Thursday, December 12, 2019
Security And Privacy Issues Cloud Computing ââ¬Myassignmenthelp.Com
Question: Discuss About The Security And Privacy Issues Cloud Computing? Answer: Introduction This is the age of digitalization and disruption where new technology is constantly retiring and replacing the old technology as well as new emerging business and delivery models are replacing the traditional models. These new models are much more elastic, scalable as well as cost efficient. Cloud computing is also one such promising delivery model where data and programs will be stored on a remote machine and will be accessed using internet while traditionally organization has to buy and maintain the entire infrastructure in-house and maintain data as well as programs in-house. As a result, there are many benefits in terms of cost savings as the organization is not maintaining the infrastructure however there are challenges and benefits also in adopting the cloud computing. This is the reason that although Cloud has been there since more than a decade, it is still far from mainstream adoption due to various security and privacy and other open ended issues. Also, most of the big companies and technological giants like Google, Amazon, IBM, Microsoft, Oracle, EMC and many other players like Salesforce.com are counting heavily on this technology and bringing most of the products developed on cloud. The purpose of this report is to deeply analyze the security and privacy issues that are delaying the widespread adoption of the Cloud computing. This will also discusses various service models and deployment models associated with the cloud very briefly however it will not talk about the benefits of cloud computing as there is already large number of reports on the same. It is expected that cloud computing would continue to be a key technology trend that would shape the use of Information Technology for large and small organizations. Cloud Computing service Models and Deployment Models There are different service and deployment models for cloud installation. The widely used service and deployment models for cloud computing can be discussed as: Service Deployment Models There are three service models in Cloud computing based on the level abstraction and resourced vendor provide. They are as follows: 2.1.2 IAAS (Infrastructure-as-a-Service) - In this service model, Cloud Service Provider (CSP) will provide the network, storage and processing capability to the customers. Customer can select their own applications and middleware, operating systems and can deploy them on IAAS. 2.1.2 PAAS (Platform-as-a-Service) In this service model, CSP will provide the middleware, programming languages, operating systems needed to build the applications. Also, customers do not have the choice for using separate storage. It should be what is supported by the PAAS. However, customers have full liberty to deploy and run whatever application and software they want to run (Puthal Sahoo, 2015). 2.1.3 SAAS (Software-as-a-Service) In this service model, CSP will provide the application to the customer. Salesforce.com is a very popular example of this. Apart from it, Microsoft outlook, Gmail are also examples of SAAS. In this vendor will manage the underlying systems like IAAS and PAAS and customers can access the application using the Internet. It is an alternative to local application. Across the industry, there are various vendors that provide cloud services. Below are the popular vendors or Cloud Service Providers. IAAS Vendors PAAS Vendors SAAS Vendors Amazon IBM Google Rackspace Cloud Google Microsoft Salesforce.com Oracle Google Apps Salesforce.com Security and privacy issues in Cloud computing There are various advantages of cloud computing. However, there are various issues and challenges that must be addresses. In fact, the complete benefits of cloud computing can be achieved only when organizations can overcome the issues and challenges. The common issues and challenges with cloud computing can be discussed as: Data Privacy: Privacy is the single biggest issue that is preventing the widespread adoption of cloud computing. In this age of big data analytics, data is very critical and important function for every organization. Now, the issue arises when the top vendors of the cloud like Google and Amazon are in the business where data is very important. For example, Google main business is from advertisements. It has products like Google AdSense and Google AdWords where these giants shows the appropriate advertisements to the people based on their profile using principles of digital marketing (Takabi, Joshi, Ahn, 2010) Amazon also is one of the E-commerce giant that uses data for showing targeted marketing and increasing its businesses. In such scenarios, if any customers are using the services of these vendors, there is a conflict of interest and there can be a risk to confidential customer data. Data compliance issue: There are numerous issues related to compliance using cloud computing. Each nation has their own laws, rules and policies related to how the organizations can store the data. For example, there is a government rule of European Union (EU) Data Privacy Directive that prevents that data of the country members to be stored outside the country. Now, in cloud computing, there are various copies maintains at various locations of the world and thus this type of compliance will make it impossible for the organization to use cloud computing (Amorsy, Grunday, Muller, 2016). Cloud vendors needs to be more transparent and must tell the customers where they are storing the data and how many copies they are maintaining. Data deletion risks: Data portability and data deletion has been one of the main challenges of cloud computing which is quite under researched. There are no solutions and workarounds to handle this and as a result of this vendors are not quite transparent about (Rittinghouse, Ransome, 2016). For instance, consider a scenario where 1 customer is maintaining their data with one of the cloud service provide. Now, due to some issue or requirement, customer decided to use the in-house application or switch to a different Cloud service provider, it is difficult to ensure that the cloud vendor has removed all customer data from the cloud. It is because usually the cloud stores data in a complex mesh of interrelated data and also maintain numerous copies in form of backups that are located across the world (Theoharidou etal., 2013). As long as it is private cloud, Vendor can reset or flush the complete data but how it will be handled in case of a community cloud. Also, if customers want to delete some data, how it will ensure that it is permanently removed from all the clouds. No Common Cloud Standards: Currently, there is poor interoperability between clouds maintained by different vendors due to lack of common standards. This lack of interoperability has makes the migration from 1 cloud to another cloud very difficult and depending on the single cloud vendor will simple increases the risk for the customers (Latif, et al., 2014). Customers will prefer to distribute their data over the clouds managed by various provides in order to minimize the risk but this is not possible. Apart from this, there is another issue of compatibility. Amazon and Microsoft are mainly the IAAS providers which provides the storage and computing services however the reason most of the organization are looking for cloud is the SAAS (software-as-a-service). Now, if you run the software on the IAAS owned by the amazon and there are some issues, you will be permanently lost in what is creating the issue and also integrations will also be needed. Amazon is quite good for those cases w here client is planning to build and deploy their own custom applications but not well in a situation where customers wants to use 3rd party software. Oracle and Salesforce.com are two such vendors that own and provides entire cloud stack that is IAAS, PAAS and SAAS (Ali Khan, 2015). However, other vendors also need to work in this space. Data Segregation: software multitenancy is the major feature of the cloud computing where a single instance of software will be used to serves the multiple tenants. Thus, data of various users will be storing at the same location, which makes the intrusion of a data of 1 user by another user possible. This is the single biggest risk and thus SAAS should define and maintain clear boundary for the data belonging to each user and thus boundary must be protected at physical as well as application level (Toosi Calheiros, 2014). Data breaches: Clouds have the data from multiple people belonging to multiple countries. Now, if any of the person or users of the cloud has been attacked by malware, there is a risk of malware entering into a complete cloud and can impact the data of all the other organizations. In such cases, organization are arguing that they are giving training to their users not to click on any phishing mail but what if someone who do not belong to their organization has clicked on such emails and the impact is compromise of their data (Mouratidis, et al., 2014). Network security: In a community cloud, there are large number of organizations that will interact with their own partners, customer and suppliers. As a result, there will be flow of sensitive data over network and thus it needs to be protected to avoid the seepage of confidential data and sensitive information. This involves the use of strong encryption techniques like SSL for security purposes (Sanaei Abolfazli, 2014). Conclusion No doubt cloud is a flavor of today as it provides lot of financial benefits to the organization however there are still many open issues and questions that must be answered before it will be adopted widespread. With Globalization, as the organizations are increasing beyond their boundaries, maintain on premise IT systems for every site will be quite expensive for them and cloud scalability is perfect solution for them but security, audit, compliance related issues of cloud computing has delayed the speed of its adoption. This report discusses about the key privacy and compliance issues that are associated with the cloud computing. And as most of the technological giants like IBM, Microsoft, Oracle, Amazon, Google are working in this area, the open items will probably be solved in coming times leading to a cloud revolution. References Ali, M., Khan, S. U., Vasilakos, A. V. (2015). Security in cloud computing: Opportunities and challenges.Information Sciences,305, 357-383. Almorsy, M., Grundy, J., Mller, I. (2016). An analysis of the cloud computing security problem.arXiv preprint arXiv:1609.01107. Latif, R., Abbas, H., Assar, S., Ali, Q. (2014). Cloud computing risk assessment: a systematic literature review. InFuture Information Technology(pp. 285-295). Springer, Berlin, Heidelberg. Mouratidis, H., Islam, S., Kalloniatis, C., Gritzalis, S. (2013). A framework to support selection of cloud providers based on security and privacy requirements.Journal of Systems and Software,86(9), 2276-2293. Puthal, D., Sahoo, B. P. S., Mishra, S., Swain, S. (2015, January). Cloud computing features, issues, and challenges: a big picture. InComputational Intelligence and Networks (CINE), 2015 International Conference on(pp. 116-123). IEEE. Rittinghouse, J. W., Ransome, J. F. (2016).Cloud computing: implementation, management, and security. CRC press. Sanaei, Z., Abolfazli, S., Gani, A., Buyya, R. (2014). Heterogeneity in mobile cloud computing: taxonomy and open challenges.IEEE Communications Surveys Tutorials,16(1), 369-392. Takabi, H., Joshi, J. B., Ahn, G. J. (2010). Security and privacy challenges in cloud computing environments.IEEE Security Privacy,8(6), 24-31. Theoharidou, M., Papanikolaou, N., Pearson, S., Gritzalis, D. (2013, December). Privacy risk, security, accountability in the cloud. InCloud Computing Technology and Science (CloudCom), 2013 IEEE 5th International Conference on(Vol. 1, pp. 177-184). IEEE. Toosi, A. N., Calheiros, R. N., Buyya, R. (2014). Interconnected cloud computing environments: Challenges, taxonomy, and survey.ACM Computing Surveys (CSUR),47(1), 7.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.