Looking At Cloud Computing From The Perspective Of Security

Organizations use the Cloud in a variety of different service models (SaaS, PaaS, IaaS) and deployment models (Private, Public, Hybrid). There are a number of security issues/concerns associated with cloud computing but these issues fall into two broad categories: Security issues faced by cloud providers (organizations providing software-, platform-, or infrastructure-as-a-service via the cloud) and security issues faced by their customers.In most cases, the provider must ensure that their infrastructure is secure and that their clients’ data and applications are protected while the customer must ensure that the provider has taken the proper security measures to protect their information.

The data information needs to be kept secure and making sure that the information is only used by the correct person and in the manner in which it should be used.

According to Lawrence Shawa, "a number of organizations I have spoken to have expressed concern about how secure their data is that is hosted in the cloud. There is sense of control that is taken from them making the organizations feel vulnerable" (Collection 2:1) Companies naturally feel a strong sense of obligation to protect their customers. Additionally, they may lose business if they have a reputation for compromising customer security.

To understand the public cloud computing environment that is being offered by the cloud providers. The responsibilities of an organization and the cloud providers vary depending on the service model. Any organization should understand and organize the process of consuming the cloud services and also keep an eye on the delineation responsibilities over the computing environment and implicate security and privacy. Assurances or certification and compliance review entity paid by the cloud providers to support security or privacy should be well verified time to time by organization through independent

A lot has being said concerning issues surrounding the law and cloud computing. Some of these issues include privacy and data security concerns and laws and regulations. Regardless of what cloud computing models an organization uses, both the cloud provider and the consumer ha to operate under this laws. Therefore both parties need to have a broad knowledge of the these laws such as data breaches, information ownership and control and how close customers can manage risk both at the federal and state levels.

To understand the public cloud computing environment that is being offered by the cloud providers. The responsibilities of an organization and the cloud providers vary depending on the service model. Any organization should understand and organize the process of consuming the cloud services and also keep an eye on the delineation responsibilities over the computing environment and implicate security and privacy. Assurances or certification and compliance review entity paid by the cloud providers to support security or privacy should be well verified time to time by organization through independent assessment.

According to (Whitman and Mattord, 2012), information Security is the protection of the lifeblood of the organization — its information. Specifically it is the protection of the confidentiality, integrity and availability of that information and the systems that store, process and transmit it, (Whitman and Mattord, 2012). Information Security is at the forefront of organizational concern with cloud computing. A major organizational concern is will the cloud service provider be able to secure and protect its data. Although this concern is imminent, many organizations have made the decision to move data storage and services to the cloud. The concern is primarily due to cost benefits such as overhead costs of maintaining software and hardware on-site.

One of the unavoidable risks in cloud computing is the loss of governance of the firm’s data. The business must hand over the processing of its most sensitive data to a third party service provider whose computers could be anywhere in the world. This means the oversight and enforcement of access controls to company data usually afforded by in-house IT departments is bypassed, as observed by researchers doing a case study of Swiss companies (Brender & Markov, 2013). As vendors seek locations where labor and electricity are at lower costs, data may be

Cloud technology links remote computers to a network of data servers that contain user data. It serves to increase efficiency in data access, increase user convenience and lower costs. It also has created efficiencies in terms of user hardware requirements necessary to access files and programs in multiple locations. A system designed in only 2006, it has already become a $68 billion global industry, with an anticipated $17 billion per annum growth rate. With such a growth rate, cloud technology is rapidly becoming an increasingly important aspect of individual and corporate data storage. While cloud technology provides an expansive range of possibilities of use for individuals and businesses alike, it has also posed challenges for its effective governance and privacy.

Cloud services: The organizations have been highly dependent on the cloud services. The cybercriminals have been seeking ways to exploit corporate security policies for protecting cloud services. The cloud services have been providing immense risk of data being disclosed deliberately or accidentally. The hosting companies have a greater ease of control over the private data and information and can even communicate between the end user and access his user data even without his permission. Therefore this threat has to be placed at the highest priority. Additionally, the cloud providers have the authority to the share information with any of the third parties even without any warrant. All these activities poses privacy concerns as the data can be access on the cloud anywhere and anytime where the information can be deleted, or even altered. All these activities have further left a room for potential unwanted disclosure of data and information on the cloud. Thus using cloud services in an organization poses a threat to exploitation and stealing of confidential data by their competitors, cybercriminals and vigilante justice seekers (Shaikh, F. B., & Haider, S., 2011).

Business in the 21st century has undoubtedly experienced rapid growth and has been vastly changed by the advances in cloud computing. People can access content, connect to others in distant lands, and do business from virtually anywhere in the world. With the rapid advancements of cloud computing in the world, the power of even a small business has essentially become limitless in discovering new clientele, reducing cost of overhead and widening profit margins. However, this is only advantageous to a certain degree as long as other competitive businesses within the same market do not duplicate the benefits of excelling technologies with minimal effort [1]. There are also many cross-border policies that limit the capability of businesses, big and small, and ultimately interfere from effectively making use of cloud computing technology, such as China-U.S. political relations [3]. Russia has also been considered to be a high-level threat in the cyber-market [7]. Even with the many advantages cloud computing brings, the competitive foundation that carries the further advancement of cloud computing technology itself has become heavily dependent on ever-changing customer values in a 21st century market [2] that demands goods and information faster [1], all while maintaining a good stance in the political spectrum and a safe haven from exploitation.

Long-term viability is a major security concern for the firms because when companies store their confidential data which require a lot of security, they need to have guarantee of how safe their data is going to be kept in a long term scale and not to be lost within a short period. The cloud computing provider must guarantee its customers that even if the original provider is taken over by another firm or if any natural disasters occur, the data stored by companies and the agreements made with the original provider has to be available at all times in case of changes occurring, such as if certain issues as mentioned above take place. Users are concerned if such an incident occurs, will they be able to retain their data back, and should they handle their documents manually at the premises instead of using the developed technological advancements.

As depicted in figure 3, the technical details, arrangements and management of the cloud service providers’ network is transparent to the cloud user. From the end of the cloud user, the service from the provider comes in the form of SaaS, PaaS or IaaS where the cloud user has no intention or worry about what goes on in the internal arrangement of the cloud service providers’ network. Any disruption of any form for whatever is the reason, deem to the cloud users either as service unavailability or quality deterioration – its affect and ways to counter this disruption is a critical part for the cloud infrastructure. Security issues might play a stimulating role as a driving factor for any aforementioned disruption.

The security level are different for the user and the cloud services provider. At the highest level the cloud provider makes sure the information of the user is kept safe while in the lower level individuals must make sure their credentials required in order to log into the cloud are kept secret. In case of a breach, cloud services providers will not be responsible the mishandled logins since they are not in position to identify who the real user of the service is. Therefore, as long as the correct log in is provided, anyone could access a cloud account. Accessing the cloud with someone else’s credentials is an indication of how easy it actually has become for criminals to get what they want. Hackers identify loop holes such as this to access the information and the data. In order to conceal their acts they put on measures that will protect them from being identified.

Usage of remote servers via internet to store, manage and process data instead of using a personal computer is known as Cloud computing. It’s a set of Information Technology services with the ability to scale up or down their service requirements. Most of the cloud services are provided by a third party service provider. In cloud computing, organizations can utilize IT services without in advance investment. Despite its benefits obtained from the cloud computing, the organizations are slow in accepting it due to security issues and challenges. Security is one of the major problems which hinder the growth of cloud. It’s not wise to handing over the important data to another company; such that clients need to be vigilant in understanding the risks of data infringement in this new environment. This paper discusses a detailed analysis of the cloud computing security issues and challenges. (Ayoleke)