Benefits and Risks of Cloud Computing
Discuss about the Security Threats In Cloud Computing And Preventive.
Cloud computing has continuously has transformed the way in which companies share, store and use their workloads, applications and data. This has also resulted in the creation of a number of security challenges and threats. As the cloud hosts a huge number of services and involves the transfer of data into the public cloud services, the particular resources become a common target for all the attackers [7]. As the number of cloud service utilization increases, the process of protecting the complicated data also becomes more complicated and risky. The data that is present in the cloud environment should be protected not only from the cloud service providers but also from the prospective cloud users. In the following report, the various security threats of cloud environment has been discussed and assessed. The preventive method for such security threats has also been mentioned in the report conclusively.
Cloud computing has changed the landscape of modern technology. It has revolutionized the way enterprises operate and has provided the industry with a lot of advantages. The research problem is aimed at providing the relevant issues that are associated with this technology and has proposed preventive measures for addressing these particular issues.
Although previous researchers have been carried out on the topic of security threats of cloud computing, the present research is aimed at providing information about the security issues that has happened recently and relevant to the topic.
Cloud Computing refers to the process by which the resources that are provided by Information technology are retrieved through the web based tools from the internet instead from a directly connected server. The cloud computing technology helps to save the file in a remote online cloud based database instead of a physical local storage device [9]. There are different types of cloud computing namely SaaS, IaaS and PaaS.
Although cloud computing provides a number of benefit to the user it comes with its own share of security risks. It is one of the emerging innovations of the technological landscape and modern internet. Large corporations such as Google and Amazon use cloud services on a day to day basis along with their customers. The technology provides several organizations with the added benefit of reduction in cost and more features leading to innovative solutions. But like most technologies, this also comes with some risks that needs to be addressed for proposing the technology as 100% secure.
Security Threats of Cloud Computing
Cloud computing is used for maintaining IaaS and PaaS which helps the organizations to save on investment cost to maintain, manage and acquire an IT infrastructure. Cloud based environment are also deployed for hybrid and private clouds. It is also used for test and development purposes as the cost of setting up physical assets and manpower is not involved [1]. Nowadays, cloud computing is used with bug data analytics for extracting and analysing customer information. It is increasingly used for file storage systems as users can access data from virtually anywhere. It is also used in backups as well as disaster recovery.
There are several security threats and challenges of cloud computing that are have been addressed in the following literature review.
The first challenge is the business threat that comes with the integration of shared technologies. The cloud service provider shares the applications, platforms and infrastructure of cloud computing [17]. The shared environment brings in the potential of a single security breach that has the capability to expose the total cloud environment to compromises. The security breach can also affect other shared systems such as shared storage, database services and CPU caches. Lack of in-depth defensive processes is the main reason for this security threat to the cloud environment.
The second security challenge is the DDoS Attack [2]. These application level attacks have the capability to target database vulnerabilities as well as web servers. These involve a huge number of automated requests for service that impairs the cloud service without properly shutting it down. Over the years, the attackers have improvised their way of conducting DDos attacks and have managed to conduct the attacks with sophisticated and distributed ways.
The third security challenge is the possibility of data loss. Whenever a person uploads a file to the cloud environment, there lies the chance of the data being intercepted by another authorized individual or unscrupulous attackers. This loss of data can cost the organization millions of dollars. According to a report backed by Health Information Trust Alliance, the data loss security factor has cost enterprises more than 4 billion dollars in cost.
The fourth security threat that is related to the cloud environment is the presence of APTs or Advanced Persistent threats. These threats are difficult to detect and conducts the attack in a parasitic form.
The threat from malicious insider is also a serious security issue for cloud computing. Often there are several employees in an organization who gets access to the cloud environment [4]. If the employees want to transfer vital information of the cloud to a competitive enterprise, then it can cause a lot of problems for the organization. The attackers can manipulate the data and shatter the entire infrastructure of the cloud environment with this vulnerability [10]. This attacks happen due to the lack of proper user access monitoring system and encryption process control mechanism.
Preventive Measures for Cloud Security
Sometimes, the attackers can eavesdrop on financial data and compromising information. They can hijack the accounts of several individuals within the cloud environment and modify them. This can cause irreparable damage for the entire organization. Lack of multifactor authentication is the prime cause of this security issue. Moreover, they can serve malware into the cloud environment and distribute pie=rated software through the network.
The people who are working for an organization using cloud environment are given a well-defined authentication and identify verification system to provide the right amount of access information to the right person [16]. Often, these verification systems are not removed properly even when the person is not working for the organization. That person can compromise the entire cloud environment by stealing critical information about the business process of the organization or obtain their credentials for illicit purposes.
Another critical security threat for cloud environment is the insecure APIs. The cloud service providers have always faced the dilemma of providing the service to millions of people as well as properly preventing the damages that these anonymous users can do to the cloud environment [15]. To prevent this, application programming interface has been created which determines the process by which third party connects with the network and provides legit verification for accessing the services. An open authorization service created by Google and Twitter and collaboration named OAuth was designed for this purpose. Recently, security researchers has warned the organizations using open authorization service that there are still no secure APIs that can prevent a security breach 100% despite the controls and protection systems [5]. The researchers argue that the APIs can be made secure by designing them to withstand problems faced from activity monitoring, encryption and access and authentication controls. This prevents the users from gaining access to the application from a public service and restricts their authentication access. But nowadays, APIs add layers for value added services and makes them more complex which provides the attackers to find an exposure to breach the system.
The security threats which has not been addressed properly are the incapability of understanding the full scope of the technology. Many enterprises accommodate the cloud environment in their business structure without properly analysing the environment of the service provider and protection mechanisms.
Another issue that has not been adequately discussed is the nefarious and abuse of cloud services by an unscrupulous attacker. Application and system vulnerability of cloud services is another issue that has not been highlighted properly.
Future Research Directions for Cloud Computing
In my opinion, the loss of data is a critical issue for cloud computing technology as most of the times consumers use this technology for saving their private and critical data. Enterprises use cloud computing as a storage service for critical information as well as disaster recovery. If the data that is being stored gets compromised, I think it totally tarnishes the concept of cloud computing.
Based on the identified gaps and challenges, the future research directions of cloud computing are mentioned in the following literature.
First of all, the system energy efficiency needs to be increased by designing the software at various levels such as applications, operating systems, algorithms and compilers. The resources need to be integrated with the application according to its performance level to maintain the trade-offs related to energy and consumption [7].
The cloud providers need to measure and understand the present data centre power, cooling designs, cooling requirements and server power consumption to achieve green cloud computing. Tools need to be developed to measure the energy consumption of cloud services and components.
Third, to gain proper resource scheduling, the factors such as CPU usage, cooling processes, memory and network need to be considered for designing efficient cloud computing systems.
Fourth, before implementing the cloud computing in an institution, proper overhead analysis need to be conducted before adding latest technologies such as Virtualization to achieve maximum power efficiency [6].
Lastly, to reduce the energy consumption of cloud services, the service providers need to consider using renewable resources.
Based on the mentioned security threats, the proposed preventive measures are written as follows.
To prevent the data breaches from happening, the cloud service providers need to be selected properly and checked if they are reliable or not. This prevents the attackers from using the side channel attacks for getting the cryptographic keys which is used by other virtual machines present in the same cloud network [14]. Proper encryption system need to be installed to ensure proper data security.
To prevent cloud abuse, authorized validation and registration processes need to be implemented. This prevents anyone with a credit card from availing the cloud based services making the system prone to spam mails and malicious attacks. Credit card processes need to be monitored carefully to prevent frauds. Network traffic need to be examined carefully. Moreover, the blacklisted stuff of a particular network need to be checked carefully from time to time.
To prevent the threats from Insecure APIs, the cloud provider’s security standards needs to be inspected carefully. The encrypted transmission and strict authentication need to be checked carefully periodically to prevent malicious tacks from happening [8].
To prevent malware attacks from occurring, authorized supply chain management system need to be planned. The cloud providers need to provide information to the users about how they grant access to particular softwares and how they track the users. The human resource management need to be included in legal contract. Security compliance and mechanism need to be absolutely transparent to prevent misuse of the system.
To prevent the issues that arise with shared technology, best security measures need to be adopted for the purpose of configuration and installation of the services. The non-authorized activities ad changes need to be audited. The authorization process for certain administrative operations need to be checked and improved. To install vulnerability assessments, service level agreements need to be promoted. Moreover, the vulnerabilities need to be scanned from time to time.
To prevent the loss of data, the strong API security need to be enforced to retain customer trust as it can lead to policy and legal compliance issues. The data needs to be secured with SSL encryption [13]. The integrity of data needs to be checked for designing as well as running time duration. The collection and backup plans of the service providers need to be explored as well.
To prevent account hacking, the sharing of credential information between users need to be restricted. The two way strong authentication need to be implemented in every service processes in the cloud environment. Employees need to be tracked for detecting activities which are unauthorized. Moreover, data logs need to be carefully stored and the details of the infrastructure need to be properly secured.
Conclusion
To conclude the report, it can be stated that the cloud computing has a number of security threats that it has to address before it can be truly stated as a secure alternative to other physical relevant technologies. In the following report, an overview of the cloud environment has been mentioned. The relevant applications and technologies related to cloud computing has been assessed and discussed in the literature review section of the report. The possible security threats of cloud computing has been evaluated and discussed accordingly. Next, the relevant gaps of the literature review which has not been addressed properly is also mentioned as well. A personal reflection of the security threats of cloud computing has been provided and the related preventive measures of the mentioned security threats has been assessed.
Cloud computing has revolutionized the IT industry with the benefits it provides. Just like any other technology, it has its own set of disadvantages. The future prospects of cloud computing carries a lot of potential if the mentioned security threats are addressed carefully with the proposed preventative measures.
References
[1] Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107.
[2] Arora, R., Parashar, A., & Transforming, C. C. I. (2013). Secure user data in cloud computing using encryption algorithms. International journal of engineering research and applications, 3(4), 1922-1926.
[3] Avram, M. G. (2014). Advantages and challenges of adopting cloud computing from an enterprise perspective. Procedia Technology, 12, 529-534.
[4] Chou, T. S. (2013). Security threats on cloud computing vulnerabilities. International Journal of Computer Science & Information Technology, 5(3), 79.
[5] Dinh, H. T., Lee, C., Niyato, D., & Wang, P. (2013). A survey of mobile cloud computing: architecture, applications, and approaches. Wireless communications and mobile computing, 13(18), 1587-1611.
[6] Fernando, N., Loke, S. W., & Rahayu, W. (2013). Mobile cloud computing: A survey. Future generation computer systems, 29(1), 84-106.
[7] Garg, S. K., Versteeg, S., & Buyya, R. (2013). A framework for ranking of cloud computing services. Future Generation Computer Systems, 29(4), 1012-1023.
[8] Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of security issues for cloud computing. Journal of internet services and applications, 4(1), 5.
[9] Jain, R., & Paul, S. (2013). Network virtualization and software defined networking for cloud computing: a survey. IEEE Communications Magazine, 51(11), 24-31.
[10] Khalil, I. M., Khreishah, A., & Azeem, M. (2014). Cloud computing security: A survey. Computers, 3(1), 1-35.
[11] Modi, C., Patel, D., Borisaniya, B., Patel, A., & Rajarajan, M. (2013). A survey on security issues and solutions at different layers of Cloud computing. The journal of supercomputing, 63(2), 561-592.
[12] Perez-Botero, D., Szefer, J., & Lee, R. B. (2013, May). Characterizing hypervisor vulnerabilities in cloud computing servers. In Proceedings of the 2013 international workshop on Security in cloud computing (pp. 3-10). ACM.
[13] Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation, management, and security. CRC press.
[14] Wei, L., Zhu, H., Cao, Z., Dong, X., Jia, W., Chen, Y., & Vasilakos, A. V. (2014). Security and privacy for storage and computation in cloud computing. Information Sciences, 258, 371-386.
[15] Xiao, Z., & Xiao, Y. (2013). Security and privacy in cloud computing. IEEE Communications Surveys & Tutorials, 15(2), 843-859.
[16] Yang, K., & Jia, X. (2013). An efficient and secure dynamic auditing protocol for data storage in cloud computing. IEEE transactions on parallel and distributed systems, 24(9), 1717-1726.
[17] Younis, Y. A., & Kifayat, K. (2013). Secure cloud computing for critical infrastructure: A survey. Liverpool John Moores University, United Kingdom, Tech. Rep, 599-610.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
