A Study on Cloud Computing: Challenges & Security Issues
Tagged: Dissertation Writing
Introduction
Cloud computing has emerged as a powerful force in information technology. It is regarded as one of the most essential components for data storage, security, access, and cost-effectiveness. Given the changes in technology, internet usage and the cost of equipment and software have increased dramatically. The cloud computing concept has been effective and achieved a lot of attention in a very short time to reduce the cost of hardware and software by offering services when a customer asks over the internet (Birje, 2017).
Cloud computing is not a new technology but a delivery strategy for information services that use current technologies. It is quite effective in reducing the time spent on IT infrastructure and maintenance. The cloud offers itself as a widespread, dynamically scalable, and on-demand platform that can be acquired on a ‘pay-as-you-go’ basis with no prior subscription or under/over provisioning (Rashid, 2019).
Aims and Objectives
This study explores the security issues and challenges associated with cloud computing and possible ways to address them.
Models and Types of Cloud Computing
Numerous types of services and models make cloud computing realistic and accessible to end users. For the most part, there are two types of distributed computing working models:
- Deployment Models
- This cloud is accessible via the internet to all external clients who can register with the cloud and use cloud resources on a pay-per-use basis.
- This cloud is not as secure as a private cloud. As a result of its openness, it is accessible to all Internet users. It is less customisable than the private cloud.
- Examples of public cloud include Microsoft Azure, email, Google AppEngine and email.
- This cloud is configured specifically for an organisation within its own data centre. The organisations handle all of the cloud resources that they own.
- Compared to an open or hybrid cloud, the private cloud provides higher security. Private cloud resources are less cost-effective than public cloud resources but more productive than open cloud resources. The cloud is managed by an organisation and only serves it; it might reside inside or outside the organisation.
- The private cloud is also known as the internal or corporate cloud.
- A community cloud is a cloud design that allows many organisations to access systems and services to exchange information. The cloud is managed by a few organisations and supports a specific community with a similar interest. A community cloud is more secure than a public cloud. An example of a community cloud is that of the banking sector.
- A hybrid cloud is a system for cloud computing that mixes on-premises data centres (private clouds) with public clouds to share data and applications.
- This usually entails connecting an on-premises data centre to a public cloud. Other private assets, such as edge devices or other cloud services, such as storage, may also be involved in the connection.
- The concept of hybrid cloud computing represents the modern view that IT resources and services are a complex and dynamic mix of hardware, applications, resources, and services rather than a single or omnipresent resource.
- These various assets can be operated from numerous sources and given to a business on demand from many countries.
- Service Models
- IaaS provides customers with on-demand access to cloud-hosted computing infrastructure – servers, storage capacity, and networking resources – that they can create, configure, and utilise in the same manner that they can on-premises hardware.
- Examples of IaaS include Amazon Web Services, Google Cloud, IBM Cloud, and Microsoft Azure.
- PaaS is a cloud-based platform for developing, deploying, and managing applications.
- The cloud services provider hosts, manages, and maintains the platform’s hardware and software, which includes servers (for development, testing, and deployment), operating system (OS) software, storage, networking, databases, middleware, runtimes, frameworks, and development tools, as well as security, operating system and software upgrades, backups, and other services.
- Examples of PaaS include AWS Google App Engine, Elastic Beanstalk, Microsoft Windows Azure, and Red Hat OpenShift on IBM Cloud.
- SaaS (also known as cloud application services) is ready-to-use application software that is maintained in the cloud. Users pay a monthly or annual price to access a full application using a web browser, desktop client, or mobile app. The SaaS vendor hosts and manages the application and all the infrastructure required to deliver it (servers, storage, networking, middleware, application software, data storage).
- Examples of SaaS include Microsoft Office 365 and Google Apps (Malik, 2018).
- Scalability
- Virtualisation
- Response to the data breach
- There are several best practices to avoid data breaches in the cloud. One of the best options is a breach response plan, which helps to trigger a timely notification of data breaches, reducing the amount of harm.
- It includes procedures such as notifying the appropriate agency about the incident. Conducting periodic checks will also provide the security staff authority over the network.
- Data breaches can be averted by categorising data and tracking its travel throughout the organisational network. Always remember to delete all files and folders before revealing a storage device. Review and block downloads that may act as an allegiance to the attackers.
- Finally, always use encryption as your last line of defence against cybercriminals. When all other attempts to protect your data fail, encryption is your organisation’s last line of defence against the hacker’s breach game.
- Establish a layered defence mechanism
- Always make sure to limit the IP addresses that can access the program. Threats such as account hijacking can be reduced in this manner.
- There are several solutions that allow users to set acceptable IP ranges, allowing them to access the program exclusively over specified networks and VPNs. It is also advised that businesses implement a protocol that stops employees from exchanging account credentials with other employees and services.
- A robust multifactor authentication process should be implemented, which requires users to input dynamic one-time passwords provided to them by SMS, token generators, biometrics, or any other secure scheme. Though all these solutions mitigate risks, encryption is the most effective method for preventing hijacking attacks.
- Before transmitting data to the cloud, ensure that it is encrypted; this secures the data even if a breach happens. To maintain the best possible security, keep the encrypted key apart from the encrypted data.
- Using the cloud begins with addressing the security risks that come with it. This leads to the process of pursuing a multi-layered security approach that constantly secures your data (Tabrizchi, 2020).
- Birje, M. N., Challagidad, P. S., Goudar, R. H., & Tapale, M. T. (2017). Cloud computing review: concepts, technology, challenges and security. International Journal of Cloud Computing, 6(1), 32-57. https://doi.org/10.1504/IJCC.2017.083905
- Rashid, A., & Chaturvedi, A. (2019). Cloud computing characteristics and services: a brief review. International Journal of Computer Sciences and Engineering, 7(2), 421-426. https://doi.org/10.26438/ijcse/v7i2.421426
- Malik, M. I., Wani, S. H., & Rashid, A. (2018). Cloud computing-technologies. International Journal of Advanced Research in Computer Science, 9(2), 379–384. https://doi.org/10.26483/ijarcs.v9i2.5760
- Puthal, B. P. S. Sahoo, S. Mishra and S. Swain, “Cloud Computing Features, Issues, and Challenges: A Big Picture,” 2015 International Conference on Computational Intelligence and Networks, Odisha, India, 2015, pp. 116-123. https://doi.org/10.1109/CINE.2015.31
- Ravi Kumar, P. Herbert Raj, P. Jelciana, Exploring Data Security Issues and Solutions in Cloud Computing, Procedia Computer Science, Volume 125,2018,691-697. https://doi.org/10.1016/j.procs.2017.12.089
- Charanya and M. Aramudhan, “Survey on access control issues in cloud computing,” 2016 International Conference on Emerging Trends in Engineering, Technology and Science (ICETETS), Pudukkottai, India, 2016, pp. 1-4. https://doi.org/10.1109/ICETETS.2016.7603014
- Ashish Singh, Kakali Chatterjee, Cloud security issues and challenges: A survey, Journal of Network and Computer Applications, Volume 79,2017, Pages 88-115. https://doi.org/10.1016/j.jnca.2016.11.027
- Tabrizchi, H., Kuchaki Rafsanjani, M. A survey on security challenges in cloud computing: issues, threats, and solutions. J Supercomput 76, 9493–9532 (2020). https://doi.org/10.1007/s11227-020-03213-1
Deployment models define the type of access to the cloud environment, i.e., how the cloud is noticed. There are four types of cloud computing based on accessibility.
A. Public cloud
B. Private cloud
C. Community cloud
D. Hybrid cloud
A cloud can communicate with a customer (client or application) via features termed services. The operational models on which cloud computing is based are called service models.Service models can be categorised into the following three types:
A. Infrastructure as a Service (IaaS)
B. Platform as a Service (PaaS)
C. Software as a Service (SaaS)
Features of cloud computing
Cloud enables a broad range of small and large-scale applications. Many industrial organisations use cloud computing since it is more resourceful and cost-effective than internal data centres.
The features of cloud computing are as follows:
Scalability refers to a process, network, programme, or appliance’s ability to grow and manage rising demands. This is one of the most valuable and prevalent characteristics of cloud computing. Scalability allows users to increase or decrease their data storage capacity to match the needs of their expanding organisation.
Virtualisation is a process that allows to create a virtual version of a desktop, operating system, network resources, or server. Virtualisation has become essential and prominent in cloud computing.It helps in reducing the amount of space or cost associated with the resource. This method allows the end user to run numerous desktop operating systems and apps simultaneously on the same hardware and software (Puthal, 2015).
Cloud computing can be used in Wireless Mesh Network settings. There have been studies on improving the connections in Wireless Mesh Networks, such as using Opportunistic Routing in Wireless Mesh Networks. Although cloud computing is convenient, it is not exempt from security issues.
Security issues in cloud computing
A. Breach of data
A data breach or leak occurs when confidential and private data is released to untrusted or unauthenticated surroundings. Some of the issues in cloud computing are also present in traditional corporate networks, but since the data held on cloud servers is so large, providers are frequently the targets of these attacks. The severity of the damage is directly proportional to the sensitivity of the exposed data. It gets worse when financial information is revealed, but breaches involving health, trade secrets, and intellectual property can be even more disastrous. Because when a data breach occurs, it is not only the consumers who suffer; firms can be subject to large penalties or even legal action (Ravi Kumar, 2018).
B. Authentication issues
There are several attacks that occur as a result of weak authentication protocols. Most organisations struggle with their identity management system, which attempts to assign permissions based on the user’s work role. They may even neglect to deactivate user access when a job function changes, or the individual leaves the organisation. Typically, developers encode credentials and cryptographic keys in source code and leave them in publicly accessible repositories. However, it is critical that the keys be properly protected, as well as a well-secured public key infrastructure. These keys must also be reviewed regularly, making it more difficult for attackers (Charanya, 2016).
C. Account hijacking
Service hijacking is a procedure in which the client is directed to a malicious website.This can be done through fraud, phishing, and the exploitation of software issues. Such attacks are frequently caused by the reuse of credentials and passwords. If an attacker gains access to someone’s credentials in cloud computing, they can capture actions, transaction data, modify data, deliver fake information, or redirect the client to illegal sites and the hacked account.
D. Identity theft
Identity theft is a form of deception in which someone impersonates a real user’s identity, credits, associated resources, and other service benefits. As a result of these threats, the victim experiences many adverse effects and losses. This vulnerability can occur due to a poor password recovery procedure, phishing assaults, key loggers, and other factors.
E. Attacks by Insiders
Insider threats are one of the most serious concerns in cloud computing because many organisations do not offer information about their recruiting procedures and access levels to internal resources for their employees. This threat comes mainly as a result of a lack of transparency and the IT services and customers functioning under a single management domain (Singh, 2015).
Possible solutions
The cloud provider and client should implement a complete security strategy that includes access control, perimeter security and threat management, encryption, privacy, and compliance management. Since data is kept and accessed by various clients in shared settings, components relating to identity and access management should be given specific consideration. Numerous standards, processes, and practices must be applied to reduce the likelihood of security threats in cloud computing. These rules and methods protect the privacy and security of confidential information in the cloud.
Conclusion
Cloud computing is a delivery strategy for information technology that uses current sources. Cloud computing has rapidly gained importance since it is cost-effective and resourceful. The primary features of cloud computing include scalability and virtualisation, which makes it easier to use. However, security issues like data breaches, insider attacks, identity theft, hijacking and authentication issues are the main challenges of cloud computing. The possible solutions to cloud computing challenges include encryption and layered defence mechanism.
To know more about how a dissertation is written in other disciplines, check out our dissertation examples.