Cloud Computing allows firms to outsource their entire information technology (IT) process, allowing them to concentrate more on their core business to enhance their productivity and innovation in offering services to customers. It allows businesses to cut down heavy cost incurred over IT infrastructure without losing focus on customer needs. However, to a certain limit adopting Cloud computing has struggled to grow among many established and growing organizations due to several security and privacy related issues. Throughout the course of this study several interviews were conducted, with cloud developers and security experts, and the literature was reviewed. This study enabled us to understand, current and future, security and privacy challenges with cloud computing by providing suitable solutions to identified challenges. The outcome of this study led to identification of total 18, current and future, security issues affecting several attributes of cloud computing. In this process of identification, the author also found mitigation techniques to avert these security issues. A security guide is formulated which enables organizations to be aware of security challenges, vulnerabilities and techniques to evade them.
Top1. Introduction
The scalability and extensibility of distributed software architectures have led to the concept called Cloud Computing. Cloud computing is a technology used to deliver the hosted services over the Internet. Through this technology, users don’t have to manage their own IT resources; instead they purchase their IT needs as services over the internet (Mell and Grance, 2011).
Cloud computing main objective is to provide secure, quick and convenient data storage with all services delivered over the internet. Cloud computing has a distributed architecture and contains a computational paradigm which enables it to enhance availability, scalability, agility, collaboration and adaptability of the system. Cloud computing technology allows in reducing the rates spent on computing infrastructure, boosting performance and increasing efficiency of an organization (Zhao et al. 2009; Zhang et al. 2010; Clous security alliance, 2011; Marinos and Briscoe, 2009; center for protection of national infrastructure, 2010; Khalid, 2010).
With more and more explorations of cloud technology, it has faced challenges that need to be resolved to improve the pace of cloud adoption among SMEs. One of the most significant barriers to adoption is security and privacy of the data in the cloud. There is a huge uncertainty of the security of data in clouds at all times as cloud computing represents relatively new idea of computing and that’s the reason for security experts to be more concerned about data security in clouds.
Cloud has many specific attributes compared to many traditional technologies such as huge pool of resources and mostly belonging to cloud providers are heterogeneous, distributed and completely virtualized. It’s because of this reason traditional security measures like identification, authentication and authorization is not enough in case of cloud computing (Li and ping, 2009). Security controls and mechanisms in traditional IT is more or less very similar and useful to that of current form of cloud for most of its delivery models. But, cloud computing presents different organizational risks than traditional IT due to its ways of service deployment, operations and enabling technologies. Unfortunately, security integration into these services often makes it more difficult to provide more substantial solution to the problem (Rittinghouse and Ransome, 2009).
Moving organization’s critical applications and legacy database full of sensitive information to cloud service provider (CSP) with no control of their own data is a concern of many organizations. To diminish this concern, CSP must ensure that they continue to provide customers with same security and control to their applications and sensitive data as onshore system. In order to achieve this CSP must provide evidence to a customer that all service level agreements are met and compliance can be proved to auditors (GiljeJaatun, 2009).
We have tried to present security issues related to cloud computing based on service delivery models i.e. security issues with software as a service, platform as a service and infrastructure as a service. Also, we have identified vulnerabilities and threats in cloud computing which leads to these security issues, where vulnerabilities refer to gaps in a system which allows attack to be successful and threats refers to an attack which is attempted on gaps in a system to exploit resources or information. Based on these identified threats and challenges we have provided possible remedy to avoid incidents leading to a security breach or system failure.