Introduction In 2008, Cloud computing was being touted as the next big thing in computing (Bajarin, 2008); just 6 years later in 2014, a Eurostat news release claimed that Cloud computing services are used by one out of every five enterprises in the European Union (Bourgeais, 2014), which indicates a subtle but not overwhelming rate of adoption. According to a study by the Cloud Industry Forum, 82% of business owners’ main concern they have when making a decision to migrate to cloud-based services is data security; with 69% also stating that data privacy is another concern of theirs (Cloud Industry Forum, 2013). The aforementioned statistics straightaway show where the concerns lie when it comes to users migrating over to the cloud, …show more content…
The companies aforementioned would not be willing to risk their reputation by encouraging users to adopt a system that is not secure. The reason for the author selecting to look at literature regarding cloud security within this review is because of how it ties in with a Computing Science degree currently being worked towards at Staffordshire University. One of the modules being studied involves the creation of a database system, with the client formally requesting a cloud-based data centre as part of their system. Therefore, it would interesting to take an in-depth look at the security concerns surrounding what is a technology that is still within its infancy stage. Discussion In 2014 the cloud has been the subject of much scrutiny, especially after an incident in September where over 100 celebrities had personal photographs leaked onto the Internet after their Apple iCloud storage had been hacked. According to an article by the Guardian, the theory is that the leaked pictures had been “accumulated by a hacker over a period of time” (Arthur, 2014), meaning that someone had managed to hack into at least 100 iCloud account over a large period of time, whilst remaining undetected. The evidence suggesting that the hackers were able to hack into multiple accounts over a large period of time exposes a significant vulnerability in Apple’s iCloud service, although it is not known whether this weakness is
Organizations use the Cloud in a variety of different service models (SaaS, PaaS, IaaS) and deployment models (Private, Public, Hybrid). There are a number of security issues/concerns associated with cloud computing but these issues fall into two broad categories: Security issues faced by cloud providers (organizations providing software-, platform-, or infrastructure-as-a-service via the cloud) and security issues faced by their customers.In most cases, the provider must ensure that their infrastructure is secure and that their clients’ data and applications are protected while the customer must ensure that the provider has taken the proper security measures to protect their information.
Public cloud providers will often have more responsibility for enhancing the security of the data and applications. Within the financial industry data breaches, application vulnerabilities, and availability are all important issues that can lead to legal liabilities.
According to Lawrence Shawa, "a number of organizations I have spoken to have expressed concern about how secure their data is that is hosted in the cloud. There is sense of control that is taken from them making the organizations feel vulnerable" (Collection 2:1) Companies naturally feel a strong sense of obligation to protect their customers. Additionally, they may lose business if they have a reputation for compromising customer security.
1. Are the security arrangements for data and applications stored in the cloud the responsibility of the user or the vendor?
The economic case for cloud computing is compelling and at the same time there are striking challenges in its security. The concepts of cloud computing security issues are fundamentally new and intractable. What appears new is only relative to traditional computing that has been practiced since several years. Many such security problems have been giving attention since the time-sharing era. Cloud computing providers have and can build datacenters as large due to their expertise in organizing and provisioning computational resources at
security of the cloud computing system. As stated in Gwu.edu. (2010), “We must be able to
The economic case for cloud computing is compelling and at the same time there are striking challenges in its security. The concepts of cloud computing security issues are fundamentally new and intractable. What appears new is only relative to traditional computing that has been practiced since several years. Many such security problems have been giving attention since the time-sharing era. Cloud computing providers have and can build datacenters as large due to their expertise in organizing and provisioning computational resources at as low cost as possible.
The high regard to cloud computing is on the rise due to its ability to improve flexibility, expand access to data, and lower costs. Cloud computing release organizations from being required to have their hardware and software infrastructure from being acquired and maintained (Holt, Niebuhr, Aichberger, & Rosiello, 2011). On the other hand, while there is much noise being made about the benefits of cloud computing, questions have been brought up with respect to whether cloud computing is safe especially when it comes to its privacy, security, and reliability. The purpose of this paper is to discuss the different general controls and audit approaches for software and architecture, cloud computing, service-oriented architecture, and virtualization. This paper gives a summary analysis of the recent research that is available. Additionally, risks and vulnerabilities associated with public clouds, private clouds, and hybrids have also been researched. Within the research conducted, there are important examples provided. Recommendations are shown on how organizations could implement and mitigate these risks and vulnerabilities. This paper even outlines a list of IT audit tasks that focuses on a cloud computing environment due to the results of the analysis, the risks and vulnerabilities, and the mitigation controls.
Qasim et al., (2014) the authors of the article “Cloud Computing Risks & Business Adoption” researched cloud computing and adoption. The authors discussed the lurking dangers hiding in cloud computing against businesses. The articles talks about the benefits and the risks that exist and the fact the new technology has the ability to force change on how things are done in the business environment (Qasim et al., 2014). The authors confirmed businesses should not easily rush to trust cloud computing with critical data (Qasim et al., 2014).
The risk of cloud computing could be the security of the information being stored by a large company like Amazon. It is still unclear how safe out-sourced data is and when using these services ownership of data is not always clear. In a study done in 2009, a team of computer scientists from the University of California, San Diego and Massachusetts Institute of Technology examined the widely-used Amazon EC2 services. They found that ‘it is possible to map the internal cloud infrastructure, identify where a particular target VM is likely to reside, and then instantiate new VMs until one is placed co-resident with the target’ (Ristenpart et al. 2009: 199). This demonstrated that the research team was able to load their eavesdropping software onto the same servers hosting targeted websites (Hardesty 2009). By identifying the target VMs, attackers can potentially monitor the cache (a small allotment of high-speed memory used to store frequently-used information) in order to steal data hosted on the same physical machine (Hardesty 2009). Such an attack is also known as side-channel attack. The findings of this research may
People are utilizing cloud computing without having knowledge of it. Cloud computing is getting sophisticated with each passing day. Cloud computing is described by various organizations and IT professionals in different words. According to Almadallah,M, (2014, p.1) there is a fundamental program over the Internet, which is easily accessible to everyone, and gives an approach to users to progressing data, using services, running applications and updating software whenever and wherever they need.. This is known as “cloud computing.” Data with range and trustworthiness is being delivered over the Internet by cloud computing. According to Rajaraman,v(2014, p.242).People usecloud services as operating systems that run on personal computer and administered by special software. For example, Gmail, Yahoo mail, and Hotmail are provided by Google, yahoo and Microsoft and are used to send e-mail.
“The cloud” is a phrase which is heard often, but also frequently misunderstood. Nowadays, when you hear it, it is probably not referring to the puffy white things floating in the sky, but it is more likely referring to a new computer technology. Most people do realize it is a technical expression, but cannot actually define it. Essentially, it is huge data centers housing hundreds of servers which hold considerable amounts of data. There are a number of corporations delivering cloud services, and the major players include Amazon, Google, Microsoft and Apple, to name a few. They provide individuals, small businesses and major corporations the opportunity to save costs on technology by storing data on their servers, which must then be accessed through the internet. So, with the rapid growth of cloud computing, more and more information is being stored on the internet. While the cloud does have many benefits such as low technology costs, more accessibility and highly trained IT professionals monitoring security, the data stored in the cloud is still at risk due to imminent privacy and security breaches such as government snooping as well as hacker theft and manipulation.
Cloud technology innovation is emerging as one of the most popular issue for most IT practitioners and cloud computing is thought of as the future trend of development of the IT industry. According to Stanoevska (2010), enterprises should have an IT infrastructure that can reform itself rapidly to new business priorities. Cloud computing technologies, such as Cloud mail, Cloud platform and Cloud software services, provide an efficient work platform for enterprises. At the same time, Carling (2011) puts forward potential problematic issues in terms of the security of cloud computing. The future of enterprise cloud computing becomes increasingly controversial. Nevertheless, enterprises should base their future framework for Information and
companies are placed in the cloud, concerns are beginning to grow about just how safe an
These days, I've got my head in the clouds, quite literally. No, I haven't applied to the wrong academic department. As much as I appreciate the study of meteorology, my clouds are more solid, more concrete. They also have as much of an impact on our daily lives as the clouds that hang over our heads during the day. As a hobby and in fulfillment of my undergraduate studies, I've started to pick apart the architecture of cloud-based computing. Cloud-based computing is the prevailing trend in computer networking, according to Vertical Systems Reseller writer Julie Ritzer Ross (2011). Most enterprises and many individuals are starting to rethink the way they use computer systems. Networking is the fundamental need for consumers and businesses alike. But while clouds seem simple from a network architecture standpoint, they most certainly present challenges the likes of which thrill me to be able to tackle. In particular, I see a pressing need for network security. While information system management and information security specialists will develop the protocols that will promote enhanced data assurance, it comes down to sensible practical engineering to deliver the goods. I am passionate about helping people work better with technology because I have seen the ways technology transforms lives, in my own community.