Cloud computing paradigm has recently gained tremendous momentum. It has been found very promising for significant cost reduction and the increased operating efficiencies in computing. However, security and privacy issues pose as the key roadblock to its rapid adoption. In this chapter, the authors present the security and privacy challenges in Cloud computing environments and discuss how they are related to various delivery and deployment models, and are exacerbated by the unique aspects of Clouds. The authors also propose a comprehensive security framework for Cloud computing environments and discuss various approaches to address the challenges, existing solutions and future work needed to provide a trustworthy Cloud computing environment.
TopIntroduction
Cloud computing has recently generated huge interest within computing research communities. It separates information resources from the underlying infrastructure and the approaches used to deliver them. Cloud computing tries to consolidate the economic utility model with the advances in many existing approaches and computing technologies including distributed services, applications, as well as large information infrastructures that are built on top of huge pools of computers, networks, and storage resources. It has been found to offer tremendous promise to enhance collaboration, agility, scale and availability. Its definitions, attributes, characteristics, underlying technologies and risks have been evolving and will change over time. From an architectural perspective, confusion and disagreements exist in IT communities about how a Cloud is different from existing models and how these differences might affect its deployment and widespread adoption. Some see a Cloud as a novel technical revolution while others consider it a natural evolution of technology, economy and culture (Cloud Security Alliance 2011). Nevertheless Cloud computing is a very important paradigm that promises to provide significant cost reduction through optimization and the increased operating and economic efficiencies in computing (Cloud Security Alliance 2011; Catteddu & Hogben 2009). Furthermore, Cloud computing has the potential to significantly enhance collaboration, agility, and scale, and, thus, to enable a truly global computing model over the Internet infrastructure.
While several researchers have tried to define Cloud computing, currently, there is no single agreed upon definition. The US National Institute of Standards and Technology defines it as follows: “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This Cloud model is composed of five essential characteristics, three service models, and four deployment models” (Mell & Grance 2011). In order to understand the importance of Cloud computing and its adoption, one needs to understand its principal characteristics, its delivery and deployment models, how the customers would use or benefit from these services and how these services need to be safeguarded. The five key characteristics of Cloud computing include on-demand self-service, ubiquitous network access, location independent resource pooling, rapid elasticity, and measured service; these are all geared towards allowing the seamless and transparent use of Clouds (Mell & Grance 2011). Rapid elasticity allows resources provisioned to be quickly scaled up or down. Measured services are primarily derived from properties of the business model and indicate that Cloud service provider controls and optimizes the use of computing resources through automated resource allocation, load balancing and metering tools (Cloud Security Alliance 2011; Catteddu & Hogben 2009; Yang X. et al. 2012).
Despite the enormous opportunity and value that the Cloud presents for organizations, without appropriate security and privacy solutions designed for Clouds this potentially revolutionizing computing paradigm could become a huge failure (Takabi, Joshi & Ahn 2010b). Customers are concerned about the security and privacy risks of Cloud computing and the fact that they lose direct control over the security of their systems when they migrate to the Cloud. Several surveys of potential Cloud adopters indicate that security and privacy are the number one concern delaying its adoption and it will likely continue to keep some companies out of Cloud computing (Bruening & Treacy 2009). Hence, understanding the security and privacy risks in Cloud computing and developing efficient and effective solutions are critical to the success of this new computing paradigm. When we move our information into the Cloud, we may lose control over it. The Cloud gives us access to the data, but the challenge is to ensure that only authorized entities have access to that data. It is crucial to understand how we can protect our data and resources from a security breach in the Cloud that provides shared platforms and services. It is critical to have appropriate mechanisms to prevent Cloud providers from using customers' data in a way that has not been agreed upon in the past.