StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Cloud Computing Storage Issues - Literature review Example

Cite this document
Summary
This paper 'Cloud Computing Storage Issues' discusses that the storage of cloud computing requires a lot of space, in fact humongous data centers where data is collected and managed. These data centers pose several threats and security risk that may impact these data storage machines. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER91.9% of users find it useful
Cloud Computing Storage Issues
Read Text Preview

Extract of sample "Cloud Computing Storage Issues"

? Full Paper Contents Is Cloud Vulnerable? 3 2 Cloud Computing Storage Issues 4 3 Network Security Policy 5 4 Policies Applicable on Cloud Computing 6 5 Estimated Level of Risk 7 6 Information Security Framework 8 1 Is Cloud Vulnerable? Cloud computing delivers numerous benefits along with many security vulnerabilities that are classified as: Customary Security Availability Third Party Security Virtual Machine Issues This type of security is associated with the threats applicable on connecting the workstations to the cloud. SQL injection or cross site scripting vulnerabilities have a high probability, as Google docs are one of the victims of them (Singh & Sharma, 2011). Moreover, threat of phishing is also always available, as automated emails and messages on cloud based applications can steal passwords, personal credentials and other personal information. Organization’s authentication and authorization policy do not addresses cloud security issues. In spite of having several security controls integrated within the cloud based applications, only a password is required to breach into the cloud based application. One of the recent security breaches of exploiting secure passwords that is called as Twitter gate (Singh & Sharma, 2011). Moreover, virtual machines on a single physical machine are shared with multiple instances. Every instance is connected to the Internet or virtual tunnels. This concludes, if a single machine is compromised, all the instances available in that machine are also compromised. In addition, risk of data corruption or storage that may not limited to memory storage, random access memory storage is also in the scope of cloud computing vulnerabilities (Singh & Sharma, 2011). 2 Cloud Computing Storage Issues The storage of cloud computing requires a lot of space, in fact humongous data centers where data is collected and managed. These data centers pose several threats and security risk that may impact these data storage machines. The threat may be from a professional hacker and also in the form of the cloud provider itself, if data is not adequately dealt with. A minor security incident or misconfiguration can lead to a system failure or unavailability. (OGIGAU-NEAMTIU, 2012) Moreover, another security breach occurred in 2009, password of an employee working on Twitter was hacked that resulted in breaching the email security questions page that was located in the Google apps account (Talbot 2010). In relation to that, one more incident occurred when data was erased from one million T-mobile smart phones due to a server failure that was managing the data of these smart phones (Talbot 2010).As Peter Mell, who is a team lead of cloud security team at the National Institute of Standards and Technology (NIST) says, public cloud computing models are more vulnerable to threats, as every customer has access to a broad range of services and levels. Therefore, if any one of the services is breached, they gain access to all the data. As cloud-computing usage is increasing with its connection to the public through an Internet, new opportunities also originate for hackers, cyber terrorists, viruses and worms. These threats will increase and focus on cloud computing enables services and applications for stealing classified data, denial of service attacks on data centers etc. ‘Google apps’ is the major player in the market for providing ‘SaaS’, it was attacked and hacked. The report from cyber forensics indicated that the attacks were originated from China (Bisong & Rahman, 2011). The security and privacy in cloud computing are associated with data storage and data protection. Moreover, monitoring the utilization of resources available on the cloud by the service providers is also included. In order to secure the data in the cloud, it can be stored internally in the organization’s premises. (Talbot, 2012) Moreover, the Sarbanes-Oxley Act (SOX) in the US and Data Protection directives along with the EU are only two compliances from many other compliance concerns related to data and application of cloud computing. Moreover, the EU has backed up with a legislative data protection for the entire member across the globe. However, the US data protection differs from the EU, as it varies in each state. Moreover, the service provides incorporates the highest level of security in the clouds of their inbound technical intelligence, but these measures is affected due to government regulations country by country. For instance, if a cloud computing service providers is located within a country, the service provider is bound to slipshod provisions on privacy that may lead the involvement of the government enforcement agencies to peek in the hosted data of a particular organization. 3 Network Security Policy The network traffic between different departments and the other networks for instance, organization’s network traffic, will be transmitted via a firewall monitored and maintained by the support staff. However, in case of a wireless network transmission, connection to other networks of the organization will be prohibited (Kalyvas, Overly, & Karlyn, 2013). In order to configure or modify any configuration settings on the firewall, it must be reviewed and approved by the information security personnel. Tools associated with port scanning, network sniffing, auto discovery of registered / unregistered ports and other scanning tools must be prohibited within the premises of an organization, as they can trigger information security risks and disrupt the organization’s network operations, or any other network that may be operational. Right to audit for all inbound and outbound activities of any department of organization is applicable to the information security personnel anytime. For ensuring physical access, every employee must identify themselves via physical security controls before entering in the premises of organization. Accessing mobile phones, PDA’s, smart phones, laptops and any other communication device in the parameter of an organization, must be according to the open area security policy. Encryption must be applicable to stored password files, VPN connections and connections to the third party service providers where applicable. 4 Policies Applicable on Cloud Computing 4.1 Passwords policy Password policy defines the complexity level and password length that must be standardized in all modules of applications. The policy also defines ‘Do’s’ and ‘Don’ts’ for setting the password. 4.2 Privileges policy This policy illustrates mandatory and discretionary levels of access on applications, networks and databases. 4.3 Email Use Policy This policy defines the attachment requirements of emails, communication via email to third parties or individuals publicly available. No company information will be shared publicly by using company email address. Moreover, users may not spread non ethical information, religious information via email within the company. 5 Estimated Level of Risk Cloud computing policies and procedures can administratively control the identified risks my mitigating them via technical, physical and environmental controls. Moreover, identified cloud computing risks can also be transferred, for instance insuring critical assets. Furthermore, risk avoidance can also be applicable. For instance, cloud computing data center located in a region where law and order situation is not good. One of the decisions will be to close the data center or move it to another region. Customer satisfaction is achieved by signing a non-disclosure agreement and service level agreements for delivering service whenever required. However, risks having high probability of occurrence are based on quantitative and qualitative risk management. For instance, a cloud based application that can be accessible on the Internet has high probability of phishing, SQL injection and cross site scripting. In addition, applying controls, such as a thoroughly written security policies and privacy policy facilitates customer satisfaction. Policy Control against Vulnerabilities A table below shows a policy control for vulnerabilities defined below: Vulnerability Policy Control Phishing Awareness emails, quizzes, one to one sessions Viruses Security Policy Spyware, Adware Acceptable Use Policy 5.1 Network Use Policy This policy restricts and allows the user to access data, network services and applications available on the network. Users may not be able to access shared files pertaining to other departments. Likewise, if any confidential data is shared, it must not be accessible to other department employees. 5.2 Internet Use policy This policy defines the permitted and restricted information requested via Internet connection. However, certain department may have access to certain websites that may facilitate them, such as marketing department requires research. 5.3 Backup Backup of data and applications is maintained by the network administration staff. 6 Information Security Framework The information Security Framework is the believed as the most inclusive framework model that ensures a variety of security solutions regarding information on the cloud. This can be accomplished by lowering business risks. Moreover, information security figures out other major elements in any business organization and also focus on the technological aspects of cloud computing. For example, process, business technologies etc. these procedures are considered as the core methodologies in the field of Information Security. The Information Security framework determines the policies and applications in an organization’s cloud. In order to access the organization’s recent information security framework, the framework is used that allows a pattern for delivering, evaluating and improving information security polices and applications. Furthermore, other research papers are also included for several information securities framework. In this paper, a selected Information Security framework is mentioned. In providing Information Security services, it is an alarming situation for management to deal with new challenges of cloud computing. Moreover, information system assets are equally significant for small organizations as well that contains data bases 5 and recruiter files, company operations, financial materials etc. The chosen framework maps effortlessly along with the organization’s Information Security policies linked with cloud computing. This can be measured by mapping information security framework. The only difference in the two frameworks is the roles and responsibilities of the drivers that are different from each other. Although, the company has an appropriate information security framework but following suggestions must be reviewed: 6.1 Training The significant information security measures must be provided to establish an invasive security surrounding. A number of measured are taken in order to support the behavioral changes in any organization. Training sessions must be provided to the staff members regarding the information security awareness and security polices practices. Moreover, these procedures and policies must undergo a reactive environment (Sipior & Ward, 2008). 6.2 Password Policy In any organization, the password policy must be cross checked. This policy is considered as the most important security criteria in any organization. Confidentiality agreement: In several cases, personal and confidential agreements among third parties are not intact. Such as, in some organizations, if a consultant joins the client’s location he has to sign the agreement. 6.3 Physical Security For the workstations, physical security is not present in any organization. Therefore, in order to control the stealing of PC and hardware, some type of locking system must be provided. For any organization, information security is considered as the major element or asset. In order to protect the data, a well-established security framework implementation is required. In fact, information security framework is an ongoing procedure. To ensure sufficient protection regarding information resources, a number of improvements in the field of environmental incidences are needed (Ezingeard & Bowen-Schrire, 2007). In order to evaluate capabilities of recent policies, measuring and reporting of risks, control issues and weakness are obligatory (Purtell, 2007). However, in recent times, information security breaches and cyber-crimes are increasing gradually. Thus it is significant for all the companies to focus on information security. This will ensure information security within the organization. Moreover, non-technical issues regarding information security must also be considered. This helps to develop the better information security framework in any organization. Conclusion Cloud computing is the best cost saving option, as there is no need to manage Information Technology infrastructure along with total cost of ownership. In case of personal or confidential data, one cannot manage or mitigate the risk of getting hijacked, as there is no guarantee that the cloud computing providers are applying adequate level of protection to the confidential data. The risk is very high, as the confidential information can be leaked by a security breach. However, strict controls or ISO 27001 certification must be achieved for ensuring compliance with the required policies and procedures of the standard. References Bisong, A., & Rahman, S. M. (2011). An overview of the security concerns in enterprise cloud computing. International Journal of Network Security & its Applications, 3(1), 30-45. doi: 10.5121/ijnsa.2011.3103 Ezingeard, J., & Bowen-Schrire, M. (2007). Triggers of change in information security management practices. Journal of General Management, 32(4), 53-72. Kalyvas, J. R., Overly, M. R., & Karlyn, M. A. (2013). Cloud computing: A practical framework for managing cloud computing risk--part I. Intellectual Property & Technology Law Journal, 25(3), 7-18. OGIGAU-NEAMTIU, F. (2012). Cloud computing security issues. Journal of Defense Resources Management, 3(2), 141-148. Purtell, T. (2007). A new view on it risk. Risk Management (00355593), 54(10), 28-33. Singh, T., & Sharma, K. (2011). A survey of security issues in cloud computing. International Transactions in Mathematical Sciences & Computer, 4(2), 411-424. Sipior, J. C., & Ward, B. T. (2008). A framework for information security management based on guiding standards: A united states perspective. Issues in Informing Science & Information Technology, 5, 51-60. Talbot, C. (2012). The state of cloud computing: Getting real in 2012. Channel Insider, , 1-4. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“CLOUD COMPUTING Research Paper Example | Topics and Well Written Essays - 2000 words”, n.d.)
CLOUD COMPUTING Research Paper Example | Topics and Well Written Essays - 2000 words. Retrieved from https://studentshare.org/information-technology/1470036-cloud-computing
(CLOUD COMPUTING Research Paper Example | Topics and Well Written Essays - 2000 Words)
CLOUD COMPUTING Research Paper Example | Topics and Well Written Essays - 2000 Words. https://studentshare.org/information-technology/1470036-cloud-computing.
“CLOUD COMPUTING Research Paper Example | Topics and Well Written Essays - 2000 Words”, n.d. https://studentshare.org/information-technology/1470036-cloud-computing.
  • Cited: 0 times

CHECK THESE SAMPLES OF Cloud Computing Storage Issues

Key Concepts of Cloud Computing

cloud computing Introduction cloud computing refers to computing resources that are highly scalable, offered as external services through the internet on pay-as-you-go basis.... hellip; The cloud computing boom over the recent years has led to many new technologies and innovations.... However, it is very important for any organization to fully understand what, how, why, and from whom ideas, before jumping into cloud computing....
9 Pages (2250 words) Literature review

Emergent Ethical, Legal, and Professional Issues in Cloud Computing

This paper ''Emergent Ethical, Legal, and Professional Issues in cloud computing'' tells that computing has been transformed into a model comprising of services that have been commoditized and delivered in way that is similar to traditional utilities like water, gas, and electricity.... nbsp;… cloud computing offers new way of storing, indexing, and the sharing of information.... (2011:13) say that “cloud computing should be distributed and interactively accessible as it provides interoperability between the new and legacy technologies” cloud computing is technollogy that utilizes the central remote servers and the internet to mantain applications and data....
9 Pages (2250 words) Literature review

Historical Development of Cloud Computing

This essay "cloud computing" aims to discuss the main characteristics of cloud computing as a recent phenomenon, trace its historical development, analyze its effectiveness, advantages and concerns.... nbsp;   … cloud computing has been recognized as one of the most progressive and intriguing phenomena in the Information Technology industry.... cloud computing has a number of distinguishing characteristics....
7 Pages (1750 words) Essay

Cloud Computing Models

The study "cloud computing Models" recommends that the cloud provider and the vendor reach a common ground with respect to control of the physical location with which cloud services are to be offered.... As such, my analysis will be based on reading Addressing Export Control in the Age of cloud computing and recommending the best path for the company to take.... cloud computing is a new and emerging concept.... One of the most fascinating aspects of cloud computing is the autonomy it offers....
7 Pages (1750 words) Case Study

The Future of Cloud Computing

This coursework "The Future of cloud computing" describes key aspects and future aspects of cloud computing.... In this context, the author pointed out that cloud computing will become more dominant than the desktop in the near future.... In the author's view, cloud computing is used synonymously and inaccurately using terms as utility computing as a service of software and grid computing.... nbsp; Underlying techniques for implementing cloud computing is grid computing....
6 Pages (1500 words) Coursework

Pros and Cons of Cloud Computing

iscuss the following issues within an organisation in relation to cloud computing:11Conclusion13Recommendations14Reference14IntroductionCompanies globally are increasingly looking at implementing innovative services to reduce costs, optimally use the available resources and add to their bottomline without much investment.... The implementation of cloud computing has helped many companies to achieve these targets by providing innovative and flexible technique to test, develop and create various products and utilize services without the requirement of a full-fledged infrastructural set-up....
15 Pages (3750 words) Assignment

Cloud Computing and Virtualization

The author of the paper "cloud computing and Virtualization" states that in general terms cloud computing is the use of a single software application that allows users to log into a Web-based service that hosts all programs that are needed by a given company or organization (Erl et al.... Therefore, the results of both methods are the same such that if one has an online connection cloud computing can be done anytime and anywhere.... Therefore, everything that one needs would be physically close meaning that accessing one's data is easy and fast through that one computer or others within the local network, which makes others believe that this process is superior compared to cloud computing....
7 Pages (1750 words) Term Paper

Analysis of Cloud Computing and Virtualisation

… The paper "Analysis of cloud computing and Virtualisation" is a perfect example of an assignment on information technology.... New technologies have enabled enhanced applications such as cloud computing to develop.... The paper "Analysis of cloud computing and Virtualisation" is a perfect example of an assignment on information technology.... New technologies have enabled enhanced applications such as cloud computing to develop....
6 Pages (1500 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us