Cloud computing, the issues of information assurance from the POV of the cloud provider, or the potential issues for corporate users who decide to outsource their data storage.
Cloud Computing – Issues and Challenges
[Name of the Writer]
[Name of the Institution]
Cloud Computing – Issues and Challenges
Cloud computing and cloud storage are basically two different model or techniques. Cloud computing is an advanced information system which involves some few basic steps which includes; installing sets of remote servers in our environment, so it helps to data source to upload data by using different software. On the other hand, cloud storage is the data storage model having the digital data stored in logical disk. The storage is quite commonly managed and owned by the company. Cloud computing popularity is increasing at substantially fast rate. As its popularity increases, some of concern arises about the security of users’ data. The basic questions arise in user’s mind is how much the data is secure in cloud computing and what are the potential vulnerabilities. .
Cloud computing security Issues
In the domain of information technology, trust is the most fundamental component of any infrastructure. It covers a lot of areas of computation such as security, access control in networking reliability of a system and so on. The main concept of a trust is based on the understanding between two parties involved in any transaction of information. Trust is the key where societies build and make their public relationships to create forward a healthy business environment. The trust in any organization to costumers could be defined as the organization is providing costumers required services, in fact, it’s also direct the costumer’s faith and integrity. Also, it facilitates an efficient security system where can costumer rely on it. Acknowledgment is also containing in trust this prove of agreement between the two parties which means organization and client.
Trust in cloud environment depends on the model of the data, and applications are given by owner’s strict control. In cloud computing, trust can be made by making efficient security policies, which can highlight the limitation on access by an external system including programs and access data by different peoples. As cloud deployment, there are two cases have different security policies; namely, public or community clouds and private cloud.
In public, it may have numbers of risk and threats; on the other hand, private cloud organizes it privately and has fewer security threats which mean that the trust remains with the organization. Perimeter security is a level of physical and programmatic security policies, which have set of protections against the malware and un-authorized entities. Nevertheless, parametric security is not enough so it has to create boundaries between protected and which cannot be trusted. Third-party cloud environment enables trusts by using cryptography techniques to ensure the data is secure. Trust against the third party shows customers’ faith and quality characteristics. TTP provides end to end security services and is a trusted security domain because it’s a main security provider to most of all cloud environments (Ko et al, 2001).
Security Identification of Threats
Security is always a major problem while implementing information system protocols. It is quite important to prevent the threats from harming the user’s data and confidentiality to name a few. Similarly, cloud computing technology also faces same security issue but the biggest security concern is over the transaction of data confidentiality. Fundamentally, ensuring the security of an Information System is to identify the risks as well as the tasks which need to be tested by implementing it by some counteraction based measure in order to prevent it. The basic security prerequisites and introduced security panels in the standard engineering system. The security panel maintains the reliability and authentication of the system so it can counter the threats. Cloud architectural design and it has some of the most promising features. Some of the security benefits include centralization of security, data, and method division, idleness, and convenience. However, as there some benefits also have risks factors. It is mainly because of infrastructures having singular features, so it introduced some typical security tasks. Cloud computing has some characteristics, need to be risk impose in areas where threats arise such as (reliability issues privacy closure and auditing of copyright materials). In cloud computing, the word security is main pillar which surely contains others more important aspects such as privacy, reliability, and accessibility. With these three terms it easy to developed a secure system. The main three keys of security applies in the cloud-computing which makes the security threats to a minimum are secured, data, software and hardware resources. They must use encrypted code to prevent data in transit confidentiality (Shaikh and Haider, 2011).
Confidentiality and Privacy
Confidentiality means an authorized permission for enter and/or access the data. In term of cloud-computing, there are bigger threats in legal confidentiality forms. Usually while talking about privacy in cloud does not only means accessing rights of authorized person(s) to the data but with the growth of this technology on day by day basis, the number of threats is also increasing. The core problem arises when personnel access the data with a different application while putting the data at risk and it may also compromise the data. Multitenancy mentions the cloud individual sharing resources. Resources are shared at system levels, mass level, and relevance. Clients are separated to each other at a simulated level, but the hardware are not isolated. Its architecture is quite commonly designed in such a way its software applications are computer-generated. Multitenancy is well known for its multi-tasking feature in different Operation Systems (OS).
On the other hand, it presents a number of threats too. Entity reusability is the most significant feature in cloud structure. Returnable entities must controlled carefully. Confidentiality and privacy may be breached accidently because of data remanence. Because of isolated hardware and several clients at single cloud structure may cause a leak of private data or may be client claim a large space in cloud storage. Data privacy is connected to client’s authorization. Due to this it helps to keep a client’s account save from instance. Electronic verification may help to create confidence in clients (Zhou et al., 2010). As part of electronic verification of users, identities may prevent the breach of privacy. Meanwhile, if there is the shortage of verification, it could lead to a leak of private information from users’ account. Also, software privacy is important as data privacy so the organization which they are providing software must be well maintained to hold the clients data. Hence, cloud’s users must maintain the trust to the organization. Unofficial access becomes possible if there is manipulation occurred in application it can harm the data privacy.
Integrity is the one of the main pillars of the information systems and infrastructure. Quite commonly, integrity implies that the resources can be changed by verified parties. In the cloud-computing domain, data integrity is a famous term which means to protect the data from an unauthorized access by users thereby controlling the objects and rights. It also provides the initiative to ensure that precious data and services are not mistreated. By avoiding unverified and unauthorized access, companies can attain such methods so they offer greater prospect to determine who or what changed the data which can (hypothetically) affects the integrity of the clients. Verification is one of the main methods in which system decides on what level of access given to authorize users. As part of enlarged number of access points in a cloud, verification is becoming more complicated for ensuring that only verified objects can interact with data and nothing else. A cloud computing supplier should ensure to keep data integrity, and accuracy maintained under any circumstances. The present cloud model has number of threats such as complicated insider attacks on data elements. Also, other software integrity means in order to shield the software from unverified and unauthorized access paths and actions including deletion, adjustment, stealing, manipulation and manufacture, all these factors can be done intended or un-intended. Consider an example of a peeved employee that has intently modified a package to fail when some terms are not met. Cloud computing suppliers apply set of packages that clients can manage and interact with cloud amenities. As revealed threats previously, security of cloud-services varies the security of these very perspectives.
Interfaces of an unverified client and acquirement of the control of cloud service may harm the data as well. In cloud-computing shielding of software integrity is passed on to the software owners; however, the hardware and networks integrity is an extra issue that should have to be discussed with cloud services suppliers (Zhou et al, 2010).
This term is meant when a system is being accessible and working in demand of verified object. System availability contains system capability to continue the operation even when several authorities disobey or malfunction. However, it also possesses the ability to carry on procedures even it has a security breach. Availability quite commonly implies data, software and hardware availability. Hardware is accessible to only verified users. The hardware structure needs a heavy universal network availability. The network is fully loaded with data recovery. The clouds owner requires an assurance that information administering is available to a user on demand. Understanding and authenticating user’s conditions is important to designing a solution.
Authenticating entities has common security requirements and defining the need of the data security and information protection. Both are the most difficult fundamental of information systems design. This multiuser spread in the cloud environment and propose a distinctive task, vary on the level of user operates the application. The protective entities in the circulated system are to confirm the availability of data linked between inside the contributing system and to maintain reliability of data linked in between contributing systems such as protecting the failure or modification of data because of unauthorized and unverified access. Also, retaining the integrity of the facilities is provided by suppliers. Controlling the access of service by ensuring that clients use only USC services is another responsibility of cloud service provider and is verified by cloud service provider. Other aspects include the validation of the identity of connecting partners and suitability to provide protected interworking with non-public systems. Furthermore, it also confirm privacy of data on contributing system and facilitate division of information on computer generated level of cloud to confirm the zero information leakage and continue the same level of protection after adding or removing application. The fundamental goals of an organization are to achieve high availability and avoid single feature to fail, to achieve high availability. It has the functional continuity and idleness. The clients access the cloud both nodes are activate and these nodes promised to give high availability, with any reason one node stops working then second node supports the loads and decreases the downtime on servers (Chaczko et al., 2011).
Trusted Third Parties
Level of Security and Confidentiality
In cloud computing, there are multi-layers of security and confidentiality. By hiring trusted third parties facilities inside the cloud which enables to established the necessary trust level. Moreover, they deliver perfect resolution to protect the privacy, as well as the legitimacy of data. Some security protocols such as IPsec and SSL are widely used security protocols of a cloud. Information security over the system is quite difficult to maintain and is extremely complicated matter. Although, the threats are continuous which in turns increases the data variation along with interruptions. A cloud atmosphere raises complication, so it does not only need security towards clouds but also requires protection between clouds host. The reason behind it is that they do not have much good standard connections. Quite commonly, PKI (Public Key Infrastructure) is used in executing IPsec and SSL protocols for safe networks (Lee et al., 2010).
IPSec is a quite basic and common IP level protocol that allows transferring and uploading the cryptographic security layer. IPsec offers two kinds of cryptographic facilities. Moreover, it works to provide privacy and legitimacy only. IPsec clients are able to verify themselves to use objects with public key infrastructure certificate so that they can enhance their scalability such that only authorized and reliable CA certificate are transmitted to SSL layer protocol. It is because SSL has end-to-end encryption boundary between applications. Apart from that, the TCP-IP etiquettes to give client-server architecture also an encoded interaction channel amid client-server. Because of cloud atmosphere distinctive attributes, interaction is necessary to be protected amid clients and cloud. IPsec can linked with any product but it need IPsec client to install on any device on other hand SSL are pre-install in every browsers so there is no to install any client (Kapadia et al., 2010). Additionally, cloud computing atmosphere endorses the use of homogeneous platforms, but cloud mostly accessed by browsers, SSL may have lots of benefits but IPsec support by compression building more effective. IPsec is most commonly known as encrypting interaction for host-to-host communications on other hand SSL client to cloud interaction.
Authentication at Client and Server’s End
A certification license quite commonly needs to authorize the objects that are evolved in communications such as basic infrastructures of servers, computer-generated server, environment clients and system tools. The public key infrastructure (PKI) authorization is accountable for creating these vital licenses and registering these gives a network protection. Generally authorization of license is mainly due to required strong identifications for all physical and computer-generated objects which are occupied in a cloud environment. Hence, it is obligatory to create a protected domain with some restricted boundaries. Digital signature are the combination of SSO and LDAP thereby leading to successfully applying the effective verification procedure to spread cloud environments and assuring the clients mobility and suppleness. Nevertheless, codes are given through mobiles to verify users’ signing. As the cloud computing has become more common platform to store the data, it has also required more security in authorization methods. Hence, the theoretical limits between companies that own services and outsides services turn out to be uncertain, to avoid this situation they need to accept the Single-sign on method (Jensen et al., 2009).
Users want to deployed application on computer-generated task without repeating verification methods. Each application sustains many passwords but only utilize single solid verification method so they can verified their services across reliable parties. Shibboleth is open-source middleware application which offers web single sign-on through organizational boundaries. This software allows to informed verification middleware for discrete access of secure online properties to preserve privacy.Shibboleth technology depends on a third party to give the information about user’s characteristics. To maximize interoperability between corresponding parties, it is obligatory to accept widely used guidelines security. Assertion Markup Language (SAML) is XML created standards switchingconfirmation and approval of information amid protected domains. Shibboleth system is the Open SAML files which are widely used. Both library and Shibboleth software are developed and released as open source. Shibboleth improves privacy controls and large scale of partnership assistance (Celesti et al., 2010; Ghazizadeh et al., 2012).
Security Domains Creation
Leading alliances, in the relationship with “Public Key Infrastructure, (PKI)” and “LDAP” tools which can lead us to build trust association between involved objects. A partnership is a group of authorized objects that’s shared agreed guidelines and rules for access online assets. Partnership delivers a building and legal framework that allow verification and approval through the different organizations. Cloud structure can be prepared in unique security domains that are open “Combine Cloud” (Suselbeck et al., 2009). They are basically groups of single clouds that can exchange their data and computing properties over distinct interfaces. As said by fundamental partnership principles, every single cloud remains independent but can exchange information with each other.
Authentication via Certificate
Cloud is basically a virtual system consists of many independent domains. The association between assets and clients is more special and active, resources supplier and user are not in similar security domain and clients are commonly recognized by their attributes instead of predefined characteristics. So the old-fashioned identity-based access control models are not active, and access decision need to make on characteristics of users. Certificate delivered by “PKI” resource and can be used for implementing access control in web atmosphere. Such as X.509 certificate, this certificate carries data about users, and this certificate are delivered by authorization of trust center in global web environment. Characteristics certificates comprise a feature value-pair, and they are signed with attribute approval (Jensen et al., 2009). Characteristics based access control, creating access decision-based characteristics of requestors and platform that provides flexibility and scalability that is necessary for a large scale typical system such as cloud (Zissis and Lekkas, 2012).
All in all, cloud computing should have to support unnecessary information flow to a system, so it sometimes benefits when there is a lack of data/information. Cloud delivers quite a delicate infrastructure for organizing architecture, so that it can address different weaknesses of old-fashioned Information System and its infrastructure. Apart from that, it is vital for the information technology experts to have hands-on knowledge of basic as well as advanced domains in this regard. Moreover. Security concern on cloud environment need a comprehensive point of view so that information security personnel can easily developed security plan on the basis of different measure for mitigating security issues by trusted third parties. Combined efforts of PKI, LDAP and SSO, can also deal with most common threats in cloud environment.
Celesti, A., Tusa, F., Villari, M., & Puliafito, A. (2010, June). Security and cloud computing: intercloud identity management infrastructure. In Enabling Technologies: Infrastructures for Collaborative Enterprises (WETICE), 2010 19th IEEE International Workshop on (pp. 263-265). IEEE.
Chaczko, Z., Mahadevan, V., Aslanzadeh, S., & Mcdermid, C. (2011, September). Availability and load balancing in cloud computing. In International Conference on Computer and Software Modeling, Singapore (Vol. 14).
Ghazizadeh, E., Zamani, M., Jamalul-lail Ab Manan, & Pashang, A. (2012, December). A survey on security issues of federated identity in the cloud computing. In CloudCom (pp. 532-565).
Jensen, M., Schwenk, J., Gruschka, N., & Iacono, L. L. (2009, September). On technical security issues in cloud computing. In Cloud Computing, 2009. CLOUD’09. IEEE International Conference on (pp. 109-116). IEEE.
Kapadia, A., Myers, S., Wang, X., & Fox, G. (2010, May). Secure cloud computing with brokered trusted sensor networks. In Collaborative Technologies and Systems (CTS), 2010 International Symposium on (pp. 581-592). IEEE.
Ko, R. K., Jagadpramana, P., Mowbray, M., Pearson, S., Kirchberg, M., Liang, Q., & Lee, B. S. (2011, July). TrustCloud: A framework for accountability and trust in cloud computing. In Services (SERVICES), 2011 IEEE World Congress on (pp. 584-588). IEEE.
Lee, S., Ong, I., Lim, H., & Lee, H. (2010). Two factor authentication for cloud computing. Journal of information and communication convergence engineering, 8(4), 427-432.
Shaikh, F. B., & Haider, S. (2011, December). Security threats in cloud computing. In Internet technology and secured transactions (ICITST), 2011 international conference for (pp. 214-219). IEEE.
Suselbeck, R., Schiele, G., & Becker, C. (2009, November). Peer-to-peer support for low-latency Massively Multiplayer Online Games in the cloud. InNetwork and Systems Support for Games (NetGames), 2009 8th Annual Workshop on (pp. 1-2). IEEE.
Zhou, M., Zhang, R., Xie, W., Qian, W., & Zhou, A. (2010, November). Security and privacy in cloud computing: A survey. In Semantics Knowledge and Grid (SKG), 2010 Sixth International Conference on (pp. 105-112). IEEE.
Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues.Future Generation computer systems, 28(3), 583-592.