This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
The purpose of this review is to examine the basic security problems occurred of cloud computing data and potential solutions of security problems towards the cloud computing data. With this preliminary review, we get to understand more about the security concerns of cloud computing, while cloud computing is often seen as increasing security risks, introducing new treat factors and even improving on the security responsibility in this shared environment. With the rapidly development of cloud computing environment, security becomes a top priority and more important. The objective of this report is 1) to understand on cloud computing development 2) to examine the basic security problem occurred of cloud computing 3) to analyze the potential solutions for security control towards the cloud computing. The report is presented and described the following objectives; cloud computing, the security, SaaS, PaaS, Iaas, internal cloud, external cloud, hybrid cloud.
Cloud Computing is the new world function and delivery model for IT services. It gives organizations the opportunity to increase their service delivery efficiencies and serve IT services with dynamic business requirement. It represents a shift in thought that end user need not know the details or information of specific technology. The Service is managed by the provider. User can consume services at the rate that is established by their particular needs. This demand can be provided at any time (Michael Gregg 2010). During the past decade, Cloud Computing offers the ability on distribution within the Internet and providing support with capacity to develop new and innovative services. In this new world of Cloud Computing, users are universally required to accept the premise of trust. In the Cloud environment, users who access Computing power will not know the exact location of their data or the other sources of the data exactly stored with theirs sources. The data you can find in a Cloud related to public source, which has the security concerns, to private data containing highly sensitive information such as social security numbers, medical records, or shipping manifests for hazardous material (Kaufman LM. 2009, p.61).
Cloud Computing has been widely known as the use of a collection of distributed services, applications, information and infrastructure comprised of pool of computer, network, information and storage resources. These components can be rapidly provisioned, implemented, and decommissioned using an on demand utility like model of allocation and consumption. Cloud service delivery models are Software such as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) (Nils Puhlmann and Jim Reavis 2009, p.15) and Brodkin (2008), stated that Cloud Computing represents a level of risk assessment in areas such as data integrity, recovery, and privacy, and an evaluation of legal issues in areas such as e-discovery, regulatory compliance, and auditing. Amazon and Google's are examples of Cloud Computing, which Gartner explains these examples as a type of Computing in which massively scalable IT-enabled capabilities are delivered 'as a service' to the customers to use Internet technologies.
The purpose of this review is to examine the basic security problems occurred of Cloud Computing data and to analyses the security controls and defenses towards the Cloud Computing data. With this preliminary review, we get to understand more about the security concerns of Cloud Computing, while Cloud Computing is often seen as increasing security risks, introducing new treat factors and even improving on the security responsibility in this shared environment.
2. Examine Models of Cloud Computing
Buyya et al. (2008) stated that a shift to Cloud Computing was affected many different categories in computer evolution for example software companies, internet service providers and hardware manufacturers. It's easy to see how the main software and internet companies will be influenced by a shift. However, it's difficult to understand how software companies in the internet and hardware manufactures will be affected.
In the previous years, information was stored in paper files or storage and delivered in person or through internal mail systems. Nowadays most data is stored on computer servers outside. User immediately have their own physical control and shared among people, international and organization with many sources via new challenge tools such as email, websites, and social networking. A main key of Cloud Computing is that information storage and the unlimited by space.
Thus, an organization should responsible for managing the data center which related to the country's law, the security of the data center such as the documentation on security program that protects confidentiality, integrity, and availability of data and systems and including to configuration, patching, incident response, and business continuity management (Microsoft Perspective 2009).
à¹€à¸žà¸´à¹ˆà¸¡à¸›à¸£à¸°à¹‚à¸¢à¸„à¹€à¸Šà¸·à¹ˆà¸à¸¡à¸à¹ˆà¸² à¸¡à¸µ cloud à¹à¸šà¸šà¹„à¸«à¸™à¸šà¹‰à¸²à¸‡
2.1 Internal Cloud.
The internal Cloud occurs within a single organization, allowing them to virtualized infrastructure and in-house services. The premise is internal infrastructure including server administrator, networks, storage and applications will be connected and virtualized, which allows it to move things around in a way to maximize efficiency. This is different from a simply virtualized situation in that it allows a higher efficiency of automation and even a chargeback capability for the other businesses (Be, know, do: Top Four Cloud Computing Model 2010).
2.2 External Cloud or Public Cloud.
It is any Computing service that can be sent to end users, in which Computing resources are dynamically provisioned and delivered over the Internet. Public Cloud Computing has its roots in utility Computing but employs virtualization and SLA-based resource provisioning to create an Cloud environment in which application can be protected. This Cloud model uses an external service via a Cloud provider, and access by the organization via the Internet. This is the most effective way to utilize the Cloud. However, the security is still the big concern for the using of External Cloud (Be, know, do, about Cloud Computing Type of Cloud 2010).
2.3 Hybrid Cloud.
The Hybrid Cloud is often useful for achieving and for backup functions and allowing local data for replication. Hybrid Cloud requires more IT management. Many businesses provide rules-based solution that support simplified management across the resources and it allows organization to develop customized solution the balances cost benefits with security and other concerns. Hybrid Cloud model mixes the internal Cloud hosting and the external Cloud hosting (SNIA 2010).
In Be, know, do: Software as a Service (SaaS) Model (2010) stated that Software as a Service (SaaS) is very useful for specific type of business. Even though users can easily work in most enterprise settings, there are certain requirements SaaS would make it undesirable for some businesses. There are some advantages and disadvantages can be examples which are Powerful Internet Connection, although the internet connection online is available almost everywhere. However, some areas can't provide strong internet connection and SaaS is able to load everything in the browser, Increased Security Risk SaaS has increased security concerns if compared to other platforms because of its function with different users, and Load Balance Feature, one of the challenges of the business world and SaaS applications is load balancing. Although many industries offer load balancing, it will still require consistent monitoring from businesses.
How about PaaS and IaaS?
3. Cloud Computing Challenges
The challenges of Cloud Computing have been well documented and known over the past few years. There are some points of challenges that perceived by end users represented below. While many of the challenges are true technology barriers and others are simply perceptions issues that companies will need to work internally before a Cloud solution can be adopted (Be, know, do, about Cloud Computing Type of Cloud 2010).
à¹€à¸žà¸´à¹ˆà¸¡à¸›à¸£à¸°à¹‚à¸¢à¸„à¹€à¸Šà¸·à¹ˆà¸à¸¡à¸à¹ˆà¸² à¸¡à¸µ cloud à¹à¸šà¸šà¹„à¸«à¸™à¸šà¹‰à¸²à¸‡
3.1 The transition from Private Clouds to Public Clouds
The transition from the machines in the corporation of datacenter to the machines in the public Cloud is the most important operational requirement for utilizing both public and external Clouds. When you want to extending capacity of Computing to the public Cloud, user can require the same simplified setup, configuration and tear-down of virtual compute resources within the public Cloud in datacenter. Users must provide a clear path, both technical way and business perspective in getting from private to public Cloud (Be, know, do, about Cloud Computing Type of Cloud 2010).
3.2.1 User Authentication and Authorization
The effective point to ensure users are authenticated when using browsers to access their required services in the Cloud environment is to facilitate an additional authentication factor outside of the browser. It is essential for multiple factors authentication, but the options now are limited when considering scalability and usability for the requirement. Many journals such as "Strong User Authentication On the Web", discussed on "strong" user authentication for end users in the Cloud and an architectural perspective on many capabilities that is one strong authentication system (Dieter Gollmann 2010)
3.2.2 Data Security
Most companies are concerned about security of their corporate data in the public Cloud environment. A key obstacle to Cloud Computing is the security of the data while being transported to the public Cloud and while inside the Cloud. Most public Cloud providers do not guarantee the security of the data while being transported to the public Cloud or while inside the Cloud (Be, know, do, about Cloud Computing Type of Cloud 2010).
3.2.3 Data Transport
Armbrust et al. (2010) have emphasized that it's for data to address in many places within the Cloud and convenient to the users. However, this distribution also has a downside in legal, governance, risk, or compliance concerns, and risks to businesses that provide Cloud services and end-users. Some of the risks with Cloud Computing associated will be familiar to responders who must consider various legal jurisdictions, including international concerns regarding the physical and logical location of data. Data that addresses and was sent to various servers may have been replicated to systems in other countries with different laws.
3.3 Application Performance
Every application is designed to fulfill some purpose such as an order management system, flight reservation system. The way to implement the function of the application, certain attributes needs to be address for example, with the order management system, transaction and locking system may be critical to the application. It means Cloud storage might not be suitable for this purpose. Determining any application is one challenge in determining whether an application is suitable for the Cloud (Cantry Darryl 2009).
3.4 Memory Limits
The public Cloud providers may have Gigabyte limit memory on the machines. However, when users need to running specific workload on large memory machines, the Gigabyte memory limit could possibly pose a problem. It is up to the virtualization vendors such as VM Ware and Citrix to increase the GB memory limit to serve the service (Be, know, do, about Cloud Computing Type of Cloud 2010).
3.5 Software License
There are many number of software licensing models that make integration of software packages the biggest challenge when evaluating them for Cloud Computing. Moreover, calculating the cost of licensing for software was even more of a challenge. It may be that a new licensing model takes into consideration the Cloud Computing and virtualized environments (Be, know, do, about Cloud Computing Type of Cloud 2010).
4. Security Problem of Cloud Computing
Cloud applications online or using Internet services online is being known as the new technology in the Computing world. It has potentially revolutionized the way people are using the computers. In this model resources such as software and storage space are shared among the users to minimize costs and make Computing more efficient. (Josiee Koscis 2010).
Hanna (2009) emphasize that Therefore, many companies, small middle-sized and even large enterprises are interested in Cloud Computing. As a result, all of these potential users should give their interest in Cloud Computing security. A good point for assessing the risks in Cloud Computing is identifying the existing risks that Cloud users from individuals to the largest companies and even governments encounter
4.1 Legal requirements of jurisdiction and Regulatory Issues
Cloud Computing raises many legal and regulatory aspects. Firstly, export of data out of a jurisdiction may be restricted. If such export is addressed, which jurisdiction's rules apply in case of conflict and the one is liable for errors such as breaches of security. These issues must be focused for any sensitive applications of Cloud Computing.
Service providers have not done on giving a good explanation which jurisdictions they put data in and what legal requirements the service user really must. The service consumer needs to ensure that the provider does not violate or break any country's rules for which the consumer may be held accountable and responsibility (Jeff Vance 2010).
4.2 Failures in Provider Security
In a Cloud environment, all security depends on the security of the Cloud provider. They control the hardware, database software, etc. on which data is stored and applications are run.
User may gives control to the Cloud Computing provider on some issues which may have affected to the security. At the same time, SLAs may not offer the commitment to provide such a service on the part of Cloud Provider, in consequence, this case leave a risk gap in security defenses (Daneiele Catteddu and Giles Hogben 2009, p.9).
4.3 Data Protection
Cloud Computing is globalised and no borders among the users. Computers are used for processing and storing of user data and ICT network infrastructure can be located anywhere, depending on where the capacities are available for the ICT tasks in accordance with resource management in the global computer networks used for Cloud Computing. When the Cloud is shared among users, if barriers between customers break down, one user can easily access another user's data or interfere with their applications. However, Some Cloud service providers for example, Amazon, Google offer customers the option of choosing certain availability zones. The customer's data then remains within the selected zone of their own (Ursula Widmer 2009).
4.4 Integrating Provider and Customer Security Systems
Hanna (2009) has described that many Enterprises and Businesses have spent decades developing a specific directory and other components of their security structure such as incident detection and response, etc. Cloud providers must integrate with these systems or learn on the bad experiences. While there are proprietary solutions to these security problems, open solutions are easier to integrate with Cloud providers and existing systems. Therefore, the Businesses must gain more understanding of the security available through these open technologies.
4.5 Reliability Issue
The most important component of reliability is a successful backup strategy. With Cloud Computing systems such as AppLogic providing successfully reliable storage as part of the package, many users are attempted to skip backup. However, data has loosed and may resulted unexpected downtime that can result not just from failures, but also software bugs, human error, or malfeasance such as hacking. If the user does not have a backup, the system will not be in function for a long time and this applies equally to Cloud and non-Cloud solutions. The advantages of Cloud solutions is that there is not expensive and it provides large storage facility together with the Cloud Computing offering which gives you a convenient place to store your backups in parallel. The Cloud is only usable through the Internet so Internet reliability and availability is essential. (Eric Novikoff 2008)
4.6. Employee Training
Koscis (2010) described that the service providers have to offer high level and effective at training to their employees. This is an excellent challenge in securing the data to the poorly trained employees that become the weakest link in a technology business like Cloud Computing
According to the survey regarding organizations' attitudes and behaviors related to IT risk management from the Information Systems Audit and Control Association (ISACA), It's found the top three high risks in which employees contribute risk to business are Not protecting confidential work data appropriately (50%), Not understanding IT policies (33%) and Using non-approved software or online services for their work (32%)
As from the survey above, proper training is essential to reducing risks to businesses. As the Cloud Computing grows rapidly, organizations should support and manage their employee training while more responsibility should be placed on IT professionals (Holbrook 2010).
5. Potential Solutions of Security Problems
5.1 User access
The organizations should have the ability to securely monitor and log user access in Cloud applications and extends reporting capabilities to retain control and visibility over users accessing business tools (Be, know, do, Integrated Cloud Computing & Compliance for Arcsight 2010).
5.2. Regulatory compliance
Storing and processing data is valuable for data protection issues which need to be addressed in order to avoid users breaching applicable regulations. The business provider should the service agreement terms to ensure compliance with applicable data protection law or to give importance to the issues of data export restrictions, monitoring data handling, multiple jurisdiction and industries regulations (Be, know, do, Integrated Cloud Computing & Compliance for Arcsight 2010).
5.3. Data location and security
Data is often the most important of a company's assets, and it must be protected and need to be alerted. For example, to require strong authentication on application, data can be transferred to only known parties or for user login or password access, the business provider can consider who manages the authentication server and whether it is under the company's rule or Cloud's provider control (Charles J. Kolodgy 2009) .
The company provider should analyze how the data are cracked and replaced by many times and should discuss how to protect and recover the Data. For example, now MD5 has been proven that has been attacked, use the strong technique such as SHA-256 (Daniel Fremberg 2003).
5.5. Long term viability
The company should have some assumption that if in case the company has been taken over or terminate the business, the business should consider on how these data be continually protected or secretly destroyed because the Cloud Computing model has been changed to other business or disappeared. (Robert Lesser 2010).
This report has explored current thinking, development and point of views in the field of the business applications or processes to the Cloud that organizations and user may experience changes to establish IT organization. The Cloud provides many potential advantages such as hosting, networking, application development, and security improvements. There appears to be that there are many differences between the old IT organization and the new IT organization, and organizations should consider these differences in business planning and risk management. The literature indicates that the businesses should responsible for all aspects of its people, processes, and technology such as the hardware, licenses the software, the security the data centers. Moreover, the user should also be alerted and be aware for the security when getting into the cloud computing services.
à¹€à¸žà¸´à¹ˆà¸¡à¸à¸µà¸à¸ªà¸±à¸ à¸›à¸£à¸°à¹‚à¸¢à¸„ à¸-à¸µà¹ˆà¹€à¸à¸µà¹ˆà¸¢à¸à¸‚à¹‰à¸à¸‡à¸à¸±à¸šà¸Šà¸·à¹ˆà¸à¹€à¸£à¸·à¹ˆà¸à¸‡ à¹€à¸žà¸·à¹ˆà¸à¹ƒà¸Šà¹‰à¸ˆà¸š à¸«à¸£à¸·à¸à¸-à¸´à¹‰à¸‡à¸-à¹‰à¸²à¸¢à¹ƒà¸™ conclusion