As a technology which is still in its infancy stages, cloud computing has a range of challenges which predisposes it to many security threats. For one, many of the business policies and standards used today cannot be applied to cloud computing due to the risk involved such as data breaches (Kazim & Zhu, 2015). Now, when critically analysed all security threats faced by cloud computing can be broadly categorised into two; one, security threats faced by services providers and two, security threats faced by customers. When it comes to the service provider, their development systems must be secure to ensure the data owned by the handles is secure. On the other hand, the customers must ensure they take the necessary precautions to avoid data intersection between them and the service provider.
Cloud computing may offer many conveniences however, its existing storage and access vulnerabilities expose it to the acts of cybercrime that are common today. Malicious individuals (hackers) have a variety of techniques of attacking and gaining access to cloud systems which they disrupt to acquire resources illegally (Munir & Palaniappan, 2012).For instance, they will trick service providers to being customers and gain access to resources. In 2012, hackers were responsible for more than a 1000 data breaches on the cloud computing platform which at the time only covered a nine-month analysis by DataLossDB (2012). Now, to sort these problems the industry’s stakeholders must address the issues across all platforms which are yet to happen, a major setback outlined by this report.
A solution or model that offers convenient and on-demand services that are shared in a networked as well as a configurable computing architecture (Chou, 2013). In essence, cloud computing provides ubiquitous services that can be rapidly provisioned to customers at minimal managerial efforts. Cloud solutions follow a pay as you go outline where a customer subscribes to one of the three service models i.e. application (SaaS), Infrastructure (IaaS) and Platform (PaaS). These service models will follow a bottom-up system where at the bottom IaaS computing resources such as storage and powerful CPU consumptions are given. Whereas, at the top are the delivery environments where software resources are outsourced to customers through the internet (Munir & Palaniappan, 2012). Moreover, at the intermediary level lies a development environment that allows customers to develop applications i.e. PaaS.
Justification of Problem
When offering cloud solutions to customers, cloud service providers will give users the illusion of unlimited resources where using their credit cards all organisations can access the said resources. In some instances, these customers are even offered free trial accounts which predispose the infrastructure to vulnerabilities if the user has the right expertise (CSA, 2010).Secondly, user’s access the said resources using pre-installed APIs which means the security of the entire system depends on the encryption used on the user interfaces, a vulnerability on behalf of the customers. Finally, we have data leakage or losses as a result of the compromised system either due to negligence (zero backups) or due to hacking as a result of the overwhelmingly shared resources. In all, many threats face cloud computing more so, due to the interactions that are seen between deployment challenges and the security risks involved. Furthermore, these threats are either unique to the service or aggravated due to its service design (Ma, 2017).
- What are the design structures that exposes cloud computing to the security threats identified above?
- What are the major security threats in cloud computing?
- What security measures or control techniques are being used to prevent the said security threats?
- Finally, in the future, how can we handle cloud computing security threats?
Scope of Engagement
Three issues or security threats are highlighted in this section; data threats, network threats and the environmental (API) threats. These issues have been chosen as they are yet to be solved or adequately addressed by the industry. Moreover, in instances where they are addressed, they face extended challenges due to the nature of the technology.
Data is an important asset of any organizations which has led businesses to invest in technologies that offer better solutions to its access and storage. Now cloud computing does offer good solutions however based on its life cycle data may be lost. For one, consider the fact that customers usually do not know where their data is stored nor the network used to transfer it (Kajiyama, 2012). Therefore, by default, these users are forced to depend on the service provider to offer secure platforms in which they integrate their resources. However, threats such as data breaches where unauthorised user access data affect this objective. Data breaches occur due to the flaws of the infrastructure including development designs and operational inefficiencies. In essence, these threats expose systems to attackers who are the biggest proponents of data losses in cloud computing.
Networks are used to collaborate the user resources with those of the service providers and inefficiency on their design will affect the security of the overall system. At the helm of these threats are hijacking incidences such as denial of service (DOS) where attackers jam the connections involved by sending many requests to the service providers. These attacks are carried out to prevent the legitimate users from accessing their leased resources which compromise their functionalities (Maddineni & Ragi, 2012). According to DataLossDB, cases of DOS among cloud user have increased in the last five years and 81 percent of consumer’s outline them as a major threat facing their resources.
Service providers are responsible for the majority of the threats facing cloud computing, this because they offer insufficient services while attempting to use less operational resources in order to earn more revenues. These operational outcomes outline the threats seen in cloud environments where insecure APIs (user interfaces) caused by poor operational standards are experienced (Akana, 2015). In most cases, users are normally offered insufficient protocols to access services via the internet which usually grants access to third party members who thoroughly exploits the vulnerabilities. Furthermore, due diligence is never followed by service providers who again will offer many shared resources to many customers without upgrading their infrastructures. This outcome strains the services and exposes it to many security threats including data losses and leakage.
Preventative Measure and Solutions
Now based on the threats identified above, several measures have been proposed to prevent them including access control and management tools. One such measure is encryption of the data before transmission and storage. This preventative measure will require the parties involved to use strong management algorithms that protect data using strong access keys (Chao, 2014). Moreover, to avoid congestion of resources the service providers should isolate the services they offer by using segregated virtual machines (VMs). These VMs will spilt resources based on the number of users and also the functionalities. Moreover, this isolation will also serve as an accountability measure where security problems will be easily identified and solved.
In addition to this, data can be protected in the cloud systems by using scalable resources where adjustable and fine-grained structure are used to offer access control. This method ensures access procedures are outlined based on the data properties. Furthermore, because of the large number of service consumers, the computation and allocation of resources can be done by independent parties based on the resources available. This procedure can be done using intelligent systems that integrate smart tools with service delivery. Nevertheless, even at this stage, the concepts of encryption will have to be used to verify the identities of the parties involved i.e. service provider, end user and resource allocators (Vinothina, Sridaran & Ganapathi, 2012).
Data loss is inevitable and will always occur despite the procedures used, more so, in a cloud environment where data seems to exchange hands with many participating systems. Redundancy is the only solution to the problem where several back-ups of the same data are made while maintaining the same security measures outlined above. Furthermore, back-ups also serve as a preventative measure in case one data element is compromised (Cole, 2017). Also, so note that back-ups in this scenario outline extra resources including bandwidth that can be used in case of a DOS attack. Therefore, the service providers should have adequate DLPs (data loss prevention techniques) which should outline known procedures for recovering from disasters such as data losses and breaches.
Summary (Impact in real life)
There is little doubt on the profound benefits of cloud computing however, the risks and security threats involved have had substantial effects on its application in real life.
- It has lowered its application more so, with clients who handle sensitive data such as financial institution.
- Secondly, it has lowered the application of some of the models e.g. PaaS which still remains to be fully integrated into real life applications.
- Moreover, the security threats involved have raised the overall cost of implementation where extra resources are needed to safeguard the data used.
- Finally, the threats involved have lowered the trust among users who still fail to fully integrate it into their normal day activities especially for sensitive data storage (Rashid, 2016).
Cloud computing faces many challenges from data leakage to inherent comprise from malicious individuals, however, its evolution outlines its potential. Furthermore, its advantages by far supersede the setbacks where operational efficiencies and optimisation of resources are observed. These benefits are key to the survival of businesses as they offer an edge which has continuously facilitated its implementation and maturity over time. Now, to overcome these challenges the stakeholders involved should invest in its advancement where researchers should sort out better ways of protecting the resources involved. Moreover, the industry including subscribers and service providers should be involved in this endeavour in order to meet their needs. Consider the preventative solutions highlighted in this report, their effectiveness will depend on the user’s ability to integrate them into their daily operations. The service providers may have the best encryption mechanisms only to be failed by users with poor authentication procedures. Nevertheless, these problems will be slowly eliminated with the advancement of the technology a fact proved by its current application.
Akana. (2015). API security: a guide to securing your digital channels. Retrieved 15 May, 2017, from: https://resource.akana.com/resource.php/API_Security_A_Guide_to_securing_your_digital_channels.pdf?fid=562&pid=18
Chao. J. (2014). Cloud Computing Demands Cloud Data Encryption. Enterprise networking planet. Retrieved 15 May, 2017, from: https://www.enterprisenetworkingplanet.com/netsecur/cloud-computing-demands-cloud-data-encryption.html
Chou. T. (2013). Security threats on cloud computing vulnerabilities. International Journal of Computer Science & Information Technology (IJCSIT), 5(3). Retrieved 15 May, 2017, from: https://airccse.org/journal/jcsit/5313ijcsit06.pdf
CSA. (2010). Top threats to cloud computing V10. Retrieved 15 May, 2017, from: https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf
Cole. (2017). cloud computing security. Tech target. Retrieved 15 May, 2017, from: https://searchcompliance.techtarget.com/definition/cloud-computing-security
Kajiyama. T. (2012). Cloud computing security: how risks and threats are affecting cloud adoption decisions. Master of business administration. Retrieved 15 May, 2017, from: https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.465.9097&rep=rep1&type=pdf
Kazim. M & Zhu. S. (2015). A survey on top security threats in cloud computing. International Journal of Advanced Computer Science and Applications, 6(3). Retrieved 15 May, 2017, from: https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.695.6079&rep=rep1&type=pdf
Ma. J. (2017). Top 10 Security Concerns for Cloud-Based Services. Retrieved 15 May, 2017, from: https://www.incapsula.com/blog/top-10-cloud-security-concerns.html
Maddineni. V & Ragi. S. (2011). Security techniques for protecting data in cloud computing. Master thesis electrical engineering. Retrieved 15 May, 2017, from: https://www.diva-portal.org/smash/get/diva2:830736/FULLTEXT01.pdf
Munir. K & Palaniappan. S. (2012). Security Threats/Attacks Present in Cloud Environment. International Journal of Computer Science and Network Security 12(12). Retrieved 15 May, 2017, from: https://paper.ijcsns.org/07_book/201212/20121217.pdf
Rashid. F. (2016). The dirty dozen: 12 cloud security threats. Info world from IDG. Retrieved 15 May, 2017, from: https://www.infoworld.com/article/3041078/security/the-dirty-dozen-12-cloud-security-threats.html
Vinothina. V, Sridaran. R & Ganapathi. P. (2012). A Survey on Resource Allocation Strategies in Cloud Computing. International Journal of Advanced Computer Science and Applications, 3(6). Retrieved 15 May, 2017, from: https://thesai.org/Downloads/Volume3No6/Paper%2016-A%20Survey%20on%20Resource%20Allocation%20Strategies%20in%20Cloud%20Computing.pdf