Cloud Computing: Principles and Paradigms - Report Example

Cloud Computing By Author Abstract With the expansion of Information Technology and wide application of the computing systems cloud computing is gaining its importance. Cloud computing has proved itself as one of the emerging and developing technologies which is offering organizations to swiftly utilize all of their software’s, hardware’s and application without any massive investment. It has been expected that in near future MCC (Mobile cloud computing) will take over the field of IT that will allow the mobile users to use the cloud services even on the mobile or cellular phones they use. Businesses and corporations must take into consideration, the needs and agendas of their respective stakeholders because they are the ones who truly carry a company and help it expand into the perfect organization. They take any businesses to its maximum potential willingly, and can bring it down to its knees if they are not satisfied with the inner workings of any organization. Sadly, in today's world, businesses put aside moral and ethical values entirely and end up becoming money minting factories that have no conscience at all and the ones which cannot worry or care about the ethical nature of business. Any stakeholder within a particular business will have a certain amount of knowledge about the financial situation of a company and how it is ethically responsible to consumers about changes being made within the business that may affect them adversely in the long run. Since some of the businesses out there do not practice this, the damage done by unethical social practices is intensely thorough and as a result a number of companies today adopt extremely good ethical policies and social responsibility practices that help them stay competitive and cater to the demands of various multicultural diverse communities. Introduction Cloud computing is a methodology which is designed for increasing the capacity or it can be defined as a method for adding capabilities to the old infrastructure. In this manner significant amount can be saved by overcoming the investment of new infrastructure, licensing of new software and new personnel training. Subashini (2011) has clearly presented his detailed work on cloud computing in which he has clearly outlined that this technology will be the next natural step in the evolution of on-demand information technology. As per the research of Buyya, et al. (2010) a configured set of resources which is actually designated on interest is known as cloud computing which offers better approaches for administrations. Such inventive, specialized and valuing new techniques have greatly changed the method business worked before. Cloud computing is the inimitable registering innovation. Cloud computing is another name to an ancient thought which is primarily associated with accumulation of resources and overhauled gave by cloud administration supplier through web. As outlined by Campbell (2009) cloud computing has received varied degree of interest since its initiation. With its imaginative data innovation (IT) benefits conveyance model, distributed computing could increase the value of ventures. Cloud computing is a comprehensive and creative idea which is aimed for supporting network access based on on-demand to a group of computing possessions who are using it in sharing mode. According to Mladen (2008) client is regarded as an entity, who has information to be put away in the form of cloud and then can further be utilized from cloud for storage and processing, can be either undertaking or individual clients. Excess of information can be applied with a system of extermination redressing code to properly endure client information and server collapse or flaws in scope and significance. Cloud computing is an inventive Information System (IS) design which is imagined for a business or industrial setup. Progressively, cloud computing is succeeding better in their fame-work as the presence of this model has not only raised concerns regarding its durability but also about its safety and privacy. The competence and productivity of customary security instruments are being reassessed because the features of this advanced placement structure varies extensively from the old style structure[Lev06]. The most common attributes associated with cloud computing are: fastest utilization, short investment funds, and dual distribution of facilities. On the basis of present compiling techniques and technologies the revised cloud computing model provides latest structure that offers enhanced resistance, alertness and speedy startup time period which has ultimately declined the capital expenditure as per availability of capitals by the organization[Placeholder1]. Mobile Cloud Computing This is another form of portable cloud computing which allow users to minimize some critical issues in mobile or cellular phones like performance, storage and compatibility issues. Despite all the benchmark advancements and expansions, the overall users of MCC (Mobile cloud computing) all over the world are below the expected level[Cas]. The main reason of this low user population is due to the risks attached to the MCC that are mainly security and the secrecy of the information which is saved using the technology based on cloud computingas the information stored on cloud can be accessed from anywhere if there isn’t any sufficient firewall or malware blocking technique adapted. The user are of the view that cloud technology is still prone to cyber-attacks that can cause leakage of the personal documents and data. Significant amount of work is been done and a very large amount of work still has to be done to guarantee the protection and the security of portable cloud figuring [Placeholder1]. The cloud computing services and the overall cloud computing servers are owned by third party companies who are commonly known as ‘Cloud Service Providers’. Cloud computing allows the organizations for the application of software’s, and storage with prior investment in the infrastructure. Cloud computing in addition to all the advantages have two major advantages Scalability and flexibility and efficiency in the processes [Abi]. Figure 1 Mobile Cloud Computing Architecture, Image Source: [Abi] The complete structure which is presented here for mobile cloud computing is the generic architecture which depicts two various mobile network models. Here each mobile network includes different smartphone devices which can be connected through satellite or any easily accessible wireless access point. Considering the network services which are being run on servers include Authentication, Authorization and Accounting (AAA) and Home Agent (HA). These services are operational on the nearby servers which are readily available in the mobile network[Lev06]. Once the user send in a request it is sent to the central processor after evaluating the credentials to the central processor which are in turn directly joined by the group of servers. Later on the origin of Home Agent and the data saved in the database for each user, the concerned mobile network becomes capable of providing AAA services to their registered users. Once the user request is validated and it is about to leave the mobile network operator for connecting with the cloud which is the property of the controller of data or server suppliers of cloud online. When a consumer enters in the system of cloud, the organizer existing in the cloud links the consumer request with the maximum pertinent available cloud relying on the facility which has been registered by the user. Moreover the consumer may demand diverse services such as computing resources, virtualization, files, applications, and saving facilities in the cloud[Abi]. Deployment Models of Cloud Cloud technology basically has three models of its deployment i.e. public, private and hybrid cloud. Private Cloud According to Shahzad & Hussain (2013) the private cloud is basically devised for a specific organization in order to keep the date within the organization. The organization itself controls all the cloud resources having full command and control over it and at the same time possess the whole system. Private cloud has one definite advantage of security as compared to the other cloud models. Due to confinement of the cloud in the organization and due to the internal control and monitoring of all the processes, the data stored on clouds remain safe and unreachable[Pop10]. Public Cloud Public cloud are available to all the users getting registered through internet following the pay model. Community cloud is available to all but have the biggest problem of security concerns. As the model is community, it is not secure and can easily be breached[Abi]. Hybrid Cloud Cross cloud is an Intermingle of public and private cloud. It is a public cloud that basically uses community clouds to get the work done on their side. Cloud Computing Security Issues It is ascertained by Subashini & Kavitha (2011) mostly cloud security issues root causes involve harm of controller, deficiency of required tools and dual occupancy of data. According to the research, these issues are developed due to 3rd party administration replicas as they contract self-managed clouds. Below are the rare main clouds computing issues and solutions: Trust In Information System environment trust is based on various aspects which involves internal and external factors. Perceiving this underlying thought trust of client on a particular organization is the belief according to which he/she is certain that the company will provide them with the required level of service accurately without any delay or error. Trust in a cloud environment is something which relies on the model of deployment which has been selected for managing their data and applications. This aspect needs to be tackled with perfection as the complete system is subcontracted and passed from one owner to another through strict control. Hence the structure as mentioned by Zissis & Lekkas (2012) trust is the element which is introduced for having efficeint security policy. As the organization which possess the infrastructure have complete control over a public cloud hence efficient model of security is implemented to ensure that risk is dimished or completely removed[Rac]. Hence in this particular scenario it is suggested to use third party trusted mechanisms inside a cloud setting which enables secrecy not only for the user but also for the business and organizations. Moreover it also ensures that confidentiality, integrity and authenticity of the data and communication is done which is made possible through a TTP within an Information System. This system is designed for providing end-to-end data security to the user. Additionally these services must be scalable, able to handle different standards and can easily be accessed on various domains, sector or geogrpahical areas. Further the TTP is delegated with the responsibility of managing various secuirty issues present in a multi-level distributed environment[Man]. Security Threats and Identification A secure Information System involves identification of unique threats and any challenges which must be handled and then implementating best practices for handling such scenarios. Cloud computing is verstalie in its architectural design as it has numerous characteristics which involve security, data segmentation, high availability and redundancy. The security aspect of cloud computing involves confidentiality and privacy along with integrity of information stored in a cloud. Data confidentiality in a certain cloud is assocaited with user authentication for which electronic verification is performed for establishing confidence among users[Jen09]. The privacy aspect is also managed by the cloud which assures that the data stored in a particular cloud is properly secured and is only accessed upon user request. Apart from all these aspects one more thing is taken into consideration at this stage which is availability of the system upon the request of the authorized user. Cloud computing infrastructure is designed in a way that it can rely heavily on the resources and the network designated for it (Zissis & Lekkas, 2012). Mobile Computing and Mobile Security According to Islam (2014) mobile security has been a consent of more and more critical consideration with the passage of time, all the business and the related trade processes are shifting to mobile devices. The security of these devices till date are literally nonexistent. With the increment of mobile use and the expansion of the mobile industry, the number of mobiles on the consumer end has drastically increased in number. Especially android mobiles have outnumbered all the other OS’s. With the mobile security topic, arises two sub topics under the security i.e. Lost or theft of the mobile or the cellular device and breach or infection of the network[Net]. Mobile networks are prone to mainly to two attack vectors. The first attack vector is when the mobile phone is connected to the internet via the cellular internet services or Wi-Fi and the second is when the mobile device connects any nearby network. Nowadays most of the data is fed into the mobile phone including personal and the professional data, mobile phones are becoming more and more appealing to the hackers. As per McAfee labs and estimated 55,000 new malware strains are found every day in the lab while taking view of the World Wide Web[Hwa10]. To make an estimate about the lacking mobile security attribute, we have to understand the common use of smartphones on the consumers end. Smart phone usage has become so diverse that it is merely impossible to feed in data every single possible use [Cas]. Cloned apps are one of the most common attack vector in the smartphones. Till now there is very little or close to zero information present related to cloned apps. The cloned apps are re coded and redesigned with malware included in them. These clone apps in the beginning use to come in freeware but now Paid apps are also cloned infected with malwares. These malwares filled aps when installed in the smartphones access all the documents and data of the smartphones and the malwares can even send these accessed data to its control center leaking out all the personal data and information’s[Cas]. As mentioned by Islam (2014) false online Mobile stores such as Google play and Windows store, the threat to mobile devices are increased. It has been proven that malwares can shift the mobile customer’s packages to the premium packages without any indication and can send and receive malware messages automatically to any number all over the globe infecting both, the sender and the carrier. These types of proxy networks created by these malwares and Trojans can send messages and can become means of terrorism or illegal activities [MdS]. The threating attack vector is the physical attack that require minimum to no hacking skills. After this covert apps are loaded in the smartphones that creates security holes at later dates for stealing more data and information in the later stages. This type of attack is the most deadly one as physical and algorithmic both illegality is introduced in this type of breaching the personal space [Lit]. Cloud computing needs to face numerous issues and difficulties as it is still in its early stages. Much research is being carried out in this field to improve the structure and working of the cloud. The distributed computing experiences some disadvantages as Data Security and Privacy, Compliance Issues, Funding, Lack of Standardization, Identity and Access Management, Reliability and Continuity of Service and Loss of Internal Control[Man]. Proposed Framework of Mobile Cloud Computing The proposed framework permits clients to review the cloud storage with extremely lightweight correspondence and reckoning expense. The proposed plan additionally supports protected and proficient element operations on outsourced information, together with oversaw control, for example: Block modification, Deletion, Append and Security[Net]. Virtual private system gives a secured association crosswise over open system. It gives associations a secured approach to utilize the web pathways. Here the associations division which is having the already settled framework for them in the cloud environment is specifically connected with method for virtual private system. This virtual private system utilizes the idea of cryptography as a part of which the encryption and unscrambling idea is taken after while information offering or administration imparting under cloud environment. The virtual private system is secured between the division of association and its particular network made under cloud to structure a persuading base for their correspondence and for administration imparting to the cloud[Pop10]. The associations will not hesitate to work under their own particular private conditions with minimal interference. The data is imparted between them won't be spilled out without the consent or backing of the other entire department included in this organization. When all is said is done individuals or whatever other associations that are utilizing the cloud environment for the need of their administrations, for example, programming or equipment they need to rely on the cloud suppliers. Essentially if an association is building up an undertaking under the assistance of cloud administration and they are putting away it under the cloud environment, they have to accept the administration supplier guarantees trustworthiness, yet at the same time there is no confirmation that the information will be safe. Henceforth the component "loss of control" as for the association’s information is made complex[Cam09]. However this proposed design defeats this disadvantage by method for the departmental framework that is secured for that association in the cloud. Another component that is giving extra certainty for their security is the virtual private network(VPN) that is built between the association and the network made for that association in that cloud. So that not just a solitary association additionally a division of associations can be offered space to utilize the secured environment to store their tasks and henceforth the "loss of control" in regards to the association’s information will be sufficiently controlled under the cloud environment[Lit]. Cloud Security Threat in Enterprise In reality as per Naismith & Lonsdale (2013), some cloud computing service suppliers are working hard to reach the level of safety principles like as ISO 27001, although nearby is immobile ample discussion almost whatever its appropriateness to the environment of the cloud. Presently, there are numerous business methodologies intended at providing the vital guarantee to occupational and commercial executives to facilitate trade to usage cloud facilities through a quantity declaration that competitions which make the company face any risky or dangerous situation. Cloud computing creates a variety of challenges to conservative advanced ICT, mostly due to the detail of the unparalleled scale and heterogeneity of the requisite infrastructure. This demands a rethinking of even existing advanced ICT solutions. The EC together with industrial and public stakeholders should expand joint programs in persuading specialist collaboration groups[Abi]. If we look at the perspectives of cloud computing we find these three words security, privacy and trust are totally diverse from each other and each has different purpose. The purpose of security is to resist threats whereas privacy makes the restriction on particular over information, shared files and data. Trust is the ultimate result of these two as the Venn cited: “Trust will be triumphed upon user when cloud computing system efficiently secures and privatize files [Mil11].” Types of Security Controls Construction of cloud security will be at its best if the appropriate protective implementations occur. There are some types of cloud security that particularly works according to its function[Dim12]. Restraint Controls These controls seek to prevent the virus that might infected cloud system by any determined attack. It acts like a barrier that sends away the danger before it got inhabitant in cloud system (Buyya, Broberg, & Goscinski, 2010). Anticipatory Controls Such type of controls are designed for improving the system strength and tackling all sort of risks. Such preventive control measures will not only save the system. Alternatively if the attack occurs the preventive measures are in place which safeguard the attack and also limits the damages and the violations made to the overall designed security[Pop10]. Counteractive Controls To diminish the explosion of an attack, counteractive panels are essentially used. This type of function is not available in anticipatory controls[Abi]. Advantages of Cloud Computing Superior over other security providers: Cloud customer’s main objective is to prioritize security in order to facilitate user’s confidence. There are many competitive security providers along with it but cloud computing has overwhelmed all, in terms of preferences. Best interface: It is a complete package of market that is efficiently being bought by people due to the reason of its more credibility and less in price. Enhancement of resource attentiveness: Cloud Computing has the conspicuous advantage of cheaper physical restriction. It is more handy application comparatively to other security providers[Lit]. Speedy range of Resources: Cloud computing has an ability to vigorously transfer information for checking, verification to make it undamaging. Long time updates and defaults: In cloud computing, information is more hastily upgraded by itself without depending on the patching model as it is common in traditional client-based systems (Jamsa, 2012). Factors behind dependability: Cloud computing approach to information security authority is the collective result of many factors. Member of staff: Every employee is efficiently trained in order to secure and private information. Employees who contribute significantly in data handling are more eligible to their roles, reasoning their highly proficient training. Security: Many highly potential staff is involved in the preservation of the information that also includes a Chief Trust Officer, and a complete staff of Certified Information Systems Security (CISS) and a VP of information security[Pop10]. Advocate: It is being advocated by the legitimate principles of Global Privacy Council. Conclusion Cloud computing is the expensive, timely executional and powerful innovation. Obviously the use of cloud computing will definitely increase more in next couple of years. In this paper we have examined and reviewed essentials of cloud computing and safety problems in the cloud and portable cloud computing. More or less safety matters are the main alarm in the cloud computing environment. Particularly securities as well as information about honesty are main focus points in safety matters. In the cloud as information is put away publically and we truly don't know where the information is being put away, we don't have a clue about the accurate area of the information; because of this information in placed in the cloud there are high chances of being accessed by un- hypothesized individual amid of his/her desired capacity and transmission. References Altmann, J., 2010. Economics of Grids, Clouds, Systems, and Services. s.l.:Springer Science & Business Media. Beyer, C., 2014. Mobile Security: A Literature Review. International Journal of Computer Applications, 97(8). Briscoe, G. & Marinos, A., 2009. Digital ecosystems in the clouds: Towards community cloud computing. In: Digital Ecosystems and Technologies. s.l.:s.n. Buyya, R., Broberg, J. & Goscinski, A. M., 2010. Cloud Computing: Principles and Paradigms. s.l.:John Wiley & Sons. Campbell–Kelly, M., 2009. The Rise, Fall, and Resurrection of Software as a Service. In: Communications of the ACM. s.l.:s.n., p. 28. Chaturvedi, M., Malik, S., Aggarwal, P. & Bahl, S., 2010. Privacy & Security of Mobile Cloud Computing. Chaturvedi, M., Malik, S., Aggarwal, P. & Bahl, S., 2012. Privacy & Security of Mobile Cloud Computing. Ansal University. Cooter, M., 2010. SaaS on a 'tear' says IDC. [Online] Available at: http://www.networkworld.com/article/2192078/saas/saas-on-a--tear--says-idc.html [Accessed 06 April 2015]. Hwang, K. & D, L., 2010. Trusted Cloud Computing with Secure Resources and Data Coloring. In: IEEE Internet Computing. s.l.:s.n., p. 14. Islam, M. S., 2014. Systematic Literature Review: Security Challenges of Mobile. International Journal of u- and e- Service, Science and Technology, 7(6), pp. 107-116. Jensen, M., 2009. On Technical Security Issues in Cloud Computing. Cloud Computing, 2009. CLOUD '09. IEEE International Conference on. Lekkas, D. Z. a. D., 2012. Addressing Cloud Computing Security Issues. Future Generation Computer System, Volume 28, pp. 583-592 . Levy, Y. & T, J. E., 2006. A Systems Approach to Conduct an Effective Literature Review in Support of Information Systems Research. Informing Science Journal, Volume 9, p. 181–211. Michael, M., 2011. Cloud Computing. s.l.:Pearson Education India. Naismith, L. & Lonsdale, P., 2013. Literature Review in Mobile Technologies and Learning, s.l.: Mike Sharples University of Brimingham. Popović, K., 2010. Cloud computing security issues and challenges. MIPRO, 2010 Proceedings of the 33rd International Convention, pp. 344 - 349. Shahzad, A. & Hussain, M., 2013. Security Issues and Challenges of Mobile Cloud Computing. International Journal of Grid and Distributed Computing, 6(6), pp. 37-50. Subashini, S. & Kavitha, V., 2011. A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34(1), pp. 1-11. Zissis, D. & Lekkas, D., 2012. Addressing cloud computing security issues. Future Generation Computer Systems, 28(3), p. 583–592. Read More