CLOUD COMPUTING SECURITY ISSUES, CHALLENGES AND SOLUTION
THREATS IN CLOUD COMPUTING
Threats Cloud computing faces just as much security threats that are currently found in the existing computing platforms, networks, intranets, internets in enterprises. These threats, risk vulnerabilities come in various forms.
The Cloud Security Alliance (Cloud Computing Alliance, 2010) did a research on the threats facing cloud computing and it identified the flowing major threats:
- Failures in Provider Security
- Attacks by Other Customers
- Availability and Reliability Issues
- Legal and Regulatory Issues
- Perimeter Security Model Broken
- Integrating Provider and Customer Security Systems
- Abuse and Nefarious Use of Cloud Computing
- Insecure Application Programming Interfaces
- Malicious Insiders
- Shared Technology Vulnerabilities
- Data Loss/Leakage
- Account, Service & Traffic Hijacking
- Unknown Risk Profile
CLOUD COMPUTATION IMPLEMENTATION GUIDELINES
Steps to Cloud Security
Edwards (2009) stated that with the security risk and vulnerability in the enterprise cloud computing that is being discovered enterprises that want to proceed with cloud computing should, use the following steps to verify and understand cloud security provided by a cloud provider:
- Understand the cloud by realizing how the cloud’s uniquely loose structure affects the security of data sent to it. This can be done by having an in-depth understanding of how cloud computing transmits and handles data.
- Demand Transparency by making sure that the cloud provider can supply detailed information on its security architecture and is willing to accept regular security audit. The regular security audit should be from an independent body or federal agency.
- Reinforce Internal Security by making sure that the cloud provider’s internal security technologies and practices including firewalls and user access controls are very strong and can mesh very well with the cloud security measures
Consider the Legal Implications by knowing how the laws and regulations will affect what you send into the cloud.
- Pay attention by constantly monitoring any development or changes in the cloud technologies and practices that may impact your data’s security.
Information Security Principles C I A (Confidentiality, Integrity, Availability)
- Confidentiality Prevent unauthorized disclosure
- Integrity Preserve information integrity
- Availability Ensure information is available when needed
Identify Assets & Principles
- Customer Data Confidentiality, integrity, and availability.
- Customer Applications Confidentiality, integrity, and availability.
- Client Computing Devices Confidentiality, integrity, and availability.
ISSUES TO CLARIFY BEFORE ADOPTING CLOUD COMPUTING
The world’s leading information technology research and advisory company has identified seven security concerns that an enterprise cloud computing user should address with cloud computing providers (Edwards, 2009) before adopting:
- User Access. Ask providers for specific information on the hiring and oversight of privileged administrators and the controls over their access to information. Major Companies should demand and enforce their own hiring criteria for personnel that will Operate heir cloud computing environments.
- Regulatory Compliance. Make sure your provider is willing to submit to external Audits and security certifications.
- Data location. Enterprises should require that the cloud computing provider store and process data in specific jurisdictions and should obey the privacy rules of those Jurisdictions.
- Data Segregation. Find out what is done to segregate your data, and ask for proof that encryption schemes are deployed and are effective.
- Disaster Recovery Verification. Know what will happen if disaster strikes by asking whether your provider will be able to completely restore your data and service, and find out how long it will take.
- Disaster Recovery. Ask the provider for a contractual commitment to support specific types of investigations, such as the research involved in the discovery phase of a lawsuit, and verify that the provider has successfully supported such activities in the past. Without evidence, don’t assume that it can do so.
- Long-term Viability. Ask prospective providers how you would get your data back if they were to fail or be acquired, and find out if the data would be in a format that you could easily import into a replacement application.
SOLUTION OF SECURITY ISSUES
- Find Key Cloud Provider First solution is of finding the right cloud provider. Different vendors have different cloud IT security and data management. A cloud vendor should be well established, have experience, standards, and regulation. So there is not any chance of cloud vendor closing.
- Clear Contract Contract with cloud vendor should be clear. So if cloud vendor closes before the contract, the enterprise can claim.
- Recovery Facilities Cloud vendors should provide very good recovery facilities. So, if data are fragmented or lost due to certain issues, they can be recovered and continuity of data can be managed.
- Better Enterprise Infrastructure Enterprise must have an infrastructure which facilitates installation and configuration of hardware components such as firewalls, routers, servers, proxy servers and software such as operating system, thin clients, etc. Also, should have an infrastructure which prevents from cyber-attacks.
- Use of Data Encryption for security purpose Developers should develop the application which provides encrypted data for the security. So additional security from enterprise is not required and all security burdens are placed on cloud vendor.