StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Security in the Cloud - Literature review Example

Cite this document
Summary
This literature review "Security in the Cloud" presents security in the cloud; it will focus on the issue of security as regards the concept of cloud computing. It is evidently clear that the security risk of cloud computing is real and needs to be addressed in order to protect customers’ data…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER93.4% of users find it useful
Security in the Cloud
Read Text Preview

Extract of sample "Security in the Cloud"

? Security in the Cloud Security in the Cloud Introduction In recent decades, the computation worldhas changed from centralized to distributed systems and this has enabled users to get back to virtual centralization, or what is commonly referred to as cloud computing. Data location and processes makes the difference in the computation realm (Kandukuri et al, 2009). This is evident by the fact that on one hand, a user has complete control on processes and data in his or her device. On the other hand, however, the user has cloud computing where a vendor provides the data and service maintenance thus leaving a user unaware of where the processes run and where storage of data takes place. Cloud computing has emerged as one of the most exciting technologies in the modern world as institutions and individuals seek to reduce cost while at the same time increase scalability and flexibility for computing processes and data storage. Anthes (2010) observe that due to cloud computing, computing may be organized as a public utility in the near future. He further argues that cloud computing bring people closer and promises elasticity, economy, transparency, and convenience. However, despite the many benefits that comes with cloud computing, there is a thorny issue of privacy and security. This paper will discuss security in the cloud; it will focus on the issue of security as regards the concept of cloud computing. Concepts Related to Cloud Computing Cloud computing is defined as the management and provision of applications, information, software, and resources as services over the cloud based on demand (Singh and Shrivastava, 2012). This technology uses the central remote servers and internet to maintain applications and data. It is broken down into three segments that include connectivity, storage, and application, as demonstrated in the diagram below. Cloud computing allows businesses and consumers to use applications necessarily without installation and to access their files and data at any computer that has internet access. It is a network-based environment providing reliable information technology services to users via the internet. It provides services and resources based on demand across the internet. In addition, it allows developers to create applications and run those applications in the internet. It is as a result of this flexibility that cloud computing is considered as a very attractive solution to many institutions, enterprises and individuals. Many users also prefer it because it heavily cut down expenses (Rani et al, 2012). A good example of cloud computing is Hotmail, Gmail, and yahoo email. While using cloud computing, one does not need a server or software. All that one need is simply an internet access and one can start accessing, sending and receiving information. The email and server management is all in the cloud and is managed completely by the cloud or internet service provider such as Google (Singh and Shrivastava, 2012). The diagram below shows the services of cloud computing: Source: Singh and Shrivastava (2012) The fact that cloud computing has numerous benefits to individuals and enterprises cannot be disputed. However, there is a major concern that relates to cloud computing; how security is taken care of and implemented. Cloud computing technology allows for centralization of bandwidth, processing, memory and storage thus making it a much more inefficient and insecure form of computing (Singh and Shrivastava, 2012). While in a sense cloud computing simplifies some of issues of security for consumers by outsourcing them to a different party, it at the same time signifies insecurity to the same consumers. Complacency by the cloud users to think that they do not have to worry concerning their data and software because it is in the hand of experts is a mistake (Anthes, 2010). Cloud computing, in general has several customers from ordinary users, enterprises, and academia who have varying motivation of moving to cloud. Therefore, cloud providers have to find a way of combining performance with security. For many customers especially the enterprises, their main problem is security. For others like academia, the main problem may be performance but are equally concerned with security as well. The model of cloud services delivery establish virtual perimeters cloud as well as a security model with tasks and responsibilities shared between the cloud service provider and the customer (Rani et al, 2012). The shared tasks and responsibilities is bound to bring security challenges to the operation of cloud computing. Morrow (2011) observes that taking data and securing them is not a new concept especially in the world of technology. Nonetheless, it presents one of the challenges that both the digital world and real world struggle with. Even in the real world, information that is under lock and key can still be open to malicious or accidental misuse and is subject to theft as well. Similarly, information in the digital world is subject to issues that may compromise its privacy and security. Attempts at protecting information in the digital world have proved to be less robust because of the inherent limitations relating to protection of the content. The challenge of protecting information has become more evident in cloud computing era. Data in the cloud-computing environment has much more fluidity and dynamism that static information in a network folder or on a desktop. Singh and Shrivastava (2012) argue that the primary security challenge with cloud computing is that those who own data may not have control about where their data is stored. Cloud system support efficient storage of sensitive data that has been encrypted; stores and manages enormous amounts of data; supports strong data authentication and support access control. Security concerns relating to cloud computing apply to these technologies and systems. For instance, security of networks that interconnects the cloud systems can be compromised. In addition, the techniques of data mining may be applicable to detection of malware in clouds. Since security is an important aspect in cloud computing, service providers and customers have to enter into some form of agreements that can guarantee security. However, it is important to point out that even though such agreements may provide some sense of assurance, it does not address the whole security challenge relating to cloud computing. Kandukuri et al (2009) observes that when looking at the data security in cloud computing, the cloud-computing providers have to provide certain levels of assurance in agreement known as the Service Level Agreements (SLA) in order to convince the customers regarding the issues of security. The SLA describes the varying security levels, as well as the complexity that is based on the services being provided to the customers. The customers ought to be made to understand the policies relating to security that the vendor of cloud computing is implementing. Irrespective of the cloud-computing providers, there is a standardized way of preparing the SLA. Such a format and implementation model provided is critical in helping the customers to look forward to some security assurance while using cloud computing (Anthes, 2010). It is important to point out that, presently, the SLAs are not applicable to third parties that are unrelated to the customers or vendors. Similarly, it is not applicable to third parties that are not privy to the content of a particular contract between the cloud computing provider and the customer (Kandukuri et al, 2009).. As the diagram below illustrates, the cloud service provider guarantees 99.9 percent uptime on all private and public network services to customers. All public network services include advanced intrusion detection systems, detailed bandwidth graphs, redundant carrier-grade internet connections, and denial of service mitigation. The private network services include unlimited bandwidth between servers, unlimited downloads/ uploads to servers, access to the secure VPN connection, detailed bandwidth graphs, and traffic analysis (Kandukuri et al, 2009).. Uptime Guarantee SLA Credit 99.9% Guaranteed 99.8% 5% 99.7% 10% 99.6% 15% 99.5% 20% 99.4% 25% 99.3% 30% 99.2% 35% 99.1% 40% 99.0% 45% Less than 99.0% 50% Source: Kandukuri et al., (2009) Security Issues Related to Cloud Computing Rani et al (2012) highlight seven security issues that relate to cloud computing. The first issue is that of regularity compliances where customers are responsible ultimately for the integrity and security of their own information and data, even when a service provider holds such data. This issue takes into account the fact that traditional service providers were subjected to security certifications and external audits. The second issue is that of privileged user access; this relates to where the processed sensitive data outside the customer brings with it inherent risk level because services bypass the personnel, logical, and physical controls (Kandukuri et al, 2009). The third issue relates to recovery; security concerns arise from the possibility of cloud provider breaking or some problems result to cloud server failure. It raises the question of whether in such an event the cloud provider can completely restore the lost data. This can also cause an impasse in security, as the clients may not get permission to third party firms to control the content of their data. Long-term viability is the other security issue that relates to cloud computing. Another company will not acquire the provider of cloud computing, ideally, and it will not become bankrupt. However, customers of cloud computing must be assured that their data will still be available even in the event of acquisition or bankruptcy of cloud computing provider (Rani et al, 2012). The other security issue related cloud computing is that of data segregation. Typically, data in the cloud is in a shared setting together with data from other users. While encryption is effective as a security measure, it is not the absolute solution to the security problem in cloud computing (Kandukuri et al, 2009). Although decryption and encryption is a classic means of covering security issues, they cannot provide perfect solution to this challenge. Data collection is another security issue of cloud computing. When customers are using the cloud, they possibly do not know where their information is hosted (Singh and Shrivastava, 2012). Cloud computing providers usually distribute data storage and this can result to lack of control and may compromise security of the data of customers who had their data in local machine prior to moving to cloud. The final security issue that relates to cloud computing is investigative support. Investigation of cloud services have proved to be difficult because of a number of reasons including data and logging for multiple customers could be co-located and can also be spread across a set of data and host centres that are frequently changed (Rani et al, 2012). Morrow (2011) is of the view that data security in the cloud is at a bad state, currently. Even though there are many benefits accrued to it including cost savings and improved interoperability, cloud computing is a system that is at a tipping point. The inherent nature of cloud computing demands that data are fluid objects and therefore accessible from multiple geographic locations. As such, there must be a data security methodology that considers these aspects while at the same time making sure that data fluidity is not compromised. The model of cloud computing opens up risks relating to security of data. This is because it is a model that is meant to allow for more improved and easier data sharing and more open accessibility of data. Morrow (2011), therefore argues that considering data fluidity and data security, securing of data should be looked at as a continuum of choices between content restrictions and accessibility levels. Such a continuum should enable users to make a decision of applying the right protection level, thus making sure that the flexibility provided by cloud computing into the whole spectrum of data communication is ultimately retained (Anthes, 2010). Addressing the Security Concerns of Cloud Computing Considering the security concerns that relate to cloud computing, there have been efforts to address this problem without compromising fluidity of data. Baiardi and Sgandurra (2010) argue that Virtual Interacting Network Community (Vinci) is an important solution to security of data in cloud. Vinci is a software architecture that secures community cloud by exploiting virtualization. A community cloud is a cloud system that is shared among communities with distinct levels of reliability requirements and security. a community is made up of a set of users and a set of shared resources and services. Vinci have templates to run user applications, control traffic and protect shared resources. A number of private and public organizations are adopting Vinci with the view of increasing the ICT investments returns, as well as simplifying the infrastructure management (Baiardi and Sgandurra, 2010). This adoption results in the sharing of computing and communication resources of cloud systems among communities with distinct reliability, performance, and security requirements. Vinci has proved to be a reliable system of minimizing the security risks posed by cloud computing. It is a software architecture that aims at increasing the applications security sharing a cloud (Baiardi and Sgandurra, 2010). The cloud virtual architecture is very dynamic and complex, a situation that is further compounded by the huge workload and traffic in the physical server. As such, adopting security solutions to risks associated with cloud computing is challenging and will require tackling of key characteristics so as to deliver pre-emptive and accurate protection (Rani et al, 2012). The first characteristic that needs to be addressed is that of performance by trapping every system activity within an enormous amount of cloud system activities. The second characteristic is that of virtual appliances where there is a need for new delivery system software to replace the current complex and costly ones. The third characteristic is that of control where virtualization aware security software needs to be installed to prevent hacking (Anthes, 2010). Addressing of these characteristics alongside other characteristics will help deliver the pre-emptive and accurate protection in cloud computing. Conclusion From the above discussion, it is evidently clear that security risk of cloud computing is real and needs to be addressed in order to protect customers’ data. Cloud computing is beneficial as it helps to reduce costs and to use a variety of techniques to secure and optimize application performance. As has been noted, the key to successful cloud computing is in striking a balance between business benefits and the hidden potential risks which can adversely affect efficacy. The paper has noted a number of security issues related to cloud computing. It can be deduced that a secure cloud can be unattainable if the virtual environment is not secured. The conventional solutions are not suited well for guaranteeing security in the cloud environment. This is because of the ever-dynamic and complex cloud computing nature. Therefore, there is need for new solution- virtualization-aware security solution to secure the entire cloud computing system References Anthes, G. (2010). Security in the Cloud. Communications of the ACM, 53 (11), 16-18 Baiardi, F and Sgandurra, D. (2010). Securing a Community Cloud. 2010 IEEE 30th International Conference on Distributed Computing Systems Workshops, 2010: 84, 32-41 Kandukuri, B et al. (2009). Cloud Security Issues. IEEE International Conference on Services Computing, 2009: 84, 517-520 Morrow, S. (2011). Data Security in the Cloud. John Wiley & Sons, Inc Rani, A et al. (2012). A Study on Cloud Security Issues and Challenges. International Journal of Computer Technology & Applications, Vol 3 (1),344-347 Singh, A and Shrivastava, M. (2012). Overview of Security Issues in Cloud Computing. International Journal of Advanced Computer Research (ISSN (print): 2249-7277 Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Security in the Cloud Essay Example | Topics and Well Written Essays - 2000 words”, n.d.)
Security in the Cloud Essay Example | Topics and Well Written Essays - 2000 words. Retrieved from https://studentshare.org/information-technology/1479691-security-in-the-cloud
(Security in the Cloud Essay Example | Topics and Well Written Essays - 2000 Words)
Security in the Cloud Essay Example | Topics and Well Written Essays - 2000 Words. https://studentshare.org/information-technology/1479691-security-in-the-cloud.
“Security in the Cloud Essay Example | Topics and Well Written Essays - 2000 Words”, n.d. https://studentshare.org/information-technology/1479691-security-in-the-cloud.
  • Cited: 0 times

CHECK THESE SAMPLES OF Security in the Cloud

Governance in the Cloud

Using COBIT to Manage Benefit, Risks and Security in the Cloud In this ever-increasing competitive world, companies are heavily relying on data and information to make complex decisions on control and risks that would be rapid and flourishing.... Governance in the cloud Bryan Lay MIS ### Dr.... Current governance strategies must be closely evaluated when translating to the cloud environment due to unique characteristics and difficulties presented with the use of the cloud....
3 Pages (750 words) Research Paper

Thin Client Operating System Security

This report "Thin Client Operating System security" discusses thin client as a term that is used to refer to a network computer or PCs which are used by businesses whose design makes them be managed centrally and their configuration makes them to lack CD/DVD players or expansion slots.... More importantly, though is the fact that thin computers provide enhanced security as compared to desktop PCs.... This essay gives a critical analysis and discussion of the security implications which are related to systems such as Windows CE, Google Chromium, and Linux which make use of the thin client operating system....
8 Pages (2000 words) Report

Case Study 2: Cloud Computing

Access to the cloud from anywhere is crucial for Ericsson since possessing hosting centres in diverse locations enhances the quality of the company's services.... Case Study 2: cloud Computing Name: Institution: Case Study 2: cloud Computing Question 1 Ericsson has benefited immensely by being able to exploit Amazon's resources.... Moreover, Ericsson can effectively access its cloud from anyplace due to Amazon's web services capacity for remote access....
3 Pages (750 words) Essay

The Concept of Cloud Computing

the cloud resources are not only associated with sharing across multiple users but on-demand is even dynamically reallocated.... The research paper "The Concept of cloud Computing"  is centered on the advantages, disadvantages, and various working procedures of cloud computing would e highlighted in the research study.... hellip; cloud computing is a popular concept in the field of information technology.... The research question or thesis statement of the study is – “what is the working style of cloud computing in the group and personal uses and ways in which it can replace physical storage comprising of its advantages and disadvantages”....
7 Pages (1750 words) Research Paper

Cloud Computing Risks and Security Concerns

For this reason, over 33% of UK companies compute in the cloud (Buyya, Broberg & Goscinski 2011).... According to Pearson and Yee (2013), consumer capabilities involve the use of the applications in the cloud infrastructure of the provider in the Software as a Service, SaaS model.... In Platform as a Service, PaaS, the consumer would be given the capability to deploy individual applications onto the cloud infrastructure without the installation of tools or any platform on their machines....
12 Pages (3000 words) Essay

Advantages and Challenges of Cloud Computing

Likewise, transferring information on the cloud determines that it is not manageable by the organization anymore and any consequence or a breach of data occurring on the vendor side will be a prime threat to the organization.... Likewise, before making any strategy for transferring critical applications to the cloud, it is important to analyze the deployment and service models of cloud computing.... The paper "Advantages and Challenges of cloud Computing" highlights that cloud computing derives many valuable benefits for organizations....
6 Pages (1500 words) Research Paper

Cloud Computing

People all over the world can now access the cloud via the internet.... The paper "cloud Computing" determined the impact of cloud computing on the corporate IT level.... The benefits of cloud computing towards the organization is discussing.... cloud computing reduces IT costs and makes the company more flexible.... Some of the demerits of cloud computing is been described.... hellip; cloud computing can reduce the cost of capital for companies who used to spend large amounts of money on software and hardware....
7 Pages (1750 words) Case Study

Information Security in Cloud Computing

nbsp; Information security issues related to cloud computingLoss of trustIt is sometimes s hard task for cloud service users to evaluate how trustworthy their service provider is since there is the black-box feature in the cloud services.... oss of governanceWhenever an organization intends to migrate some part of its IT system to the cloud infrastructure, there is an implication that the organization will be partially giving control to the cloud service provider....
6 Pages (1500 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us