Security in the Cloud - Literature review Example

? Security in the Cloud Security in the Cloud Introduction In recent decades, the computation worldhas changed from centralized to distributed systems and this has enabled users to get back to virtual centralization, or what is commonly referred to as cloud computing. Data location and processes makes the difference in the computation realm (Kandukuri et al, 2009). This is evident by the fact that on one hand, a user has complete control on processes and data in his or her device. On the other hand, however, the user has cloud computing where a vendor provides the data and service maintenance thus leaving a user unaware of where the processes run and where storage of data takes place. Cloud computing has emerged as one of the most exciting technologies in the modern world as institutions and individuals seek to reduce cost while at the same time increase scalability and flexibility for computing processes and data storage. Anthes (2010) observe that due to cloud computing, computing may be organized as a public utility in the near future. He further argues that cloud computing bring people closer and promises elasticity, economy, transparency, and convenience. However, despite the many benefits that comes with cloud computing, there is a thorny issue of privacy and security. This paper will discuss security in the cloud; it will focus on the issue of security as regards the concept of cloud computing. Concepts Related to Cloud Computing Cloud computing is defined as the management and provision of applications, information, software, and resources as services over the cloud based on demand (Singh and Shrivastava, 2012). This technology uses the central remote servers and internet to maintain applications and data. It is broken down into three segments that include connectivity, storage, and application, as demonstrated in the diagram below. Cloud computing allows businesses and consumers to use applications necessarily without installation and to access their files and data at any computer that has internet access. It is a network-based environment providing reliable information technology services to users via the internet. It provides services and resources based on demand across the internet. In addition, it allows developers to create applications and run those applications in the internet. It is as a result of this flexibility that cloud computing is considered as a very attractive solution to many institutions, enterprises and individuals. Many users also prefer it because it heavily cut down expenses (Rani et al, 2012). A good example of cloud computing is Hotmail, Gmail, and yahoo email. While using cloud computing, one does not need a server or software. All that one need is simply an internet access and one can start accessing, sending and receiving information. The email and server management is all in the cloud and is managed completely by the cloud or internet service provider such as Google (Singh and Shrivastava, 2012). The diagram below shows the services of cloud computing: Source: Singh and Shrivastava (2012) The fact that cloud computing has numerous benefits to individuals and enterprises cannot be disputed. However, there is a major concern that relates to cloud computing; how security is taken care of and implemented. Cloud computing technology allows for centralization of bandwidth, processing, memory and storage thus making it a much more inefficient and insecure form of computing (Singh and Shrivastava, 2012). While in a sense cloud computing simplifies some of issues of security for consumers by outsourcing them to a different party, it at the same time signifies insecurity to the same consumers. Complacency by the cloud users to think that they do not have to worry concerning their data and software because it is in the hand of experts is a mistake (Anthes, 2010). Cloud computing, in general has several customers from ordinary users, enterprises, and academia who have varying motivation of moving to cloud. Therefore, cloud providers have to find a way of combining performance with security. For many customers especially the enterprises, their main problem is security. For others like academia, the main problem may be performance but are equally concerned with security as well. The model of cloud services delivery establish virtual perimeters cloud as well as a security model with tasks and responsibilities shared between the cloud service provider and the customer (Rani et al, 2012). The shared tasks and responsibilities is bound to bring security challenges to the operation of cloud computing. Morrow (2011) observes that taking data and securing them is not a new concept especially in the world of technology. Nonetheless, it presents one of the challenges that both the digital world and real world struggle with. Even in the real world, information that is under lock and key can still be open to malicious or accidental misuse and is subject to theft as well. Similarly, information in the digital world is subject to issues that may compromise its privacy and security. Attempts at protecting information in the digital world have proved to be less robust because of the inherent limitations relating to protection of the content. The challenge of protecting information has become more evident in cloud computing era. Data in the cloud-computing environment has much more fluidity and dynamism that static information in a network folder or on a desktop. Singh and Shrivastava (2012) argue that the primary security challenge with cloud computing is that those who own data may not have control about where their data is stored. Cloud system support efficient storage of sensitive data that has been encrypted; stores and manages enormous amounts of data; supports strong data authentication and support access control. Security concerns relating to cloud computing apply to these technologies and systems. For instance, security of networks that interconnects the cloud systems can be compromised. In addition, the techniques of data mining may be applicable to detection of malware in clouds. Since security is an important aspect in cloud computing, service providers and customers have to enter into some form of agreements that can guarantee security. However, it is important to point out that even though such agreements may provide some sense of assurance, it does not address the whole security challenge relating to cloud computing. Kandukuri et al (2009) observes that when looking at the data security in cloud computing, the cloud-computing providers have to provide certain levels of assurance in agreement known as the Service Level Agreements (SLA) in order to convince the customers regarding the issues of security. The SLA describes the varying security levels, as well as the complexity that is based on the services being provided to the customers. The customers ought to be made to understand the policies relating to security that the vendor of cloud computing is implementing. Irrespective of the cloud-computing providers, there is a standardized way of preparing the SLA. Such a format and implementation model provided is critical in helping the customers to look forward to some security assurance while using cloud computing (Anthes, 2010). It is important to point out that, presently, the SLAs are not applicable to third parties that are unrelated to the customers or vendors. Similarly, it is not applicable to third parties that are not privy to the content of a particular contract between the cloud computing provider and the customer (Kandukuri et al, 2009).. As the diagram below illustrates, the cloud service provider guarantees 99.9 percent uptime on all private and public network services to customers. All public network services include advanced intrusion detection systems, detailed bandwidth graphs, redundant carrier-grade internet connections, and denial of service mitigation. The private network services include unlimited bandwidth between servers, unlimited downloads/ uploads to servers, access to the secure VPN connection, detailed bandwidth graphs, and traffic analysis (Kandukuri et al, 2009).. Uptime Guarantee SLA Credit 99.9% Guaranteed 99.8% 5% 99.7% 10% 99.6% 15% 99.5% 20% 99.4% 25% 99.3% 30% 99.2% 35% 99.1% 40% 99.0% 45% Less than 99.0% 50% Source: Kandukuri et al., (2009) Security Issues Related to Cloud Computing Rani et al (2012) highlight seven security issues that relate to cloud computing. The first issue is that of regularity compliances where customers are responsible ultimately for the integrity and security of their own information and data, even when a service provider holds such data. This issue takes into account the fact that traditional service providers were subjected to security certifications and external audits. The second issue is that of privileged user access; this relates to where the processed sensitive data outside the customer brings with it inherent risk level because services bypass the personnel, logical, and physical controls (Kandukuri et al, 2009). The third issue relates to recovery; security concerns arise from the possibility of cloud provider breaking or some problems result to cloud server failure. It raises the question of whether in such an event the cloud provider can completely restore the lost data. This can also cause an impasse in security, as the clients may not get permission to third party firms to control the content of their data. Long-term viability is the other security issue that relates to cloud computing. Another company will not acquire the provider of cloud computing, ideally, and it will not become bankrupt. However, customers of cloud computing must be assured that their data will still be available even in the event of acquisition or bankruptcy of cloud computing provider (Rani et al, 2012). The other security issue related cloud computing is that of data segregation. Typically, data in the cloud is in a shared setting together with data from other users. While encryption is effective as a security measure, it is not the absolute solution to the security problem in cloud computing (Kandukuri et al, 2009). Although decryption and encryption is a classic means of covering security issues, they cannot provide perfect solution to this challenge. Data collection is another security issue of cloud computing. When customers are using the cloud, they possibly do not know where their information is hosted (Singh and Shrivastava, 2012). Cloud computing providers usually distribute data storage and this can result to lack of control and may compromise security of the data of customers who had their data in local machine prior to moving to cloud. The final security issue that relates to cloud computing is investigative support. Investigation of cloud services have proved to be difficult because of a number of reasons including data and logging for multiple customers could be co-located and can also be spread across a set of data and host centres that are frequently changed (Rani et al, 2012). Morrow (2011) is of the view that data security in the cloud is at a bad state, currently. Even though there are many benefits accrued to it including cost savings and improved interoperability, cloud computing is a system that is at a tipping point. The inherent nature of cloud computing demands that data are fluid objects and therefore accessible from multiple geographic locations. As such, there must be a data security methodology that considers these aspects while at the same time making sure that data fluidity is not compromised. The model of cloud computing opens up risks relating to security of data. This is because it is a model that is meant to allow for more improved and easier data sharing and more open accessibility of data. Morrow (2011), therefore argues that considering data fluidity and data security, securing of data should be looked at as a continuum of choices between content restrictions and accessibility levels. Such a continuum should enable users to make a decision of applying the right protection level, thus making sure that the flexibility provided by cloud computing into the whole spectrum of data communication is ultimately retained (Anthes, 2010). Addressing the Security Concerns of Cloud Computing Considering the security concerns that relate to cloud computing, there have been efforts to address this problem without compromising fluidity of data. Baiardi and Sgandurra (2010) argue that Virtual Interacting Network Community (Vinci) is an important solution to security of data in cloud. Vinci is a software architecture that secures community cloud by exploiting virtualization. A community cloud is a cloud system that is shared among communities with distinct levels of reliability requirements and security. a community is made up of a set of users and a set of shared resources and services. Vinci have templates to run user applications, control traffic and protect shared resources. A number of private and public organizations are adopting Vinci with the view of increasing the ICT investments returns, as well as simplifying the infrastructure management (Baiardi and Sgandurra, 2010). This adoption results in the sharing of computing and communication resources of cloud systems among communities with distinct reliability, performance, and security requirements. Vinci has proved to be a reliable system of minimizing the security risks posed by cloud computing. It is a software architecture that aims at increasing the applications security sharing a cloud (Baiardi and Sgandurra, 2010). The cloud virtual architecture is very dynamic and complex, a situation that is further compounded by the huge workload and traffic in the physical server. As such, adopting security solutions to risks associated with cloud computing is challenging and will require tackling of key characteristics so as to deliver pre-emptive and accurate protection (Rani et al, 2012). The first characteristic that needs to be addressed is that of performance by trapping every system activity within an enormous amount of cloud system activities. The second characteristic is that of virtual appliances where there is a need for new delivery system software to replace the current complex and costly ones. The third characteristic is that of control where virtualization aware security software needs to be installed to prevent hacking (Anthes, 2010). Addressing of these characteristics alongside other characteristics will help deliver the pre-emptive and accurate protection in cloud computing. Conclusion From the above discussion, it is evidently clear that security risk of cloud computing is real and needs to be addressed in order to protect customers’ data. Cloud computing is beneficial as it helps to reduce costs and to use a variety of techniques to secure and optimize application performance. As has been noted, the key to successful cloud computing is in striking a balance between business benefits and the hidden potential risks which can adversely affect efficacy. The paper has noted a number of security issues related to cloud computing. It can be deduced that a secure cloud can be unattainable if the virtual environment is not secured. The conventional solutions are not suited well for guaranteeing security in the cloud environment. This is because of the ever-dynamic and complex cloud computing nature. Therefore, there is need for new solution- virtualization-aware security solution to secure the entire cloud computing system References Anthes, G. (2010). Security in the Cloud. Communications of the ACM, 53 (11), 16-18 Baiardi, F and Sgandurra, D. (2010). Securing a Community Cloud. 2010 IEEE 30th International Conference on Distributed Computing Systems Workshops, 2010: 84, 32-41 Kandukuri, B et al. (2009). Cloud Security Issues. IEEE International Conference on Services Computing, 2009: 84, 517-520 Morrow, S. (2011). Data Security in the Cloud. John Wiley & Sons, Inc Rani, A et al. (2012). A Study on Cloud Security Issues and Challenges. International Journal of Computer Technology & Applications, Vol 3 (1),344-347 Singh, A and Shrivastava, M. (2012). Overview of Security Issues in Cloud Computing. International Journal of Advanced Computer Research (ISSN (print): 2249-7277 Read More