Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 6, Issue 1, January 2016). 315. Security Issues and ... A business will secure cloud- hosting services through a cloud host provider which could .... [4] Jinesh varia,â AWS Cloud Security Best Practicesâ,âWhite Paperâ,. November 2013.
International Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 6, Issue 1, January 2016)
Security Issues and Challenges in Cloud Computing : A Brief Overview Asoke Nath1, Kanij Fatema Aleya2, Madhumita Santra3, Supriya Maji4 1,2,3
Department of Computer Science, St. Xavier’s College(Autonomous), Kolkata, India This service called ―Software as a Service (SaaS)‖, and the former service has recently been called ―Infrastructure as a Service (IaaS)‖. To take advantage of computing and storage resources provided by cloud infrastructure providers, data owners outsource more and more data to the datacenters through cloud service providers, e.g., the online storage service provider, which are not fully trusted by data owners. As a general data structure to describe the relation between entities, the graph has been increasingly used to model complicated structures and schema less data, such as the personal social network (the social graph), the relational data base, For the protection of users’ privacy, these sensitive data have to be encrypted before outsourcing to the cloud. Moreover, some data are supposed to be shared among trusted partners to all organizations. There have been lot of attacks on cloud computing and this paper discuss about the attacks and solution of the attacks.
Abstract— Cloud computing is a model which uses combine concept of “software-as-a-service” and “utility computing”, provide convenient and on-demand services to requested end users. Security in Cloud computing is an important and critical aspect, and has numerous issues and problem related to it. Cloud service provider and the cloud service consumer should make sure that the cloud is safe enough from all the external threats so that the customer does not face any problem such as loss of data or data theft. There is also a possibility where a malicious user can penetrate the cloud by impersonating a legitimate user, thus infecting the entire cloud and affects many customers who are sharing the infected cloud. The authors have listed the parameters that affect the security of the cloud then it explores the cloud security issues and problems faced by cloud service provider and cloud service consumer such as data, privacy, and infected application and security issues. Keywords— computing.
Iaas,
Paas,
Saas,
cyber
attack,
Cloud
Overview of cloud computing
I. INTRODUCTION
A. Essential Characteristics of Cloud Computing: The cloud computing comprises of the following characteristics:
Since late 90s and even today, academicians, web developers, solution architects or anyone involved in web development use the symbol of cloud to represent Internet on board or on paper. The most widely used metaphor for Internet is cloud. Cloud computing has derived its name from the same line of thinking. Cloud computing is a very new and innovative technology being used in today’s business scenario. With cloud computing, don’t need to make large upfront investments in hardware and spend a lot of time managing that hardware. Instead, we can provision exactly the right type and size of computing resources we need to power our newest bright idea or operate our IT department. With cloud computing, we can access as many resources as we need, almost instantly, and only pay for what we use. In the increasingly prevalent cloud computing, datacenters play a fundamental role as the major cloud infrastructure providers, such as Amazon, Google, and Microsoft Azure. Datacenters provide the utility computing service to software service providers who further provide the application service to end users through Internet.
On-demand capabilities: A business will secure cloud- hosting services through a cloud host provider which could be our usual software vendor. We can access services and have the power to change cloud services through an online control panel or directly with the provider.we can add or delete users and change storage networks and software as needed. Broad network access: We can access business management solutions using our smartphones, tablets, laptop, and office computers. we can use these devices wherever we are located with a simple online access point. This mobility is particularly attractive for businesses so that during business hours or an off-times, employees can stay on top of projects, contracts, and customers whether they on the road or in the office.
315
International Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 6, Issue 1, January 2016) Broad network access includes private clouds that operate within a company’s firewall, public clouds, or a hybrid deployment.
Front End The front end refers to the client part of cloud computing system. It consists of interfaces and applications that are required to access the cloud computing platforms, Example - Web Browser.
Resource pooling: The cloud enables our employees to enter and use data within business management software hosted in the cloud at the same time, from any location and at any time.
Back End The back End refers to the cloud itself. It consists of all the resources required to provide cloud computing services. It comprises of huge data storage, virtual machines, security mechanism, services, deployment models, servers, etc.
Rapid elasticity: If anything, the cloud is flexible and scalable to suit our immediate business needs. We can quickly and easily add or remove users, software features, and other resources.
D. Types of Services provided by cloud These services are broadly divided into three categories: 1. Infrastructure-as-a-Service (IaaS) 2. Platform-as-a-Service (PaaS) 3. Software-as-a-Service (SaaS).
Measured services: Going back to the affordable nature of the cloud, we only pay for what we use. We and our cloud provider can measure storage levels, processing, bandwidth, and the number of user accounts and we are billed appropriately. the amount of resources that we may use can be monitored and controlled from both our side and cloud provider’s side which provides transparency.
Infrastructure-As-A-Service (IAAS): Infrastructure-as-a-Service (IaaS) provides virtual servers with unique IP addresses and blocks of storage on demand. Customers can pay for exactly the amount of service they use, like for electricity or water, this service is also called utility computing.
B. Types of cloud Public Cloud : The public cloud allows systems and services to be easily accessible to the general public. Public cloud may be less secure because of its openness.
Platform-As-A-Service (PAAS) Platform-as-a-Service (PaaS) is a set of software and development tools hosted on the provider's servers. Google Apps is one of the most famous Platform-as-a-Service providers. This is the idea that someone can provide the hardware (as in IaaS) plus a certain amount of application software - such as integration into a common set of programming functions or databases as a foundation upon which we can build our application. Platform as a Service (PaaS) is an application development and deployment platform delivered as a service to developers over the Web. It facilitates development and deployment of applications without the cost and complexity of buying and managing underlying
Private Cloud The private cloud allows systems and services to be accessible within an organization. It is more secured because of its private nature. Hybrid Cloud The hybrid cloud is a mixture of public and private cloud, in which the critical activities are performed using private cloud while the non-critical activities are performed using public cloud. C. Cloud Computing Architecture Cloud Computing architecture comprises of many cloud components, which are loosely coupled. We can broadly divide the cloud architecture into two parts: Front End Back End Each of the ends is connected through a network, usually Internet.
Software-As-A-Service (SAAS): Software-as-a-Service (SaaS) is the broadest market. In this case the provider allows the customer only to use its applications. The software interacts with the user through a user interface.
316
International Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 6, Issue 1, January 2016) These applications can be anything from web based email, to applications like Twitter or Last.fm. This is the idea that someone can offer us a hosted set of software (running on a platform and infrastructure) that we don't own but pay for some element of utilization - by the user, or some other kind of consumption basis. we don't have to do any development or programming, but we may need to come in and configure the (very flexible, configurable and sometimes customizable) software.
So there is a much probability of data can be stolen from the external server. Thirdly, Data loss is a common problem in cloud computing. If the cloud computing service provider shut down his services due some financial or legal problem then there will be a loss of data for the user. Moreover, data can be lost or damage or corrupted due to miss happening, natural disaster, and fire. Due to above condition, data may not be accessible to users. Fourthly, data location is one of the issues what requires focus in a cloud computing environment. Physical location of data storage is very important and crucial. It should be transparent to user and customer. Vendor does not reveal where all the data’s are stored. privacy Issues: Confidentiality is very important in cloud computing. Because everything is handled by a third party. So cloud computing service provider must make sure that the customer personal information is well secured from other providers, customer and user. a client can encrypt data stored on a cloud to ensure privacy, but this is not possible. Most of the cloud computing is virtual machines where a client computation is executing. As most of the servers are external, the cloud service provider should make sure who is accessing the data and who is maintaining the server so that it enable the provider to protect the customer’s personal information. Infected Application: cloud computing service provider should have the complete access to the server with all rights for the purpose of monitoring and maintenance of server. So this will prevent any malicious user from uploading any infected application onto the cloud which will severely affect the customer and cloud computing service.
II. SECURITY IN CLOUD COMPUTING The cloud is the delivery of on-demand computing resources on a pay for on demand services. So security is the big issues in cloud computing because everything is handled by a third party. A. Security issues: Cloud computing security must be done on two levels. One is on provider level and another is on user level. Cloud computing service provider should make sure that the server is well secured from all the external threats it may come across.A cloud is good whenever good security is provided by the servce provider. The cloud service provider for cloud makes sure that the customer does not face any problem such as loss of data or data theft. when a malicious user can access the cloud by act as a legitimate user, there by infecting the entire cloud. This leads to affects many customers who are sharing the infected cloud. There are four types of issues raise while discussing security of a cloud. 1. Data Issues 2. Privacy issues 3. Infected Application Data Issues: sensitive data in a cloud computing environment emerge as major issues with regard to security in a cloud based system. Firstly, whenever a data is on a cloud, anyone from anywhere anytime can access data from the cloud since data may be common, private and sensitive data in a cloud. So at the same time, many cloud computing service consumer and provider accesses and modify data. Thus there is a need of some data integrity method in cloud computing. Secondly, data stealing is a one of serious issue in a cloud computing environment. Many cloud service provider do not provide their own server instead they acquire server from other service providers due to it is cost affective and flexible for operation and cloud provider.
B. Solution of Security Issues: Find Key Cloud Provider: Different vendors have different cloud IT security and data management. So the first thing have to do is to find out the right cloud provider. A cloud vendor should be well established, have experience, standards and regulation. So there is not any chance of cloud vendor closing. Clear Contract : Recovery Facilities Cloud vendors should provide very good recovery facilities. So, if data are fragmented or lost due to certain issues, they can be recovered and continuity of data can be managed.
317
International Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 6, Issue 1, January 2016) Contract with cloud vendor should be clear. So if cloud vendor closes before contract, enterprise can claim.
There are many new technologies emerging at a rapid rate, each with technological advancements and with the potential of making human’s lives easier. However, one must be very careful to understand the security risks and challenges posed in utilizing these technologies. Cloud computing is no exception. In this paper key security considerations and challenges which are currently faced in the Cloud computing are highlighted. Cloud computing has the potential to become a frontrunner in promoting a secure, virtual and economically viable IT solution in the future.
Better Enterprise Infrastructure: Enterprise must have infrastructure which facilitates hardware components such as firewalls, routers, servers, proxy servers and software such as operating system, thin clients, etc. Also should have infrastructure which prevents from cyber attacks. Use of Data Encryption for security purpose: Which provides encrypted data for the security developers should develop the application. So additional security from enterprise is not required and all security burdens are placed on cloud vendor. IT leaders must define strategy and key security elements to know where the data encryption is needed.
REFERENCES [1]
[2]
Prepare chart regarding data flow : There should be a flowchart of data. So the IT managers can have idea where the data is for all the times, where it is being stored and where it is being shared. So there should be total analysis of data.
[3]
IV. CONCLUSION AND FUTURE SCOPE
[4]
Cloud computing is a combination of several key technologies that have evolved and matured over the years. Cloud computing has a potential for cost savings to the enterprises but the security risk are also enormous. Enterprise looking into cloud computing technology as a way to cut down on cost and increase profitability should seriously analyze the security risk of cloud computing. The strength of cloud computing in information risk management is the ability to manage risk more effectively from a centralize point. Although Cloud computing can be seen as a new phenomenon which is set to revolutionize the way we use the Internet, there is much to be cautious about.
[5]
[6] [7]
[8] [9]
318
Ms.Gunjan Kotwani, Mr. Pawan Kalyani, Applicability of Open Source Software (OSS) with Cloud Computing in International Journal of Inventive Engineering and Sciences (IJIES) ISSN: 2319– 9598, Volume-1, Issue-10, September 2013. Gurudatt Kulkarni, Ramesh Sutar.Jayant Gambhir/ International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue 1, Jan-Feb 2012, pp.117-125 International Journal of Computer Science Trends and Technology (IJCST) – Volume 2 Issue 3, May-Jun 2014 Survey Paper on Basics of Cloud Computing and Data Security Jasleen Kaur1, Ms.Anupma Sehrawat2, Ms.Neha Bishnoi3. Jinesh varia,‖ AWS Cloud Security Best Practices‖,‖White Paper‖, November 2013 International Journal of Computer Science Trends and Technology (IJCST) – Volume 3 Issue 5, Sep-Oct 2015 Cloud Computing: An Outlook Jayanti Goyal Assistant Professor Cloud Security Alliance. Security gui dance for critical areas of focus in cloud computing(v2.1). Decemeber, 2009. Pearson, S. and Azzedine Benameur, ―Privacy, Security and Trust Issues Arising from Cloud Computing‖ in 2010 IEEE Second International Conference Cloud Computing Technology and Science (CloudCom),Nov 30-Dec 3,2010, page(s): 693-702. http://www.techrepublic.com/resource-library/whitepapers/securityissues-and-their-solution-incloud-computing/ Jinzhu Kong, ―A Practical Approach to Improve the Data Privacy of Virtual Machines‖ 2010 IEEE 10th International Conference on Computer and Information Technology (CIT), June 29 -July 1 ,2010, pp. 936-941.
