Beruflich Dokumente
Kultur Dokumente
Abstract
Cloud computing has transformed a large part of the IT industry, making software even more
attractive as a service and shaping the way IT hardware is designed and purchased. It extends
information technologys existing capacity and adds capabilities to existing IT infrastructure
without investing in new infrastructure, training new personnel, or licensing new software. Cloud
Service Providers (CSP) take advantage of virtualization technologies, combined with selfservice capabilities, to access to computing resources via the internet. However, the network
security and privacy of the computer system resources is a cause for concern for cloud
computing users, when it comes to conducting business on the public cloud and putting sensitive
data in the hands of third party entities. This paper identifies security and privacy concerns
arising in cloud computing environment and outline solutions to privacy and security concerns as
data resources move from on-premise storage to public cloud environments.
Keywords: Cloud Computing, network security and integrity, virtualization
1. Introduction
Information Communication Technology (ICT) has become an everyday part of modern day
business. In recent years, cloud computing has emerged from being just a business concept to
one of the fastest growing sector of the information technology industry. It has seen more and
more businesses realizing that by tapping into the cloud they can benefit from the abundant
business applications or significantly enhance their infrastructure resources at very minimal cost.
However, as more and more information on individuals and companies is passed onto the cloud,
concerns have grown about the safety of the cloud environment.
2.2 The deployment model of cloud computing describes how the cloud is located. It defines the
scope in which the services are located. There are four cloud computing deployment models:
i. Private Cloud this is solely for an organization
ii. Public Cloud this is for the general public
iii. Community Cloud for shared concerns
iv. Hybrid Cloud composition of two or more clouds
2.3 What is Computer Security and Privacy?
It is the protection afforded to an automated information system in order to attain the objectives
of preserving the integrity, availability and confidentiality of information system resources.
Cloud computing service providers should protect the assured collection, processing,
communication, use and disposition of personal information in the cloud. Concerns about cloud
security and privacy often make users and enterprises to be cautious with their sensitive and
critical data.
2.4.1 Data Security
One of the most significant problems is data security in the field of cloud computing. In the
cloud computing environment, important data, files and records are entrusted to a third party,
which enables data security to become the main security issue of cloud computing. For example,
Googles customer information leaked out in 2009. More than 70 percent of the Chief Technical
Officers (CTOs) think of not using cloud computing. (Gartner, 2009). They attribute this
primarily to the problem of data security in the cloud.
2.4.2 Data Storage Security
There are several problems about data storage security. First of all, cloud computing is not just a
third party of database, so traditional solution of database security cannot be adopted directly.
Secondly cryptographic method cannot be adopted. Using such methods to guarantee cloud data
security, customers will lose control of cloud data. Therefore, the verification of correct data
storage must be conducted in the cloud without explicit knowledge of cloud data. Also, cloud
applications being used to access resources in the cloud may be a subject of attack or may
become the weak link in the security of the cloud.
3. Best Practice for Businesses in the Cloud Environment
i. Inquire about exception monitoring systems
ii. Be vigilant around updates and making sure that staff doesn't suddenly gain access privileges
they're not supposed to.
iii. Ask where the data is kept and inquire as to the details of data protection laws in the relevant
jurisdictions.
iv. Seek an independent security audit of the host
v. Find out which third parties the company deals with and whether they are able to access your
data
vi. Be careful to develop good policies around passwords; how they are created, protected and
changed.
vii. Look into availability guarantees and penalties.
viii. Find out whether the cloud provider will accommodate your own security policies
4. Recommendations
The following outlines distinct security technologies that can be deployed as software on virtual
machines to increase protection and maintain compliance integrity of servers and applications as
virtual resources move from on-premise to public cloud environment.
4.1 Firewall
It is important to remember that private cloud means that the entire cloud infrastructure
belongs to one organization and is not shared with any other organization. This is in direct
contrast to a public cloud, wherein multiple organizations can share the pooled resources that are
provided by the cloud service provider. However, just because the private cloud is dedicated to a
single organization, that does not mean there are not going to be multiple business units that do
not necessarily want other business units to see their data. There is privacy from the outside
world, and then there is privacy within the organization. Therefore, there is need to set up
security zones or perimeters around some of the business units that used the shared, pooled
resources in a private cloud.
There will be different approaches used to segregate one tenants traffic from anothers. In a
simple private cloud deployment, two networks may be set up: one for the cloud infrastructure
itself and one for the tenants. Then it is left to the tenants to take care of network security and
isolation within that network. That is one option, but as a private cloud operator, there is also the
option of providing value added services to the consumers of the cloud service, and one of those
value added services might very well be enhanced network security.
4.2 Intrusion Detection and Prevention
Techniques for detecting and preventing intrusions can be adapted to different layers or
components of an information system: from the network layer (network IDS/IPS) to the
operating system layer (host IDS), or even application or middleware layers (database IDS,
firewall). You can implement IDS functions from any application-generated log/information:
analyzing Apache server logs to detect intrusion or discovery attempts is a kind of IDS.
Pooling resources among cloud users and simultaneously using common resources are
fundamental traits of cloud computing. A cloud customer can use the same network access,
machines and storage systems as other clients, with virtualization and isolation technologies
making the whole process transparent.
In the physical world, setting up an IDS/IPS depends on the physical environment: a network
link or access, one or more physical servers, a platform, etc. With a cloud environment,
everything is virtual and immaterial. Customers looking to protect their virtual machines (VMs)
have to look at the problem differently. One of the classic questions is how to monitor traffic
between two localized VMs on the same hypervisor. Even if each customer activates a VM
equipped with IPS/ IDS, theres still the challenge of managing it.
All traffic is carried on secure VLANs, passing through a firewall to access other cloud VLANs
or physical networks. Firewall technology also provides intelligent threat defense with identitybased access control and denial-of-service-attack protection.
4.3 Integrity Monitoring
File integrity services monitor both file and configuration integrity looking at raw file contents,
permissions, registry settings, and security settings. It is impartment to maintain back-up data
both on and off-site onsite to accommodate rapid recovery of recent data as well as long term
off-site storage.
4.4 Log Inspection
With sophisticated log aggregation and event correlation, quickly and efficiently identifies and
resolves potential security threats. Log inspection collects and analyzes operating system and
application logs for security events. Log inspection rules optimize the identification of important
security events buried in multiple log entries. These events can be sent to a stand-alone security
system, but contribute to maximum visibility when forwarded to a Security Information and
Event Management (SIEM) system or centralized logging server for correlation, reporting and
achieving. Like integrity monitoring, log inspection capabilities must be applied at the virtual
machine level. Log inspection software on cloud resources enables:
i. Suspicious behavior detection
ii. Collection of security related administrative actions
iii. Optimized collection of security events across your data center
6. Conclusion
More than being a technology, cloud is a new model of IT service delivery. There are lots of
challenges for research about the issues related to the security in cloud computing. Security as a
service should be provided to the cloud users as a way of ensuring the safety of their resources
and increasing their faith in the technology.
REFERENCES
Computer Society of India, CSI Communications Monthly Magazine for Knowledge Digest
for IT Community; Jan, 2016, Mumbai, www.csi-india.org
Department of Electronics and Information Technology (Deity), Government of Indias GI
Cloud (Meghraj) Strategic Direction Paper, April 2013. www.deity.gov.in
Institute of Electrical and Electronics Engineers IEEE cloud computing Quarterly Magazine;
May 2014. http://cloudcomputing.ieee.org/
Jaydip Sen, Security and Privacy Issues, Available at https://books.google.co.zw/books?
hl=en&lr=&id=OOKWBQAAQBAJ&oi=fnd&pg=PA1&dq=security+and+privacy+issues+in+cl
oud+computing&ots=ViIhHod6Ft&sig=e5005XvHmrSnzoc4lgHRa1hR8&redir_esc=y#v=onepage&q=security%20and%20privacy%20issues%20in
%20cloud%20computing&f=false? (Accessed: 25 February 2016)
J. Brodkin, Loss of Customer Data Spurs Closure of Online Storage Service 'The Linkup,' Network
World, August 11, 2008, http://www.networkworld.com/news/ 2008/081108-linkup-failure.html?page=1
National Informatics Centre Informatics, An e-Governance publication from NIC, Vol.22, No.
4, April, 2014, New Delhi www.informatics.nic.in
Palvia, P., Palvia, S. and Whitworth, J. (2001), Global information technology: a meta
analysis of key issues, Information & Management.
Sharma, A., & Gupta, S. (2011). A few useful considerations in the development of intra-day
trading software: comparing indian intra-day trading software with foreign software. ACM
SIGSOFT Software Engineering Notes, 36(4), 1-5
US NIST SP 500-291, NIST Cloud Computing Standards roadmap V 1.0, July, 2011
www.csrc.nist.gov/