Cloud Computing Challenges

Download PDF
3 downloads 711 Views 386KB Size Report
Comment
Cloud Computing Challenges: A Review on Security and. Privacy Issues .... in common use today. They are presented below according to NIST definitions,. [5]:.
Cloud Computing Challenges: A Review on Security and Privacy Issues Maria M. Abur

Olumide S. Adewale

Sahalu B. Junaidu

Ahmadu Bello University (ABU), Mathematics Department, Zaria, Nigeria

Federal University of Technology, Department of Computer Science Akure, Nigeria

Ahmadu Bello University (ABU), Zaria, Mathematics Department, Zaria, Nigeria

[email protected]

[email protected]

sahalu.abu.edu.ng

ABSTRACT Information Technology (IT) has become a valuable, decisive and critical resource for individuals, communities, enterprises and organization. Though IT has reached every doorstep, its potentials have not been fully utilized. Due to the advancement of IT, Cloud computing is born. Cloud computing is Internet based computing, where resources, software, data and other wanted services are shared. It follows the procedure of paying for every usage of cloud resources including the distributing of hosted services via the Internet. Cloud computing has generated a very noteworthy interest in academia, businesses and industries like finance, energy, transport, Oil and Gas for it advantages like multitenancy, resource pooling, storage capacity, cost effectiveness, flexible infrastructural platform and the likes. However, it is still in its infancy and is associated with numerous challenges and users are skeptical about its authenticity. The Security and Privacy issues are deterring the acceptance of Cloud computing. This paper aims to provide a comprehensive review on cloud security and privacy issues that are preventing the wide adoption of cloud computing. The methodology adopted was the review of journal and conference publications on the challenges of cloud computing including security and privacy issues. Finally suggestions were made for future researchers to further carry out researches in the areas of data loss, data breaches and the likes, thereby providing solutions to eradicate completely these security and privacy issues highlighted in this paper. Thus enabling cloud users to conveniently use the cloud without any fear.

resources including the distributing of hosted services via the Internet. Cloud computing has generated a noteworthy interest in academia, businesses and industries like finance, energy, transport, Oil and Gas for its advantages like multi-tenancy, resource pooling, storage capacity, cost effectiveness, flexible infrastructural platform and the likes .However it is still in its infancy and is associated with numerous challenges and users are skeptical about its authenticity. This paper aims to provide a comprehensive review on cloud security and privacy issues that are preventing the wide adoption of cloud computing. Thus encouraging more researchers in this area, to carryout researches and come up with effective and efficient solutions in other to tackle these issues. The remaining sections of the paper are structured as follows: Importance of cloud computing usage, Cloud Computing Service Model, Cloud Computing Deployment Model, Challenges of cloud computing and Privacy issues and Methodology.

2. IMPORTANCE OF CLOUD COMPUTING USAGE Cloud computing is an evolving area of distributed computing that proposes many potential benefits to organizations (e.g. Academia, Businesses and the likes) by making information technology facilities available as a service. The significance of cloud computing cannot be overemphasized. Below are the benefits of cloud computing as identified and explained by [8]:

General Terms

2.1.1 Resource pooling: The provider’s computing resources

Security, Design, Algorithms, Management, Reliability Human Factors and Legal Aspects.

are pooled to help numerous consumers, using a multitenant model with different physical and virtual resources dynamically allocated and reallocated according to customer demand.

Keywords Information Technology, Cloud Computing, Resources, Security and Privacy.

1. INTRODUCTION Information Technology (IT) has become a valuable, decisive and critical resource for individuals, communities, enterprises and organization. Though IT has reached every doorstep, its potentials have not been fully utilized, [3]. Due to the advancement of IT, Cloud computing is born. Cloud computing is Internet based computing, where the resources, software, data and other wanted services are shared. It follows the procedure of paying for every usage of cloud

2.1.2 Rapid elasticity: Capabilities could be fast and elastically provisioned in some cases automatically to quickly scale out; and rapidly released to quickly scale in.

2.1.3 Measured service: Resource usage can be checked, controlled, and reported providing transparency for both the provider and consumer of the service.

2.1.4 On-demand self-service: A customer could unilaterally provide computing capabilities such as server time

and network storage as needed automatically without needful human interaction with a service provider.

Cloud Clients Web browser, Mobile app, terminal emulator and the likes.

2.1.5 Broad network access: Capabilities are available over the network and retrieved through standard mechanisms.

3.1 CLOUD COMPUTING SERVICE MODELS The following Cloud computing service models have different strengths and are appropriate for different Users and business purposes. There are three major Service models in common use today. They are presented below according to NIST definitions, [5]:

3.1.1 Software-as-a-service (SaaS): The consumer uses the provider’s applications, which are hosted in the cloud.

3.1.2 Platform-as-a-service (PaaS): Consumers deploy their own applications (home-grown or acquired) into the cloud infrastructure. Programming languages and application development tools used must be supported by the provider.

3.1.3 Infrastructure-as-a-service (IaaS): Consumers are able to provide storage, network, processing and deploying resources, and controlling arbitrary software, ranging from applications to system software. For each service model, consumers have different degrees of control over the infrastructure management. In the SaaS model, control is normally narrowed to user-specific application configuration settings. PaaS provides control over the deployed applications, and perhaps application hosting environment configurations. IaaS provides control over operating systems, storage and deployed applications. Figure 1 describes the cloud computing service models.

Software as a service (SaaS) Email, virtual desktops, games and the likes

Platform as a service (PaaS) Execution runtime, database, web server, development tools and the likes

Infrastructure as a service (IaaS) Virtual machines, servers, storage, load balancers, network and the likes

Figure 1: Cloud computing service models

3.2 CLOUD COMPUTING DEPLOYMENT MODELS Another relevant concept of cloud computing is the cloud deployment models. The most recognized are the following four (Public, Private, Community and Hybrid), but it is important to note that other models can be developed from them.

3.2.1 Public: Resources are usually available to the general public via the Internet. In this case, “public” characterizes the scope of interface accessibility, not whether or not resource usage is charged. This environment emphasizes the benefits of scalability, rationalization and operational simplicity (since the environment is hosted by a third party, i.e., the cloud provider). The main issue is security, since the environment is shared and managed by the cloud provider, and, accordingly, the consumer/subscriber has little control over it.

3.2.2 Private: Resources are accessible within a private organization. This environment emphasizes the benefits of scalability, integration, and optimization of hardware investments. The main issue is operational complexity, since the environment is hosted and managed by internal resources.

3.2.3 Community: Resources on this model are shared by several organizations with a common mission. It may be managed by one of the organizations or a third party [5].

3.2.4 Hybrid: This model combines the techniques of public Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Conference’10, Month 1–2, 2010, City, State, Country. Copyright 2010 ACM 1-58113-000-0/00/0010 …$15.00.

and private clouds. A private cloud can have its local infrastructure supplemented by computer capacity from a public cloud [12]. The benefits and challenges of the hybrid cloud is a combination of the items above.

4. CHALLENGES OF CLOUD COMPUTING There are many security challenges hindering the acceptance of cloud computing and these challenges are either directly affecting the deployment models, service models or networks. They include: lack of data security such as; Cloning and Resource Pooling, Motility of Data and Data residuals, Elastic Perimeter, Shared Multi-tenant Environment, Unencrypted Data,

Authentication and Identity Management, Data Leakage and consequent problems, Malicious Attacks, Backup and Storage, Shared Technological issues, Service Hijacking, Virtualized Machine (VM) Hopping, VM Mobility, VM Denial of Service, Browser Security, SQL Injection Attack, Flooding Attacks, Locks and the likes. These challenges are further categorized into various groups by [6] as represented in figure 2. Some other security threats are phishing, password cracking and botnets.

Figure 2: Classification of Security Challenges. Source: Parekh et al. (2013)

5.0 PRIVACY ISSUES IN CLOUD COMPUTING

affecting the cloud are highlighted in figure 3 and discussed below. Law

Access

Data privacy is about securing the personal identifiable information (PII) of users. Personally identifiable information (PII) is any information that could be used to identify a particular individual. PII can be sensitive or non-sensitive. Non-sensitive PII is information that can be transmitted in an unhidden form. PII are easily found in the cloud computing services because of privacy issues [7]. Once a Cloud provider knows the PII (Name, Student number, Staff ID, Address, email and so on), it becomes a problem to the user. Privacy issues have existed for a long time in the cloud. Though many law acts have been published to protect user’s individual privacies as well as business secrets, but still, these acts do expire and becomes inapplicable to such scenarios, as where a new relationship between users and cloud providers (i.e. three parties) raises [11]. Personal Information should be managed as part of the data used by an organization, [2]. Privacy is an important characteristic that has to be considered in every system. Privacy of cloud system is a serious concern for the Cloud users. Considering the privacy within the cloud there are numerous threats to the user’s sensitive data on cloud storage, [1]. Hence, the need to tackle privacy related issues for the ease of transferring data to and fro the cloud. The main privacy issues

Compliance

Storage

Privacy Issues

Privacy Breaches

Destination

Retention

Audit Monitoring

Figure 3: Main privacy issues affecting cloud computing

5.1 Main Privacy issues affecting the Cloud

7. CONCLUSION

5.1.1 Access.

Cloud computing is becoming more attractive to many organizations due to the fact that it provides numerous computing services as cloud storage, cloud hosting, cloud servers and the likes. Though, there are numerous benefits of cloud computing, governments and big organizations (academia and businesses) are concerned about security and privacy issues in the cloud. Privacy of cloud system is a serious concern for the customers. More researchers are invited in this area to provide solutions to manage the security and privacy issues highlighted in this paper. Hence enabling cloud users to conveniently use the cloud without any fear.

Cloud providers have the ability to access the individual’s data in the cloud. Confirmation after deletion must be given to the user when there is a deletion request. Normally, the confirmation given by the providers do not satisfy the cloud users.

5.1.2 Compliance. The list of applicable laws, regulations, standards and contractual commitments govern cloud data. There are many acts available to protect the data like Electronic communication Privacy Act (ECPA), USA Patriot Act (UPA) and the likes. Sometimes, to maintain the law and order in the country, cloud user’s data may be needed by the government. In this situation, the above acts fail to maintain the privacy [11].

5.1.3. Storage. This indicates the physical location of user’s data in the cloud; there are many physical locations available throughout the world. Many organizations are not comfortable with storage of their data far away from their organizations, [10]. Storing data in different data centers of different locations, may lead to unauthorized access and usage. Perfect guarantee is not given by the cloud providers due to the transparency of data.

8. ACKNOWLEDGMENTS We thank Peter Abur and the entire staff of Institute of Computing & ICT, Ahmadu Bello University for their support.

9. REFERENCES [1] Aldeen, Y. A. Salleh M. & Abdur Razzaque M. 2015. “A Survey Paper on Privacy Issue in Cloud Computing”. Research Journal of Applied Sciences, Engineering and Technology 10(3):328-337.

5.1.4. Retention.

[2] Arockiam, L. Parthasarathy G. & Moikandan S. 2012. Privacy in Cloud Computing: A survey, Journal of Computer Science & Information Technology (CS & IT) 6(3):21-330.

This indicates the duration of the data storage .The stored data must be deleted automatically after the completion of the specified duration. Otherwise, privacy issues will rise.

[3] Bhardwaj M. and Singh, A. J. 2011. Automated Integrated University Examination System, Himachal Pradesh University Journal.

5.1.5. Destruction.

[4] Mather T., Kumaraswamy S., Latif S. 2009.”Cloud Security and Privacy, An Enterprise Perspective on Risks and Compliance”, O’Reilly Publications, First Edition, ISBN: 978-0-596-80276-9, pp149-150.

This type of issue is associated with the deletion of data from the cloud. Providers do not have the rights to delete data, without getting permission from the cloud user.

5.1.6. Audit and Monitoring. It is the way of watching the cloud providers by the cloud users. Since, cloud providers are not monitored properly, it leads to the improper use of user’s data.

5.1.7. Privacy breaches. If there is any mischievous act with the cloud user data, cloud user must be able to identify it, [4]. The absence of identifying the breach will cause a drawback in the business. Here, the real time attack happened on the user data in the Google Service Provider. In Google, the IT Giant faced the hacker’s attack in the January 2010 from China. So, they decided to close their large internet market in China, because the attacks were well organized and dangerous, [1]:

5.1.8. Law. Technology is improving day after day. Whenever the technology changes, the issues related to technology are also changing. But the law governing the issue is not updated regularly. All the policies stated by the cloud provider should be transparent otherwise the cloud user will not understand the policies clearly.

6. METHODOLOGY We reviewed some Journal and Conference publications on the challenges of cloud computing including security and privacy issues.

[5] Mell P. & Grance T. 2011. “The NIST Definition of Cloud Computing,” NIST Special Publication 800-145 (draft), pp. 1–7. [6] Parekh D. H. and Sridaran, R. 2013. “An analysis of Security Challenges in Cloud Computing”. International Journal of Advanced Computer Science and Applications, 4(1):38-46 [7] Pearson S. 2011 “Taking account of privacy when designing cloud computing services”, HP Laboratories, Tech. Rep. HPL- 2009-54, 2009, http://www.hpl.hp.com/techreports/2009/HPL200954.pdf.retrieved. [8] Radack, S. 2012. A review of features, benefits, risks and recommendations for secured efficient implementations. NIST Special Publication (SP) 800-146 (draft), pp1-7. [9] Rui M. E., Rong C., (2009): ”Social Impact of Privacy in Cloud Computig”, in Proc. of 2nd IEEE International Conference on Cloud Computing Technology and Science pp 593-596. [10] Takabi, H. 2010: “Security and Privacy Challenges in Cloud Computing Environments”, The IEEE Computer and Reliability Societies, pp 24-31. [11] Zhou M., 2008: “Security and Privacy in Cloud Computing: A Survey”, in Proc. of Sixth International Conference on Semantics, Publications, First Printing, pp149-150.

[12] Sotomayor B. 2009. “Virtual Infrastructure Management in Private and Hybrid Clouds,” IEEE Internet Computing, vol. 13, no.5, pp14-22.