Article Preview
Top1. Introduction
In the information society of the 21st century, the information and communication technologies have revolutionised human lives. Wireless telephony, cloud computing, mobile clouds, electronic commerce and online transactions are now common place and within easy reach of general public. All this has become possible through the proliferation of computing technologies and use of the Systems. There is no doubt that World Wide Web, or the Systems, is the binding and enabling force behind all this.
Since the use of the Systems is growing, the demand for the associated products, applications and services is also growing. As a bi-product, the concerns with respect to the security of information, confidentiality of data and reliability of services are also growing. Previously, when the computing systems were used as standalone devices, the security concerns amounted to only the physical security (i.e. fear of getting it damaged, getting it stolen, etc). Now, however, because of interconnectivity of computing equipment on a global basis, there are serious concerns with respect to security of networks (including the Systems), theft of data, cyber terrorism and so on. Although, network managers and security experts are doing their best to ensure that transactions are safe, networks are secure and malicious damage to data, services, applications and equipment is eliminated, hackers and cyber terrorists are also becoming more intelligent and finding new ways of breaking and getting into computing systems. The technologies that exist for the benefit of citizens are, ironically, the same technologies that hackers are using for their malicious acts. To ensure the security of Systems applications and the use of Systems, many approaches has been employed including systems such as the following:
- •
Intrusion detection mechanisms
- •
Intrusion prevention schemes
- •
Firewalls and Filters
- •
Virus detection and removal software
- •
Build-In security (software security engineering)
However, SecurityFocus (2013) has reported on percentage of vulnerability attacks for operating systems attacks account for 9% vulnerability, web-based software systems attacks account for 61% vulnerability, and other applications attacks account for 30% vulnerability. Similarly, Popović and Hocenski (2010) have reported an analysis of results from IDC ranking of security challenges that 87.5% responded to demand for cloud security against on-demand cloud services. This confirms the importance of cloud security against cloud services.
Cloud computing has emerged to provide a more cost effective solution to businesses and services while making use of inexpensive computing solutions which combines pervasive, internet, and virtualisation technologies. Cloud computing has spread to catch up with another technological evolution as we have witnessed internet technology which has revolutionised communication and information super highway. Cloud computing is emerging rapidly and software as a service paradigm has increasing its demand for more services. However, this new trend needs to be more systematic with respect to software engineering and its related process. For example, current challenges that are faced with cyber security and application security flaws, lessons learned and best practices can be adopted. Similarly, as the demand for cloud services increases and so increased importance sought for security and privacy. The business of cloud technology can only be sustained if we can maintain balance between demand for services in-line with improved cloud security and privacy.