastructure and facilities. Google develops security at information centers to keep away from any likely assault and access to the data. For example, information and data kept in the government cloud, GovCloud is typically kept in protected United States servers. What is more, data in Google clouds is kept in diverse data centers so as to ensure that data is at all times protected and obtainable even during events of data center breaks down. Phishing is one of the main security concerns normally affecting cloud security. In definition, phishing is the procedure whereby hacker’s access user’s account and thereby retrieve information from the account for different hateful activities (Wang, Rashid & Chuang, 4). Google has been capable to deal with the difficulty through the use of phishing detection tools. On the whole, Google has managed to perceive fake websites developed by phishes to regain user information. To some extent, this has facilitated Google to restrain and lessen the diverse malevolent activities that previously were running through Google’s exploration engine. Google sustains a blacklist of phishing URLs so as to control activities of phishing in its cloud, particularly the Firefox exploration engine. According to research, Google maintains a permanent renew of the URLs blacklist and specialists typically looks at the blacklist with the intention to maintain confidentiality and security to the Firefox clients. Back in the year 2005, Google developed an anti-phishing extension by the name Google Safe Browsing. This had been enabled to help in offering safe browsing without threats of phishing attacks. It is important that any given cloud provider sets up and maintains good threat management processes and practices. Recognition of cloud security weaknesses is significant in order for the cloud provider and the users to be aware of privacy issues and thereby take the obligatory measures (Halpert, 2011). Towards ensuring security for the users, Microsoft discovers and reports a variety of vulnerabilities to its users so that they can be aware of cyber criminals. With reference to statistics, Microsoft advocates that revelation of any possible susceptibility helps to defend the whole cloud in addition to individual applications in the computing cloud (Hui, 405). This is for the reason that when the users know of the diverse vulnerabilities in the cloud and the promising actions they can implement, they can boost the security of their data. Towards dealing with phishing assaults, it is considered imperative that users and cloud service providers become aware of deceitful e-mails on top of websites (Chakraborty, Remireddy, Raghu & Rao, 8). Microsoft has set up therapies for dealing with fake e-mails generally used for the phishing actions. Based on research, Microsoft’s mail agenda, set up in vista operating system in addition to windows 7 is outfitted with tools and files that can aid in detecting of deceptive e-mails. Likewise, the outlook of Microsoft is set with same description files comparable to those established in windows 7and vista. The presence of such set ups sieves and bars fake emails from reaching the intended users over the network. This guarantees that the fake emails do not arrive at the customers, making them fatalities of phishing. In order to guarantee incessant security in opposition to phishing operations in the cloud, Microsoft makes sure that phishing discovery tools are always updates and made available to their customers (Wang, Rashid & Chuang, 2). With reference to different articles, Microsoft makes use of its Download center website to present sustained support to its customers alongside phishing actions. Within its website, Microsoft maintains updates of the phishing recognition tools, particularly those that identify fake e-mails. This website develops a medium in which Microsoft users can have access on the updated phishing recognition tools which makes sure sustained security in opposition to phishing. The same way as Google has outfitted its web browser Firefox with detection phishing tools, Microsoft as well has prepared its internet explorer with recognition phishing tools. Looking at Apple Inc. cloud is the most safe for the reason that of its closed space and vertical nature. Apple Corporation is a vertical organization that employs the use of a closed cloud space. For itself, the cloud provider owns private cloud technology, a factor which makes its cloud safer than the other clouds (Hui, 404). Moreover, Apple proposes that its users should be relevant of appropriate measures aligned with data loss and unintentional retrieval. Studies points out that Apple verifies the diverse security issues in its cloud and after that give advice to its clients on the suitable measures to consider. These measures comprise use of very strong passwords and storage of data in various locations. Evidently through different statistics, Cloud computing, notwithstanding its great accomplishments and benefits, has been restricted by privacy concerns related with the data stored within the cloud (John & Grier, 2). It is apparent that, on condition that the information is in the cloud, it is prone to a variety of security concerns that might outcome from the client breakdown, cloud provider stoppage or from motives further than the control of both parties. When within the cloud, information hackers can acquire it with a variety of malicious intentions. Furthermore, the cloud provider can offer the data to other members such as government agencies without the approval of the client, restraining data privacy (Hui, 414). It is significant to both the cloud providers in addition to cloud clients to use the necessary steps to remain safe. Given the rising security concerns within cloud computing, the major concern is to determine if cloud providers and the users will make sure that information in the cloud is safe. As a point of conclusion, it is of great significance to make use of several mitigation measures in order to solve the multiple risks in cloud computing. This is following the fact that threats are diverse whilst hackers may use unusual tactics to acquire access to the information or data (Chakraborty, Remireddy, Raghu & Rao, 7). It is as a result vital that cloud users take precautions so that they do not misplace data to inadvertent individuals. In the event where mitigation measures are taken into consideration by both the cloud providers and the customers, cloud security will be improved and cloud computing in that sense will remain to be beneficial. Or else, cloud security will continue being a dream. Works cited Brandau, G. & Tempest, A.. Data protection in Europe- a cloud future, Journal of Direct, Data and Digital Marketing Practice, 12(3), (2010): 180-193. Chakraborty, Rajarshi., Remireddy, Srilakshmi., Raghu, T. & Rao, Raghav. The information assurance of cloud computing, Journal of Technology, 3(5), (2010): 1-10. Hui, Wand. Privacy-preserving data sharing in cloud computing. Journal of Computer science and technology, 25(3), (2010): 401-414. John, Walz. & Grier, David.. Time to push the cloud, Journal of Information Technology, 2(4), (2010): 1-4. Wang, William., Rashid, Ammar. & Chuang, Huan-Ming. Toward the trend of cloud computing, Journal of Electronic Commerce Research, 12(4), (2011): 2-6. Read More