Article Preview
TopIntroduction
The evolution of internet technologies has directed the emergence of Cloud computing. It facilitates organizations to dynamically expand their infrastructures by outsourcing business components to third-party service providers whilst retaining the customization required by the enterprise and transparency to the end user. By providing the ability to expand at runtime, it facilitates development of highly scalable applications without having to worry about the physical limit to the available resources. It therefore, provides the illusion of availability of unlimited resources to fulfill dynamic and variable user requirements. The illusion of unlimited resource availability improves the ability of an organization to meet the requirement of a wider user-base. Furthermore, by dramatically reducing the time to establish infrastructures, it has substantial effects on the time to market for a product, thereby improving product promotion and delivery. Finally, Cloud computing introduces a pay-per-use model i.e., customers only have to pay for the resources they have used. This represents an attractive model as the organizations do not have to pay for establishment and maintenance of the resources thereby reducing the cost of providing services.
As with any other emerging paradigm, security underpins widespread adoption of Cloud computing. This has been highlighted by the surveys conducted by IDC Exchange where security features as the most challenging aspect towards the adoption of Cloud computing (Gens, 2008, 2009). Furthermore, the importance of security is increased as the users of the Cloud services have to pay for the resources they use. This represents a significant difference as compared to traditional high performance computing paradigms such as Grids where participating organizations are envisaged to voluntarily share resources without requiring any financial obligations from the users. As Cloud computing involves outsourcing of services, the authentication and security issues are pushed to the edge of an organization’s security perimeter. In other words, Cloud computing accelerates the externalization of security services such as identity management, authentication, security of application infrastructure and services (Dournaee, 2010). Furthermore, in order to achieve the flexibility and scalability of infrastructures described earlier, Cloud computing uses several novel methods and technologies which present novel security issues. These include technologies such as virtual machines (Goldberg, 1974) and web 2.0 along with contemporary technologies such as web services (Alonso et al., 2004) and, the Service Oriented Architectures (SOA) (Channabasavaiah et al., 2004).
In this paper, we emphasize on identifying the security challenges presented by Cloud computing and review existing approaches to address these challenges. We also, describe the limitations of existing approaches to address security issues surrounding Cloud computing. Furthermore, the paper is focused on security challenges due to both technological and non-technological aspects of Cloud computing from a consumer’s perspective. A brief outline of the paper follows. The evolution of modern computing systems to Cloud computing is described in the next section. We define Cloud computing and explain the three different models of Cloud computing i.e., Software as a Service, Infrastructure as a Service and Platform as a Service. We describe a number of security threats which are applicable to Cloud computing and need to be addressed and narrates our recommendations to address these challenges. We conclude this paper where we describe our conclusions.