StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Security Challenge in Cloud Computing - Literature review Example

Cite this document
Summary
This paper "Security Challenge in Cloud Computing" brings in a comprehensive analysis of the security challenges in cloud computing security, by mainly concentrating on denial of service, and how the company’s research and development (R&D) can be used to alleviate the situation…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER94.1% of users find it useful

Extract of sample "Security Challenge in Cloud Computing"

Name: University: Instructor Date: A Security Challenge in Cloud Computing Executive Summary Cloud computing is defined as an IT services set that are offered to a customer through a network on a hired basis as well as with the capacity to scale down or up the requirements of their services. Normally cloud computing services are distributed by a third party source that possesses the infrastructure. Cloud computing has score of benefits such as suppleness, effectiveness, resilience, scalability, as well as outsourcing non-core activities. As discussed in the paper, cloud computing presents an innovative business paradigm for companies to espouse IT services devoid of upfront investment. In spite of the possible benefits realized from the cloud computing, most organisations are reluctant in acknowledging it owing to security challenges as well as issues related with it. Undoubtedly, security is one of the key challenges which slow down the advancement of cloud. The thought of passing on vital data to a different company is worrying; such that the end users must be watchful in comprehending the threats of data breaches in this novel setting. This essay brings in a comprehensive analysis of the security challenges in cloud computing security, by mainly concentrating on denial of service, and how the company’s research and development (R&D) can be used to alleviate the situation. Introduction Cloud computing according to Zissis and Lekkas (584) generates a fundamental keyword in hastening IT businesses, but also it own a disseminated architecture rooted in unfixed nodes, as well as security challenges drawn from cloud computing services. Fundamentally, the surfacing of cloud computing has hastily altered all and sundry’s insight of infrastructure structure, models for development, as well as software delivery. Faisal et al. (565) posit that following the makeover from CPU computers to models of server deployment, cloud computing encompass aspects from utility, automatic, as well as network computing into an resourceful deployment structural design. At present, cloud computing is attaining augmented recognition, but organisations are worried about the security challenges that it comes with it after its adoption. Significantly, implementation of cloud computing regularly encompasses a progressive security technology, mainly accessible due to centralization of data as well as widespread structure. In its epitome, Verbelen, Stevens and Turck (452) affirm that cloud computing can deal with many inadequacies faced by conventional architectures owing to its distinctive attribute. Furthermore, cloud computing lays bare a novel world of businesses opportunities, but accompanied with scores of security challenges that must be well thought-out and handled prior to executing the cloud computing strategy. For this reason, the essay analyses cloud security challenges by recognizing exceptional security countermeasures. Cloud Computing The 21st century according to Faisal, Azher and Ramzan (567) has been exemplified by a lot of changes in most means as well as facets of life. Intrinsically, E-technology and computerization are a number of the sectors that have accounted incredible growth. At the moment, Cloud computing is still attaining prominence at the heart of enormous businesses organisations as well as SMEs. Cloud computing, permits business organisations to run application online in what is widely acknowledged to as a cloud. The “cloud” according to Enslin (10569) enhances sharing of data outside and inside the business setting. Additionally, clouds bear a resemblance to a server where a business can amass its information needed by the company, but the key distinction between cloud computing as well as server based technology is that users in cloud computing are allowed to run applications online devoid of the necessity to install or download them in their PCs. This makes cloud computing suitable for both the service providers and users to benefit from the high speed of connection facilitated by cloud computing. Security Challenges At present, there are scores of challenges that require solution prior to deciding whether cloud computing is a feasible alternative for the organisation. According to Marston, Zhi Li and Zhang (178), it is justifiable why companies are wary of the data loss after information is keyed in to the cloud. Providers of cloud computing service as per Chang, Walters and Wills (526) are incorporating measures hastily with the intention of attempting to resolve this troublemaker. Some of the security challenges to cloud computing include; denial of service (DoS), data loss, data protection, user authentication, and data breaches, Data Breaches Fernando, Loke and Rahayu (89) argue that if a multitenant database for cloud service is not appropriately designed; one error in a customer's application might permit a hacker to get to both customers’ data with ease. Basically, the challenge in handling this risks of data leakage as well as data loss is that the measures introduce by the organisation to mitigate one security challenge can worsen the other challenge. Given that cloud serving is a single centralized warehouse for the organisation’s mission-vital information, the danger of the data being compromised because of a data breach or made inaccessible for a moment because of a natural catastrophe are bona fide concerns. A great deal of the legal responsibility for the data disruption in a cloud in the end rests squarely with the corporation whose mission-vital undertakings rely on that data, even though legal responsibility may and must be bargained in an agreement with the services provider before any commitment (Verbelen, Stevens and Turck 453).  A wide-ranging security evaluation from an unbiased third-party is firmly suggested also, and companies must recognize how their data is being protected as well as what measures are used by the service provider. Data Loss Data loss is prospect of the company’s important data vanishing into the air with no a trace, wherein a malicious attacker could delete the aimed data because of malevolence. Still, a company can lose its data to a cloud service provider who is not careful or a catastrophe, like an earthquake, flood, or fire. Encrypting of the company’s data to protect against theft can go wrong in case the company lose its encryption key; thus intensifying the security challenge. Data loss according to Zissis and Lekkas (588) is not just challenging with regard to affecting the customers relationships, since the company might as well get into trouble with the federal government if the company is lawfully needed to amass certain data to remain compliant with particular laws, like HIPAA. Data Protection Executing a cloud computing strategy signifies placing important information in the third party’s care, so making sure that the data is protected both at rest and when being delivered is of vital significance. Data must always be encrypted, with evidently clear roles when deciding who will be dealing with the encryption keys. In nearly all instances, the just means to actually guarantee encrypted data confidentiality that dwells on storage servers of the cloud provider is for the user to own as well as administer the data encryption keys. User Authentication Enslin (10569) maintain that data resting in the cloud must be available just to the authorized users; hence, making it vital to both limit and supervise who will be accessing the data of the company by means of the cloud.  So as to guarantee the user authentication integrity, companies must be in a position to observe access logs of the data as well as review trails to confirm that users who are only authorized do access the data.  Such audit trails and access logs also must be protected and preserved for as long as it is needed by for legal purposes or company needs.  Based on security challenges of cloud computing, Enslin (10570) thinks it is the user responsibility to make sure that the cloud provider has taken into consideration all vital security measures to protect access to that data as well as customer's data. Denial of service Denial of service (DoS) is ranked as the greatest cloud computing security threat. Having been an Internet threat for ages, DoS has turned out to be more challenging in the epoch of cloud computing when companies are reliant on the continuous accessibility of several cloud computing services. Undoubtedly, outages of DoS can heavily cost service providers as well as attest to be costly to users who are charged based on disk space used as well as compute cycles. Even though a hacker may not be successful in pulling down the cloud computing service completely, he/she can still make cloud computing to use so much processing time that ultimately turns out to be too costly for the company to run and hence leading to the collapse of the system. Presently, Cloud services are turning out to be more and more well-liked, both in the midst of the business enterprises and the public in general. Armbrust, Fox and Griffith (58) posit that Cloud services while convenient can be tremendously susceptible to DoS attacks. As other companies are depending on cloud computing technology for operations in their companies, DoS attacks, the most prevalent form of attack on the cloud, can become exceedingly destructive. Actually, a DoS attack makes the company’s machine or network inaccessible to the aimed users by swamping them with requests for connection. According to Verbelen, Stevens and Turck (452) cloud services heighten the attacks threat. In their study they highlighted that over 90 percent of operators at the data centre reported security attacks on cloud services, and based on the reported attacks, 76 percent had experienced Distributed Denial of Service Attack (DDoS) towards their users, whilst only 43 percent had total or partial infrastructure break downs because of DDoS (Verbelen, Stevens and Turck 456). DoS attacks can in effect put the company’s computer or network out of action, and this relies on business nature of the company. A number of DoS attacks can be carried out with inadequate resources against an enormous, complicated website, and this form of attack is from time to time acknowledged as asymmetric attack. For instance, a hacker with a 20th century computer along with a slow modem can manage to disable more sophisticated as well as much faster networks or systems. Some time ago, scores of websites like Yahoo, CNN, in addition to eBay have happened to DoS attack victims. If only one aimed DoS attack can take a lot of people across the world offline, just picture the level of damage these attacks bring to a business. Lately, an enormous DoS attack occurred at CloudFlare, with attackers taking advantage of the Network Time Protocol Servers (NTP) vulnerabilities (Chang, Walters and Wills 528). This form of DoS attack is somewhat novel, utilising a method acknowledged as NTP reflection attacks. In NTP reflection attacks, the hacker sends requests to the NTP servers with spoofed Internet Protocol addresses (IP addresses). In this regard, the intention of sending the requests is to make the server take more lengthily time to respond to such requests, and consequently, fail to serve the intended clients. This attack had an effect to data centres across the world, leading to short-term jamming on the network of the company. Akin to NTP, other protocols namely, Simple Mail Transfer Protocol (SMTP) as well as Domain Name System (DNS) can as well be used to increase DoS attacks. In this case, Fernando, Loke and Rahayu (92) suggest that companies must frequently monitor and scan and NTP servers to identify and amend vulnerabilities. Besides, a tool such as Open NTP Project may be utilised for scanning NTP servers. Moreover, NTP servers must be update since the older versions could have a number of security flaws. An additional example of a cloud service DoS attack took place on Amazon cloud some years ago. Bitbucket, a web-based hosting service suffered almost a 24 hours of downtime owing to an enormous distributed denial of service attack on Amazon.com, and scores of developers did not manage to access their codes for some time for the reason that of the DDoS attack. Besides that, UDP packets flooded the Amazon website, in essence using all its bandwidth, and also making Amazon services inaccessible to the clients. Marston, Zhi Li and Zhang (183) posit that one of the key reasons behind this enormous attack was because Amazon did not have security controls ready to detect as well as battle DoS attacks. Having no suitable protection mechanisms in position is the underlying principle why scores of companies fall prey of DoS attacks. Technology development as well as research and development (R&D) with regard to DoS has been facilitated in line with the security measures for cloud computing services. Still a novel R&D Strategy has been developed with latest trends as well as environmental changes across the world considered (Verbelen, Stevens and Turck 453). Given that the R&D strategies are long-term as well as medium subjects, R&D Strategy in essence embraces traditional concepts of promotion. Even though the objective of conventional technology development as well as R&D has been to enact a novel architecture for getting rid of online security threats in the long-term, both defenders as well as attackers have turn out to be asymmetric in recent cloud computing security state of affairs. The most distinguishing aspect of R&D is to concentrate on innovation that can help overcome security challenges like DoS attacks in cloud computing. In other words, research and development about data security can generally be divided into the defensive field as well as offensive field (to reduce harm caused by DoS attacks). Marston, Zhi Li and Zhang (182) posit that this R&D Strategy concentrates on the offensive (to nullify DoS attacks and to heighten the attackers financial burden), as well as to support R&D to achieve a secure and protected cloud computing system that can generate novel value and has the ability to offer society support. For the R&D the promotion, it is imperative to generate a virtuous primary R&D circle, support sophisticated data security HR development, as well as motivate the data security industry. Basically, the R&D Strategy concentrates on increasing the attacker financial burden of the attacker by taking hard line steps, like by voiding DoS attacks, and promoting R&D to achieve a safe and secure cloud computing. Therefore, the R&D subjects are generally grouped into cloud, surrounding infrastructure, users, as well as attackers, and essential technologies are accordingly outlined. Additionally, data security meant for the cloud from DoS attacks is being integrated with a novel perspective of backing the next-generation Internet setting. R&D in this case is needed to ensure: new dependability on the clouding computing, and also to help the users to enhance their user control techniques of confidential information. Given that one purpose of the R&D Strategy is to encourage studies with regard to data security, Verbelen, Stevens and Turck (457) claim that setting up an infrastructure for encouraging R&D is also a crucial concept. Countermeasures For companies to overcome DoS attacks, they must at first establish vulnerabilities in their system by scanning, and then using vulnerability scanning paraphernalia like Qualysguard or Nessus to find out flaws that can be used to instigate DoS attacks. Afterwards, the company must put security controls into practice to repair the identified security challenges. The company can as well utilise Intrusion detection and prevention systems (IDPS): set up IDS/IPS systems to endlessly supervise the company networks for denial of service attacks. The company can configure IDS systems to identify and transmit alerts to security administrators in case of a DoS attack. Furthermore, IDS systems can as well be tailored to detect a security threat to the company’s cloud and take counteractive actions to overcome it. Evidently, older software versions are normally susceptible to DoS attacks, and so the company must test for security updates as well as install them on firewalls, network hosts, and routers. To improve security safety measures against DoS attacks, R&D for generating an attack-resistant data as well as Cloud with regard to data security must be promoted. To thoroughly solve the security challenges on the cloud computing, collaboration with innovative R&D, the next-generation Internet that acknowledges an ICT model shift, for instance, must be developed. According to Chang, Walters and Wills (528) posit that R&D relating to cloud computing security must be promoted so as to expand the world’s information security industry. Every company should carry out strategic R&D with regard to cloud computing security in a platform wherein data is exchanged across boundaries, and unresolved security challenges are progressively increasing; therefore companies must invest heavily on R&D, to counter the financial ability of attackers. Future Solutions While preparing for future DoS attacks, it is extremely imperative according to Fernando, Loke and Rahayu (101) to take use cloud computing to backup information as well as to decentralize them. Subsequent to the enormous DoS attacks, decentralization as well as backup measures through novel technologies, like cloud computing has to be examined. Cloud computing as a technique for backing up as well as espousing decentralization cheaply will in the future gain a lot of attention, but still, security challenge is believed to be a serious future hurdle in cloud computing. Endeavors to overcome this worry in terms of R&D must be hastened in the future. Besides that, in case the system is decentralized, DoS attacks in the future will create the need to study remote authentication. Furthermore, measures for preventing the threat of unserviceable systems must as well be taken into account. In the future, R&D for stopping the state of affairs advantageous for launching DoS attacks will be carried out as a pressing undertaking (Zissis and Lekkas 589).More particularly; there will be need for R&D into cloud computing that can foresee the probability and impact of a DoS attack as well as ways to optimize measures. Conclusion In conclusion, it has been argued that implementation of cloud computing comes along with score of benefits to the organisation, but the security challenges can surpass the benefits and lead to the collapse of the organisation. In its essence, cloud computing can handle scores of inadequacies endured by conventional architectures owing to its exceptional traits. Cloud computing also provides architecture for deployment that can handle shortcoming detected in conventional information system, but its dynamic characteristics can thwart the efficacy of conventional measures. Some of the challenges discussed include data loss, denial of service attacks, data protection, data breaches, and user authenticity. The essay has mainly concentrated on denial of services, which has become more exigent in the cloud computing age. Importantly, a company that heavily invests on R&D can overcome this form of security challenge since through R&D a company can increase attackers’ financial burden; thus reducing the scale of attacks. Work Cited Armbrust, Michael, et al. "A View of Cloud Computing." Association for Computing Machinery. Communications of the ACM 53.5 (2010): 50-63. Chang, Victor, Robert John Walters and Gary Wills. "The development that leads to the Cloud Computing Business Framework." International Journal of Information Management 33.3 (2013): 524-538. Enslin, Zacharias. "Introduction to cloud computing and control objectives for information and related technologies (COBIT) - mapped benefits of cloud computing adoption." African Journal of Business Management 6.41 (2012): 10568-10577. Faisal, Chaudhry Muhammad Nadeem, et al. "Cloud Computing: SMEs Issues and UGI based Integrated Collaborative Information System to Support Pakistani Textile SMEs." Interdisciplinary Journal of Contemporary Research In Business 3.1 (2011): 564-573. Fernando, Niroshinie, Seng W. Loke and Wenny Rahayu. "Mobile cloud computing: A survey ." Future Generation Computer Systems 29.1 (2013): 84-106. Marston, Sean, et al. "Cloud computing — The business perspective." Decision Support Systems 51.1 (2011): 176-189. Verbelen, Tim, et al. "Graph partitioning algorithms for optimizing software deployment in mobile cloud computing." Future Generation Computer Systems 29.2 (2013): 451-459. Zissis, Dimitrios and Dimitrios Lekkas. "Addressing cloud computing security issues." Future Generation Computer Systems 28.3 (2012): 583–592. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Security Challenge in Cloud Computing Literature review, n.d.)
Security Challenge in Cloud Computing Literature review. https://studentshare.org/information-technology/2063866-a-security-challenge-in-cloud-computing
(Security Challenge in Cloud Computing Literature Review)
Security Challenge in Cloud Computing Literature Review. https://studentshare.org/information-technology/2063866-a-security-challenge-in-cloud-computing.
“Security Challenge in Cloud Computing Literature Review”. https://studentshare.org/information-technology/2063866-a-security-challenge-in-cloud-computing.
  • Cited: 0 times

CHECK THESE SAMPLES OF Security Challenge in Cloud Computing

Information Security and Assurance

In addition, there are a large number of problems and issues that pretense critical and possible challenges for data and information security in cloud computing, comprising domain-specific restrictions, place limitations, technological or legal limitations, effectiveness of data management, various security metrics supported by cloud security providers, inappropriate implementation of sufficient security mechanisms, service-level security issues and the aggregation of data (Hudic et al....
3 Pages (750 words) Essay

Relevance of Current UK IT Law to Cloud Computing

Title of Project: Is current UK IT law relevant when applied to cloud computing?... Examination of the nature of cloud computing by copying out a structured serving of current practice and offerings.... Identification of aspect of cloud computing that do not comply with or avoid current UK IT law.... The Main Deliverable(s): A critique of current IT law when it applies to cloud computing.... A review of how cloud computing or will change the legal context for IT operations management....
3 Pages (750 words) Dissertation

Challenges IT Managers face when moving to cloud computing

cloud computing refers to a model that enables convenient, on-demand access to a network of shared, configurable computing resources that can be released and provisioned with less service provider interaction or management effort.... However, there are very many risks associated CHALLENGES IT MANAGERS FACE WHEN MOVING TO cloud computing Challenges IT Managers face when moving to cloud computing cloud computing refers to a model that enables convenient, on-demand access to a network of shared, configurable computing resources that can be released and provisioned with less service provider interaction or management effort....
2 Pages (500 words) Research Paper

UMUC Haircuts Stage 4

Moreover, Infrastructure as Service or (IaaS) or IaaS clouds often offer additional resources such as virtual machines, storage capacity, security and end-to-end logical network model. The deployment of BPM in the cloud presents… an opportunity to enable small and medium enterprise market (SME) to reach for BPM applications as they only pay for what they need due to the elasticity and scalability of cloud computing. The integration of BPM and cloud computing enable enterprise with specific domain Introduction cloud computing is one of the most essential concepts that will continue to play a dramatic role in the modern century....
2 Pages (500 words) Assignment

Cloud Computing as an Important Invention in the Technological Sector

The paper "cloud computing as an Important Invention in the Technological Sector" discusses challenges that face the company from migrating to cloud computing.... etflix is a company that has transferred most of its services to cloud computing.... It was using data centers to provide for its services before it moved to cloud computing which offers plenty of storage for its gigantic volume of videos.... It uses cloud computing in the host of its website, which provides various services to users like video streaming....
5 Pages (1250 words) Case Study

Cloud Audit and Compliance

Customers anticipate that with stricter privacy controls forced by law in their nations, the future of cloud computing will ensure the privacy of their information.... The science of cloud computing is advancing swiftly, while the regulations on this service remain to differ regionally.... However, the compliance issues with cloud computing seem to be coming to an ultimate solution as, Organization for Economic Co-operation and Development (OECD), Directorate for Science, Technology, and Industry is implementing guidelines on the protection of privacy and trans-border flows of personal data to ensure that the privacy of the customers is achieved (Bachlechner, Thalmann & Maier 2014)....
1 Pages (250 words) Essay

Cloud Computing Voting Architecture Diagram

Also, in cloud computing environment data cannot be segregated (Raouaf, 2009).... As a result it is important that the provider of the cloud computing services should reamin an ongoing concern.... cloud computing system are always under the supervision and maintenance of a third party.... Data is found to be distributed throughout the cloud computing network and this may cause a lot of problems when specific data or information is needed to be segregated....
5 Pages (1250 words) Assignment

A Geographic Information System: Icloud

cloud computing provides a delivery method for geospatial capabilities to line-of-business information and enterprise information systems.... "A Geographic Information System: Icloud" paper examines GIS software on the cloud that has many advantages that accelerate the shift to cloud-based GIS.... One of the distinct advantages of GIS on the cloud is its potential to deliver GIS services to customers beyond the traditional GIS niches....
6 Pages (1500 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us