Security And Privacy Issues In Cloud Computing
Analysis / Report on Discussion Forum
Discuss about the Security and Privacy Issue in Cloud Compute.
Cloud computing is one of the most growing technology today. In this age of Globalization, mobilization and increase focus on concept of Lean, Cloud computing helps the organization in becoming lean by focusing less on their IT needs and more on their core competency, helps to increase mobility for global workforce (Hamlen, 2012). However, privacy and security concerns in cloud computing are not addressed completely leaving many questions unanswered in the minds of the CIOs. This is stopping widespread adoption of this great technology. The objective of this report is to elucidate and critically analyze the cloud computing technology in terms of its ability to handle security and privacy issues. Also, some common attacks in the history of cloud computing on cloud will be discussed to highlight the vulnerability of this technology.
There are various cloud service deployment models like Software-as-a service (SAA), Platform-as-a-service (PAAS) and Infrastructure-as-a-service (IAAS) where different services are provided by the cloud vendor (Pearson, 2009). Irrespective of the cloud deployment models utilized, below are the various ways in which cloud computing services are deployed and used.
Public cloud refers to the model in which services are rendered to the general public over the internet. For instance, Google Gmail example of public cloud, office 365 is public cloud.
Private cloud refers to one in which cloud computing environment is available only for the users of the organization. It gives the organizational greater control over its data. Such clouds can be hosted on-premise as well as on the externally hosted private clouds.
Hybrid cloud refers to combination of both public and private cloud computing models. The added benefit is that along with the private cloud, public cloud is maintained to handle extra loads or emergency situation. It also provided the flexibility of computing to the organization.
Out of all the above models, Only private model is accesses and consumed by the trusted folks. All the other models are accessed and consume by both trusted and untrusted.
There were DDOS attacks at speed of 20GB/sec in 2013 on the cloud. 2014 also witnesses multiple attacks over 1000GBPS on cloud (Bakshi, & Dujodwala, 2010). As this cloud computing technology become more and more famous, it will be targeted more by the malicious users.
Application layer attacks are very difficult to detect proactively in the cloud as it is difficult to differentiate genuine traffic and malicious traffic at this point of time (Shaikh, & Haider, 2011). This risks the majority of services on the cloud. Cloud’s reaction time is 10-15 minutes in case any suspicious activity is detected however by this time, entire systems can be hacked due to the increasing speed of malwares. It is very important that multiplayer defense should be researched and deployed on cloud to make it less vulnerable to such attacks.
Example of Attack on Cloud
There can be threat of malicious users. Malicious users can be internal consumer user, internal cloud user as well as third party user. Data leakage in cloud is another concern in cloud computing which can lead to information compromise (Rong, Nguyen, & Jaatun, 2013). There are proper guidelines to be defined to handle such issues. Also, private clouds are generally considering safe but they are also equally vulnerable. In private cloud, generally the user end points are targeted to get the data and enter the cloud.
Privacy is not a technical issue but more of legal and policy issue. Sometimes the organizations are not aware about how their information is being utilized leading to conflicts. Framework known as Safe Harbor privacy principles is defined by US and European trade commission which defines 7 principles (Chen, & Zhao, 2012). Few of them are like users must be informed about their data is being collected; also individual can also opt out from giving their data if they want, enforcement of rules, choice and consent are important, disclosure and disclaimers should also be used.
The discussion on the forum was definitely a platform where I was able to learn a lot. I have always believed that the learnings and the experiences of others is a great source of learning. In the forum, there were multiple ideas about the benefits and the challenges of cloud computing. It is correct that there are various risks and challenges of cloud computing. However, it is also correct that the benefits of cloud computing outweighs the risks or the challenges of cloud computing (Ullah & Khan, 2014). The logical closure of the discussion could be that the organizations should certainly focus on cloud computing. However, the organizations should have the strategy in place where the risks could be mitigated.
The discussion forum was very informative and a good discussion happened on the forum. However, I believe that the issue of privacy for the employees working in the organization could have been discussed more. The issues for cloud computing could be addressed from employees perspective as well as the organizational perspective (Sen, 2013). The detailed analysis of the issues would have helped the individuals to have a holistic and 360 degree view of the issues associated with the cloud computing.
One of the negative impacts of this issue in real world is that the mid size and the small organizations does not fully realize the serious privacy challenges that occurs due to cloud computing. It is important that the organizations should also include employees while developing and implementing the policies and strategies for cloud computing. The employees must be made aware about the probable cause of risks in the system.
Types of Security Threats
I can say that I have learned a lot in the discussion forum. The cloud computing is definitely a way forward for organizations. However, it is important that the organizations should be aware of all the risks and challenges of cloud computing. I would say that the privacy risks of users is one of the biggest challenge that the organizations should address. When I look back and reflect, I realize that I have gained a lot from this discussion forum. There were certain things that I was not aware of. I knew the risks of cloud computing but my information was at a high level. With this discussion forum I was able to understand the small intricacies in the implementation of cloud computing. I have also learned that the small organizations and the mid-size organizations can also use cloud computing.
To conclude, Cloud computing is the latest technology that promises immense benefits however there is lot of research which is still required in this area as many of the concerns related to security and privacy issues are not been answered by the experts and remains open. However, there are lot of research and investment in the area by the Information technology giants like Microsoft, Google, Cisco, IBM in this area and the day is not far when the cloud will widespread adopted and all the security and privacy issues will be handled. This report discussed about the various types of cloud service models and the risk associated with each of that. Apart from it, famous DDOS attack of 2013 also discussed and weakness of application layer is leading to attacks. I would like to say that I look forward for these types of discussion where I get a platform to gain more from the knowledge and experiences of people around me. It is expected that the use of cloud computing would increase in the coming team.
Bakshi, A., & Dujodwala, Y. B. (2010, February). Securing cloud from ddos attacks using intrusion detection system in virtual machine. InCommunication Software and Networks, 2010. ICCSN’10. Second International Conference on (pp. 260-264). IEEE.
Chen, D., & Zhao, H. (2012, March). Data security and privacy protection issues in cloud computing. In Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on (Vol. 1, pp. 647-651). IEEE.
Hamlen, K., Kantarcioglu, M., Khan, L., & Thuraisingham, B. (2012). Security issues for cloud computing. Optimizing Information Security and Advancing Privacy Assurance: New Technologies: New Technologies, 150.
Pearson, S. (2009, May). Taking account of privacy when designing cloud computing services. In Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing (pp. 44-52). IEEE Computer Society.
Rong, C., Nguyen, S. T., & Jaatun, M. G. (2013). Beyond lightning: A survey on security challenges in cloud computing. Computers & Electrical Engineering, 39(1), 47-54.
Sen, J. (2013). Security and privacy issues in cloud computing. Architectures and Protocols for Secure Information Technology Infrastructures, 1-45.
Shaikh, F. B., & Haider, S. (2011, December). Security threats in cloud computing. In Internet technology and secured transactions (ICITST), 2011 international conference for (pp. 214-219). IEEE.
Ullah, K., & Khan, M. N. A. (2014). Security and Privacy Issues in Cloud Computing Environment: A Survey Paper. International Journal of Grid and Distributed Computing, 7(2), 89-98.
Zhou, M., Zhang, R., Xie, W., Qian, W., & Zhou, A. (2010, November). Security and privacy in cloud computing: A survey. In Semantics Knowledge and Grid (SKG), 2010 Sixth International Conference on (pp. 105-112). IEEE.