Cloud computing is the most recent technology in the Information technology industry which a lot of companies and government are putting much concern to ...
2011 European Cup, IT Security for the Next Generation Technical Topics: “In the Cloud”-Security
“Trust and privacy concern in the Cloud”
Mohammad Monsef
Namjit Gidado
2010, Msc Technology Management
2010, Msc Business Information Systems
School of Computing, Information Technology and Engineering
School of Computing, Information Technology and Engineering
University of East London
University of East London
Professor Hamid Jahankhani Professor of information Security and Digital Criminology Associate Dean- Academic and Collaborative
1
Abstract Cloud computing is the most recent technology in the Information technology industry which a lot of companies and government are putting much concern to make sure that they have benefited from this new innovation. However, the comfort of this innovation is still shaking and a lot of companies are now suffering from still storing their sensitive data in their data centers instead of storing them in the cloud as well. This research will be looking at the trust and privacy concern as the major player in the participation of the cloud and these factors have played a vital role in reducing full patronage of companies in the cloud business. Ideas and different architectures will be discussed to see how the industry has gone to overcome such doubt and as well as proffering solutions to the customers for their comfort and the providers as well. Some providers and incidences could be brought on board to discuss and how these disasters will be handle by both the customers and their providers.
2
1.0
Introduction
Cloud computing has been defined by many authors and researchers within this context but most commonly used definition is by (Mather, et al, 2009) that is ‗defined as a means by which highly scalable, technology-enabled services can be easily consumed over the internet on an as-needed basis‘. This new paradigm has attracted a lot of interest from academics businesses and virtually the governmental industries across the globe and it is the new computing field with the ongoing technology in place. Cloud computing has given a lot of opportunities to most enterprises within the IT industries and some corporate organizations most especially within the developed countries. However, these opportunities do come with some challenges. Today the major concern of cloud computing is the TRUST and how this trust can be built within the context of allowing your infrastructures, sharing your applications and hardware etc in an environment that you do not know and what is the faith of the data you have in the hands of someone. This challenge has been a case of worries in the minds of most business owners know as customers. Some providers have instituted SLA (service level agreement) to resolve these issues but the doubt has been in the minds of most customers most especially those that have entrusted their sensitive data to these environments. The challenge does not only end within the technology but it as well led to the transparency of their transactions and loses of control of their data and unclear security assurance. These problems are beyond the technology of bringing any gadgets as firewalls to safeguard the data but the confidence and trust to the third party in handling of their sensitive data. This has led to the most organizations deciding to keeping their sensitive data locally and use cloud to store less sensitive data. Based on the services the providers provide from application service provisioning, grid and utility computing, to software as a service. Regardless of this specific architecture, the most overarching concept of this computing is that the model that is customer‘s data which can be of individuals, organizations or enterprises are processed remotely in unknown machines that users do not own or operate. This has eventually come up with the privacy and security risks. This paper entails to stress the security and privacy problem in the cloud. Many have designed ways to prevent these problems like three tier data protection architecture to accommodate various needs from different users (Squicciarini, et al, 2010).This is in essence user could be able to identify different access privileges over the sensitive and non sensitive parts of their data files thereby request of different levels of privacy protection (Squicciarini, et al, 2010) placed emphasis on their architecture because it has a lot of advantages it has over most of the researcher. Their architecture relies solely on the end users rather than relying on the trusted architecture of the computing. There is as well authentication of server thereby leveraging on SAML infrastructures. SAML are used to ensure users and server authentication. This approach as well does not require any encryption approach because it allows the users‘ direct access to it this will reduce the cost of providing the service provider to apply any encryption based approach. In 2009 Google experience an attacked originated from China in their infrastructures in the cloud which infiltrated infrastructures of at least 20 others largest companies around the globe. Some valuable information in the cloud could equally be stolen and the worse aspect of it is that, providers of cloud would not expose themselves by notifying the customers about the security breach of such attacks if it happened. Many reports have indicated that many businesses hide malicious acts and cybercrimes that have been perpetrated within their terrain just to avoid embarrassment. The CEO of Google had promised to work with the Tsinghua University on cloud related academic program. However, for this China based hacker on the cloud had made the CEO to revoke the intentions and made the company to withdraw operations in China.
3
2.0
Trust
Before we go further, let us quickly look at the context of TRUST both in business point of view and the technological points of view as well. TRUST is simply meaning act of faith that relies on confidence that something will surely be delivered as promised (Khaled, 2010). We however, give less trust to system if it gives us less or insufficient information that we required about its expertise. Trust is always made only if sufficient services and expectation is attained. We as well trust system if we have much control over our assets, example, we trust ATM because we have confidence that it will give us the exact amount we want to withdraw and we have control over our money. Unlike when we use ATM to deposit money we are not having control; over our money after we must have allowed the machine to consume the money. This is also the same feeling the consumer have over their data in the cloud (Khaled, 2010). It is a challenge customers always feel that providers earn their customers trust when they know well that the third party is processing sensitive data in a remote machine located in various countries? (Khaled, 2010). However, providers use SLA (service level agreement) to build trust but this does not work for most of the customers. Trust in cloud computing is related more preventing a trust violation than guaranteeing compensation, should a violation occur. Most enterprises, a security breach of data is irreparable as this no amount of money can guarantee to restore the lost of data or the enterprise‘s reputation. Imagine a company named SoftCom that handles so many of healthcares related digital images of its clients. The image is very sensitive and the clients are expecting the confidentiality and privacy from this company. It involved using CloudX a public provider located in Boston, for processing of images using the SoftCom image software on a remote application server. Image processing tasks is as well filtering and searching that imagepro does not support but that CloudX‘s filter and search systems can perform. The consumer‘s perception is that a cloud is generally less secure than in-house system, but better transparency could help address this issue. Data store in a cloud provider‘s devices isn‘t located on a single machine in a single location. Cloud providers could form security enclaves for their consumers, as is widely practiced in the defense industry. An enclave is a set of computing environment connected by one or more networks that a single authority controls using a common security policy. Enclave could provide a set of standards capabilities, such as incident detection and response, boundary, defense and monitoring. They could be specific to an enterprise or to a set of similar services consume. At the same time, providers could also compartmentalize users‘ data so that it is not mixed up with other users‘ data. This would solve the problem of cross –VM-channel attacks. Cloud providers could as well prevent attackers from creating cloud cartography of the enclave by refusing to disclose the mapping of the physical topology of the cloud computing for a service or users. In an enclave, it is easier to enforce the enterprise‘s security policy because you are only dealing with the part of the cloud related to the client data or processes, rather than the entire cloud.
4
3.0
Architectures of cloud computing
There are many different architecture in the literature. This research is concentrating on two service layers, the bottom resource layers and the upper service layers. The lower layers consist of virtual resource layer and the physical resource layer while the upper layer consist of software as a service(SaaS), platform as a service (PaaS) and infrastructure as a service(IaaS) as shown on Figure 1. The infrastructures as a service in the architecture supplies computing resources and storage resource for users. In case of any particular service constraints, IaaS provides an intermediate platform to run arbitrary operating systems and software. Platform as a service is in the middle part of the cloud layer which gives users better performance a more personalized hardware and software services and a lot of infrastructure module such as infrastructure module, distributed data module, the user registration module, billing module etc. These modules could be used as a service (SaaS). SaaS provides application which is closest to the user‘s services and allows deploying the software in a network environment so that the software can be run under a multi-user platform. Traditional Security computer and the network intrusions or attacks are now more possible to the cloud environment. However most of the service providers have proved beyond reasonable doubt their services are been protected without any fear like this to occur to any company‘s data. Most companies have decided to keep less sensitive data on the cloud and reserve the sensitive data to them (Chow, et al, 2009) It has been proven as well by Jericho Forum that it is much easier to lock down information entrusted into the third party than when information is to be managed in-house, because it is easier to enforce security via contract with online services than via the internal control.
Availability security, relies Critically on the applications and being available, one of the most prominent incidents of such security is the Gmail: one day outage in mid October 2008, Amazon S3: over seven hours‘ downtime on July 20 2008 and Flexi scale: 18 hours outage on October 31, 2008. The providers are confident that their uptime is comparable better when considering the in housed data centers in their companies. The CEO SAP Leo Apotheker attests that there are some of the operations like SAP you can‘t run on the cloud: If tried, the cloud will definitely collapsed. Some functions like utility companies that runs their billings for over 50 million consumers (SearchSAP.com 11/24/2008). In some cases, there is more risk of one single failure when company subscribes a single point cloud provider. If anything happens with that provider, then, it will affect the data and whatever infrastructure within the providers platform. The legal implication being held by third party is somehow complicated and it is not well understood by many people. There is always lack of control and confidence when a third has held a secret. This has made a lot of private companies to build a cloud of their own in order to avoid such chaos taking place. In order to control data in the cloud to getting access to everyone there is a means to shift from protecting data from the outside (system and application which use the data) to protecting data from within. We call this approach of data and information protecting itself as information-centric (hht://news.cnet.com/2100-1030_3_6102793.html). This self protecting requires the effort of intelligence. Data needs to be encrypted and packaged with the usage policy in place.
5
Figure 1: PaaS Cloud based system model
A lot of argument about what and how you need to store in the cloud are always in concern when it comes to cost and as well as privacy concerns. Some don‘t believe in considering cloud based emails. But there are different ways this can be. You can run email in the cloud in any of the four architectures. On premises email-All email services are in corporate data centers: Most mid and large organizations run their email including their mail servers, gateways, client access server, internal router server, public folders, email filtering, mail box storage and archiving where necessary. In these cases IBM and Microsoft are the providers of these. Hosted email-All email servers are in hosted or cloud based email cloud provider: In this case two things happens either, someone else runs it or it runs on someone else‘s data centers. This includes some traditional outsourcers hosted Microsoft exchange providers like intermedia.net, Rackspace, AT & T Hosting & applications services. While cloud based on email has historical appealed to very small businesses? Hosted support service known as hybrid- Some email services run on the cloud: in this situation you keep mail boxes in an area where moving email filtering, archiving, or continuity and management of cloud provider Slit-domain email- Some users run on premise, some in the cloud: in this case, you can keep your mobile executive and as well information workers in an on-premises email service and host your occasional users at a cloud based providers. In this case every user has the same domain while the email router split the domain (Schardler, 2009).
6
These architectures give customers a clearer room for a better decisions to think what sort of ideas to use while dealing with the providers and how comfortable they could be when using such architecture provided by the providers. Developing countries are well at the advantage of cloud computing because the cloud will allow them to have the same IT infrastructures in place as compared with the developed countries. This is so because the cost of maintaining the physical infrastructures is going to be effectively minimized there by enjoying the same services as to the standard of the world most advanced technologies. The advantage services to this are mostly health education and banking sectors (Economist, 2008). A lot of companies are not aware of the services rendered by cloud and most of these companies are fun of using tools to develop software rather than using the ones on the cloud. This is because they don‘t understand having this on the cloud is much easier to install. In the other hand as this software became much easier on the web this will generate more privacy concern to the users and potential users as well. Survey has carried it that, most cloud service organizations have less or little concern about the privacy involve with using cloud. This has made the whole users to be more skeptical about trusting the accessibility of most infrastructures from cloud. Recently some of the developing countries like Singapore, China and South Korea in April 2010less than 10% were confident about the security of their cloud. IDC 2008 has reported that security and privacy in the cloud was the most serious barriers to cloud adoption. This has caused many players to be cautious of storing most valuable data and personal information in the cloud.
3.1 Cloud trust challenges There is a high possibility of security threats in cloud IT infrastructures, because vendors store critical and confidential data in the cloud. In some cases, the clients require physically or virtually separated data and applications. Cloud providers can invest in better security controls through scale economies, but they can also develop standardized processes for regulatory compliance. Cloud providers endeavor to improve their offerings to meet clients‘ enterprise-grade security needs, but this might not be sufficient in some key sectors. For example, in the defense, aerospace, and brokerage industries, security and compliance requirements—which include the data‘s physical location—have made SaaS and hardware public clouds currently unacceptable.7 In a recent survey, 64 percent of respondents in the US federal government said security was their topmost concern in cloud computing.(Chabrow, 2009). The trust levels toward cloud computing in these sectors have, however, been improving. The launch of the federal cloud services portal for government agencies called Apps.gov is indicative of this shift. Vendors such as Google and Microsoft are close to obtaining accreditation for compliance with the Federal Information Security Management Act, making their cloud computing services acceptable for the public sectorRecently, Microsoft asked the US Congress to pass the Cloud Computing Advancement Act, which also calls for an update to the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act (Chakraborty, et al, 2010).
7
Cloud computing service providers and their attributes and ranking
Cloud computing Online traffic providers Salesforce.com Very High Enki Consulting Low EnterpriseDB Low Cloud9 Analytics Low Yahoo Zimbra Medium IB M Lotus Live Low Rackspace Cloud Medium Layered Technologies Low Sun Microsystems High GoGrid Low Amazon Very High Microsoft SQL Azure Very High CloudWorks Low Rackspace Cloud Medium Google Docs Very High 3Tera Low Vertica Low Absolute Performance Low Oracle High Google Apps Engine Very High Figure 2: Cloud computing service providers
Size of the company Large Small Medium Small Large Large Small Medium Large Medium Large Large Small Small Large Small Medium Small Large Large
Type of the Service SaaS IaaS IaaS IaaS IaaS SaaS IaaS IaaS PaaS PaaS SaaS IaaS IaaS IaaS SaaS SaaS IaaS SaaS SaaS PaaS
3.2.1 Amazon web service simple storage service Disasters S3 Amazon has suffered disasters that made customers to raise doubt on its storage services which has created 2 hours outage. This has made customers to lose grip and confidence in depending on the Amazon storage in the cloud in February 2008. It equally suffered 8 hours service outage in July 2008 causing outages at online companies that solely depend on S3 for file storage (Economist, 2008). Amazon was very proud of this facility and it has made the customers to be pleased with their operational performance for the past two years before 2008‘s incidence. Since S3 was launched in march 2006 a lot of companies have used this medium to outsourced most of their storage infrastructures to AWS including 37 signals, youOS, Smugmug, Elephant drive and jungle disc. Don Markskill the CEO of Smugmug who has fallen amongst the major customers of Amazon and has used S3 medium to stores its company‘s photo on it, was so defending AWS, the Amazon S3 service that their services is very reliable and dependable after such incidence. The CEO further reiterated that his faith on AWS has never encountered problems. In October, 2008 Amazon has moved its elastic compute cloud to (EC2) out of beta and finally published numbers on what its customers can expect in terms of reliability 99.95% uptime (E.Krangel, 2008) This has proven beyond reasonable doubt that it can strive. Now Amazon is striving well in the industry and it has fallen in the category of major companies that provide cloud computing in the world. 8
3.2.2 Solution to S3 cloud services Amazon has been known as one of the leaders in S3 services in the cloud despites its problems in 2008. This is not only happened with them alone a lot of giant cloud providers have also faced these challenges and customers trust have always been the case. Google as it renowned for its search engine, has taken its market share dominance into other areas of enterprise 2.0 (Whittaker, 2008). The most prominent application in the web such as Gmail and Google Apps which has been known to be cloud services has also faced the challenge of service outage which made a lot of its customers to be in a mess such as Twitters (Needleman, 2008). These outages instituted distrust in the minds of their customers because they are not sure if their valuable data is been protected and if yes, how will they be sure it‘s safe. Having said that, this research has look at different measures to make sure that, trust is embedded in the minds of the providers‘ users or customers. Therefore, different architecture were search and this research has supported the architecture of Yao (2010) which has model a trustworthy storage service that will build more trust to the minds of the customers. This need has necessitated the emergence of SSP (storage service providers) to create comfort to the customers. This application has created convenient interface for customers to have direct control of their data storage management in an unlimited capacity. However there are some disadvantages of using SSP in the cloud which is vulnerable to some two major areas of attacks. These are:
External Attack- This is where hackers break through the system and steal data, this kind of attack can be protected through the use of the traditional approaches which general techniques of generic umbrella of Intrusion tolerance (Wang, et al 2003).
Internal Attacks-This is where the malicious employee breaks into the system and steal information for profit benefit. Literature carries most of the malicious confidential data leakage internal (Dhillon, et al, 2010). However, this attack can be easily protected by the use of firewalls and antivirus etc.
This architecture has looked at these path critically and device a means of solving them, by instituting Trustworthy Storage Service (TSS). Simple data model has been built to analysis on confidentiality and integrity of the data outsourced to the data storage as well as prototype named Trustshope to illustrate the concept. There 3 parties actively participate in the design, these are the Key management service providers (KMSP), the trustworthy storage service (TSS) and the client computer.
Key Management Service Provider- manages, stores, issues and registers the key for the clients. The KSMP has the knowledge of the stored keys.
Storage Service Provider- the outsourcing data content are been encrypted and kept in the SSP. In this case, only the cipher text content is left with the SSP.
Client Computer- The client has the application installed in the machine called the Trsutstore which is holding the responsibility of conducting data outsourcing process by composing SSP and KMSP.
9
The architecture above is aimed at instituting trust to both the SSP and the KMSP by the client. The client has fully secured and trusted for sensitive data operations and computation. In the case of SSP and the KMSP they are both semi trusted, they aimed to only the services they claimed to provide certain access control are been instituted to both parties. In this case, both are little or no ideas about each other. They should not have access to knowing each other in whatever form. The client computer process sensitive data with encryption mechanism which the data is been transformed into two forms the cipher form and the key form. Then the cipher test form is then uploaded into SSP without the key form in this case the SSP would not be able to access the sensitive data uploaded by the client computer because of unavailability of the key form. The key form is been kept with the KMSP but it does not have the cipher text to do that. This idea of separating the cipher text form from the key form is not a new idea in the industry but it will institute trust into the minds of the customers. Yao (2010)
4.0 Virtualization technology and trusted computing technology According to a survey about cloud computing performed by Kelton Research at the January 2009, explain that the majority of enterprises (61 percent) are not implementing the cloud computing services at that time, and the enormous majority (84 percent) of them that currently depend on internal IT systems don‘t have any no strategy to change to cloud computing technologies. The survey shows that, by a 5 to 1 ratio, enterprises trust internal IT systems over cloud based technologies due to fear about security threats and loss of control of data and systems (Kelton, 2009) As a result the security is one of the most important issues that consumers need from cloud computing and considering. Usually these needs are divided in four categories: privacy, integrity, recoverability, and accessibility. For most of the cloud computing users data confidentiality is a factor that should be guaranteed. In general people and enterprises will not provide their sensitive data to the cloud providers. In general cloud computing services can be divided to three categories: software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS).
10
IaaS is a development of virtual private server; it depends strongly on the fundamental infrastructure: virtualization. Virtualization software is generally called hypervisor, it will provide the ability for a single server to host many guest virtual machines and guest virtual machines are provided to clients as a cloud computing service. The guest virtual machines allow the individual users and enterprises to install their own operating systems and software‘s not including the cost and difficulty of purchasing servers and setting them up and Clients can send their data to the virtual machines and provide their dedicated services (Kong, 2010). One of the key solutions to gaining the trust and make the cloud computing more secure is virtualization to accomplish data confidentiality for guest virtual machines. By applying this solution, even the infrastructure as service providers cannot access the private information of their customers. It is very important factor for the customers. The solution only emphasis on data confidentiality, Service provider can still easily control the availability and integrity of the customer‘s services and information. It can be apply by combining the machine virtualization technology with trusted computing technology to reach the privacy of the virtual machines; by running a customized operating system inside the Virtual machines, improve the costumer‘s data confidentiality against the service providers. This is base on type-1 hypervisor, such as Xen, which runs on bare hardware and hosts a privileged domain (called dom0) and a number of guest virtual machines (called guest VM). An application named Qemurunning in dom0 provides virtual platform and devices for guest VMs. Hypervisor can powerfully isolate the clients‘ memory from dom0‘s, mediate the IO accesses between Qemu and guest VMs to stop guest VM‘s data from being stolen and it needs to modify the guest kernel to remove all device drivers other than hard disk and network card drivers, disable ACPI and kernel BIOS calls, because dom0 may embed Trojan horses in these codes.
4.1 Virtualization Virtualization is the key features of cloud computing which refers to as abstraction of computer resources. Number of these virtualization technologies have been proposed and implemented, such as Xen, VMware. VMware is commercial software that implements full virtualization that has been developed in the University of Cambridge which is an open source project. This research has Xen which is to be compared with different technologies in the past and it has been accepted as the trusted computing technology in this generation. Xen hypervisor has been used in many commercial virtualization products; it acts as the engine of the Amazon Elastic Compute Cloud. A Xen-based system is made up of several items that work together: hypervisor, dom0 , user-space tools,domU ( guest VM ). The Xen hypervisor abstracts the hardware for the virtual machines, controls the execution of virtual machines as they share the common processing environment. Dom0 is a privileged VM, it runs a full-fledgedoperating system, it is always booted by the hypervisor. Dom0 is used for platform management. Xen supports two kinds of virtualizations: paravirtualization and fully virtualization. Fully virtualization needs Intel VT or AMD-V hardware supports, it can provide better isolation between VMs without the need to modify guest operating system.In our work, we use fully virtualized Xen VMs. Every fully virtualized VM requires its own Qemu daemon, which exist in dom0. In the existing Xen architecture, dom0 takes full control of all virtual machines running on the same host. When evaluate the trustworthiness of the guest VM, dom0 have to be included in the Trusted Computing Base (TCB), this implies that the system administrator must be trusted, which impairs the usefulness of Xen in clouding computing. 11
Conclusion It is very important to note here that customers should be 100% confident about the services and interactions they have with their providers in term of security, integrity and trust. If customers would be assured that their special and important data are known to them alone and no one else knows not even the providers, they will do as much to make sure that all their data is been stored in the cloud instead of reserving some vital information to store in their data centres. Having said that, the architectural designs by Yao (2010) which has demonstrated that the three parties are not connected in any way because information are securely safe guarded. The client computer process sensitive data with encryption mechanism which the data is been transformed into two forms the cipher form and the key form. Then the cipher test form is then uploaded into SSP without the key form in this case the SSP would not be able to access the sensitive data uploaded by the client computer because of unavailability of the key form. The key form is been kept with the KMSP but it does not have the cipher text to do that. This has made this architecture to be secured and can develop trust in the minds of its customers. Virtualisation technology where even the providers are not eligible to have access to their customers‘ data this will bring comfort to the customers and the providers as well. Looking at the providers side of view they usually feel that customers are looking at them as if they look into their data for spy and malicious attempt. Therefore, with the virtualisation technology and trustworthy storage service (TSS) in place, trust will definitely be built in the minds of their customers and cloud business will grow appreciable level.
12
References Amazon, 2010. “Amazon Elastic Compute Cloud (Amazon EC2”, [Online] Available at: http://aws.amazon.com/ec2/[Accessed 29 October 2010] A.Squicciarini, S.Sundareswaren, D.Lin, 2010.” Preventing Information Leakage from Indexing in the Cloud”, IEEE 3rd International Conference on Cloud Computing, pp. 188-195, USA: IEEE Computer Society. E. Chabrow, 2009,‖ Rules Make Adoption of Cloud Computing Challenge for Agencies”, [Online] Available at: http://www.govinfosecurity.com/articles.php?art_id=1348 [Accessed 10th November 2010] Economist, 2008. ―The long nimbus;The cloud will make businesses more adaptable, interconnected and specialised—and often smalle”, [Online] Available at: http://www.economist.com/research/articlesbysubject/displaystory.cfm?subjectid=348909&story_id =E1_TNQTTRGQ [Accessed 13th November 2010] E. Krangel, 2008. ―Amazon's Cloud Comes To Europe (AMZN)” http://www.businessinsider.com/2008/12/amazons-cloud-comes-to-europe-amzn [Accessed 22th November 2010] F. Wang, R. Uppalli, C. Killian, 2003. “Analysis of techniques for building intrusion tolerant server systems” In Proc. Military Communications Conference, Vol. 2, pp. 729-734. G. Dhillon, S. Moores, 2001.”Computer crimes: theorizing about the enemy within”, In Computers & Security, volume 20, number 8, pp. 715-723. Google, 2010. ―Google Apps for Business”, [Online] Available at: http://www.google.com/apps/intl/en/business/index.html [Accessed 12th November 2010] H. Wei, F. Wang, 2010. “Application of Cloud computing in the network learning environment”, International Symposium on Computational Intelligence and Design, pp. 205-208, Hong Kong: IEEE Computer Society.
IBM, 2010.‖ IBM Smart business”, [Online] Available at: http://www.ibm.com/ibm/cloud/ [Accessed 13th November 2010] 13
J.Chakraborty, S. Ramireddy, T.S. R.H. Raghav Rao, 2010. “The Information Assurance Practices of Cloud Computing Vendors”, CyberseCurity, pp. 29-37. J. Kong, 2010. ―A practical approach to improve the data privacy of virtual machines‖ 10th IEEE International Conference on Computer and Information Technology (CIT 2010), pp. 936-941, Bradford: IEEE Computer Society. J. Maguire, 2099. ―Five Companies Shaping Cloud Computing: Who Wins?”, [Online] Available at: http://itmanagement.earthweb.com/entdev/article.php/11070_3798591_6/Five-CompaniesShaping-Cloud-Computing-Who-Wins.htm [Accessed 13th November 2010]
Kelton, 2009. ―Avanade: 2009 Global Survey of Cloud Computin”, [Online] Available at: http://blogs.msdn.com/b/architectsrule/archive/2009/03/03/avanade-2009-global-survey-of-cloudcomputing.aspx/ [Accessed 21th November 2010] K. M. khan, Q. Malluhi, 2010. ―Establishing trust in cloud computing‖. IT Pro. R. Chow, P. Golle, M. Jakobsson, E. Shi, J. Staddon, R. Masuoka, J. Molina, 2009.”Controlling data in the cloud: Outsourcing Computation without Outsourcing Control”, Proceedings of the 2009 ACM workshop on Cloud computing security, pp. 1-6, Chicago: CCSW '09. R. Needleman, 2008. “Gmail is down, Twitter sizzling with the news”, [Online] Available at: http://news.cnet.com/8301-17939_109-10014389-2.html [Accessed 6th November 2010]
RaSalesforce, 2008. ―CRM softwear & Online/CRM System”, [Online] Available at: http://www.salesforce.com/uk/ [Accessed 12th November 2010] S. Akioka, Y. Muraoka, 2010. “HPC benchmarks on Amazon EC2”. IEEE 24th International Conference on Advanced Information Networking and Applications Workshops, pp. 1029-1034, WAINA: IEEE Computer Sosiety. T. Mather, S. kumaraswamy, S. Latif, 2009. ―Cloud Security and privacy: an Enterprise perspective on Risk and Compliance”. Theory in Practice,1 ed, M. Loukides. Ed, USA: O'REILLY.
T. Schardler, 2009. ―Should your email Liveloud? a comparative cost analysis”, Information and Knowledge Management Profesionals, pp 1-21.
14
V. Chang, G. Wills, D. De Roure, 2010. “A Review of Cloud Business Models and Sustainability”, IEEE 3rd International Conference on Cloud Computing, pp. 43-50, MIAMI: IEEE Computer Sosiety. Z. Whittaker, 2008. ―Egnyte: using and sustaining Enterprise 2.0”, [Online] Available at: http://blogs.zdnet.com/enterprisealley/?p=289 [Accessed 6th November 2010]
15
