Security and Privacy Issues in Cloud Computing

Security and Privacy Issues in Cloud Computing

Jaydip Sen (Tata Consultancy Services Ltd., India)
DOI: 10.4018/978-1-4666-4514-1.ch001
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Cloud computing transforms the way Information Technology (IT) is consumed and managed, promising improved cost efficiencies, accelerated innovation, faster time-to-market, and the ability to scale applications on demand (Leighton, 2009). According to Gartner, while the hype grew exponentially during 2008 and continued since, it is clear that there is a major shift towards the cloud computing model and that the benefits may be substantial (Gartner Hype-Cycle, 2012). However, as the shape of cloud computing is emerging and developing rapidly both conceptually and in reality, the legal/contractual, economic, service quality, interoperability, security, and privacy issues still pose significant challenges. In this chapter, the authors describe various service and deployment models of cloud computing and identify major challenges. In particular, they discuss three critical challenges: regulatory, security, and privacy issues in cloud computing. Some solutions to mitigate these challenges are also proposed along with a brief presentation on the future trends in cloud computing deployment.
Chapter Preview
Top

Introduction

As per the definition provided by the National Institute for Standards and Technology (NIST) (Badger et al., 2011), “cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” It represents a paradigm shift in information technology many of us are likely to see in our lifetime. While the customers are excited by the opportunities to reduce the capital costs, and the chance to divest themselves of infrastructure management and focus on core competencies, and above all the agility offered by the on-demand provisioning of computing, there are issues and challenges which need to be addressed before a ubiquitous adoption may happen.

Cloud computing refers to both the applications delivered as services over the Internet and the hardware and systems software in the datacenters that provide those services. There are four basic cloud delivery models, as outlined by NIST (Badger et al., 2011), based on who provides the cloud services. The agencies may employ one model or a combination of different models for efficient and optimized delivery of applications and business services. These four delivery models are: 1) Private cloud in which cloud services are provided solely for an organization and are managed by the organization or a third party. These services may exist off-site. (2) Public cloud in which cloud services are available to the public and owned by an organization selling the cloud services, for example, Amazon cloud service. (3) Community cloud in which cloud services are shared by several organizations for supporting a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). These services may be managed by the organizations or a third party and may exist off-site. A special case of community cloud is the Government or G-Cloud. This type of cloud computing is provided by one or more agencies (service provider role), for use by all, or most, government agencies (user role). (4) Hybrid cloud which is a composition of different cloud computing infrastructure (public, private or community). An example for hybrid cloud is the data stored in private cloud of a travel agency that is manipulated by a program running in the public cloud.

From the perspective of service delivery, NIST has identified three basic types of cloud service offerings. These models are: (1) Software as a Service (SaaS) which offers renting application functionality from a service provider rather than buying, installing and running software by the user. (2) Platform as a Service (PaaS) which provides a platform in the cloud, upon which applications can be developed and executed. (3) Infrastructure as a Service (IaaS) in which the vendors offer computing power and storage space on demand.

From a hardware point of view, three aspects are new in the paradigm of cloud computing (Armbrust et al., 2009). These aspects of cloud computing are: (1) The illusion of infinite computing resources available on demand, thereby eliminating the need for cloud computing users to plan far ahead for provisioning. (2) The elimination of an up-front commitment by cloud users, thereby allowing companies to start small and increase hardware resources only when there is an increase in their needs. (3) The ability to pay for use of computing resources on a short-term basis as needed and release them when the resources are not needed, thereby rewarding conservation by letting machines and storage go when they are no longer useful. In a nutshell, cloud computing has enabled operations of large-scale data centers which has led to significant decrease in operational costs of those data centers. On the consumer side, there are some obvious benefits provided by cloud computing. A painful reality of running IT services is the fact that in most of the times, peak demand is significantly higher than the average demand. The resultant massive over-provisioning that the companies usually do is extremely capital-intensive and wasteful. Cloud computing has allowed and will allow even more seamless scaling of resources as the demand changes.

Complete Chapter List

Search this Book:
Reset