Security Aspects in Cloud Computing

Security Aspects in Cloud Computing

Tabassum N. Mujawar (Terna Engineering College, India), Ashok V. Sutagundar (Basaveshwar Engineering College, India) and Lata L. Ragha (Terna Engineering College, India)
DOI: 10.4018/978-1-5225-5634-3.ch004
OnDemand PDF Download:
No Current Special Offers


Cloud computing is recently emerging technology, which provides a way to access computing resources over Internet on demand and pay per use basis. Cloud computing is a paradigm that enable access to shared pool of resources efficiently, which are managed by third party cloud service providers. Despite of various advantages of cloud computing security is the biggest threat. This chapter describes various security concerns in cloud computing. The clouds are subject to traditional data confidentiality, integrity, availability and various privacy issues. This chapter comprises various security issues at different levels in environment that includes infrastructure level security, data level and storage security. It also deals with the concept of Identity and Access Control mechanism.
Chapter Preview


Cloud computing is a nascent and rapidly emerging computing paradigm with broad-ranging effects across IT Industry, Business, Software Engineering, and Data Storage. Cloud computing can be defined as a huge collection of distributed servers which provide on demand services to the users over Internet. It is a model which provides network access to shared computing resources such as data, servers, applications and services etc. Thus, users can access any resource from cloud on demand basis at a particular time and can pay only for their use.

A Cloud system consists of 3 major components such as clients, datacenter, and distributed servers (Velte A. T.,Velte T.J. & Elsenpeter R., 2010), as shown in Figure 1.

Figure 1.

Cloud computing components



End users interact with the clients to access services provided by the cloud. Clients generally fall into various categories as thin client, thick client and mobile client.


In order to subscribe different applications, an end user connects to the datacenter which is a collection of servers hosting different applications.

Distributed Servers

Distributed servers are present throughout the Internet to host different applications.

Based on the domain or environment in which clouds are used, clouds can be divided into 3 categories as (Velte A. T.,Velte T.J. & Elsenpeter R., 2010) (See Figure 2):

  • Public Cloud: It is available to the general public users in a pay-as-you-go manner irrespective of their origin or affiliation.

  • Private Cloud: Its usage is restricted to members, employees, and trusted partners of the organization.

  • Hybrid Cloud: It is combination of both the private and public clouds and enables the use of private and public Cloud in a seamless manner.

Figure 2.

Cloud computing deployment and deliver models


The services of cloud computing are categorized as (Velte A. T.,Velte T.J. & Elsenpeter R., 2010):

  • Software as a Service (SaaS): In SaaS, the client uses different software applications from different servers through the Internet and pays for the time he uses the software.

  • Platform as a Service (PaaS): PaaS provides all the resources that are required for building applications and services completely from the Internet, without downloading or installing software.

  • Infrastructure as a Service (IaaS): IaaS provides necessary infrastructure to develop and deploy applications. It is also known as Hardware as a Service (HaaS). It offers the hardware as a service to an organization so that it can put anything into the hardware according to its will.

Though cloud computing is the most promising technology, it faces many security challenges. The security concern arises because user’s data and applications are present outside the administrative control in a shared environment and accessed by various other users. This shared and on-demand nature of cloud computing introduces the new security violations which limits the adoption of cloud computing. Therefore many users are reluctant in completely trusting the cloud computing environment (KPMG, 2010; Keiko H., Rosado D. G., Eduardo F. & Eduardo B.F., 2013).

The traditional security mechanisms such as identity management, authentication, and authorization are not sufficient for cloud computing in form they exist presently. The security risks associated with the organization by adoption of cloud are quite different than the traditional IT organizations (Li W., Ping L., 2009). Cloud computing security mechanism must address the security concerns from the perspective of end users and also for the cloud service providers. The security mechanism must include different standards and procedures to provide security assurance for all cloud service delivery models i.e. Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). It should also take into consideration the different deployment models of cloud computing (public, private and hybrid cloud).

Complete Chapter List

Search this Book: