The Main Security Issues and Aspects in Cloud Computing Based Technology Arrangement - Research Proposal Example

CLOUD COMPUTING SECURITY Name Date Table of Contents INTRODUCTION 3 LITERATURE REVIEW  4 METHODOLOGY 10 Main Security Concerns at Cloud Computing 11 VM-level attacks 11 Cloud Technology Supplier vulnerabilities 12 Phishing 12 Network Attack 12 Authentication and Authorization 12 Forensics in the cloud 13 RESULT  13 DISCUSSION  15 CONCLUSION 16 REFERENCES 17 INTRODUCTION Cloud computing is considered to be a rising computing platform and the model which facilitates users/clients to keep their personal data and information from a remote location into a framework known as cloud. The purpose of the cloud is to offer extendable resources and services as and when diverse users need them. In particular for low-level and average-range businesses through inadequate financial resources, they are able to reduce cost extensively and enhance the efficiency through employing cloud-based support to handle large developments, to create alliances, as well as similar functionalities. But, facilitating cloud service providers or CSPs those do not exist inside the reliance areas like business clients, to support secret business data and decision making information, can possibly produce much of the confidentiality as well as safety based concerns of the business (Wang, Liu and Wu; Anthes). As all technologies and systems have some limitations, the structure of the cloud computing also encompasses a lot of issues. This research will present a deep analysis of some of the main security issues and aspects in cloud computing based technology arrangement. The main intention of this research is to assess and analyze some important security related aspects and highlight them with better view of current technology based hindrance in the way of successful application of new technology based cloud computing arrangements. LITERATURE REVIEW  Cloud computing is considered as a most modern development in this technology based era, plus there exists together immense prospect and fright to what penalties/costs these new and innovative technologies are able to offer. From the knowledge through the deficiency of implementation of SOA amid the wide-ranging evolution area the suggestion is to ensure that the evolution area tackles that how cloud computing progresses. However there exists already well-built encouragement intended for these innovative technologies as of various businesses for instance Microsoft Corporation and IBM, there as well exists a need to discover high-quality approaches of planning cloud services and resources to guarantee utmost eminence as well as optimal efficiency. Modeling area has diverse activities those need more analysis with ongoing conceptions as of the SOA technology based period that should be taken into account. Furthermore because of the prospective swift accessibility of cloud services it is imperative to initiate investigating the results of practicing such cloud based services. Such as mechanism intended for access control, legitimate matters, evolvement implementations, protection as well as realistic functional concerns of the business. Getting, analyzing and conferring finest implementations on these matters will offer a strong progress inside the precise trend intended for those who will build and offer cloud services to their users (Lennon, Skar and Udnaes; Chow, Jakobsson and Masuoka). In addition, the perception and consideration of the cloud computing comprises several practices, designed on the basis of valuable services they offer, diligent service, framework of utility and grid computing environment, to software like an implementation service. Despite a particular framework, the useful perception of this computing paradigm described that user’s private and secret data plus information, which may perhaps be about persons, businesses or corporate, is processed from some distant location with the help of anonymous systems which clients do not usually have otherwise control. This technique reveals expediency as well as competence, though; it usually produces confidentiality plus safety threats. An imperative blockade to the acceptance of cloud resources plus services is the client’s panic of private plus sensitive data (most importantly economic data and information) outflow in addition to less effective practice of confidentiality within the cloud computing environment (Lin; Lombardi and Pietro; Kandukuri, V. and Rakshit; Sumter; Anthes). However, except hi-tech methods to alleviate customers’ problems are established, this may perhaps confirm critical to a lot of diverse cloud services forms. In this scenario the security of clients’ vital data ought to take into account the influence of the cloud as of the moment as the data and information is produced till the moment the user data and information is organized proficiently. So far, an imperative subject to be responded in the working style of cloud computing service comprise the following spects: “How a client is able to rapidly locate a cloud computing service supplier who convenes his or her data privacy or confidentiality needs, agree with the cloud service by means of approved privacy plans and follow how he/she utilizes data?” Specifically, we are typically experiencing the contests presented below as: (Lin; Lombardi and Pietro; Kandukuri, V. and Rakshit; Sumter; Anthes) The moment a cloud user begins his or her cloud practice, he or she may perhaps observe plenty of possible service suppliers of the cloud. In this situation the cloud user is requested to physically recognize the cloud service provider which convenes his/her confidentiality necessities plus this is frequently a considerable trouble for users of the cloud computing platform. Users simply are not able to trust in conformist privacy strategy assessment techniques as those techniques are typically planned and developed for off-line investigation plus might not be resourceful to be implemented inside the cloud computing environment for a swift choice of an appropriate cloud service provider. The moment a cloud service provider is selected proficiently, a widespread privacy or confidentiality strategy involving the cloud client and the cloud service supplier (otherwise yet service provider’s outworkers) is required to be set up since in the majority scenarios, the provider’s rule might not accurately go with the clients’ privacy need and necessities. In this situation an easy solution that we can implement may perhaps be to design a fresh privacy rule/strategy for the entire involving groups, which though usually necessitate much work on communication/ cooperation and this process is able to be observed as an extremely lengthy one. Throughout the cloud service offering to the user, an imperative tough issue is to ascertain that the cloud user’s secret data and information is really managed since approved through the involving groups. However there are several methods to make sure the legitimate access to privacy protected data, latest useful technologies have slight to present for encouraging persons that their private data plus information is being utilized resourcefully for the exploitation and intentions they authorized only. This is particularly decisive among an active framework of the cloud. Considering this scenario, it is clear that there exists an imperative require of computational methodologies which attain powerful and reliable data protection mechanism, further than access control tactics. In addition, cloud computing presents a smart and latest technology intended for end users to “rent” strong hardware capabilities from distant location, as well as invoices in the same manner as they were disbursing for gas or electricity bills. Additionally, the majority prime cloud service providers now are inclined to favor the “solid” cloud computing paradigm. In this paradigm users/clients offer processing as well as data and information storage space requirements to the cloud lacking complete significant where, when, plus how their requirements are managed. For example, Google App Engine quota resources, Amazon EC2 cases, Microsoft Azure compute cases, and Rackspace Cloud servers are the entire practical components of CPUs, memory units and storage space. These elements are additional of Quality of Service (QoS) assures than substantial particulars of the cloud communications on its own. In reality, the incredibly preliminary basis of cloud computing suggests the solid character of the cloud computing environment. Some powerful causes exist that why cloud environment should not be entirely clear to the end users of the cloud. CSPs are doing the business and getting huge revenues. This objective is converted into 2 functional needs: 1. Reducing the cloud resource utilization inside their cloud computing environments, regarding hardware framework, power, and administration overheads 2. Fulfilling the needs of cloud implementations through offering an enhanced QoS According to (Liu and Gopalan), both of these objectives are frequently disagree with one another; to attain symmetry, the CSPs (Cloud Service Providers) are ever more implementing enhanced virtualization technology. Virtualization technology is the capability to clearly run several virtual machines over a distinct physical processing unit. Virtualization technology facilitates service providers to enhance machine resource exploitation through putting additional work into less substantial processing machines. In this way businesses observe that virtualization technology as well allows softness into resource management with the exploitation of active relocation (Liu and Gopalan). From the literature it is clear that presently the security and privacy related issues are one major reason behind the successful application and management of new technology based arrangement and operational areas. There are lots of issues and problems in case of security and privacy of cloud computing arrangement. In this scenario this section outlines some of the main security challenges in cloud computing (Brodkin). Regulatory conformity: customers are eventually responsible for the security as well as integrity of their own secret information and data, still when it is managed and processed through a service supplier. However, conventional service suppliers are subjected to outside audits as well as privacy and security certifications. Thus, cloud computing suppliers who decline to experience this inspection are "indicating that clientele are able to simply use them for the majority trivial functions (Brodkin). Long-term feasibility: preferably a cloud computing supplier will never go insolvent or obtain as well as swallowed up by a bigger business. However, a corporation has to be certain that their business information and data will remain safe even after similar event (Brodkin). Privileged user system access: in case of effective data management the sensitive data processed outside the corporate carries by it an intrinsic level of risk, for the reason that outsourced services avoid the “logical, physical as well as personnel controls" IT shops apply over in-house plans. Thus, obtain a great deal information as they are able to receive regarding the people who handling their data (Brodkin). Recovery: yet if an organization is not aware of where their valuable business information and data is stored, a cloud technology supplier should tell them what will occur to their data as well as service in scenario any possible technology based disaster. Several offering that does not duplicate the business data as well as application arrangements across numerous places is vulnerable to a whole failure (Brodkin). Data location: when an organization utilizes the cloud, they almost certainly would not be familiar with exactly where their data is hosted. Actually, they might not even be familiar with what nation it will be stored in. In addition, the data in the cloud computing based arrangement is normally in a shared atmosphere along with data from other customers. In such arrangement data hiding through encryption is efficient however is not an ultimate solution. Moreover, encryption for data protection often causes accidents that are able to make data completely unfeasible, and even standard encryptions are able to complicate accessibility (Brodkin). Investigative facility: investigating unsuitable or unlawful activity can be not possible in cloud computing arrangement. In addition, the cloud services are particularly hard to examine, for the reason that logging as well as data for numerous customers can be co-located and can as well be transferred from an ever-changing group of hosts and data centers (Brodkin). METHODOLOGY For this research I have used the qualitative research methodology. In this scenario I have assessed and analyzed a great deal of technology based resources in order to analyze and investigate cloud computing based security issues and aspects. In this scenario I have also made use of web based libraries, online resources and cloud computing research papers for the possible data extraction and information analysis. In cloud computing arrangement there are lots of security issues involved regarding computer as well as network attacks or intrusions that will be made probable or as a minimum easier by moving to the cloud computing working arrangement. However, cloud computing technology providers try to react to these concerns by rising that their security measures as well as procedures those are more tested than those of the average businesses. In preset time the new technology based research has proved that it could be simpler to protect data and information if it is administered through a 3rd party relatively than in-house network based technology arrangement, if corporations are worried regarding insider security threats. As well, it can be simpler to put into effect security by means of contracts through online services suppliers than by means of inner controls. Main Security Concerns at Cloud Computing In this section I will outline some of the main and fundamental security and privacy concerns at the cloud computing technology based arrangement: VM-level attacks Possible issues, attacks and vulnerabilities in the VM or hypervisor operational technology implemented by cloud vendors are a possible difficulty in multi-tenant arrangements. In addition, technology based vulnerabilities have come into view in Xen, VMWare, Microsoft’s Virtual PC and Virtual Server based technology arrangements. However, technology vendors like that Third Brigade resolved possible VM-level based security issues and aspects by means of monitoring as well as firewalls (Chow, Golle and Jakobsson). Cloud Technology Supplier vulnerabilities These issues and problems can be about the platform-level, like that cross-site scripting or SQL-injection vulnerability in salesforce.com. For example, there has been a combination of new Google Docs issues. There is nothing novel in the character of these issues and vulnerabilities; merely their setting is new. In reality, IBM has relocated its Rational AppScan tool that searches for security issues and vulnerabilities in web services operational services as a cloud safety service (Chow, Golle and Jakobsson). Phishing One of the main security issues in an online working arrangement is the phishing. In this security phishers and other social engineers have novel types of security attack vector, like the Salesforce phishing event (Chow, Golle and Jakobsson). Network Attack In cloud computing arrangement cloud user has to protect the arrangements utilized to attach as well as interact with the cloud, a job complicated with the cloud being outside the firewall in a lot of cases (Chow, Golle and Jakobsson). Authentication and Authorization The corporate authentication or authorization arrangement does not physically extend into the cloud. Sometimes the issues regarding the proper authentication and authorization lead to complex business system access and management. In this scenario it is really hard to offer full or partial access to business systems and corporate data (Chow, Golle and Jakobsson). Forensics in the cloud Customary digital forensic methodologies allow technology crimes investigators to grasp equipment as well as carry out comprehensive analysis on the media and data recovered. The probability consequently, of the data being detached, deleted, overwritten or shattered through the performer in this case is low. More intimately associated to a CC atmosphere would be businesses that possessed as well as uphold their own multi-server kind arrangements, although this would be on a far smaller level in judgment. Though, the level of the cloud plus the pace at which business information data is overwritten is of concern (Chow, Golle and Jakobsson). RESULT  Security is one of the major issues concerning cloud computing that is holdup its implementation. However, one of the major privacy and security fears regarding cloud computing happens when people transfer their corporate data and information to the cloud computing operational setup, they are in the condition of losing overall business operational and management control of it. In addition, the cloud computing arrangement offers the people to get access to the corporate data and information; however they have no method of making sure that no-one else has right of entry to their corporate valuable information and data (Messmer). In case of overall research and analysis about the cloud computing arrangements and operational areas we have assessed some of the main issues and aspects regarding the cloud computing security and business systems privacy. In this scenario, one of the main concerns that are creating problems in present cloud computing successful implementation and success is high level security issues and concerns. In spite of the propagation of security administration systems and tools, along with several dependability assurances from cloud technology providers, difficulties with information and data privacy and data protection carry on to outbreak the marketplace (Brodkin). In addition, cloud computing technology based infrastructure is fraught by security risks. However, clever customers will inquire hard questions as well as judge about receiving a security evaluation from a neutral 3rd party previous to committing to a cloud computing vendor. Cloud computing technology based arrangement has exclusive attributes that need risk evaluation in regions similar to data recovery, integrity as well as privacy, and an assessment of official issues in regions like that regulatory compliance, e-discovery as well as reviewing. In case of cloud computing arrangement the Amazon's EC2 service and Google's Google App Engine are instances of cloud computing (Brodkin). Moreover, customers have to insist for transparency, keeping away from vendors that decline to offer comprehensive data and information on their customer data and information security plans. In this scenario customers ask about issues regarding the experience of strategy makers, designers, coders as well as operators. In this regard risk-control procedures as well as technical methods in addition to the level of testing that's been performed to confirm that service as well as control procedures are working as planned, plus that vendors are able to recognize surprising vulnerabilities (Brodkin). DISCUSSION  There is a serious demand to steadily manage, store, share as well as examine huge amounts of complex (for example semi-structured as well as unstructured) business information and data to decide patterns plus trends in an attempt to enhance the value of business. For the reason that of the decisive nature of cloud computing applications, it is significant that clouds be protected. In this scenario, the main safety challenge by means of clouds is that the vendor of the data can not encompass control of where the data is stored. This is for the reason that if one desires to make use of the advantages of making use of cloud computing, one has to as well employ the resource allocation plus development provided through clouds (Hamlen, Kantarcioglu and Khan). Consequently, we require protecting our data in the center of un-trusted procedures. The rising cloud computing model tries to deal with the volatile expansion of web-connected systems, as well as manage huge amounts of information and data. Google has currently initiated the MapReduce framework intended for handling and processing huge amounts of information and data on service hardware. Apache’s HDFS (or Hadoop distributed file system) is rising as a greater software part intended for cloud computing united by integrated parts like that MapReduce. The basic need of expanding human interpreting, reasoning and decision-making capabilities has resulted in the appearance of the semantic web, that is an idea that tries to change the web as of its present, simply human-readable shape, to a machine-process-able structure. This actually has resulted in many social networking websites by means of enormous amounts of information and data to be managed and shared. Consequently, we immediately require a system that is able to scale to manage a huge number of websites as well as process immense amounts of information and data. Though, modern systems making use of HDFS as well as MapReduce are not enough for the reason that they do not offer sufficient security systems to defend sensitive business data (Hamlen, Kantarcioglu and Khan). CONCLUSION With the appearance of cloud computing environment even huge business data and information is relocating the limitations of a business as well as is being transferred to 3rd party retailers across the globe. The relocation could signify a lack of control over data plus information formerly it has been moved from the vendor’s main machines and is transferred to a framework of cloud computing. In spite of this lack, data/information protection is a leading problem a lot of businesses are experiencing. However auspiciously data protection is rather simple to support and is able to even be improved through the transfer of data. So after recognizing that what kind of business or user data is to be transferred, what kind of exceptional necessities encircle the transferring data, what interface be utilized along with high-tech development. Hence data plus information safety inside a cloud computing platform is able to be simply, competently and reasonably accomplished. In the majority cases the data is really considered to be much safe and difficult to damage like in several storage scenarios regarding particular locations. With the help of attentive administration, guidance, and preparation of data safety arrangement inside the cloud is simple to achieve even by simply improving end product of the business (Townsend; Grobauer and Schreck). This research has analyzed some of the main areas and aspects of the new technology based infrastructure of cloud computing. In this scenario we have outlined possible influence of the new technology based arrangements at the current business working. Here we have assessed that traditional technology has now moving toward a centralized third party business management infrastructure. This research has analyzed the main aspects and areas of the cloud computing technology and possible hindrance in its overall successful application for the enhanced business and corporate management. Then we have assessed important security issues those are turning to be main hindered in the overall successful establishment of such technology arrangement. REFERENCES Anthes, Gary. "Security in the cloud." Communications of the ACM, Volume 53 Issue 11 (2010): 16-18. Brodkin, Jon. Gartner: Seven cloud-computing security risks. 02 July 2008. 19 May 2011 . Chow, Richard, et al. "Authentication in the clouds: a framework and its application to mobile users." CCSW '10 Proceedings of the 2010 ACM workshop on Cloud computing security workshop . ACM New York, USA, 2010. 1-6. Chow, Richard, et al. "Controlling data in the cloud: outsourcing computation without outsourcing control." CCSW '09 Proceedings of the 2009 ACM workshop on Cloud computing security . ACM New York, USA, 2009. 85-90. Grobauer, Bernd and Thomas Schreck. "Towards incident handling in the cloud: challenges and approaches." CCSW '10 Proceedings of the 2010 ACM workshop on Cloud computing security workshop. ACM New York, USA, 2010. 77-86. Hamlen, Kevin, et al. "Security Issues for Cloud Computing." International Journal of Information Security and Privacy, Volume 4 Issue 2 (2010): 39-51. Kandukuri, Balachandra Reddy, Ramakrishna Paturi V. and Atanu Rakshit. "Cloud Security Issues." SCC '09 Proceedings of the 2009 IEEE International Conference on Services Computing . IEEE Computer Society Washington, DC, USA, 2009. 517-520. Lennon, Ruth G., et al. "Best practices in cloud computing: designing for the cloud." OOPSLA '09 Proceeding of the 24th ACM SIGPLAN conference companion on Object oriented programming systems languages and applications . ACM New York, USA, 2009. 775-776. Lin, Dan. "Data protection models for service provisioning in the cloud." SACMAT '10 Proceeding of the 15th ACM symposium on Access control models and technologies . ACM New York, USA, 2010. 183-192. Liu, Yu David and Kartik Gopalan. "Interaction-based programming towards translucent clouds: position paper." APLWACA '10 Proceedings of the 2010 Workshop on Analysis and Programming Languages for Web Applications and Cloud Applications. ACM New York, USA, 2010. 15-19. Lombardi, Flavio and Roberto Di Pietro. "Transparent security for cloud ." SAC '10 Proceedings of the 2010 ACM Symposium on Applied Computing . ACM New York, USA, 2010. 414-415. Lu, Rongxing, et al. "Secure provenance: the essential of bread and butter of data forensics in cloud computing." ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security . ACM New York, USA, 2010. 282-292. Messmer, Ellen. Are security issues delaying adoption of cloud computing? . 27 April 2009. 20 May 2011 . Schnjakin, Maxim, Rehab Alnemr and Christoph Meinel. "Contract-based cloud architecture." CloudDB '10 Proceedings of the second international workshop on Cloud data management . ACM New York, USA, 2010. 33-40. Sumter, La'Quata. "Cloud computing: security risk." ACM SE '10 Proceedings of the 48th Annual Southeast Regional Conference. ACM New York, USA, 2010. 112. Townsend, Mark. "Managing a security program in a cloud computing environment." InfoSecCD '09 2009 Information Security Curriculum Development Conference. ACM New York, USA, 2009. 128-133. Wang, Guojun, Qin Liu and Jie Wu. "Hierarchical attribute-based encryption for fine-grained access control in cloud storage services." CCS '10 Proceedings of the 17th ACM conference on Computer and communications security. ACM New York, USA, 2010. 735-737. Read More