The Rise of Cloud Computing - Assignment Example

Introduction Cloud computing is a computer information technology service that is gaining popularity in the business world. Cloud computing (CC) is type of outsourcing concerned with the use of computer files stored on servers of computer leased from other companies. In cloud computing, service providers in the cloud computing business offer storage, retrieval and data operation services on stored information1. Cloud computing infrastructure is characterised by large capacity and high performance servers. Cloud computing provides companies with extended data storage capabilities that means companies might soon not be doing any data operations offline. Cloud computing has three general models of service IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software a Service) However, the concept of cloud computing elicits a lot of legal issue like most other IT technologies. One of the contributory to the legal debate is the nature of the internet that means the cannot be used as seamlessly as was envisioned by its creators. The Security challenges of protecting online resources are more serious than the challenges of ensuring offline resources are safe. The issue of security in cloud computing is further complicated by the question of which company between the one using Cloud computing services and the one offering these services is responsible for the security of the data stored in the cloud’s server’s. Privacy is another major legal issue when it comes to cloud computing. While working in a cloud environment two sets of individuals come in contact with the data: the cloud company employees and the client’s employees thus it is hard to distinguish which of the employees is responsible for the breach of privacy in the data. These two issues among other legal issues around the area of cloud computing are the focus of this report. The report will uncover and discuss the issues and laws applicable to the concept of cloud computing. Scope of the Research Essay This essay will discuss the security and privacy issues that pose a challenge to the successful application of the concept of cloud computing. It will briefly discuss the history of legal incidents involving cloud computing. The focus of the essay will be an analysis of possible legal issues that may face companies offering cloud computing services or those receiving the services. Additionally, the paper will explore the measure that companies involved in cloud computing have taken to reduce or eliminate exposure to liability associated with the legal issues discussed. Lastly, the paper will give recommendations to ensure companies overcome the issues. Statistics related to safety risks and security breaches involving cloud computing Since cloud computing is relatively new technology securities breaches are still few but are set to grow in the future as more organization migrate to the business model. However, the few breaches that have occurred have led to costly lawsuits against companies involved in the data accessed in the breaches. In December 2007 a data breach at Ceridian (a payroll processing firm) compromised the security details of over 27,000 employees of more than 19,000 companies. In May 2012, a Hewlett Packard (a cloud computing service company) lost over 700,000 personal details of California homecare workers2. The data was compromised when a microfiche carrying the data was interfered with during postage. In comparison organizations that do not use cloud services have recorded more security breaches on their computer systems than those operating on the cloud platform. In the US businesses malicious attacks contributed 31 per cent of all data breaches in the country. Each data breach cost US companies an average of $7.2million3. Data breaches are so common that only 25% of US companies had not had experienced an attack by 2010. Critics argue that the centralization of data in cloud will make more data vulnerable to security breaches. A Successful security breach on the servers of a cloud computing provider means hackers can access the data of some or all the companies hosted on the cloud. In comparison a data breach on a company server will only access information the company under attack only4. Though Cloud computing service have not been adopted widely, the magnitude of the security risk in cloud computing is predicted to grow proportionally with the number of organizations taking up cloud services. According to survey results in 2011, 70% of organizations were planning to take up cloud computing services5. Researchers predict the size of the cloud computing market by 2013 to be worth more than $150 billion. Gartner predicts that 60% of computing work for organization will be done on cloud servers6. In an nCircle 2011 survey, 32 per cent of executives said that security concerns on the cloud environment were outweighed by the potential benefits of adopting the service7. A LinkedIn survey of 7952 respondents established that 57 per cent considered their data safer in a cloud server than in their own network computers8. Major Security and Privacy Issues in Cloud Computing The take up of cloud computing services means the data of various organizations is centralized in the servers of the companies providing the hosting services. The centralization brings together valuable data making the hosting servers attractive targets for hackers or other individuals that may want use or manipulate the data illegally. The security and privacy in cloud computing can be effectively discussed under the issues discussed below. Issue 1: Data Loss/Leakage Data loss or compromise in a cloud computing environment is one of the security issues associated with cloud computing environment9. Cloud computing involves the handling of data by more than one party, when the data is exchanging hands the risk for it getting lost or losing its meaning increases with each party that handles it. The security mechanisms used to ensure that data is safe may also contribute to data losses in a cloud environment. Data loss has been experienced when the keepers of encryption keys have lost them thus making the recoverability of data impossible. When a company offering Cloud computing services losses or leaks data entrusted to it for safekeeping by a client, the client’s data security is compromised and privacy may also be affected, if the data involved in the breach contains personal records. In such an event the Cloud computing Service Company and those using their services may be sued by customers whose data is compromised in such incidents10. However, the issue is not unique to cloud computing, with server-client environment also facing data loss issues. Issue 2: Anonymity Some CC service providers make it easy for users to register and work from their servers. By trying to make the process easy the providers open the way for illegal usage of CC services by lowering the security requirement for registration11. In some IaaS providers a valid credit card number is enough for one to start using their services. CC servers have been used as bases where various illegal operations by cyber criminals are launched. Additionally, the servers have played host to various illegal software and illegally acquired copyright material. Preservation of Anonymity on CC servers may see them sued in future by copyright holders for facilitating infringement of IP laws. This problem is also found on the internet especially on file sharing sites. However, the preservation of client’s identity can help CC providers shield themselves from being enjoined in suits filed against their clients over illegal activities on the internet. Issue 3: Malicious Employees Companies that offer cloud services grant their employees rights to access the stored information in cloud servers. The centralization of computing resources into one cloud environment and lack of disclosure to the access levels providers give their employee to the client’s data complicates this problem in the cloud environment. The privileges granted employee in regard to a clients data might facilitate data harvesting or illegal manipulation a cloud client’s data12. The problem of malicious insiders is very common in organizational and computing environment; software developers for many years have been developing backdoors in the software in the software they develop for their employers. Issue 4: Shared Technology Issues The cloud computing technology uses the existing infrastructure from older computing technology. The devices used including hard disks were not designed to have strong compartments that could ensure an operating system working in one partition for a particular cloud client does not access data belonging to another cloud client13. Attacks targeting cloud environment have tried to use this vulnerability to target high value data stored in cloud servers. This is one of the security issues that have not been encountered in other computing environments. The problem exposes cloud providers to litigation due to the failure to ensure data is safe in the cloud if data is accessed using shared technology vulnerabilities. Issue 5: Hijacking of Services and Accounts The assuming of other people’s identity and using it to access computing resources is a common problem in most computing environments. The cloud environment is also threatened by this problem but has not yet recorded any incidents that may have used false authentication information to take over cloud services or accounts14. Falsified authentication presents a bigger threat to cloud computing environment as it gives an attacker the opportunity to exploit the other vulnerabilities that characterise cloud infrastructure. Issue 7: Disclosure Cloud computing servers might play host to information that may be needed by law enforcement in the course of investigating criminal activities15. In some countries governments may require providers to give financial information of individuals for criminal investigation or taxation purposes. Providers must recognize situations in which the law them to disclose information they host on behalf of clients. The problem of disclosure is also encountered by banks and other organization that deal with private data. Improper disclosure of private data may lead to the filling of suits against providers. Issue 8: Operational Jurisdiction The cloud computing especially for the big operators may spawn across international boundaries. The international nature of cloud computing services means there is a conflict in jurisdiction on any illegal activities occurring in the service environment16. A Cloud may host its services for a particular client in multiple servers each located in a separate country (jurisdiction) .If for example the information so hosted is duplicated copyright material, the issue may bring confusion as to which jurisdiction has the authority to act on the matter17. The problem of determining jurisdiction of legal issue is not unique to cloud computing but is also found in internet publishing and international press matters. Measures that can be taken to ensure data is safe in a cloud Environment Cloud computing providers should require fulfilment of stricter conditions for people registering to use their clouds. The management can partner with credit card companies to make sure all cards used to pay or register for all cloud account are not only valid but authentic18. Similar measures have been successful in securing corporate websites against credit card fraudsters. Cloud providers should also put in place recruitment policies that make sure the workers who have privileged access to data are trustworthy. Confidentiality clauses in employment contract are one of the ways to make employees feel responsible for the security of data entrusted to their care19. The provider should also be transparent about the process and procedures used in data storage and security within the server. The above methods have been widely used in banking and in very rare cases have banking employees breached the security of banking data20. Cloud computing service providers have an obligation to their clients to use the best security practices in the market at whatever cost21. Additionally, they must actively monitor the cloud environment to ensure that every clients data and operation remain isolated with those of other clients. Providers must use available security and recovery technologies to protect against Data loss and protect the data integrity providers must come up. Such measures include encryption of data during transmittal, Use of software to guard against malicious attacks, provide backup and recovery services for client’s data and operational system. To reduce security vulnerability caused by hijacking of account through false credentials. Both providers and users of cloud services should compel their employees never to share their security credentials with other workers or individuals22. Actively monitoring and responding to issues of authentication and authorization would also reduce vulnerability. Multi-layered authentication system that incorporate modern authentication methods like biometrics would also go a long way in ensuring the likelihood of hijacking of accounts goes down23. Conclusion The rise of cloud computing as a new computing paradigm has excited most organization with most planning to migrate into the new service in the near future. The Cloud computing environment faces a number of legal issues related to data security, confidentiality and privacy. However the issue facing cloud computing has already been encountered on other computing network implementation including the internet and the server-client system found in organization. The banking industry is also faced with information management issues very similar to those facing cloud computing services. Indeed, banking operation has dealt with highly sensitive information even before the advent of computer systems. Likewise, the problem of sharing of access credentials is common throughout other computer system. The measures used to reduce exposure to liability for cloud users and provider are the same with those used to secure other computing infrastructure and resources both over the internet and on local networks. Thus, it can be concluded that the legal issues facing cloud computing are not new and have been dealt with before the advent of the cloud technology. Bibliography A.Articles/ Books/ Reports Thomas, D. and Loader, B, Cyber crime: Law Enforcement, Security and Surveillance in the Information Age (2000) London: Routledge. M. Crouhy, D. Galai, and R. Mark. The Essentials of Risk Management. McGraw-Hill, New York, USA, 2006 B.Others Cloud Security Alliance 2010. Top Threats To Cloud Computing (Accessed May 30th 2012) Constantin, Lucian 2012. Hacktivism Was the Leading Cause for Compromised Data in 2011IDG News < Hamilton, D2008. 'Cloud computing' seen as next wave for technology investors. Financial Post, 4 June. (Accessed 30 May 2012) IBM 2011.Security, Privacy, and Regulations in the Cloud IBM The security risks of cloud computing ( Accessed 30 May 2012) MacAyeal, J 2011. The security risks of cloud computing ( Accessed 30 May 2012) Pettey, Christy 2012. Gartner Reveals Top Predictions for IT Organizations and Users for 2012 and Beyond (Accessed May 30 2012) Sangroya, Amit Kumar, Saurabh Dhok, Jaideep and Varma, Vasudeva, Towards Analyzing Data Security Risks in Cloud Computing Environments(Accessed 30th May 2012) Secure128.com, Cloud computing can lead to increased data security breaches, expert says (Accessed 30th May 2012) Wayne Jansen, W & Timothy Grance, T, Guidelines on Security and Privacy in Public Cloud Computing (accessed 30th May 2012) Weiss, Aaron 2007, ‘Computing in the clouds’. (Accessed May 30 2012) . Read More