Cloud Storage and Bad Model in Terms of Security and Privacy - Coursework Example

CLOUD STORAGE IS THE WAY FORWARD FOR MANY ORGANIZATIONS, BUT MANY PROVIDERS OFFER A BAD MODEL IN TERMS OF SECURITY AND PRIVACY By of the Class Name of the Professor Name of the School City, State 15 May 2015 Introduction According to Waschke, cloud is a largely written architecture which touches on every aspect of today’s computing and can stimulate the development of many indescribable and inexpressible technologies (2012). Properly applied, it will be able to change the way people, businesses, organizations and government agencies perform their operations. Cloud storage is a component of cloud computing without which cloud computing cannot be of any importance (Coyne, Gopalakrishnan and Sing 2014). Therefore, it is a service model whereby data are remotely maintained, managed, backed up and accessed via a network as is shown in figure 1 below (Nelson, Joos and Wolf 2011). The increasing interest in cloud storage coincides with the challenges presented in cloud computing by the traditional information technologies. Cloud storage is categorized into three various models as public, private and hybrid clouds (Josyula, Orr and Page 2012). Public model involves outsourcing of applications and delivering access to them via a public internet. Private model involves delivering applications through corporate run networks and computing setups (Endicott-Popovsky 2013). Hybrid cloud storage is a combination of some features of the public and private cloud models. This paper is a report discussing the reasons why cloud storage is the way forward for many organizations yet many providers offer a bad model in terms of security and privacy. It also discusses the objections to the above assertions. Nonetheless, as part of the report the paper will first briefly touch on the elements of cloud storage and then a description how it works. Figure 1: Cloud storage architecture Figure 1 above shows how data from the computers and other mobile devices are stored externally in the database storage. The apache server which the cloud is connected to is the point of connection for access and retrieval of stored data. Elements of cloud storage According to Kapadia, Varma and Rajana, the elements of cloud storage constitute the benefits as well as the limitations (2014). The benefits of cloud storage include reduced total cost of ownership (TCO) which is found to be the heart of cloud storage. This means total of capital expenditures (CAPEX) which is based on equipment and operational expenditures (OPEX) based on administrators and the infrastructure are greatly reduced. Secondly, there is unlimited scalability because it is built on distributed systems hence it is well balancing. Also it has the benefit of elastic virtualization (Vengurlekar 2013). This implies it offers elastic as well as an integrated storage pool without any underlying hardware. Similarly, cloud storage offers the benefit of on-demand meaning paying for what is used i.e. paying for the data stored and data accessed. Finally, there is universal access in cloud storage. This is because of its flexibility and therefore does not limit the number of users or their location of access (Adoga, Rabiu and Audu 2014). For example Microsoft Azure, which is an open flexible enterprise grade of cloud computing platform is a faster, money saving and integrates on-premises apps and data (2015). Moreover, the cloud storage presents a number of limitations which include multi-tenancy. This is both a benefit and a limitation because sharing with other agencies or organizations poses security threats (Vengurlekar 2013). There is also low performance option in cloud storage because it only enhances reliability and costs but not the performance hence may not be good for databases with high-performance computing systems. As such they are likely to be deemed unfit for many organizations. Cloud storage requires cloud gateway or a change application without which there will be availability with partial tolerance and no consistency. How cloud storage works Strickland says that cloud storage is a means of saving data to an external storage system. It is managed by a third party unlike in a computer hard disk or any local storage device i.e. saving to a remote database (Strickland 2015). Cloud storage system requires a data server with an internet connection for recording information or data. The information can then be retrieved by accessing the data server via a web-based interface. The server can send the information/files to the client or just be accessed and manipulated on the server. Cloud storage systems depend on numerous data servers, a condition that is termed as redundancy. This caters for the occasional cases of maintenance and repairs to computers. Cloud storage systems include Google Docs which enable users to upload documents/information to Google’s data servers. Other storage systems include Web mails like Yahoo, Gmail and Hotmail and other online sites like Flickr. Strickland also asserts that the major concerns about cloud storage system are reliability and security. Therefore techniques such as encryption of data, authentication codes and authorization processes are applied to secure the data. A study by Mather, Kumarasamy and Latif reveal that cloud storage services are affected by outages of which the level of severity and extent of impact vary from customer to customer (2009). This affects an organization’s productivity, revenue, customer satisfaction and level of service compliance. For example the one-day Gmail’s outage in October, 2008, Amazon’s S3 seven hours of downtime in July 20, 2008 and FlexiScale’s 18 hours of outage in October 31, 2008 (Information Research Management 2015). The following diagram in figure 2 represents how data is stored in a cloud storage environment. Figure 2: How data is stored and retrieved in a cloud storage environment. The diagram above shows how data is stored and backed up in a cloud storage system such that it is easy to be retrieved at any given time. The agents represented in the diagram refers to the cloud storage providers while the clients are the individual customers, organizations or companies whose data are stored in the cloud system. It is evident from this diagram that cloud storage is a scalable platform for data storage which is accessed through the internet (Null and Lobur 2015). Also cloud storage capabilities vary depending on the manner of choice of the provider the user/client makes. Reasons why Cloud storage is the way forward for many organizations yet many providers offer a bad model in terms of security and privacy. A report by Top Ten Review conducted a research and released a 2013 version of the top ten major cloud storage providers (Meghanathan, Nagamalai and Rajasekaran 2014). It discovered that there are bad models of cloud storage which have been promoted by some cloud providers. In their report, Cloud.com topped the list followed by SugerSync, Egnyte, YouSendit, Dropbox, Open Drive, Mozy, Online Storage, Carbonite and lastly Box. The criteria used to rate the models was based on storage space in regard to monthly price, features/format, access, security and platforms. The conclusion was that some providers of cloud storage services do not meet the standards of cloud storage provision as far as cloud storage is concerned. Nicoletti says it is an institutional responsibility to handle confidential information of clients, employees and suppliers. And such information is to be kept in an in-house system or a third-party vendor system (2013). This shows the importance of cloud storage to such institutions that is a repository for confidential data. As it is reported in the Western and European Union countries, regulatory measures have been adopted for the protection of sensitive and confidential data. For example, the European Union Directive 95/46 on the shielding of an individual’s data processing and transfer of such data. The Directive regulates how information is collected, recorded, used and disseminated hence restricts movement of data to external countries that are beyond the European Union borders. Cloud storage is the storehouse for all scripts, applications, agents and reports (Mahmood and Hill 2011). There is a common storage pool shared with the whole compute instances. Data sharing among storage service providers happens through some frameworks. However, direct sharing of the storage system across a data centre is totally out of question. A cloud platform therefore is deployed as a set of instances to reduce the network latency. The configured instances across cloud providers ensure secure communication among the various providers through the cloud gateway. The cloud platform manages the platforms via secure network communication. Cloud storage ensures the accountability of an organizational data as a way forward for the organization’s operations. Accountability in an organization means one can generate a report on the context of data usage and governance that environment (Jaatun, Zhao and Rong 2009). It is reported that to date, national and international privacy protection methods are under public law influences and regulatory strategies. This means there is no effective privacy protection hence data storage is highly compromised. Studies show that the current cloud security models are centred on the assumptions that a client should trust the cloud service provider (Pearson and Yee 2013). This describes the mutual expectations and obligations yet does not cater for privacy when building complex infrastructures. Cloud storage guarantees the integrity of data to an organization because it does not allow for unauthorized access to the stored data. For example, a Chinese transportation company was facing the challenge of data overload. The officials were overwhelmed with such massive wealth of challenges. Cloud was chosen as the business technology to solve the stalemate. This would then help in developing strategic guide to enable the business process data modelling and simulations (Chang, Walters and Wills 2015). In as much as cloud storage is increasingly becoming the way forward for organizations, it has been found that some providers are not keeping up to what is expected of them in terms of security and privacy. For example Martinez, Garcia and Marin-Lopez cite an example of Carbonite, a cloud storage provider which was using its hardware for faulty equipment hence leading to the loss of customers’ data (2014). Reasons why the Cloud storage is not the way forward for many organizations and providers do not offer a bad model. Due to the increasing rise of large data, cloud storage providers have made massive strides in order to provide the users/clients with mass storage in the online platforms (Wang et al, 2015). This was reported from the International conference of young computer scientists, engineers and educators held in China earlier this year. However, despite the advantages guaranteed by cloud storage system, there are concerns which users/clients consider as fallbacks to the growth of cloud storage system. This therefore means that cloud storage is not the way forward for many organizations as it would be perceived to be. The underlying reasons to these claims are as indicated by the following assertions. Reports have shown that cloud storage as a component of cloud computing is faced with security challenges (Furt and Escalante 2010). With the emerging internet technology there is lack of control and access which raises questions from the users about the cloud storage system. For example, in the banking systems when a client deposits cash in an account, he is left to depend on the technology and financial integrity of the bank to oversee his virtual asset. This is proves that cloud storage is not the best way forward for many organization due to security concerns. Most cloud storage providers have strived to ensure the reliability and availability of the services via service level agreements (SLA). Nevertheless, there are impending dangers which render cloud storage ineffective. Software bugs, user/administrator errors, mischievous insiders and natural catastrophes are highly unpredictable putting the cloud data in danger. Reports show the appearance of many cloud providers during the periods of service disruption. And they may offer compensations as the only means when the service level agreement is broken but this does not reduce the clients’ loss at all. Similarly, users of cloud storage system have a vendor lock-in. this is because it is difficult for the cloud storage users to switch from one cloud service provider to another. Some of the providers will definitely charge the cloud users for data download which may be expensive as the data stored are usually very huge. Furthermore, cloud storage providers do not provide common service interface to one another. This makes migration of data in cloud storage very difficult hence users/clients will be locked in the particular provider chosen whether the services are good or not. Additionally, because of the outsourcing of data in the cloud storage system, users lose control of them. This poses threats to the data security and as a result sensitive data become uncovered to the cloud managers. Sensitive data may therefore be permanently damaged or stolen by malicious hackers leading to very huge losses. For example the hacking into someone’s mail is due to the fact the details are exposed to someone somewhere without the owner’s knowledge. Hence cloud storage is not the way forward for organizations. Recommendations on choosing good cloud storage providers. Isom and Holley assert that there is an increasing trend in choosing cloud service providers by organizations (2012). This is in line with transforming business processes like marketing and finance. Vermaat argues that cloud storage providers allow for easy synchronization of data on a computer and any other mobile device to one or multiple servers in remote locations (2015). Therefore, the following are recommendations to act as guidelines when it comes to choosing a good cloud storage provider as a client or an organization. i. Verification of the company’s reputation. The cloud storage provider must have existed in the business for sometimes. This is to ensure that the selection is made on a reliable provider. ii. The cloud storage provider must be able to encrypt the data or files without which there is no guarantee for security and privacy. Also the provider should not have been involved in cases of security breaches. iii. Compatibility. The cloud storage provider’s services must be compatible with your computer or the device being used. iv. It is good to do a comparison of numerous storage plans and select a provider with a competitive price. v. Data back-up. The cloud storage provider chosen must be able to support the data files for back up purposes. For example certain cloud storage providers may only allow back up of photos hence personal files like spreadsheet are not taken care of. vi. Shareability. You can also choose a provider that allows sharing of selected files with others especially in a company set up where data files are stored for daily operations. Conclusion According to Wang et al, cloud storage offers benefits as well as challenges on issues like availability of services, vendor lock in and data security (Wang et al, 2015). One way of mitigating this involves good selection of service providers. Researches have demonstrated efficiency and accuracy in amount of time, using parameters taken from reliable cloud storage providers. In choosing a cloud storage provider, there are service level agreements (SLAs) that must be signed so that the provider is held accountable for any unmet parameters (Chang, Walters and Wills 2015). Because security and efficiency are the major concerns for most clients, the design criterion in choosing a cloud storage provider must be built on reliability (Han, Choi and Song 2013). Also choosing cloud storage strategy should involve considering benefits and risks. Organizations put in place governance programmes to gather stakeholders to provide inputs into cloud storage strategy. Because cloud computing is in a state of continuous and rapid evolution, assessment measures need to be included in the strategy (Han, Choi and Song 2013). This is an evaluation process which ensures that the cloud storage solution keeps on meeting the needs of the organization such as privacy, confidentiality, data integrity and controls and information governance (Vermaat 2015). References Adoga, Jonathan A., Rabiu, Garba M. and Audu, Amos A., 2014. Criteria for Choosing an Effective Cloud Storage. Nasarawa State: IJCER. [pdf] Available at: [Accessed 13 May 2015]. Chang, V., Walters, Robet J. and Wills, G., 2015. Delivery and Adoption of Cloud Computing Services in Contemporary Organizations. Hershey, PA: Information Science Reference. Coyne, L., Gopalakrishnan, S. and Sing, J., 2014. IBM Private, Public, and Hybrid Cloud Storage Solutions. International Business Machines Corporations. Endicott-Popovsky, B. Ed., 2013. Proceedings of the International Conference on Cloud Security Management. Washington: Academic Conferences and Publishing International Limited. Furht, B. and Escalante, A., 2010. Handbook of Cloud Computing. New York: Springer. Han, Keesock J, Choi, B.and Song, S., 2013. High Performance Cloud Auditing and Applications. Dordrecht: Springer. Information Resources Management Association, 2015. Standards and Standardization: Concepts, Methodologies, Tools and Applications. Hershey, PA: Information Science Reference. Isom, Pamela K. and Holley, K., 2012. Is Your Company Ready For Cloud? Choosing The Best Cloud Adoption Strategy For Your Business. International Business Machines Corporation. Jaatun, Matin G., Zhao, G. and Rong, C., 2009. Cloud Computing: First International Conference, Cloudcom 2009, Beijing, China, December 1 – 4, 2009: Proceedings. Berlin: Springer. Josyula, V., Orr, M. and Page, G., 2012. Cloud Computing: Automating the Virtualized Data Center. Indianapolis, IN: Cisco Press. Kapadia, A., Varma, S. and Rajana, K., 2014. Implementing Cloud Storage with Open Stack Swift. Birmingham: Packt Publishing. Mahmood, Z. and Hill, R., Ed., 2011. Cloud Computing for Enterprise Architectures. London: Springer. Martinez, Antonio R., Garcia, Fernando P. and Marin-Lopez, R., 2014. Architectres and Protocols for Secure Information Technology Infrastructure. Hershey, PA: Information Science Reference. Mather, T., Kumaraswamy, S. and Latif, S., 2009. Cloud Security and Privacy. Beijing: Cambridge University Press. Meghanathan, N., Nagamalai, D. and Rajasekaran, S., 2014. Networks and Communications (Netcom2013) Proceedings of the Fifth International Conference on Networks and Communication. Cham Imprint: Springer. Microsoft Azure, 2015. The Cloud for Modern Business. [online] Available at: [Accessed 15 May 2015]. Nelson, R., Joos, I. and Wolf, D., 2011. Social Media for Nurses: Educating Practitioners and Patients in a Networked World. New York: Springer Publishers. Nicoletti, B., 2013. Cloud Computing in Financial Services. Hampshire: Palgrave Macmilllan. Null, L. and Lobur J., 2015. The Essentials of Computer Organization and Architecture. Burlington: Jones and Bartlett Learning. Pearson, S. and Yee, G., 2013. Privacy and Security for Cloud Computing. London: Springer. Strickland, J., 2015. How Cloud Storage Works. [online] Available at: [Accessed 13 May 2015]. Vengurlekar, N., 2013. Database Cloud Storage: The Essential Guide to Oracle Automatic Storage Management. Osborne: McGraw Hill. Vermaat, Misty E., 2015. Enhanced Discovering Computers, Brief: Your Interactive Guide. Shelly Cashman. Wang, Hongzhi et al, 2015. Intelligent Computation in Big Data Era: International Conference of Young Computer Scientists, Engineers and Educators, ICYCSEE 2015, Harbin, China, January 10-12, 2015 Proceedings. Berlin: Springer. Waschke, M., 2012. Cloud Standards: Agreements That Hold Together Clouds. New York: CA Press. Read More