Security Issues in Cloud Computing

Security Issues in Cloud Computing

The name Cloud computing was coined from the drawings oftentimes employed to illustrate the internet. Cloud computing is an innovative consumption and new delivery approach for IT services. The cloud computing concept illustrate a change in thought, that end users do not need to understand the details of a particular technology since the provider completely handles it. Users can use the services at the rate established by their specific needs. This service can be given at any time. Because this innovation is becoming more popular, new tools and technologies are now appearing to create, to access, operate and sustain the clouds. These tools should handle a huge number of operations in the cloud transparently sans service interruptions. Cloud computing provides costs efficiency, quicker execution, and more flexibility employing various technologies and related tools that are necessary in attaining this. However, despite the advantages that cloud computing offers it currently facing various issues in relation to its security. What has been lacking to this point however in its evolution first as a computing platform and second as a means to streamline business processes have been ontologies to define system security [4] well defined enough to manage the myriad of threats that have emerged to this computing platform overall [3]. Trust in cloud computing is mixed and there are plenty of skeptical, even cynical Chief Information Officers (CIOs) who refuse to believe in cloud computing and hold tightly to their beliefs in mainframe computing and client/sever architectures. Many technologists and industry pundits call these individual Luddites, meaning they are adverse, even aggressively resistant to change. For these firms just moving to Web Services is an act of perceived extreme risk [1]. Yet despite these slow or non-adopters, cloud computing continues to experience a rapid ascent in terms of its adoption both for private cloud platforms, or those systems entirely enabled behind the firewalls of enterprises to hybrid cloud architectures where a proportion of the cloud is external to the company and the remainder is located behind the firewall [2]. What is needed are ontological approaches to defining the relative level of trust in these systems as predicated on their performance [4]. The intention of this analysis is to first discuss the security issues of cloud computing and provide insights into how these system architectures and applications can be more effectively secured and managed to ensure enterprise security performance. Recommendations are also provided with regard to how cloud computing can be made as secure as possible, ensuring the stability and protection of intellectual property within organizations as well.

Cloud Computing: History, Definition and Other Fundamentals

Computing is now shifting to a new model called cloud computing. This model operates data and computation on centralized servers that have often been optimized for performance and data sharing using virtualization architectures and system platform components. The basis of cloud architectures is predicated on the concepts of single- and multi-tenancy. The economics of cloud computing favor multi-tenancy from a cloud service provider standpoint as it allows for a single edition of the application to serve multiple enterprises or organization customers at the same time [3]. The concept of single tenancy is predicated on having a single instance of an application running on a dedicated server partition, with no other application or virtual machine competing for resources [3]. The more confidential the data being shared the more organizations rely on single tenancy as a requirement for security. This is one instance where the economics of cloud computing are overruled by the security considerations, a common occurrence in the cloud computing industry today albeit one not discussed by the analysts covering this area.

During past years, cloud computing has acquired considerable attention of various stakeholders from Computer Science and IT sectors as well as academicians, business enterprises and institutions of all sizes and so forth. Selected vendors and analysis considers cloud computing as the most recent kind of utility computing with unlimited virtual servers across the net. Because of realization of IT needs and services it can provide, cloud computing is now being recognized as a virtual infrastructure with boosting space and capability on the "cloud" that involves minimal costs for utilizing capacity, training new talent or licensing new software. Trust in cloud computing is still nascent however with many enterprises experimenting with this platform and researchers calling for more robust ontologies [4] and measures of trust [3]. Despite these concerns however the world's largest companies still actively promote and routinely hype the value of cloud computing without mentioning the myriad of risk associated with this platform, despite its continual maturation from a security and stability standpoint [2].

An example of this is type of hype is when Microsoft's Steve Balmer described cloud computing as the next frontier and Dr. Ajei Gopal verified that the cloud is there to alter everything. Joe Tucci, the CEO of EMCCorp described the impact of cloud computing as "We're now going through what I believe is pretty much going to be the biggest wave in the history of information technology." These claims of corporate executives must be balanced against reality and the fact that these platforms require a continual focus on quantifying and validating trust on the one hand [1] and designing the systems to ensure a higher level of content agility and flexibility on the other [5]. The National Institute of Standards and Technology (NIST) defined cloud computing as a model for allowing "convenient on-demand network access to a shared collection of customizable resources such as services, storage, applications, networks and servers that can be quickly provided and issued with minimal management effort or interaction with service provider.

Cloud computing history began in the nineties through the development of World Wide Web. Using the Mosaic browser, internet-based computing started. Using a business perspective, it provided virtual shopping experience and chain integration. The aspect of e-business obtained a foothold in almost any company. As a significant side-effect, users became used to this leading-edge technology whilst seeking for information, performing online shopping, chatting with family and family, watching movies online or handling bank accounts. The following generation of cloud services was inspired by consumer experiences, accessible 24/7, an intuitive user interface that does not need training and comprehensive self-services from opening a new back account to purchasing holiday packages. Technology changed to produce a comprehensive interactive web interfaces and service-to-service interaction. It also went far beyond business applications and this includes social networks and collaboration tools. This clearly changed the way business people acquire and share information while some companies including Amazon and Google took advantage of such trends through offering their storage and computing capacity to consumers and business users.

As of today, the attention surrounding cloud services in the company focuses on these forms of techniques and sourcing alternatives for IT capabilities -- IT as a service. Through the use of standardized, highly virtualized infrastructure and applications, this new strategy can encourage higher degrees of consolidation which reduce costs.