Data security issues in cloud computing
[Author]
[Institution]
Table of Contents
Abstract......................................................................................................................................3
Virtualization
and Cloud
Computing.........................................................................................4
Research
Aim.............................................................................................................................5
Research
Question......................................................................................................................5
Research
Rationale.....................................................................................................................6
Chapter
Two............................................................................................................................15
Literature
Review.....................................................................................................................15
Introduction..............................................................................................................................15
Cloud
Computing and Virtualization.......................................................................................15
History
and Evolution...........................................
..................................................................15
Definitions................................................................
...............................................................17
Types
of
Clouds.................................................................................................................... 17
Data
Security Issues in Cloud..................................................................................................18
Potential
Security Solution for Cloud Computing...................................................................21
Summary..................................................................................................................................23
Research
Methodology.............................................................................................................29
Exploratory
Research..........................................................................................................32
Descriptive
Research...........................................................................................................32
Findings.....................
.............................................................................................................34
Conclusion...............................................................................................................................38
Recommendations....................................................................................................................39
Abstract
This paper intends to shed light on the data security issues presented
by virtualization and cloud computing. It is a widely accepted fact that cloud
computing has many advantages because of which many firms have adopted this
approach. Because of this, enterprise
data has migrated to a hybrid cloud or public computers, but despite the potential
benefits of cloud computing, many organizations do not adopt this strategy.
Many large enterprises still do not allow their data to be shared as they have
many security concerns. The primary inhibitor for the instalment and adoption
of cloud computing is the privacy protection problem. The following paper will
provide a complete and concise analysis of these issues faced by companies in
almost all stages of their lifecycles. In the end a conclusion will be drawn
and recommendation will be devised as to how these companies keep their data
secure and free from the threat of unreasonable and undesired sharing.
Virtualization and Cloud computing
Cloud computinggave immense capacity in the hands of the user as it
allows provision, configuration and reconfiguration of services at large data
centres. It is an emerging new technology that allows people to store a large
amount of information and share it within an organization or across different
companies or firms. In cloud computing the word cloud is employed as the
metaphor of the ‘internet’ or in other words cloud computing is also used as
the synonym of internet-based computing. In this process the entire data of the
company is released on the company’s cloud and made available to each and every
person in the company. Because of its immense advantages cloud computing has
become the next generation of the IT enterprise architecture. This process has
overcome the market of traditional methods very easily and quickly and now it
is being used in management of the data to large centres where this process was
not fully trustworthy. However, the new features of cloud computing have given
rise to some very serious security threats that are not fully even understood
as yet. The main reason for the concerns
related to the security of a system is because information resides completely
in the provider’s premises. These clouds have one type of infrastructure that
can beSPELLINGchanges
in relation to the needs and demands of the customer. Encryption
algorithms are there that can used in order to enhance the security according
to the needs and demands of the user. However, there are some basic problems
related to the phenomenon of cloud computing that are required to be addressed in
detail before lending these services to any company. The present paper will
analyse the issues related to cloud computing and various measures companies
can take to improve the security and integrity of their data. This can be
ascertained by installing new software in company’s database and presenting a reliable
model for cloud computing. But the problem that ariseswhile conducting these
procedures is because of incomplete understanding of these issues and the way
they can be addressed in relation to the needs and demands of the company. There
are many companies that have successfully been using cloud computing. Some
famous companies include Amazon web service, Amazon sale service, and Skype. At
the same time many peer to peer networking companies have also taken numerous
benefits of this latest technology. They share their data on company’s cloud
that makes it easier for them to conduct their day to day operations. These
companies achieve coherence and economy in scale through data sharing process
and for this purpose converged infrastructure and shared service lie at the
heart of the cloud computing.
REFERENCE THIS PART Through cloud computing
maximization in the effectiveness of shared resources is achieved. These
resources can easily be re-allocated whenever their demand is felt in the
company. In this way maximization in the usage of computer power is
gained. In this way upfront
infrastructure cost of company’s operations can be minimised. At the same time,
maintenance needs also become less because it enables information technology to
adjust resources needs according to the requirements of the company.
Along with its advantages, cloud computing also raises several concerns
amongst users regarding economics, environment, resources, law and privacy.
There are many geographical differences as well as other concerns related to
data security that becomes evident with the centralization of information and
computer resources within some data centres. The control of organizations over
cloud computing becomes difficult and data sharing becomes the cause of serious
problems.
Research Aim
Data security and safety maintenance is an importance area of concern
for companies that are involved in maintenance of a large amount of data. This problem is encountered by many business
firms, private and public companies on regular basis.
The aim of this research paper is to identify various factors that make
data security a problem for various people. In this context it will be seen how
information is shared over various platforms and what happens when this
information is leaked. Finally, various aspects of data security will be analysed
in detail and recommendations will be devised as to how companies can maintain
a good system that can ascertain maintenance of company’s information within
its own boundaries.
Research Questions
Keeping in view the above research aim three research questions have
been developed that are as below;
What is cloud computing and what are different benefits and risks
associated with this process?
What issues are faced by companies in relations to cloud computing?
What measures companies can take to improve the security of their
system?
Research Rationale
Data security issue has become a serious problem for various business
organizations that want to share their information at a particular platform.
Information regarding this issue is present in the literature but a detailed
study that can highlight these problems can also suggest solutions to the
issues face by people is lacking. The present research will provide useful
information to people who are involved in this business and who want to keep
their information safe at a platform. Computer programmers can design a system
that can help people in screening their system against data leakage and hence
they can earn a great deal of revenue through this system. Finally, the trend
suggested by the study can be utilised by various business organizations and
firms in order to streamline their process according to latest findings.
From the start of the concept building to actual
deployment of cloud computing the concept is becoming more and more popular. In
the contemporary business environment its importance has been realised by many
medium sized and large corporations. Now they know the advantages of putting
this system in place. This not only save the cost but at the same time it also
aids in improving the infrastructure.
Virtual machines on the
cloud became famous by the end of 2011. These machines delivered data on cloud
and made it easier for people to share it. Powerful resources have been there
to supply for the supply of services over these cloud wherein infrastructure
and platform has been used as a cloud. Now there are many machines that not
only deliver flexibility and measurably but at the same time they also allow
manipulation of virtual machines at the cloud level. It is important to
understand what the term virtual VIRTUALISATION NOTmachine means. It
is the process that allows sharing of resources of single personal computer
with varied number of computers. Cloud computing helps in sharing of
information at various computer settings and for this purpose it has many
virtualised applications to improve its resources.
By the
virtue of cloud computing, visitorsCHANGE THIS TO ANOTHER WORD such as Service
users or end usersget an opportunity to enjoy these services
even without knowing the technical details of the entire procedure. Most of the
customers do not know how these services work but the benefit they enjoy is
like any other professional, however, a little negligence at their end can make
the entire system less viable and data security can face numerous threats.
As stated above, the purpose of this paper is
to analyse the problems that are encountered during cloud computing because of
the information sharing and for this purpose it will be mentioned what problems
may arise and what can be done to prevent such losses. Keeping the available
data ahead, all the issues will be analysed. As many business companies are
facing the issue of cloud computing so people with malicious intentions try to
reach valuable data of the company. In this way they can breach the protection
layers of cloud environment. The problem is that cloud computing situation is
not always clear as it is supposed to be. Servers do not have idea whether or
not their data is used on network sharing levels. At the same time, the service
user cannot handle the entire data flow from information storage.HOW DO YOU
KNOW THAT THEY ARE NOT SURE REFFERENCE itThe supplier of the service is not sure about the
services that are running on his header. In this way attacks on cloud computing are
experienced that can be categorised in two main categories:
1-
Knowledge
attacks
2-
Resource
attacks
REFERENCE ITIn
resource attacks, manipulation of data of cloud computing is done and large
scale bonnet attack is mounted. Such attacks are done for service suppliers. On
the other hand, unauthorised modification of important knowledge is done with a
particular device. These attacks target everyone including service suppliers
and users.
VM sprawling means:unexpectedly the
number of machines has been increased in data centre and my professor also has
mentioned this and it is nor exactly an attack but if it is known attack
reference it. andis not a big problem to create
replacement on virtual machine. This
allows denial of service attacks through VMS and allocation of large areas.
service suppliers favour a good replacement VM on the entire cloud. This kind
of attack is usually called as VM sprawling.Along with this, the use of backdoor presents another
serious threat to virtual machine sprawling. This results in the leakage of
sensitive data after which confidentiality level reduces and privacy is damaged.
With all these serious security issues there
is a need to take into account some serious steps that ascertain security in
the cloud computing.
Following literature review will
further highlight the problems that are encountered during sharing of data in
cloud computing. It will be seen how these issues are faced by the companies
and what can be done to buffer the information of an organization.
Chapter
Two
Literature
review
This
chapter extensively explains the concept of cloud computing and other relevant
ideas. The history and evolution process of cloud computing is discussed that
describes four phases of cloud computing recent emerged form. In addition the
chapter explains different deployment methods of cloud computing. In spite of
being one of its significance in information technology, cloud computing has came across various
security and privacy concerns over the time. This chapter has discussed most
widely known issues related to it and furthermore, some of the remedial
measures proposed by different authors and organizations are also discussed.
Cloud
computing is used by many companies and organizations at the same time
individual customers also use these services. These services provide storage
capacity and data sharing capacities to a company. At the same time, data
management system and email service, web-housing and officer’s applications are
also provided through this system. Many companies use cloud computing to save
personal photos of their employees, at the same time their profiles and health
related information is also stored after which the cloud becomes a complete
information centre of the company that needs to be secured against illegal
threats of invasion.
Weak security policies of a company allow its
sophisticated engineer to earn profits without working hard and physical
security area of a company is supposed to be the most neglected part. It is
important to a regular context aware security system that allows access to
information system, through which the entire traffic within the information
system can be easily and closely monitored.
After improving the physical security of a
system it is important to see the security offered by cloud computing. Once a machine
is re-configured a well-configured machinery can enforce security in the
system.
On a cloud where
information is shared and maintained a server is deployed that check the needs
to be performed for vulnerability check. Data present on cloud can be encrypted
by data protection algorithms and proper encoding procedures. REFEERENCE ITIntegrity of the user’s profile can be
checked with the mistreatment of these algorithms. Attempts can also be
made to reach user’s machine or profile. However qualitative relation of one
user to at least one machine can help in cutting back the risks in cloud
computing platforms. Whenever a specific setting is employed the entire system
is required to be cleaned up from the very beginning and this can be
ascertained by destroying all the residual knowledge after reloading.
Research shows that a number of data security
issues are raised when it comes to cloud computing. Some basic elements of
cloud computing such as platform as a service, infrastructure as a service and
software as a service usually lead to the emergence of such problems. These
issues are usually become more complicated because if the complex
infrastructure USE ANOTHER WRODSbehind the graphics of this system. All these
hardware and software are not prepared by the business organization itself
rather companies buy these services from other resources. There are a number of
service providers in the market that offer such services. They usually make
storage capacity available for their customers where data is maintained and
shared over the company’s cloud, however, other users with malicious intentions
can also invade and make the entire systemless reliable.
In order to maintain a good security system it
is critical to ascertain that the service supplier and security supplier work
together in strong collaboration according to their service level agreement.
The cloud is run at varied instances where the suer has to pay money for every
instant use. REFERENCE ITAND WHAT IS THAT APPROACH ANapproach is elucidated wherein the service provider can
check the integrity of its system through software. This not only
improves the integrity of system but at the same time it also helps in
improving the capabilities of the data security system with the seamless integration of the virtual system. This
results in an improved protection and reduced chances of file loss.
Cloud Computing and
Virtualization
Cloud
computing is one of the most widely known term in the world of Information
Technology nowadays. The concept is significantly getting attention from
authors as well as professionals. The increasing availability of internet usage
has added much worth to this concept as it enables its users to access the
required information from wherever they are, and has added substantial convenience
and productivity in life (Ken, 2010).
History and Evolution
The
origin of cloud computing can be traced back to REFERENCE IT1969 from the idea of Licklider
whose vision was ‘Intergalactic Computer Network’ i.e. everyone in the world is
interconnected and can reach information placed anywhere irrespective of the
distances. Cloud computing has evolved from various stages and the first phase
of its evolution was Grid Computing in late 80s. REFERENCE ITGrid Computing enabled to
access centralized data through integrating different physical resources. REFERENCE
ITNext phase were
Utility Computing and Software as a Service (SaaS). Utility Computing was more
linked with getting the computing servicing from a service provider and
outsourcing where a company hires the services of another company for utilizing
its services for instance website development, data storage, processing power
etc. Similarly, Software as a Service (SaaS) proved to be the third phase, from
where the cloud computing has finally emerged. As the name explains itself, this is
delivering software services from a distant place mainly through web.
Organizations encouraged this form of service from different service providers
and outsourced these software functions due to avoiding the costs of hardware
installations and maintenance. Furthermore, instead of purchasing licensed
software products, the organizations pay monthly charges to service providers that
again brough more cost effectiveness to this method. In addition to the
software access facility, these service providers provide data storage
facilities as well. The organizations transfer their data to outsourced company
and then they access it through internet and different software.
The utility computing and SaaS had
different essential requirements that must have been fulfilled for integrating
these systems effectively in different organizations. Utility computing can
effectively work in business when heap of applications can successfully run on
the system provided. On the other hand, Saas requires more flexibility and
conveniently approachable systems. Another more improved system was needed that
can collectively meet requirements of both of the above mentioned systems more
productively and it was achieved through cloud computing. Cloud computing
combined the critical requirements of Grid and utility computing along with
SaaS and it is more readily accepted in organizations these days.
Different stages of grid computing to
cloud computing are very comprehensively described in the diagram below:
Definitions
Cloud
computing has been defined by a number of authors from different perspective.
Here the most known and accepted definition are stated. In the view of Gartner
(2008) Cloud computing is actually a method of computing in which increasingly
flexible IT related functionalities are provided “as a service” by utilizing
internet and is meant for multiple external customers.
According
to Baun et al (2011) cloud computing refers to utilize distant computing,
through data storage, program processing through internet based technologies to
meet clients’ usage requirements.
Mell&Grance
define the term for NIST (2011), “Cloud computing is a model for enabling easy,
customized network access to a shared pool of organized computing resources
that can be efficiently provided with least managerial efforts and service
provider interaction”.
Types of Clouds
There
are various kinds of clouds and its utilization depends upon its users’
requirements. For instance the clouds used for home user will be different from
an organization’s requirements. Following are the important types of clouds
discussed here:
REFERENCE
THESE SUB HEADINGS
Private
clouds.Thisis the type of cloud that is created for a particular
groups or department and it its access is restricted to that group of people
only. Only one organization is involved in it and it can be managed by that
organization itself or it can be outsourced.
Public Clouds: this type of clouds can
be used by anyone who is a part of that cloud space, authorized to access the
systems keeps the internet connection. This is meant for large number of people
and service companies for instance Amazon.
Community
clouds.A community cloud is the infrastructure where more than one
organization utilizes a common cloud space who has shared security, compliance
and policy requirements. These types of clouds are either managed by these
organizations themselves or they hire the services of a third part.
Hybrid
clouds.Thiscloud model is actually created through the combination
of two or more clouds that keep their individual identity alive, but they are
bound together through identical technological infrastructure that smoothly make
possible the data storage, transfer and accessibility between these clouds.
Data Security Issues in
Cloud Computing
As
discussed earlier, cloud computing resulted by overcoming different critical
requirements of utility computing and SaaS and it offered a lot of connivance
and benefits to its users. But by the time, it is been realized that there are
many data and information security issues associated with it.
When
the data is transferred to service provider for storage purposes, it may be
located at scattered places in cloud. If security breach occurs at any
location, it is not easy to quickly identify that point. This can be more
clearly explained with diagram below:
Some
very significant challenges that cloud computing come across are discussed
here:
Security
investigation.From a user’s
perspective it is very difficult to investigate their security concern in a cloud.
The reason being, one cloud may contain data related to more than one customer
or one customer’s data may be located in more than one clouds. If any unlawful
or illicit activity occurs in a cloud, it is not easy to be investigated.
Data
location.Cloud users have a very little or
no information about exact location of their data. This is because of the fact
that service provider places data in different data centers. This is the reason
that cloud users have no control over accessing that data physically. Some
service providers who operate in different countries can spread that data
across countries as well. This cannot be done by meeting legal requirements of
the respective countries.
Long
term viability.When mergers and
acquisitions occur in some organization then it becomes very critical to
protect and merge information. The customers need to make sure that data
availability is smoothly done. Furthermore, in case of power failure or
equipment faults, service provider need to avoid information security and they
further need to develop some alternative options.
Hacked
servers.Another main issue regarding cloud
computing is, users don’t have physical possession of the information. So under
undesirable situation like server hacking users have to close down their
systems until they start operating back up programs.
REFERENCE
These sub headings
Data segregation.The cloud computing offers a combined
and shred environment to different users. Encrypting the data should not be
considered the only way to deal with segregating issues because there are some
users who don’t encourage encrypted data because at times when encryption
encounters some problem, data gets lost.
Static
data usage.When static data is stored in a simple
device it can be feasibly encrypted but when cloud application are used for
static data storage its encryption become unfeasible. Because of this reason
data is not generally encrypted in cloud applications. As discussed earlier,
one cloud may contain data stored by multiple users and additionally, when this
data is not encrypted also, it exposes it to serious security threats. Encryption
is not the ultimate solution for the security of data over cloud because
sometimes, hackers can also find encryption key that is difficult to be
achieved on standard computers.
Key management.Another main problem about cloud
computing is the key management. In ideal circumstances, data owners should be
responsible for key management but the data owners lack such technical
expertise to manage these keys and they have to share it with service
providers. The service providers provide their services to large number of users
so managing key becomes more risky and complicated.
Data integrity.When the users more and more data into
cloud storage, it increasingly becomes difficult to check data integrity. Due
to data segregated at different places and nodes in different clouds, the user
cannot locate their data exactly. When the user wants to transfer some
information from one cloud to another or simply want to enter a cloud this will
require user’s bandwidth utilization and a lot of time as well. It is extremely
difficult to check data integrity in these circumstances with downloading and
uploading it. The conventional techniques to check data integrity is not very
effective in cloud computing.
Data archiving.Data archiving gives much attention to
storage media. There are two options in this regards, whether or not to provide
off-site storage. In case of providing off-site storage, if the data is stored
on portable storage media and if something goes wrong with this media, the data
will possibly be exposed to leakage. On the other hand, if off-site storage
media is not provided then data availability will be adversely affected. The
storage media and duration needs to fulfill archiving requirements otherwise,
the result will be data security threats.
Data deletion.When a user doesn’t needs the data
anymore, the ask cloud providers to destruct and delete all data. But this is
again not easy to ensure that whether all of the data is deleted or not. If
some data still exists, it can cause disclosure of confidential information.
Potential Security
Solution for Cloud Computing
·
In case of data
verification and storage, it is not easy for users to download all the data
from cloud, verify its accuracy and then again upload it on the cloud as this
process takes too much time and cost. According to Zang (2008) NEC Lab provided
Provable Data Integrity (PDI) solution that meets the requirements of data
verification and checking its integrity.
·
Wang et al (2009)
introduced a mathematical method to check and verify data stored in cloud.
·
In the view of Mowbray
(2009) has put forward a management tool for security issues concerned with
data storage and usage. This management tool provides central control
availability to the users and they can manage the sensitive data and
confidential information in a cloud.
·
It is very critical to
ensure private information protection at the time of sharing data or
information. According to Gajanayake (2011) he has suggested a privacy
protection frame work that is structured on Information Accountability
elements. This frame work enables IA agect form cloud providers to monitor the
users accessing information. He is also able to identify and unreasonable
information usage and deals with it accordingly.
·
Cachin et al (2009)
proposed already known cryptographic tools to ensure the integrity and security
of the data stored in clouds. These tools include: keeping a copy of data at
user’s place, Proof of Retrievability (POR), Proof of Data Possessions (PDP),
Digital Signatures etc.
·
Physical security
backups and certifications can also be a good solution for security issues.
·
Use of supporting
technologies such as security mechanism, confidentiality enhancing
technologies, anonymizationetc can assist in eliminating various security
concerns related to cloud computing.
·
Das et al (2012)
Proposed Private Virtual Infrastructure (PVI) that ensures support and
collaboration between cloud providers and the users to minimize privacy issues
in the cloud. The users are required to protect their infrastructures through
anti viruses and firewalls and inappropriate usage and detection systems etc.
Conversely, the cloud providers are required to ensure secure infrastructure
availability for its users. Both parties, can check each others’ protection
systems and user can verify security measures but actual control over data
remains with cloud provider.
·
Multi Cloud Database
Model (MCDB) is a technique that utilizes more than one cloud to store
information. This model enables to apply multi share technique to different
clouds by imitating data in number of clouds. This uses Shamir’s secret sharing
algorithm technique along with Triple modular Redundancy (TMR). It requires
cloud manage to mange users’ cloud through super cloud service provider.
Summary
It
is a widely accepted fact that cloud computing offer immense advantages in a
company’s operations and many companies are now sharing their data over the
public cloud. However, still there are some business enterprises that do not
opt to move their specific information over the cloud and this is largely
because of immense issues faced by these companies regarding data leakage and
security. This is the reason for which the market size of the cloud computing
has not expanded to a reasonable extent. The primary inhibitor for the adoption
of this technology is the data security problem and many service providers also
find them unable to resolve this issue. The above chapter has provided as
concise analysis of such issues in all stages of life cyles.
This
chapter has discussed some conceptual clarification of the subject cloud
computing. Moreover, its origin and evolution process was explained that was
followed by different security and privacy issues arising by the time. In
addition, this chapter has taken an overview of suggested solution to these
problems.
Cloud Computing refers to the use of computer resources both hardware
and software that are delivered as a service on a given network. Internet
subscription based service provider is used to make the data available to other
people with the help of hardware and software. This process is internet based
so it is more useful than traditional methods of service provision and this
factor became the cause of the popularity of this technology. Only an internet
connection is needed to access cloud based files. For instance when an email is
stored on the cloud the content of user’s folders are actually stored on an
easily accessed internet service. The amount of data that is stored on the
internet is unlimited and thus a lot of information can be stored and shared
over the cloud. At the same time the
maintenance of this process is not very expensive because a third party is
involved in the management of hardware and software that is required for the
development of the entire system. As a result of this the IT cost is very less.
This is the reason for which this process became very famous during a short
period of time and now many companies are trying to adopt it and integrate it
into their system.
Like every technology with its positive aspects, negative aspects also
exist. This concept of time-shared remote services is not new, yet it has
provided many financial and technological advantages. Its infrastructure
involves some of the technologies and services that have already been tested
and proved to provide security.
The main concern associated with network is the security of data and
resources shared. Likewise, there are also some security issues regarding data
storage on cloud.
Cloud computing has some major issues associated with it like data
security and privacy, expectations and trust, regulations and performance
operation issues. In this research we will take into account the major security
issues in cloud computing.(Weis &Alves-Foss, 2011).
Cloud computing is very economical in the sense it is suitable for every
scale of business. It provides the major advantages as under.
1.
Flexibility is Limitless
2.
Reliability and Security is Better
3.
Collaboration is Enhanced
4.
Portable
5.
Devices are Simpler
6.
Storage is Unlimited
7.
Access to lightning quick processing power.
In spite of the fact that Cloud Computing is very useful, it still have
some major security issues associated to it. This is the major threat it has
because many insiders may move into the cloud and mismanagement of data may
occur. The services may fail that’s why many companies has diverted their
attention to this threat. (AlZain, Soh, &Pardede, 2012).
Current
Problems
Confidentiality preservation and data integration are the main problems
in facilitating cloud computing. It can be overcome by data encryption but
encryption can again involve many other new problems. Below is an overview of
the main issues associated with Cloud Commuting.
Trust is the backbone of every business. The customer is not sure about
the service provider whether the data management is trustworthy and there are
no insider attacks. This has diverted the attention of many companies to this
issue. There is one and only legal document that states the agreement between
the customer and service provider Service Level Agreement (SLA). But
unfortunately there is no clear format defined for SLA and the customer is not
aware of the fact that it will need the services at later stages. (Weis
&Alves-Foss, 2011).
Data Security Issues
One important data security issue faced by a company can be mingling up
of its data with another’s company’s information. Other related cooperate
entity can also have access to this data. In such a situation it becomes hard
to show whether or not the company has possession of this record or it is under
the obligation of protecting data. At the same time specific issues arise when
the cloud computing intends to share data across different countries because
legal the provider has to face issues presented by different jurisdictions. In
such a situation it becomes hard to keep track of data and understanding of
rules as regulations regarding to protection of data becomes also complex
(Jaeger, 2009).
Data security becomes an issue for companies that share their data
through cloud computing. It is therefore important for companies to take into
account the policies and procedures of people who are involved in the provision
of these services. Those companies that offer protection and ascertain that
their data will be safe must be preferred.
No borders:
Cloud does not have borders or boundaries that can become a biggest
threat for the companies that share data of their employees. These computers
can be located anywhere from the world through ICT network infrastructure.
However, there is an option for the companies to choose certain availability
zones in order to minimise the chances of leakage. By utilizing this option,
companies can reduce their sharing zone.
Legal issues must also be considered as there are many regulatory requirements,
data security and privacy laws that cloud system is bound to follow for data
protection. But the main issue is that these laws vary from country to country
and also the customers do not actually know that where the data is centrally
located.
Example
A report is released by CSA on the issues presented to companies through
cloud computing that shows how legal problems can arise when someone tries to
hijack the data of a company. Hackers can access data that not only create
problems for the service providers but at the same time it can also create a
great deal of issues for the company that receive the services of these
providers. Hijackers can easily see the transactions and activities performed
by a company and can use them for their very own benefits. In this context, CSA
report presents the example of Amazon.com 2010. The information of this company
was hijacked by attacker XSS that tried to overcome the activities of the
company and receive immense financial benefits for this illegal activity
(Samson, 2012).
There is a need to find an appropriate agreement for cloud computing and
for that purpose appropriate statuary provisions are already in demand. In this
context, US federal trade commission took a decision regarding the statuary
adjustment, but the problem is that the market for cloud computing is very
limited and still it is difficult to recommend and appropriate framework for
data protection.
Confidentiality means avoiding unnecessary disclosure of information. Confidentiality
is preserved in cloud system since information is located on a remote location
so the service provider has full access to it. So there must be some technique
that preserves the confidentiality of data in cloud. One such technique is data
encryption but that too has many issues associated to it which will be
discussed later on.
Integrity means the correctness of data. Maintaining integrity is
another major issue handled by data encryption. There may be multiple users
that have access to a database. The users may have different level of their
rights. Some may have limited rights, but sometimes a user with limited access
may want to access the outcomes ensuring data integrity (Weis et al., 2011).
Encryption
Encryption is a technique used to resolve the major issues of cloud
computing like maintaining confidentiality and data integrity but it still has
its own issues. It consumes a large amount of power that is even more enhanced
in case of databases. Cryptography affects the operational performance of data
bases because each time you run and execute a query decryption of data occurs
and as main operation with databases is running queries, decryption greatly
increases (Weis &et al., 2011).
To achieve optimum utilization of available resources thereby decreasing
cost, cloud systems share hardware and software resources, storage location and
services between number of customer application is known ad multi-tenancy.
Sharing resources among multiple customer applications does not maintain
confidentiality of data. To have a
strong check over data flow each customer must be analysed with isolation which
make multi-tenancy model insecure for implementation.(Behl & Behl, 2012).
Some multi-tenancy issues are as under.
In cloud computing the data and applications are located centrally on
virtual machines. The applications are also run on server computers with
virtual machines. Researchers have analysed that virtual machines can be
malicious and it may attack other virtual machines on the cloud.
In case when a virtual machine proves to be malicious, the legal
authorities that can be the service provider or other legal authorities are
forced to block the entire server. This would cause disturbance to users on
server. They may not access the data.
Another issue involved in cloud computing with respect to hardware is
that this system deals with the sharing of resources. It is also possible that
the information flows from one processor core to another processor core. That
means an application running on one core may have access to the application
running on another core processor. Data may pass among processors so security
is not ensured.(Weis &Alves-Foss, 2011).
Conclusion
In the above discussion several security issues regarding cloud systems
are explained. There may be some undiscovered issues on which researchers are
working and that will be disclosed when this technique will be practiced even more.
The major issues that must be taken into account is the proper
implementation of SLA. The format must be made clear and it must document all
the services and the processes the service provider is offering. In this way
insecurities will be eliminated and cloud computing will flourish even more as
u usable technology.(Weis et al., 2011).
Cloud computing can be made effective by adopting data encryption bt
data encryption is expensive method for maintaining security. Research should
be done to manage encryption at economical level and more efficient methods
must be adopted to enhance the pace of cloud systems.
Research methodology
The research methodology of this paper aims to
gather relevant data through specified documents through which analysis of
materials can be done. This analysis helps greatly in reaching a specific
conclusion regarding the issues faced by people in relation to data security at
cloud computing.
The research will shed light on following
questions:
What effects data sharing has on security of
people?
What can be done to stop unwanted information
sharing?
The present research paper intends to highlight the importance of cloud
computing and the issues faces by people in relation to this method of data
sharing. The paper has provided introduction about the way cloud computing
became famous and how people utilised it to share data on public computers so
as to make the entire system work in an integrated fashion. Problems that have
been associated with this cloud computing have also been discussed and it is
seen how unwanted data sharing create issues for people. A detailed literature
review about all aspects of cloud computing has been developed and importance
of this process is discussed.
Literature review section of this paper has been developed by consulting
the work of various authors in this field. Valuable sources have been consulted
regarding the issue of cloud computing. This part of the paper has given a vast
amount of data about the importance of various factors associated with cloud
computing. However, while writing the literature review it has been observed
that the available literature is not self-sufficient in providing vast amount
of information about the data security issues and their possible solutions.
Research articles, periodicals and other documents that have been
selected for this paper carry a great deal of importance because they are
selected on the basis of some standards that ascertain the authenticity of
information obtained for the paper. For this purpose inclusion and exclusion
criteria have been set and these are:
Inclusion Criteria
1.
Research articles
based on studies of the researchers in this field
2.
Peer reviewed
journals, articles, periodicals and books
3.
Articles written in
English
Exclusion Criteria
1.
Abstracts only
2.
Articles present on
websites that are not authentic
3.
Articles written
language other than English
The literature review has provided detailed information about the issues
faced by various people in relation to data sharing on cloud computers. This
literature review has also helped in comparison of the past and present studies
that have been done in the same field by various authors. In this way an
insight have been developed about the future that shows how well techniques
used to share data will be applicable in the future.
The trend identified through the present studies can be successfully
utilised by various organizations that intend to protect their system and want
to screen themselves from data leakage through cloud computing. Such research
papers have more implications for people who are involved in the business of
cloud computing or who want to do this in the future. At the same time,
engineers, technicians and other people involved in programming can also get
immense advantages from this research as they will come to know the problems
faced by people when they want to share their data on computers and stop to do
this because of unwanted sharing security concerns.
Literature Review
Although
the dissertation may seem like simply gathering information about the present
topic but his process is important in creating an understanding about the issue
and for that purpose both exploratory and descriptive researches have been
utilised.
Exploratory
Research
Exploratory
research is done initially because there was no idea about the way information
is going to be collected. There was not starting theory or hypothesis about the
present research. In fact the researcher did not know where to start the
problem. Initially exploratory research has been done just to collect
information about the issue and develop an understanding about this phenomenon.
This process is just similar to data mining and it does not always lead the
researcher to the results. But the benefit of doing this research was it gave
better idea about the way people face this problem and try to solve it through
various means.
Descriptive Research
Along
with exploratory research, descriptive research has also been done that
provided a method to get information about a specific issue or problem. Some
measurements are done to collect information and finally a picture is collected
that gives provide a picture for the present topic.
Quick
Google search has been done to reach the data about the issue and this is an
important process as it can give as many as one million results when the
keywords are fed in the search bars. This search showed that a variety of
papers have been written in this field and researchers are already familiar
with this subject. They are also aware with the methodologies and theories
assuming that readers are familiar with the issue.
There
were immense amount of articles and documents that are present on the web
regarding the cloud computing and data security issues related to it. But
random search can make the entire process very time consuming and tedious.
Therefore, one needs something upon which the foundation of work can be built
up. Therefore, the introduction chapter was done before any searches so as to
understand the research questions and the aim of the present paper.
In
this context, text books and research articles have proves to be very helpful in creating awareness
about the topic. Sometimes, even they turn out to be very technical as if
someone cannot find one exactly related to the material that is being searched
a great problem can be created. For this purpose, research journals and
websites have also been consulted to start with the topic. The main idea was to
gain broad and quick background information before getting into complex details
of this topic.
Research Type
The research used to analyse the opinions of different authors is of two
main types:
Qualitative research
Quantitative research
As the paper intended to collect detailed information about the process
of information sharing and data security issue regarding cloud computing so
both qualitative and quantitative research methods have been utilised in this
paper. These research methods are of great importance in studies that require
analysis of the work of various writers about the topic
Quantitative research helps in gaining understanding about the reasons
and motivations about a particular issue. This is also a very good method that
aids in generating ideas and hypothesis that can be used in later qualitative
research. In this way prevalent trends in the thoughts and opinions of various
authors have been analysed and it is seen what they think about the issue.
However, exploratory findings that are obtained as a result of
quantitative search are not complete and generalization cannot be made in the
results of these findings. But even then this helps in the development of
understanding and sound base for further research.
In order to make the qualitative researchmore useful and applicable qualitative
research has been applied for the present study. This research is also helpful
in generalization of results of the given samples.
Quantitative research has proved to be very helpful in measuring
different views, opinions and ideas of people who have been associated with
this research. This research helped in exploring the findings obtained for
qualitative research and finally the process of drawing conclusion from the
available information became easy. In the end a final course of action for
people involved in this research has been devised.
Findings
Cloud computing provide 24 hours availability trough all devices and
browsers. Now it has become easier to access data through cloud computing that
was not very convenient before. But this process has its own security threats
are not even fully understood as yet.
Sometimes, it becomes hard to understand the way IT services are
delivered over cloud computers because they change the entire model of the
service delivery. Sometimes, the loss of control of infrastructure happens in
case of some organizations that do not know how to use these services. At the
same time, the exploitation can also occur from the side of the service
provider. These providers usually present their services to be very attractive
and useful and also offer a free trial for the users. But anonymous sign ups
happen during the trialperiod and finally issues such as lack of validation,
ad-hoc services and loss of control are encountered that put the user in a
situation that is highly vulnerable.
The above literature review has shown that data security becomes the
issue of great concern for various companies that employee the procedure of
cloud computing in their systems. Companies that are involved in application of
cloud computing procedures need to evaluate the capacities and services offered
by the providers in order to ascertain that sufficient data security is
maintained in the entire system. For this purpose the lawyers and company’s
information technology professionals must understand the ways and means through
which they can develop a system that can ensure the security and integrity of
their company’s data.
Data security issues are also encountered by people because of
unreliable service providers who share company’s information over other
company’s cloud because of which this information does not remain secure.
Companies that do not seek a reliable provider or those that do not consider
all these things while finalizing their contracts often face such problems very
frequently. Administration of the company, its legal department and every other
person involved in the process should understand the requirements of the
company and must also suggest measures to save the data of the company.
From the above research paper it is clear that cloud computing has
received fair share of its attention in the last few years and this is evident
from the fact that vendors are gathering plenty of technology to ease the
process of data sharing on a company’s cloud. However, greater cloud related
threats have made it impossible companies to take advantage of this technology.
Many companieshave
identified that key threats related to cloud computing that are usually related
to on-demand shared nature of cloud computing. Before installing a proper
system in a company there is a need to take into account thethreats posed by the
system to the data security of a company.
For example in some cases, side channel copy right information is used
to extract the private copyright keys that are in use on the VMS of the same
server. Usually people with malicious intentions does not need to go to such
length because in most of the cases, a small flaw does would allow the hacker
to have his reach to the data saved by the client over cloud computing.
Data security issues are not only observed by the companies in relation
to their clients who design these cloud computers but at the same time, other
threats can also be there that include the threat of legal issues faced by the
company that design these application to be used by other organizations.
Another biggest threat in case of cloud computing is data loss that can
happen anytime if flaws are there in the application. These data security
issues can create serious hassle for both the client and the service provider. There
are chances that data can be lost without leaving a single valuable trace.
Hackers can simply delete the data to create problems for the organization that
is using it. This kind of disaster is not less than any other problem including
fire, flood or earthquake.
There are some techniques that can be employed to keep this data safe
but sometimes the measures that are brought in place to keep this data safe can
enhance other problems as well. For instance, many service providersencrypt their
data to fight the leaking issues but if he loses his encryption key several
other problems may emerge.
Many cases are there in which data loss has threatened the relationship
of service providers with that of the client. Sometimes measures that are put
in place to mitigate one issue can give rise to the other. At the same time
data loss causes a great deal of issues for those who want to maintain stable
relationships with their clients. Some companies make it legally imperative for
the service provider to keep the data safe but if this demand is not met then
legal issues can also be faced by service providers.
The available literature and research have also highlighted another
threat to the data security. For instance if a hacker gets control over the
data of a company he can easily see the transactions conducted by that company.
He can return falsified information and can also manipulate data for his own
benefits. In this way, he can redirect the clients of the organization to some
illegitimate sites that can create serious problems for the company and can
also deteriorate its reputation. These hijackers frequently launch subsequent
attacks to further damage the reputation of the company.
Useful measures taken by the service provider can help the company to
save its key credentials. Business organizations must stop the account
credentials sharing between the user and the company. Along with this, a strong
two-cantered authentication technique should be used.
Conclusion
Cloud computing is the type of computing that largely relies in resource
sharing after which the need of personal devices for the purpose of handling
applications diminishes. This process is used in relation to the high computing
power that makes it useful for research and military purposes. Cloud computing
uses a network of a large group of servers that use low-cost computers that
help in specialization of connection and spreading of data. Large pools of
interconnected system is employed in cloud computing and various virtualization
techniques are used in it that help in maximization of power.
The above paperhas shown that cloud computing offers users a hugenumber
of commercial benefits. Flexibility in operations is achieved with the help of
data sharing over the cloud of a company. The process is cost efficient through
which data is placed over the cloud according to the actual requirement of the
company by the service provider that work after taking a fixed fee. Service
providers provide the ICT resources that are required for the company and sale
their services to a huge number of users. The operation of ICT resources is
also easily adjusted according to the change in the needs and requirements of
the user. Because of its immense advantages, cloud computing remains to be a
useful tool that is being seriously employed by many companies to reduce the
cost of their operations.
Implementation of cloud infrastructure and the use of this technique in
business have presented some unique security concerns to both user and provider
of these services. The relationship between underlying hardware and the OS
changes with the use of cloud computing. There is a need to ascertain that the
data is properly configured, saved and managed to maintain security. Some important
security threats to cloud computing may include the potential to compromise
hypovisor or virtualization software provided by the company. The above defined
concerns related to cloud computing seems to be theoretical but they do exist
in various situations.
There are a huge number of issues related to data security on cloud
computing and to address these issues it is important to identify the origin of
threat and then bring mitigation techniques in place. This problem cannot be
addressed very easily without a useful and effective support system. This is
the reason for which cloud computing is emerging as a new discipline of cloud
security, network security or information security. This is a complicated field
that has numerous challenges and it is not easy to fight these challenges. Many
kinds of security techniques, policies and a complete infrastructure is
required to fight this issue. Associated infrastructure of cloud computing can
help save the threat presented by hackers and hijackers.
These issues are usually encountered because of the standards used in
creating the infrastructure and data-sharing are not fully defined because of
which many companies have defined their own cloud computing technologies. Some
companies offer open standards and open resource while some others provide
entirely different services.
The above paper has highlighted a broad range of issues faced by service
providers and the companies that use cloud computing to share their data. These
issues can be broadly categorised into two categories:
1-
Problems faced by
providers of services
2-
Problems faced by the
companies that use this infrastructure
It is supposed to be the duty of service provider that the user gets the
infrastructure that is secure and useful. The infrastructure should be designed
in a way that the data related to the company and its client should be kept
safe. Along with this, it is the duty of the customer-company to ascertain that
the data application of the client is protected properly.
Recommendations
The use of cloud computing must not change the way through which a
company uses and shares it data. No matter where the data resides the company’s
administration must be aware of the information that is shares and must also
become aware of the legal and geographical elements that govern this
information sharing. Company’s administration must also understand how
information is developed, stored and shared over the cloud. Administration must
also understand the ways and means through which it can develop a system to
maintain confidentiality.
WRITE THE FOLLOWING
RECOMWNDATION IN PARAGPHS
LDAP is another directory
access protocol that can be used by smaller items of code. It is a useful
approach to buffer the entire system of an organization against any kind of
attacks from the hackers because it aids in identifying and locating people,
organizations and also alternative files obtained from other network. Virtual
system patterns are used for automation of files during a cloud setting. These
systems are quick and repeatable and can be used in planning of economic
virtual system. All the existing security polices can be buffered with the help
of LDAP servers and existing security. This allows user to manage the intervals
of infrastructure.
There is a need to capture
sufficient data when information is placed over the cloud. This data may
include the name of the person who created information and the purpose of
creation. Then a useful system should be designed to govern this information
properly.
The company must also know
each and everything about the service provider and the way they conduct their
activities. A contract should be written between the service provider and the
company to ensure that data remain secure and data privacy requirements are
met.
There are certain items that
must be taken into account before finalizing such contracts and these are:
The company must have control
and ability to direct the actions of service providers.
The service provider should be
willing to comply with the directions of the company’s administration.
Service provider must produce
data with sufficient speed and also conduct its activities in a timely manner
so as to meet the requirements of the company.
The company that buys the
services of a provider should have the right to access the data in an easy and
understandable format.
The company must inquire about
the format in which data is going to be distributed within the organization
including whether or not metadata will be intact.
The provider must be asked to
save data from destruction and leakage and should reproduce it as early as
possible in order to meet company’s demands and obligations.
The provider of a company must
understand that he has to comply with the directions of the company at the same
time he must keep hold on the legal issues faced by the company.
Transparency is an issue that
must be considered at an initial stage. Transparency of information must be
there in order to ascertain that provider does not co-mingle the data with
another company’s cloud.
Before finalizing a contract
it is important to take into account the cost of the production at the same
time, the fee of provider must also be taken into account in order to save the
contract from failure.
Legal issues must also be kept
in mind and for that administration of a firm should understand how data
production can be maintained in compliance with the international privacy law
or transfer law of a country.
Ownership of the data must be
maintained and contract should state how the data can be kept safe.
There are many internet cloud
computing services that offer technical benefits to the company involved in the
usage of these services. These companies can help in the improvement of
security of the entire company and making it useful for the storage of data. In
the end the user can get maximum security with minimum threats of leakage of
information.
AlZain, M.,
Soh, B., &Pardede, E. (2012). A New Approach Using Redundancy Technique to
Improve Security in Cloud Computing. IEEE.
Behl, A.,
& Behl, K. (2012).An Analysis of Cloud Computing Security Issues. IEEE,
109-114.
Gartner
(2008) Gartner says Contrasting views on Cloud Computing are Creating
Confusions. Gartner press release, 29 Sep 2008.
Erwin
L., 2011, toward transparent heterogeneous cloud storage platforms, Royal
institute of technology, Stockholm.
Samson,
2012, 9 threats to cloud computing security, Info world.
Ken
O., 2011, Converged infrastructure, Techtoforum.com
Ryan
L., Peter J., Dung B., 2011, trust cloud: a framework of accountability, IEEE
cloud forum of practitioners, Washington.
Hsi
W., 2011, conceptual framework of cloud computing governance model, IEEE
technology and engineering application.
Wang, C., Wang, C. Ren, K., and Lou, W.
(2009) "Ensuring Data Storage Security in Cloud Computing," in
Proceedings of the 17th International Workshop on Quality of Service: 1-9.
Zang,
K. (2008) "Publicly verifiable remote data integrity," In: Chen LQ,
Ryan MD, Wang GL, eds. LNCS 5308. Birmingham: Springer-Verlag,. 419.434.
Gajanayake,
R., Iannella, R. and Sahama, T. (2011) "Sharing with Care an Information
Accountability Perspective," Internet Computing, IEEE, vol. 15, pp. 31-38,
Das,
S., Kant, K. & Zhang, N. (2010) Hand book on Securing Cyber-physical
Critical Infrastructure, Waltham: Elsevier Publication
Cachin,
C., Keider, L. &Shraer, A. (2009) Trusting The Cloud. IBM research, Zur
Search laboratories.
Mowbray,
M. (2009) The fog over the Grimpen Mire: Cloud Computing and the Law. “Scrpited
Journal of Law, Technology and Society”
Baun,
C., Kunze, M., Nimis, J. & Tai, S. (2011) Cloud Computing: Web-Based
Dynamic IT Services, New York: Springer
Mell,
P., &Grance, T., (2009).The NIST definition of cloud computing v1.5.
Retrieved from the NIST website:
http://csrc.nist.gov/groups/SNS/cloud-computing/
Jaeger T.,
2009, Where is the cloud, geography, economics and jurisdiction,
firstmonday.org.
·
Lombardi F, Di Pietro R – Secure
virtualization for cloud computing, 2010
·
LDAP and Cloud: