Brodkin, J. (2008). Gartner: Seven cloud-Computing security risks. Infoworld, pp. 1 -- 3.
Carlin, S. & Curran, K. (2011). Cloud computing security. International Journal Of Ambient Computing And Intelligence (IJACI), 3 (1), pp. 14 -- 19.
Cloud Computing Benefits, risks and recommendations for information security. (2009). [e-book] Available through: ENISA https://resilience.enisa.europa.eu/cloud-security-and-resilience/publications/cloud-computing-benefits-risks-and-recommendations-for-information-security [Accessed: 24 Mar 2014].
Cloudsecurityalliance.org. (2011). Top threats to cloud computing: cloud security alliance. [online] Retrieved from: https://cloudsecurityalliance.org/research/top-threats [Accessed: 24 Mar 2014].
Feng, D., Zhang, M., Zhang, Y. & Xu, Z. (2011). Study on cloud computing security. Journal Of Software, 22 (1), pp. 71 -- 83.
Grobauer, B., Walloschek, T. & Stocker, E. (2011). Understanding cloud computing vulnerabilities. Security & Privacy, IEEE, 9 (2), pp. 50 -- 57.
Jamil, D. & Zaki, H. (2011). CLOUD COMPUTING SECURITY. International Journal Of Engineering Science & Technology, 3 (4).
Jasti, A., Shah, P., Nagaraj, R. & Pendse, R. (2010). "Security in multi-tenancy cloud.," paper presented atIEEE International Carnahan Conference on Security Technology (ICCST). KS, USA, Washington, DC, USA: IEEE Computer Society,, p. 35 -- 41.
Kaufman, L.M. (2009). Data security in the world of cloud computing. Security & Privacy, IEEE, 7 (4), pp. 61 -- 64.
Keene, C. (2009). The Keene View on Cloud Computing: What Is Platform as a Service (PaaS)?. [online] Retrieved from: http://www.keeneview.com/2009/03/what-is-platform-as-service-paas.html. [Accessed: 24 Mar 2014].
Mather, T., Kumaraswamy, S. & Latif, S. (2009). Cloud security and privacy. Beijing: O'reilly.
Ogigau-Neamtiu, F. (2012). CLOUD COMPUTING SECURITY ISSUES. Journal Of Defense Resources Management, 3 (2).
Onwubiko, C. (2010). Security issues to cloud computing. In: Antonopoulos, N. & Gilam, L. eds. (2010).Cloud computing: principles, systems & applications. Springer-Verlag,.
Owasp.org. (2010). Category:OWASP Top Ten Project - OWASP. [online] Retrieved from: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project [Accessed: 24 Mar 2014].
Ristenpart, T., Tromer, E., Shacham, H. & Savage, S. (2009). "Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds," paper presented at Proceedings of the 16th ACM conference on Computer and communications security,. Chicago, Illinois, USA., ACM: New York, NY, USA, p. 199 -- 212.
Rosado, D.G., G'Omez, R., Mellado, D., Fern' & Ez-Medina, E. (2012). Security analysis in the migration to cloud environments. Future Internet, 4 (2), pp. 469 -- 487.
SO, K. (2011). Cloud computing security issues and challenges. International Journal Of Computer Networks.
Subashini, S. & Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing.Journal Of Network And Computer Applications, 34 (1), pp. 1 -- 11.
Viega, J. (2009). Cloud computing and the common man. Computer, 42 (8), pp. 106 -- 108.
Vijayan, J. (2014). Cloud security concerns are overblown, experts say. [online] Retrieved from: http://www.computerworld.com/s/article/9246632/Cloud_security_concerns_are_overblown_experts_say [Accessed: 24 Mar 2014].
Zissis, D. & Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation Computer Systems, 28 (3), pp. 583 -- 592.
Cloud computing is an on-demand service model for the provision of information technology. This model is based on virtualization and distribution of computing technologies. The architecture present in cloud computing have highly abstracted resources, near instant scalability and flexibility and quite quick provisioning.
History of Cloud Computing
The concept of Cloud Computing has been evolving for about 40 years now. In the 1960s, J.C.R Licklider introduced the term and incorporated this entire concept into the world of information technology. The term "cloud" however came from the telecommunication companies in the 1990s (Kaufman, 2009) This was when the providers were being introduced to the idea of virtual private networks for data communication. Salesforce.com was introduced as one of the first practical implantation of cloud computing the year 1999. They introduced the world to the idea of delivering their products and their services through Web site. Three years later, Amazon Web services launched their own suite of cloud-based services.
For a long time the internet has been shown as a cloud symbol but it was in 2008 that many services came into being that allowed computing resources to be accessed over the internet. Cloud computing encompasses a plethora of activities including the use of social networking sites and other methods of interpersonal computing. The phenomenon is linked to the online access of data storage, online software applications and processing. In simple terms, this way is now use to increase capacity and to add on capabilities without investing in new infrastructure, licensing new software and training new personnel.
In the last few years, this industry has become an every promising concept of the entire information technology industry. Nonetheless, as more and more information about companies and individuals is added in the cloud, safety and security concerns are beginning to grow. Regardless, cloud computing has been termed as the revolution that will define the second decade of the 21st century (Jamil & Zaki, 2011) People are stating that it is allowing democratization of computing, virtualization, scalability and commoditization of infrastructure.
In order to be more informed about the risks of cloud computing, one should be aware of the three categories of cloud computing that are present. The risks and safety hazards vary with the sort of cloud computing that is concerned.
Software as service (Saas): This software is given by a third party provider and is available through the internet. Some examples of it include online word processing and spreadsheet tools. When it comes to Saas, the application security is a very crucial concern. These applications are delivered through a Web browser (Rittinghouse & Ransome, 2009, 22) Nonetheless, when there are flaws present in the web applications, there can be certain vulnerabilities for the SAAS applications. Owens (2010) stated that attackers have used the web to compromise the user's computer and then go on to steal important data. The traditional security solutions that are present do not necessarily protect from attacks therefore new approaches are really needed. Another major security concern is that the Saas users have to rely on their providers for proper security (Subhashini & Kavita, 2011;Viega, 2009) The idea of data backup is a very important when it comes to facilitating recovery however that also means that when a person wishes to delete information from cloud, it will not really be deleted.
Platform as service (Paas): This sort of cloud computing service allows customers to create new applications using APIs deployed and configurable remotely. Examples of these are Microsoft Azure, Force and Google App Engine. Paas does not only offer traditional programming languages, but it also offers third party web services (Mather et.al, 2009; Keene, 2009) The entire idea of a third party raises security concerns as well. For instance, your cloud has the ability to pass on or subcontract your account to third party. Therefore, the Paas users have to rely on web hosted development tools and the third party services.
It should also be noted that in Paas, the developers do not have the access to the underlying layers. Due to this reason, the providers are responsible for securing the application services and the underlying layers as well. Even when the developers are sure about the security of their applications, they are not sure whether the environmental tools given by the Paas are secure or not.
Infrastructure as service (IAAS): This provides virtual machines and other operating systems that may be controlled through service API. Examples include EC2 and S3 (Brodkin, 2008) This system goes on to provide a wide array of storage, networks, servers and other resources that can be accessed through the internet. The users can therefore run any software depending on the resources that have been given to them. Where virtualization allows the users to create, copy and roll back virtual machines, it also provides new opportunities for attacks because of that extra layer that must be made safe (Owens, 2010) Therefore, virtual machine security is as relevant because any flaw in the virtual machine can affect the physical machine as well. Again, virtualization makes security all the more complex and an create more interconnection complexity. These machines therefore have both a physical and a virtual boundary.
Virtual machines (VM) that are located on the same server can share CPU and memory. Therefore, sharing of resources can go on to decrease the level of security amongst these virtual machines. For instance, a malicious VM can take some details about the others through shared resources. In this instance, there will not be any need of compromising or destroying any Virtual Machine Monitor.
Kuyoro et.al (2011) concluded that security has become one of the most important reasons for hindering cloud-computing acceptance all around the world. Rosado et.al (2012) have stated that hackers use the cloud to organize botnet. Cloud therefore provides a more reliable infrastructure for them to start an attack. The attack can be carried out more easy and in a cheaper way as well.
Trust is also another important aspect when it comes to cloud computing security. The idea of trust in an organization can be stated as the customer's certainty that the organization is capable of providing required services accurately and infallibly.…