Security Issues in Cloud Computing

Security Issues in Cloud Computing

Kevin Curran (University of Ulster, Northern Ireland), Sean Carlin (University of Ulster, Northern Ireland) and Mervyn Adams (University of Ulster, Northern Ireland)
DOI: 10.4018/978-1-4666-0957-0.ch014


Cloud Computing is a distributed architecture that centralizes server resources on a scalable platform so as to provide on demand computing resources and services. Cloud computing has become a variable platform for companies to build their infrastructures upon. If companies are to consider taking advantage of cloud based systems, they will be faced with the task of seriously re-assessing their current security strategy, as well as the cloud-specific aspects that need to be assessed. The authors outline in this chapter what cloud computing is, the various cloud deployment models, and the main security risks and issues that are currently present within the cloud computing industry.
Chapter Preview


Cloud Service Providers offer an opportunity for organisations to make resources available online. These resources can range from extensive customer relationship management (CRM) software to the relatively widespread online email access. Cloud computing allows these companies to benefit from porting their existing systems to an online environment where they can be accessed by anyone with the required privileges (NIST, 2010). The most appealing advantage of this is that the cloud service provider takes care of the required hardware, software and networking including the associated costs. The cloud service provider will then be able to ‘rent out’ what the company requires; this means that the company will only ever use the resources necessary. The service provider will have the hardware and software setup to enable them to scale far and beyond what any company will require, this means that they can offer a ‘pay-as-you-go’ type service. The service provider will be able to offer similar resources to multiple companies, meaning that they can offer this at a reduced price (Sheriff, 2011).

Cloud computing is not a new technology but rather a new delivery model for information and services using existing technologies. It uses the internet infrastructure to allow communication between client side and server side services/applications (Weiss, 2007). Cloud service providers (CSP’s) offer cloud platforms for their customers to use and create their web services, much like internet service providers offer costumers high speed broadband to access the internet. CSPs and ISPs both offer services. The cloud provides a layer of abstraction between the computing resources and the low level architecture involved. The customers do not own the actual physical infrastructure but merely pay a subscription fee and the cloud service provider grants them access to the cloud resources and infrastructure. A key concept is that the customers can reduce expenditure on resources like software licenses, hardware and other services (e.g. email) as they can obtain all these things from one source, the cloud service provider (Rangan, 2008; Siegele, 2008; Vogels, 2008). Recent studies have found that disciplined companies achieved on average an 18% reduction in their IT budget from cloud computing and a 16% reduction in data centre power costs (McFedries, 2008).

There are two initial forms of cloud computing, Public Cloud and Private Cloud. Within Public Cloud computing companies pay a yearly subscription to an external company such as Amazon’s Elastic Compute Cloud (EC2) toward storing data and the providing and facilitating the running of application programs. Many companies share the same infrastructure within the Public Cloud, and the term given to this is Multitenant Architectures. This term is significant because a server is split up into virtual servers software controlled slices allocated to customers, in essence one server becomes many with many customers. The Private Cloud would be the next progression for many companies as the Private Cloud is in-part managed in-house and is considered Hosted or Corporate cloud. The cloud is managed within the company’s domain and data storage is centralized replacing the company’s previous infrastructure as the network becomes virtualized. Most data storage is handled in-house because of its sensitivity which must be protected. This is the most secure option and the most expensive but still cost effective compared to their older structures in which the companies maintained themselves.

Complete Chapter List

Search this Book: