Research Problem
Discuss about the privacy and security issues in the cloud computing technology and their prevention methods.
The cloud computing is an innovative technology, which can be used to improve the computation services and storage capabilities. The cloud technology has generated a significant level of interest in academia and business leaders. It is based on economic utility model by creating existing approaches of distributed services, applications and information infrastructure (Chen & Zhao, 2012, March). Cloud computing is an important paradigm, which can be used to reduce the cost by increasing the operational and economic efficiency in business organizations. Cloud computing is focused on increasing collaboration, agility and scale of operations to create a large-scale computing model. Most of the small and medium-sized business organizations have also realized the importance of cloud computing to access complex business applications and enhance the computing resources of the organization. The cloud computing has three service models, namely, Cloud software as a Service (SaaS), Cloud Platform as a Service (PaaS) and Cloud Infrastructure as a Service (IaaS) (Takabi, Joshi, & Ahn, 2010). There are four deployment models, namely, private cloud, community cloud, public cloud and hybrid model. The cloud computing has several benefits over the traditional storage software. However, one of the biggest barrier in the adoption of cloud computing is security concerns. There are several issues related to privacy and security of the information, which prevents the users in accessing this information.
The cloud computing is the cost-effective and efficient infrastructure for the business enterprises. However, there are several security and privacy concerns associated with the cloud services. Further, the deployment of cloud services is not as safe as claimed by the cloud vendors. In the past years, there have been a number of accidents, which have showed that the clouds are vulnerable to external thefts and security compromises. The cloud services are different from the traditional IT infrastructure. The customers can avoid one-time investment, operating cost and increase their agility by using the cloud services whenever needed. However, cloud has a unique infrastructure, which raises various security and privacy concern for the organizations, which are using the cloud services. The security issues associated with the cloud services can be categorized into one of the following dimensions, namely, privileged user access, long term viability, regulatory compliance, investigative report, data location, data recovery and data segregation (Zhou, Zhang, Xie, Qian, & Zhou, 2010, November). The security issues of the cloud services can be categorized as under security and privacy issues, compliance issues and contractual issues. As the cloud services are spread over different countries, the legal compliance of the vendors is also a challenge. The research problem of the current paper can be formed as:
- What are the security and privacy challenges in the cloud computing?
- What countermeasures can used to enhance the security of the cloud infrastructure?
Research Justification
Today, the cloud computing has a widespread application and requirement for the business enterprises. Cloud computing is unique due to its delivery and deployment models. There are several benefits of cloud computing such as on-demand self-service, ubiquitous network access, resource elasticity, calculated services, pooling services and location independent resources. However, in spite of all these benefits, the adoption rate of cloud computing is comparatively low. Therefore, it is important that the business organizations enhance the security associated with the cloud solutions (Subashini & Kavitha, 2011). By improving the security, the business organizations can accelerate the adoption of cloud services at a large scale. It can also garner the support of regulatory organizations. Therefore, the present research will be beneficial to enhance the adoption of cloud computing services.
In the perspective of Kumar & Lu (2010), the cloud computing is advancement in web services such as web hosting and online web storage. The primary feature of the cloud computing system is the availability of the services to the customers at any time and at any place. The cloud computing ensures that the users can access the system from any location in the world. Therefore, most of the business organizations provide cloud system at virtual places. However, if the hackers are able to break into the private data of the web hosting and the online storage, it can create huge risk for the hackers. The hackers might steal the private information of the users. The users have access to vast amount of information from different users and can use this information for malicious intent. There are several sensitive category of information such as credit card numbers, software and reports, which are stored at the online mediums. This information can be stolen for malicious intent.
Pearson & Benameur (2010, November) have analyzed that the cloud computing environment is a multi-domain environment; therefore, in this environment each domain can be use different levels of security, privacy and trust. It is facilitated by service composition and orchestration. There are issues regarding the authentication and identity management in the cloud solutions. In the cloud services, the identity management mechanism is used to protect the credentials and characteristics of the users. However, a major issue in the identity management is the issue of interoperability, which arises because of the use of different identity tokens and identity negotiations in protocols.
In the perspective of Popovi? & Hocenski (2010, May) the current password based authentication processes has several inherent risks associated with the account. The cloud is a multi-tenant environment; therefore, the privacy of an individual user can be easily breached in the environment. There is also issue of multi-jurisdiction, which can complicate the cloud protection laws and jurisdiction. The cloud service provider has to ensure that the identity of the services is protected from other users of the service. The distributed-denial-of-service attack is another service security issue in cloud computing. The cloud computing has high level of resources; however, it is still prone to (Distributed Denial of Service) attacks. However, with the existence of several other technologies, the DDoS attacks have increased in number. In cloud hosting solutions, the business organizations have to share their resources, which make them vulnerable to the attacks by other business organizations.
Literature Review
According to Kaufman (2009) in the SaaS model of cloud computing, cloud solutions are offered as a service. In the traditional data storage model, the sensitive data is stored at the premises of the enterprises and it remains in the boundary of the organization. This data is subject to the physical, logical, personal security and access control protocols. However, in SaaS clouds solutions, the sensitive data is stored outside the physical premises of the organization. Therefore, it is important that SaaS vendor adopts additional security measures to protect the data at the vendor’s location. There should be additional security measures to prevent data breach due to vulnerabilities emerging due to malicious employees. The cloud vendors should have strong encryption techniques for maintaining the security of the database. In the views of Wang, Wang, Ren & Lou (2010, March) the malicious users exploit weaknesses in the data storage infrastructure, so that they gain access to unauthorized data.
According to Chen & Zhao (2012, March) the network security is another issue in the security and privacy approaches of cloud solutions. In the SaaS model, the sensitive data is captured by SaaS tools, processed through SaaS applications and stored at a foreign location. All the data stored at the SaaS locations, should be protected so that sensitive information cannot be stolen from the organization. The companies can use different approaches such as secure socket layer (SSL) and Transport Layer Security (TLS) for enhancing the security of the organization. These approaches can provide protection against several approaches such as packet sniffing, IP spoofing, and manual attacks. The malicious hackers can exploit the weakness in the network security configuration and use it to extract information from the users.
Similarly Wang, Wang, Ren & Lou (2010, March) have stated that other than that there are several laws related to data locality. According to these laws, certain kind of information and data cannot be sent outside the country due to the privacy laws. However, it becomes a challenge for the cloud organizations as in the cloud; the data is stored at a remote location. The location of the data is very important in the enterprise architecture, as it may comprise sensitive information. It is possible that the privacy and the sensitivity laws are not applicable in the countries.
In the cloud computing, data integrity is another important issue in the system. The data integrity can be achieved by establishing a standalone database. It means establishing a single database for each organization. The database managers have to implement constraints and database transactions, so that they can maintain the data integrity of the secured data. However, maintaining the data integrity is challenging in the distributed system. The transaction across different data sources has to be handled in a fail safe manner so that no external entity can breach the database of the organization.
In the perspective of Takabi, Joshi, & Ahn (2010) in the cloud computing, multi-tenancy is an integral characteristic of the database management. It means that different users can save their data at a single location. It means that the confidential and non-confidential data of the users will reside at the same location. In this environment, the intrusion between the data of two different users can occur. It will be a huge breach in privacy of the users. The business organizations can deliberately enter the database of another organization by hacking the loopholes in the cloud applications or injecting cloud code in SaaS system of the organization. The unethical hackers can breach the system of the organization and intrude the system of another organization. Therefore, it is important that system boundaries are established not only at the physical level but also at the application level.
In the views of Itani, Kayssi & Chehab (2009, December) the data access is another issue in the cloud based system. The data access is another issue in the cloud computing. In the cloud, the data access is associated with the security policies provided to the users, when they access the data. Every business organization, which takes use of cloud services, has their own set of security policies. According to these policies, different employees have different access to user data. These policies may provide certain access to few employees and other access to other employees. It is important that the cloud service providers give the same access to the cloud service providers.
According to Pearson (2009, May) in the cloud solutions, the data confidentiality is another issue in effective storage of information. The cloud computing involves sharing or storage of resources; however, the actual border or limit of sharing is under a debate. The cloud computing involves sharing the information at remote servers and accessing them with the internet. All the storage requirements of the users can be stored at a single cloud service provider. It can also be stored at different service provider.
In the views of Kumar & Lu, (2010) other than that, there is also issue of web application security in the cloud computing. It means that the SaaS services are deployed over the internet so that it can run on the personal computer. There are several characteristics of the cloud computing such as network-based access, management and managing the applications from a central location. It allows the customers to access the information through software components. There is also issue of data breach in cloud computing. In cloud, the information is stored at a remote geographical location; therefore, the actual owner of the information has little control over the storage of the information. In cloud computing, most of the business organizations use virtualization to manage the information at the cloud. According to Hwang & Li (2010), the virtualization poses several security risks to the users. In the present scenario, it is very challenging for the business organizations to assure that different processes running on the same physical machine are completely isolated to each other. Another issue is controlling the flow of information on the host and the guest operating machines. There are a few vulnerabilities in the virtualization software. These vulnerabilities can be exploited through malicious users.
Another challenge in cloud computing is that a large number of cloud vendors are present at the market. All these vendors have different level and approaches to cloud computing. Therefore, it is important that all the cloud service providers offer unique security policies. The cloud services are composed of several different services; therefore, the developers should focus on developing multiple services so that the application in high quantity can be addressed.
The research design is the most crucial aspect of the research process. It is the blueprint of the entire research process. It guides the researcher regarding the different aspects of the research and the process of completing the research in an appropriate manner (Myers, Well & Lorch, 2013). In the present research, the research method of survey will be used. It is a cost-effective method to collect the data from the survey respondents (Creswell & Creswell, 2017). The survey method can be established as quantitative method of primary data collection. It means that the data collected is quantitative in nature. The information collected with quantitative methods yields information, which can be analyzed through quantitative methods (Gorard, 2013). The primary data refers to the data exclusively collected for the present research. The sample size of the current research is 50. The survey will be collected with the IT managers of different small and medium sized companies. The sample will be selected according to the random sampling method. It is the simplest sampling method (Maxwell, 2012). According to this method, the research participants are selected, according to who agrees to participate in the research. The IT managers will have significant knowledge about the privacy and security challenge of the cloud computing. Along with it, literature review will be conducted to develop a theoretical foundation of the research (Leavy, 2017). It will be used to collect the current knowledge in the research area. The literature gap will be used for further details (Marczyk, DeMatteo & Festinger, 2010).
Conclusion
Conclusively, it can be stated that cloud computing is a novel technology, which can be used to create an innovative infrastructure for data storage. As discussed on the paper, there are several advantages of using the cloud-based solutions. However, there are several practical issues, which are needed to be solved so that the technology is widely accepted among the business organizations. In the present, the security of cloud-based solutions has several loose ends, which scares the potential buyers of technology. There are several security issues, which hinder the potential users from taking the full advantage of the technology. There are several existing vulnerabilities in the cloud computing, which increases the potential threat from the hackers. In cloud computing, the major challenge is sharing data, while protecting the private information of the users. In cloud computing, the major challenge is controlling which information to share and which information to reveal. There is high security vulnerability, that the information stored in the cloud, can be read by the third parties without their consent. There are various solutions to security issues in cloud computing such as segregating the non-sensitive and sensitive data.
In the accomplishment of the present work, the articles of various other authors have been cited. The author is grateful to all these scholars. He is also thankful to professors and friends, who have supported in completing the research work.
References
Chen, D., & Zhao, H. (2012, March). Data security and privacy protection issues in cloud computing. In Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on (Vol. 1, pp. 647-651). IEEE.
Chen, D., & Zhao, H. (2012, March). Data security and privacy protection issues in cloud computing. In Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on (Vol. 1, pp. 647-651). IEEE.
Creswell, J.W., & Creswell, J.D. (2017). Research Design: Qualitative, Quantitative, and Mixed Methods Approaches. SAGE Publications.
Gorard, S. (2013). Research Design: Creating Robust Approaches for the Social Sciences. SAGE.
Hwang, K., & Li, D. (2010). Trusted cloud computing with secure resources and data coloring. IEEE Internet Computing, 14(5), 14-22.
Itani, W., Kayssi, A., & Chehab, A. (2009, December). Privacy as a service: Privacy-aware data storage and processing in cloud computing architectures. In Dependable, Autonomic and Secure Computing, 2009. DASC’09. Eighth IEEE International Conference on (pp. 711-716). IEEE.
Kaufman, L. M. (2009). Data security in the world of cloud computing. IEEE Security & Privacy, 7(4).
Kumar, K., & Lu, Y. H. (2010). Cloud computing for mobile users: Can offloading computation save energy?. Computer, 43(4), 51-56.
Kumar, K., & Lu, Y. H. (2010). Cloud computing for mobile users: Can offloading computation save energy?. Computer, 43(4), 51-56.
Leavy, P. (2017). Research Design: Quantitative, Qualitative, Mixed Methods, Arts-Based, and Community-Based Participatory Research Approaches. Guilford Publications.
Marczyk, G.R., DeMatteo, D., & Festinger, D. (2010). Essentials of Research Design and Methodology. John Wiley & Sons.
Maxwell, J.A. (2012). Qualitative Research Design: An Interactive Approach. SAGE Publications.
Myers, J.L., Well, A.D., & Lorch, R.F. (2013). Research Design and Statistical Analysis: Third Edition. Routledge.
Pearson, S. (2009, May). Taking account of privacy when designing cloud computing services. In Software Engineering Challenges of Cloud Computing, 2009. CLOUD’09. ICSE Workshop on (pp. 44-52). IEEE.
Pearson, S., & Benameur, A. (2010, November). Privacy, security and trust issues arising from cloud computing. In Cloud Computing Technology and Science (CloudCom), 2010 IEEE Second International Conference on (pp. 693-702). IEEE.
Popovi?, K., & Hocenski, Ž. (2010, May). Cloud computing security issues and challenges. In MIPRO, 2010 proceedings of the 33rd international convention (pp. 344-349). IEEE.
Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of network and computer applications, 34(1), 1-11.
Takabi, H., Joshi, J. B., & Ahn, G. J. (2010). Security and privacy challenges in cloud computing environments. IEEE Security & Privacy, 8(6), 24-31.
Takabi, H., Joshi, J. B., & Ahn, G. J. (2010). Security and privacy challenges in cloud computing environments. IEEE Security & Privacy, 8(6), 24-31.
Wang, C., Wang, Q., Ren, K., & Lou, W. (2010, March). Privacy-preserving public auditing for data storage security in cloud computing. In Infocom, 2010 proceedings ieee (pp. 1-9). Ieee.
Wang, C., Wang, Q., Ren, K., & Lou, W. (2010, March). Privacy-preserving public auditing for data storage security in cloud computing. In Infocom, 2010 proceedings ieee (pp. 1-9). Ieee.
Zhou, M., Zhang, R., Xie, W., Qian, W., & Zhou, A. (2010, November). Security and privacy in cloud computing: A survey. In Semantics Knowledge and Grid (SKG), 2010 Sixth International Conference on (pp. 105-112). IEEE.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
