SlideShare une entreprise Scribd logo

Data Security Issues in Cloud Computing

Asad Ali
Asad Ali

A detailed research on what security issues emerge in cloud computing

Technologie
1  sur  10
Télécharger pour lire hors ligne
MANAGEMENT INFORMATION SYSTEMS DATA SECURITY ISSUES IN CLOUD COMPUTING TO SIR AFZAAL AHMED SUBMITTED BY ASAD ALI BBA 8-D 1611224 MID-TERM ASSIGNMENT
Data security issues in cloud computing | Asad Ali Abstract Cloud computing has proven to be essential source of full filling computing needs by giving solutions like networking, storage and developing web applications. However, it still has concerns over security. In the past we have seen a lot of breaches which lead to leaking (which will be discussed in this paper), manipulating and stealing of account credentials and data. In this paper, we discuss about the data security issues with cloud computing, the reasons of breaches and possible countermeasures in order to tackle them. In the end, I would be giving some personal insight of what I think is the future of cloud computing and how this generation and the future one can take full advantage of this technology. Literature Review Cloud computing is a program that allows user to store the data, manage it. It is considered by many as to be one of the most important technologies in the current era (Gartner Inc., 2011). Cloud computing is being done worldwide and has immense amount of potential. It works with minimal human interaction by giving access to a shared pool (e.g. network, storage) which is convenient, prevalent and accessible. Cloud computing acts like a language as well as a distributor which main goal is to provide fast, reliable, and authentic storage of the data. It also allows several users to share their operating system simultaneously (Zhao G, 2009). It helps in saving time, fastening the work of development and enables the user to work according to the environment and adapt to the changes if ever happens. Through effective and efficient computing, it helps in cost reduction too. Cloud computing is a mixture of different services and acts as a technological hub. It provides solution to the users and fulfill their computing needs while the servers acts as storage of data and information. Cloud computing is a mature product while basically represents all the other technological services (Marinos A, 2009). Out of many models, the one that is widely used is prepared by NIST. The cloud computing model defined by NIST consist of three service and four deployment models. If we compared the NIST model to the traditional IT model, the cloud computing model stands out in many ways. Many IT experts say that the one main reason that they don’t use cloud computing model is due to its security reasons (Sun Cloud Architecture Introduction White Paper).
Data security issues in cloud computing | Asad Ali Cloud Computing Model There are five players in the process of cloud computing. A cloud consumer (CS) is the one that receives the service form the cloud provider by paying them. Cloud service provider (CSP) is the one that gives the service to CS. Cloud auditor job is to look after the functions and performance. Cloud broker is the connection between CS and CSP. Cloud carrier provides the connectivity so that CSP can give service to CS. Barriers to adoption Although there are a lot of benefits provided by cloud computing, still there are some things that concern the user. The risk at the security level is the main reason why so many people still don’t opt for cloud computing (From hype to future: KPMG’s 2010 Cloud Computing survey). The data, network and information can be either leaked or hacked. Since it is a newly developed concept, it has a lot uncertainty in it (Rosado DG, 2012). For example, if I have an application of my own but instead of using local server, I am using a server based in United States of America. Now due to huge gap between the server and the application, the uncertainty of the encryption code whether it is solid or not and the server not being local may result to low speed, there are chances that the packets of data might get leaked of changed. Many business executive still have their doubts on cloud service that is why they have come to the conclusion that security is the biggest issue in cloud computing (Mather T, 2009). Cloud Consumer Cloud Auditor Cloud Carrier CloudProvider Cloudbroker
Data security issues in cloud computing | Asad Ali SPI Model SPI model is used to define the process of information technology at three levels, software, infrastructure and platform. The SPI model consists of 3 types of services: Software as a service: It gives consumer the capability to use the software given by the cloud provider to fulfill the computing needs. It can be accessed through an intermediate like web browser. Some examples of SaaS are, Dropbox, Mail Chimp, Hub spot, YouTube etc. Platform as a service: A service provided to the consumer where they can run their own applications without installing any platform. For example, if I run a business and have an application of it. It needs to be accessible 24/7 so that my customers don’t face any problem. In order to that, I would need note.js (a runtime library that is used as service or backend for the software) to run my application. For that I have to be online 24/7 because if I go offline, my application would stop. So the solution to this is provided by Amazon web services, which is an example of PaaS. It gives you a platform where you can upload your application and they will run it for you. For starters it would be free but then they would start charging a minimal fee. Infrastructure as a service: It is service that allows consumer to deploy any kind of application and operating system of their own choice. An example of IaaS can be Google compute engine (GCE). For example, if you are a big organization and want a server with specific attributes so that you can run your application and serve it to your customers. Due to the competition being so SaaS PaaS IaaS Valuevisibilitytoendusers End Users Application Developers Network Architects
Data security issues in cloud computing | Asad Ali extensive, all your load is being handled by the server. Your applications and data are very large in size, so you would need a very high end server in order to store and run your soft wares. Since the servers requires maintenance and it’s very costly, you can hire a third party i.e. IaaS which does it for you in less money. Out of all three, SaaS give the least customer control but gives the most security. PaaS gives more control to customers compared to SaaS due to a little lower degree of conceptualization. IaaS prefers giving control of security to the users. SaaS Security Issues It provides on demand services to the users like email, CRM etc. Since out of all three models, SaaS gives the least control to the users, it do raises security concerns. 1. Application Security: The web application are deployed in SaaS application thrugh web browsers. So any problems in the web application make SaaS applications vulnerable. Hackers use web in order to attack the users’ data in order to change, manipulate and steal it. OWASP has identified many threats that can be faced by SaaS. 2. Multi Tenancy: There are many people who use SaaS applications. Many of their data is kept in the same servers. This may lead to leakage of the data. There should be a separate more powerful server in order to keep the customers data separate from other customers. 3. Data Security: In SaaS, the security is in the hands of the provider. It’s the providers’ job to look after the data while it’s being stored and processed. So this is a major issue since it will concern many customers. Secondly, there are data backups in case of any mishaps. The SaaS providers make the backup themselves but sometimes they offer this job to a third party. Here comes the reliability issue. The third party contractor can either leak or manipulate the data. The data is stored in SaaS servers, so they need to protect, secure and segregate the data. 4. Accessibility: Since all the process is mobile and is done through internet, some major issue that may concern user and the providers are stealing of information through malware, insecure Wi-Fi, complications in operating system and proxy based hacking.
Data security issues in cloud computing | Asad Ali PaaS Security Issues PaaS allows user to deploy their web based application in to their platform. To work, it needs secure network and web browser. There are two security layers that PaaS looks after, one is its own platform and the other is customers’ application. Just like SaaS, PaaS also faces security issues. 1. Third Party Relationships: One more service that PaaS offers is third party web components. So the customer now have to be reliable on not one, but two different security measures on platforms. 2. Development Life Cycle: PaaS platforms gets updated very frequently in order to mitigate the security concerns. Applications that are being developed in the cloud should be also up to date. PaaS developers, for their security of data has to keep up with the system development life cycle (SDLC) i.e. requirements, design, coding, testing and then evaluation. 3. Infrastructure: In SaaS, software is provide to the users while in PaaS, development tools are provided which doesn’t have any security assurance. In Paas, developers’ doesn’t have the security in their hands, it’s completely up to the provider. Iaas Security Issues IaaS provides a lot of services. From networking to storage, all the services are accessed via internet. In IaaS, users are given full control that means most of the security are in users’ hand. Data is much more secured in IaaS as long as there are no loop holes. Some control is with IaaS too. Like looking after storage and network. IaaS providers has to secure their servers in order to minimize the risk of data theft. 1. Virtualization: Usage of multiple operating systems, running multiple application and gathering a lot of information of different servers from one virtual depository is called virtualization. Virtualization adds an extra layer to the security concern because they have multiple boundaries, physical and virtual.
Data security issues in cloud computing | Asad Ali 2. Virtual Machine Monitor: VMM is a low level monitor that isolates virtual machines into a container to make them work independently, this of course reduces the security risks and issues with the VM itself but the monitor is in itself is vulnerable if it gets compromised. Other than that VMM monitor helps with migration between virtual machines, helps with load balancing, fault tolerance and with maintenance by virtualizing the containers. 3. Shared Resource: In an IaaS with multiple virtual machines, the data sharing is an essential feature, it helps to overcome the redundancy and increases the data storage for other important things but on the dark side, VMs are vulnerable to attacks which might result in an unauthorized data sharing of a VM with a network. Security leaks can also cause unintentional sharing of sophisticated data between VMs without reporting through a VMM. 4. Virtual Machine Rollback: Backups is one of the crucial features an IaaS is dependent on. Data loss, compromise or security leaks can be minimized by rolling back the VM to its previous state. This is possible by making frequent snapshots of the current state settings of the machine. Roll backs is the best escape plan but with it comes a compromise with security vulnerabilities and configuration errors. It can include a rolling back to a previous patch which would be vulnerable to hacks. Rolling back will also re-enable the disabled accounts which can result in data loss or security breach. 5. Virtual Networks: In a VM network, a secure approach for a VMs interconnectivity is to assign itself to a host through a physical channel however most of the hypervisors use virtual networks for it but this results in security breaches by hackers using sniffing and spoofing packets between the VM sharing the data. Countermeasures 1. Digital Signatures: In order to secure the data, digital signatures with RSA algorithm should be used as it is said to be the most reliable one. The decryption can only be done by the person who has encrypted it. Other personnel would be needing a lot of information in order to crack it. 2. Web application scanners: Web applications are a very easy target. They are open to masses and can be attacked by anyone. Web application scanner is used to scan the
Data security issues in cloud computing | Asad Ali application and look for the possible vulnerabilities regarding security. By scanning, we can stop the manipulation of the customers’ data. 3. Virtual Network Security: In a paper by Wu et al. (2010), a frame work is presented that can be used to secure the communication between virtual machines. In order to prevent sniffing and spoofing, a virtual network model is used that can route the firewalls and networks. Infamous cloud security breaches Microsoft: In 2010, there was breach at Microsoft due to which all the business contact information was made available to the public. It was traced back to its own Business Productivity Online Suite (BPOS). The problem was solved within two hours but how long ago was the breach made, that is yet to be known. However, Microsoft used its technology to erase the data from the users servers who might have accidently downloaded it. People started to have second thoughts regarding Microsoft cloud services i.e. Office 365. Dropbox: The consequences that Dropbox faced after the breach was opened to the public after four years. In 2012, hackers attacked their cloud service and tapped more than 68 million accounts including their credentials and information. Later it was being sold at black market for more than $1000 apiece. More than 5 gigabytes of data was stolen. They countered it by requesting their user base to change their passwords and giving hopes to its customer about data security in future. LinkedIn: LinkedIn faced bad luck when within the span of 4 years, their system was breached twice. In 2012, around 6 million accounts were stolen and were later posted on a Russian forum. In 2016, around 167 million passwords were hacked and were being sold at black market. They requested their users to change their passwords and also came up with a solution. They introduced two way authentication. When a person logs in in to LinkedIn, they would require to enter the password as well as the security code which they will receive on their mobile phones.
Data security issues in cloud computing | Asad Ali Apple iCloud: The breach that Apple faced is still the most high profile theft. The pictures of famous celebrities like Jennifer Lawrence, Kate Upton etc. were leaked and posted at online platforms. First it was thought that there individual cell phones were hacked, but later it was notified that iCloud faced a breach. They urged their customers to imply stronger passwords. The solution that they came up with is that the users will receive a notification if any suspicious activity were to be found. Conclusion Cloud Computing is the new breed of technology which is proving to be a life changer for the users. It will help organizations to organize and secure their data. Although it has a lot benefits as discussed above, the security issues are very alarming. We have discussed issues regarding SPI model separately. As mentioned in the paper, the security of virtualization and storage are the biggest concerns. In Pakistan, cloud computing is still unknown to the human kind. The biggest reason is due to lack of technological education. Government should expose the citizen to the cloud world. Big companies can invest their money in introducing cloud computing to Pakistan. Since it is an untapped market, the businesses as well as the people will gain a lot from it Future Research Data security and privacy protection issues are very concerning. The objective should be to develop a framework across all cloud services. Since there are a lot of employees in a work place, a proper management should be done so that any breach from an employee or an ex-employee could not take place. There should be a strict policy against unauthorized access. Responsibility based security assurance systems will accomplish real-time inform, approval and evaluating for the information proprietors when their private information being gotten to. Personal Reflection Nowadays, having a cloud service is very important for people. Not only accessing their services related to web applications but also storage. Many people use iCloud, Google drive etc. in order to save their work or pictures in order to keep their memories save with them. I personally have seen people around me facing issues regarding iCloud security. Although with this many concerns, it should be deemed unreliable, but the fact that it is cost and time saving cannot be ignored.
Data security issues in cloud computing | Asad Ali References 1. Gartner Inc. (2011): Gartner identifies the Top 10 strategic technologies. 2. Zhao G, Liu J, Tang Y, Sun W, Zhang F, Ye X, Tang N (2009): Cloud Computing: A Statistics Aspect of Users. In First International Conference on Cloud Computing (CloudCom), Beijing, China. Heidelberg: Springer Berlin; 347–358. 3. Marinos A, Briscoe G (2009): Community Cloud Computing. In 1st International Conference on Cloud Computing (CloudCom), Beijing, China. Heidelberg: Springer- Verlag Berlin. 4. KPMG: From hype to future: KPMG’s 2010 Cloud Computing survey. 5. Rosado DG, Gómez R, Mellado D, Fernández-Medina E (2012): Security analysis in the migration to cloud environments. Future Internet, 4(2):469–487. 6. Mather T, Kumaraswamy S, Latif S (2009): Cloud Security and Privacy. Sebastopol, CA: O’Reilly Media, Inc. 7. Jasti A, Shah P, Nagaraj R, Pendse R (2010): Security in multi-tenancy cloud. In IEEE International Carnahan Conference on Security Technology (ICCST), KS, USA. Washington, DC, USA: IEEE Computer Society; 35–41. (“Data security and privacy protection issues in cloud computing,”). Retrieved from: 8. http://tarjomefa.com/wp-content/uploads/2017/07/7186-English-TarjomeFa.pdf (“An Analysis of security issues for cloud computing,”). Retrieved from: 9. https://link.springer.com/article/10.1186/1869-0238-4-5 (“7 Most infamous cloud security breaches,”). Retrieved from: 10. https://blog.storagecraft.com/7-infamous-cloud-security-breaches/

Recommandé

Cloud Security Issues 1.04.10
Cloud Security Issues 1.04.10Cloud Security Issues 1.04.10
Cloud Security Issues 1.04.10
Rugby7277
 
Cloud security
Cloud security Cloud security
Cloud security
Mohamed Shalash
 
Collaborating Using Cloud Services
Collaborating Using Cloud ServicesCollaborating Using Cloud Services
Collaborating Using Cloud Services
Dr. Sunil Kr. Pandey
 
Privacy Issues In Cloud Computing
Privacy Issues In Cloud ComputingPrivacy Issues In Cloud Computing
Privacy Issues In Cloud Computing
iosrjce
 
Privacy Issues of Cloud Computing in the Federal Sector
Privacy Issues of Cloud Computing in the Federal SectorPrivacy Issues of Cloud Computing in the Federal Sector
Privacy Issues of Cloud Computing in the Federal Sector
Lew Oleinick
 
Cloud Computing Security Issues
Cloud Computing Security Issues Cloud Computing Security Issues
Cloud Computing Security Issues
Discover Cloud Computing
 
Privacy issues in the cloud final
Privacy issues in the cloud finalPrivacy issues in the cloud final
Privacy issues in the cloud final
guest50a642f
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
Dheeraj Negi
 

Recommandé

Cloud Security Issues 1.04.10
Cloud Security Issues 1.04.10Cloud Security Issues 1.04.10
Cloud Security Issues 1.04.10
Rugby7277
 
Cloud security
Cloud security Cloud security
Cloud security
Mohamed Shalash
 
Collaborating Using Cloud Services
Collaborating Using Cloud ServicesCollaborating Using Cloud Services
Collaborating Using Cloud Services
Dr. Sunil Kr. Pandey
 
Privacy Issues In Cloud Computing
Privacy Issues In Cloud ComputingPrivacy Issues In Cloud Computing
Privacy Issues In Cloud Computing
iosrjce
 
Privacy Issues of Cloud Computing in the Federal Sector
Privacy Issues of Cloud Computing in the Federal SectorPrivacy Issues of Cloud Computing in the Federal Sector
Privacy Issues of Cloud Computing in the Federal Sector
Lew Oleinick
 
Cloud Computing Security Issues
Cloud Computing Security Issues Cloud Computing Security Issues
Cloud Computing Security Issues
Discover Cloud Computing
 
Privacy issues in the cloud final
Privacy issues in the cloud finalPrivacy issues in the cloud final
Privacy issues in the cloud final
guest50a642f
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
Dheeraj Negi
 
Digital Asset Management with ES4
Digital Asset Management with ES4Digital Asset Management with ES4
Digital Asset Management with ES4
Activo Consulting
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and Applications
Dr. Sunil Kr. Pandey
 
Cloud computing-security-issues
Cloud computing-security-issuesCloud computing-security-issues
Cloud computing-security-issues
Aleem Mohammed
 
DAM 2018 Review, What's next 2019 ?
DAM 2018 Review, What's next 2019 ?DAM 2018 Review, What's next 2019 ?
DAM 2018 Review, What's next 2019 ?
Activo Consulting
 
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...
Amazon Web Services
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
Kresimir Popovic
 
Cloud computing
Cloud computingCloud computing
Cloud computing
Abhijit Bilgi
 
Security Issues in Cloud Computing
Security Issues in Cloud ComputingSecurity Issues in Cloud Computing
Security Issues in Cloud Computing
Jyotika Pandey
 
Cloud Services: Types of Cloud
Cloud Services: Types of CloudCloud Services: Types of Cloud
Cloud Services: Types of Cloud
Dr. Sunil Kr. Pandey
 
Introduction to Cloud Computing and Security
Introduction to Cloud Computing and SecurityIntroduction to Cloud Computing and Security
Introduction to Cloud Computing and Security
Oran Epelbaum
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
Raj Sarode
 
Cloud Computing Security Issues in Infrastructure as a Service”
Cloud Computing Security Issues in Infrastructure as a Service”Cloud Computing Security Issues in Infrastructure as a Service”
Cloud Computing Security Issues in Infrastructure as a Service”
Vivek Maurya
 
Evaluation Of The Data Security Methods In Cloud Computing Environments
Evaluation Of The Data Security Methods In Cloud Computing EnvironmentsEvaluation Of The Data Security Methods In Cloud Computing Environments
Evaluation Of The Data Security Methods In Cloud Computing Environments
ijfcstjournal
 
Cloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksCloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and Risks
William McBorrough
 
Cloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing CapabilitiesCloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing Capabilities
SusanneT
 
DALIM SOFTWARE GmbH Keynote TechLab DAM NY 2017
DALIM SOFTWARE GmbH Keynote TechLab DAM NY 2017DALIM SOFTWARE GmbH Keynote TechLab DAM NY 2017
DALIM SOFTWARE GmbH Keynote TechLab DAM NY 2017
Activo Consulting
 
Data Security and Privacy in Cloud Computing
Data Security and Privacy in Cloud ComputingData Security and Privacy in Cloud Computing
Data Security and Privacy in Cloud Computing
Gaurav kumar rai - student
 
Cloud computing understanding security risk and management
Cloud computing understanding security risk and managementCloud computing understanding security risk and management
Cloud computing understanding security risk and management
Shamsundar Machale (CISSP, CEH)
 
A proficient 5 c approach to boost the security in the saas model's technical...
A proficient 5 c approach to boost the security in the saas model's technical...A proficient 5 c approach to boost the security in the saas model's technical...
A proficient 5 c approach to boost the security in the saas model's technical...
ijccsa
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computing
Prince Chandu
 
Security for Effective Data Storage in Multi Clouds
Security for Effective Data Storage in Multi CloudsSecurity for Effective Data Storage in Multi Clouds
Security for Effective Data Storage in Multi Clouds
Editor IJCATR
 
A Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingA Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud Computing
IRJET Journal
 

Contenu connexe

Tendances

Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
Kresimir Popovic
 
Cloud Computing Security Issues in Infrastructure as a Service”
Cloud Computing Security Issues in Infrastructure as a Service”Cloud Computing Security Issues in Infrastructure as a Service”
Cloud Computing Security Issues in Infrastructure as a Service”
Vivek Maurya
 
A proficient 5 c approach to boost the security in the saas model's technical...
A proficient 5 c approach to boost the security in the saas model's technical...A proficient 5 c approach to boost the security in the saas model's technical...
A proficient 5 c approach to boost the security in the saas model's technical...
ijccsa
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computing
Prince Chandu
 

Tendances (20)

Digital Asset Management with ES4
Digital Asset Management with ES4Digital Asset Management with ES4
Digital Asset Management with ES4
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and Applications
 
Cloud computing-security-issues
Cloud computing-security-issuesCloud computing-security-issues
Cloud computing-security-issues
 
DAM 2018 Review, What's next 2019 ?
DAM 2018 Review, What's next 2019 ?DAM 2018 Review, What's next 2019 ?
DAM 2018 Review, What's next 2019 ?
 
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Security Issues in Cloud Computing
Security Issues in Cloud ComputingSecurity Issues in Cloud Computing
Security Issues in Cloud Computing
 
Cloud Services: Types of Cloud
Cloud Services: Types of CloudCloud Services: Types of Cloud
Cloud Services: Types of Cloud
 
Introduction to Cloud Computing and Security
Introduction to Cloud Computing and SecurityIntroduction to Cloud Computing and Security
Introduction to Cloud Computing and Security
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
Cloud Computing Security Issues in Infrastructure as a Service”
Cloud Computing Security Issues in Infrastructure as a Service”Cloud Computing Security Issues in Infrastructure as a Service”
Cloud Computing Security Issues in Infrastructure as a Service”
 
Evaluation Of The Data Security Methods In Cloud Computing Environments
Evaluation Of The Data Security Methods In Cloud Computing EnvironmentsEvaluation Of The Data Security Methods In Cloud Computing Environments
Evaluation Of The Data Security Methods In Cloud Computing Environments
 
Cloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksCloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and Risks
 
Cloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing CapabilitiesCloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing Capabilities
 
DALIM SOFTWARE GmbH Keynote TechLab DAM NY 2017
DALIM SOFTWARE GmbH Keynote TechLab DAM NY 2017DALIM SOFTWARE GmbH Keynote TechLab DAM NY 2017
DALIM SOFTWARE GmbH Keynote TechLab DAM NY 2017
 
Data Security and Privacy in Cloud Computing
Data Security and Privacy in Cloud ComputingData Security and Privacy in Cloud Computing
Data Security and Privacy in Cloud Computing
 
Cloud computing understanding security risk and management
Cloud computing understanding security risk and managementCloud computing understanding security risk and management
Cloud computing understanding security risk and management
 
A proficient 5 c approach to boost the security in the saas model's technical...
A proficient 5 c approach to boost the security in the saas model's technical...A proficient 5 c approach to boost the security in the saas model's technical...
A proficient 5 c approach to boost the security in the saas model's technical...
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computing
 

Similaire à Data Security Issues in Cloud Computing

Security for Effective Data Storage in Multi Clouds
Security for Effective Data Storage in Multi CloudsSecurity for Effective Data Storage in Multi Clouds
Security for Effective Data Storage in Multi Clouds
Editor IJCATR
 
Security of Data in Cloud Environment Using DPaaS
Security of Data in Cloud Environment Using DPaaSSecurity of Data in Cloud Environment Using DPaaS
Security of Data in Cloud Environment Using DPaaS
IJMER
 
The text defines three service layers when describing Cloud Computin.pdf
The text defines three service layers when describing Cloud Computin.pdfThe text defines three service layers when describing Cloud Computin.pdf
The text defines three service layers when describing Cloud Computin.pdf
arihanthtextiles
 
Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...
Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...
Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...
IIJSRJournal
 
Cloud Computing Applications and Benefits for Small Businesses .docx
Cloud Computing Applications and Benefits for Small Businesses .docxCloud Computing Applications and Benefits for Small Businesses .docx
Cloud Computing Applications and Benefits for Small Businesses .docx
clarebernice
 
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Editor IJMTER
 
Cloud computing Paper
Cloud computing Paper Cloud computing Paper
Cloud computing Paper
Assem mousa
 

Similaire à Data Security Issues in Cloud Computing (20)

Security for Effective Data Storage in Multi Clouds
Security for Effective Data Storage in Multi CloudsSecurity for Effective Data Storage in Multi Clouds
Security for Effective Data Storage in Multi Clouds
 
A Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingA Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud Computing
 
Cloud Computing By Faisal Shehzad
Cloud Computing By Faisal ShehzadCloud Computing By Faisal Shehzad
Cloud Computing By Faisal Shehzad
 
Security of Data in Cloud Environment Using DPaaS
Security of Data in Cloud Environment Using DPaaSSecurity of Data in Cloud Environment Using DPaaS
Security of Data in Cloud Environment Using DPaaS
 
The text defines three service layers when describing Cloud Computin.pdf
The text defines three service layers when describing Cloud Computin.pdfThe text defines three service layers when describing Cloud Computin.pdf
The text defines three service layers when describing Cloud Computin.pdf
 
IRJET - Multitenancy using Cloud Computing Features
IRJET - Multitenancy using Cloud Computing FeaturesIRJET - Multitenancy using Cloud Computing Features
IRJET - Multitenancy using Cloud Computing Features
 
SecSecuring Software as a Service Model of Cloud Computing: Issues and Solutions
SecSecuring Software as a Service Model of Cloud Computing: Issues and SolutionsSecSecuring Software as a Service Model of Cloud Computing: Issues and Solutions
SecSecuring Software as a Service Model of Cloud Computing: Issues and Solutions
 
How secured and safe is Cloud?
How secured and safe is Cloud?How secured and safe is Cloud?
How secured and safe is Cloud?
 
cloud-saas.pptx
cloud-saas.pptxcloud-saas.pptx
cloud-saas.pptx
 
Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...
Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...
Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...
 
Cloud Computing Applications and Benefits for Small Businesses .docx
Cloud Computing Applications and Benefits for Small Businesses .docxCloud Computing Applications and Benefits for Small Businesses .docx
Cloud Computing Applications and Benefits for Small Businesses .docx
 
Cloud Computing & Security Concerns
Cloud Computing & Security ConcernsCloud Computing & Security Concerns
Cloud Computing & Security Concerns
 
The Cloud Of Cloud Computing Essay
The Cloud Of Cloud Computing EssayThe Cloud Of Cloud Computing Essay
The Cloud Of Cloud Computing Essay
 
A Detailed Analysis of the Issues and Solutions for Securing Data in Cloud
A Detailed Analysis of the Issues and Solutions for Securing Data in CloudA Detailed Analysis of the Issues and Solutions for Securing Data in Cloud
A Detailed Analysis of the Issues and Solutions for Securing Data in Cloud
 
Ad4502189193
Ad4502189193Ad4502189193
Ad4502189193
 
improve cloud security
improve cloud securityimprove cloud security
improve cloud security
 
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
 
Cloud computing Paper
Cloud computing Paper Cloud computing Paper
Cloud computing Paper
 
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 

Plus de Asad Ali

Plus de Asad Ali (15)

Media management project
Media management projectMedia management project
Media management project
 
Rebirth
RebirthRebirth
Rebirth
 
Thesis
ThesisThesis
Thesis
 
iScream - Challenges and solution to beat the competition
iScream - Challenges and solution to beat the competitioniScream - Challenges and solution to beat the competition
iScream - Challenges and solution to beat the competition
 
Money & Banking - How Independent is SBP
Money & Banking - How Independent is SBPMoney & Banking - How Independent is SBP
Money & Banking - How Independent is SBP
 
Introduction to business finance - Financial technology
Introduction to business finance - Financial technologyIntroduction to business finance - Financial technology
Introduction to business finance - Financial technology
 
How to Win Friends & Influence People – Part 3 & 4
How to Win Friends & Influence People – Part 3 & 4How to Win Friends & Influence People – Part 3 & 4
How to Win Friends & Influence People – Part 3 & 4
 
Financial Analysis of "Gul Ahmed ltd"
Financial Analysis of "Gul Ahmed ltd"Financial Analysis of "Gul Ahmed ltd"
Financial Analysis of "Gul Ahmed ltd"
 
Chocolate Questionnaire Focus Group Questionnaire – Hard Paper
Chocolate Questionnaire Focus Group Questionnaire – Hard PaperChocolate Questionnaire Focus Group Questionnaire – Hard Paper
Chocolate Questionnaire Focus Group Questionnaire – Hard Paper
 
Term Paper - Current strategic management issues
Term Paper - Current strategic management issuesTerm Paper - Current strategic management issues
Term Paper - Current strategic management issues
 
Company Analysis - Bachaa Party
Company Analysis - Bachaa PartyCompany Analysis - Bachaa Party
Company Analysis - Bachaa Party
 
McDonalds in Pakistan - Economic Analysis and Company Structure
McDonalds in Pakistan - Economic Analysis and Company StructureMcDonalds in Pakistan - Economic Analysis and Company Structure
McDonalds in Pakistan - Economic Analysis and Company Structure
 
Consumer behavior - An Introduction
Consumer behavior - An IntroductionConsumer behavior - An Introduction
Consumer behavior - An Introduction
 
Culture of pakistan - An Introduction
Culture of pakistan - An IntroductionCulture of pakistan - An Introduction
Culture of pakistan - An Introduction
 
Case Study: How Porsche created new relevance or a revered icon.
Case Study: How Porsche created new relevance or a revered icon.Case Study: How Porsche created new relevance or a revered icon.
Case Study: How Porsche created new relevance or a revered icon.
 

Dernier

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Dernier (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

Data Security Issues in Cloud Computing

  • 1. MANAGEMENT INFORMATION SYSTEMS DATA SECURITY ISSUES IN CLOUD COMPUTING TO SIR AFZAAL AHMED SUBMITTED BY ASAD ALI BBA 8-D 1611224 MID-TERM ASSIGNMENT
  • 2. Data security issues in cloud computing | Asad Ali Abstract Cloud computing has proven to be essential source of full filling computing needs by giving solutions like networking, storage and developing web applications. However, it still has concerns over security. In the past we have seen a lot of breaches which lead to leaking (which will be discussed in this paper), manipulating and stealing of account credentials and data. In this paper, we discuss about the data security issues with cloud computing, the reasons of breaches and possible countermeasures in order to tackle them. In the end, I would be giving some personal insight of what I think is the future of cloud computing and how this generation and the future one can take full advantage of this technology. Literature Review Cloud computing is a program that allows user to store the data, manage it. It is considered by many as to be one of the most important technologies in the current era (Gartner Inc., 2011). Cloud computing is being done worldwide and has immense amount of potential. It works with minimal human interaction by giving access to a shared pool (e.g. network, storage) which is convenient, prevalent and accessible. Cloud computing acts like a language as well as a distributor which main goal is to provide fast, reliable, and authentic storage of the data. It also allows several users to share their operating system simultaneously (Zhao G, 2009). It helps in saving time, fastening the work of development and enables the user to work according to the environment and adapt to the changes if ever happens. Through effective and efficient computing, it helps in cost reduction too. Cloud computing is a mixture of different services and acts as a technological hub. It provides solution to the users and fulfill their computing needs while the servers acts as storage of data and information. Cloud computing is a mature product while basically represents all the other technological services (Marinos A, 2009). Out of many models, the one that is widely used is prepared by NIST. The cloud computing model defined by NIST consist of three service and four deployment models. If we compared the NIST model to the traditional IT model, the cloud computing model stands out in many ways. Many IT experts say that the one main reason that they don’t use cloud computing model is due to its security reasons (Sun Cloud Architecture Introduction White Paper).
  • 3. Data security issues in cloud computing | Asad Ali Cloud Computing Model There are five players in the process of cloud computing. A cloud consumer (CS) is the one that receives the service form the cloud provider by paying them. Cloud service provider (CSP) is the one that gives the service to CS. Cloud auditor job is to look after the functions and performance. Cloud broker is the connection between CS and CSP. Cloud carrier provides the connectivity so that CSP can give service to CS. Barriers to adoption Although there are a lot of benefits provided by cloud computing, still there are some things that concern the user. The risk at the security level is the main reason why so many people still don’t opt for cloud computing (From hype to future: KPMG’s 2010 Cloud Computing survey). The data, network and information can be either leaked or hacked. Since it is a newly developed concept, it has a lot uncertainty in it (Rosado DG, 2012). For example, if I have an application of my own but instead of using local server, I am using a server based in United States of America. Now due to huge gap between the server and the application, the uncertainty of the encryption code whether it is solid or not and the server not being local may result to low speed, there are chances that the packets of data might get leaked of changed. Many business executive still have their doubts on cloud service that is why they have come to the conclusion that security is the biggest issue in cloud computing (Mather T, 2009). Cloud Consumer Cloud Auditor Cloud Carrier CloudProvider Cloudbroker
  • 4. Data security issues in cloud computing | Asad Ali SPI Model SPI model is used to define the process of information technology at three levels, software, infrastructure and platform. The SPI model consists of 3 types of services: Software as a service: It gives consumer the capability to use the software given by the cloud provider to fulfill the computing needs. It can be accessed through an intermediate like web browser. Some examples of SaaS are, Dropbox, Mail Chimp, Hub spot, YouTube etc. Platform as a service: A service provided to the consumer where they can run their own applications without installing any platform. For example, if I run a business and have an application of it. It needs to be accessible 24/7 so that my customers don’t face any problem. In order to that, I would need note.js (a runtime library that is used as service or backend for the software) to run my application. For that I have to be online 24/7 because if I go offline, my application would stop. So the solution to this is provided by Amazon web services, which is an example of PaaS. It gives you a platform where you can upload your application and they will run it for you. For starters it would be free but then they would start charging a minimal fee. Infrastructure as a service: It is service that allows consumer to deploy any kind of application and operating system of their own choice. An example of IaaS can be Google compute engine (GCE). For example, if you are a big organization and want a server with specific attributes so that you can run your application and serve it to your customers. Due to the competition being so SaaS PaaS IaaS Valuevisibilitytoendusers End Users Application Developers Network Architects
  • 5. Data security issues in cloud computing | Asad Ali extensive, all your load is being handled by the server. Your applications and data are very large in size, so you would need a very high end server in order to store and run your soft wares. Since the servers requires maintenance and it’s very costly, you can hire a third party i.e. IaaS which does it for you in less money. Out of all three, SaaS give the least customer control but gives the most security. PaaS gives more control to customers compared to SaaS due to a little lower degree of conceptualization. IaaS prefers giving control of security to the users. SaaS Security Issues It provides on demand services to the users like email, CRM etc. Since out of all three models, SaaS gives the least control to the users, it do raises security concerns. 1. Application Security: The web application are deployed in SaaS application thrugh web browsers. So any problems in the web application make SaaS applications vulnerable. Hackers use web in order to attack the users’ data in order to change, manipulate and steal it. OWASP has identified many threats that can be faced by SaaS. 2. Multi Tenancy: There are many people who use SaaS applications. Many of their data is kept in the same servers. This may lead to leakage of the data. There should be a separate more powerful server in order to keep the customers data separate from other customers. 3. Data Security: In SaaS, the security is in the hands of the provider. It’s the providers’ job to look after the data while it’s being stored and processed. So this is a major issue since it will concern many customers. Secondly, there are data backups in case of any mishaps. The SaaS providers make the backup themselves but sometimes they offer this job to a third party. Here comes the reliability issue. The third party contractor can either leak or manipulate the data. The data is stored in SaaS servers, so they need to protect, secure and segregate the data. 4. Accessibility: Since all the process is mobile and is done through internet, some major issue that may concern user and the providers are stealing of information through malware, insecure Wi-Fi, complications in operating system and proxy based hacking.
  • 6. Data security issues in cloud computing | Asad Ali PaaS Security Issues PaaS allows user to deploy their web based application in to their platform. To work, it needs secure network and web browser. There are two security layers that PaaS looks after, one is its own platform and the other is customers’ application. Just like SaaS, PaaS also faces security issues. 1. Third Party Relationships: One more service that PaaS offers is third party web components. So the customer now have to be reliable on not one, but two different security measures on platforms. 2. Development Life Cycle: PaaS platforms gets updated very frequently in order to mitigate the security concerns. Applications that are being developed in the cloud should be also up to date. PaaS developers, for their security of data has to keep up with the system development life cycle (SDLC) i.e. requirements, design, coding, testing and then evaluation. 3. Infrastructure: In SaaS, software is provide to the users while in PaaS, development tools are provided which doesn’t have any security assurance. In Paas, developers’ doesn’t have the security in their hands, it’s completely up to the provider. Iaas Security Issues IaaS provides a lot of services. From networking to storage, all the services are accessed via internet. In IaaS, users are given full control that means most of the security are in users’ hand. Data is much more secured in IaaS as long as there are no loop holes. Some control is with IaaS too. Like looking after storage and network. IaaS providers has to secure their servers in order to minimize the risk of data theft. 1. Virtualization: Usage of multiple operating systems, running multiple application and gathering a lot of information of different servers from one virtual depository is called virtualization. Virtualization adds an extra layer to the security concern because they have multiple boundaries, physical and virtual.
  • 7. Data security issues in cloud computing | Asad Ali 2. Virtual Machine Monitor: VMM is a low level monitor that isolates virtual machines into a container to make them work independently, this of course reduces the security risks and issues with the VM itself but the monitor is in itself is vulnerable if it gets compromised. Other than that VMM monitor helps with migration between virtual machines, helps with load balancing, fault tolerance and with maintenance by virtualizing the containers. 3. Shared Resource: In an IaaS with multiple virtual machines, the data sharing is an essential feature, it helps to overcome the redundancy and increases the data storage for other important things but on the dark side, VMs are vulnerable to attacks which might result in an unauthorized data sharing of a VM with a network. Security leaks can also cause unintentional sharing of sophisticated data between VMs without reporting through a VMM. 4. Virtual Machine Rollback: Backups is one of the crucial features an IaaS is dependent on. Data loss, compromise or security leaks can be minimized by rolling back the VM to its previous state. This is possible by making frequent snapshots of the current state settings of the machine. Roll backs is the best escape plan but with it comes a compromise with security vulnerabilities and configuration errors. It can include a rolling back to a previous patch which would be vulnerable to hacks. Rolling back will also re-enable the disabled accounts which can result in data loss or security breach. 5. Virtual Networks: In a VM network, a secure approach for a VMs interconnectivity is to assign itself to a host through a physical channel however most of the hypervisors use virtual networks for it but this results in security breaches by hackers using sniffing and spoofing packets between the VM sharing the data. Countermeasures 1. Digital Signatures: In order to secure the data, digital signatures with RSA algorithm should be used as it is said to be the most reliable one. The decryption can only be done by the person who has encrypted it. Other personnel would be needing a lot of information in order to crack it. 2. Web application scanners: Web applications are a very easy target. They are open to masses and can be attacked by anyone. Web application scanner is used to scan the
  • 8. Data security issues in cloud computing | Asad Ali application and look for the possible vulnerabilities regarding security. By scanning, we can stop the manipulation of the customers’ data. 3. Virtual Network Security: In a paper by Wu et al. (2010), a frame work is presented that can be used to secure the communication between virtual machines. In order to prevent sniffing and spoofing, a virtual network model is used that can route the firewalls and networks. Infamous cloud security breaches Microsoft: In 2010, there was breach at Microsoft due to which all the business contact information was made available to the public. It was traced back to its own Business Productivity Online Suite (BPOS). The problem was solved within two hours but how long ago was the breach made, that is yet to be known. However, Microsoft used its technology to erase the data from the users servers who might have accidently downloaded it. People started to have second thoughts regarding Microsoft cloud services i.e. Office 365. Dropbox: The consequences that Dropbox faced after the breach was opened to the public after four years. In 2012, hackers attacked their cloud service and tapped more than 68 million accounts including their credentials and information. Later it was being sold at black market for more than $1000 apiece. More than 5 gigabytes of data was stolen. They countered it by requesting their user base to change their passwords and giving hopes to its customer about data security in future. LinkedIn: LinkedIn faced bad luck when within the span of 4 years, their system was breached twice. In 2012, around 6 million accounts were stolen and were later posted on a Russian forum. In 2016, around 167 million passwords were hacked and were being sold at black market. They requested their users to change their passwords and also came up with a solution. They introduced two way authentication. When a person logs in in to LinkedIn, they would require to enter the password as well as the security code which they will receive on their mobile phones.
  • 9. Data security issues in cloud computing | Asad Ali Apple iCloud: The breach that Apple faced is still the most high profile theft. The pictures of famous celebrities like Jennifer Lawrence, Kate Upton etc. were leaked and posted at online platforms. First it was thought that there individual cell phones were hacked, but later it was notified that iCloud faced a breach. They urged their customers to imply stronger passwords. The solution that they came up with is that the users will receive a notification if any suspicious activity were to be found. Conclusion Cloud Computing is the new breed of technology which is proving to be a life changer for the users. It will help organizations to organize and secure their data. Although it has a lot benefits as discussed above, the security issues are very alarming. We have discussed issues regarding SPI model separately. As mentioned in the paper, the security of virtualization and storage are the biggest concerns. In Pakistan, cloud computing is still unknown to the human kind. The biggest reason is due to lack of technological education. Government should expose the citizen to the cloud world. Big companies can invest their money in introducing cloud computing to Pakistan. Since it is an untapped market, the businesses as well as the people will gain a lot from it Future Research Data security and privacy protection issues are very concerning. The objective should be to develop a framework across all cloud services. Since there are a lot of employees in a work place, a proper management should be done so that any breach from an employee or an ex-employee could not take place. There should be a strict policy against unauthorized access. Responsibility based security assurance systems will accomplish real-time inform, approval and evaluating for the information proprietors when their private information being gotten to. Personal Reflection Nowadays, having a cloud service is very important for people. Not only accessing their services related to web applications but also storage. Many people use iCloud, Google drive etc. in order to save their work or pictures in order to keep their memories save with them. I personally have seen people around me facing issues regarding iCloud security. Although with this many concerns, it should be deemed unreliable, but the fact that it is cost and time saving cannot be ignored.
  • 10. Data security issues in cloud computing | Asad Ali References 1. Gartner Inc. (2011): Gartner identifies the Top 10 strategic technologies. 2. Zhao G, Liu J, Tang Y, Sun W, Zhang F, Ye X, Tang N (2009): Cloud Computing: A Statistics Aspect of Users. In First International Conference on Cloud Computing (CloudCom), Beijing, China. Heidelberg: Springer Berlin; 347–358. 3. Marinos A, Briscoe G (2009): Community Cloud Computing. In 1st International Conference on Cloud Computing (CloudCom), Beijing, China. Heidelberg: Springer- Verlag Berlin. 4. KPMG: From hype to future: KPMG’s 2010 Cloud Computing survey. 5. Rosado DG, Gómez R, Mellado D, Fernández-Medina E (2012): Security analysis in the migration to cloud environments. Future Internet, 4(2):469–487. 6. Mather T, Kumaraswamy S, Latif S (2009): Cloud Security and Privacy. Sebastopol, CA: O’Reilly Media, Inc. 7. Jasti A, Shah P, Nagaraj R, Pendse R (2010): Security in multi-tenancy cloud. In IEEE International Carnahan Conference on Security Technology (ICCST), KS, USA. Washington, DC, USA: IEEE Computer Society; 35–41. (“Data security and privacy protection issues in cloud computing,”). Retrieved from: 8. http://tarjomefa.com/wp-content/uploads/2017/07/7186-English-TarjomeFa.pdf (“An Analysis of security issues for cloud computing,”). Retrieved from: 9. https://link.springer.com/article/10.1186/1869-0238-4-5 (“7 Most infamous cloud security breaches,”). Retrieved from: 10. https://blog.storagecraft.com/7-infamous-cloud-security-breaches/