logo

Security and Privacy Issues and Prevention Methods in Cloud Computing

4 Pages4001 Words93 Views
   

Added on  2021-06-17

Security and Privacy Issues and Prevention Methods in Cloud Computing

   Added on 2021-06-17

ShareRelated Documents
Security and Privacy Issues and Prevention Methodsin Cloud Computing A. AuthorITC595 MIT, School of Computing & Mathematics, Charles Sturt Universityauthor@first-third.edu.auABSTRACTThe present paper focusses on the privacy andsecurity issues in the cloud computing technology and theirprevention methods. It is an innovative technology, whichprovides remote storage facility. It means that the small andmedium organization do not have to invest in infrastructuralfacility to store the vast amount of data. However, there areseveral issues related to privacy and security of the businessorganizations. The users have to save the information at a remotelocation and they do not have any control over the storage.Therefore, the security and privacy breach is possible. Moreover,it is a multi-tenant facility, which means that the users have toshare the resources with multiples users. It means that varioususers have the access to the same resources. Therefore, slightnegligence can result in serious breach of the data.Keywordscloud computing, SaaS (Software as a Service),Cloud Platform as a Service (PaaS) and Cloud Infrastructure as aService (IaaS)INTRODUCTIONThe cloud computing is an innovative technology, which canbe used to improve the computation services and storagecapabilities. The cloud technology has generated a significantlevel of interest in academia and business leaders. It is based oneconomic utility model by creating existing approaches ofdistributed services, applications and information infrastructure(Chen & Zhao, 2012, March). Cloud computing is an importantparadigm, which can be used to reduce the cost by increasingthe operational and economic efficiency in businessorganizations. Cloud computing is focused on increasingcollaboration, agility and scale of operations to create a large-scale computing model. Most of the small and medium-sizedbusiness organizations have also realized the importance ofcloud computing to access complex business applications andenhance the computing resources of the organization. Thecloud computing has three service models, namely, Cloudsoftware as a Service (SaaS), Cloud Platform as a Service(PaaS) and Cloud Infrastructure as a Service (IaaS) (Takabi,Joshi, & Ahn, 2010). There are four deployment models,namely, private cloud, community cloud, public cloud andhybrid model. The cloud computing has several benefits overthe traditional storage software. However, one of the biggestbarrier in the adoption of cloud computing is security concerns.There are several issues related to privacy and security of theinformation, which prevents the users in accessing thisinformation. Research Problem The cloud computing is the cost-effective and efficientinfrastructure for the business enterprises. However, there areseveral security and privacy concerns associated with the cloudservices. Further, the deployment of cloud services is not assafe as claimed by the cloud vendors. In the past years, therehave been a number of accidents, which have showed that theclouds are vulnerable to external thefts and securitycompromises. The cloud services are different from thetraditional IT infrastructure. The customers can avoid one-timeinvestment, operating cost and increase their agility by usingthe cloud services whenever needed. However, cloud has aunique infrastructure, which raises various security and privacyconcern for the organizations, which are using the cloudservices. The security issues associated with the cloud servicescan be categorized into one of the following dimensions,namely, privileged user access, long term viability, regulatorycompliance, investigative report, data location, data recoveryand data segregation (Zhou, Zhang, Xie, Qian, & Zhou, 2010,November). The security issues of the cloud services can becategorized as under security and privacy issues, complianceissues and contractual issues. As the cloud services are spreadover different countries, the legal compliance of the vendors isalso a challenge. The research problem of the current paper canbe formed as: What are the security and privacy challenges in thecloud computing?What countermeasures can used to enhance thesecurity of the cloud infrastructure? A.Research Justification Today, the cloud computing has a widespread applicationand requirement for the business enterprises. Cloud computingis unique due to its delivery and deployment models. There areseveral benefits of cloud computing such as on-demand self-service, ubiquitous network access, resource elasticity,calculated services, pooling services and location independentresources. However, in spite of all these benefits, the adoptionrate of cloud computing is comparatively low. Therefore, it isimportant that the business organizations enhance the securityassociated with the cloud solutions (Subashini & Kavitha,2011). By improving the security, the business organizationscan accelerate the adoption of cloud services at a large scale. Itcan also garner the support of regulatory organizations.Therefore, the present research will be beneficial to enhancethe adoption of cloud computing services.LITEERATURE REVIEWIn the perspective of Kumar & Lu (2010), the cloudcomputing is advancement in web services such as web hostingand online web storage. The primary feature of the cloudcomputing system is the availability of the services to thecustomers at any time and at any place. The cloud computingensures that the users can access the system from any locationin the world. Therefore, most of the business organizationsprovide cloud system at virtual places. However, if the hackersare able to break into the private data of the web hosting andthe online storage, it can create huge risk for the hackers. Thehackers might steal the private information of the users. Theusers have access to vast amount of information from differentusers and can use this information for malicious intent. Thereare several sensitive category of information such as credit card
Security and Privacy Issues and Prevention Methods in Cloud Computing_1
numbers, software and reports, which are stored at the onlinemediums. This information can be stolen for malicious intent. Pearson & Benameur (2010, November) have analyzed thatthe cloud computing environment is a multi-domainenvironment; therefore, in this environment each domain canbe use different levels of security, privacy and trust. It isfacilitated by service composition and orchestration. There areissues regarding the authentication and identity management inthe cloud solutions. In the cloud services, the identitymanagement mechanism is used to protect the credentials andcharacteristics of the users. However, a major issue in theidentity management is the issue of interoperability, whicharises because of the use of different identity tokens andidentity negotiations in protocols. In the perspective of Popović & Hocenski (2010, May) thecurrent password based authentication processes has severalinherent risks associated with the account. The cloud is a multi-tenant environment; therefore, the privacy of an individual usercan be easily breached in the environment. There is also issueof multi-jurisdiction, which can complicate the cloud protectionlaws and jurisdiction. The cloud service provider has to ensurethat the identity of the services is protected from other users ofthe service. The distributed-denial-of-service attack is anotherservice security issue in cloud computing. The cloudcomputing has high level of resources; however, it is still proneto (Distributed Denial of Service) attacks. However, with theexistence of several other technologies, the DDoS attacks haveincreased in number. In cloud hosting solutions, the businessorganizations have to share their resources, which make themvulnerable to the attacks by other business organizations. According to Kaufman (2009) in the SaaS model of cloudcomputing, cloud solutions are offered as a service. In thetraditional data storage model, the sensitive data is stored at thepremises of the enterprises and it remains in the boundary ofthe organization. This data is subject to the physical, logical,personal security and access control protocols. However, inSaaS clouds solutions, the sensitive data is stored outside thephysical premises of the organization. Therefore, it is importantthat SaaS vendor adopts additional security measures to protectthe data at the vendor’s location. There should be additionalsecurity measures to prevent data breach due to vulnerabilitiesemerging due to malicious employees. The cloud vendorsshould have strong encryption techniques for maintaining thesecurity of the database. In the views of Wang, Wang, Ren &Lou (2010, March) the malicious users exploit weaknesses inthe data storage infrastructure, so that they gain access tounauthorized data. According to Chen & Zhao (2012, March) the networksecurity is another issue in the security and privacy approachesof cloud solutions. In the SaaS model, the sensitive data iscaptured by SaaS tools, processed through SaaS applicationsand stored at a foreign location. All the data stored at the SaaSlocations, should be protected so that sensitive informationcannot be stolen from the organization. The companies can usedifferent approaches such as secure socket layer (SSL) andTransport Layer Security (TLS) for enhancing the security ofthe organization. These approaches can provide protectionagainst several approaches such as packet sniffing, IP spoofing,and manual attacks. The malicious hackers can exploit theweakness in the network security configuration and use it toextract information from the users. Similarly Wang, Wang, Ren & Lou (2010, March) havestated that other than that there are several laws related to datalocality. According to these laws, certain kind of informationand data cannot be sent outside the country due to the privacylaws. However, it becomes a challenge for the cloudorganizations as in the cloud; the data is stored at a remotelocation. The location of the data is very important in theenterprise architecture, as it may comprise sensitiveinformation. It is possible that the privacy and the sensitivitylaws are not applicable in the countries. In the cloud computing, data integrity is another importantissue in the system. The data integrity can be achieved byestablishing a standalone database. It means establishing asingle database for each organization. The database managershave to implement constraints and database transactions, sothat they can maintain the data integrity of the secured data.However, maintaining the data integrity is challenging in thedistributed system. The transaction across different datasources has to be handled in a fail safe manner so that noexternal entity can breach the database of the organization. In the perspective of Takabi, Joshi, & Ahn (2010) in thecloud computing, multi-tenancy is an integral characteristic ofthe database management. It means that different users cansave their data at a single location. It means that theconfidential and non-confidential data of the users will reside atthe same location. In this environment, the intrusion betweenthe data of two different users can occur. It will be a hugebreach in privacy of the users. The business organizations candeliberately enter the database of another organization byhacking the loopholes in the cloud applications or injectingcloud code in SaaS system of the organization. The unethicalhackers can breach the system of the organization and intrudethe system of another organization. Therefore, it is importantthat system boundaries are established not only at the physicallevel but also at the application level. In the views of Itani, Kayssi & Chehab (2009, December)the data access is another issue in the cloud based system. Thedata access is another issue in the cloud computing. In thecloud, the data access is associated with the security policiesprovided to the users, when they access the data. Everybusiness organization, which takes use of cloud services, hastheir own set of security policies. According to these policies,different employees have different access to user data. Thesepolicies may provide certain access to few employees and otheraccess to other employees. It is important that the cloud serviceproviders give the same access to the cloud service providers. According to Pearson (2009, May) in the cloud solutions, thedata confidentiality is another issue in effective storage ofinformation. The cloud computing involves sharing or storageof resources; however, the actual border or limit of sharing isunder a debate. The cloud computing involves sharing theinformation at remote servers and accessing them with theinternet. All the storage requirements of the users can be storedat a single cloud service provider. It can also be stored atdifferent service provider. In the views of Kumar & Lu, (2010) other than that, there isalso issue of web application security in the cloud computing.It means that the SaaS services are deployed over the internetso that it can run on the personal computer. There are severalcharacteristics of the cloud computing such as network-basedaccess, management and managing the applications from acentral location. It allows the customers to access theinformation through software components. There is also issueof data breach in cloud computing. In cloud, the information isstored at a remote geographical location; therefore, the actualowner of the information has little control over the storage ofthe information. In cloud computing, most of the businessorganizations use virtualization to manage the information atthe cloud. According to Hwang & Li (2010), the virtualizationposes several security risks to the users. In the present scenario,it is very challenging for the business organizations to assure
Security and Privacy Issues and Prevention Methods in Cloud Computing_2

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Cloud Computing Security PDF
|13
|3038
|39

Security issues in cloud environment
|12
|3175
|391

Cloud Computing: Types, Advantages and Disadvantages
|6
|901
|325

Cloud Based Infrastructure for MetaSoft
|10
|561
|335

Integrated Professional Skills in Digital Age (Doc)
|7
|2017
|26

Introduction to Cloud Computing
|10
|2358
|36