“Cloud computing”, the term that is talked about a lot these days, to depict the future direction of information infrastructure, is gaining a lot of attention of both enterprises and academics. With the implementation of cloud computing, a prominent area of a network, including systems, applications and data, will move under the control of a third-party provider. As a result, the responsibilities of security will be shared between the customer and the cloud service provider. It is important that a customer understands what security a cloud service provider offers and what security are they themselves ought to ensure. The research carried out provides an understanding of the distribution of security responsibilities on the customer and the cloud service provider. The issues involved in the security and integrity of data in cloud computing are identified. The security of data at different levels, viz. network level, host level and application level, are discussed in detail. Also, the issues in the integrity of data in different scenarios, viz. data-in-transit, data-at-rest, data while processing etc., are discussed. The research also discusses on the possibility of audit and investigation in cloud.
Cloud computing as such is not a new technology. It is a new epitome for providing computing resources. In order to understand the concepts of cloud computing, it is important to understand other models of computing.
In early days, the computing systems were centralized where all the data processing and storage were done in a single centralized system. Later in early 1980s, the model of Distributed Computing was introduced into world of computing. In this method, the different parts of a program are run simultaneously on two or more computers that are communicating with each other over a network (Sheehan, 2008).
In mid 1990s, the concept of Grid was introduced by Ian Foster and Carl Kesselman. According to them, “A computational grid is a hardware and software infrastructure that provides dependable, consistent, persuasive and inexpensive access to high-end computational capabilities” (Foster & Kesselman, 1999). It provides resources on demand (RoD) (Yang et al., 2003). The Globus Toolkit is an open source software used for building grid systems and applications (Rittinghouse, 2009).
As the systems become more interconnected and diverse, it becomes difficult to anticipate and design interactions among the different components and it is left to be dealt with during the runtime. As the systems become more and more complex, it will be hard to make timely, critical responses to varying demands. By the year of 2001, Paul Horn, Senior Vice President of IBM Research proposed a new model of computing called the Autonomic Computing as a solution to this scenario. He defined it as an approach to self-managed computing systems with a minimum of human interference (Kephart & Chess, 2003).
In Utility Computing, customer is provided with computing resources and infrastructure management by a service provider (Sriraman et al., 2005). Utility computing is defined as a virtual pool of resources which can be provided dynamically to meet the changing needs of an organisation.The resources can be placed anywhere and handled by anyone. The resource usage can be tracked and billed down to the level of an individual user or group (Murch, 2004).
Cloud Computing is often confused with all the different models of computing described above. There is not yet a complete definition for cloud computing. Many experts have come up with their own definitions for the cloud computing. Geelan (2009) provides the definition of cloud computing by twenty one experts. Cloud computing is a combination of technologies like grid computing, utility computing, SOA, Web 2.0 and other technologies. The key attributes of cloud computing (Mather et al., 2009) include multi-tenancy (resources are shared among different users), massive scalability (ability to scale bandwidth and storage), elasticity (users can increase or decrease the computing resources according to the needs), pay as you go (pay only for the resource used and only for the time it is actually used) and self-provisioning of resources. According to IDC, cloud services are expected to rise at a compound annual growth rate (CAGR) of 27% and reach $42 billion by 2012 (Mather et al., 2009).
Companies like Google, Microsoft and Amazon are strongly promoting cloud computing. But according to Richard Stallman, Founder of GNU Project, cloud computing is a trap that drives people to purchase locked proprietary systems that would cost them more over time. He tells that the reason for not encouraging such technologies is that you lose control on your computing (Johnson, 2008). Also, Larry Ellison, co-founder and CEO of Oracle Corporation, tells that cloud computing is simply a latest fashion. He tells that there isn't anything that is not cloud computing referring to all the announcements made (Farber, 2008).
2. Cloud Computing Concepts
Cloud computing has two different meanings. First is the use of any commercial service delivered over the internet in real time from storage to web applications. The second meaning of cloud computing describes the architecture and technologies necessary to deliver cloud services, a combination that varies widely depending on the service being delivered.
The Cloud Service delivery model is referred to as SPI and the computing services are categorized into three. These include Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) (Mather et al., 2009). SaaS providers deliver applications through the browser to thousands of customers using a single software instance. SalesForce CRM, Google Apps, NetSuite CRM, Microsoft Office Web applications etc. are leading examples. PaaS offers environments where programmers can build and deploy applications without having provision to hardware or software. Microsoft Azure Services Platform, SalesForce Force.com, Google App Engine etc. are examples. IaaS provides storage and computing resources on demand. Amazon EC2, Flexiscale and Rackspace Mosso are examples of these services.
To deliver cloud services effectively, the providers should have a service oriented architecture (SOA) with an infrastructure that uses data centre automation and either grid computing or virtualization to provide dynamic scalability.
There are four Cloud Service Deployment and Consumption Modalities viz. Private (Single tenant environment; the physical infrastructure owned and managed by the organisation or the service provider and located in datacentres of the organisation or in that of a service provider respectively), Public (physical infrastructure owned and managed by the service provider and located within the provider's data centres), Managed (physical infrastructure owned and managed by the service provider but located in the organisation's datacentres) and Hybrid (combination of public and private cloud offerings). As an example, one could classify a service as IaaS/Public, for e.g. Amazon's AWS/EC2, as well as SaaS/Managed, for e.g. Eucalyptus (Cloud Security Alliance, 2009).
3. Security of Data in Cloud
Some of the benefits of cloud computing include lower IT costs, reduced complexity and faster disaster recovery. As we move from traditional computing model to cloud computing model, the customer's level of control decreases and the cloud service provider (CSP)'s level of control increases. The security of cloud is a responsibility shared by the customer and the CSP (Cloud Security Alliance, 2009). It is important for the customer to understand what security a CSP provides and what security are they themselves ought to provide. It is essential that organisations develop powerful monitoring frameworks to ensure that the cloud service levels and contractual obligations are fulfilled (Mather et al., 2009).
There are different threats or challenges posed by cloud computing in securing the IT infrastructure of an organisation at the network, host and application levels.
CSPs do not promise the responsibility for the data stored in their infrastructure. They define the services rendered in service level agreements (SLA) which are included in the online contracts (Cloud Security Alliance, 2009).
3.1. Security at Network Level
If an organisation chooses to use a private cloud services, then all the security tools in place remain and operate in the same way. But this is not the case when choosing a public cloud service. There are different risk factors involved which are detailed below.
Ensuring data confidentiality and integrity:
Resources and data which were held in a private network are exposed to the Internet and to a shared public network of a cloud provider. It is the responsibility of the customer to use secure protocols like HTTPS to ensure the integrity of their data in transit. Amazon Web Services (AWS) security vulnerability reported in December 2008 is an example of problems associated with this risk (Matheret al., 2009).
Ensuring access control:
Customer will have reduced access to data and network logs. Also, there is a limited ability to conduct investigations and collect forensic data. The issue of “non-aged” IP addresses and unauthorized network access to resources is an example of problems associated with this risk. It is the responsibility of the CSPto address this issue. Amazon EC2 uses Elastic IP addresses. The customers are given a block of five routable IP addresses over which they control assignment, thus addressing the issue of IP address reuse (Mather et al., 2009).
Ensuring availability of Internet-facing resources:
BGP prefix hijacking is an example of this risk. This involves announcing an autonomous system address space that belongs to someone else without their permission. This often occurs as a result of mistakes in configuration. The widely known among such a mistake is the one that happened in February 2008. Pakistan Telecom made a mistake by announcing a dummy route for YouTube to its own telecommunications partner, PCCW, based in Hong Kong. The intent was to block YouTube within Pakistan. But the result was that YouTube was globallyunavailable for two hours (Mather et al., 2009).
With the increase in the use of cloud computing, the availability of cloud based resources is of more value to customers. This introduces the risk of greater malicious activities to peril that availability. Attacks like DNS attacks, denial of service (DoS) attacks and distributed denial of service (DDoS) attacks are areas which are still there to be taken care of.
3.2. Security at Host Level
Virtualization security threats like VM attacks, system configuration drift and insider threats by way of weak access control to the hypervisor exist in public cloud computing environment. In SaaS and PaaS, host security is the responsibility of the CSP. It is the responsibility of the customer to get assurance from CSP and ask them to share the information, on how they manage host security, under a nondisclosure agreement (NDA) or via a controls assessment framework like SysTrust or ISO 27002 (Mather et al., 2009). But in IaaS, it is the customer who is responsible for host security (BriefingsDirect, 2009).
3.3. Security at Application level
Application level security threats include cross-site scripting (XSS) attack, SQL injection, malicious file execution, and other vulnerabilities resulting from programming errors and design flaws. It is the responsibility of the customer to ensure that the web applications deployed in a public cloud are designed so as to account for these risks. Security must be included in the Software Development Life Cycle.
Depending on the cloud services (IaaS, PaaS or SaaS) and SLA, the scope of security responsibilities are shared among the customer and the CSP.
SaaS providers are responsible for the security of the applications and components they offer to customers. Customers are responsible for operational security functions like user and access management. Customers request information on the security practices employed by the CSP under an NDA.
PaaS providers (e.g., Google, Force.com) are responsible for the security of the platform software which consists of the runtime engine. PaaS applications sometimes make use of third party components or web services. Hence the third-party application provider is responsible to ensure the security of their services. CSPs do not share the information relating to security of platform services as they consider this as critical and could make it easy for hackers. However, customer should demand transparency from CSPs and get necessary information to perform risk assessment and ongoing security management (Mather et al., 2009).
4. Integrity of Data in Cloud
Integrity of data means that the data has not been modified in an unauthorised way or by unauthorised people. Data integrity in cloud should be considered in various scenarios. Data must be secure while in transit, at rest, while processing etc (Mather et al., 2009).
Security of data in transit means keeping confidentiality and integrity. CSPs may not provide any mechanism to protect the data in transit. It is the responsibility of customer to ensure confidentiality and integrity of his data. Use of encryption can keep the data confidential (in theory) but integrity cannot be guaranteed. So one must use protocols for secure communication between customer and provider like SSL, HTTPS, etc (Mather et al., 2009).
In (Feng et al., 2009) we can see the security gaps in data at rest. They take the case of Amazon AWS and analyse its measures to provide integrity for stored data. Protocols like IPSec and SSL can provide secure data transfer and these are used in cloud computing environments now. But keeping the integrity of the data stored in a cloud premise is extremely important. The customer will not be able ensure that a data which he/she received from the cloud is the same as that was intended to receive. It is the responsibility of the CSP to take care of this issue. (Feng et al., 2009) had found that there are no safe guards in Amazon AWS to provide data integrity and they suggest one model which ensures the same. (Mather et al., 2009) suggests that the encryption of data at rest can ensure its integrity. But in a real cloud environment, vendors are not promoting encryption of stored data as it would prevent indexing or searching of data.
Data while processing:
If the data is to be processed for any application, it must be in its pure form without any encryption. So, to provide integrity of a processing data, some other measure than encryption has to be implemented. As a result, the data in cloud is encrypted only when it is stored and not while processing.
Even if the data in cloud is removed or erased, a residual of the same may remain. As a result, the data related to a particular organization may be unintentionally exposed to an unauthorized party (Mather et al., 2009). It is the responsibility of the CSP to handle this. But, the care that CSPs take on this issue is noticeably low. Most of the times, the case of data remanence is not even mentioned in the SLA. This should be questioned by the customer.
There are risks of malicious attacks from inside and outside of the cloud which can corrupt the data at rest or the processing data. It can be somebody within the CSP's organisation who is interested in a particular customer's data. Also unauthorised modification of data can happen if some software malfunctions. Data breach which occurred in Google Docs in March 2009 is an example associated with this risk (Shankland, 2009). Additionally in a cloud model there are many customers storing and processing their data using the same physical infrastructure. So some kind of data leakage can also result in losing data integrity (Cachin et al., 2009).
5. Auditing in Cloud
Audit and compliance have a major role in every outsourcing relation. If we take the case of cloud, it is very important to conduct an external audit as the customer has no direct control over it. Auditing is done to ensure that the cloud provider is consistently following those policies, procedures and processes, which are put into practice by the customer, to meet their business requirements. The audit functions can be handed over to a third party whom the customer as well as provider trusts. Before conducting audits on a cloud, the customer must identify what are the expectations of his/her internal audit department and what are the expectations of the external auditor with respect to meeting the internal expectations. The first thing a customer needs to include is the ‘right to audit' (RTA) clause in the contract with the provider as in every outsourcing contract. This allows the customer to audit the provider for various assurance reasons. Also, the scope of RTA must be well defined (Mather et al., 2009).
Now turning to the reality, it is seen that conducting an audit in a cloud environment is a very difficult task. Since cloud is a multi-tenant and shared logical environment, auditing without breaching the confidentiality of other customers is difficult. The solution to this problem is to stick to a standard such as ISO 27001 or using SAS 70 (Type II) audit guidelines (Mather et al., 2009).
(Cloud Security Alliance, 2009) mentions various audit challenges in a cloud environment. If we take the case of a customer using a cloud service, their data may be somewhere in the provider's infrastructure, may be spread across different physical locations. Also multiple copies of the same data may exist across the cloud. This challenges the audit capabilities of cloud. Also there must be standard framework for cloud to carry out an audit. The SLA must be considered for the purpose of audit. Conducting an external audit by a third party can reduce the cost and burden on customer. But an external audit driven by a cloud provider need not meet the requirements of a customer.
Finally, the services of a cloud provider must be transparent to customers in order to understand the infrastructure and to conduct an audit. But providing such a transparency is not possible in a cloud environment. The reasons (multi-tenant and shared logical environment of cloud) are discussed earlier in this section (Chow et al., 2009).
There are several products in market which provides security assurance to customers using cloud service from any established provider. HP Cloud Assure is an example. It is a monitoring and testing tool which offers an end to end solution which performs risk assessments and identifies vulnerabilities (HP Development Company, 2009).
(Cloud Security Alliance, 2009) expects that the ability to audit and maintaining compliance while using cloud services can be achieved through the implementation of specific standards. It depends on the maturity of an organisation's security plan. HP says that they go through external audits on a regular basis and are expecting to get ISO and SAS 70 type II certificates (BriefingsDirect, 2009).
6. Investigation in Cloud
Investigations are to be carried out if any kind of security breach occurs. Also if a customer faces any kind of illegal activity from the part of a service provider he/she can file against the provider in court. In that case the customer may have to carry out a law enforced investigation. In either case access to the cloud infrastructure, logs, data, physical devices etc of the provider may be needed.
As we saw in previous sections, cloud is not providing transparency of its infrastructure and internal controls to its customers. A customer or a third party will not be able to access the logs and do data collection and so forensic investigation is very difficult in a cloud environment (Mather et al., 2009). This is also mentioned in (Chow et al., 2009) that a forensic investigation may involve seizure of devices and performing detailed analysis on that. But this is not possible in cloud as it will seriously affect the services of other customers.
From the above discussion it is evident that a cloud provider may not allow carrying out an investigation if a need comes. One solution can be mentioning, the right to carry out investigation when and where required, in the SLA.
7. Conclusions and Future Work
The research explored the key issues of data security and data integrity in cloud computing. One of the key security concerns in cloud computing, Who is responsible for the security and integrity of data in cloud?, has been answered by clearly identifying the responsibilities on the part of customer and the cloud service provider in different scenarios. The limitations of a customer audit on cloud have been identified. It is evident from the research that to ensure efficiency and compliance, cloud providers should implement an internal monitoring process together with an external audit process using regulatory standards like ISO 27001 or audit frameworks like SAS 70 (Type II). From the research conducted, a gap in the field of encryption has been identified. There is a lack of encryption scheme that allows data to be processed without actually decrypting it so that in an environment like cloud which is multi-tenant, complete security of data while processing can be ensured. IBM researcher, Craig Gentry, has come up with a solution to this issue which he calls “privacy homomorphism” or “fully homomorphic encryption” (Gentry, 2009). Research is still going on in this area. A true solution to this issue can be a boon to the world of Cloud Computing.
I wish to acknowledge University of Derby for providing Athens resources which has been really helpful for the successful completion of this research. I would also like to thank Mather, T., Kumaraswamy, S. and Latif, S., authors of the book Cloud Security and Privacy, which has been a very useful reference for this research.