Cloud Computing Security - Essay Example

A report on Cloud Computing Security Instructor Class Date Executive Summary Cloud Computing offers more incentives that what non-cloud computing offer to enterprise and private users. Given the benefits of cloud computing such as efficiency, cost reduction, scalability among others, many users are migrating data to the Cloud environment. However, security of data in the Cloud is an issue that continues to affect Cloud Computing. This report offers a succinct comparison of Cloud Computing and non-cloud computing highlighting on their difference. In addition, the report notes areas where developers should improve in securing the cloud environment. Further, the report provides a review of three different cloud providers noting their security measures and in a late section, raising their limitation. Lastly, the report recommends some strategies of plugging security issues facing Cloud computing based on limitation of the reviewed system. Introduction The use of Cloud Computing has made inroad in business organization changing how users make use of computing resources by enabling economic and efficient use of various cloud deliver models (Lekkas and Zissis 583). The development of cloud computing has been possible through the convergence of technologies such as grid computing, SaaS, utility computing (Lekkas and Zissis 583). As a revolutionary technology, Cloud Computing promise numerous incentives to organization that shift the traditional computing environment to the cloud when they subscribe to services from their cloud vendors of choice such as Amazon EC2, GoGrid, and ElasticHost among others. Today, the Cloud Computing represents a dynamic market that is growing tremendously as more organizations are shifting their computing needs from non-cloud environment to Cloud Computing. The Forrester Research report of 2011 predicted that users are likely to spend close to $12 billion in meeting cost of personal cloud services (Teneyuca 102). Apart from personal usage, Cloud Computing offer business organizations immense benefits that tradition, non-cloud environment cannot offer. Coleman and Borrett argue that Cloud Computing gives organization increased efficiency and economic incentives, which explains why many organizations are moving to this technology (2). While it would look that Cloud Computing offers immense benefits, several bottlenecks continue to impede their organization with the primary issue being their security as Cloud Computing rely on internet that link providers and their clients. Several parameters of security such as governance, compliance, identity and access, data protection and architecture, continue to pose challenge in Cloud Computing (Global Cloud Security 3). The emergence of Cloud Computing as an alternative to traditional data centers has shifted focus from tradition security issues to security of sensitive data in the cloud. More specifically, the use of Cloud Computing to store critical data, increase in attacks targeting cloud platforms have driven the demand for security in Cloud Computing (Global Cloud Security 3). The sharing of Cloud Computing resource among users has aggravated the security of user data from attacks emerging from other users or the internet (Christodorescu et al. 97). The Cloud Computing offers a different mix of security threats absent from non-cloud computing environment. This difference presents insight into areas of Cloud computing that require redress to solve security concerns among users. In the Cloud Computing Arena, many providers have made attempt to plug security holes in the Cloud Computing platform, but more remains undone in adequately securing the Could Computing environment. By using novel technologies such as call back tracing, it is possible for vendors to mitigate their weaknesses towards securing the Cloud computing environment, which will increase adoption of Cloud Computing for corporate and personal use. Network Security: Cloud computing vs. Non-cloud computing There is no doubt the security is one of the major issue creating a chasm between cloud computing and non-cloud computing. Unlike a non-cloud computing, providers are the owners of a Cloud Computing infrastructure and control how users/ clients use the cloud service they have subscribed (King and Raja 309). Whereas Cloud Computing offers a novel approach in economic use of resources and increasing efficiency of delivering services to clients, it still present new security challenges that differ from what users experience in non-cloud computing. In any computing environment whether, Cloud Computing or non-cloud computing network threats are security threats that provider and client have to contend with while using various services. In traditional non-cloud environment, authentication and authorization are some of the function of tradition security measures. For instance, datacenters, which represent an example of a non-cloud environment, often implement security strategies to ensure that users who access data receive authentication, and authorization to access data and perform other function such as writing data to disks (Rong, Nguyen, and jaatun 1). The processes of authentication and authorization are much streamline in non-cloud technologies given that several technologies make these processes possible. In non-cloud computing environment, use of tradition measures such as cipher allows users to sign data, which provide users between endpoints to authenticate data sent through networks (15). Along with encryption techniques, non-cloud computing bolsters sharing of data from datacenters and network devices with ample security. Nonetheless, there is a complete picture when Cloud Computing comes into focus with regard to authentication and authorization. In organization having datacenters within their corporate network, securing sensitive data is possible and a process that is routine (Paquette, Jaeger, and Wilson 249). However, controlling access via authentication and authorization is a fuzzy issue in the cloud environment. In a typical cloud environment, preventing access to data is a challenging and a complex undertaking because of remote access, movement of data across various telecommunication carriers, and via various systems such as intrusion detection. These components introduce new security vectors that engage organizations and make it difficult to monitor and control how users access data within the Cloud Computing environment (Paquette, Jaeger, and Wilson 249). In addition, provide of Cloud Computing services such as Amazon AWS, Force.com, and Go Grid allow users to share Cloud resources such as disk spaces where they store customers’ data. Unlike the traditional non-cloud computing environment, the users who have network access to the server can access data especially when customers’ data bleed across data from other customers (Paquette, Jaeger, and Wilson 249). Storage of data in multiple geographical locations is a common practice among Cloud providers, but this present a critical network security threat. In countries that lack stringent laws, or security technologies to prevent data access, hackers can access that data to steal them or permit corporate espionage in public cloud (Qaisar and Khawajam 1323). Worse, data availability across the cloud makes it difficult for organization or individuals to monitor network access to their data and possibly thwart any attempt from hackers to steal or alter data. Traditional storage of data in datacenters offers better security of data from intrusion as storing data in datacenter creates a finite number of intrusion points. On the contrary, storage of data in a Cloud spread across various locations makes the data less secure as the number of intrusion point become infinite. The fact the Cloud Computing is a novel architecture leaves room for attackers to execute unknown intrusion attempt and this expose more harm to data that users stores in the cloud. With the internet being the backbone of Cloud Computing, storage of data across a wide section of the cloud creates more harm to data access as compared to tradition storage solutions such as datacenters (Paquette, Jaeger, and Wilson 249). In a non-cloud environment, it is possible for organization to implement logging and tracking strategies to ensure that authorized persons have networks access to data necessary for them to execute their business expectations. However, the cloud environment is much different, as users must contend with lack of such strategies. The architecture of the Cloud infrastructure complicates the use of logging tools that provide essential information, which auditors can use to trail users and their data access history. Consequently, data access via authentication and authorization is difficult to implement in the Cloud Computing platform as compared to the non-cloud computing environment. Integrity of data is one of the key triad of information security in the computing environment. Data integrity has different implication in Cloud Computing and non-cloud computing because of various issues providers and clients face in prevention modification and ensuring that users that non-repudiation of information is possible. In comparing a Cloud Computing platform and non-cloud computing environment, maintain data integrity in a cloud environment is a daunting task than in a tradition non-cloud environment (Rong, Nguyen, and jaatun 4). Organization and individuals use data to make critical decision and this underpins why data integrity is a critical parameter in network security. In non-cloud computing, localization of data in datacenters reduces access and alteration of user data. On the contrary, cloud environment expose user data to forces that can alter the data without consent from clients. If other users alter the data, owners of the data can retrieve them and make wrong decisions basing their rational on modified data. This is a challenge that affect Cloud Computing environment because many vendors have their own policies on how to ensure data integrity. These policies differ among vendors and lack standards the can promote effective measures data integrity. Given that users can use network devices to access the cloud more easily, ensuring data integrity in the Cloud Computing environment continue to impede realization of data security. The challenge of monitoring data to ensure its authenticity is a straightforward process in a non-cloud computing environment, but no in Cloud Computing. Because Cloud providers are different entities from business organization or individuals using cloud services, these clients are never willing to share information such as Log data. This is because log data in the hand of Cloud provider can fall into the wrong hands and create harm on data integrity. In addition, lack of willingness among providers of Cloud services and their clients making of sharing information about data not possible has this has to entail legal agreements. Consequently, network security in Cloud Computing remain week as compared to non-cloud computing scenario where it is possible for organization to monitor who access data and possibly prevent threats to data integrity. Degree of availability of Cloud services is a common issue that affects network security in a Cloud Computing more than in a non-cloud computing area. Occurrence of network disruptions among users of Cloud services is of more harm than users of traditional computing resources such as datacenters (Rong, Nguyen, and jaatun 4). There are many users of cloud services as compared to traditional datacenters as Cloud providers offer clients opportunities to share Cloud infrastructure. While this offers economic incentives, it outage of a Cloud services has far reaching effects. Network disruptions or attacks on a Cloud services is likely to render many users with no access to need data. Despite non-cloud computing not offering many incentives that Cloud Computing offer, it allows organization to have high levels of service availability. This does not mean that non-cloud environment have no threats to availability threats such as spoofing and intrusion. Conversely, reliance of Cloud Computing on the internet exposes users of Cloud services to many network security problems as compared to traditional user of data centers operation in local intranets (Tsai et al. 34). Cloud computing requires both providers and users of cloud services to have access to broadband internet, which introduces other network security that internet components face. For instance, Cloud services can suffer when Domain Name Services come under attacks from hackers who exploits is vulnerability. In an event of such an attack, the Cloud services will become unavailable and this will affect many users relying on the cloud. In cases where network access burdens data retrieval process, users will face outage during which the Cloud service will not provide services on demand and this can hurt business that must provide timely access to data (Lekkas and Zissis 587). Flow of information from Cloud storage to user devices can allow malicious users to intercept the data or even alter them. Access to data on transit is a different paradigm in non-cloud computing where organizations can put stringent measures to prevent data access. It is a daunting task for providers to protect their data during transit since this requires more resource to detect and thwart sniffing of data, spoofing of legitimate network devices or executing man-in-the-middle attacks, which are common in the internet environment (Subashini and Kavitha 4). The convergence of these network threats complicates the network security of Cloud Computing. In many cases, tradition non-cloud computing platforms do not use the internet to transmit data between users and the datacenter and this lowers vulnerability of user data. In comparison, data flow is more vulnerable in Cloud Computing than in traditional non-cloud computing platform. Additional requirement of cloud computing Without doubt, Cloud computing offers immense incentives to organization who ready to migrate their applications and deploy them on the Cloud. However, several security issues continue to impede the success of Cloud Computing as an alternative to traditional approaches to storage of data and deployment of services. Irrespective of these challenges, there is a need for Cloud vendors to address the following requirement to ameliorate security of Cloud solutions. a) Vendors of Cloud Computing must strive to improve separation of user data to reduce cases of data bleeding. In Cloud Computing, many users can subscribe for cloud services to similar vendor, which underscores the need for vendors to prevent bleeding of user data (Paquette 249). Vendors have a role of developing or using technologies that allow segregation of user data and prevent likelihood of data bleeding across virtual servers clients run on the cloud. Through the separation of users, it is possible to prevent threats that can lead to data theft in the Cloud. b) Cloud vendors must also work with their customers to improve authentication and authorization of users in the cold. To control and improved data access, provider must develop strong authentication systems that will allow providers and their client to provide authentication and execute sanctions on users (Cloud Computing and Security 4). This strategy will improve the network security of cloud computing environment and prevent unauthorized access to data. c) Cloud computing platform remain under threat of spoofing and man-in-the-middle attacks and this necessitates the use of encryption to protect data during transit (Cloud Computing and Security 4). By using encryption such as SSL, it would be possible for Cloud Computing to secure data transfer between providers and their clients and this will reinforce data integrity. d) Availability of Cloud services is one of the issues that hurt the adoption of Cloud Computing and vendors must address using business continuity assurance. Cloud vendors should implement solutions that allow regular inspections to enhance disaster recovery and inform users of recovery procedures after an outage. Improving business continuity assurance will transform the cloud environment. e) It is apparent that Cloud Computing does not offer useful logging tools that can boost data integrity. Consequently, Cloud providers should work with customers in developing and implementing auditing tools that allow provides to audit user interaction in the cloud an possibly mitigate risks and facilitate compliance of clients with set rules of auditing in the Cloud Computing environment (Che et al. 592). Assessment of existing cloud computing systems The Cloud Computing paradigm gives a promise of new delivery model of services, but also a mixed sense of insecurity owing to the security issues facing the this computing architecture. Nonetheless, many vendors who offer Cloud services to clients have attempted to roll out various technologies to cater for security issues facing Cloud Computing. In the four firms, this section lists, it is important to note that each of them have different approaches to security of their Cloud. Amazon prides as one of the Cloud providers with its Amazon Elastic Cloud Computing, which has several security strategies to ensure the security of data that users stores in the cloud. As a strategy to prevent intrusion between the authorized endpoints and the Cloud services, Amazon relies on secured socket layer to protect information on transmit between different providers (Harris 17). In addition, Amazon Elastic Cloud computing allows users to encrypt data and store them in the cloud preventing other uses from assessing this data, at rest. This strategy ensures that uses protect their information and enhance their integrity in the Cloud. The Amazon Elastic Cloud Computing also allow clients to control who access their data in the cloud by locking APIS to domain enabling only authorized user access to data. Microsoft Corporation also has a Cloud service called the Windows Azure, which utilize several security measures to protect data in the Cloud. First, Windows Azure provides network segmentation, which separate users and prevent bleeding of data from several virtual images. In addition, Windows Azure offer customers with the ability to encrypt messages sent between the Cloud and other endpoint devices downloading or uploading data into the cloud (Harris 17). In a bid to prevent intrusion within the cloud, Microsoft Windows Azure offers customers with a sandbox, which prevents internal threats from affecting data in neighboring virtual images. Monitoring of Cloud services along with analysis of cloud environment is another security feature that Windows Azure offers. With this security feature, Windows Azure provides insight and useful analysis statistics that can help uses protect their data residing in the Cloud. Force.com, a provider of Cloud service to enterprise users use novel security measures to safeguard data storage within its Cloud environment. Transmission level security is one of the first security measures Force.com has in place to prevent malicious users from intercepting data on transmit (Harris 17). With the Cloud environment exposing data to threats due to prevalence of man-in-the-middle attacks, security of transmission layer offers uses with a robust way of limiting data interference during transmission. Shortcomings of existing systems The above section indicates that many Cloud providers have attempted to reduce security of data in the Cloud by applying various technologies in place. However, providers cannot solve the question of data security in totality unless they implement holistic approaches to data security. Whereas the above providers have made it possible to reduce threats, facing data in the cloud a few limitations exists. From the strategies, the above provides have put in place, none of them addresses the need for a robust security measure that would allow Cloud users to authenticate and authorize users giving them access to data in the Cloud. With the lack of strong authentication system, corporate and personal users of Cloud services will find it possible to ensure integrity of the data in the Cloud. Another limitation of existing Cloud services is the lack of effective auditing tools, which can help detect and trace threats in the Cloud. The lack of such tools continues to impede the effectiveness of cloud computing in managing security risks in the cloud. This limitation is worse given that many clients are not willing to share personal information with third party users. Recommendation of security solutions for existing cloud computing systems Resolving security issues in the Cloud Computing is a continuous process that entails careful section and deployment of appropriate security technologies. To alleviate security issues facing the identified Cloud systems, providers should consider rolling the above security options. a) Provides should consider implementing auditing tools that will gather statistics on threats to data affecting data in the Cloud environment. Such technologies include SPAM filtering and phishing technologies that can help providers isolate malicious users and populate them in blacklist to prevent future intrusion of the Cloud. b) Providers can resolve the issue of trust using technologies such as the Trusted Platform Model. This model allows vendors to perform an array of security tasks such as signing data, authorizing access and providing hardware encryption between end-point devices (Cloud Computing and Security 5). The use of this technology is likely to revolutionize how users have access to data in the Cloud environment by enhancing accountability and traceability. Works Cited “Global Cloud Security Software Market, 2010-2014”. Technavio Insights. 2010. Chemm Jianhua, Duan Yamin, Zhang Tao, and Fan Jie. “Study on the security models and strategies of cloud computing,” Procedia Engineering 23 (2011):586 – 593. Christodorescu, Mihai, Sailer, Reiner, Schales, Douglas Lee, Sgandurra, Daniele and Zamboni, Diego. “Cloud Security Is Not (Just) Virtualization Security”, CCSW ACM (2009): 97- 102. Cloud Computing and Security- A natural Match. Berverton: OR.Trusted Computing Group. 2010. Coleman, Nick and Borrett, Martin. “Cloud Security Who do you trust?”. Thought Leadership White Paper, IBM. n.d Harris, Torry, “Cloud Computing Services – A comparison.” 2010. Print. Lekkas, Dimiltrios and Zissis Dimiltrioa. “Addressingcloudcomputingsecurityissues”, Future Generation Computer Systems 28(2012):583–592. Paquette, Scott; Jaeger, Paul T. and Wilson, Susan C. “Identifying the security risks associated with governmental use of cloud computing,” Government Information Quarterly, 27.3 (2010):245-253. Qaisar, Sara and Khawajam Faiz, Kausar. “Cloud computing: network/security threats and Countermeasures,” Interdisciplinary Journal of Contemporary Research in Business, 2.9. (2012): 1323-1327. Rong, Chunming, Nguyen, Son T., and Jaatun Martin, Gilje. “Beyond Lightning: A Survey on Security Challenges in Cloud Computing”. In Proceedings of the 2011 FTRA International Symposium on Advances in Cryptography, Security and Applications for Future Computing (ACSA-11), Dec 12-15, 2011. Subashini, S and Kavitha, V. “A survey on security issues in service delivery models of cloud computing.” J. Network and Computer Applications 34.1(2011)1-11. Teneyuca, David. “Internet cloud security: The illusion of inclusion” Information security technical report, 16 (2011):102 -107. Tsai, Hsin-Yi, Siebenhaar, Melanie, Miede, André, Huang, Yu-Lun and Steinmetz, Ralf. “Threat as a Service?: Virtualization's Impact on Cloud Security”. IT Professional. 14 (2012):32-37. Read More