Literature Review
Discuss about the Data In Cloud Computing Using Encryption Algorithms.
The cloud computing technology has changed the way that organizations store, use and share their applications, data and workloads which has resulted in various security threats and challenges. The particular cloud environment becomes a target for every attackers as a number of services are hosted by the cloud which involves transfer of information to the public cloud services. The procedure of protecting the data becomes more complex for the cloud environment as the utilization of cloud services increases [7]. One important factor that needs to be considered is that the cloud services need to be protected from not only the cloud service providers but also the prospective users who are using the cloud network. A number of security threats of cloud computing have been mentioned in the report below. The report also mentions the preventive methods for the particular security threats conclusively.
- Research Problem
The landscape of modern technology has been completely revolutionized by cloud computing. It has changed the way that organization operate and has provided them with a huge number of advantages. The research problem revolves around the privacy and security issues which are faced by cloud computing on a daily basis and proposes certain preventative methods for addressing the mentioned issues.
- Research Justification
Cloud computing issues have been previously discussed in other research papers but the justification of this particular research paper is that the topics are all relevant to the current scenario and not hypothetically based.
The procedure by which the resources of IT are collected through certain tools (web based) of the internet and not from a directly connected server is known as cloud computing. Instead of a local physical storage device, the information is saved in a remote database which is cloud based. The cloud computing technology can be widely differentiated into three types: SaaS, IaaS and PaaS.
The cloud computing technology has proved itself to be one of the most innovative technology of the modern era. Just like any other technology, it has its own share of advantages as well as disadvantages. Large organizations such as Amazon and Google use cloud computing services on a daily basis [9]. It provides other organizations the benefit of setting up innovative infrastructure at a reasonable cost, but comes with several security and privacy issues.
There are several applications of cloud computing which are used by organizations to manage, acquire and maintain an IT infrastructure effectively. Cloud computing is also used in private as well as hybrid cloud environments. Instead of setting up additional manpower and physical assets, cloud computing is used in several scenarios for development and test purposes [1]. For analysing and extracting customer information, cloud computing is often paired with big data technology. The technology is used for accessing information from virtually anywhere. It is also used in disaster recovery and remote backup systems.
Overview of cloud technology
Cloud computing has its own share of security problem and challenges that are mentioned below.
The first security challenge of cloud computing technology is its integration with shared technologies. The infrastructure, applications and platforms are all shared in a cloud environment by the service provider. Due to the shared environment, one single security breach can compromise the entire cloud network [17]. The security attack can potentially affect the CPU caches, shared storage and database services which are present in the same network. One of the reason for this security issue is improper defensive processes of the network system.
The next security problem of cloud computing is DDoS attack. This security challenge is an application level attack and has the capability to compromise web servers as well as database vulnerabilities. Without completely shutting the system down, the DdoS attack sends a bunch of automated requests which damages the cloud based services [2]. The attackers have kept up pace with the security developments of the cloud technology and have improvised their sophisticated methods to conduct these attacks.
Next, comes the security threats from the data loss security factor. A minute chance of data being intercepted by an unscrupulous attacker or a user is always present whenever a user uploads information into a cloud environment. This can result in the loss of millions of dollars for the prospective organization. Last year, the data loss factor has resulted in the loss of around $4 billion for organizations as per the reports claimed by Health Information Trust Alliance.
Next, comes the security threat from Advanced Persistent threats or APTs. These threat carries out its malicious operations in a parasitic form and are very hard to detect.
Another serious security issue of cloud computing is the threat from insiders. In an organization, several employees get access to the cloud network. If an employee decides to leach vital information from his or her company to another competitive company, then it can cost the primary company millions of dollars in damage. The user can also cripple the entire cloud network and can manipulate the data according to his wish [10]. These threats are common where the proper encryption processes and monitoring systems are not followed.
Another threat comes from eavesdropping on compromising and financial information. These particular individuals can hijack a number of accounts and cause a number of damage to the system. These threats are common where multifactor authentication is not carried out properly. The attackers can distribute pirated software and send malware into the system through the exploit.
Relevant technologies and applications of cloud computing
The employees of an organization are provided with the correct authentication and verification system so that each employee gets the proper amount of access information. Even when some employees leave the organization, these verification systems are not removed [16]. These individuals can then obtain credentials and steal valuable information for illicait purposes.
Insecure APIs are another critical security threat for cloud environment. There is always a dilemma that cloud service providers have to face in providing services to millions of users and providing proper security so that these anonymous users cannot do any damage to the cloud environment. To address this issue, the application programming interface was created to provide a determination method in which a third party determines verification method of device access [15]. For this reason, OAuth (a collaboration between Twitter and Google to create a authorization service) was created. Security experts have recently warned that not a single API that is present in the market today can provide 100% security to their cloud environment. An argument against this states that APIs are necessary for providing proper encryption access, activity monitoring and authentication systems. This prevent other users to gain access of the system from a pubic server [5]. But, APIs nowadays are easier to exploit as they have extra layers for the value added services which create a vector for exposure.
The security issues that have not been adressed properly are the cloud service abuse by external attackers. The system and application vulnerability of the cloud environment is the next issue that has not been discussed adequately. Inability to understand the full scale of the cloud environment is another issue that has been overlooked. Without properly analysing the service environment, many organization nowadays incorporate the cloud environment in their business processes which is huge issue.
Personally, I think the loss of data is the most critical problem for the cloud environment. This is because the most of the users access cloud technology to upload their critical and private information. For data security, enterprises use this technology for data recovery. According to me, the whole concept of the technology gets tarnished if the data that users store in the cloud servers get compromised.
The future research directions of cloud computing has been mentioned based on the identified challenges and gaps.
First, the energy efficiency of the system needs to be increased by changing the design structure of the applications at a number of level such as algorithms, compilers, applications and operating system [7]. To maintain the trade-off due to energy consumption, the resources of the application need to be allocated properly for increasing their performance level.
Security challenges/problems of cloud computing
For green computing initiative, the cloud service providers need to properly analyse the cooling requirements, power of the data centre, power consumption, cooling requirements and design. To measure the cloud components’ energy consumption, proper tools need to be developed.
Next, other factors such as memory, CPU usage, network and processes related to cooling need to be analysed for designing efficient cloud environments which can have proper resource scheduling.
Next, the organization needs to be conduct a proper analysis before implementing the cloud service environment for achieving optimum power efficiency due to virtualization [6].
The service provider needs to also consider renewable sources for decreasing the energy consumption of the cloud environment.
The providers of the cloud service need to be checked and nominated properly if they are reliable for preventing data breaches from occurring. This prevents the users from getting cryptographic keys by utilizing side channel attacks which is used to attack other virtual machines in the common network [14]. To ensure data security, correct encryption systems need to be installed.
Authorized registration and validation processes need to be implemented properly for preventing cloud abuse. This deters the attackers with a credit card from accessing the cloud services from malicious attacks and spam mails. The processes related to credit card transactions need to be monitored carefully. Also, the careful analysis of the networking traffic needs to be conducted. Also, the blacklisted stuff of the network needs to be assessed periodically.
The security standards of the cloud provider needs to be checked carefully to prevent threats from APIs which are insecure [8]. To prevent malicious attacks, strict authentication as well as encrypted transmission needs to be checked carefully.
Proper supply chain management system needs to be scheduled for preventing malware attacks. Proper information needs to be provided to the users by cloud service providers about granting the access to other softwares and tracking the user information. The legal contract needs to include the human resource management. To prevent misuse of the system, transparent security mechanism and compliance needs to be developed.
Proper security measures related to the installation and configuration of the cloud system needs to be adopted for preventing problems that arise with shared technology. The non-authorized advertisement activities needs to be inspected. The authorization process of administrative activities needs to be analysed and evaluated. Service level agreements need to be developed for installing vulnerability assessments.
The API security needs to be properly enforced for preventing data loss. This is crucial as failure to do that can lead to loss of customer trust and can even lead to compliance and legal issues. SSL encryption needs to be used for data security [13]. For running time duration and designing, integrity of data needs to be analysed. The service provider’s backup and collection plans need to be checked.
Issues that have not been mentioned appropriately
Restriction needs to be imposed against sharing of credential information for preventing account hacking. In every service process, the two way authentication system needs to be implemented. All the activities of the employees during working hours need to be tracked. The data logs need to be secured cautiously and information related to the infrastructure should be protected with optimum security measures.
Conclusion
To conclude the report, it can be stated that a lot of security threats are still present in cloud environment to truly call it as a safe and secure networking environment. An outline of the cloud technology has been discussed in the report. The technologies and applications of cloud environment has been assessed in the research report. Several security and privacy threats of cloud technology has been discussed and evaluated consequently. The literature review gaps has been addressed as well and a personal reflection on the security issue has been discussed in the report.
Cloud computing has a number of advantages that needs to be appreciated. Despite the implementing security issues that the technology faces, cloud computing will thrive in the coming years and the advanced features that it provides will eventually develop to meet the security standards that the technology needs to address the mentioned security issues.
References
[1] Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107.
[2] Arora, R., Parashar, A., & Transforming, C. C. I. (2013). Secure user data in cloud computing using encryption algorithms. International journal of engineering research and applications, 3(4), 1922-1926.
[3] Avram, M. G. (2014). Advantages and challenges of adopting cloud computing from an enterprise perspective. Procedia Technology, 12, 529-534.
[4] Chou, T. S. (2013). Security threats on cloud computing vulnerabilities. International Journal of Computer Science & Information Technology, 5(3), 79.
[5] Dinh, H. T., Lee, C., Niyato, D., & Wang, P. (2013). A survey of mobile cloud computing: architecture, applications, and approaches. Wireless communications and mobile computing, 13(18), 1587-1611.
[6] Fernando, N., Loke, S. W., & Rahayu, W. (2013). Mobile cloud computing: A survey. Future generation computer systems, 29(1), 84-106.
[7] Garg, S. K., Versteeg, S., & Buyya, R. (2013). A framework for ranking of cloud computing services. Future Generation Computer Systems, 29(4), 1012-1023.
[8] Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of security issues for cloud computing. Journal of internet services and applications, 4(1), 5.
[9] Jain, R., & Paul, S. (2013). Network virtualization and software defined networking for cloud computing: a survey. IEEE Communications Magazine, 51(11), 24-31.
[10] Khalil, I. M., Khreishah, A., & Azeem, M. (2014). Cloud computing security: A survey. Computers, 3(1), 1-35.
[11] Modi, C., Patel, D., Borisaniya, B., Patel, A., & Rajarajan, M. (2013). A survey on security issues and solutions at different layers of Cloud computing. The journal of supercomputing, 63(2), 561-592.
[12] Perez-Botero, D., Szefer, J., & Lee, R. B. (2013, May). Characterizing hypervisor vulnerabilities in cloud computing servers. In Proceedings of the 2013 international workshop on Security in cloud computing (pp. 3-10). ACM.
[13] Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation, management, and security. CRC press.
[14] Wei, L., Zhu, H., Cao, Z., Dong, X., Jia, W., Chen, Y., & Vasilakos, A. V. (2014). Security and privacy for storage and computation in cloud computing. Information Sciences, 258, 371-386.
[15] Xiao, Z., & Xiao, Y. (2013). Security and privacy in cloud computing. IEEE Communications Surveys & Tutorials, 15(2), 843-859.
[16] Yang, K., & Jia, X. (2013). An efficient and secure dynamic auditing protocol for data storage in cloud computing. IEEE transactions on parallel and distributed systems, 24(9), 1717-1726.
[17] Younis, Y. A., & Kifayat, K. (2013). Secure cloud computing for critical infrastructure: A survey. Liverpool John Moores University, United Kingdom, Tech. Rep, 599-610.
[18] Chen, D., & Zhao, H. (2012, March). Data security and privacy protection issues in cloud computing. In Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on (Vol. 1, pp. 647-651). IEEE.
[19] Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation computer systems, 28(3), 583-592.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
