The Cloud Computing in Business Security - Report Example

The Cloud Computing in Business Security Cloud computing makes use of the internet to provide various kinds of resources that are provisioned electronically in the form of services. There is no standardized definition by which one can define cloud computing. It is a virtualized system of computing and storage of resources through which infrastructures, platforms and also applications are provided in a scalable and network centric manner “as on demand services” (Baun 3). The concept of cloud computing is generally separated into two sets of models, such as, deployment models and service models. The deployment models refer to the “location and management of the cloud’s infrastructure” (Sosinsky 5). The service models relate to the particular nature of services that can be accessed through the cloud computing platform. The attributes and characteristics of the paradigm of cloud computing are still evolving and the definitions, issues and risk factors involved to it would undergo transformations through involvement of both the private and the public sectors. The model of cloud computing has emerged and gained importance in the recent few years due to its ability to enable convenient access to “a shared pool of configurable computing resources” (Harding 198) which can be released with least management effort or interaction on part of the service provider. The computing resources are available to the clients when they need them via the internet and are charged on the basis of their usage. Besides, the clients are benefited since due to the outsourcing of a major portion of the technical duties, the employees can concentrate on the other aspects of their responsibilities better than before. The five characteristic properties of cloud are that it is service based, scalable and elastic, shared, metered by use and uses the internet technology. According to some experts the services offered by cloud computing can be categorized as “Infrastructure as a Service (IaaS), Platform as a Service (Paas) and Software as a Service (SaaS)” (Wang, Ranjan and Chen 226). The explanation given above looks at the concept of loud computing from the perspective of end users. From the viewpoint of the service provider, the data center is the major component of cloud. The hardware resources required for different computing and storage processes are contained in the data centre. They classify the cloud system as private and public (“Grid and Cloud Computing” 48). Cloud computing is a radical concept in the field of information technology and is capable of redefining the role of the corporate IT sector. This concept has established its associations with the concept of security thereby exciting lots of security professionals. However, the traditional IT department faces the threat from the new entrance of cloud computing since it can provide cheap service without any interference from any technician. This paper deals with the issue of business security with the usage of cloud computing. The understanding of the issue has been facilitated by case studies and recommendations are provided towards the end of the paper. Components of cloud computing system There are different components in the cloud computing system. They are the servers, virtual machines (VMs) and application services. These are the essential parts of the cloud computing system that forms the structure through which information disseminates. The components communicate amongst each other to exchange information or data which is required for computation processes. The drawbacks of the traditional centralized approaches towards data storages such as suffering form the problem of a single point of failure, are avoided in this concept of cloud computing . A “structured peer-to-peer network model” (Antonopoulos and Gillam 195) connects the cloud system components due to which problems like that of “single point of failure” (Antonopoulos and Gillam 195) can be avoided. The modern networks make use of “high speed signaling with point-to-point serial links providing high band width connections between processors and memory in multi processors, connecting input/output (IO) devices, and as switching fabrics for routers” (Abts and Kim13). Public cloud computing At present there is more than one provider in the field of cloud computing. Among them the key players are “Amazon, Google app engine, GoGrid and Microsoft” (Antonopoulos and Gillam 200). There are other notable cloud providers such as EMC, Hewlett Packard, IBM, Salesforce.com, Symantec and VMware. The cloud services provided by Amazon originally grew out of its efforts to manage its own services. Each of the pages of Amazon involves a huge number of servers and in their effort to manage their own business, Amazon excelled at this service. Later on they launched a cloud service product by the name Amazon Web Services (AWS). Its three web services together expose all the functionalities that are needed for the provisioning of the application services on the Amazon EC2 (Antonopoulos and Gillam 200). The Google App Engine offers a scalable platform for the applications to run. It does not grant direct access to any customized virtual machine like some other Cloud platforms. This puts a restriction upon the “access to the underlying operating system” (Antonopoulos and Gillam 201). The system operating behind manages the issues related to service provisioning, ‘autoscaling’ as well as load-balancing strategies. In the field of cloud computing, “Google is rated as one of the most of the most powerful entrants” (Chorafas, “Cloud Computing Strategies”). The services of Google provide individual customers as well as organizations with access to infrastructure and technology. The Google App Engine is one among the range of productivity applications that give developers the environment of cloud computing. GoGrid Cloud Hosting provides the developers with F5 Load balancers for the distribution of “application service traffic across servers” (Antonopoulos and Gillam 200). The load balancer has the sensor to identify the crash of any server and redirects requests to other servers which are available (Antonopoulos and Gillam 200). Microsoft focuses on its Azure platform and depends upon it to establish itself as the leader in the market for cloud computing. It invests heavily in building data centers to provide infrastructure for cloud computing services. It promotes software and enabling strategy on the Azure platform. The hypothesis held behind this software is that desktop applications would continue to be in demand as in present. Besides Azure, Microsoft also delivers Windows Live (mainly for individual consumers), Office Live for small and medium enterprises, SharePoint Online as well as exchange Online (Chorafas, “Cloud Computing Strategies”). Literature review According to a statement by John McCarthy, the day is advancing on which computing would be “organized as a public utility” (Anthes 16) just as the use of telephones have become widespread. The new system of cloud computing is leading us to such destination. The concept of cloud computing in simple words can be summarized as the possibility of outsourcing the certain job responsibilities to outside vendors who are presumably good at handling such duties. Although apparently it seems that the client companies would have no more worries about the security of their information or their data since they have been submitted to safe hands, the truth is the other way round. A survey conducted in the United States on one hundred and three cloud service providers revealed that the providers are not much concerned with the security of the data of their customers. Some of these providers even consider the responsibility of safeguarding the data stored in the cloud to belong to the customers that use it. Rather than focusing upon data security, the providers set their priorities upon delivering low-cost solutions with fast deployment that leads to improvement of customer service and efficiency of functioning of the IT departments of the companies (“Cloud Providers Aren’t Much Concerned with Security” 7). According to Hastings, a new debate opens up after the “data is uploaded to the cloud” (Hastings 12). Once the data is uploaded the question is whether it belongs to the person who has created it or whether the ownership of the data is given up by on uploading it. For certain collaborative projects there are no specific ownership, as meant by the term in its original sense. In these cases the benefit of uploading the data to a cloud service provider outweighs any existing drawback. But in cases of more sensitive information, the budget data or internal documents related to major organizational decisions, the companies should make a detailed check on the authenticity and reliability of the provider. As a personal backup, the clients should consider the possibility of keeping a backup of the data of parts of the information in private in-house storage, so that in case of any incidence of loss of data from the cloud, the original information would still be available. Methodology This paper presents four case studies that develop the context of security in the usage of cloud services. The case studies are chosen from both the private sector as well as the government sector to understand the extent to which the system of cloud computing is being accepted into these sector for their operations. The method of qualitative research is deployed in this paper throughout the presentation of the case studies. The selection of methodology is important in obtaining relevant outcome from a research work. In this current issue, the reality issue is the debatable question of business security with cloud computing and the method of making case studies has been adopted to investigate the situation. The interpretations obtained from these case studies helps to reach the findings related to the topic. The question of security in cloud computing is not a one ended debate, since there are no single answers found to this question. While some enterprises are skeptic of its usage and are not sure about the ownership and privacy of their information, other organizations are there that are increasingly depending upon the cloud providers’. The entire information collected for the study is gathered through secondary sources. These secondary data sources have helped in gaining preliminary insight into the issue and helped to get details of various information that have been necessary for the making the study and interpret the results. Case Studies Case study 1: Usage of cloud computing by the Government of Catalonia “The Generalitat of Catalonia” (Boch-Andersen, “Private cloud services for the Government of Catalonia”) in Barcelona, Northern Spain, faced the need to upgrade their infrastructure of information technology in the 2010. The Government needed a cost effective way to upgrade their infrastructure which would be easy enough to maintain. The government decided to choose the cloud services offered by Microsoft. There was a complete migration to cloud services when the government transferred more than ten thousand users’ email services through Exchange 2010. There have been several benefits accruing from this transfer. The initiative have been estimated to generate saving ranging between twenty percent (via migration from the previous versions of exchange) to eighty three percent (due to change from the previous operators of email services) (Boch-Andersen, “Private cloud services for the Government of Catalonia”). On top of that the productivity as well as flexibility of the civil servants would increase to a great extent due to the consolidation of email services to Microsoft, which is a private cloud service provider. The users would now be assured of guaranteed access of data from any place and any point of time. The cloud provider would ensure security of the data uploaded to the cloud and would extend reliable service side by side. The government would have to put less effort in maintaining and managing the information and employ lesser number of managerial personnel thereby reducing costs. There would also be reduced consumption of energy. The government has increased its efforts to deploy private cloud services with the primary aim of ensuring efficiency of the IT operations while making no compromise on the security of the valuable information. The government has put its entire faith upon Microsoft and rests assured that it would reduce the government’s administration costs and at the same time facilitate easy management. The government has made a huge investment to build a sixteen thousand square meter area of data center which has allowed the realization of new synergies. Investments have been made with one private broadband network in order to build a network among the public buildings, such as, the government hospitals, schools as well as other premises. Case study 2: Japanese GIF Holding Library Finder Application “The North American Coordinating Council on Japanese Library Resources (NCC)” (Han 201) developed a web service to identify the “Japanese Global ILL Framework (GIF) libraries” (Han 201) so as to facilitate the inter library loan (IIL) service. This application was developed in Java using J2EE framework and was run in the typical Java servlet container as the Tomcat. Initially the application was operated in a locally managed server. It was a small server and the application operated in it for some years. In 2010, it was transferred to “Linode and Google App Engine” (Han 201). The application was tested and installed to the Amazon Web Services (AWS), Linode and the Google App Engine. The AWS and Linode fall in the category of IaaS providers and Google App Engine is a PaaS provider. AWS and Linode give the users “greater control over virtual nodes on their cloud infrastructure” (Han 201). Google being a PaaS provider maintains the infrastructure environment as the operating system, programming languages and the other tools. Therefore for the users, Google App Engine might be a better option for the users when applications are run in normal OS environments. This is because, the user would save a lot of time while the system administration tasks are fulfilled by PaaS providers. Besides, the price of running an application on the Google App Engine is quite less since Google App Engine offers a free quota, any usage within which would be allowed free of charge. It has been identified that 90 percent of the applications on Google are hosted free. Thus, for small web applications, the Google is a great PaaS resource. However, it should be noted that there are features of the Google App Engine. The Google App Engine requires their users to run their codes in either Python or in Java. Google uses “its own database query language GQL” (Han 202). This necessitates those developers that want to transfer their codes written in SQL to the Google to re-write them in GQL. In addition, only a subset of JRE standard edition are allowed to the users of Google App Engine and users do not have the chance to create new threads. Case Study 3: Cloud computing in German hospital network The Passau region in Germany has a service company by the name Landkreis Passau Gesundheitseinrichtungen (LPG) which is made up of medical institutions. These institutions provide emergency treatment as well as on-going care for the people in this region. LPG maintained its documentations through an existing system of quality management. However this system was quite old and faced problems in processes of updating the documents, maintaining quality standards and allowing external parties to review the documentation process regularly. For the creation of a new arrangement of quality management, LPG has taken help from Business Systemhaus AG (BSH AG) that uses the Microsoft SharePoint Online for its cloud based services. The administrative burden is released from the IT team of LPG as the company relies upon Microsoft for the management and maintenance of the infrastructure. The IT staff remains focused on the efficient working of the medical equipment and ensure the provision of quality care to the customers. The deployment of the server on premises and the hiring of additional staff and installment of infrastructure would dig a bigger hole in the company’s budget. Thus cloud computing provides an efficient solution to the management problem. The LPG now has increased access to their files and in a more “reliable and secure way” (Boch-Andersen, “German hospital network increases data security and access, while cutting costs”) while lowering their IT expenditures. The security aspect has been taken special care of. The staffs have the opportunity to check the creation or approval of new drafts or publication of new documents every time they open the Microsoft Outlook. They have transparent visibility into the system and can ensure that any changes that occur are correctly addressed. This would help in maintaining the ISO standards (Boch-Andersen, “German hospital network increases data security and access, while cutting costs”). Case Study 4: Cloud computing helps companies in searching for candidates: Zartis The hunt for new potential employees is a persistent challenge or the enterprises. The slow recovery from the long span of recession indicates that there are few number of job vacancies, which makes the job market grim from the job-seekers point of view. However, the situation is equally tough for the employers. They are faced with the problem of selecting the right candidate to fill up the limited number of positions so that their company performs well. The small and medium sized enterprises do not possess enough internal resources to compete with the bigger companies in the market for labor. The entire process of recruiting the right candidates take considerable amount of time as well as labor for putting advertisements, screening the candidates’ profiles, sourcing the candidates and finally make a selection from among the pool of candidates (Jonge, “Cloud computing brings job-hunting into the 21st century”). A recruitment engine would be of immense use to these companies and a new recruitment engine has been started on the system of cloud computing. This new venture named Zartis has been started by John Dennehy in Ireland. It is a great business idea involving cloud technology that has become a disruptive innovation in the traditional field of recruitment. The involvement of cloud in this field has helped a start up like Zartis in two ways. On one hand, the usage of clouds relieves Zartis from building an infrastructure for itself and cuts down a major portion of the costs. It is a big factor for a start up like Zartis. It also implies that it can scale up its service provision very fast if the customers increase very rapidly. This is very good facility for the customers since they can set up a recruitment function in a few minutes and integrate with the other users through the social networking sites like the Twitter or the Face book. The application supports thirteen languages thereby helping different customers in their regional languages in their job search. This creates a platform where the employers and the potential workers can contact each other and the employers can meet the job seekers and make a selection before moving ahead with the next processes of interviews. At the basic level, the usage is free. Being a thriving business running for almost a year and receiving positive responses from not only small companies but also bigger ones like Lufthansa, Zartis has not yet faced any security issue. It is based on Microsoft’s Azure and gaining the confidence of the job seekers and recruiters alike (Jonge, “Cloud computing brings job-hunting into the 21st century”). Findings on the business security issue of cloud computing The cloud computing system has been adopted by the organizations in both the private sector as well as the government in different countries around the world. This system of computing has become popular in the recent years and has by this time received major response. Although there are doubts regarding the usage, ownership and security of the service, many corporations have showed their interest in this process. Some of them have ruled out the doubt about security of the information that lies with the service providers. Instead, they have held unfaltering faith upon the service provided by the cloud service providers and cherish the utilization of the advantages that come with it. There are several advantages that accrues to a user of cloud computing. The primary advantage is the combination of reduction in costs and lesser managerial burdens. The customer that uploads its information to the cloud uses the advantage of the internet or World Wide Web to gat ubiquitous access to the information. It does not need to install the voluminous infrastructure that is required to store that huge amount of data in an internal storage system of the company. The customers’ data is being stored in a virtualized system and allowed access to it whenever they need it. “The Government of Catalonia” (Boch-Andersen,“Private cloud services for the Government of Catalonia”) has transferred the responsibility of management of its documents and other information to Microsoft, the reliable cloud service provider. It has established its faith upon the provider and is benefited hugely on the ground that it can save a large sum of money that would be incurred as the cost of administrative purposes. The amount of money saved can be utilized for the establishment of linkages among the public premises within the city through the connection of internet. The government has also emphasized upon the improvement of the productivity of the employees would be able to deliver their duties more accurately. The reduction of annual maintenance cost would help the government to make further investments in other areas of necessity in the city. Besides the cloud service providers that provide platform as a service help the users in their operations. In the PaaS provision the users’ time is saved since the administration tasks are fulfilled by the PaaS providers at the back of the scene. The customers save on their money as well since the Google App Engine provides free usage within a certain limit. This is a great attraction for small web users to turn towards cloud computing for the storage and maintenance of their data. They make a responsible selection of the vendor who they would trust for the storage of their information and with the responsibility of maintaining their data as well as protecting it from unauthorized access. The argument is based on logical ground that when with the advancement of technology the organizations are getting the opportunity to outsource a part of their burden of data administration and maintenance with another vendor that supposedly has the expertise and resources to do their job, there is not enough reason why the organizations would not avail it. This particularly applies to the small organizations for which the cost of hardware installation is quite huge and also in house storage of data would imply unnecessary expansion of the IT department, while they could focus more upon their core functionalities. In some other cases, such as the LPG in Germany, the administrative systems operating in the company is old and has thrown up several problems in its computation processes. LPG has taken recourse to cloud computing with the faith that a remodeling of the existing structure of administration would be cumbersome and highly expensive. A total transfer of responsibility to a trustworthy cloud service provider would ensure much better operations and smoother and faster access to data. It would also ensure proper preservation of the documents and transparency in the entire system thereby allowing every staff to be aware of the maintenance of the quality standards. It has been found that LPG trusts Microsoft’s service much more than an internal management of the documents and believes in a better performance of the company that would be facilitated by the service provided by the virtual computation system. In another case of a start up enterprise like Zartis, the enterprise has opened up on the basis of the service rendered by the cloud computing system. Zartis is nearly a year old and within this short period of time has gained a big customer base. Its success can be attributed to the service provided by the virtual computing system that enables the company to outsource a part of its important responsibility to another vendor. The jobseekers are greatly benefited by the facility of integrating the application with their accounts in the social networking sites by which they can share the information of the jobs on offer with the other users and also check out what jobs their connections are applying to. If it had to build up the entire system of storage of data, it would still have been on the way of building up a complete set up and the launching of the application that helps the job seekers and recruiters to come on the same platform for the right choice of jobs or employees would still be awaited. Risks associated with cloud computing The cloud computing system has emerged with various benefits that accrue to the businesses when they use cloud technologies. However, the traditional IT department faces threat from the new entrance of cloud computing. Before the emergence of cloud computing, the companies blocked unwanted traffic that tried “to access the corporate network” (Hugos and Hulitzky 69) by creating a perimeter security through the installation of hardened firewalls. All the data were stored in-house and was hence assured of staying protected. With the usage of cloud computing the company owned data moves out of the corporate security boundaries and is stored in some remote place. The information uploaded to the cloud flow beyond the national border and the client companies mostly remain unaware of the place of storage of their data and even the country in which the data is being stored. This increases the need of the companies to make a proper selection of the service providing vendor so as to maintain good collaboration between the parties and ensure the applicability of the regulatory requirements on the use as well as storing location of the data. The clients should be knowledgeable of “the different formations of cloud” (Hugos and Hulitzky 69) in order to achieve flexibility for the needs of their business. The weaknesses of the firms get exposed to the external service providers through the usage of cloud facilities. This provides the gateway for professional hackers to explore the weaknesses of the business organizations and exploit them to obtain their data. They thus get access to the objectives, defense policies and security strategy of the firms. Recommendations The TechAmerica Foundation in the USA published some recommendations which would act as a detailed guideline which would help the US to stay on the forefront of the innovations relating to cloud computing. A higher adoption of cloud computing within the federal IT infrastructure would strengthen USA’s position in the international market and also push up performance by business enterprises in the decades to come. While the eventual shift to cloud computing seems inevitable, individuals and organizations should build the trust upon their service providers. The United States set an example by leading the way in dealing with the challenges that occur on the grounds of security and privacy to ensure smooth transnational data flows and help businesses realize cloud capacities to the fullest extent. The cloud providers should also share some responsibility in assuring least hindrance in the path of cloud usage by the customers. They should provide the customers some ways to evaluate the cloud implementations by which the system would become more transparent and they would earn the users’ confidence. Investments by the government would improve the infrastructure and the developments in technology, such as modernization of the broadband facilities and move to the IPv6, so as to further improve the service of cloud providers and enable them to take more concrete measures for security of the information stored in the cloud. It has to be ensured that the education system develops the skills required to build an efficient work force capable of working with the system of cloud computing and training programs training programs should integrate with the requirements of the cloud workforce. This would lead to the better adoption of cloud computing by the businesses and a customer-satisfying service would be provided by the service providers. Once the organizations are fully assured of the better functioning of their operations using cloud technologies, it would act like an incentive towards a “global development and adoption of cloud technologies” (Craig, “TechAmerica Foundation Unveils U.S. Cloud Computing Roadmap”). There has to be a development in three key areas; technical understanding of cloud computing, implementation procedure of the cloud and acquisition issues related to the cloud. Authentication verification has to be done across the cloud environment and any gaps or efficiency issues must be evaluated. For the assurance of hassle free relationship between providers and users, explicit terms and conditions should be framed for data portability and management of records. The recommendations issued by the TechAmerica Foundation apply to the deployment of cloud technologies within the United States as well as in other countries around the world. Conclusion Cloud computing system presents new abstractions for the data processing systems that operate in large scale. These are powerful abstractions that increase the scalability of the operations and improve the availability of the service. It supports rapid development of the service provided to the corporate on-demand. The server pools of the providers are large and managed without any manual intervention through a virtualized computing system. This aspect of cloud computing makes it an important field and makes the firms feel inclined to delve into. The magnetism of clouds computing is increasing rapidly since the firms are keen on lowering their overhead costs, and spend greater time and energy to look into matters that are otherwise neglected, by transferring some technical responsibilities to other vendors. This also reduces involvement of the managerial personnel of the firms and lessens their tensions. The firms can grow by increasing its employee strength or reduce it when necessary when it uses cloud computing. The discussion is still on, about how the hardware as well as the software can be managed efficiently by cutting cost, saving time as well safeguard the privacy of company information. One needs to specify whether to use one machine per service or whether to deploy one big machine and several virtual servers. The second concern arises regarding acquiring the cloud service; the customers might buy it and own it or might rent it from a service provider from a public cloud. In this situation the question of security surfaces since the customers use the service on rent and there are chances of the information being accessed by other customers that log in when this customer is not using. Besides, the third question is whether to keep a flexible provisioning to use the service from the cloud according to the need or whether to keep the service usage on always. With all the pros and cons of cloud service, it is becoming a mainstream practice quite rapidly. While the regular databases do not scale very well and are not elastic, the design of the cloud computing system that leads to its scalability is becoming a major advantage towards the usage of this system. There are numerous providers, such as, the Amazon EC2 imitators, IBM, Sun, Microsoft and several others, from among which the customers need to choose the right provider that would fit its requirement. Works Cited Anthes, G. (2010), Security in the Cloud, Communications of the ACM, 53 (11), pp. 16-18. Antonopoulos, Nick and Lee Gillam. Cloud Computing. Springer, 2010. Print. Abts, Dennis and John Kim. High Performance Datacenter Networks: Architectures, Algorithms, and Opportunities. Morgan & Claypool Publishers, 2010. Print. Baun, Christian. Cloud Computing: Web-Based Dynamic IT Services. Springer, 2011. Print. Boch-Andersen, Lisa. Private cloud services for the Government of Catalonia. Microsoft Europe. 11 April 2011. Web. 23 Jan. 2013. Boch-Andersen, Lisa. German hospital network increases data security and access, while cutting costs. Microsoft Europe. 16 Aug. 2012. Web. 23 Jan. 2013. “Cloud Providers Aren’t Much Concerned with Security.” Information Management Journal 45.4 (2011): 7. Print. Chorafas, Dimitris. N. Cloud Computing Strategies. Taylor & Francis US, 2011. Print. Craig, Stephanie. TechAmerica Foundation Unveils U.S. Cloud Computing Roadmap. TechAmerica Foundation, 26 July 2011. Web. 24 Jan. 2013. Grid and Cloud Computing. Springer, 2010. Print. Harding, Chris. Cloud Computing for Business: The Open Group Guide. Van Haren Publishing, 2011. Print. Hugos, Michael H. and Derek Hulitzky. Business in the Cloud: What Every Business Needs to Know About Cloud Computing. John Wiley & Sons, 2010. Print. Hastings, Robin. “Cloud Computing.” Library Technology Reports 45.4 (2009): 10-12. Print. Han, Yan. (2011), “Cloud Computing: Case Studies and Total Costs of Ownership”. Infromation Technology and Libraries 30.4 (2011): pp. 198-206. Web. 23 Jan. 2013. Jonge, Ruud de. Cloud computing brings job-hunting into the 21st century. Microsoft Europe. 21 Feb. 2012. Web. 23 Jan. 2013. Sosinsky, Barrie. Cloud Computing Bible. John Wiley & Sons, 2010. Print. Wang, Lizhe, Rajiv Ranjan, and Jinjun Chen. Cloud Computing: Methodology, Systems, and Applications. CRC Press, 2011. Print. Read More