Research paper
Running head: CLOUD COMPUTING SECURITY AND PRIVACY
CLOUD COMPUTING SECURITY AND PRIVACY 16
CLOUD COMPUTING SECURITY AND PRIVACY
Abstract
Cloud computing refers to how data is used up and governed, promising better cost proficiencies, enhanced novelty, on-time delivery, and the capability to measure the number of resources on request. There has been a tremendous shift towards using this technology due to a steady increase in growth from 2009 to 2010. The rise describes cloud computing to have a lot of benefits to its users. However, as cloud computing is taking shape in terms of the exponential growth and service delivery, privacy, and security issues pose a significant threat. The challenges have led to poor quality of services and crippled the economy of some of its users. In this paper, I will discuss the challenges and the issues facing Cloud computing ranging from privacy, regulatory, and security. There are also emerging trends that are facing out some of the problems in cloud computing in the cloud. Presented in this paper are some of the defensive mechanisms to solve the challenges given by the different organizations.
Introduction
Today Cloud computing is being used in various fields such as academia and industries. It signifies a novel model in both business and computing models, which allows a high demand storage capital asset and the provision of computation services. Sengupta, Kaulgud, & Sharma. (2014), described cloud computing to be a software for allowing suitable, on-time request to a huge number of arrangeable computer resources; like applications, storage, web, services. It provides a platform where services can be done at a faster rate and, at the same time, ensure that the services are cost-effective. The services are offered through applications, software and hardware by the use of the internet. This model of computing enables users to use minimal cost, less effort and provide individuals with a chance to strip themselves a structure of administration and emphasis on essential capabilities, and at most have the speed presented by the on-time delivery of computing resources.
There are four delivering models used in cloud computing based on the service providers; these cloud models include Community, Hybrid, Private and Public cloud. The models could be used solely or in combination, depending on the organization's policies or the available resources. Community cloud involves services that are provided by a number of institutions for helping a selected individual that has mutual interests such as security needs, policies, acquiescence and deliberations. The services may be monitored by a third party or the company. They can also exist away from the specified site an example is the government. The Cloud is provided by different agencies and can be used by all. Private Cloud involves the provision and management of services by a specific institution or a third party. Public Cloud includes services that are availed and managed by the community but owned by a trading cloud institution service an example is Alibaba Cloud provider. Hybrid is a cloud model that uses a combination of different clouding designs for example private and public cloud designs or public and individual designs. From the viewpoint of an institution delivering service, three types of cloud services may be used, which are a platform providing service where applications are developed and implemented. The second is a software servicing where applications are rented instead of purchasing and installing as the chief administrator, thirdly is where the internet services are offered on a developed infrastructure by services providers offering the needed storage and the power to compute (Manas, Nagalakshmi and Shobha 2014). Cloud computing poses a lot of benefits to the user. From a hardware point of view, the illusion is that the computing resources are adequate and not limited. Hence service providers do not need to plan for the provisions; it provides a platform for institutions with little capital to start with fewer resources and increase the support as the need increases. One can pay for the services on a short-term base and release the facilities when not needed. Cloud computing has created a platform for operations to be carried out on a large scale while decreasing operational costs for the service providers (Jansen and Grance, 2011).
Cloud computing poses many issues and concerns that would affect the provision of services to its users. The first concern is that the user has limited regulation over her information or the efficiency of the application that she would want to use, or the ability to alter the rules and procedures that she is required to perform efficiently (Zhou, Zhang, Xie, Qian, and Zhou 2010). Obeying to laws and regulations can be difficult, mainly when speaking about cross-border matters. The second issue is that users quickly lose their data when they are sealed into registered accounts and can lose control over their information since the apparatus for checking who is using and viewing them is not always given to the user (Sengupta, Kaulgud and Sharma, 2014). The third concern, it is not always easy to provide a 100% tailor-made service specific to the user or business even though there could be a form of compensation (Mather, Kumaraswamy and Latif, 2012). Lastly, the standards are undeveloped and inadequate for managing the quickly changing technology of cloud computing. Security is the biggest challenge that companies face when dealing with cloud computing. Companies unable to secure their users from alteration and loss of data, are considered to have failed(Behl, 2011). Businesses involved in cloud computing use resources to adequately secure their customers from external cyber-attacks and also inside attackers (Angadi and Gull, 2013). However, most of the companies encrypt their data to mitigate snooping, but this does not prevent the data from deletion and alteration. New advances are upcoming such as HMAC used by Amazon to protect their users by using a digital signature that deters malicious change. Cloud computing issues involve technologies such as operating systems, networking, management transaction and load balancing. Organizations providing services to their users, should ensure that data is secure by monitoring who is maintaining and who is accessing the data and also keep records of their users. The organization should also have unlimited access in order to manage and prevent malicious activities (Behl, 2011).
The other way organizations should secure data is ensuring that security is conducted on two basic levels one being on the customer stage and the other on the service provider level. To authenticate the admission panel, one should establish up data access regulations with privileges and then confirm these admission panels by the network providers. To ensure admission control approaches for the customer side, the organization providing the service should define and guarantee that the only approved operators can access the customer's data (Chen and Zhao, 2012). There are various risks involved in the software securities, which include; restricted user access on data, after the files is keyed in the sever, the provider can open data and also have control of information available in the software (Sabahi, 2011); Monitoring the confidentiality of information and restricting privileged user access is achieved by having data encryption before moving into the server. This isolates the capability to store information and also the ability to access that data. Another way to maintain the confidentiality of the data can be by enforcing legal requirements to cloud provider through assurance mechanisms and contractual obligations to enhance data confidentiality standards are fully met. Effective data encryption is upholding information privacy, where decryption sources must be separated securely from the server. For only approved party to decrypt information, data can be stored on separate keys on different structures in the server. Secondly, there are e-investigations and protective monitoring that works by employing protective tracking in the software, providing new solutions for cloud providers and customers since there is a distinct site for information. According to Jansen and Grance. (2011) technologies built by Cloud organization are aimed to provide boundaries among the software service structures and the Cloud consumers. Still, the weaknesses at this level of safety cannot be run out in total. This creates internal dangers and risks on the sever. This requires expertise in e-investigations and protective monitoring. In the sever environment, auditability is another side effect threat due to absence of governance. Insufficient clearness in the software operations to the providers is a key challenge.
Audits provided in manual checks and documents may be distributed and spread all over the globe. Hence a problem of transparency since regulations that restrict data and operations to move from one geographical area to another. Evaluating the safety of a third-party service provider is another major challenge, especially to the customers buying from the Cloud. This has intensified since there is no mutual trade cloud computing safety guidelines that users can scale their providers with. It is difficult to control information when a third-party restrains the legal effects of information and applications. The restraints are hardly to be understood by users, which becomes a cloud safety risk. There is also a potential absence of governance and transparency when the third party holds information of the customer. There is also a portion of the open cloud computing that can be executed autonomously, but there are legal requirements of clearness into the Cloud (Belh, 2011). Another threat is the side-channel occurrences, which are issues of delivering in the cloud designs via virtual stages that cause information loss over a sub-resident computer-generated machine. This is a growing risk and is well-thought-out to be in its early stages. This is a threat since the attackers can enter into cloud setup from an external door through the cloud boundaries by appearing as a rogue user inside a public cloud substructure and still read other users' data illegally. Another threat is the rejection of service bouts where data obtainability is a crucial issue to the organization who should consider mitigating this problem. According to Sengupta, Kaulgud and Sharma. (2014) rejection of service can be linked with network layer spread bouts. This occurs when the infrastructure is flooded with much traffic to cause critical components to wear out. It may also devour all hardware. In a multiple resident cloud substructure, there are risks such as shared resource consumption attack, which deny other clients the available resources for example thread implementation time, request for storage and web interfaces.
Crime organized Inside is also a risk that most of the Cloud providers face when they store different types of data (personal data, fiscal data and credit cards). The stored information may be available in the organizations involved, which can be accessed by criminals from the inside of the organizations. The insiders may be agents to crime since they may access customer’s data and the system to execute attacks (Kong, Lei and Ma, 2016). According to Chowdhury, Chatterjee, Sardar, Agarwal and Nath. (2013), information location and isolation is another threat of the cloud environment that is particularly important in the Cloud, given that there are distinct physical information sites and common computing resources. This results in contractual obligations toward cloud customers ensure that the information stored remains well processed and managed. This may spring out risks when the cloud providers forced to provide decryption keys to a risky third party. Standardization activities in cloud computing are events assumed by various standard association development groups to guarantee privacy and safety in the software. There exist different organization that are involved in issues concerning cloud computing security; Cloud safety association which is a nonprofit making organization gives security guidance on essential areas in the software. Through a published report, cloud security alliance guides on various strategic fields to provide a secure relationship between security practitioners and cloud providers. Distributed Management Task Force is a task force that comes up with interoperable information technology management resolution standards. It deals with topics like Open Virtualization Format and Open Cloud Standards Incubator. This task force has partnered with cloud security alliance to encourage ideals for cloud safety as way of ensuring that integrity is met. This group is tasked with designing several management procedures, making setups and safety tools to enable interoperability in the Cloud, trailed by conditions that will promote cloud provision movability and cloud supervision. Some association are formed in the Storage Cloud Work Assembly to develop a framework associated with system executions storage cloud machinery. Storage in the cloud is a new way of providing just-in-time storage billed only for what it is customized for. Using a cloud data management interface, a customer can identify their data with unique metadata and also one can move their cloud data from one seller to another without suffering any problems with the various interfaces.
Open Cloud Consortium is an organization that cares for the development of guidelines, benchmarking of the progress, implementation of open source references, cloud computing workshops and events. It is involved mainly in four working groups, namely, normal cloud efficiency measurement, large data clouds operational group, information sharing and finally, security working group. Other organizations ensure that development integration and use of e-business standards is done in accordance to the stipulated law. It provides the most web services standards alongside other standard services such as e-business, security and also ensures standardization in public sectors. The organization has various technical committees with objectives that are clearly defined; TM panels are an association that involves technological vendors like the international business machines, dell and large communication service providers. TM panels provide a document that acts as a guideline and offers a range of conventional methods, procedures and metrics to be used; International Telecommunication Union. This focus group was established following recommendations from other organizations to contribute to telecommunication aspects, which include security telecommunication aspects, service requirements and telecommunication networks. This focus group works hand in hand with universal cloud computing communities such as laboratories and research forums, among others; European Telecommunications Standards Institute is an association that is interested in providing solutions involved in the integration of information technology and telecommunications. It comes into place where the connectivity is beyond the local network. It includes grid computing as well as Cloud computing emerging trends. Object Management Group is a nonprofit organization that comes up with enterprise integration standards for an extensive range of industries. Arrangement of services and applications on Cloud is modelled to ensure portability, reuse and interoperability. Association for Retail Technology Standards is an international organization that advocates for the use of standards as a way to reduce costs, mainly in the retail industry.
Cloud computing settings pose a multiple-domain field situation whereby each field uses diverse trust needs as well as a security mechanism. The areas might be characterized independently through permitted services or structural components of any application (Zhou, Zhang, Xie, Qian, and Zhou 2010). With the advancement of technology, new emerging trends in cloud computing and privacy need to be realized to identify and manage critical security and privacy issues. Access control has been made flexible enough to accommodate the diversity of services; this involves the formation of policies that allow adequate access control to the services offered (Behl, 2011). Users can access their information and share it across the network. The user is prompted to input his or her credentials for authenticity purposes. The processor speed has been improved as well as the memory capacity. This has permitted large volumes of information to be stored and increased the performance of the system (Xiao and Xiao, 2012). Mobile phones and laptops have overtaken the old aged computers, which had few features on internet connectivity. Mobile phones have been customized to the user's preference as well as multiple functionalities. The trend will continue to increase in complexity in the coming years, which will also lead to more issues regarding privacy and security. Trust management and policy integration deal with service provided by the technicians in the cloud environment (Takabi, Joshi, and Ahn, 2010). This is done by the collaboration of multiple service providers though they usually have different approaches in the provision of the services. Cloud service provision may cause security violations, and this causes the providers to be careful to manage access control policies to ensure there are no security breaching via integration policies that have been developed. Integration bring problems such as language differences, policy management challenges and also safe interoperability.
Conclusion
Though this software is still at its infancy, it has gained universal popularity because of its ability to provide on-demand services, flexible efficiency, and it is also less costly. However, despite its technical advantages, it is prone to security issues, which may thwart its success as a new information technology model. A lot of businesspeople have not fully adopted cloud computing, or they are using it partially to store only less sensitive information. For cloud computing to be said as secure and private, it means it should contain various features, which are confidentiality, accountability and integrity, among others. Though these security issues seem new because of the adversities they cause, they are already in existence (Ang and gull, 2013). To ensure security, some organization have been formed to come up with solutions and frameworks in the form of standardized specifications to provide a secure cloud computing environment. Several emerging trends have also evolved to ensure that cloud computing achieves reliable threshold measures. Due to the dynamic climate, however, new privacy and security strategies ought still to be researched for better results and new heights in cloud computing.
Table 2
|
Authors |
Year |
Methodology |
Course & field of study |
Country |
Participants |
|
Angadi, A. B., & Gull |
2013 |
Qualitative |
Computer engineering |
U.S.A |
graduate |
|
Behl |
2011 |
Quantitative |
Information technology |
n/a |
graduate |
|
Chen, D., & Zhao |
2012 |
Quantitative |
Computer science |
n/a |
graduate |
|
Chowdhury, C. R., Chatterjee, A., Sardar, A., Agarwal, S., & Nath |
2013 |
Quantitative |
Computer engineering |
n/a |
graduate |
|
Jansen, W. A., & Grance |
2011 |
Qualitative |
Computer science |
n/a |
graduate |
|
Kong, W., Lei, Y., & Ma |
2016 |
Qualitative, quantitative |
Information technology |
China |
masters |
|
Manas, M. N., Nagalakshmi, C. K., & Shobha |
2014 |
Qualitative |
Cloud computing security |
n/a |
graduate |
|
Sengupta, S., Kaulgud, V., & Sharma |
2014 |
Qualitative, quantitative |
Information security |
n/a |
graduate |
|
Takabi, H., Joshi, J. B., & Ahn |
2010 |
Qualitative |
Computer security |
France |
graduate |
|
Zhou, M., Zhang, R., Xie, W., Qian, W., & Zhou |
2010 |
Qualitative, quantitative |
Computer engineering |
n/a |
graduate |
Table 3 Summary of participants, methodologies and main findings of the primary studies
|
Study |
Methodology |
Setting |
Participants |
Main Findings |
Analytical Tool |
|
4 |
Analysis of different case studies |
Extensive analysis of ten companies using cloud computing |
10 companies |
Cloud computing poses a major threat to privacy of information if now well implemented. |
Survey and observation |
|
6 |
Interviews with participants |
Cloud computing experts in Google |
10 employees in cloud computing section |
Google manages the issue of security and privacy by using a private cloud platform for most of its essential services. |
Interviews |
|
8 |
Interviews |
Interview with professional in the fled of cloud computing |
Cloud computing professionals |
Cloud computing can be sure and private if used in the correct way and for the right purpose. |
interviews |
References
Behl, A. (2011). Emerging security challenges in cloud computing: An insight to cloud security challenges and their mitigation. In 2011 World Congress on Information and Communication Technologies (pp. 217-222).
Chen, D., & Zhao, H. (2012). Data security and privacy protection issues in cloud computing. In 2012 International Conference on Computer Science and Electronics Engineering (Vol. 1, pp. 647-651).
Chowdhury, C. R., Chatterjee, A., Sardar, A., Agarwal, S., & Nath, A. (2013). A comprehensive study on Cloud green computing: To reduce carbon footprints using clouds. International Journal of Advanced Computer Research, 3(8), 78-85.
Jansen, W. A., & Grance, T. (2011). Guidelines on security and privacy in public cloud computing.
Kong, W., Lei, Y., & Ma, J. (2016). Data security and privacy information challenges in cloud computing. In 2016 International Conference on Intelligent Networking and Collaborative Systems (INCoS) (pp. 512-514).
Manas, M. N., Nagalakshmi, C. K., & Shobha, G. (2014). Cloud Computing Security Issues And Methods to Overcome. International Journal of Advanced Research in Computer and Communication Engineering, 3(4), 6306-6310.
Mather, T., Kumaraswamy, S., & Latif, S. (2012). Cloud security and privacy: an enterprise perspective on risks and compliance. " O'Reilly Media, Inc.."
Sabahi, F. (2011). Cloud computing security threats and responses. In 2011 3rd International Conference on Communication Software and Networks (pp. 245-249
Sengupta, S., Kaulgud, V., & Sharma, V. S. (2014). Cloud computing security--trends and research directions. In 2011 IEEE World Congress on Services (pp. 524-531).
Takabi, H., Joshi, J. B., & Ahn, G. J. (2010). Security and privacy challenges in cloud computing environments. Security & Privacy, 8(6), 24-31.
Xiao, Z., & Xiao, Y. (2012). Security and privacy in cloud computing. Communications surveys & tutorials, 15(2), 843-859.
Zhou, M., Zhang, R., Xie, W., Qian, W., & Zhou, A. (2010). Security and privacy in cloud computing: A survey. In 2010 Sixth International Conference on Semantics, Knowledge and Grids (pp. 105-112).