Professional Documents
Culture Documents
in Cloud Computing
Mir Toornaw Islam
Virginia Commonwealth University
Department of Computer Science
Richmond, VA, USA
islammt@vcu.edu
Abstract—Cloud computing emerges as a new computing services based upon these that are accessed through Internet.
paradigm that aims to deliver reliable, customized and quality of Key features used are elasticity, multi-tenancy, maximal
service environments for cloud users. Applications and databases resource utilization and pay-per-use. Large infrastructures like
are moved to the large, centralized datacenters called cloud. Due data centers are leveraged through these exciting new features
to resource virtualization, global replication and migration, the with the help of virtualization or job management and resource
physical absence of data and machine in the cloud, the stored management, but these large pools of resources are not
data in the cloud and the computation results may not be well necessarily located in the same country nor even on the same
organized and fully trusted by the cloud users. On one side, an continent. Moreover, the dynamic expansion or shrinkage of a
individual has full control on data and processes in his/her
cloud makes it quite difficult to keep track of what resources
computer. On the other side, we have the cloud computing where
the service and data maintenance are provided by some vendor
are used and in which country. Therefore, compliance with
which leave the customer unaware of where the processes are regulations related to data handling is becoming difficult to
running or where the data is stored. So, the client has no control fulfill. Auditing is another challenging task due to the volatility
over it. The cloud computing uses the internet as the chief of the resources used. These new features make it hard – and
communication media. When we look at the security of data in sometimes impossible to reuse traditional security, trust and
the cloud computing, the vendor has to provide some assurance privacy mechanisms in the cloud. Furthermore, they raise
in service level agreements (SLA) to convince the client on issues and concerns that need to be fully understood and
security and privacy issues. Moreover, released acts on privacy addressed. Cloud services used currently pose an inherent
are out of date to give protection to users’ private information in challenge to data privacy. The reason is these services typically
the new environment. Multi located data storage and services in result in data being present in unencrypted form on a machine
the cloud make privacy issues even worse. So, security and owned and operated by a different organization from the data
privacy issues present a strong barrier for users to adapt into owner. There are threats of unauthorized uses of the data by
cloud computing. In this paper, a survey of the different security service providers as well as risks of theft of data from machines
risks and privacy issues that pose threats to the cloud are in the cloud.
presented. We have also discussed different solution approaches
that are being used extensively to get rid of these threats due to We have three types of cloud environments at present:
security and privacy risks. Besides, we have investigated several public, private and hybrid clouds. A public cloud is a standard
cloud computing system providers about their growing concerns model which providers make several resources, such as
on cloud computing security and privacy issues. We have applications and storage, available to the public. Public cloud
discussed in this survey some other attributes as well like data services may be free or not. Private Cloud refers to internal
availability, data confidentiality, data integrity and access control services of a business that is not available for ordinary people.
for cloud security and privacy. Essentially, private clouds are a marketing term for an
architecture that provides hosted services to a particular group
Keywords—Cloud Computing, Cloud Security, Cloud Privacy, of people behind a firewall. Hybrid cloud is an environment
Data Confidentiality, Data Integrity, Accountability, Availability,
that a company provides and controls some resources
Risk
internally. In hybrid cloud, cloud provider has a service that
has private cloud part which is only accessible by certified staff
I. INTRODUCTION and is protected by firewalls from outside access and a public
A cloud can be regarded as a large pool of resources which cloud environment which external users can access.
are unified through virtualization or job scheduling techniques. Cloud computing can be considered as a new computing
These resources can be organized to dynamically scale up to archetype that can provide services to consumers on demand at
match the load by using a pay-per resources business model. a minimal cost. Three well-known and commonly used service
Availability of these resources can be ensured through a new models in the cloud paradigm are software as a service (SaaS),
cloud computing paradigm that is being increasingly adopted platform as a service (PaaS), and infrastructure as a service
by numerous organizations. The resources include hardware (IaaS). In SaaS, software with the related data is deployed by a
and systems software on remote datacenters, along with the cloud service provider, and users can use it through the web
browsers. In PaaS, a service provider facilitates services to the Security is implicit within these capabilities, but further
users with a set of software programs that can solve the specific fundamental concerns exist that need attention. For example, is
tasks. In IaaS, the cloud service provider facilitates services to security solely the storage provider’s responsibility, or is it also
the users with virtual machines and storage to improve their necessary on the entity that leases the storage for its
business capabilities [1]. applications and data? Moreover, legal issues arise, such as e-
discovery, regulatory compliance (including privacy), and
Cloud computing is very promising for the IT applications. auditing. The range of these legal concerns reflects the range of
However, there are still some problems that need to be solved interests that are currently using or could use cloud computing.
for personal users and enterprises to store data and deploy These issues and their yet-to-be-determined answers provide
applications in the cloud computing environment. One of the significant insight into how security plays a vital role in cloud
most significant barriers is data security, which is accompanied computing’s continued growth and development.
by issues including compliance, privacy, trust and legal matters
[2,3]. The role of institutions and institutional evolution is close Security and privacy issues present a strong barrier for
to privacy and security in cloud computing [4]. Data security consumers to adapt into cloud computing systems. According
has consistently been a major issue in IT. Data security to an IDC survey in August 2008, which was conducted among
becomes particularly serious in the cloud computing 244 IT executives and their business colleagues about their
environment, because data are scattered in different machines companies’ use and views about cloud services, security was
and storage devices including servers, PCs, and various mobile regarded as the top challenge [8]. Moreover, users of cloud
devices such as wireless sensor networks and smart phones. computing services are worried about their business
Data security in the cloud computing is more complicated than information and critical IT resources in the cloud computing
data security in the traditional information systems. To make systems which are vulnerable to be attacked. Furthermore,
the cloud computing be adopted by users and enterprise, the cloud computing becomes a hot topic at the RSA security
security concerns of users should be rectified first to make conference in San Francisco in April 2009. Cisco CEO said
cloud environment more trustworthy. The trustworthy that cloud computing is inevitable, but it would shake-up the
environment is the basic prerequisite to win confidence of users way networks are secured. Besides, data protection, operational
to adopt such a technology. Latif et al. discussed the integrity, vulnerability management, business continuity,
assessment of cloud computing risks [5]. disaster recovery and identity management are top concerns of
security issues for cloud computing and privacy is another key
Even though cloud computing is reckoned as a promising concern [9]. Therefore, security and privacy of cloud
service platform for the Next Generation Internet [6], security computing systems become a key factor for clients to adapt
and privacy are the major challenges which inhibit the wide into it. Furthermore, many security and privacy incidents are
acceptance of cloud computing in practice [7]. Different from also seen in today’s cloud computing systems. For example:
the traditional computing model in which users have full Google Docs found a flaw that inadvertently shared users’ docs
control over data storage and computation, cloud computing in March 2009. A Salesforce.com employee fell victim to a
involves the management of physical data and machines that phishing attack and leaked a customer list that generated
are delegated to the cloud service providers while the users further targeted phishing attacks in October 2007. In late 2010,
only retain some control over the virtual machines. Thus, the Microsoft experienced a breach within its Business
correctness of data storage and computation might be Productivity Online Suite. The problem allowed non-
compromised due to the lack of the control of data security for authorized users of the cloud service to access employee
data owners. contact info in their offline address books. Apple suffered what
In the case of security, some cloud-computing applications may be the largest high-profile cloud security breach due to the
simply lack adequate security protection such as fine-grained victims involved. Jennifer Lawrence and other celebrities had
access control and user authentication. Since enterprises are their private photos leaked online. So, we can say many cloud
attracted to cloud computing due to potential savings in IT computing systems in the real world have security and privacy
outlay and management, it is necessary to understand the problems.
business risks involved. If cloud computing is to be successful, In this paper, we have investigated security and privacy
it must be trusted by its users. Therefore, we need to clarify
issues of current cloud computing systems. Since cloud
what the components of such trust are and how trust can be computing refers to both the applications delivered as services
achieved for security as well as for privacy. over the internet and the infrastructures that provide those
Within the cloud computing world, the virtual environment services, we will present security and privacy concerns in terms
lets users access computing power that is exceeded within their of the diverse applications and infrastructures. From our
own physical worlds. To enter this virtual environment, it investigation, we have found that security and privacy provided
requires to transfer data throughout the cloud. As a result, by the cloud providers nowadays are not adequate. Therefore,
several data storage concerns can arise. To ensure data users find it difficult to adapt to the existing cloud computing
confidentiality, integrity, and availability (CIA), the storage systems. So, concerns on security and privacy issues in terms
provider must offer capabilities that, at a minimum, include (1) of data availability, data confidentiality, data integrity and
a tested encryption schema to ensure the safeguard of all data access control needs to be taken care of. New techniques can
within the shared storage environment; (2) stringent access be developed and deployed into cloud computing systems to
controls to prevent unauthorized access to the data; and (3) make them more secure. We have also shown a few such
scheduled data backup and safe storage of the backup media. techniques in this paper. The target audience for this survey is
composed of business professionals, students and researchers
interested in (or already working in) the field of privacy and
security protection for the cloud.