Security issues on Cloud Computing-A Survey

Ahsan Ali Chaudhry

Department of Computer Science, Lahore Garrison University
Lahore, Pakistan
Abstract
Cloud computing have a lot of IT benefits that are given to customer on a leased premise and
with the capacity to scale up or down their service requirements and their needs. Typically the
cloud services are delivered by a third party. As it may have the several advantages like
scalability, elasticity, flexibility and efficiency. In spite of many advantages organizations are
delayed in accepting it because of security issues related to it. Security is one of the important
issue which may affect the development of cloud. This paper may show a detailed study of cloud
computing security issues by focusing on the cloud computing service delivery types.

I. Introduction
Cloud computing expands the existing abilities of information technology (IT). From recent
years cloud computing has developed business idea to one of the quick development
fragments of the IT business. As increasingly more data on people and organizations are set
in the cloud concerns are starting to develop about exactly how safe is it. Regardless of all
the publicity encompassing the cloud customers are still hesitant to convey their business or
private information in the cloud. Security issues in cloud computing has assumed a
significant job in hindering its acknowledgement in certainty security positioned first as the
best challenge issue of cloud. If the cloud service providers is not done their job in securing
their own environments then customers would be in difficulty. To check the security of cloud
service providers is difficult because they will not show their infrastructure to customers. In
fact security ranked first as the greatest issue of cloud computing as shown in figure 1:
Figure 1: Results of IDC survey ranking security challenges [1]

II. Literature Review

The cloud computing use case discussion groups discusses the different use case scenarios
and related requirements that may exist in the cloud model. They consider use cases from
different perspective including customer’s developers and security engineers. [2] ENISA
explored the diverse security dangers identified with cloud computing the risks likelihood,
impacts and vulnerabilities in cloud computing may prompt such risks. [3] Balachandra et al,
2009 discussed the security SLA’s specification and objectives related to data location,
segregation and data recovery. [4] Kresimir et al, 2010 discussed high level security concerns
in the cloud computing model such as data integrity, payment and privacy of sensitive
information. [5] Ragovind et al, 2010 discussed the management of security in cloud
computing. [6]

III. Security Issues in Cloud Computing

a) Cloud Deployment Models
In the cloud deployment model networking platform storage and software
infrastructures are provided as services that scales up or down depending on
customers demand as shown in figure 2. The cloud computing has three main
deployment models which are the following:

 Private Cloud
Private cloud is another term that has few merchants have used it to portray
contributions that imitate cloud computing on private systems. It is setup
 inside an association’s inner undertaking datacenter. In the private cloud
versatile assets and virtual applications gave by the cloud seller are pooled
together and accessible for cloud clients to share and utilize. Usage of private
cloud can be more secure than that of people in general cloud due to its
predefined inner presentation. Just the organization and assigned partners may
have approach on a particular private cloud. [7]
 Public Cloud
Public cloud have more security issues than other cloud models since it places
an extra weight on guaranteeing all application and information on public
cloud are not subjected to spiteful attacks. [8] Data and communication
protection plays a vital role in Cloud computing. Services can be accessed
through a thin client, laptop or mobile phone. The reasons that your data is
easily accessible through these channels are your data is transferred across
multiple networks, when your cloud service provider is extremely far away
from your location. All communication should be protected using encryption
and key management. To safeguard server failure Public Cloud service
providers should implement strong data replication mechanisms to distribute
customer’s data across the globe in various geographies. It might conflict with
the customer’s requirements to keep their data within a specified region. [9]
 Hybrid Cloud
Hybrid cloud is a public cloud connected to one or more cloud. It gives us a
virtual IT solutions with the combination of both public and private cloud
services. It gives us more secure control on data and various applications. It
also has an open architecture that allows interfaces with other management
system. [10]
 Figure 2: Cloud Deployment Model [11]

b) Service Providers Models of Cloud Computing

 Software as a Service (SaaS): The capability provided to consumer is to use
the provided applications running on Cloud infrastructure
 Platform as a Service (PaaS): The capability provided to consumer is to
deploy onto the cloud infrastructure consumer created applications created by
using programming languages, libraries, services and tools supported by
provider.
 Infrastructure as a Service (IaaS): The capability provided to consumer is
to provision processing, storage, networks and other fundamental computing
resources where the consumer is able to deploy and run arbitrary software
which can include operating system and applications.

c) Software as a Service (SaaS) Security issue:

SaaS provides application services on demand such as email, conferencing software,
and business applications such as ERP, CRM, and SCM. SaaS users have less control
over security among the three fundamental delivery models in the cloud. The
adoption of SaaS applications may raise some security concerns. [12]

d) Platform as a Service (PaaS) Security issue:

PaaS facilitates deployment of cloud-based applications without the cost of buying
and maintaining the underlying hardware and software layers. As with SaaS and IaaS,
PaaS depends on a secure and reliable network and secure web browser. PaaS
application security comprises two software layers: Security of the PaaS platform
itself and Security of customer applications deployed on a PaaS platform. PaaS
providers are responsible for securing the platform software stack that includes the
runtime engine that runs the customer applications. [13] Like SaaS, PaaS also has
some data security issues which are as follows:
 Third Party Relationships:
PaaS does not only provide traditional programming languages, but also does
it offer third-party web services components such as mashups. Mashup
combine more than one source element into a single integrated unit. Thus,
PaaS models also inherit security issues related to mashups such as data and
network security. [14]
 Underlying Infrastructure Security:
 In PaaS, developers do not usually have access to the underlying layers, so
providers are responsible for securing the underlying infrastructure as well as
the applications services. Even when developers are in control of the security
of their applications, they do not have the assurance that the development
environment tools provided by a PaaS are secure. [15]

e) Infrastructure as a Service (IaaS) Security issue:

IaaS provides a pool of resources such as servers, storage, networks, and other
computing resources in the form of virtualized systems, which are accessed through
the Internet. Users are entitled to run any software with full control and management
on the resources allocated to them. With IaaS, cloud users have better control over the
security compared to the other models. They control the software running in their
virtual machines, and they are responsible to configure security policies correctly.
However, the underlying compute, network, and storage infrastructure is controlled
by cloud providers. IaaS providers must undertake a substantial effort to secure their
systems in order to minimize these threats that result from creation, communication,
monitoring, modification, and mobility. [16]

IV. Conclusion
Cloud computing give us the new paths which is help for the use of internet but there
are also many limitations in these ways to use the internet .because now a days there
are many new technology arise in the market which have more potentials, powers and
advancements which make the humans life easier and comfortable. However before
the use of these technologies everyone must be aware with the securities risk of these
technologies. Cloud computing is no exception. The security risks and challenges are
highlighted which can be faced in cloud computing. Cloud computing has the
potential to become the framework in promoting a secure, virtual and economically
viable IT solution in the future.
References
[1] Kuyoro S. O., Ibikunle F. and Awodele O. “Cloud Computing Security issues and
Challenges” International Journal of Computer Networks, 2011
[2] Cloud computing use case discussion group. “Cloud computing Use Cases version 3.0,”
2010
[3] ENISA. (2009, Feb) Cloud computing benefits, risks and recommendations for
information security.”
[4] R.K. Balachandra, P.V. Ramakrishna and A. Rakshit “Cloud Security Issues” In PROC
2009 IEEE international conference on service computing, 2009, pp517-520
[5] P. Kresimir and H. Zeljko “Cloud computing security issues and challenges” In PROC
third international conference on advances in human oriented and personalized mechanism,
technologies and services 2010
[6] S. Ragovind, M. M. Eloff, E. smith. “The management of security in cloud computing”
[7] Kuyoro S. O., Ibikunle F. and Awodele O. “Cloud Computing Security issues and
Challenges” International Journal of Computer Networks, 2011
[8] Kuyoro S. O., Ibikunle F. and Awodele O. “Cloud Computing Security issues and
Challenges” International Journal of Computer Networks, 2011
[9] T. Vaikunth pai, Dr P. S. Aithal “A Review on Security issues and Challenges in Cloud
Computing Model of Resource Management” International Journal of Engineering Research
and Modern Education, Volume 2, Issue 1, 2017
[10] Kuyoro S. O., Ibikunle F. and Awodele O. “Cloud Computing Security issues and
Challenges” International Journal of Computer Networks, 2011
[11] Kuyoro S. O., Ibikunle F. and Awodele O. “Cloud Computing Security issues and
Challenges” International Journal of Computer Networks, 2011
[12] Hashizume et al, “An analysis of security issues for cloud computing” journal of internet
services and applications 2013
[13] Hashizume et al, “An analysis of security issues for cloud computing” journal of internet
services and applications 2013
[14] Hashizume et al, “An analysis of security issues for cloud computing” journal of internet
services and applications 2013
[15] Hashizume et al, “An analysis of security issues for cloud computing” journal of internet
services and applications 2013
[16] Hashizume et al, “An analysis of security issues for cloud computing” journal of internet
services and applications 2013