ISS

ISS AND CLOUD COMPUTING 11

CS 632 Information Systems Security Project Assignment

ISS and Cloud Computing (Intranet, Extranet and Internet)

Team H

Vikram Raju Manthena

Akhila Bonagiri

Krishna Devabhakthini

Kiran Gurram

Lakshmi Durga Sammeta

Nikhil Chowdary Polina

Running head: ISS AND CLOUD COMPUTING 1

Campbellsville University

Abstract

This paper briefly explains about the Cloud Computing and its security practices that must be implemented to secure the infrastructure of Cloud Computing

Keywords: Types of Cloud, Cloud Services

1. Introduction

Background/Introduction

Prior to Cloud Computing, it has been very complicated and overpriced to maintain business applications as these applications were highly dependent on wide range of hardware and software and human resources to deal with installing, configuring, securing and updating these applications. With Cloud Computing, all the computing services like servers, storage, database and networking etc. are collaborated at a common place and can be accessed by paying only the service you use. This will be a huge decline in the operational costs and efficient use of the resources and better performance.

Problem Statement

The security, privacy and trust are still the concerns with Cloud Computing as all the resources such as software, hardware and data are stored inside and cloud and not visible once has to make sure while requesting services from cloud.

Hence, it is crucial to have a proper authentication and authorization between the user and the cloud provider such that it is easy to identify the request has been made by an actual user and not some intruder.

Goal

In this paper our primary focus relies on how to provide the security to the cloud resources and identify the potential risks factors involved while migrating or using cloud technologies and mitigate them.

Research Questions

The following questions will be answered:

· What factors should be considered from security standpoint while using cloud services

· How to aware the consumers in terms of CIA – Confidentiality, Integrity and Availability.

Relevance and Significance

Cloud computing is latest IT service which offers a unique way of managing the computing resources virtually with less effort and faster execution. In recent times most of the organizations irrespective of their size have been migrating to use cloud services which will eventually reduce the infrastructure costs. Therefore, we have selected to focus on the security and its key factors such that it helps organizations to construct a framework which would avoid any malicious access and avoid any issues related to security by constructing a roadmap which helps in understanding the crucial factors around the security plan.

Barriers and Issues

The issues of the study are to identify the possible security threats which may show up while using cloud services.

2. Literature Review

Cloud computing is an IT service which eases the delivery of computing services like Servers, Databases, hardware, software, networks, intelligence and more over the internet. It serves as a penultimate solution for all services required by an organization with more flexibility, rapid innovation and less cost. Many organizations are migrating to use cloud services as it provides the computing resources in a sophisticated manner. Cloud computing completely eradicates the cost of purchasing software, hardware, data centers and the electricity to maintain the servers and controlling the infrastructure as all these will be in cloud there is no need of any infrastructure cost. It adds a huge benefit for accessing the data or any service when compared to the traditional business systems. It can retrieve the vast amount of data by few clicks of a mouse. There is no need of managing and racking the servers in the data centers which gives ample time for any organization to achieve or focus on crucial goals. The performance of cloud services is much superior when compared to single data center servers as the clouds are being operated all over the world, the network traffic would be less for applications are results in better performance.

Cloud Computing deployment models:

1. Public Cloud:

These are usually owned by a third-party provider who delivers the computing resources over the internet. Third-party provider will be controlling all the data centers and hardware and software resources and user makes up a request using a web-browser.

2. Private Cloud:

Unlike Public cloud, private cloud is the service which is served exclusively to a specific organization. The organization itself can hold its private cloud or pay third-party clouding providing firms to handle their private cloud and all the data in this cloud will be maintained in a private network.

3. Community cloud

The community cloud is a group of resources that have been agreed to share among the communities like their policies, missions etc. can be made bade on the agreement between the community.

4. Hybrid Cloud

The combination of public and private cloud is referred as hybrid cloud. Both the prior clouds will be clubbed together and shares the data and applications among themselves. This brings more flexibility and more deployment options.

Cloud Computing service models

1. Software as a Service (SaaS)

2. Infrastructure as a Service (IaaS)

3. Platform as a Service (PaaS)

3. Approach/Methodology

Number of research methodologies are in practice, choosing right one based on the need of project gives the effective outcomes. In this method, qualitative research methodology is used to collect the data, Since the purpose of study is to focus on CIA and cloud security factors. A set of questions was prepared and asked to sample group of cloud experts in organizations. For confidentiality purpose the organizations names were not mentioned. The purpose of study to understand the different perspectives about particular situation.

Qualitative Research and Interviews:

In qualitative research it is important to understand the perspectives of induvial on social reality and each participant view is important in the analysis process. In this particular research project, we chosen interview methods with set of questionnaire related to Cloud Security and migration to cloud and CIA awareness in consumers. The questionnaire is showed on Appendix A with details.

Interviews were conducted from different industry experts specially who are currently involved in cloud technology. We approached them through different mediums, like LinkedIn and through business contacts. This gives authenticity of person we are interacting.

Participant selection was done through purposive sampling. In this method we choose participants with required skills and knowledge on the areas we do research to get accurate response. In this method we knew what kind of organizations we want to target and how much experienced person we are reaching to do detailed investigation about the topic. Participant details are mentioned in Table 1 Participant Details.

We have briefed the participants about the purpose of study and explained them the confidentiality details and use of the study. Since the organizations chosen are from different places, we conducted interviews through Video calling service using Skype. And each interview lasted for 30 minutes. And few participants didn’t answer one or two questions. Each response was recorded for future reference purpose. And after the interview we have shared the recording to the participant to strengthen the reliability.

Data Analysis was done by collecting he recoded video. Converting the video information into writing using Microsoft Word document. And categorized the answers of each participant and identifying relevant categories and sub categories to find the solution. To make sure the reliability and validity od research we have selected interview method by forming relevant questionnaire, selecting relevant participant with experience in cloud technology. And the gathered information was transcribed and confirmed with participant for strong reliability.

Ethical considerations of the project was taken care, all the participants in the research were aware about the research purpose and they are willingly participated in the interview. Before interview we made it very clear about this information will be used only for academic purpose. We respected their privacy and we didn’t disclosed their names and details of participants and organizations as well. And the gathered information was shared with each participant.

Findings, Analysis, and Summary of Results

References

Anatoly Аleksandrovich Malyuk, Anatoly Valerievich Tsaregorodtsev, & Elena Valeryevna Makarenko. (2014). One of Approaches to Information Security Risk Estimation for Cloud Infrastructure. Bezopasnostʹ Informacionnyh Tehnologij, Vol 21, Iss 4 (2014), (4). 

Jamal Talbi, & Abdelkrim Haqiq. (2017). A MAS-Based Cloud Service Brokering System to Respond Security Needs of Cloud Customers. International Journal of Interactive Multimedia and Artificial Intelligence, Vol 4, Iss 3, Pp 65-69 (2017), (3), 65. 

Appendices:

Appendix A – Interview Questions:

The purpose of study is to investigate the perspective of cloud consumer focus on confidentiality, Integrity, availability (CIA) to mitigate the cloud security concerns. And understanding the process of success and failure of the mitigation process by identifying the elements that causes.

This study is conducted by group of students who studies Master’s in Information Technology Management at Campbellsville University in Louisville. This study is part of group research project.

Thanks for sharing your valuable experience and your time with us.

Introduction:

1. What is your position and role at work?

2. How long you are handling clod security issues regarding to the cloud?

Cloud Security and Services:

1. What are the important steps to consider by users before migrating to cloud platform?

2. How does organization Security strategies impacted due to Cloud?

3. What factors to focus on security prospect while using cloud services?

4. How far CIA traid is covering security concerns of cloud users?

Table 1:

Participant Details

Participant	Role In Organization	Years Of Experience In Cloud Technology
Participant 1	Cloud implementation consultant	4
Participant 2	Director of IT Security	3
Participant 3	Cloud Security Analyst	3.5
Participant 4	Cloud compliance advisor	2
Participant 5	Project Analyst	3
Participant 6	Cloud security and compliance specialist	2.5

Note: This table contains the information about, participants of the research. Six number of participant handling different roles and responsibilities with different experience in cloud technology. Main focus of this research is to understand the security concerns so preferred mainly Cloud security role persons to understand the process of it.