Verified Document

Cloud Based Solutions For Business Term Paper

Cloud computing continues to proliferate most of the worlds largest companies, governments, and organization. Its benefits create a compelling value proposition for nearly all stakeholder groups in the form of higher efficiencies, better access to data, and better reliability. Unfortunately these benefits result in a corresponding increase in security vulnerabilities. This document will address these vulnerabilities and how they impact organizations utilizing cloud computing. Emphasis will be place on the more common vulnerabilities and possible solutions to rectify them. Cloud Computing is increasing becoming a very contentious issue for businesses, governments, and communities around the world. A study initiated by Gartner found that cloud computing is considered one of the top 10 most influential technologies in the world (Gartner 2011). The prospects for the cloud are endless as adaptations can create enhancements in all industries. Industries typically use cloud computing to enhance efficiencies, reduce costs, reduce overall head, and increase returns on investment. The ability of cloud computing to provide ubiquitous and on-demand network access is also compelling for industries that require continually access throughout the day. Banks, insurance companies, and national defense organization must be all be operational throughout the entire day. Due to the ability of cloud computing to provide secure and convenient data storage over the internet, these organization can run their core processes 24 hours a day.

Cloud computing is unique in that it combines a number of varying concepts and technologies together in one package. Aspects such as Service Oriented Architecture, the Internet, and storage facilities are all used simultaneously to provide a compelling product. However, due to the sheer volume of applications and moving parts, cloud computing does present interesting security challenges. This is due primarily to the relative uncertainty regarding the adoption of new technology combined with the varying degrees of applications and materials needed for adoption. Making security more difficult is this uncertainty occurring at all levels of the cloud computing process including the (network, host, application, and data levels). As a result, many IT executives acknowledge that security is their primary concern regarding the cloud and information content (Mather, 2009).

In particular cloud-computing security risk occurs in three main areas. The areas include external data storage, the use of "public" Internet and inherent lack of control of doing so, and the overall integration process. As result of these security risks traditional methods such as identity, authentication and authorization are no longer viable. Therefore new and unique solutions are required to address the changing landscape of cloud application and their overall structure.

Literature Review/Discussion and Analysis

What security vulnerabilities and threats are the most important in Cloud Computing and how can organizations properly handle them? To begin, the traditional cloud-computing model has three separate types of services, which are described below. These definitions are taken directly from the Journal of Internet Services and Applications Journal.

1) Software as a Service- the capability provided to the consumer is to use the provider's applications running on a cloud infrastructure. In general the applications are accessible from various client devices through a thin client interface such as a web browser (Hashizume, pg 3).

2) Platform as a Service -- The capability provided to the consumer is to deploy onto the cloud infrastructure his own applications without installing any platform or tools on their local machines. PaaS refers to providing platform layer resources, including operating system support and software development frameworks that can be used to build higher-level services (Hashizume, pg 3).

3) Infrastructure as a Service.- The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications (Hashizume, pg3)

In addition to the models presented above, a very popular form of cloud computing is the hybrid cloud. Hybrid clouds are a combination of public and private cloud offerings which provides companies with much wider degree of freedom and security. It also allows for the exchange of information across disparate cloud offerings. This allows customers to use third party application in the manner in which they see fit.

In regards to security and vulnerability each has its respective strengths and weaknesses. For example with SaaS the overall security burden in on the cloud provider. This creates obvious problems for a business, as they are almost entirely dependent on the provider to provide secure access to private information. This vulnerability is the direct result of the overall intergration needed with the SaaS model. In contrast however, the PaaS and IaaS models are much more secure as the consumer...

Creating further frustration of cloud adoptors is the overall intergration between each model. PaaS and SaaS are hosting on top of IaaS. Therefore, a breach in IaaS will correspond to a breach in each of the upper two layers, thus creating systemic effects on security. For example, a SaaS provider may rent a development environment from a PaaS provider. This PaaS provider may in turn, rent the foundational infrastructure from an IaaS provider. Each provider is therefore responsible for it own security. As a result, the overall infrastructure could be prone to attack if one chain in the overall link is weak relative to the others. Further, it will be difficult to identify this weak link prior to the breach or attack occurring as each individual provider is in charge of his or her own security measures. Finally, when attack does occur the identification of the cause of the vulnerability will be difficult to access.
The relationship between threats and vulnerabilities is dynamic. Although vulnerabilities are often identifies in the overall technology and application, individuals employees are often a major vulnerability. This is particularly true for the SaaS model which relies extensively on the internet and third party providers. For example, cloud services are often accessed through API's or application programming interface. In essence, an API governs the rules in which one application can talk to another. For example, in a simple context, API's when using a laptop allow information to be moved between programs. Cutting and pasting text in a word document in excel spreadsheet is an example. API's on a more sophisticated level, allow services to use applications such as Google Maps. For example, the Internet website Yelp uses Google Maps to provide directions to a particular destination. In the context of cloud computing, API's are essential because they allow for the overall exchange of information and proper functioning of the application. The security of the cloud therefore depends on the security of these interfaces. A major security concern and vulnerability are weak credentials and insufficient authorization checks. In addition, insufficient input-data validation creates an enormous concern for security (Mather, 2009).

These vulnerabilities often occur due to insufficient safeguards on the human level. Aspects such as proper background checks, although common sense, seem to allude cloud computing providers. Privileged users often have unlimited access to cloud data, creating significant concerns. In addition, nearly anyone can open an account with a valid credit card and email. Although this accessible is an important benefit of using the cloud to begin with, it still should be monitored more rigorously. Apocryphal accounts for example, can allow hackers and other participants to perform malicious activity without detection.

In addition to the human component mentioned in detail above, Cloud Computing has vulnerabilities relating directly to its structure as well. The first, most oblivious, and highest profile threat to cloud computing occurs with service hijacking. An account theft through the cloud often occurs through social engineering (Schubert, 2009). Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. This can occur through baiting, quid pro quo, and other means. With access to a cloud users credentials, the hijacker can then conduct malicious activities designed to manipulate data and redirect transactions.

In addition with cloud computing, information is continually stored and accessed. However, once information is deleted, it is not completely removed from the system. Computing professionals can therefore use the cloud to recover data that was believed to be deleted, using it for malicious activities. Cloud computing uses the "Public" interent. Therefore, all individuals have access to the internet. Data leakage can therefore occur when data is transferred to hackers during the transition, storage of processing phase of the cloud computing process. Below is a chart summarizing both the vulnerabilities and threats discusses so far.

Vulnerabilities

Threats

Insufficient employee screening

Account and service hijacking

Insufficient customer background checks

Data Leakage

Insecure interfaces

Data Scavenging

Data related vulnerabilities

Solutions to these threats and vulnerabilities can change considerably. Hackers and those that wish ill will are constantly looking at new and innovation methods in which to obtain private information. In many instances, these individuals wish to sell this information to third parties on the black market looking to capitalize on it. Due to the lucrative nature of hacking and its ability to continually evolve, defense strategies must also evolve. Currently the solution to the threats and vulnerabilities mentioned above require a multi-faceted approach. Dynamic credentials for example…

Sources used in this document:
References

1) Cloud Security Alliance (2011). Security Guidance for Critical Areas of Focus in Cloud Computing Version 3.0. http://www.cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf This document provides an actionable, practical road map to managers wanting to adopt the cloud paradigm safely and securely.

2) Gartner Inc. Gartner identifies the Top 10 strategic technologies for 2011. Online. Available: http://www.gartner.com/it/page.jsp?id=1454221. Accessed: 15-Jul-2011

3) Kaufman, L. M. (2009). Data Security in the World of Cloud Computing. IEEE Security & Privacy, Vol 7, Issue 4, pp. 61-64, July-August 2009.

4) Hashizume et al.: An analysis of security issues for cloud computing. Journal of Internet Services and Applications 2013 4:5.
Cite this Document:
Copy Bibliography Citation

Related Documents

Cloud Based Solutions for Business
Words: 572 Length: 2 Document Type: Essay

IBM is well-known for its diversified product offerings and unparalleled scale with regards to SaaS offerings. IBM is highly regarded as one of the top ten cloud offerings in the market. The HR department of a small business has the ability to use and implement the extensive scale and expertise of IBM's SaaS offerings. First, IBM has unparalleled reach and expertise. By working with many small and large businesses, IBM

Cloud Computing Reliability of Cloud-Based
Words: 581 Length: 2 Document Type: Research Proposal

In some areas it actually appears as though certain reliability issues and their solutions might be simplified in the cloud when compared to traditional software and hardware set-ups; successful antivirus protection has been achieved simply by running preventative, diagnostic, and corrective programs on host computers and servers in the cloud, rather than necessitating the same type of vigilance for each and every end-user unit (Shah 2010). Solutions to more

Cloud Computing and Technology
Words: 619 Length: 2 Document Type: Essay

Cloud Computing Governance There are many issues and implications that must be taken seriously when it comes to cloud computing. While the possibilities and capabilities that are newly or more significantly realized by cloud computing are fascinating and voluminous, so too are the security risks and ethical quandaries that can and do come up when it comes to the subject. With that in mind, this report shall cover two main topics

Cloud Computing Changes Systems Analysis and Design
Words: 5643 Length: 18 Document Type: Research Paper

Cloud Computing Changes Systems Analysis and Design Instiution/University affiliation Both information systems and information technology infrastructure have been incorporated into business procedures for at least two decades. In the initial development of information technology, organizations which greatly invested in information technology infrastructure achieved strong growth in market shares and returns. Given that IT is now the core of businesses, nearly all organizations own their own IT infrastructures to manage their daily

IT's Learning Cloud Based Learning Management System Essay
Words: 4642 Length: 15 Document Type: Essays

Essay Prompt: 1. Using module theory and specific examples from the case provided identify and critically analyze the strategic issues confronting the 'IT'S LEARNING' as it expands beyond its home country (1000 words) 2. Using appropriate module frameworks and specific examples from the case critically analyze the advantages and disadvantages of the Norway as the home base for a global developer of Digital Learning Platforms. (1000 words) 3. Using module theory and examples

Cloud Computing at Easyjet
Words: 2637 Length: 8 Document Type: Essay

Cloud Computing at EasyJet 25/08/2015 Brief Company background Discussion of business problem High level solution Benefits of solving the problem Business/technical approach Business process changes Technology or business practices used to augment the solution Conclusions and overall recommendations High-level implementation plan EasyJet, a Luton-based low cost airline in the UK has managed to create differentiation from other low cost airlines through the introduction of a new system of seat booking. The move brought in a new era in the otherwise

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now