According to Ali, Khan and Vasilakos (2015), Cloud computing can be defined as the practice of using remote servers hosted on the internet to process, store and manage applications, data rather than managing it on the local servers. It helps the users to have better accessibility, processing speed and storage space than using a local server or hard drive. With all this advantages there are some drawbacks related to the user’s privacy and security of the data stored on the cloud.
The following report contributes to the information about the cloud computing, different cloud models, new technologies that are used in the cloud computing, security issues and threats related to cloud computing. In addition to this, the possible solutions for the security issues and threats related to the cloud computing is also discussed in this report.
The cloud computing is the most exciting computing paradigm in today’s IT industry. It helps the user or clients to conveniently access a centralized pool of computational resources. This kind of computational resource management helps the users to reduce the overhead of managing the resources and efficiently use the available resources on demand (Chandramouli, Iorga & Chokhani, 2014). For all this benefits of cloud computing the global computing infrastructure is moving towards the cloud based infrastructure.
With all this tremendous advantages, flexibility and robustness of the services that are provided by cloud architecture; there are several risks with the data security and privacy of the users (Garg, Versteeg & Buyya, 2013). While using the cloud based computing resources, most of the business data or say sensitive data of the users are stored into the remote server. Hence the main concern of the users is about the security of the data that are stored into remote servers. Other security concerns of the users include the following issues,
The main components in a cloud are the data center and related hardware’s.
Public cloud: When the services are available for the general people in pay as you go manner, then it is called the public cloud model (Chandramouli, Iorga & Chokhani, 2014).
Private cloud: When the cloud resources and the data centers are available only for a business or an organization then it is called private cloud.
Depending on the architecture or the services provided by the clouds it is caatagorized into three models these are IaaS (Infrastructure as a service), SaaS (Software as a Servivce) and Paas (Platform as a service).
Software as a service (SaaS): In this model the clients or the users have the ability to use the applications that are executing on a cloud infrastructure. User can access these applications by using a thin client interface such as web-browsers.
Platform as a service (PaaS): In this kind of cloud services, the user developed or acquired applications using different libraries, programming languages, and tools are deployed on to the cloud infrastructure (Toosi, Calheiros & Buyya 2014). In this kind of services, user does not have control over the cloud architecture (this includes operating system, storage, network, servers etc.), but have control over the deployed application and its configuration. In order to easily manage and scale the requirements of the applications, PaaS model provides a predefined arrangement of application servers and operating systems such as LAMP (Linux, apache, MYSql and PHP).
Infrastructure as a service: This service model enables the user or the client to have control over the storage network, operating system and other computing resources so that they can configure and assign different resources according to the requirement of the application (Garg, Versteeg & Buyya, 2013).
While deploying the cloud services it mainly includes a grid of computers that are used by the service providers to serve the clients request for executing applications and processing of data. The mechanism of the cloud technology can be explained using two layers of the whole architecture (Ali, Khan & Vasilakos 2015). One is back end layer and another is front end layer. The front end layer is the interface for the clients or end users. As an example it can be stated that, when a user accesses their mails then they are interacting with the front layer of the architecture.
On the contrary the back end layer of the cloud architecture consist of the hardware and software components that fuels the activity of the front end layer.
With the increasing popularity and adoption of cloud services, there are some challenges that are arising with it (Chandramouli, Iorga & Chokhani, 2014). These challenges mainly include the issues related to the support and cost, reliability of the services and security of data, performance of the cloud services and flexibility of it of the services.
Support and cost of the services: The business organizations and individuals using the cloud based services are afraid of the fact that the valuable organizational data will stored outside the corporate firewall. If hackers or intruders have access to the cloud infrastructure then it would affect the data of multiple clients even if only one site is hacked by the hacker (Chandramouli, Iorga & Chokhani, 2014). Therefore, the issue of data integrity and confidentiality of the sensitive data on the cloud storage is most important for the end users.
Another most common challenge faced by the users of the cloud services is lack of technical support and management of the service at the time of migration to the cloud (Garg, Versteeg & Buyya, 2013). While picking a cloud service provider, it's important to realize that, the administration conveyed will offer scalable adaptability so that the client or end user can carry on with their core business processes without agonizing over the day to day operations related to the database or application management.
Reliability of the service: In case of reliability of the service it is important for an organization or a business organization to properly understand the service level agreement (SLA). Since it is observed that, some provider’s guarantees 100% uptime and it will reimburse the client if there is any downtime in the service (Ali, Khan & Vasilakos 2015). Therefore, it is advised to the potential clients to try out the services before they commit to the service. This will ensure the clients that if any server is lost at any time then; the service provider will manage and compensate for the down time.
Performance and flexibility: Numerous business organizations concentrate on what they require now, as opposed to what they require later on while selecting the cloud service provider (Garg, Versteeg & Buyya, 2013). In most of the cases, execution at last winds up being higher in the cloud on the grounds that there is more accessibility and scalability.
For other cases it is observed that the performance is less than a traditional local server. Hence for better performance it is suggested to use the cloud services with hybrid architecture to have better uptime and accessibility by the users.
There are different security issues with the different cloud models (PaaS, IaaS and SaaS). Some of them are discussed in the following section.
Virtualization: Virtualization allows the users to migrate, create, copy and share and roll back virtual machines so that the users can run their developed application on the cloud architecture (Ali, Khan & Vasilakos, 2015). Therefore, this extra layer introduces new security vulnerabilities to the cloud services.
Virtual machine roll back: virtual machines can be rolled back or restored to their previous states if any error happens in the services. In some cases rolling back of virtual machines can create security vulnerabilities by empowering the obsolete user accounts.
Underlying infrastructure issues: In case of developers, they do not have access to the underlying infrastructure layers (Chandramouli, Iorga & Chokhani, 2014). Even when the application developers have control over their application, they do not have control over the environment and assurance that the environment is secure.
Data security: In information technology, the data security is the common concern for the users and it becomes more fatal in case of data stored and processed in cloud architecture. In case of cloud the data is processed into plaintext stored in the cloud (Garg, Versteeg & Buyya, 2013). In this case the service provider is the only one entity who is responsible for the security of the data. In addition to this, if any disaster happens, then lack of data backup policies also introduces security concerns for the users of cloud services.
To mitigate different security risks there are several technologies that can be used to mitigate different security risks of cloud computing.
Firewalls and intrusion discovery frameworks are normal devices that are utilized to confine access from un-trusted sources and to screen the malicious exercises on the cloud architecture (Toosi, Calheiros & Buyya 2014). Additionally Security Assertion Markup Language (SAML), authentication mechanisms and eXtensible Access Control Markup Language (XACML), can be utilized to control access to cloud applications and computing resources.
Encryption technique: Even though the encryption is not a new technology to protect the data from hacking and intrusion of the attackers, still it is considered as a most effective way to protect data in cloud storage. It is done by using encryption keys. One is used to encrypt the data and another is used to decrypt the data (Ali, Khan & Vasilakos, 2015). In an advanced way, the change of keys in regular intervals is also effective in better data protection on the cloud storage.
Message signing: The mechanism of message signing is used to authenticate the client. In this authentication method the unique entities like SecretKey, VendorID, and SecretKeyID are used.
While analyzing the research papers there are some parts that are not addressed adequately and hence it is remains vague due to the lack of clarification about the idea. Like the research papers has not properly addressed the different intrusion techniques and how they intrude into the cloud storage. In addition to this, the mechanisms to manage the security and privacy risks in different cloud models are not provided in the research papers.
After analyzing the research papers the following research questions are structured,
Cloud computing is one of the exciting technologies due to its cost effectiveness and flexibility provided in the services. There are different architectures based on the services provided by them. The data centers are used to store the data of the applications and users. To develop a better security framework it is suggested to install a trusted monitor at the cloud server so that it can audit the different operations on the cloud architecture. It is more important to put in place the SLA (Service Level Agreements) while dealing with the outsourced service providers. Cloud computing is a technology that can change the economy and scenario related to the data centers but, before that the issues related to the different security standards and compatibility must be addressed so that the potential users can have the confidence to move their sensitive data and application on the cloud.
Ali, M., Khan, S. U., & Vasilakos, A. V. (2015). Security in cloud computing: Opportunities and challenges. Information Sciences, 305, 357-383.
Avram, M. G. (2014). Advantages and challenges of adopting cloud computing from an enterprise perspective. Procedia Technology, 12, 529-534.
Chandramouli, R., Iorga, M., & Chokhani, S. (2014). Cryptographic key management issues and challenges in cloud services. In Secure Cloud Computing (pp. 1-30). Springer New York.
Garg, S. K., Versteeg, S., & Buyya, R. (2013). A framework for ranking of cloud computing services. Future Generation Computer Systems, 29(4), 1012-1023.
Hamlen, K., Kantarcioglu, M., Khan, L., & Thuraisingham, B. (2012). Security issues for cloud computing. Optimizing Information Security and Advancing Privacy Assurance: New Technologies: New Technologies, 150.
Jadeja, Y., & Modi, K. (2012, March). Cloud computing-concepts, architecture and challenges. In Computing, Electronics and Electrical Technologies (ICCEET), 2012 International Conference on (pp. 877-880). IEEE.
Jain, R., & Paul, S. (2013). Network virtualization and software defined networking for cloud computing: a survey. IEEE Communications Magazine,51(11), 24-31.
Khan, A. N., Kiah, M. M., Khan, S. U., & Madani, S. A. (2013). Towards secure mobile cloud computing: A survey. Future Generation Computer Systems, 29(5), 1278-1299.
Malik, A., & Nazir, M. M. (2012). Security Framework for cloud computing environment: A review. Journal of Emerging Trends in Computing and Information Sciences, 3(3), 390-394.
Puthal, D., Sahoo, B. P. S., Mishra, S., & Swain, S. (2015, January). Cloud computing features, issues, and challenges: a big picture. In Computational Intelligence and Networks (CINE), 2015 International Conference on (pp. 116-123). IEEE.
Rahimi, M. R., Ren, J., Liu, C. H., Vasilakos, A. V., & Venkatasubramanian, N. (2014). Mobile cloud computing: A survey, state of art and future directions. Mobile Networks and Applications, 19(2), 133-143.
Ruj, S., Stojmenovic, M., & Nayak, A. (2014). Decentralized access control with anonymous authentication of data stored in clouds. IEEE transactions on parallel and distributed systems, 25(2), 384-394.
Toosi, A. N., Calheiros, R. N., & Buyya, R. (2014). Interconnected cloud computing environments: Challenges, taxonomy, and survey. ACM Computing Surveys (CSUR), 47(1), 7.
Wei, L., Zhu, H., Cao, Z., Dong, X., Jia, W., Chen, Y., & Vasilakos, A. V. (2014). Security and privacy for storage and computation in cloud computing.Information Sciences, 258, 371-386.
Yang, K., & Jia, X. (2012). Data storage auditing service in cloud computing: challenges, methods and opportunities. World Wide Web, 15(4), 409-428.
Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation computer systems, 28(3), 583-592.
MyAssignmenthelp.co.uk believes that years of experience and high success rates have become the main reasons why students prefer our essay help services over others. It’s been a decade now that we have been helping students by providing the best quality essay writing services. Thousands of students have got benefitted from our essay writing help services. Each of them appreciates the quality of the paper they receive as well as the prices of our services. No other essay help provider can offer high-quality at such low price.
MyAssigmenthelp.co.uk really nailed my assignment. They managed to deliver it on time even though I needed it in a day!
I need an English essay on the Romantic Age, but I didn't have much to spend. These guys did my essay at very cheap prices without affecting quality!
MyAssignmenthelp.co.uk really impressed me with the quality of the dissertation they delivered. It was absolutely flawless!
I thought I would not be able to get help for my epidemiology assignment anywhere but I got that with MyAssignmenthelp.co.uk, and it was a brilliant paper.
Honestly, guys, choose MyAssignmenthelp.co.uk the next time you need a paper. These people have simply the best writers in their team.
I never thought I would ever get an A grade on one of my assignments, but MyAssignmenthelp.co.uk made that dream come true!
I am really happy with the services I received from MyAssignmenthelp.co.uk. The paper was top notch and submitted on time.
Seriously, I think it's impossible to find even a single error in the assignments provided by MyAssignmenthelp.co.uk. I've ordered several, and each of them has been flawless!
I got the most amazing nursing case study I could have ever asked for! I am definitely ordering all my future assignments from here.