Security Issues for Cloud Computing Systems - Research Paper Example

Security and Implementation Concerns of Cloud Computing Infrastructure Challenges and Guidelines 2, 3 Please enter the of your university here Abstract— In the past few years, the cloud computing technology has emerged as a dominant feature in information technology (IT). In fact, at the present no one can neglect the significance of cloud computing in information technology marketplace. Especially organizations using cloud environment for managing their business operations, have realized that implementation of cloud environment in an organization either at small level or at a high level may lead towards success. However, the serious concerns regarding this modern technology are also at peak. It is happening due to the fact that a large number of technological firms are adopting this leading technology in order to attain high success rate and competitive edge. At the same time, organizations must adopt precautionary measures in order to assure safe and reliable storage of money or valuable data. However, security is the top most concern in cloud environment. This research is aimed at presenting a detailed analysis of security issues in cloud computing environment. Index Terms; Cloud Computing; SaaS; IaaS; Security; I. Introduction At present there are a number of open distributed computer machines that offer efficient techniques and well developed ideas inside the complex modeling systems. It was the start of twenty first century when there had been a resourceful development. In fact that innovative development was taken place in the field of networking when researchers wanted to make global infrastructure of wireless broadband links along with mobile devices. The basic aim of this development was to offer quality services to clients. This aspect had also intended for general purpose computer systems and applications. However, the key goal as mentioned earlier was to implement such flexible arrangements that can be integrated with the user oriented functions [1, 2, 3]. The above mentioned scenario was defined to make clarify that cloud computing evolution is a principal element in the history of information technology (IT). Nowadays, rapidly growing organizations are about to move towards a centralized environment of storage. It is worth mentioning here that cloud computing environment has offered wonderful opportunity for IT firms either working nationally or internationally. Through cloud computing they cannot only easily manage the business effectively but also maintain the facilities in a centralized place in an effective manner within an organization. Hence, with cloud computing an organization can make its business smooth, scalable, responsive and share resources over the internet. In this way they can save massive investments and future of the business [4, 5]. These days, all the business organizations are aimed at formulating a secure information technology environment. On the other hand, every business has severe concerns related to its data security and privacy. Hence in order to maintain data safely and reliably they must have to implement secure cloud computing environment. This is necessary to attain significant growth. If organizations implement cloud computing by taking into considerations all the security and privacy related concerns, they can attain following advantages [6]: Easiness in accessibility Reliability of financial and organizational data Comprehensiveness of data Availability of financial and organizational data In this scenario, the above mentioned concerns are severe enough. If we make comparisons of concerns with growth rate we can easily perceive that the ratio of these issues has been increased considerably. In this situation, ineffective or insecure implementation of cloud computing arrangement and absence of security policy is also a question mark [6]. Without a doubt, cloud computing brings a large number of benefits and opportunities for all kinds of businesses however the successful implementation of a cloud infrastructure requires an organization to seriously address security and privacy issues. In fact, these security and implementation concerns discourage organizations and they don’t move to clouds. The basic aim of this research is to identify the security issues and concerns which hinder the successful implementation of cloud infrastructure. II. Discussion IT professionals believe that the most important factor of distributed systems include a shared arrangement of data and their tendency towards organizational and technological development. Sometimes a network needs to be connected with a number of independent firms along with servers. In this way we can form a distributed system. It is necessary to explain here that an organizational network also consists of several other elements and departments. In this scenario, the expansion of connections results in greater independency. However, data security is a critical issue. In addition, traditional distributed applications help users make efficient use of data and applications installed on distant networks without restraining them to networks that they are straightly associated to [6]. According to [6], in client-server systems the traditional functionality follows a framework which is separated into two parts. These are The user interface Management of the database One is about the user interface. We can also acknowledge it as a center of one or more applications that are triggered at the peripheral station acknowledged as a “client”. The next aspect is the effectual management of the database. It is sometime also described as separation of an application that we turned-on on another system. We can present it just like an example of server. Also, it is necessary to define that in every part of distribution within the network a server can perform the work which suites it a lot. Besides the two significant fractions, the applications are linked with specific software allowing communication between client and server. Hence client and server applications are tremendously flexible. It is due to the fact that user can get access to a database on a variety of networks. It is done with a graphic interface that does not exist on mainframe systems [6, 7]. In this technological era the cloud computing is considered as the modern development. IT researchers believe that this dominant aspect will prevail on all major business areas. In fact, there already exists a well-built mechanism for these innovative technological aspects. We have examples of its usage in various business sectors that include well known businesses for example Microsoft Corporation and IBM. However, there is a dire need for creating high-quality and high tech approaches to plan cloud services and its resources. Hence through its resourceful implementation we can guarantee maximal optimal efficiency [6, 8, 4, 5]. In this regard, modeling area has diverse activities which need more critical analysis with ongoing market trends. While implementing this architecture, service oriented architecture (SOA) based applications should be taken into account. Because of the prospective and swift accessibility of cloud services it is good to initiate deep study of results along with its numerous practical approaches as we have examples of cloud based services. Besides they are majorly developed for access control, business improvements, legitimate matters, protection and various realistic functional concerns of the business. Hence, getting, analyzing and conferring finest implementations on these matters will offer an opportunity for developing an effective work place environment and also for cloud services to their users [6, 4, 8, 5]. Moreover, this technological feature is valuable for effective management and utilization of resource abstraction on the network. Cloud computing environment has also involved the following matters [9]: Foundational design Scalability for the user Reducing infrastructural worries In is an admitted fact that the cloud computing provides an excellent support for IT based environment. It is good to say that this technological spectrum offers a distributed computing service. In this way an organization gets rid of buying, installing and maintaining expensive hardware, software, storage, servers, bandwidth and additional resources. Hence, IT professionals need not to take tension of managing all above mentioned resources in a short time and with less investment [10]. Technology Overview The rapid growth of cloud based infrastructure in all over the world has generated the ideas related to distribution and utility computing. Although the theoretical overlap is partially because of technological transformation, its practice as applications over the years. In addition, the idea of cloud computing possibly becomes apparent due to its efficient utilization in cloud image in order to make use of the internet or a number of huge networked arrangements. In this scenario, we need not ourselves concerned about the cloud environment. Regarding what goes on there apart from the constantly transmitting data and also receiving information. Presently this aspect is associated with a high level idea of the cloud. In this idea data and information, pipes and servers, routers provide valuable services. Though, the key software and hardware of networking have also potential but there other superior level services are being employed to construct these systems [11, 5, 10]. In addition, in order to access and use these services, data and resources a customer or user of such computing service does not need to take care of how it is applied, what hardware are being used in this application, about potential of possible technologies, how these technologies are charted and formulated for scalability and how they are handled effective [10, 5]. III. Security Risks and Cloud Computing When IT professionals work in a cloud based environment they face different kinds of risk. They normally face risks due to organizational policies or lack of proper standards. In this way risk factor assessment has its own importance, if not fulfills properly it may harm organizational growth. We need to administer and manage them in a useful way especially by adopting and regulating standards. While formulating secure and protected IT systems, we would have to deal with numerous customary security and privacy challenges [12, 13]. In addition, in case of cloud computing we have a high risk ratio. It is due to the fact that basic services are frequently being outsourced to a 3rd party, which is responsible for security management. This “externalized” characteristic of outsourcing makes it harder to uphold data integrity and privacy. In fact, an organization loses control over security administration and operational data. In this scenario organizations will have to revolutionize the essential IT working aspects and processes to outsource activities. Up till now, the basic jobs like implementation of patches and configuration of firewalls are included in the duty of the cloud service provider not the end-user of cloud services users. Consequently, many other significant features concerning cloud computing and review of risks and security issues within a cloud is considered hard for location where data physically located. In addition, various security standards required were once obvious are now buried at the back layers of abstraction. In this overall structure, the lack of visibility can create numerous security problems [12, 13]. Normally, it is seen that huge amount of data and information shared through cloud computing technology produces a key difference between cloud security and conventional IT atmosphere. In cloud environment sometimes the priorities of IT administration and implementations of cloud rules require diverse strategies. Hence, computer resources have to face changes in services. At the same time, varying service level agreements (SLAs), balancing business workload and today’s changing IT trends and features results in ineffective configuration, malicious conducts and data compromise. We have also analyzed that in cloud based environment the information and data based sharing calls which are intended for a high level of process automation and standardized, are able to facilitate business security by eliminating the risk of worker error. Though, the risks inherent through these shared arrangements indicate that cloud computing models have to keep a strict aye on identity, isolation and compliance [12, 13, 14]. Cloud computing offers a wide range of opportunities such as internet-based computing, flexibility, cost savings, communication services and storage facility for business users in all marketplaces comprising healthcare, financial and government. This latest method to computing permits users to get acceptable return from software and hardware investments, work together with others, achieve flexibility above all take benefit of the sophisticated services that cloud computing services providers presently offer. However, in spite of all its positive features, security is still a main issue for cloud users. In addition, cloud services providers have acknowledged the cloud security issues and are functioning in directions of making neutral and resolving such security related issues. On the other hand, cloud security is turning out to be a key source of gaining competitive edge over other cloud providers. Moreover, by implementing suitable security methods and practices, cloud security can soon be increased far above the point that IT departments attain by means of their own sophisticated software and hardware [15, 16, 3, 17]. As discussed above, cloud computing is a wonderful technology if it is used effectively. However, there are numerous reasons which can make selection of this innovative technology a bad choice. In this scenario, this section outlines some of the major security issues that are normally seen at cloud computing infrastructure. These security and privacy issues are discussed in many research papers and articles such as [17, 18, 19, 20, 21, 14, 22, 23]: 1. Governance In cloud computing environment the governance refers to control and errors over operational procedures, policies and standards for application development, as well as the implementation, design, monitoring and testing of deployed services. In this scenario, some security concerns can emerge while managing cloud services for a business. Moreover, any conflict between business and cloud service providers can cause some serious security problems. 2. Compliance Cloud computing infrastructure also involves compliance for instance, conformance with a recognized standard, specification, law or regulation. For this purpose, a wide variety of security and privacy laws, rules and regulations exist in different countries at all levels (i.e. state, nationwide and local levels). However, due to its innovative nature, the formation of conformity is a complicated matter in case of cloud computing. Hence, there are complications regarding establishment and fulfillment of standards at business level. In addition, such ineffective compliance factors also create several issues. 3. Trust factor In cloud computing environment, a business organization relinquishes direct control over numerous aspects of business as a result it faces severe issues. It happens because a business organization shows an extraordinary level of confidence on cloud service provider. Thus, due to ineffective treatment of this issue organizations can face various serious problems regarding business data safety and security. 4. User access In cloud computing environment, secret data of an organization is processed outside the organization, which brings natural intensity of risk, for the reason that outsourced business management services avoid the logical, physical and personnel controls, so there can emerge different user access based issues. On the other hand, secret and precious data of an organization is processed and managed by an external entity so any person with some privileges can access it. In this way, cloud computing involves some user access related issues. 5. Data location In cloud computing environment, an organization almost certainly would not be aware of precisely where their business information and data is hosted or located. In fact, they might not still be aware of what nation it will be stored in. In this scenario, many serious problems can occur including business data illegal access and processes management. 6. Data segregation Business information and data in a cloud computing environment is normally stored in a shared atmosphere alongside information and data from other businesses and market competitors. Though, cloud computing service providers use encryption techniques to ensure information privacy however it is not an effective solution. On the other hand, there is greater chance that our data and information can be accessed by a market competitor which can cause serious damage to our business arrangement. 7. Data Recovery As discussed above, in cloud computing environment we actually don’t know where our data and information is stored. Hence, in case of a disaster we even do not know where our data is and if it is possible to get the deleted data back. Moreover, many cloud service providers assure us that our data is secure however in case of any huge natural disaster we relying on the cloud service providers and if they fail to retrieve back the data, our entire business can fail. 8. Investigative support In cloud computing environment, it is not possible to have some investigating services and support which could inform us regarding wrong or illegal activity. In fact, cloud computing based services are particularly complex to examine, for the reason that logging data for numerous customers can be co-located and can as well be spread all-through ever-changing group of hosts and data centers. Therefore, it is a great risk factor for business and customer areas. 9. Long-term viability Though, a cloud computing services provider will never get acquired or swallowed up by other business corporations. However, we must make sure that business operational data will remain safe and available yet besides such an event. In addition, in case any competitor business acquiring the cloud computing services our organization will remain under threat from data safety and exposure. 10. Hypervisor Complexity In traditional computing environment, the security of a computer system completely relies on the quality of fundamental software kernel that is responsible for managing the captivity and execution of system processes. On the other hand, in cloud computing environment there is no controlling mechanism that can effectively handle and manage the business functions. Hence, this situation leads to vital security and privacy concerns. 11. Availability In cloud computing environment, availability is the biggest matter of concern for a business. In this scenario, availability refers to the degree to which an organization’s complete set of computational resources is available and working properly. In addition, availability can influence permanently and temporarily. As a result, an organization can face some internal or external security attacks. Moreover, these attacks can cause serious damage to business. 12. Denial of Service In case of large size organizations especially the businesses based on web based arrangement the denial of service attack engages flooding the target by means of bogus resources and data requests to stop it from replying to valid requests in a timely way. In cloud computing environment, there is greater chance of taking place such kind of attacks that can lead to serious business problems. As a result, organization cannot work effectively. 13. VM-level attacks Possible issues, attacks and vulnerabilities in VM (virtual machine) used by cloud service providers can also cause serious security issues for a business. In fact, a lot of vulnerabilities have comes into view in Xen, VMWare and Microsoft’s Virtual PC and Virtual Server based technology arrangements. However, technology vendors like that Third Brigade has resolved possible VM-level security issues and aspects through proper monitoring and implementation of firewalls. 14. Network Attack While using cloud service users have to protect the arrangements utilized with the purpose of communicating with the cloud, which can be risky for the cloud as it resides outside the firewall in a lot of cases. 15. Authorization and Authentication The corporate authorization and authentication arrangements do not physically extend into the cloud. In many cases the issues regarding proper authentication and authorization lead to complex business system access and management. In this scenario, it becomes really hard to offer full or partial access to business systems and corporate data. IV. Results There is a greater demand to steadily manage, store, share and examine huge amounts of complex (for example semi-structured and unstructured) business information and data to decide patterns and trends with the intention of improving the performance of business. The research shows that the usage of cloud computing technology for the management of business operations is increasing day by day. The majority of business organization at the present are adopting cloud environment to improve their business performance. Seeing that, cloud computing provides a lot of advantages for the businesses but due to the decisive nature of cloud computing applications, it is essential that clouds should be made protected. In this scenario, the main challenge that organizations are currently facing with clouds is that the owner of the data cannot have full control over data. In addition, they don’t know where their data is physically located. Moreover, if one desires to get advantages from cloud computing, they need to be familiar with the resource allocation and development provided by clouds. In addition, the rapidly growing cloud computing model tries to deal with the volatile expansion of web-connected systems, as well as manage huge volumes of information and data. In this scenario, Google has recently launched MapReduce framework for managing and processing large volumes of information and data on service hardware. Hence, we immediately need a system that is capable of managing a large number of websites and huge amounts of information and data. In this scenario, modern systems such as HDFS and MapReduce are not enough for the reason that they do not offer sufficient security systems to protect sensitive business data [14, 18, 24, 25]. There are numerous security issues and concerns organizations still face in cloud computing environment. There is need to improve this innovative technology. V. CONCLUSION/Summary In the past few years, the cloud computing has become one of best technologies. At the present no one can neglect the significance of cloud computing in information technology marketplace. In fact, cloud computing is acknowledged as technology of future for the businesses. Above all, organizations using cloud environment for managing their business operations, have realized that implementation of cloud environment in an organization either at small level or at a high level is essential for the business success. However, the serious concerns such as several security issues regarding this modern technology are also at peak. It is happening due to the fact that a large number of technological firms are adopting this leading technology in order to attain high success rate and competitive edge. At the same time, organizations must adopt precautionary measures in order to assure safe and reliable storage of money or valuable data. However, security is the top most concern in cloud environment. This paper has presented a detailed analysis of fundamental security and privacy issues that business organizations face while using cloud computing. This paper has summarized the analyses of different research papers, reports and web sites. This research has highlighted a number of issues which are basically hindering in the success of cloud computing. VI. Recommendations In this paper I have discussed a wide variety of issues that hinder the successful implementation of cloud computing. Though, I have also presented recommendations and guidelines along with the major problems but in the future I will conduct a detailed research on solutions which can be adopted by organizations to address these issues. I will conduct research on techniques that are appropriate for cloud environment. VII. References 1. D. Hales, "Distributed Computer Systems," 2008. [Online]. Available: http://cfpm.org/~david/papers/hales-dist-sys8.pdf. [Accessed 19 March 2014]. 2. S. Frischbier and I. Petrov, "Aspects of data-intensive cloud computing," in From active data management to event-based systems and more , Heidelberg, Springer-Verlag Berlin, 2010, pp. 57-77. 3. J. Cooke, "The Shift to Cloud Computing: Forget the Technology, It’s About Economics," Cisco Internet Business Solutions Group (IBSG), San Jose, CA, 2010. 4. D. Binning, "Top five cloud computing security issues," 10 April 2009. [Online]. Available: http://www.computerweekly.com/news/2240089111/Top-five-cloud-computing-security-issues. [Accessed 20 March 2014]. 5. Sys-Con, "A Security Analysis of Cloud Computing | Cloud Computing Journal," 2009. [Online]. Available: cloudcomputing.sys-con.com/node/1203943. [Accessed 20 March 2014]. 6. A. Armoni, "Data Security Management in Distributed Computer Systems," Informing Science, Vol.5 no. 1, pp. 19-27, 2002. 7. M. Pokharel and J. S. Park, "Cloud computing: future solution for e-governance," in ICEGOV 09 Proceedings of the 3rd international conference on Theory and practice of electronic governance, 2009. 8. K. Hartig, "What is Cloud Computing?," 13 December 2009. [Online]. Available: http://cloudcomputing.sys-con.com/node/579826. [Accessed 20 March 2014]. 9. J. L. Leidner, "Cloud, Grid, or Cluster? Clarifying the Terminology of Distributed Computing," 2010. [Online]. Available: http://jochenleidner.posterous.com/cloud-grid-or-cluster-a-clarifying-note-on-th. [Accessed 19 March 2014]. 10. AllthingsCRM, "Cloud Computing for Dummies," 2012. [Online]. Available: http://www.allthingscrm.com/cloud-computing/cloud-computing-for-dummies.html. [Accessed 20 March 2014]. 11. L. Schubert, "THE FUTURE OF CLOUD COMPUTING: OPPORTUNITIES FOR EUROPEAN CLOUD COMPUTING BEYOND 2010," European Commission, 2012. 12. IBM, "Security and Cloud Computing," 2009. [Online]. Available: http://public.dhe.ibm.com/common/ssi/ecm/en/tiw14045usen/TIW14045USEN_HR.PDF. [Accessed 19 March 2014]. 13. RaviTejaManda, V. Reddy and R. M, "Project Report: Securing a Cloud," 2011. [Online]. Available: http://s3.amazonaws.com/files.posterous.com/iben/hAOkndfWLamdg5zv1XY2PPSSWCmKZG0huHd0ATVZAl1T3Q6y1N5YgVEyerH0/Final_Report_CSC591_N2A2.pdf?AWSAccessKeyId=AKIAJFZAE65UYRT34AOQ&Expires=1330156682&Signature=Kd8zQhzpxIX01PuVp6Bh6lebV6I%3D. [Accessed 18 March 2014]. 14. K. Hamlen, M. Kantarcioglu, L. Khan and B. Thuraisingham, "Security Issues for Cloud Computing," International Journal of Information Security and Privacy, Volume 4 Issue 2, pp. 39-51, 2010. 15. Trusted Computing Group, "Cloud Computing and Security –A Natural Match," April 2010. [Online]. Available: http://www.trustedcomputinggroup.org/files/resource_files/1F4DEE3D-1A4B-B294-D0AD0742BA449E07/Cloud%20Computing%20and%20Security%20Whitepaper_July29.2010.pdf. [Accessed 15 March 2014]. 16. S. Mansfield-Devine, "Dangers in the cloud," 2012. [Online]. Available: http://www.webvivant.com/dangers-in-the-cloud.html. [Accessed 21 March 2014]. 17. J. L. Kourik, "For small and medium size enterprises (SME) deliberating cloud computing: a proposed approach," in ECC11 Proceedings of the 5th European conference on European computing conference, 2011. 18. R. Chow, P. Golle, M. Jakobsson, E. Shi, J. Staddon, R. Masuoka and J. Molina, "Controlling Data in the Cloud: Outsourcing Computation without Outsourcing Control," in CCSW 09 Proceedings of the 2009 ACM workshop on Cloud computing security, 2009. 19. A. A. C. Fauzi, A. Noraziah, T. Herawan and N. M. Zin, "On cloud computing security issues," in ACIIDS12 Proceedings of the 4th Asian conference on Intelligent Information and Database Systems - Volume Part II , Springer-Verlag Berlin, Heidelberg, 2012. 20. Z. Wang, "Security and Privacy Issues within the Cloud Computing," in ICCIS 11 Proceedings of the 2011 International Conference on Computational and Information Sciences, IEEE Computer Society Washington, DC, USA, 2011. 21. D. Zissis and D. Lekkas, "Addressing cloud computing security issues," Future Generation Computer Systems, vol. 28, no. 3, pp. 583-592, 2012. 22. A. Bisong and S. (. M. Rahman, "AN OVERVIEW OF THE SECURITY CONCERNS IN ENTERPRISE CLOUD COMPUTING," International Journal of Network Security & Its Applications (IJNSA), Vol. 3 no. 1, pp. 30-45, 2011. 23. J. Brodkin, "Gartner: Seven cloud-computing security risks," 02 July 2008. [Online]. Available: http://www.infoworld.com/d/security-central/gartner-seven-cloud-computing-security-risks-853. [Accessed 20 March 2014]. 24. P. Rane, "Securing SaaS Applications: A Cloud Security Perspective for Application Providers," 2010. [Online]. Available: http://www.infosectoday.com/Articles/Securing_SaaS_Applications.htm. [Accessed 22 March 2014]. 25. W. Halton, "Security Issues and Solutions in Cloud Computing," 25 June 2010. [Online]. Available: http://wolfhalton.info/2010/06/25/security-issues-and-solutions-in-cloud-computing/. [Accessed 22 March 2014]. 26. E. Turban, D. Leidner, E. McLean and J. Wetherbe, Information Technology for Management: Transforming Organizations in the Digital Economy, New York: Wiley, 2005. Read More