Security for the Cloud

Security for the Cloud

Shweta Kaushik (ABES Engineering College, Ghaziabad, India) and Charu Gandhi (Jaypee Institute of Information Technology, Noida, India)
Copyright: © 2020 |Pages: 16
DOI: 10.4018/978-1-7998-1294-4.ch004

Abstract

Today's people are moving towards the internet services through cloud computing to acquire their required service, but they have less confidence about cloud computing because all the tasks are handled by the service provider. Cloud system provides features to the owner to store their data on some remote locations and allow only authorized users to access their data according to their access capability. Data security becomes particularly serious in the cloud computing environment because data are scattered in different machines and storage devices including servers, PCs, and various mobile devices such as smart phones. To make the cloud computing be adopted by enterprise, the security concerns of users should be rectified first to make cloud environment trustworthy. The trustworthy environment is the basic prerequisite to win the confidence of users to adopt this technology. However, there are various security concerns that need to be taken care of regarding the trust maintenance between various parties, authorized access of confidential data, data storage privacy, and integrity.
Chapter Preview
Top

Introduction

Security of user’s data in a cloud environment is a most challenging concern. Although service provider always says that the information of the users is stored securely on the cloud environment, still e-commerce companies and cloud end-users worry about the security of the data as their sensitive information are in the hands of other party. These security concerns make customers hesitate to implement Cloud E-commerce. Since most of the customers don’t have prior experience of using cloud, they fear for their sensitive data leakage. Due to the storage of large amount of data related to business on the cloud system, and further this data is transmitted and processed by the third party, the risk involved will be much higher in the cloud computing-based E-commerce model than traditional E-commerce model. As the cloud computing model is based on E-commerce platforms where all data is stored in the cloud, the e-commerce companies are worried about the cloud computing security of the data as they are unable to supervise the sensitive information of the business. While considering the data security, the three primary major concerns are-

  • Trust: - Trust means a confidence of doing a job as expected without introducing any vulnerability while performing any task. Trust can incorporate security while performing, validity of its loyalty, encoding and user-friendliness to attract other towards it. In cloud-based E-commerce application the organization data is stored at third party, cloud service provider and user will get their required their data from third party also. There is a need arise for a mutual trust between various communicating parties to ensure that data stored and retrieved from third party is intact without any malicious attack. Data owner requires that service provider should be trustworthy to store its confidential data without any exposure to unauthorized user and other service provider. On the other hand, users who will retrieve its data from the service provider also require that provider is trustworthy, who deliver the exact correct data without any loss of integrity and damage of data.

  • Privacy: - Privacy means to kept data secret and hide from its unauthorized access. Privacy of data requires encoding, encryption, translations etc. which transform your confidential data into some other form without letting know the way of doing it to others. It generally includes protection of data from any malicious activity. Users can access the data according to their defined role, access criteria, attribute they have while rest of the data is kept safe. Data owner requires that service provider will deliver its data according to access criteria defined by it in order to protect its data from unauthorized access.

  • Security Issues: - Apart from privacy and trust maintenance between different parties there are another security issue need to manage such as authorization and access control, integrity, non- repudiation, network security, confidentiality etc. To provide the authorization and access control data owner can decide one of the mechanism forms role-based access control, user-based access control or attribute-based access control to allow the users to get their required data according to this. Owner also needs to update service provider about this access criteria for verification purpose before transferring the data to users. To prove that data integrity is maintained without any vulnerability’s owner can encrypt the data and digitally sign this. Only the authorized users have verification key to check the integrity of received data from the service provider to ensure that retrieved data is intact.

Based on the user security requirements at different service level of the usage of Cloud Computing along with its threats can be described as shown in Table 1.

Complete Chapter List

Search this Book:
Reset