Article Preview
Top1. Introduction
The scalability and extensibility of distributed software architectures have led to the concept called Cloud Computing. Cloud computing is a technology used to deliver the hosted services over the Internet. Through this technology, users don’t have to manage their own IT resources; instead they purchase their IT needs as services over the internet (Mell and Grance, 2011).
Cloud computing main objective is to provide secure, quick and convenient data storage with all services delivered over the internet. Cloud computing has a distributed architecture and contains a computational paradigm which enables it to enhance availability, scalability, agility, collaboration and adaptability of the system. Cloud computing technology allows in reducing the rates spent on computing infrastructure, boosting performance and increasing efficiency of an organization (Zhao et al. 2009; Zhang et al. 2010; Clous security alliance, 2011; Marinos and Briscoe, 2009; center for protection of national infrastructure, 2010; Khalid, 2010).
With more and more explorations of cloud technology, it has faced challenges that need to be resolved to improve the pace of cloud adoption among SMEs. One of the most significant barriers to adoption is security and privacy of the data in the cloud. There is a huge uncertainty of the security of data in clouds at all times as cloud computing represents relatively new idea of computing and that’s the reason for security experts to be more concerned about data security in clouds.
Cloud has many specific attributes compared to many traditional technologies such as huge pool of resources and mostly belonging to cloud providers are heterogeneous, distributed and completely virtualized. It’s because of this reason traditional security measures like identification, authentication and authorization is not enough in case of cloud computing (Li and ping, 2009). Security controls and mechanisms in traditional IT is more or less very similar and useful to that of current form of cloud for most of its delivery models. But, cloud computing presents different organizational risks than traditional IT due to its ways of service deployment, operations and enabling technologies. Unfortunately, security integration into these services often makes it more difficult to provide more substantial solution to the problem (Rittinghouse and Ransome, 2009).
Moving organization’s critical applications and legacy database full of sensitive information to cloud service provider (CSP) with no control of their own data is a concern of many organizations. To diminish this concern, CSP must ensure that they continue to provide customers with same security and control to their applications and sensitive data as onshore system. In order to achieve this CSP must provide evidence to a customer that all service level agreements are met and compliance can be proved to auditors (GiljeJaatun, 2009).
We have tried to present security issues related to cloud computing based on service delivery models i.e. security issues with software as a service, platform as a service and infrastructure as a service. Also, we have identified vulnerabilities and threats in cloud computing which leads to these security issues, where vulnerabilities refer to gaps in a system which allows attack to be successful and threats refers to an attack which is attempted on gaps in a system to exploit resources or information. Based on these identified threats and challenges we have provided possible remedy to avoid incidents leading to a security breach or system failure.