Cloud Computing Security Analysis

Verified

Added on  2020/01/28

|15
|4893
|403
Literature Review
AI Summary
This assignment delves into the crucial topic of cloud computing security. It examines various vulnerabilities associated with cloud environments and investigates methods to mitigate these risks. The focus encompasses secure data storage techniques like AES encryption and strategies for ensuring secure access control within cloud platforms. The assignment requires a critical analysis of existing security measures and proposes innovative solutions to enhance the overall security posture of cloud computing.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
SECURITY CHALLENGES OF CLOUD COMPUTING
STUDENT NAME:
STUDENT ID:
PROFESSOR NAME:
1

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Abstract
Cloud computing is a computing model which enables the sharing of data, resources, and
software by different computers simultaneously. The data is present in a central database and all
the computers are connected to the database with a proper networking system. However, the
security issues related to the cloud computing has proved to be a barrier to the smooth
implementation of the technology in the market. The data handled by the cloud is very large as
well as important and needs to be properly and sensitively handled. After the proper analysis, it
has been discovered that there are many risks associated with the security of data. These risks
involve the factors like misplacement of the intellectual property, interference with the privacy of
data, manipulation of the important data as well as loss of proper control over the data. There are
several impacts of these risks on the users like loss of revenue and goodwill of the company, the
loss of trust of customers on the companies as well as a violation of certain laws due to the
leakage of highly confidential data. There is several security models designed to solve these
issues. The models IaaS, SaaS, and PaaS shall be discussed in details in the project.
2
Document Page
TABLE OF CONTENTS
Discussion......................................................................................................................................................4
Introduction....................................................................................................................................................5
Outline of the research...................................................................................................................................5
Purpose of research........................................................................................................................................5
Research Rationale.........................................................................................................................................5
Research context............................................................................................................................................6
Literature review............................................................................................................................................6
Impact of the security challenges on the consumer.....................................................................................10
Conclusion...................................................................................................................................................11
Methodology................................................................................................................................................11
Reference list...............................................................................................................................................13
3
Document Page
Discussion
Cloud computing basically deals with storing the data on a server and enable the sharing of the
stored data by different systems. The basic concept is that the data is stored centrally in the cloud
and the different systems can access the data with the help of internet. The cloud computing
technology is a significant development in the field of technology. However, it has its own
limitations which have prevented the implementation of the technology at a large scale. There
are several risks associated with the security of the data. These risks may include the risk of loss
of data, loss of control of the concerned authority over the data, the misuse of the confidential
data as well the manipulation of data. These issues can be solved using the different security
models PaaS or platform as a service, iaaS or infrastructure as a service and the saaS or software
as a service. The PaaS allows the user to deploy his own applications on the cloud infrastructure;
the iaaS provides the user with network and storage so that they are able to use different
software. The saaS allows the people to access the applications running on the cloud.
4

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Introduction
Cloud computing is a technique which facilitates the sharing of data and resources for
different computers simultaneously. Despite being a great opportunity for the world of
technology, it has a number of security issues. The cloud computing deals with a large amount of
data that is very important for the companies. It helps them to deal with it and therefore needs to
be handled very sensitively. According to Shiau and Chau (2016, p.358), there are several
challenges to the security of the data like the protection of data, authentication of data as well as
breach of data. These challenges must be resolved to increase the effectiveness of cloud
computing.
Outline of the research
There are several security challenges to the consumers regarding the data sharing in cloud
computing. The security is highly complicated due to the data being distributed in a very wide
area and being accessed by a number of systems. Zhang et al. (2016, p.807) mentioned that, the
different challenges are the protection of data while it is stored as well as in transmission mode,
the authorization of data- the access to the data should be granted only to the one who have the
authority and the violation of data in an illegal manner. There are several security models which
serve to eliminate or minimize these challenges namely IaaS, PaaS and SaaS.
Purpose of research
It has been years since the concept of cloud computing has been introduced into the
market. Despite being a significant innovation in the 5th field of technology, the dependability is
still questionable due to some security issues. The companies which have a desire to involve in
this technology need to be confident of some critical factors. The data they are sharing with the
computing system must be safe and secure. The companies sharing the data must be convinced
that there shall be no unauthorized access to their data. They also need to be assured of the fact
that their data will not be breached or violated in any circumstances.
Research Rationale
What is the issue
There are several issues regarding the security in the cloud computing technology (Kaur
and Kaur, 2016, p.29). The data stored in the cloud is very confidential for the companies and
5
Document Page
must be protected under all conditions. These may consist of some private data of individuals
recorded by the company for certain purposes. The companies may fear the loss of control over
the data provided to the cloud.
Why is it an issue
The loss of such confidential data from the database or the misuse of those data may lead
the company to bear an irreparable loss in terms of revenue as well as the reputation of the
company.
Why is it an issue now
A number of data hacking techniques have emerged which have lead to the misuse of the
confidential data stored in the cloud. This the reason for the security of the technology has been
questioned.
What does the research shed light on
The research conducted sheds light upon the different challenges faced by the customers
in the security issue of cloud computing as well as the different models of security which can be
applied to meet those challenges.
Research context
The advancement of technology has lead ways for the evolution of globalization. There
are a number of companies who are trying to expand their business throughout the world. In that
case, they need to have a central body which shall be able to control all the different branches of
the companies. These companies need to share a lot of common data among the branches for the
smooth functioning of the entire system. This problem can be solved with the use of cloud
computing. As said by Pancholi and Patel (2014, p.19), there are several issues related to the
security of the data like the protection of their data, the proper authorization for the use of their
data so that their data is not used by some unwanted party, Also, the data should not be violated
or misused for any illegal purpose. Proper research is been done on the different security models
which meet these challenges.
Literature review
There are several issues regarding the cloud computing security. This part of the study
mainly describes the models that can be helpful to mitigate these issues. Below the three models
are described.
6
Document Page
SaaS
Software as a Service model is a cloud computing model where software is used as a tool
for cloud computing. The software used is centrally hosted from where it is accessed by the
users. The software is accessed by the use of browsers like Mozilla Firefox and Google Chrome.
Rittinghouse and Ransome (2016, p.62) stated that the SaaS model is used in office and
messaging software, DBMS software, payroll and accounts, Computed Automated Drawing
(CAD), CRM (Customer Relationship Management) and HRM (Human Resource Management)
and service desk management. It has entered deep into all leading software companies. Saas is
used in many ways like managing software as a service, mobile backend as a service and
Information Technology management as a service. Accumulo et al. (2016, p.426) mentioned that
SaaS requires very less physical hardware requirement. Due to the use of software, it is deployed
almost instantly. There is also the requirement of a number of processors used in SaaS model.
The freemium model is used where free service is made available to the customers with limited
functionality or usage (Mell and Grance, 2011). This is possible as the initial cost of SaaS model
is quite low. In cloud computing, there are many security issues like data breach, network
security, and information security.
SaaS mitigates many security challenges of cloud computing. Bokhari et al. (2016, p.10),
has stated that in the present time, there are many organizations which are storing their huge in
advance system to the future use. But with less availability of updation of existing software
increases insecurity of the data. SaaS makes the data secure in the cloud and provides a solution
to the data breach. SaaS does not allow the unauthorized user to access the data. In this way, data
which is stored in the cloud remains safe Armbrust, M. and et.al., (2010, p. 50-58). The network
security is also a concern for cloud computing. Due to the use of cloud, it is possible that data or
information is leaked from the network. The use of SaaS solves this problem to a great extent.
SaaS provides network backup when different users are accessing the cloud. This helps in
protecting data whenever the network is lost or breached.
ComPUtING, (2011, p. 36-38) has stated that identity management or sign of the user is
also a challenge in cloud computing. Whenever any user forgets to log out of the cloud
application and mistakenly closes the application, the chances of loss of data has increased. Saas
provides the solution to identity management by posting restrictions on access to network, cloud
and its applications. The following system has automatically logs out the session. It thus solves
7

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
the identity management or login problem in cloud computing. Jumagaliyev (2016, p. 53) stated
that in the present time, the transaction of money has done through online mediums like Go
Recharge and Freecharge. During these mode, security and safety of users transactions have
most of the time has created issues. Along with this, the essential personal information of the
user has not secured that much as it has expected by them. In most of the cases, the sensitive
information of private enterprise using the cloud computing is stored outside their domain or
accessibility. Zhang, Cheng and Boutaba, (2010, p. 7-18) has stated that in this case, SaaS
provides additional security features to protect the data in the cloud. In order to protect the
sensitive information of the users, the SaaS provides many security features which are private to
the application. In the case of DBMS, there is much sensitive information which is private to the
enterprise and the users. This information is needed to be protected. SaaS allows DBMS to use
features like normalization. On the other hand, Subashini and Kavitha, (2011, p. 1-11) has
explained that it also helps to keep safe the private information. Along with that, data is kept safe
as well. It also allows the user to relate and change his data according to his own wish. SaaS
mitigates many of the security challenges of cloud computing.
PaaS
According to Calheiros, Ranjan and et.al., (2011, p. 23-50), PaaS allows the customers to
use the platform or the operating system and the servers to use along with the infrastructure.
Generally, the vendor controls and maintains the physical computer hardware, operating systems,
and server applications while the customer only controls and maintains their developed software
applications. Customers would, therefore, be mainly responsible for any security exploits that
could target their applications, while the vendor is not only responsible for physical security but
also for any security exploits that could target network connections such cloud storage, data
storage, and data access. This has created the security issues regarding revile the information of
the users by hackers and other third parties for personal benefits. Devi and Ganesan (2015,
p.154) mentioned that PaaS allows customers to use the vendor's cloud infrastructure to deploy
web applications and software to the users. In this way the security ensured in the PaaS model is
of two ways. One from the vendor perspective and the other one are from the user perspective.
Priya (2016, P.71) stated that these two ways of ensuring security enhances the security of the
cloud due to PaaS. These two ways solve the security challenges due to cloud computing.
8
Document Page
As per the view point of Mell and Grance, (2010, p. 50) Application Threat modeling is
one of the applications of PaaS. The main aim is to build the security in the cloud. OWASP
threat modeling page and Microsoft Security Development Lifecycle Resource page are the
initial steps which are provided by the PaaS to provide security in the first step. After the
implementation of the Application Threat Modelling, the security is provided from many basic
security challenges like Structure Query Language Injection and the XSS that is cross site
scripting. Yesilyurt and Yalman (2016, p.1292) stated that these security tools are provided at a
free of cost or less price to the customers and hence provide security. For effective and broader
scanning tools like Google, skip fish is used to secure the platform.
Yu, Wang, Ren and Lou, (2010, p. 1-9) has stated that the next step to ensure security is
scanning. This method is applied to solve security issues at the secondary stage. The scanning is
an extension of the first step of security with an added difference. The difference is that checking
of the applications is done to ensure that no malware and dysfunctionalities are present. The third
step to ensure the security is to train the developers. On the other hand, Marston, Li,
Bandyopadhyay, Zhang and Ghalsasi, (2011, p. 176-189) has explained that many training
methods are used to train the developers to secure the PaaS. The secure coding and secure design
principles are the two most commonly used methods that are used to train the developers in
security. Developer application security training ensures that proper training should be given to
maintaining the relevance. Jafarpour and Yousefi, (2016, p.53) stated that this is important as it
provides security to data from exposing in the development and staging process. In these
processes, there is neither any control of development nor of staging. Due to this the data
remains open or exposed to illegal access. Data Sanitization and Data Reprioritization greatly
helps in this regard. Data Scrubbers are generally used to sanitize the production data. Data
Sanitization solves the challenges of cloud computing which is mainly faced by the users.
IaaS
The availability of computing resources all over the internet is done by the help of IaaS.
There are many security features provided by the IaaS which solve the challenges of cloud
computing. Rittinghouse and Ransome (2016, p. 80) mentioned that in the shared cloud network
every user share the same cloud for accessing the infrastructure. It has developed a security issue
for its users while storing and access the information. The cloud has a two IP addresses. One of
them is the public IP address for the application user and another one is private IP address for the
9
Document Page
cloud. The public IP address is either permanent or temporary whereas the private IP address is
always temporary. This provides network security and solves the security challenges existing in
the cloud computing. Most of the time, these have hacked by the people to get the important
information of the users. IaaS provides the feature of shared cloud network. IaaS provides the
facility of VPC (Virtual Private Cloud) network which ensures that the private subnet of one user
is not accessible to the other user by the cloud server or through the internet. The facility of the
firewall is also provided which prevents the unauthorized access of data in the cloud. Tchernykh
et al. (2016, p.17) said that it also controls the network traffic to and from the cloud. The firewall
also provides the benefit to allow a specific user to access a specific set of cloud and computing
resources using a specific set of rules and thus improves the security aspect of cloud. IaaS also
helps to protect rogue. It also helps to provide secure extension and securely connects the
enterprise sites to the clouds with the use of static IP connection (Hussein and Khalid 2016,
p.53). It also helps to secure the remote access to individual’s server. It ensures that individual
machine is accessed to cloud by a secure network. The access is based on credentials that a
single user is allocated a single server of the cloud. Is also provides the benefit of remote VPN
access. It allows the employees to securely connect to the cloud by using the VPN clients. It
includes the central authentication of the employees that verifies the identity prior to providing
access to the cloud. Alqahtany et al. (2016, p.443) stated that IaaS gives the facility of Virtual
Local Area Network (VLAN) that is an isolated network with a private IP subnet and a layer of 2
separation constructs. It provides inter-datacenter communication between different cloud
customers. In this way, it reduces the risk of shared network. The VPN and VLAN in the IaaS
mitigate the security challenges of cloud computing and thus satisfy the users of cloud
computing.
Impact of the security challenges on the consumer
According to Islam et al. (2015, p.479), there are several challenges to the security of
data stored in the cloud. The problems arising due to these challenges have a deep impact on the
people. The data shared by the companies can be highly confidential for the company. The data
can be considered as the intellectual property of the company and the loss of such data may
prove disastrous to the company. Some organizations maintain the records of the confidential
data of some individuals, the leakage of such data from the cloud may lead to the misuse of the
10

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
same. In that case, the company is subject to punishment for violation of certain laws. The
company may lose the control on the data and it can be accessed by unauthorized people for an
unethical purpose.
Islam et al. (2015, p.479) said that the malware infections may lead to the growth of
cyber crime which is a matter of concern for the people. The data may consist of the codes used
for transactions using debit or credit cards and the loss of such data makes the customers lose
trust in the company. In the case of any kind of data shared by the customers, the customers need
to be sure that the data provided by them is completely secure in the hands of the company. If
they are not confident about this fact, they would stop trusting the company and move to some
other company where they can achieve the sense of security. Other than Kumar and Lu, (2010, p.
51-56) has asserted that these, the data stored in the cloud may be the development ideas of the
company and the loss of the ideas for a new project of the company may cause a significant loss
in terms of revenue.
Conclusion
In this research project, the various threats to the security of data stored in the cloud have
been analyzed. The different issues like data integrity, data security, and unauthorized access to
the data have been explored. Also, the manipulation of data and the data hacking have been
discussed. A thorough assessment of the impact of the above-discussed issues has been done.
The research context and the aspects of the research, as well as the purpose of the research, has
been clearly defined. The literary review has been done and the methodology of the research has
been properly mentioned.
Methodology
In order to perform the entire research, the researcher needs to take certain methods that
can be useful for successfully conducting the study. The primary research needs to be done and
the population needs to be the customers who are using the cloud technology. Based on the
feedback from the customers, the cloud service providers can easily upgrade their technical
aspects. In addition to that, to mitigate the security challenges of the cloud technology, the
organizations need to train their employee in such a way that the intruders find it hard to break
into the system. Therefore, the proper training for the employee needs to be provided by the
company. Along with that, the new and updated technology also needs to be used by the
11
Document Page
organizations in order to mitigate the security issues regarding the cloud computing. Therefore, it
can be said that, by implementing these particular methodologies, the security challenges of the
cloud computing can easily be mitigated.
12
Document Page
Reference list
Accumulo, A., Cassandra, A., Giraph, A., Hadoop, A. and Storm, H.A., (2016). AWS, 175
dynamoDB, 559 EC2, 559 elastic cloud computing, 301, 302, 559 elastic compute cloud, 18–19.
policy, 420(421), p.424-428.
Alqahtany, S., Clarke, N., Furnell, S. and Reich, C., (2016). A forensic acquisition and analysis
system for IaaS. Cluster Computing, 19(1), pp.439-453.
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., ... & Zaharia, M.
(2010). A view of cloud computing. Communications of the ACM, 53(4), 50-58.
Bokhari, S.M.A., Azam, F. and Abbas, M., (2015). Limitations of Service Oriented Architecture
and its Combination with Cloud Computing. Bahria University Journal of Information &
Communication Technology, 8(1), p.7-15.
Calheiros, R. N., Ranjan, R., Beloglazov, A., De Rose, C. A., & Buyya, R. (2011). CloudSim: a
toolkit for modeling and simulation of cloud computing environments and evaluation of resource
provisioning algorithms. Software: Practice and Experience, 41(1), 23-50.
ComPUtING, C. (2011). Cloud computing privacy concerns on our doorstep. Communications of
the ACM, 54(1), 36-38.
Devi, T. and Ganesan, R., 2015. Platform-as-a-Service (PaaS): Model and Security Issues.
Indonesian Journal of Electrical Engineering and Computer Science, 15(1), pp.151-161.
Hussein, N.H. and Khalid, A., (2016). A survey of Cloud Computing Security challenges and
solutions. International Journal of Computer Science and Information Security, 14(1), p.52-58
Islam, T., Manivannan, D. and Zeadally, S., (2015). A Classification and Characterization of
Security Threats in Cloud Computing. INTERNATIONAL JOURNAL OF NEXT-GENERATION
COMPUTING, 7(1), pp.478-480.
Jafarpour, S. and Yousefi, A., (2016). Security Risks in Cloud Computing: A Review.
Jumagaliyev, A., Whittle, J.N.D. and Elkhatib, Y.S.S.A., (2016). Evolving multi-tenant SaaS
cloud applications using model-driven engineering
Kaur, M. and Kaur, K., (2016). A Comparative Review on Data Security Challenges in Cloud
Computing.
Kumar, K., & Lu, Y. H. (2010). Cloud computing for mobile users: Can offloading computation
save energy?. Computer, 43(4), 51-56.
13

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Marston, S., Li, Z., Bandyopadhyay, S., Zhang, J., & Ghalsasi, A. (2011). Cloud computing—
The business perspective. Decision support systems, 51(1), 176-189.
Mell, P., & Grance, T. (2010). The NIST definition of cloud computing. Communications of the
ACM, 53(6), 50.
Mell, P., & Grance, T. (2011). The NIST definition of cloud computing.
Pancholi, V.R. and Patel, B.P., (2014). Enhancement of Cloud Computing Security with Secure
Data Storage using AES. International Journal for Innovative Research in Science and
Technology, 2(9), pp.18-21.
Priya, B., Kaur, S. and Kaur, R., (2016). Services in Cloud Environment and Security Issues.
Rittinghouse, J.W. and Ransome, J.F., (2016). Cloud computing: implementation, management,
and security. CRC press.
Rittinghouse, J.W. and Ransome, J.F., (2016). Cloud computing: implementation, management,
and security. CRC press.
Shiau, W.L. and Chau, P.Y., (2016). Understanding behavioral intention to use a cloud
computing classroom: A multiple model comparison approach. Information & Management,
53(3), pp.355-365.
Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of
cloud computing. Journal of network and computer applications, 34(1), 1-11.
Tchernykh, A., Lozano, L., Schwiegelshohn, U., Bouvry, P., Pecero, J.E., Nesmachnow, S. and
Drozdov, A.Y., (2016). Online bi-objective scheduling for IaaS clouds ensuring quality of
service. Journal of Grid Computing, 14(1), pp.5-22.
Wang, Cong, Qian Wang, Kui Ren, and Wenjing Lou. "Privacy-preserving public auditing for
data storage security in cloud computing." In INFOCOM, 2010 Proceedings IEEE, pp. 1-9. Ieee,
2010.
Yesilyurt, M. and Yalman, Y., (2016). New approach for ensuring cloud computing security:
using data hiding methods. Sādhanā, 41(11), pp.1289-1298.
Yu, S., Wang, C., Ren, K., & Lou, W. (2010, March). Achieving secure, scalable, and fine-
grained data access control in cloud computing. In Infocom, 2010 proceedings IEEE (pp. 1-9).
Ieee.
14
Document Page
Zhang, H., Jiang, H., Li, B., Liu, F., Vasilakos, A.V. and Liu, J., (2016). A framework for
truthful online auctions in cloud computing with heterogeneous user demands. IEEE
Transactions on Computers, 65(3), pp.805-81/
Zhang, Q., Cheng, L., & Boutaba, R. (2010). Cloud computing: state-of-the-art and research
challenges. Journal of internet services and applications, 1(1), 7-18.
15
1 out of 15
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]