Security Issues and Challenges in Cloud Computing

 

Amrita Sharma Rathod¹*, Anil Kumar Tiwari²

¹Department of Computer Science, Disha College, Raipur.

²Department of Computer Science, Disha College, Raipur.

 

ABSTRACT:

Cloud computing is a transpiring way of computing in computer science. Cloud computing is a technology that uses a network of remote servers hosted on internet to store, manage and process data on demand and pay as per use. It provides access to shared resources. As cloud computing do not acquire the things physically, it saves managing cost and time for the organizations. Today it is used in both industrial field and academic field. Cloud facilitates its users through virtual resources via internet. There are some security issues while using services over the cloud. As users of cloud save their data in the cloud hence the lack of security in cloud can lose the user’s trust. In this paper, we presents a review on the cloud computing concepts as well as security issues within the context of cloud computing. This paper also analyses the key research and challenges that are present in cloud computing.

 

I. INTRODUCTION:

The term Cloud belongs to a Network or Internet. We can say that Cloud is something, which is present at remote location. Cloud computing is anything that involves delivering hosted services over the network. The definition of cloud computing provided by National Institute of Standards and Technology (NIST) is that: “Cloud computing is a model for enabling on-demand and convenient network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction”[1]. The cloud works in a distributed computing environment so it shares resources among users and works very fast.

 

Cloud computing have several challenges in the area of Quality of Service (QoS) management. There are three sensitive states that are of particular concern within the operational context of cloud computing:

• Transmission of personal sensitive data to the cloud server.

• Transmission of data from the cloud server to clients' computers.

• Storage of clients’ personal data in cloud servers (remote servers) not owned by the clients.

 

II. CLOUD ARCHITECTURE:

A.     Service Model:

Cloud computing offers the following three types of services:

·       Software as a Service (SaaS)

·       Platform as a Service (PaaS)

·       Infrastructure as a Service (IaaS)

 

Software as a Service (SaaS):

It is also called cloud application service where applications run directly through the web browser. It allows using software applications as services to its end users. Example: Google Apps, Hubspot, Cisco WebEx.

Platform as a Service (PaaS):

It is also called cloud platform service. It provides web-based tools to develop applications using SaaS. Example: Windows Azure, OpenShift.

 

Infrastructure as a Service (IaaS):

It is also called cloud infrastructure services. It provides services to the companies. There is no need to purchase or manage physical data center equipments (Server, storage, networking etc.). Example: Amazon Web Service (AWS) EC2, Google Compute Engine (GCE).

 

Figure 1. Cloud Computing Architecture

 

B.     Deployment Model:

There are four main deployment models and are described below:

·       Public Cloud Model

·       Private Cloud Model

·       Hybrid Cloud Model

·       Community Cloud Model

 

Public Cloud Model:

In public cloud model systems and services are easily accessible to general public. It delivers its services through internet.

Private Cloud Model:

In private cloud model systems and services are accessible within an organization. It may be managed internally by the organization itself or by third party.

Hybrid Cloud Model:

Hybrid cloud model is combination of both public cloud model and private cloud model.

Community Cloud Model:

In community cloud model systems and services are accessible by a group of several organizations to share the information between the organization and a specific community.

 

C.     Security Issues and Challenges:

There are so many issues in cloud computing as it uses many technologies which includes networks, databases, operating systems, virtualization, resource scheduling, transaction management, concurrency control and memory management. According to the IDC’s survey on the cloud services, security concerns are number one issue facing cloud computing [3] [4]. Following are the various security issues in cloud computing environment.

 

Figure 2. Analysis of major issues of cloud computing

 

1) Multi-tenancy:

A cloud model is built for reasons like sharing of resources, memory, storage and shared computing [2]. Multi-tenancy refers to the mode of operation where multiple independent instances of one or multiple applications operate in a shared environment. Multi-tenancy introduces unique security risks to cloud computing as a result of more than one tenant utilizing the same physical computer hardware.

 

2) Data Integrity:

Integrity provides guarantee that data can only be accessed or modified by only authorized person. Data Integrity is very important among the other cloud security challenges. Sometimes the user’s data may be altered or deleted. Sometimes, the cloud service providers may be dishonest and they may discard the data which has not been accessed or rarely accessed to save the storage space or keep fewer replicas than promised [5].

 

3) Data Loss:

There are a variety of ways to lose data in the cloud. Like sometimes technology fails, computers freeze and backup copies are lost. Or sometimes, servers crash and the information contained within is lost.

 

4) Cloud Storage Security:

In every kind of technologies even virtual or physical, it contains inherent risks when using file-sharing applications and cloud storage. Customer store their data in the cloud have no longer owns the data because it will transfer through the third party that means the privacy setting of data is beyond the control of service provider or enterprises [8]. The security concerns about storage are data leakage, snooping, cloud credentials and key management.

 

5) Malicious Insider:

Today’s most damaging security threats do not originate from malicious outsiders or malware but from trusted insiders with access to sensitive data and systems – both malicious insiders and negligent insiders’’[6]. According to the Gurucul Insider Threat Survey Report 53% of organizations believe detecting insider attacks has become harder since migrating to the cloud.

 

6) Outsider Threat:

Outsider threats are individual or group who seeks access to protected information from outside the organization. Clouds are not like a private network, they have more interfaces than private network. So hackers and attackers have advantage of exploiting the API, weakness and may do a connection breaking [7]. As per the report from Breach Level Index, malicious insiders stole more records than outsiders did.

 

Figure 3. Top Breach Records

 

7) Network Security:

Network has number of security threats to deal with. So to ensure network security few points such as: confidentiality and integrity in the network, proper access control and maintaining security against the external third party threats should be considered. Following are some of the network security issues:

·       DNS Attack

·       SNIFFER Attack

·       Issue of Reused IP Addresses

·       BGP prefix hijacking

·       Man in middle Attack

·       Distributed denial of service attacks

·       Port Scanning

 

8) Account Hijacking:

According to CSA, account hijacking comes under the top nine threats in cloud computing security. If an attacker gains access to your credentials, he or she can eavesdrop on your activities and transactions, manipulate data, return falsified information, and redirect your clients to illegitimate sites. Your account or services instances may become a new base for the attacker. From here, they may leverage the power of your reputation to launch subsequent attacks.

 

III. CONCLUSION:

Cloud computing is the emerging technology that brings many benefits to their clients- customers, companies or organizations. Although it has revolutionized the computing world, it is prone to manifold security threats. The biggest security worries with the cloud computing model are multi-tenancy and insider attack. Organization such as Cloud Security Alliance (CSA) and NIST are working on cloud computing security.

 

IV. REFERENCES:

1.      Satyendra singh rawat & Mr. Alpesh Soni (2012) ,A Survey of Various Techniques to Secure Cloud Storage.

2.      Akhil Behl & Kanika Behl (2012), An Analysis of Cloud Computing Security Issues.

3.      Anthony T.Velte, Toby J.Velte and Robert Elsenpeter 2010. Cloud Computing- A Practical Approach. Publishing of Tata McGRAW Hil.

4.      Nils Gruschka and Meiko Jensen, “Attack Surfaces: A Taxonomy for Attacks on Cloud Services”. IEEE rd International Confrence on Cloud Computing,2010.

5.      Balachandra Reddy Kandukuri, Ramakrishna Paturi V, Dr.AtanuRakshit, "Cloud Security Issues”, in Proceedings IEEE International Conference on Services Computing, September 2009.

6.      https://gurucul.com/2020-insider-threat-survey-report

7.      Akhil Behl (2011), Emerging Security Challenges in Cloud Computing (An insight to Cloud security challenges and their mitigation).

8.      T. C. Nguyen, W. Shen, Z. Luo, Z. Lei, and W. Xu, “Novel data integrity verification schemes in cloud storage,” Comput. Inf. Sci., pp. 115–125,2014

 

Received on 20.05.2020   Accepted on 16.06.2020               ©A&V Publications all right reserved Research J. Engineering and Tech. 2020;11(2):33-36. DOI: 10.5958/2321-581X.2020.00005.7