Public Cloud a Source of Danger to Businesses - Literature review Example

?PUBLIC CLOUD A SOURCE OF DANGER TO BUSINESSES The developments in the area of information technology have offered wonderful opportunities to the business organizations. The up to date tools and technologies provided by the information technology helped businesses to computerize and organize their business operations and consequently improve their business performance. Despite the fact that, the ideas of remote working, storage, processing and communication are not new, because in every decade we have seen a lot of developments and efforts carried out in these areas. However, at the moment we in reality see these ideas as a genuine implementation, in the form of cloud computing. Actually, the cloud services are offered by a third party. So the secret data and information of an organization are stored on the servers of that third party. In this scenario, organizations believe that the public cloud is a source of danger to businesses. This paper discusses the arguments of other researchers to prove this claim. Introduction Cloud computing is a most modern information technology trend that a lot of business organizations are adopting due to its environmental aspects, money savings, mobility, scalability and energy effectiveness. Basically, the cloud computing allows organizations or individuals to access all their tools, applications and files from anyplace on the earth, as a result releasing them from the limitations of the desktop and allowing widespread group partnership (Modavi, 2010; Miller, 2009). It is now very common to use the public cloud for carrying out business tasks. A public cloud is basically a cloud computing model used by the service providers to offer their resources, similar to storage and applications to the wide-ranging public over the internet. The majority of public cloud services are free of charge or presented on a pay per usage based model. In this scenario, the fundamental advantages of making use of a public cloud service are simple and low-cost set-up for the reason that application, hardware and bandwidth costs are covered by the service provider. In addition, the public cloud offers the scalability to meet users’ requirements. In fact, public cloud does not waste resources because we pay for what we use. Moreover, the idea of public cloud appeared to make a distinction between the standard model and private cloud that is a proprietary communication data center or network that makes use of cloud computing systems, like that Virtualization. In this scenario, a private cloud is managed and organized by the business it serves. On the other hand, a 3rd model known as the hybrid cloud, is managed by both internal and external providers (TechTarget, 2009; Tchifilionova, 2011; Rittinghouse & Ransome, 2009). This paper discusses the possible impacts of the public cloud on the businesses and how a public cloud can be a source of danger to businesses. This paper will discuss different aspects of the public cloud and possible security issues associated with public cloud. Public Cloud: An Overview Public clouds are managed and controlled by a 3rd party organization, as well as the implementations from different clients are possibly combined together with the cloud servers, storage devices and networks. In view of the fact that the public clouds are not managed and controlled by a host organization itself thus they could be wonderful technique to decrease client risks, burden, responsibilities and cost by means of an efficient however conditional development of business structure. On the other hand, if a cloud service provider manages a cloud keeping security, performance and data storage locations in mind, the maintenance of additional applications executing in the cloud can be easy to follow for both cloud architects and cloud users. Undoubtedly, public cloud services present a potential to upgrade and move down according to certain conditions, and transfer varying infrastructure risks and dangers from the corporate to the cloud source, if even just temporarily (Sun Microsystems, Inc., 2009; Rittinghouse & Ransome, 2009). Figure1 gives a demonstration of public cloud infrastructure: Figure 1A Graphical Representation of Public Cloud, Image Source: http://definethecloud.files.wordpress.com/2010/04/image.png Public Cloud Security Overview Basically the use of public cloud is not too dangerous; however in view of the fact that they are based on a unique IT architecture that has to be kept in mind while developing security framework. In addition, there could be several issues and attacks all through the virtual, physical and cloud arrangements such as stealing data, web threats, malware, phishing, spam, bots, and so on. Hence, the majority of businesses are attracted towards systematizing and managing their security for dedicated physical servers and network endpoints on their virtual systems in their data-centers and in the online communication cloud. In addition, traditional physical security will not offer an adequate security for this modern technology based environment. According to a research report of Trend Micro, it is observed that the security threats to Virtualization and cloud computing are rising at a very high rate and these dangers are the main reason for the ineffective application and implementation of cloud computing infrastructure. This report also outlines the kinds of issues and attacks in virtual infrastructure which include inter-VM attacks, blind spots, hypervisor compromises, etc (Drake, 2011; Negris, 2010). Danger to Businesses Despite a lot of advantages of the cloud computing, there are certain drawbacks also associated with this technology, which make it a source of danger to businesses. This section discusses some of the important aspects which discourage the use of public cloud and successful application for businesses and make the public cloud as a source of danger to businesses. The basic aim of this section is to present some of the main security and privacy related issues that can hinder the successful implementation of public cloud computing infrastructure. There are numerous threats in case of public cloud computing which make the deployment and establishment of the clouds very difficult for the organizations. However, the nature and impacts of these threats can vary depending on the situation. I have outlined below some of the critical security problems and technological issues: The Use of Insecure APIs and Interfaces in Public Clouds Public cloud services providers make use of a wide variety of software interfaces (normally known as application programming interface or API) that need to be used by the users in order to access desired services or manage cloud services or operations. In fact, all the important tasks such as administration, organization, analysis and communications are carried out using these APIs. Thus, the security of these APIs or interfaces is essential in order to ensure ease of use and protection of a wide variety of cloud services. In addition, from authentication and access control mechanisms to encryption and action monitoring, these APIs should be planned and implemented to protect alongside both accidental and intentional malicious attempts to get around the policy. On the other hand, these interfaces are not managed and controlled by the client organization as a result client firm loses the control over their business operations (including data and information). In fact, these interfaces are under the full influence of the 3rd party cloud supplier that can cause serious damage and security issues for the businesses (Cloud Security Alliance, 2010; Rittinghouse & Ransome, 2009). . Malicious Insiders Threats At the present, the majority of business organizations deal with malicious insider threats while operating in a physical environment. On the other hand, there are more chances of this threat in case of public cloud services. In case of public cloud arrangement this danger becomes more and more visible and creates a lot of security concerns and issues for the business and corporate areas. The overall security arrangement at the supplier end can fail if a person (normally insider or working for the same organization) launches a malicious attack to the business. Thus, it can damage the overall corporate and business data stored on the third party networks (Cloud Security Alliance, 2010; Rittinghouse & Ransome, 2009). Shared Technology Issues Public cloud is based on an infrastructure as a service (IaaS) model in which service providers offer their services using a scalable method. Basically, the fundamental mechanisms on which this arrangement is based (for instance GPUs, CPU caches etc.) were not designed to present well-built separation qualities of a multi-tenant structural design. Thus, in public cloud shared arrangement a number of issues like that security breaches can happen or a hacker can steal business data. In case of a public cloud arrangement the shared resources are always under the constant danger of being illegally accessed and damaged. Thus, in this scenario a public cloud becomes a source of danger to businesses (Cloud Security Alliance, 2010; Rittinghouse & Ransome, 2009). Chances of Data Loss or Leakage There are many ways a business organization can lose control over their data or their data can be compromised. Alteration or deletion of business records with no backup of the real contents is an appropriate example of this scenario. Removing the records or minimizing the amount of data can make it unrecoverable, because data is stored on untrustworthy media (outside the host firm). In addition, failing to implement a security measure can result in data loss or leakage. Moreover, unauthorized people should not be allowed to have access to sensitive data and information. On the other hand, at the present we can see a number of cases of data loss and leakage. Despite the fact that public cloud is a shared and distributed technology based arrangement that involves a wide variety of technologies and services. At any end of such distributed technology based arrangement a security breach can take place. Thus, the use of public cloud can create a lot of security challenges for the organizations (Cloud Security Alliance, 2010; Rittinghouse & Ransome, 2009). So the businesses will avoid using the public cloud. Public Cloud Account or Service Hijacking Service or account hijacking is not a fresh idea. Various security attacks like that fraud, phishing and illegal use of software, and a lot of other tricks and vulnerabilities are still very useful for the criminals. In public cloud, business organizations frequently reuse passwords and credentials that increase the chance of such attacks. In addition, there is a greater chance of these attacks in public cloud environment. In case of such issues the entire corporate working and operational infrastructure can be affected. As a result, an organization can a lot of security and privacy issues (Cloud Security Alliance, 2010; Rittinghouse & Ransome, 2009). In light of the above discussed issues, a business would definitely avoid using public cloud. Data segregation In case of public cloud computing arrangement, business information and data is stored in a shared atmosphere beside information and data from other business and market competitors. Though, for this purpose cloud service providers use certain encryption techniques however it is not an effective solution. Thus, an organization feels that some market competitor can illegally access its data and information which can damage the business (Bisong & Rahman, 2011; Binning, 2009; Hamlen et al., 2010). Recovery In case of public cloud, organizations do not know where actually their data is stored. In case of a disaster how they can retrieve their data back. Though, every public cloud service provider ensures us of security but in case of any disaster we are relying at the cloud service providers and in case of their failure to retrieve back the data, our business can fail (Bisong & Rahman, 2011; Binning, 2009; Hamlen et al., 2010). Denial of Service At the present, online businesses have a challenge to deal with denial of service attack which engages flooding the target with bogus resources and data requests to stop it from replying to valid requests in a timely way. In the same way, in public cloud computing an organization can have a danger of such kind of attack which will ultimately lead the business towards failure (Bisong & Rahman, 2011; Binning, 2009; Hamlen et al., 2010). Network Attacks In public cloud computing environment, users need to take some measures in order to protect themselves from possible attacks. It is a complex job as cloud being outside the firewall in many cases. In such conditions overall network can be under attack (Bisong & Rahman, 2011; Binning, 2009; Hamlen et al., 2010). Conclusion Cloud computing is a most modern information technology trend that a lot of business organizations are adopting due to its environmental aspects, money savings, mobility, scalability and energy effectiveness. Basically, the cloud computing allows organizations or individuals to access all their tools, applications and files from anyplace in the earth, as a result releasing them from the limitations of the desktop and allowing widespread group partnership. It is now very common to use the public cloud for carrying out business tasks. A public cloud is basically a cloud computing model used by the service providers to offer their resources, similar to storage and applications to the wide-ranging public over the internet. Public clouds are managed and controlled by 3rd party organization, as well as the implementations from different clients are possible combined together on the cloud’s storage systems, servers and networks. Despite a lot of advantages of the cloud computing, there are certain drawbacks also associated with this technology, which make it a source of danger to businesses. This paper has discussed a lot of concerns associated with public cloud. This paper has shown how the use of public cloud can create serious problems for the businesses. This paper has discussed a lot of aspects to prove the claim. Read More