Cloud Computing: Security Issues and Solutions - Article Example

?Cloud Computing Security Issues and Solutions s per 1st Affiliation Dept. of organization (Line of Affiliation - optional) Name of organization - acronyms acceptable (line 2) City, Country (line 3) name@xyz.com – optional (line 4) Student Name/s per 2nd Affiliation (Author) Dept. name of organization (Line 1 of Affiliation - optional) Name of organization - acronyms acceptable (line 2) City, Country (line 3) name@xyz.com – optional (line 4) Abstract- The developments in the area of information technology have offered wonderful opportunities to the business organizations. The up to date tools and technologies provided by the information technology helped businesses to computerize and organize their business operations and consequently improve their business performance. Despite the fact that, the ideas of remote working, storage, processing and communication are not new, because in every decade we have seen a lot of developments and efforts carried out in these areas. However, at the moment we in reality see these ideas as a genuine implementation, in the form of cloud computing. Actually, the cloud services are offered by a third party. So the secret data and information of an organization are stored on the servers of that third party. In this scenario, organizations believe that there emerge a number of security issues for business organizations due to cloud computing environment. This paper discusses some of the important security issues in cloud computing. Index Terms—Cloud Computing, IaaS, SaaS, Cloud I. Introduction This paper presents a detailed analysis of cloud computing related security issues. In the past few years, the cloud computing has emerged an attractive platform which provides on-demand, reliable and expandable (as these services can be reduced or expanded depending on the organization’s needs) computing power to organizations. The basic ides idea of cloud computing is to allow the companies to get charged for only the services and time they have used a particular service, which is a source of attraction for a large number of business organizations. It is an admitted fact that cloud computing has emerged as one of the most attractive and modern technologies to outsourcing data storage and processing capabilities. With the adoption of cloud computing the business organizations are able to get a large number of advantages such as utility computing, Virtualization, scalability, the ability to outsource data and processes, pay-per-use services and access to almost infinite computing resources (Aleem & Sprott, 2013; Dahbur et al., 2011; Hudic et al., 2013). In addition, this wide variety of affordable and consistent services have caught the attention of a large number of business organizations, which have decided to shift their business data, application or major operations of it into the cloud. In fact, the recent studies and researches conducted to determine the impact of cloud computing on business organizations show a beyond belief expansion; on behalf of more than 16% of the world software sales with a market of more than $46 billion. In fact, for the majority of business organizations cloud computing is believed to be an affordable, helpful and an appropriate choice for the reason that the adoption of cloud computing allows them to diminish the total expenditure of technology ownership. Without a doubt, cloud computing model provides a wide variety of tools and techniques to improve business productivity, however, there are certain security issues connected with the use of cloud computing. In order to take benefit of cloud computing a business organization must effectively deal with these issues (Aleem & Sprott, 2013; Dahbur et al., 2011; Hudic et al., 2013). II. Security Issues Cloud computing is an attractive information technology (IT) trend which ensures the implementation of the utility computing model broadly using Virtualization technologies. Keeping in mind the numerous advantages of cloud computing, an increasing number of business organizations have begun offering and making use of cloud-enabled architectures and services to support their business operations. On the other hand, the advancement of cloud computing has also created a wide variety of new challenges to existing techniques and approaches to build up and change software intensive systems (Babar & Chauhan, 2011; Meng et al., 2011). As mentioned above, cloud computing presents a large number of advantages to business organizations, at the same time as there are different security issues especially with regard to off-site storage of customer and business applications and data. As business data or applications are stored in the cloud, hence business organizations lose control over their data and applications. In fact, the use of the excellent security technology would not ensure fruitful results if a cloud service provider starts selling customer data to third parties (competitors of client organization). Although the client organization fully trusts their cloud service provider, but there is no surety that their data will be protected against a malicious internal/curious organization’s worker getting access to unencrypted customer files (Hudic et al., 2013; Kandukuri et al., 2009). Additionally, along with the likelihood that data will be misused by internal entities, in many cases there is the risk of external security attacks. In the past few years, a large number of cases of data theft have been exposed, comprising customer records, credit card numbers and other personal data, which clearly demonstrate that not even large firms are exception to security attacks. In addition, there are a large number of problems and issues that pretense critical and possible challenges for data and information security in cloud computing, comprising domain-specific restrictions, place limitations, technological or legal limitations, effectiveness of data management, various security metrics supported by cloud security providers, inappropriate implementation of sufficient security mechanisms, service-level security issues and the aggregation of data (Hudic et al., 2013; Kandukuri et al., 2009). In addition, there is another critical issue in ensuring data and applications confidentiality is how and where the data and applications are stored, which consists of the security of the operating system, data storage application, and any other software applications and tools that are being installed and run on the same system and the actual physical location where data and applications are stored. It is suggested that location where data and applications are physically stored must be effectively secured with adequately implemented security measures and normal backups in case of hardware or system crash. In this scenario, business customers are expected to be familiar with the actual mechanisms used for physical data storage and how the cloud service providers have ensured the security of data backups. Moreover, along with an insufficiently secured physical storage location or inadequate security measures, ineffective use of encryption techniques can also pretense a substantial risk to business data and application confidentiality, as can functional, validation as well as authorization failures, which can cause an illegal person removing or making changes to data, which can harshly have an effect on customers' privacy (Hudic et al., 2013; Kandukuri et al., 2009; Yang, 2012). III. Basic Security Issues There are many security and privacy related issues that organizations and users can face while using cloud computing services. In view of the fact that the cloud security related issues and threats come in different sizes and forms, hence, it is asked from specialists to analyze them on what they observe as the major danger to cloud security. The response from the specialists varies from situation to situation; however, in many cases cloud security threats can be addressed. In this scenario, one of the major security issues in the cloud computing is an application layer distributed DOS (denial of service) attack. These security attacks intimidate the extremely accessibility of cloud arrangement itself. If a cloud service is not even available, all other security actions, from protecting access to authentication, are of no use whatsoever (Burns, 2011; Bruening & Treacy, 2009; Jansen, 2011). In addition, network and technology hackers have discovered and are actively exploiting flaws existing in cloud defenses, making use of cheap, simply available tools to launch application-layer based security attacks. In this scenario, a main cause they have been successful is that corporation data center because cloud operators are not effectively equipped to defend beside them. Given below are some of the well-known security issues that can minimize the effectiveness of cloud computing (Burns, 2011; Bruening & Treacy, 2009; Jansen, 2011): Denial of Service (DoS) attacks Loss of confidential data Managing complexity and risk Downtime due to a cloud outage Employee ‘personal clouds’ Lack of visibility Changes in governance and operations security Easy access to cloud resources IV. Current Issues In Cloud Computing This section outlines some of the recent security and privacy threats in the cloud computing arrangement. These security issues are becoming more and more serious and causing serious damages to working and operational environment. A. Insecure Interfaces and APIs Cloud computing services are provided through a wide variety of user interfaces which are known as application programming interfaces (APIs). A user who wants to access and use a cloud service must interact with the cloud using an interface. Thus, the security of a cloud service heavily depends on the security of these APIs. In addition, from confirmation and access control to encryption and activity assessment, these interfaces have to be designed to protect beside together malicious and accidental attempts to avoid a policy (Cloud Security Alliance, 2010). B. Malicious Insiders The risk of malicious insiders is augmented for clients of cloud services due to union of IT services and clients under a particular management area. For instance, a service provider cannot disclose how it grants workers’ access to physical as well as virtual assets, how it checks these people, or how it examines and reports on policy fulfillment. This type of condition evidently produces an attractive chance for an opposition, series from the hobbyist hacker, to prepared crime, to business espionage, or yet nation-state support intrusion. The level of access could be beneficial to an opponent for getting access to private data or get complete control over the cloud management and services with a minimum or no risk of detection (Cloud Security Alliance, 2010). C. Data Loss or Leakage In a cloud computing environment, quality of data and information can be compromised due to a lot of reasons. In this scenario, modification or deletion of records without a backup of the real information and data can be a very good example. In the same way, loss of an encoding key can result in considerable data destruction. In addition, unauthorized people have to be prevented from getting access to sensitive data (Cloud Security Alliance, 2010). V. Security Issues Due to Cloud Service Providers A large number of researchers discuss a variety of security issues that emerged in cloud computing environment due to poor security strategies posed by the cloud service providers. In this scenario, normally it is seen that the cloud service providers divide data into different segments and store these segments of data on numerous dynamic virtual servers. Though, they apply a wide variety of encryption techniques and algorithms to secure these segments of data from unlawful access however an effective encryption technique or algorithm lots of computational resources and capabilities. In this scenario, it can create a number of problems for the customers. For instance, in some cases where customers want to have instantaneous access to their data and records, but this access is not granted or in some cases takes a lot of time because of computational processing. Additionally, the research has also shown that these lengthy cryptographic techniques and strategies adopted by the cloud service providers involve the issue of key management. This can be challenging both for the customer as well as cloud service provider. Hence, in order to increase customers’ confidence over cloud platforms it is essential for cloud service providers that they develop and implement techniques that allow their customers to get access and have control over their data competently at the same time as maintaining its privacy and quality. On the other hand, up till now there has not been developed a satisfactory technical method or algorithm that could efficiently handle the issue of data encryption and fragmentation in the cloud computing environment. However, the methods and techniques available today take into consideration the facilities and improvements for data management, transmission and movement, improving reliability, and optimizing storage at the same time as minimizing the data processing time and dividing processing resource and expenditures. In fact, these methods are not designed to particularly deal with the security issue. It is an admitted fact that with the purpose of ensuring the privacy and confidentiality of the data divided by the cloud into different segments, most up to date security mechanisms heavily depend on encryption and cryptography techniques (Yang, 2012; Roberts & Al-Hamdani, 2011). A. Losing Control over Data Without a doubt, when business data and records are saved internally using client/server computing, business organizations and employees have the full control over their hardware and software as well as other additional resources. In other words, these data and information remain inside the organization. On the other hand, when data and business records are moved to cloud environment, organizations lose control over their data and this control is shifted to the cloud service providers. In fact, the majority of business organizations do not accept this framework for this reason. In addition, this transfer of control from one entity to another also involves trust factor. In this scenario, it makes very difficult for the customers to trust the cloud service providers with private and precious data and information for instance business data such as employees’ names, home and clients’ addresses, and cell phone numbers. The research has shown that the majority of business organizations deny the acceptance of cloud computing just for this particular reason as they don’t want to lose control over their personal data and records. In other words, they do not trust in cloud service providers. In this scenario, they are not ready to move from client/server environment to the cloud computing environment. However, it can take time for the customers to get familiar with this trend (Yang, 2012; Roberts & Al-Hamdani, 2011). As discussed above, in cloud computing environment data and records are saved and in clouds. In this scenario, users loose control over their own data with the intention of managing their data, which creates a variety of security threats for customers’ data. Some of the major security issues with regards to data security can emerge in the following forms (You et al., 2012): 1. Data Breach These breaches are particularly intended to harm two security features of data: its confidentiality and integrity. In this scenario, confidentiality means that only those people will have access to the data that are authorized to get access to them. On the other hand, data integrity means ensuring that data is protected from unofficial removal, change or production. As discussed above, in cloud computing environment data and important business records are stored and management at cloud service provider’s end, so there is a greater risk of data breach. There can be a variety of sources which can cause data breach. For instance, the breach actions can originate from business workers who process the data purposely or accidentally, as well as from external malevolent hacker. Hence, cloud service providers should keep all these aspects in mind and take strict security measures with the purpose of ensuring maximum security of their customers’ data and information stored in cloud environment (You et al., 2012). 2. Data lock-in This aspect demonstrates that a user cannot move or shift their data from one cloud service provider to to another. In fact, if they do this they can lose their precious data. Hence, this is another major reason that the majority of users do not adopt cloud computing environment. In this scenario, cloud computing service providers should implement compatible and portable environment so that the movement of data from one platform to another does not affect the quality of data (You et al., 2012). 3. Data remanence Data remanence refers to the outstanding demonstration of data that have been in some way supposedly deleted or erased. In this scenario, if data is deleted or removed from any cloud computing environment can create serious challenges for the customers. Cloud service providers should keep in mind these serious security aspects in order to increase their customers’ confidence in cloud services (You et al., 2012). 4. Data recovery There can be a number of incidents which can cause loss of users’ data for instance server breakdown or failure can cause serious damage or loss to users' data. However, in order to deal with this situation a cloud computing service provider should take back up of data regularly so that they could be recovered in future. In the same way, cloud users should keep these backups at their local computers or services (You et al., 2012). 5. Data locality It is an admitted fact that in cloud computing environment the users are unaware of their data location. They don’t know where their data is actually stored and how it is being managed, which may be a serious issue. In order to deal with this issue and ensure data privacy there exist a number of data privacy and security laws, which makes location of data be an very important concern in a number of enterprise architecture (You et al., 2012). The research has also pointed out a major issue of data ownership in cloud environment. In fact, there are many instances where business organizations seem to resign their right to data devoid of completely identifying the propositions while signing an agreement with cloud service provider. In many cases it is seen that it is very costly to move working tasks from traditional working environment to cloud computing environment (Yang, 2012; Roberts & Al-Hamdani, 2011). Conclusion This paper has discussed some of the important issues that business organizations and individuals face with cloud computing. Cloud computing is an attractive IT trend which ensures the implementation of the utility computing model broadly using virtualization technologies. Seeing the numerous advantages and opportunities offered by the cloud computing, an increasing number of business organizations have begun offering and making use of cloud-enabled architectures and services to support their business operations. At present, the use of cloud computing has turned into an attractive trend. In fact, a lot of business organizations nowadays use clouds to manage their business operations. There are numerous security issues associated with cloud computing. Without a doubt, security and privacy issues are one of the major cloud computer concerns. The idea of handing over significant data to some other corporation decreases the confidence of a lot of organizations and individuals. There are many privacy and security problems and issues with cloud computing as it is composed of a lot of techniques and technologies comprising databases, networks, virtualization, operating systems, transaction administration, resource scheduling, concurrency management, load balancing and memory management. Undoubtedly, cloud computing is a wonderful trend, but it can be made more effective and efficient by improving security. References [1] Aleem, A. & Sprott, C.R., 2013. Let me in the cloud: analysis of the benefit and risk assessment of cloud platform. Journal of Financial Crime, 20(1), pp.6-24. [2] Babar, M.A. & Chauhan, M.A., 2011. A tale of migration to cloud computing for sharing experiences and observations. In SECLOUD '11 Proceedings of the 2nd International Workshop on Software Engineering for Cloud Computing. New York, 2011. ACM. [3] Bruening, P.J. & Treacy, B.C., 2009. Privacy, Security Issues Raised by Cloud Computing. Privacy & Security Law Report. The Bureau of National Affairs, Inc. [4] Burns, C., 2011. Cloud security threats, as explained by the experts. [Online] Available at: http://www.computerworlduk.com/advice/cloud-computing/3310403/cloud-security-threats-as-explained-by-the-experts/ [Accessed 07 May 2013]. [5] Cloud Security Alliance, 2010. Top Threats to Cloud Computing V1.0. [Online] Available at: https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf [Accessed 04 May 2013]. [6] Dahbur, K., Mohammad, B. & Tarakji, A.B., 2011. A survey of risks, threats and vulnerabilities in cloud computing. In ISWSA '11 Proceedings of the 2011 International Conference on Intelligent Semantic Web-Services and Applications., 2011. ACM New York, USA. [7] Hudic, A. et al., 2013. confidentiality using fragmentation in cloud computing. International Journal of Pervasive Computing and Communications, 9(1), pp.37-51. [8] Jansen, W.A., 2011. Cloud Hooks: Security and Privacy Issues in Cloud Computing. In Proceedings of the 44th Hawaii International Conference on System Sciences., 2011. NIST. [9] Kandukuri, B.R., V., R.P. & Rakshit, A., 2009. Cloud Security Issues. In SCC '09 Proceedings of the 2009 IEEE International Conference on Services Computing., 2009. IEEE Computer Society Washington, DC, USA. [10] Meng, F., Wang, T., Hu, N. & Li, H., 2011. Research of the application of cloud computing theory in emergent material support. In ICCC '11 Proceedings of the 2011 International Conference on Innovative Computing and Cloud Computing. New York, 2011. ACM. [11] Roberts, J.C. & Al-Hamdani, W., 2011. Who can you trust in the cloud?: a review of security issues within cloud computing. In InfoSecCD '11 Proceedings of the 2011 Information Security Curriculum Development Conference., 2011. ACM New York, NY, USA. [12] Yang, S.Q., 2012. Move into the Cloud, shall we? Library Hi Tech News, 29(1), pp.4-7. [13] You, P., Peng, Y., Liu, W. & Xue, S., 2012. Security Issues and Solutions in Cloud Computing. In 32nd International Conference on Distributed Computing Systems Workshops., 2012. IEEE. Read More