A review by me on Cloud Computing : Related security problems and challenges [ Review paper - Distributed Systems Y3S1 ]

 

 

A Review on Cloud Computing, Related security problems and challenges

 

N.I.Thathsara Hewage

Sri Lanka Institute of Information Technology

Faculty of Computing – Department of Software Engineering

 

Abstract:

Cloud Computing us an upcoming technological model for providing on demand accessing to data and other computer resources especially data storage and computing power from anywhere at any time in the world without active and direct management by the end user over the modern internet. Cloud computing is basically derived from grid computing, distributed computing, internet quality improving technologies, virtualization technology, parallel computing, utility computing and other computer technologies. Large-scale computation and data storage, virtualization, high reliability, high expansibility and low price service are some advantages gain from cloud computing. Cloud providers typically use a ‘pay as you go’ model, which can caused to unexpected operating expense, security problems if administrators are not familiarized with cloud-pricing models. This review paper introducing about some cloud computing systems and analyzing cloud computing security problems and basic strategies with the frame of cloud computing concepts and characters.

Index Terms:

Advance Research Projects Agency Network (ARPNET), Privacy Impact Assessment (PIA), Service Level Agreements (SLA’s), Cloud Security Alliance (CSA), Intrusion Prevention System (IPS),Intrusion Detection System (IDS)

 

01.   Introduction

The first working prototype of internet came in the late 1960s after the creation of ARPNET (Advance Research Projects Agency Network) and the researchers began to design the network of networks concept that has converted now as the modern internet. The history of the Internet has its origin in the efforts to build a realistic concept of an interconnected computer as a single world. Finally distributed computing technologies, virtualization technologies, parallel computing technologies were developed by the time and to remove the remaining limitations of computing aspects, the cloud computing was introduced to the world.

Since 1950s, organizations have been using complex, expensive and huge mainframe computers to process their data. This led most organizations to purchase two or more than computers and implement some “time sharing” methods around it. With time sharing several users could directly use a mainframe computer from different connected stations that brings no processing or managing power by them. This was an effective way to save the time and use the computing resources collaboratively then the cloud concept came in to the technology. Small companies could not afford to use computers with these type of concepts. This was a major disadvantage of this technology at that time.

ARPNET was introduced the first network that allowed digital resources to be shared among different computers which are not in the same physical location. As technology evolved, the data of cloud computing moved ahead gradually and what is known as today as “cloud computing”.

Almost every organization in the world has adopted to the cloud computing nowadays to varying degrees with the needs of the business needs. With this rapid adoption of the cloud becomes to a situation to ensure that the organization’s cloud security with the strategy is capable of protecting against the top security threats and problems such as unauthorized access, insecure interfaces, hijacking of accounts, lack of visibility, external sharing of data, malicious insiders, cyberattacks.

This is a piece of writing as a review that discuss the above-mentioned details with the reference of some research papers studied through the internet.

 

 

02.   Discussion

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.^[R02]Cloud computing system is consists of reliable and secure services delivered through data center. These are work and run on servers with different levels of virtualization and other different technologies with cloud computing. Users’ data can be stored in the cloud and these services providing are accessible anytime and anywhere in the world. Cloud represents a centralized point of access for all the computing needs of users.

The cloud computing system provides the service for the user and has the character of high scalability and reliability. The resource in the cloud system is transparent for the application and the user do not know the place of the resource. The users can access applications and data from anywhere. Resources in cloud systems can be shared among a large number of users.^[R03] Cloud computing involves storing data, temporarily or on a more permanent basis, over the Internet. In the last decade, many organizations have turned to cloud solutions for storage or back up to facilitate productivity and save money. “The Cloud” is a concept used to describe the virtual nature of digital storage, which can mean the data are stored on servers physically placed in many geographical locations. Considering the proliferation of cloud storage as a cost-effective way to save large amounts of data. ^[R01]

The data often stored in the private or personal system such as PC. The cloud computing can guarantee the data security and the user do not protect the data by himself again. So the cloud computing must ensure the security of data stored in the cloud system. Many companies provide the cloud-computing platform such as Google, IBM, Microsoft, Amazon, VMware and EMC. As the cloud computing system has more data, which may be the private data of user, the data must not be destroyed or grabbed. Because the data in the cloud system may be important for the user, the hacker may pay more attention to get the data.^[R06] The system must be protected more carefully than the traditional system. The data can be seen by other people who are not person of company. The company must have confidence in the cloud computing if they want to store the private data in the cloud system. The security of cloud computing is the key import problem in the development of cloud computing. The traditional security mechanism cannot protect the cloud system entirely. The main security problems include data security, user data privacy protection, cloud computing platform stability and cloud computing administration. ^[R03]

Security issues related to Cloud, can be partitioned into following four components; 1) physical layer, 2) virtualization layer , 3) service provider layer, 4) user layer. captures security issues at each layer. Now with the perspective of these four components security issues are discussed below.  ^[R02]

 

Service Level Agreements (SLA’s): A big challenge for the Cloud customers is to evaluate SLAs of Cloud vendors. Most vendors create SLAs to make a defensive shield against legal action, while offering minimal assurances to customers. Some important issues, in e.g., data protection, outages, and price structures that need to be taken into account by the customers.

Cloud Data Management & Security: Since service providers typically do not have access to the physical security system of data centers, they must rely on the infrastructure provider to achieve full data security. Even for a virtual private cloud, the service provider can only specify the security setting remotely, without knowing whether it is fully implemented.

Data Encryption: Encryption is a key technology for data security. Once the object arrives at the cloud, it is decrypted, and stored. Is there an option to encrypt it prior to storing? Do you want to worry about encryption before you upload the file for cloud computing or do you prefer that the cloud computing service automatically do it for you? These are options, understand your cloud computing solution and make your decisions based on desired levels of security.

Access Controls: Authentication and identity management is more important than ever.

Energy Management: Significant saving in the energy of a cloud data center without sacrificing SLA are an excellent economic incentive for data center operators and would also make a significant contribution to greater environmental sustainability.

Server Consolidation: The increased resource utilization and reduction in power and cooling requirements achieved by server consolidation are now being expanded into the cloud. Server consolidation is an effective approach to maximize resource utilization while minimizing energy consumption in a cloud-computing environment.

Reliability & Availability of Service: The increased resource utilization and reduction in power and cooling requirements achieved by server consolidation are now being expanded into the cloud. Server consolidation is an effective approach to maximize resource utilization while minimizing energy consumption in a cloud-computing environment.

Platform Management: Challenges in delivering middleware capabilities for building, deploying, integrating and managing applications in multi-tenant, elastic and scalable environments ^[R05]

 

According to Cloud Security Alliance (CSA), following are the threats specifically relevant to Cloud

On one side, it offers an ease to the users and on other, it puts them into greater risk. If partial details of architecture and monitoring logs related to user are shared with user, along with some notification mechanism, it will enable the user to make profile of risk involved. Weak passwords, key loggers and other fraudulent mechanism may cause a user to be a victim of identity theft.  With these vulnerabilities and threats to the Cloud system; Attacker can launch DoS attack by flooding the victim with requests, injection attacks, attacks on virtualization using VM escape or Hypervisor root kits, metadata spoofing, man-in-the-middle attack, phishing, backdoor channel attack. Smart phones come with the features suitable/rely on cloud services. Besides Management of mobility, it creates another dimension of threats to cloud. ^[R08].

Building the users trust on Cloud, and winning their satisfaction is another big task, to accomplish this efforts are needed to enhance users’ awareness about Cloud.

From perspective Cloud provider, processing efficiency and meeting the storage of huge amount of data are the major concerns. The countermeasures against security issues highlighted in this paper are summarized as following. Security must be considered shared responsibility of cloud users and providers. The usage of stronger encryption techniques and security frameworks should not be substituted. Compliance of industry established security standards like PCI-DSS, IPsec, TLS and government regulation like FISMA not only enable to win users trust and satisfaction but also provides a solid foundation. Users’ strict adherence to procedures and controls on both ends of Cloud will strengthen security posture. Intrusion Prevention System (IPS), Intrusion Detection System (IDS), Firewalls can definitely reduce the vulnerabilities to some comfort level. Cloud providers must have business continuity plan and disaster recovery plan to respond to likely and unlikely incidents ^[R09]

 

It is important to conduct a privacy risk assessment prior to signing on to a cloud computing service to confirm the organization will still be in compliance with privacy legislation. ^[R7]

PIA is required to assess risk, and mitigation strategies may include data encryption in transit and storage, data segregation to ensure an organization retains custody and/or control of the personal information, strong authentication and access rules, vendor service levels that provide downtime procedures and data recovery timelines, and the ability to extract the organization’s data at termination of the contract. Cloud service providers should be able to provide audit reports of user access and produce an audit log report if required during a privacy or security investigation. When a cloud service is used by a organization to collect personal information from clients/customers through an online process, this is considered a new collection and will require a consent mechanism. ^[R01]

 

 

03.   Critique

This section represents my own perspective on the improvements, my own reflections, security issues on cloud computing, differences, which are considered about the referenced research papers and articles.

This review paper has discussed on cloud computing and security issues and challenges on cloud computing.

The cloud service providers have a huge responsibility to ensure that the data protection of their clients are established. Cloud providers must increase the physical security on data centers and the logical security about stored data and must reduce the accessing data and managing effort to give a secure and reliable service to the cloud-computing users. Cloud users also have a responsibility to manage their data with cloud technologies in a secure and disciplined manner. In example if cloud users using minimum security level like less strong password they are opening the doors to thousands of attackers to their cloud space.

 

As Cloud service providers mentioned, their rules and regulations, privacy policies and industrial standards should be described to avoid above discussed security issues and challenges on cloud computing to ensure the privacy of organizations’ data which are stored in cloud. According to my studies many cloud providers will not expose their infrastructure to clients. Perhaps the mechanisms they have developed are dynamically changing time to time due to the newest technological updates and security implementations, which are, ensure the cloud data security.

From the studies of some researchers I identified that almost all the cloud providers are providing their service competitively only to the high level of customers. High level of customers means, businesses or organizations that are with high expenditure abilities. These organizations use cloud-computing technologies because of their huge budget on a particular year. They can manage their own team or experts to manage these things technologies. According to my perspective and according to the newest trends of the world cloud computing, this technology should not be a limited one for a specific group it should be an affordable for all in the future because of the advantages for a organizations. In the future cloud service providers should try to reduce the cost for their services and should try to improve the security mechanisms to avoid above discussed challenges and issues.

 

Most of the cloud service providers are trying to educate the society and the industrial experts on cloud computing by providing various kind of educating methods. Most of the methods are high cost, limitations on accessing them and some are not for affordable price for a single person. According to my reflection, these situations should be changed to distribute the advantages on cloud computing to the whole world because this is the future of computing and technological world.

 

 

04.   Conclusion

This review paper has discussed on cloud computing and security issues and challenges on cloud computing.

In briefing the content, Cloud computing is another relatively new technology whereby computing and data storage are not based on one local computer, but accessed via a network such as the Internet

From one point of view, cloud security could improve due to rapidly increasing demand on cloud computing, centralization of data and increased security focused resources. If cloud providers have not done good jobs securing their own environments, the consumers could be in trouble and consumers have their own responsibilities when managing their cloud space. When considering on present cloud computing industry that with the current researches, studies, updating the technology and experiments on security mechanisms in the near future we will be addressed the problematic situations and issues on cloud computing.

 

 

05. References

[ 01 ] Paulette Lacroix, Seana-Lee Hamilton, in Health Professionals' Education in the Age of Clinical Information Systems, Mobile Computing and Social Networks, 2017

[ 02 ] Cloud Computing Muhammad Aamir Nadeem Department of Computer Science, Virtual University of Pakistan M.A. Jinnah Campus, Defence Road, Off Raiwind Road, Lahore, Pakistan

[ 03 ] International Conference on Consumer Electronics, Communications and Networks (CECNet)

[ 04 ] Cloud Computing Security Issues And Challenges Pranita P. Khairnar, Electronics Department, Amrutvahini College of Engineering, Sangamner Prof. V.S. Ubale Asst. Prof. Electronics Department, Amrutvahini College of Engineering, Sangamner

[ 05 ] Cloud Computing: Overview & Current Research Challenges Mohsin Nazir Department of Information Technology, Central University of Kashmir, India

[ 06 ] Cloud-based computing Mehrdad A. Mizani, in Key Advances in Clinical Informatics, 2017

[ 07 ]  Cyberphysical systems in the smart city: challenged and future threats for strategic research Mazen Juma, Khaled Shaalan, in Swarm Intelligence for Resource Management in Internet of Things, 2020

[ 08 ] Archana, R, C. Mythili, and S.Nithya Kalyani, “Security mechanisms for android cloud computing”, International conference on communication technologies India.

[ 09  ]Dinadayalam, P.S. Jogadoowari and S.Gnanambigai “Data Security Issues in cloud environment and solutions” 2014 world congress on computing and communication technologies.Trichrippali,India  

 

 

Thank you for visiting my blog !