SlideShare une entreprise Scribd logo
1  sur  8
Télécharger pour lire hors ligne
International Journal of AdvancedJOURNAL OF ADVANCED RESEARCH (Print),
         INTERNATIONAL Research in Management (IJARM), ISSN 0976 – 6324
                             IN MANAGEMENT (IJARM)
ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012)

ISSN 0976 - 6324 (Print)
ISSN 0976 - 6332 (Online)
Volume 3, Issue 2, July-December (2012), pp. 21-28
                                                                            IJARM
© IAEME: www.iaeme.com/ijarm.html                                         ©IAEME
Journal Impact Factor (2012): 2.8021 (Calculated by GISI)
www.jifactor.com




         SECURITY ISSUES IN CLOUD COMPUTING FOR MSMES

        Mr. Hemantkumar Wani                                        Dr. N. Mahesh
  Department of Management studies                        Department of Management studies
 Shri Jagdiprasad Jhabarmal Tibrewala                    Shri Jagdiprasad Jhabarmal Tibrewala
               University                                              University
            Rajasthan, India                                        Rajasthan, India
      sayhemant@rediffmail.com                              nadiminty.mahesh@gmail.com



ABSTRACT

This research paper focuses on the security issues of Cloud computing in the sector of micro,
small & medium enterprises (MSMEs). The more MSMEs competition intensifying and earlier
adaption of latest internet based application and services have led to greater opportunities that are
worthwhile to be seized. The opening up the world IT based markets has posed many challenges
with the flooding of IT enabled services and applications. It makes an aim come true for the
users to get all the resources instantly from various locations that are not known. But there are lot
of hurdles in accomplishing this idea in the form of security parameters and backup issues.

Keywords-MSME(Micro,Small& Medium Enterprises), SLA,SSL technology, firewall,Middle
server.
        I.      INTRODUCTION
        Indian manufacturers especially from MSME sector have started to adapt software and
technology solutions that have further revolutionized by the concept of cloud computing, which
offer cutting-edge and innovative solution to cope with these challenges.
        In recent past, the concept of cloud computing has revolutionized the world of IT. Cloud
computing enables an efficient delivery of business applications online that are accessible from
web browsers. The cloud computing can supply a new type of computing and business model for
MSMEs. The MSME sector has adapted this concept worldwide and has implemented it to
improve their overall operations. The type (SaaS, PaaS, etc) of cloud service an MSME will
likely use, the disaster recovery options consideration and the cloud computing services in term
of IT services and applications that effects on business and the economy. Security risks should be

                                                 21
International Journal of Advanced Research in Management (IJARM), ISSN 0976 – 6324 (Print),
ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012)

analyze in adopting cloud computing technologies along with the actual needs, requirements and
expectations of the MSMEs for cloud computing services.

   Cloud computing emerged from so called distributed computing and grid computing. Here the
user can access any service which he/she wants for a specific task and for a specific amount of
time [1]. Cloud computing provides us with a facility of sharing and interoperating the resources
between different users and the systems being owned by the organizations. Security is a major
hindrance in such type of systems because if the users are storing their data in a remote location
owned by an unknown person and an organization then their data is not protected. Members
communicating to each other should have a good level of trust so as to share the data and resource
with each other.
   In actual scenario, the cloud is the concept of virtualizing the local system of the user using
remote cloud operating system to get a virtual desktop with a specific or a choice of operating
systems to choose of operating systems to choose and to store the personal data and execute the
application from anywhere. The customers or the user purchase the computing power depending
on their demand and are not concerned with the underlying technologies used. The resources used
and data accessed are owned by a third party and operated by them. This third party may not be
located in the same area the user lives may be in the state or country.

        II.     CLOUD STRUCTURE AND TYPES

       Public cloud: It is basically used by lot of users in the whole world and the security
aspects act as utmost hindrance in such situations. It is basically a pay per use model in which
users pay as per their use which becomes very useful and cost effective for the companies they
are working for and for themselves.

        Private Cloud: In private cloud we get additional benefits like additional security as the
company has the server at its end. As a way to exercise greater control over security and
application availability, some enterprises are moving toward building private clouds. With the
right approach and expertise in place, this type of setup can offer the best of both worlds: the
cost-effectiveness of cloud computing and the assurance that comes with the ability to manage
data and applications more closely.

        Hybrid cloud: It provides services by combining private and public clouds that have been
integrated to optimize service. The promise of the hybrid cloud is to provide the local data
benefits of the private clouds with the economies, scalability, and on-demand access of the
public cloud. The hybrid cloud remains somewhat undefined because it specifies a midway point
between the two ends of the continuum of services provided strictly over the Internet and those
provided through the data centre or on the desktop. [2]




                                               22
International Journal of Advanced Research in Management (IJARM), ISSN 0976 – 6324 (Print),
ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012)

          III.   MODELS OF CLOUD COMPUTING

A.   Model 1:Infrastructure as a service(Iaas)

The key aspects of IT infrastructure, hardware, facilities, and administration have traditionally
been the domain of IT departments within each company. Dedicated personnel install and
configure servers, routers, firewalls, and other devices in support of their respective employers.
This equipment requires dedicated housing as well as environmental controls, emergency power,
and security systems to keep it functioning properly. Finally, every company allocates additional
space where IT personnel work to support the infrastructure that is in place. Every aspect of IT
infrastructure has evolved on its own, yet-until now - has not moved toward integration. For
example, a company purchases software it needs and then purchases a server to run it. If data
storage is necessary for files or databases, disk arrays and hard drives are added into the mix to
accommodate the needs of the company. A local network is maintained to provide employees
access to IT resources, and high speed internet connectivity for voice and data is added to the
company account as necessary. Practically speaking, each IT system has its own management
system, with some systems requiring the addition of a specialized worker to the staff.
Infrastructure as a service takes the traditional components of IT infrastructure, takes them off
site, and offers them in one unified, scalable package to companies who can manage them
through one management interface. Infrastructure as a service results in IT services that easily
conform to the changing requirements of a business. Because the infrastructure does not reside
on the premises, obsolete equipment, upgrades, and retrofits no longer play a role in the
company's decision to adopt new technology [3]. The IaaS provider takes care of that seamlessly
allowing the business to focus on its mission .Cost effectiveness augments the convenience of
IaaS. Because the IaaS provider has massive platforms segmented for each customer, the
economies of scale are enormous, providing significant cost savings through efficiency. The
need for every company to maintain its own infrastructure is eliminated through IaaS. The power
of IaaS brings the resources needed to service government and enterprise contracts to businesses
of every size. IaaS improves reliability because service providers have specialized workers that
ensure nearly constant uptime and state-of-the-art security measures. Infrastructure as a Service
is a form of hosting. It includes network access, routing services and storage. The IaaS provider
will generally provide the hardware and administrative services needed to store applications and
a platform for running applications. Scaling of bandwidth, memory and storage are generally
included, and vendors compete on the performance and pricing offered on their dynamic
services. IaaS can be purchased with either a contract or on a pay-as-you-go basis. However,
most buyers consider the key benefit of IaaS to be the flexibility of the pricing, since you should
only need to pay for the resources that your application delivery requires [4].

B.   Model 2:Software as a Service(SaaS)

Software is ubiquitous in today’s business world, where software applications can help us track
shipments across multiple countries, manage large inventories, train employees, and even help us
form good working relationships with customers. For decades, companies have run software on
their own internal infrastructures or computer networks. In recent years, traditional software
license purchases have begun to seem antiquated, as many vendors and customers have migrated
to software as a service business model. Software as a service, or 'SaaS', is a software application


                                                 23
International Journal of Advanced Research in Management (IJARM), ISSN 0976 – 6324 (Print),
ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012)

delivery model by which an enterprise vendor develops a web-based software application, and
then hosts and operates that application over the Internet for use by its customers. Customers do
not need to buy software licenses or additional infrastructure equipment, and typically only pay
monthly fees (also referred to as annuity payments) for using the software. It is important to note
that SaaS typically encapsulates enterprise as opposed to consumer-oriented web-hosted
software, which is generally known as web 2.0. According to a leading research firm, the SaaS
market reached $6.3B in 2006; still a small fraction of the over $300B licensed software
industry. However, growth in SaaS since 2000 has averaged 26% CAGR, while licensed
software growth has remained relatively flat. Demand for SaaS is being driven by real business
needs — namely its ability to drive down IT-related costs, decrease deployment times, and foster
innovation [5]. Both public and private cloud models are now in use. Available to anyone with
Internet access, public models include Software as a Service (SaaS) clouds like IBM
LotusLive™, Platform as a Service (PaaS) clouds such as IBM Computing on Demand™, and
Security and Data Protection as a Service (SDPaaS) clouds like the IBM Vulnerability
Management Service. Private clouds are owned and used by a single organization. They offer
many of the same benefits as public clouds, and they give the owner organization greater
flexibility and control. Furthermore, private clouds can provide lower latency than public clouds
during peak traffic periods. Many organizations embrace both public and private cloud
computing by integrating the two models into hybrid clouds. These hybrids are designed to meet
specific business and technology requirements, helping to optimize security and privacy with a
minimum investment in fixed IT costs.

All these services are cost effective but have a lot of issues regarding security and backup.
Depending upon the implementation and platform needed the central server can send the request
to the respective server.
    IV.          REQUIREMENTS OF SECURITY

It gives a general description of security services and related mechanisms, which can be ensured
by the Reference Model, and of the positions within the Reference Model where the services and
mechanisms may be provided. Extends the field of application of ISO 7498 [6] to cover secure
communications between open systems. Adds to the concepts and principles included in ISO
7498 but does not modify them. In the fig 1, we have showed how the requirements are fulfilled
in our proposed system.
          a. Authentication and Authorisation
User can be identified in this model as we are using the SSL security for that purpose. A
governance body is acting as an interface between the user and the cloud servers. There will be
encryption between the user and central server and between the central server and cloud of
servers. User details will be stored within the central server in the form of UserID etc and
validation will be done accordingly. Hence the requirement is fulfilled in this. Authorization is
not a big issue in private cloud because the system administrator can look into it by granting
access only to those who are authorized to access the data. Whereas in public cloud it will
become more hectic due to requests from normal users have to be taken into considerations.
Privileges over the process flow have to be considered as the control may flow from one server



                                                24
International Journal of Advanced Research in Management (IJARM), ISSN 0976 – 6324 (Print),
ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012)

to another. Respective UserID will be saved in the central servers after the registration and
authorization can be done easily as the respective rights can be stated there.
         b.    Confidentiality
Confidentiality plays a very important role as the data has to be secure and should not be reviled
anywhere. This can be achieved in this system as we have used Dual SSL technology. User’s
data, profiles etc have to be maintained and as they are virtually accessed various protocols
(security) have to be enforced. If we standardize the whole cluster of a particular sector then it
can be easily imposed. With regard to data-in-transit, the primary risk is in not using a vetted
encryption algorithm. Although this is obvious to information security professionals, it is not
common for others to understand this requirement when using a public cloud, regardless of
whether it is IaaS, PaaS or SaaS. It is also important to ensure that a protocol provides
confidentiality as well as integrity (e.g., FTP over SSL [FTPS], Hypertext Transfer Protocol
Secure [HTTPS], and Secure Copy Program [SCP])—particularly if the protocol is used for
transferring data across the Internet. Merely encrypting data and using a non-secured protocol
(e.g., “vanilla” or “straight” FTP or HTTP) can provide confidentiality, but does not ensure the
integrity of the data (e.g., with the use of symmetric streaming ciphers) [6].
           c.         Integrity
Integrity is maintained as the hashing is done in SSL technology. The major drawback in case of
this technology is the excessive redundant data due to which the bandwidth is used up and the
packet size is increased. From a privacy and confidentiality perspective, the terms of service may
be the most important feature of cloud computing for an average user who is not subject to a
legal or professional obligation. It is common for a cloud provider to offer its facilities to users
without individual contracts and subject to the provider’s published terms of service. A provider
may offer different services, each of which has distinct terms of service. A cloud provider may
also have a separate privacy policy. It is also possible for a cloud provider to conduct business
with users subject to specific contractual agreements between the provider and the user that
provides better protections for users. The contractual model is not examined further here. If the
terms of service give the cloud provider rights over a user’s information, then a user is likely
bound by those terms. A cloud provider may acquire through its terms of service a variety of
rights, including the right to copy, use, change, publish, display, distribute, and share with
affiliates or with the world the user’s information. There may be few limits to the rights that a
cloud provider may claim as a condition of offering services to users. Audits and other data
integrity measures may be important if a user’s local records differ from the records maintained
on the user’s behalf by a cloud provider.

                d.   Availability

Another issue is availability of the data when it is requested via authorized users. The most
powerful technique is prevention through avoiding threats affecting the availability of the service
or data. It is very difficult to detect threats targeting the availability. Threats targeting availability
can be either Network based attacks such as Distributed Denial of Service (DDoS) attacks or
CSP availability. For example, Amazon S3 suffered from two and a half hours outage in
February 2008 and eight hours outage in July 2008. In the next section, we will discuss the
identity and access management practices of the cloud computing by tackling some protocols


                                                   25
International Journal of Advanced Research in Management (IJARM), ISSN 0976 – 6324 (Print),
ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012)

such as Security assertion Markup Language (SAML), Open Authentication (OAuth) protocol
and a comparison between these two techniques to conclude the best solution.
            e.      Non-repudiation
Non-repudiation is the requirement which states that if a sender is sending the data to the other
end. In our proposed system this requirement is fulfilled by the middle server because it has the
routing table as well as the table of content of all the servers in the cloud with corresponding
server ID, name, location etc. Due to the routing table’s entry of server ip, receiver and sender ip
we can state that if the user has sent the request he cannot deny it and if receiver gives
acknowledgement or response he also cannot deny of giving it.

             f.      Backup and Disaster Recovery
A cloud may be used for production operations, so it is important to have a backup and disaster
recovery policy in place. The backup policy should define what data is backed up, how long
backups are kept, as well as costs associated with those services. Similarly, in the event of a
catastrophic failure of a private cloud, a failover plan should be in place. This plan may include
using multiple data centers to host a private cloud or running jobs in a more conventionally
organized cluster environment with manual management of jobs. The details of how to
implement backup and disaster recovery will vary by your needs and resources, but it is essential
for business continuity planning to have some policy in place [8].

     V.     USE OF PROPOSED MODEL
In the proposed system we have introduced an idea in which we have defined a central server
which will be having a router table which contains cloud Id, the corresponding user Id , the
actual server Id to which the user is connecting to. The source ip and the destination ip also have
been put into the table.




                         Figure 1.   Architecture Diagram of proposed model


                                                   26
International Journal of Advanced Research in Management (IJARM), ISSN 0976 – 6324 (Print),
ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012)

       TABLE I.       ROUTING TABLE


     UID            SID           Source IP                  Destn IP

    12017          2747         191.268.67.67             101.123.22.25

    86770          2967         111.125.25.23             102.124.12.35
     Time         Cloud ID   Packet      Server             Lease Time
                              Size       Name
   500mins          222      437kb       ABC                  30mins


   800mins          266      128kb       XYZ                  18mins



It also contains the actual amount of data flow that is the packets per second transfer rate. On the
user end there will be personal firewall and the connectivity between the user and the central
server will be encrypted using SSL encryption standards that are regularly used now-a-days.
Again at the Central server’s end there will be an application level firewall which will check
whether the packets are malicious or not. Application-level firewalls (sometimes called proxies)
have been looking more deeply into the application data going through their filters. Fig.2 shows
the architectural diagram of the proposed system. By considering the context of client requests
and application responses, these firewalls attempt to enforce correct application behavior, block
malicious activity and help organizations ensure the safety of sensitive information and systems.
They can log user activity too. Application-level filtering may include protection against spam
and viruses as well, and be able to block undesirable Web sites based on content rather than just
their IP address. [6] Further what we have suggested is to make a separate cluster of clouds for
banking sector, educational sector, government bodies (will not contain confidential data). The
user has a personal firewall at his end. The central server say for banks as an example consists of
a table which consists of the user ID, server id, its name and all the related information through
which a governance body can back track the server and the user. When a user tries to connect to
a particular server from the cloud then his/her user id sever id source ip and destination ip are
saved. The total time of synchronization, packet size being transferred server name and the total
lease time in case of a secure connection is saved in the table incase if the user is not able to
connect to a server i.e., if the ping shows connection time out we can easily track the server from
the central servers routing table. Even the user credentials and the session are secured by SSL
technology. Further we can achieve more security by clubbing different security algorithms with
SSL [9].
There is a secured connectivity between the user and the central server and between cloud’s
servers. Due to double encryption all the security requirements are fulfilled in this model.
Tracking the server is also simple because their will be a table which will help us know the cloud
id server name, server id and the corresponding organizations name whose server it is. So if the
server is not getting connected then we can track it. We also have to standardize all the servers in
the cloud for a particular sector like banking sector, the centralized banks and co-operative banks

                                                  27
International Journal of Advanced Research in Management (IJARM), ISSN 0976 – 6324 (Print),
ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012)

etc have to come together and use standardized protocols so as to achieve this proposal. Even by
standardizing in education sector we can achieve a common place to gain knowledge and we can
use the services as according. We have also included the routing table below which depicts the
actual scenario.
  I.  CONCLUSION
The model we have proposed is having its own advantages in case of security and backup. Due
to a middle server technology in between the user and the cloud server we can easily track the
user as well as the server in the cloud. We can also nexus both public cloud and private cloud
together in one with hybrid clouds. Due to SSL security the security parameters are also taken
into consideration. This model can help cloud computing and make it reach new ends.

REFERENCES

[1]    Peter      Mell     and      Tim      Grance,”The        NIST      Definition    of      Cloud
       Computing”http://csrc.nist.gov/groups/SNS/cloud-computing/
[2]    Architectural Requirements Of The Hybrid Cloud Information Management Online,
       February 10, 2010 Brian J. Dooley
[3]    http://cloudstoragestrategy.com/2010/01/cloud-storage-for-the-enterprise---part-2-the-hybrid-
       cloud.html By Steve Lesem on January 25, 2010
[4]    R. Nicole, “Title of paper with only first word capitalized,” J. Name Stand. Abbrev., in press.
[5]    http://www.wikinvest.com/concept/Software_as_a_Service
[6]    Tim Mather, Subra Kumaraswamy, and Shahed Latif”Cloud Privacy and security” pp. 529–
       551, September 2009: First Edition
[7]    "IBM Point of View: Security and Cloud Computing"Cloud computing White paper
       November 2009.
[8]    Zhidong Shen,2010 2nd International Conference on Signal Processing Systems (ICSPS).
[9]    Palivela Hemant, Hemant Wani “Development of Servers In Cloud Computin To Solve
       Issues Related To Security And Backup” (CCIS-IEEE Conference.Beijing ,China).




                                                   28

Contenu connexe

Tendances

IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...IRJET Journal
 
Implementing Iris in the Railway Control Office Application for Secure Saas i...
Implementing Iris in the Railway Control Office Application for Secure Saas i...Implementing Iris in the Railway Control Office Application for Secure Saas i...
Implementing Iris in the Railway Control Office Application for Secure Saas i...IJERA Editor
 
A Proposed Virtualization Technique to Enhance IT Services
A Proposed Virtualization Technique to Enhance IT ServicesA Proposed Virtualization Technique to Enhance IT Services
A Proposed Virtualization Technique to Enhance IT ServicesHossam Al-Ansary
 
Services, security challenges and security policies in cloud computing
Services, security challenges and security policies in cloud computingServices, security challenges and security policies in cloud computing
Services, security challenges and security policies in cloud computingeSAT Journals
 
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...IJERA Editor
 
IRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET- An Effective Protection on Content based Retrieval in Cloud StorehouseIRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET- An Effective Protection on Content based Retrieval in Cloud StorehouseIRJET Journal
 
IRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET-  	  A Survey on SaaS-Attacks and Digital ForensicIRJET-  	  A Survey on SaaS-Attacks and Digital Forensic
IRJET- A Survey on SaaS-Attacks and Digital ForensicIRJET Journal
 
Basics of Cloud Computing
Basics of Cloud ComputingBasics of Cloud Computing
Basics of Cloud Computingijsrd.com
 
Abstraction and Automation: A Software Design Approach for Developing Secure ...
Abstraction and Automation: A Software Design Approach for Developing Secure ...Abstraction and Automation: A Software Design Approach for Developing Secure ...
Abstraction and Automation: A Software Design Approach for Developing Secure ...iosrjce
 
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...Design & Development of a Trustworthy and Secure Billing System for Cloud Com...
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...iosrjce
 
Security Issues’ in Cloud Computing and its Solutions.
Security Issues’ in Cloud Computing and its Solutions. Security Issues’ in Cloud Computing and its Solutions.
Security Issues’ in Cloud Computing and its Solutions. IJCERT JOURNAL
 
IRJET- An Overview on Cloud Computing and Challenges
IRJET-  	  An Overview on Cloud Computing and ChallengesIRJET-  	  An Overview on Cloud Computing and Challenges
IRJET- An Overview on Cloud Computing and ChallengesIRJET Journal
 
IMPROVING PRIVACY AND SECURITY IN MULTITENANT CLOUD ERP SYSTEMS
IMPROVING PRIVACY AND SECURITY IN MULTITENANT CLOUD ERP SYSTEMSIMPROVING PRIVACY AND SECURITY IN MULTITENANT CLOUD ERP SYSTEMS
IMPROVING PRIVACY AND SECURITY IN MULTITENANT CLOUD ERP SYSTEMSacijjournal
 
Cloud Computing: Overview & Utility
Cloud Computing: Overview & UtilityCloud Computing: Overview & Utility
Cloud Computing: Overview & Utilityiosrjce
 
Securing the e health cloud
Securing the e health cloudSecuring the e health cloud
Securing the e health cloudBong Young Sung
 

Tendances (18)

IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
 
Implementing Iris in the Railway Control Office Application for Secure Saas i...
Implementing Iris in the Railway Control Office Application for Secure Saas i...Implementing Iris in the Railway Control Office Application for Secure Saas i...
Implementing Iris in the Railway Control Office Application for Secure Saas i...
 
A Proposed Virtualization Technique to Enhance IT Services
A Proposed Virtualization Technique to Enhance IT ServicesA Proposed Virtualization Technique to Enhance IT Services
A Proposed Virtualization Technique to Enhance IT Services
 
Services, security challenges and security policies in cloud computing
Services, security challenges and security policies in cloud computingServices, security challenges and security policies in cloud computing
Services, security challenges and security policies in cloud computing
 
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
 
IRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET- An Effective Protection on Content based Retrieval in Cloud StorehouseIRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
 
IRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET-  	  A Survey on SaaS-Attacks and Digital ForensicIRJET-  	  A Survey on SaaS-Attacks and Digital Forensic
IRJET- A Survey on SaaS-Attacks and Digital Forensic
 
Basics of Cloud Computing
Basics of Cloud ComputingBasics of Cloud Computing
Basics of Cloud Computing
 
Abstraction and Automation: A Software Design Approach for Developing Secure ...
Abstraction and Automation: A Software Design Approach for Developing Secure ...Abstraction and Automation: A Software Design Approach for Developing Secure ...
Abstraction and Automation: A Software Design Approach for Developing Secure ...
 
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...Design & Development of a Trustworthy and Secure Billing System for Cloud Com...
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...
 
Security Issues’ in Cloud Computing and its Solutions.
Security Issues’ in Cloud Computing and its Solutions. Security Issues’ in Cloud Computing and its Solutions.
Security Issues’ in Cloud Computing and its Solutions.
 
IRJET- An Overview on Cloud Computing and Challenges
IRJET-  	  An Overview on Cloud Computing and ChallengesIRJET-  	  An Overview on Cloud Computing and Challenges
IRJET- An Overview on Cloud Computing and Challenges
 
Host your Cloud – Netmagic Solutions
Host your Cloud – Netmagic SolutionsHost your Cloud – Netmagic Solutions
Host your Cloud – Netmagic Solutions
 
IMPROVING PRIVACY AND SECURITY IN MULTITENANT CLOUD ERP SYSTEMS
IMPROVING PRIVACY AND SECURITY IN MULTITENANT CLOUD ERP SYSTEMSIMPROVING PRIVACY AND SECURITY IN MULTITENANT CLOUD ERP SYSTEMS
IMPROVING PRIVACY AND SECURITY IN MULTITENANT CLOUD ERP SYSTEMS
 
Cloud Computing: Overview & Utility
Cloud Computing: Overview & UtilityCloud Computing: Overview & Utility
Cloud Computing: Overview & Utility
 
Securing the e health cloud
Securing the e health cloudSecuring the e health cloud
Securing the e health cloud
 
Software defined networking
Software defined networkingSoftware defined networking
Software defined networking
 
SECURITY ISSUES IN CLOUD COMPUTING
SECURITY ISSUES IN CLOUD COMPUTINGSECURITY ISSUES IN CLOUD COMPUTING
SECURITY ISSUES IN CLOUD COMPUTING
 

En vedette

Software process and product quality assurance in it organizations
Software process and product quality assurance in it organizationsSoftware process and product quality assurance in it organizations
Software process and product quality assurance in it organizationsiaemedu
 
Barriers and enablers in implementation of lean six sigma in indian manufactu...
Barriers and enablers in implementation of lean six sigma in indian manufactu...Barriers and enablers in implementation of lean six sigma in indian manufactu...
Barriers and enablers in implementation of lean six sigma in indian manufactu...iaemedu
 
Knowledge management strategies in higher education
Knowledge management strategies in higher educationKnowledge management strategies in higher education
Knowledge management strategies in higher educationiaemedu
 
Indian managers in multinational companies and their commitments
Indian managers in multinational companies and their commitmentsIndian managers in multinational companies and their commitments
Indian managers in multinational companies and their commitmentsiaemedu
 
Regression, theil’s and mlp forecasting models of stock index
Regression, theil’s and mlp forecasting models of stock indexRegression, theil’s and mlp forecasting models of stock index
Regression, theil’s and mlp forecasting models of stock indexiaemedu
 
Visualization of sorting algorithms using flash
Visualization of sorting algorithms using flashVisualization of sorting algorithms using flash
Visualization of sorting algorithms using flashiaemedu
 
Brand loyalty among consumption of pickle in tamil nadu
Brand loyalty among consumption of pickle in tamil naduBrand loyalty among consumption of pickle in tamil nadu
Brand loyalty among consumption of pickle in tamil naduiaemedu
 
Implementation performance analysis of cordic
Implementation performance analysis of cordicImplementation performance analysis of cordic
Implementation performance analysis of cordiciaemedu
 
Advanced agriculture system
Advanced agriculture systemAdvanced agriculture system
Advanced agriculture systemiaemedu
 

En vedette (9)

Software process and product quality assurance in it organizations
Software process and product quality assurance in it organizationsSoftware process and product quality assurance in it organizations
Software process and product quality assurance in it organizations
 
Barriers and enablers in implementation of lean six sigma in indian manufactu...
Barriers and enablers in implementation of lean six sigma in indian manufactu...Barriers and enablers in implementation of lean six sigma in indian manufactu...
Barriers and enablers in implementation of lean six sigma in indian manufactu...
 
Knowledge management strategies in higher education
Knowledge management strategies in higher educationKnowledge management strategies in higher education
Knowledge management strategies in higher education
 
Indian managers in multinational companies and their commitments
Indian managers in multinational companies and their commitmentsIndian managers in multinational companies and their commitments
Indian managers in multinational companies and their commitments
 
Regression, theil’s and mlp forecasting models of stock index
Regression, theil’s and mlp forecasting models of stock indexRegression, theil’s and mlp forecasting models of stock index
Regression, theil’s and mlp forecasting models of stock index
 
Visualization of sorting algorithms using flash
Visualization of sorting algorithms using flashVisualization of sorting algorithms using flash
Visualization of sorting algorithms using flash
 
Brand loyalty among consumption of pickle in tamil nadu
Brand loyalty among consumption of pickle in tamil naduBrand loyalty among consumption of pickle in tamil nadu
Brand loyalty among consumption of pickle in tamil nadu
 
Implementation performance analysis of cordic
Implementation performance analysis of cordicImplementation performance analysis of cordic
Implementation performance analysis of cordic
 
Advanced agriculture system
Advanced agriculture systemAdvanced agriculture system
Advanced agriculture system
 

Similaire à Security issues in cloud computing for msmes

Secure hash based distributed framework for utpc based cloud authorization
Secure hash based distributed framework for utpc based cloud authorizationSecure hash based distributed framework for utpc based cloud authorization
Secure hash based distributed framework for utpc based cloud authorizationIAEME Publication
 
Secure hash based distributed framework for utpc based cloud authorization
Secure hash based distributed framework for utpc based cloud authorizationSecure hash based distributed framework for utpc based cloud authorization
Secure hash based distributed framework for utpc based cloud authorizationIAEME Publication
 
A survey on secured data outsourcing in cloud computing
A survey on secured data outsourcing in cloud computingA survey on secured data outsourcing in cloud computing
A survey on secured data outsourcing in cloud computingIAEME Publication
 
Ijarcet vol-2-issue-3-1128-1131
Ijarcet vol-2-issue-3-1128-1131Ijarcet vol-2-issue-3-1128-1131
Ijarcet vol-2-issue-3-1128-1131Editor IJARCET
 
Addressing the cloud computing security menace
Addressing the cloud computing security menaceAddressing the cloud computing security menace
Addressing the cloud computing security menaceeSAT Publishing House
 
Addressing the cloud computing security menace
Addressing the cloud computing security menaceAddressing the cloud computing security menace
Addressing the cloud computing security menaceeSAT Publishing House
 
Addressing the cloud computing security menace
Addressing the cloud computing security menaceAddressing the cloud computing security menace
Addressing the cloud computing security menaceeSAT Journals
 
Security threat issues and countermeasures in cloud computing
Security threat issues and countermeasures in cloud computingSecurity threat issues and countermeasures in cloud computing
Security threat issues and countermeasures in cloud computingJahangeer Qadiree
 
Cloud Computing and Security Issues
Cloud Computing and Security IssuesCloud Computing and Security Issues
Cloud Computing and Security IssuesIJERA Editor
 
IRJET- Simultaneous ammunition for the multi-cloud computing simulation
IRJET- Simultaneous ammunition for the multi-cloud computing simulation IRJET- Simultaneous ammunition for the multi-cloud computing simulation
IRJET- Simultaneous ammunition for the multi-cloud computing simulation IRJET Journal
 
An Overview on Security Issues in Cloud Computing
An Overview on Security Issues in Cloud ComputingAn Overview on Security Issues in Cloud Computing
An Overview on Security Issues in Cloud ComputingIOSR Journals
 
Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...
Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...
Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...IRJET Journal
 
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...IRJET Journal
 
CLOUD COMPUTING – KEY PILLAR FOR DIGITAL INDIA
CLOUD COMPUTING – KEY PILLAR FOR DIGITAL INDIACLOUD COMPUTING – KEY PILLAR FOR DIGITAL INDIA
CLOUD COMPUTING – KEY PILLAR FOR DIGITAL INDIAijistjournal
 
Evaluation Of The Data Security Methods In Cloud Computing Environments
Evaluation Of The Data Security Methods In Cloud Computing EnvironmentsEvaluation Of The Data Security Methods In Cloud Computing Environments
Evaluation Of The Data Security Methods In Cloud Computing Environmentsijfcstjournal
 
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...Editor IJMTER
 
Cloud Computing: Overview and its Deployment Model
Cloud Computing: Overview and its Deployment ModelCloud Computing: Overview and its Deployment Model
Cloud Computing: Overview and its Deployment ModelIJERA Editor
 

Similaire à Security issues in cloud computing for msmes (20)

Secure hash based distributed framework for utpc based cloud authorization
Secure hash based distributed framework for utpc based cloud authorizationSecure hash based distributed framework for utpc based cloud authorization
Secure hash based distributed framework for utpc based cloud authorization
 
Secure hash based distributed framework for utpc based cloud authorization
Secure hash based distributed framework for utpc based cloud authorizationSecure hash based distributed framework for utpc based cloud authorization
Secure hash based distributed framework for utpc based cloud authorization
 
A survey on secured data outsourcing in cloud computing
A survey on secured data outsourcing in cloud computingA survey on secured data outsourcing in cloud computing
A survey on secured data outsourcing in cloud computing
 
Ijarcet vol-2-issue-3-1128-1131
Ijarcet vol-2-issue-3-1128-1131Ijarcet vol-2-issue-3-1128-1131
Ijarcet vol-2-issue-3-1128-1131
 
Addressing the cloud computing security menace
Addressing the cloud computing security menaceAddressing the cloud computing security menace
Addressing the cloud computing security menace
 
Addressing the cloud computing security menace
Addressing the cloud computing security menaceAddressing the cloud computing security menace
Addressing the cloud computing security menace
 
Addressing the cloud computing security menace
Addressing the cloud computing security menaceAddressing the cloud computing security menace
Addressing the cloud computing security menace
 
C037013015
C037013015C037013015
C037013015
 
Security threat issues and countermeasures in cloud computing
Security threat issues and countermeasures in cloud computingSecurity threat issues and countermeasures in cloud computing
Security threat issues and countermeasures in cloud computing
 
Cloud Computing and Security Issues
Cloud Computing and Security IssuesCloud Computing and Security Issues
Cloud Computing and Security Issues
 
IRJET- Simultaneous ammunition for the multi-cloud computing simulation
IRJET- Simultaneous ammunition for the multi-cloud computing simulation IRJET- Simultaneous ammunition for the multi-cloud computing simulation
IRJET- Simultaneous ammunition for the multi-cloud computing simulation
 
Ad4502189193
Ad4502189193Ad4502189193
Ad4502189193
 
An Overview on Security Issues in Cloud Computing
An Overview on Security Issues in Cloud ComputingAn Overview on Security Issues in Cloud Computing
An Overview on Security Issues in Cloud Computing
 
Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...
Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...
Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...
 
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
 
CLOUD COMPUTING – KEY PILLAR FOR DIGITAL INDIA
CLOUD COMPUTING – KEY PILLAR FOR DIGITAL INDIACLOUD COMPUTING – KEY PILLAR FOR DIGITAL INDIA
CLOUD COMPUTING – KEY PILLAR FOR DIGITAL INDIA
 
Evaluation Of The Data Security Methods In Cloud Computing Environments
Evaluation Of The Data Security Methods In Cloud Computing EnvironmentsEvaluation Of The Data Security Methods In Cloud Computing Environments
Evaluation Of The Data Security Methods In Cloud Computing Environments
 
G0314043
G0314043G0314043
G0314043
 
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
 
Cloud Computing: Overview and its Deployment Model
Cloud Computing: Overview and its Deployment ModelCloud Computing: Overview and its Deployment Model
Cloud Computing: Overview and its Deployment Model
 

Plus de iaemedu

Tech transfer making it as a risk free approach in pharmaceutical and biotech in
Tech transfer making it as a risk free approach in pharmaceutical and biotech inTech transfer making it as a risk free approach in pharmaceutical and biotech in
Tech transfer making it as a risk free approach in pharmaceutical and biotech iniaemedu
 
Integration of feature sets with machine learning techniques
Integration of feature sets with machine learning techniquesIntegration of feature sets with machine learning techniques
Integration of feature sets with machine learning techniquesiaemedu
 
Effective broadcasting in mobile ad hoc networks using grid
Effective broadcasting in mobile ad hoc networks using gridEffective broadcasting in mobile ad hoc networks using grid
Effective broadcasting in mobile ad hoc networks using gridiaemedu
 
Effect of scenario environment on the performance of mane ts routing
Effect of scenario environment on the performance of mane ts routingEffect of scenario environment on the performance of mane ts routing
Effect of scenario environment on the performance of mane ts routingiaemedu
 
Adaptive job scheduling with load balancing for workflow application
Adaptive job scheduling with load balancing for workflow applicationAdaptive job scheduling with load balancing for workflow application
Adaptive job scheduling with load balancing for workflow applicationiaemedu
 
Survey on transaction reordering
Survey on transaction reorderingSurvey on transaction reordering
Survey on transaction reorderingiaemedu
 
Semantic web services and its challenges
Semantic web services and its challengesSemantic web services and its challenges
Semantic web services and its challengesiaemedu
 
Website based patent information searching mechanism
Website based patent information searching mechanismWebsite based patent information searching mechanism
Website based patent information searching mechanismiaemedu
 
Revisiting the experiment on detecting of replay and message modification
Revisiting the experiment on detecting of replay and message modificationRevisiting the experiment on detecting of replay and message modification
Revisiting the experiment on detecting of replay and message modificationiaemedu
 
Prediction of customer behavior using cma
Prediction of customer behavior using cmaPrediction of customer behavior using cma
Prediction of customer behavior using cmaiaemedu
 
Performance analysis of manet routing protocol in presence
Performance analysis of manet routing protocol in presencePerformance analysis of manet routing protocol in presence
Performance analysis of manet routing protocol in presenceiaemedu
 
Performance measurement of different requirements engineering
Performance measurement of different requirements engineeringPerformance measurement of different requirements engineering
Performance measurement of different requirements engineeringiaemedu
 
Mobile safety systems for automobiles
Mobile safety systems for automobilesMobile safety systems for automobiles
Mobile safety systems for automobilesiaemedu
 
Efficient text compression using special character replacement
Efficient text compression using special character replacementEfficient text compression using special character replacement
Efficient text compression using special character replacementiaemedu
 
Agile programming a new approach
Agile programming a new approachAgile programming a new approach
Agile programming a new approachiaemedu
 
Adaptive load balancing techniques in global scale grid environment
Adaptive load balancing techniques in global scale grid environmentAdaptive load balancing techniques in global scale grid environment
Adaptive load balancing techniques in global scale grid environmentiaemedu
 
A survey on the performance of job scheduling in workflow application
A survey on the performance of job scheduling in workflow applicationA survey on the performance of job scheduling in workflow application
A survey on the performance of job scheduling in workflow applicationiaemedu
 
A survey of mitigating routing misbehavior in mobile ad hoc networks
A survey of mitigating routing misbehavior in mobile ad hoc networksA survey of mitigating routing misbehavior in mobile ad hoc networks
A survey of mitigating routing misbehavior in mobile ad hoc networksiaemedu
 
A novel approach for satellite imagery storage by classify
A novel approach for satellite imagery storage by classifyA novel approach for satellite imagery storage by classify
A novel approach for satellite imagery storage by classifyiaemedu
 
A self recovery approach using halftone images for medical imagery
A self recovery approach using halftone images for medical imageryA self recovery approach using halftone images for medical imagery
A self recovery approach using halftone images for medical imageryiaemedu
 

Plus de iaemedu (20)

Tech transfer making it as a risk free approach in pharmaceutical and biotech in
Tech transfer making it as a risk free approach in pharmaceutical and biotech inTech transfer making it as a risk free approach in pharmaceutical and biotech in
Tech transfer making it as a risk free approach in pharmaceutical and biotech in
 
Integration of feature sets with machine learning techniques
Integration of feature sets with machine learning techniquesIntegration of feature sets with machine learning techniques
Integration of feature sets with machine learning techniques
 
Effective broadcasting in mobile ad hoc networks using grid
Effective broadcasting in mobile ad hoc networks using gridEffective broadcasting in mobile ad hoc networks using grid
Effective broadcasting in mobile ad hoc networks using grid
 
Effect of scenario environment on the performance of mane ts routing
Effect of scenario environment on the performance of mane ts routingEffect of scenario environment on the performance of mane ts routing
Effect of scenario environment on the performance of mane ts routing
 
Adaptive job scheduling with load balancing for workflow application
Adaptive job scheduling with load balancing for workflow applicationAdaptive job scheduling with load balancing for workflow application
Adaptive job scheduling with load balancing for workflow application
 
Survey on transaction reordering
Survey on transaction reorderingSurvey on transaction reordering
Survey on transaction reordering
 
Semantic web services and its challenges
Semantic web services and its challengesSemantic web services and its challenges
Semantic web services and its challenges
 
Website based patent information searching mechanism
Website based patent information searching mechanismWebsite based patent information searching mechanism
Website based patent information searching mechanism
 
Revisiting the experiment on detecting of replay and message modification
Revisiting the experiment on detecting of replay and message modificationRevisiting the experiment on detecting of replay and message modification
Revisiting the experiment on detecting of replay and message modification
 
Prediction of customer behavior using cma
Prediction of customer behavior using cmaPrediction of customer behavior using cma
Prediction of customer behavior using cma
 
Performance analysis of manet routing protocol in presence
Performance analysis of manet routing protocol in presencePerformance analysis of manet routing protocol in presence
Performance analysis of manet routing protocol in presence
 
Performance measurement of different requirements engineering
Performance measurement of different requirements engineeringPerformance measurement of different requirements engineering
Performance measurement of different requirements engineering
 
Mobile safety systems for automobiles
Mobile safety systems for automobilesMobile safety systems for automobiles
Mobile safety systems for automobiles
 
Efficient text compression using special character replacement
Efficient text compression using special character replacementEfficient text compression using special character replacement
Efficient text compression using special character replacement
 
Agile programming a new approach
Agile programming a new approachAgile programming a new approach
Agile programming a new approach
 
Adaptive load balancing techniques in global scale grid environment
Adaptive load balancing techniques in global scale grid environmentAdaptive load balancing techniques in global scale grid environment
Adaptive load balancing techniques in global scale grid environment
 
A survey on the performance of job scheduling in workflow application
A survey on the performance of job scheduling in workflow applicationA survey on the performance of job scheduling in workflow application
A survey on the performance of job scheduling in workflow application
 
A survey of mitigating routing misbehavior in mobile ad hoc networks
A survey of mitigating routing misbehavior in mobile ad hoc networksA survey of mitigating routing misbehavior in mobile ad hoc networks
A survey of mitigating routing misbehavior in mobile ad hoc networks
 
A novel approach for satellite imagery storage by classify
A novel approach for satellite imagery storage by classifyA novel approach for satellite imagery storage by classify
A novel approach for satellite imagery storage by classify
 
A self recovery approach using halftone images for medical imagery
A self recovery approach using halftone images for medical imageryA self recovery approach using halftone images for medical imagery
A self recovery approach using halftone images for medical imagery
 

Security issues in cloud computing for msmes

  • 1. International Journal of AdvancedJOURNAL OF ADVANCED RESEARCH (Print), INTERNATIONAL Research in Management (IJARM), ISSN 0976 – 6324 IN MANAGEMENT (IJARM) ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012) ISSN 0976 - 6324 (Print) ISSN 0976 - 6332 (Online) Volume 3, Issue 2, July-December (2012), pp. 21-28 IJARM © IAEME: www.iaeme.com/ijarm.html ©IAEME Journal Impact Factor (2012): 2.8021 (Calculated by GISI) www.jifactor.com SECURITY ISSUES IN CLOUD COMPUTING FOR MSMES Mr. Hemantkumar Wani Dr. N. Mahesh Department of Management studies Department of Management studies Shri Jagdiprasad Jhabarmal Tibrewala Shri Jagdiprasad Jhabarmal Tibrewala University University Rajasthan, India Rajasthan, India sayhemant@rediffmail.com nadiminty.mahesh@gmail.com ABSTRACT This research paper focuses on the security issues of Cloud computing in the sector of micro, small & medium enterprises (MSMEs). The more MSMEs competition intensifying and earlier adaption of latest internet based application and services have led to greater opportunities that are worthwhile to be seized. The opening up the world IT based markets has posed many challenges with the flooding of IT enabled services and applications. It makes an aim come true for the users to get all the resources instantly from various locations that are not known. But there are lot of hurdles in accomplishing this idea in the form of security parameters and backup issues. Keywords-MSME(Micro,Small& Medium Enterprises), SLA,SSL technology, firewall,Middle server. I. INTRODUCTION Indian manufacturers especially from MSME sector have started to adapt software and technology solutions that have further revolutionized by the concept of cloud computing, which offer cutting-edge and innovative solution to cope with these challenges. In recent past, the concept of cloud computing has revolutionized the world of IT. Cloud computing enables an efficient delivery of business applications online that are accessible from web browsers. The cloud computing can supply a new type of computing and business model for MSMEs. The MSME sector has adapted this concept worldwide and has implemented it to improve their overall operations. The type (SaaS, PaaS, etc) of cloud service an MSME will likely use, the disaster recovery options consideration and the cloud computing services in term of IT services and applications that effects on business and the economy. Security risks should be 21
  • 2. International Journal of Advanced Research in Management (IJARM), ISSN 0976 – 6324 (Print), ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012) analyze in adopting cloud computing technologies along with the actual needs, requirements and expectations of the MSMEs for cloud computing services. Cloud computing emerged from so called distributed computing and grid computing. Here the user can access any service which he/she wants for a specific task and for a specific amount of time [1]. Cloud computing provides us with a facility of sharing and interoperating the resources between different users and the systems being owned by the organizations. Security is a major hindrance in such type of systems because if the users are storing their data in a remote location owned by an unknown person and an organization then their data is not protected. Members communicating to each other should have a good level of trust so as to share the data and resource with each other. In actual scenario, the cloud is the concept of virtualizing the local system of the user using remote cloud operating system to get a virtual desktop with a specific or a choice of operating systems to choose of operating systems to choose and to store the personal data and execute the application from anywhere. The customers or the user purchase the computing power depending on their demand and are not concerned with the underlying technologies used. The resources used and data accessed are owned by a third party and operated by them. This third party may not be located in the same area the user lives may be in the state or country. II. CLOUD STRUCTURE AND TYPES Public cloud: It is basically used by lot of users in the whole world and the security aspects act as utmost hindrance in such situations. It is basically a pay per use model in which users pay as per their use which becomes very useful and cost effective for the companies they are working for and for themselves. Private Cloud: In private cloud we get additional benefits like additional security as the company has the server at its end. As a way to exercise greater control over security and application availability, some enterprises are moving toward building private clouds. With the right approach and expertise in place, this type of setup can offer the best of both worlds: the cost-effectiveness of cloud computing and the assurance that comes with the ability to manage data and applications more closely. Hybrid cloud: It provides services by combining private and public clouds that have been integrated to optimize service. The promise of the hybrid cloud is to provide the local data benefits of the private clouds with the economies, scalability, and on-demand access of the public cloud. The hybrid cloud remains somewhat undefined because it specifies a midway point between the two ends of the continuum of services provided strictly over the Internet and those provided through the data centre or on the desktop. [2] 22
  • 3. International Journal of Advanced Research in Management (IJARM), ISSN 0976 – 6324 (Print), ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012) III. MODELS OF CLOUD COMPUTING A. Model 1:Infrastructure as a service(Iaas) The key aspects of IT infrastructure, hardware, facilities, and administration have traditionally been the domain of IT departments within each company. Dedicated personnel install and configure servers, routers, firewalls, and other devices in support of their respective employers. This equipment requires dedicated housing as well as environmental controls, emergency power, and security systems to keep it functioning properly. Finally, every company allocates additional space where IT personnel work to support the infrastructure that is in place. Every aspect of IT infrastructure has evolved on its own, yet-until now - has not moved toward integration. For example, a company purchases software it needs and then purchases a server to run it. If data storage is necessary for files or databases, disk arrays and hard drives are added into the mix to accommodate the needs of the company. A local network is maintained to provide employees access to IT resources, and high speed internet connectivity for voice and data is added to the company account as necessary. Practically speaking, each IT system has its own management system, with some systems requiring the addition of a specialized worker to the staff. Infrastructure as a service takes the traditional components of IT infrastructure, takes them off site, and offers them in one unified, scalable package to companies who can manage them through one management interface. Infrastructure as a service results in IT services that easily conform to the changing requirements of a business. Because the infrastructure does not reside on the premises, obsolete equipment, upgrades, and retrofits no longer play a role in the company's decision to adopt new technology [3]. The IaaS provider takes care of that seamlessly allowing the business to focus on its mission .Cost effectiveness augments the convenience of IaaS. Because the IaaS provider has massive platforms segmented for each customer, the economies of scale are enormous, providing significant cost savings through efficiency. The need for every company to maintain its own infrastructure is eliminated through IaaS. The power of IaaS brings the resources needed to service government and enterprise contracts to businesses of every size. IaaS improves reliability because service providers have specialized workers that ensure nearly constant uptime and state-of-the-art security measures. Infrastructure as a Service is a form of hosting. It includes network access, routing services and storage. The IaaS provider will generally provide the hardware and administrative services needed to store applications and a platform for running applications. Scaling of bandwidth, memory and storage are generally included, and vendors compete on the performance and pricing offered on their dynamic services. IaaS can be purchased with either a contract or on a pay-as-you-go basis. However, most buyers consider the key benefit of IaaS to be the flexibility of the pricing, since you should only need to pay for the resources that your application delivery requires [4]. B. Model 2:Software as a Service(SaaS) Software is ubiquitous in today’s business world, where software applications can help us track shipments across multiple countries, manage large inventories, train employees, and even help us form good working relationships with customers. For decades, companies have run software on their own internal infrastructures or computer networks. In recent years, traditional software license purchases have begun to seem antiquated, as many vendors and customers have migrated to software as a service business model. Software as a service, or 'SaaS', is a software application 23
  • 4. International Journal of Advanced Research in Management (IJARM), ISSN 0976 – 6324 (Print), ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012) delivery model by which an enterprise vendor develops a web-based software application, and then hosts and operates that application over the Internet for use by its customers. Customers do not need to buy software licenses or additional infrastructure equipment, and typically only pay monthly fees (also referred to as annuity payments) for using the software. It is important to note that SaaS typically encapsulates enterprise as opposed to consumer-oriented web-hosted software, which is generally known as web 2.0. According to a leading research firm, the SaaS market reached $6.3B in 2006; still a small fraction of the over $300B licensed software industry. However, growth in SaaS since 2000 has averaged 26% CAGR, while licensed software growth has remained relatively flat. Demand for SaaS is being driven by real business needs — namely its ability to drive down IT-related costs, decrease deployment times, and foster innovation [5]. Both public and private cloud models are now in use. Available to anyone with Internet access, public models include Software as a Service (SaaS) clouds like IBM LotusLive™, Platform as a Service (PaaS) clouds such as IBM Computing on Demand™, and Security and Data Protection as a Service (SDPaaS) clouds like the IBM Vulnerability Management Service. Private clouds are owned and used by a single organization. They offer many of the same benefits as public clouds, and they give the owner organization greater flexibility and control. Furthermore, private clouds can provide lower latency than public clouds during peak traffic periods. Many organizations embrace both public and private cloud computing by integrating the two models into hybrid clouds. These hybrids are designed to meet specific business and technology requirements, helping to optimize security and privacy with a minimum investment in fixed IT costs. All these services are cost effective but have a lot of issues regarding security and backup. Depending upon the implementation and platform needed the central server can send the request to the respective server. IV. REQUIREMENTS OF SECURITY It gives a general description of security services and related mechanisms, which can be ensured by the Reference Model, and of the positions within the Reference Model where the services and mechanisms may be provided. Extends the field of application of ISO 7498 [6] to cover secure communications between open systems. Adds to the concepts and principles included in ISO 7498 but does not modify them. In the fig 1, we have showed how the requirements are fulfilled in our proposed system. a. Authentication and Authorisation User can be identified in this model as we are using the SSL security for that purpose. A governance body is acting as an interface between the user and the cloud servers. There will be encryption between the user and central server and between the central server and cloud of servers. User details will be stored within the central server in the form of UserID etc and validation will be done accordingly. Hence the requirement is fulfilled in this. Authorization is not a big issue in private cloud because the system administrator can look into it by granting access only to those who are authorized to access the data. Whereas in public cloud it will become more hectic due to requests from normal users have to be taken into considerations. Privileges over the process flow have to be considered as the control may flow from one server 24
  • 5. International Journal of Advanced Research in Management (IJARM), ISSN 0976 – 6324 (Print), ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012) to another. Respective UserID will be saved in the central servers after the registration and authorization can be done easily as the respective rights can be stated there. b. Confidentiality Confidentiality plays a very important role as the data has to be secure and should not be reviled anywhere. This can be achieved in this system as we have used Dual SSL technology. User’s data, profiles etc have to be maintained and as they are virtually accessed various protocols (security) have to be enforced. If we standardize the whole cluster of a particular sector then it can be easily imposed. With regard to data-in-transit, the primary risk is in not using a vetted encryption algorithm. Although this is obvious to information security professionals, it is not common for others to understand this requirement when using a public cloud, regardless of whether it is IaaS, PaaS or SaaS. It is also important to ensure that a protocol provides confidentiality as well as integrity (e.g., FTP over SSL [FTPS], Hypertext Transfer Protocol Secure [HTTPS], and Secure Copy Program [SCP])—particularly if the protocol is used for transferring data across the Internet. Merely encrypting data and using a non-secured protocol (e.g., “vanilla” or “straight” FTP or HTTP) can provide confidentiality, but does not ensure the integrity of the data (e.g., with the use of symmetric streaming ciphers) [6]. c. Integrity Integrity is maintained as the hashing is done in SSL technology. The major drawback in case of this technology is the excessive redundant data due to which the bandwidth is used up and the packet size is increased. From a privacy and confidentiality perspective, the terms of service may be the most important feature of cloud computing for an average user who is not subject to a legal or professional obligation. It is common for a cloud provider to offer its facilities to users without individual contracts and subject to the provider’s published terms of service. A provider may offer different services, each of which has distinct terms of service. A cloud provider may also have a separate privacy policy. It is also possible for a cloud provider to conduct business with users subject to specific contractual agreements between the provider and the user that provides better protections for users. The contractual model is not examined further here. If the terms of service give the cloud provider rights over a user’s information, then a user is likely bound by those terms. A cloud provider may acquire through its terms of service a variety of rights, including the right to copy, use, change, publish, display, distribute, and share with affiliates or with the world the user’s information. There may be few limits to the rights that a cloud provider may claim as a condition of offering services to users. Audits and other data integrity measures may be important if a user’s local records differ from the records maintained on the user’s behalf by a cloud provider. d. Availability Another issue is availability of the data when it is requested via authorized users. The most powerful technique is prevention through avoiding threats affecting the availability of the service or data. It is very difficult to detect threats targeting the availability. Threats targeting availability can be either Network based attacks such as Distributed Denial of Service (DDoS) attacks or CSP availability. For example, Amazon S3 suffered from two and a half hours outage in February 2008 and eight hours outage in July 2008. In the next section, we will discuss the identity and access management practices of the cloud computing by tackling some protocols 25
  • 6. International Journal of Advanced Research in Management (IJARM), ISSN 0976 – 6324 (Print), ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012) such as Security assertion Markup Language (SAML), Open Authentication (OAuth) protocol and a comparison between these two techniques to conclude the best solution. e. Non-repudiation Non-repudiation is the requirement which states that if a sender is sending the data to the other end. In our proposed system this requirement is fulfilled by the middle server because it has the routing table as well as the table of content of all the servers in the cloud with corresponding server ID, name, location etc. Due to the routing table’s entry of server ip, receiver and sender ip we can state that if the user has sent the request he cannot deny it and if receiver gives acknowledgement or response he also cannot deny of giving it. f. Backup and Disaster Recovery A cloud may be used for production operations, so it is important to have a backup and disaster recovery policy in place. The backup policy should define what data is backed up, how long backups are kept, as well as costs associated with those services. Similarly, in the event of a catastrophic failure of a private cloud, a failover plan should be in place. This plan may include using multiple data centers to host a private cloud or running jobs in a more conventionally organized cluster environment with manual management of jobs. The details of how to implement backup and disaster recovery will vary by your needs and resources, but it is essential for business continuity planning to have some policy in place [8]. V. USE OF PROPOSED MODEL In the proposed system we have introduced an idea in which we have defined a central server which will be having a router table which contains cloud Id, the corresponding user Id , the actual server Id to which the user is connecting to. The source ip and the destination ip also have been put into the table. Figure 1. Architecture Diagram of proposed model 26
  • 7. International Journal of Advanced Research in Management (IJARM), ISSN 0976 – 6324 (Print), ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012) TABLE I. ROUTING TABLE UID SID Source IP Destn IP 12017 2747 191.268.67.67 101.123.22.25 86770 2967 111.125.25.23 102.124.12.35 Time Cloud ID Packet Server Lease Time Size Name 500mins 222 437kb ABC 30mins 800mins 266 128kb XYZ 18mins It also contains the actual amount of data flow that is the packets per second transfer rate. On the user end there will be personal firewall and the connectivity between the user and the central server will be encrypted using SSL encryption standards that are regularly used now-a-days. Again at the Central server’s end there will be an application level firewall which will check whether the packets are malicious or not. Application-level firewalls (sometimes called proxies) have been looking more deeply into the application data going through their filters. Fig.2 shows the architectural diagram of the proposed system. By considering the context of client requests and application responses, these firewalls attempt to enforce correct application behavior, block malicious activity and help organizations ensure the safety of sensitive information and systems. They can log user activity too. Application-level filtering may include protection against spam and viruses as well, and be able to block undesirable Web sites based on content rather than just their IP address. [6] Further what we have suggested is to make a separate cluster of clouds for banking sector, educational sector, government bodies (will not contain confidential data). The user has a personal firewall at his end. The central server say for banks as an example consists of a table which consists of the user ID, server id, its name and all the related information through which a governance body can back track the server and the user. When a user tries to connect to a particular server from the cloud then his/her user id sever id source ip and destination ip are saved. The total time of synchronization, packet size being transferred server name and the total lease time in case of a secure connection is saved in the table incase if the user is not able to connect to a server i.e., if the ping shows connection time out we can easily track the server from the central servers routing table. Even the user credentials and the session are secured by SSL technology. Further we can achieve more security by clubbing different security algorithms with SSL [9]. There is a secured connectivity between the user and the central server and between cloud’s servers. Due to double encryption all the security requirements are fulfilled in this model. Tracking the server is also simple because their will be a table which will help us know the cloud id server name, server id and the corresponding organizations name whose server it is. So if the server is not getting connected then we can track it. We also have to standardize all the servers in the cloud for a particular sector like banking sector, the centralized banks and co-operative banks 27
  • 8. International Journal of Advanced Research in Management (IJARM), ISSN 0976 – 6324 (Print), ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012) etc have to come together and use standardized protocols so as to achieve this proposal. Even by standardizing in education sector we can achieve a common place to gain knowledge and we can use the services as according. We have also included the routing table below which depicts the actual scenario. I. CONCLUSION The model we have proposed is having its own advantages in case of security and backup. Due to a middle server technology in between the user and the cloud server we can easily track the user as well as the server in the cloud. We can also nexus both public cloud and private cloud together in one with hybrid clouds. Due to SSL security the security parameters are also taken into consideration. This model can help cloud computing and make it reach new ends. REFERENCES [1] Peter Mell and Tim Grance,”The NIST Definition of Cloud Computing”http://csrc.nist.gov/groups/SNS/cloud-computing/ [2] Architectural Requirements Of The Hybrid Cloud Information Management Online, February 10, 2010 Brian J. Dooley [3] http://cloudstoragestrategy.com/2010/01/cloud-storage-for-the-enterprise---part-2-the-hybrid- cloud.html By Steve Lesem on January 25, 2010 [4] R. Nicole, “Title of paper with only first word capitalized,” J. Name Stand. Abbrev., in press. [5] http://www.wikinvest.com/concept/Software_as_a_Service [6] Tim Mather, Subra Kumaraswamy, and Shahed Latif”Cloud Privacy and security” pp. 529– 551, September 2009: First Edition [7] "IBM Point of View: Security and Cloud Computing"Cloud computing White paper November 2009. [8] Zhidong Shen,2010 2nd International Conference on Signal Processing Systems (ICSPS). [9] Palivela Hemant, Hemant Wani “Development of Servers In Cloud Computin To Solve Issues Related To Security And Backup” (CCIS-IEEE Conference.Beijing ,China). 28