Abstract
Cloud computing is a computing style in which scalable and flexible IT functionalities are delivered as a service to external customers using Internet technologies. As cloud computing continues to gain more momentum in the IT industry, more issues and challenges are being reported by academics and practitioners. Cloud computing is not a revolutionary idea; Instead, it is an evolutionary concept that integrates various existing technologies to offer a useful new IT provisioning tool. In this chapter, security risks are discussed on adoption to cloud computing, the risks related to privacy, trust, control, data ownership, data location, audits and reviews, business continuity and disaster recovery, legal, regulatory and compliance, security policy and emerging security threats and attacks.
TopBackground
Cloud Computing has accelerated business and technological initiatives that promise to provide services at comparably low infrastructure and operating costs. The rapid growth of cloud computing is a good example (Onwubiko, 2010). The popularity of Cloud services has increased immensely over the past few years. Cloud computing is a large-scale distributed computing paradigm that is driven by economies of scale, in which a pool of abstracted, virtualized, dynamically-scalable, managed computing power, storage, platforms, and services are delivered on demand to external customers over the Internet (Giordanelli & Mastroianni, 2010). It’s a set of approaches that can help organizations quickly, effectively add and subtract resources in almost real time. It has a revolution in the way it will change the way we deploy technology and how we think about the economics of computing (Irakoze, 2013). It is an Internet-based computing solution where shared resources/services are provided like electricity distributed on the electrical grid. It is a computing model providing web-based software, middleware and computing resources on demand, in which services, resources, and applications are provided on metered basis over the Internet (Patel, Umrao, & Singh, 2012). Cloud applications extend their accessibility through the Internet by using large data centers’ and powerful servers that host web applications and services. Anyone with a suitable Internet connection and a standard Internet browser can access a cloud application (Hung & Lin, 2013). Rapid evolution of cloud computing technologies can easily confuse its definition perceived by the public. Yet, there are five key attributes to distinguish cloud computing from its conventional counterpart as shown in figure 1:
Key Terms in this Chapter
Access Control: access control is the selective restriction of access to a place or other resource. The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization.
Service Level Agreement: A service-level agreement (SLA) is a contract between a network service provider and a customer that specifies, usually in measurable terms, what services the network service provider will furnish. Many Internet service providers (ISP)s provide their customers with an SLA.
Virtualization: Virtualization is a key technology to create cloud computing platform. Unused resources can be effectively utilized, based on the requirement resources can be scaled using this technology compared to physical resource scaling. Entire existing OS along with all its application also can be moved to a virtual machine or vice versa also possible. Virtualization is simulating hardware and/or software to run on top of hardware and/or software.
Internet: The Internet is a global network connecting millions of computers. More than 100 countries are linked into exchanges of data, news and opinions.
Authentication: is the function of specifying access rights to resources related to information security and computer security in general and to access control in particular.
Privacy: is the ability of an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively. The boundaries and content of what is considered private differ among cultures and individuals, but share common themes. When something is private to a person , it usually means there is something to them inherently special or sensitive. The domain of privacy partially overlaps security, including for instance the concepts of appropriate use, as well as protection of information. Privacy may also take the form of bodily integrity.
Security: In Computing, the extent to which a computer system is protected from data corruption, destruction, interception, loss, or unauthorized access. The prevention of and protection against assault, damage, fire, fraud, invasion of privacy, theft, unlawful entry, and other such occurrences caused by deliberate action.
Cloud Computing: Cloud computing is an Internet-based computing solution which provides the resources in an effective manner. In the cloud, many computers are configured to work together where the resources are allocated on demand. Cloud computing allows the customers to access resources through the internet from anywhere at any time without thinking about the management and maintenance issues of the resources. Resources of cloud computing can be provided dynamically.
Security Policy: Security policy is a definition of what it means to be secure for a system, organization or other entity. A computer security policy defines the goals and elements of an organization's computer systems. The definition can be highly formal or informal. Security policies are enforced by organizational policies or security mechanisms. A technical implementation defines whether a computer system is secure or insecure . These formal policy models can be categorized into the core security principles of: Confidentiality, Integrity and Availability.