Login Signup
Verified Document

Security In Cloud Computing Research Paper

Related Topics:
Security Principles Security Breach Security Management Private Security
Open Document Cite Document

Security in Cloud Computing Security issues associated with the cloud

Cloud Security Controls

Deterrent Controls

Preventative Controls

Corrective Controls

Detective Controls

Dimensions of cloud security

Security and privacy

Compliance

Business continuity and data recovery

Logs and audit trails

Legal and contractual issues

Public records

The identified shortcomings in the cloud computing services and established opportunities for growth regarding security aspects are discussed in the current research. The security of services is regarded as the first obstacle. The opportunity for growth is provided as combination of multiple service providing resources and mechanism to mitigate the effect of vulnerability. The research further elaborates the dimensions of security in a shared resources and strategically locating computing resources at multiple locations similar to cloud computing. Furthermore the legal and regulatory issues are also addressed in detail. Improvement in security of the services is also a responsibility of the cloud services users and enterprises deciding to store data. The service providers can establish storage in multiple locations, using different networks, and internet service providers to minimize disturbance in providing services. In such cases it is necessary or the users to classify their data and store the least vulnerable information on cloud computing resources.

1 Security issues associated with the cloud:

Scott Case, CEO of the Startup America Partnership however narrates a different story in favor of cloud computing while ignoring the enormous security issues posed by cloud computing for the larger organizations. Priceline.com, a company founded by Scott Case had to invest $3 million in IT infrastructure, platforms, and software development when the company was started in 1997. Comparatively, now such IT capability can be acquired using cloud services of any of the renowned vendors such as Amazon, Intuit, Dell, or IBM (Shread, 2012). The choice of vendors and cost incurred on acquisition of IaaS, PaaS, and SaaS are relatively negligible for new startups. Instead, the IT capability acquisition costs can be incurred on marketing and product development. The inventories can be managed against a fraction of cost that is incurred if startups invest in the infrastructure. The flexibility and cost reduction of IT acquisition out-weigh potential security threats.

2 Cloud Security Controls:

The security controls enables in each computing system including cloud computing are targeted at reducing the amount of vulnerabilities. It is also aimed at providing the adequate level of security to the user's data and their key information. The users of cloud computing should also assess their level of tolerance and to what extent they would like to compromise on the security of information. The security issues associated with the shared infrastructure and resources of cloud computing are mainly with respect to the loss of sensitive information, financial crimes, reputation, and resources destruction.

The controls established to counter these issues are related to be identified as four major categories including deterrent controls, preventive controls, corrective, and detective controls. All these controls refer to different areas of information security however all are related to establish a coherent and integrated system for providing uninterrupted services to their clients. The issues of information security in cloud computing also arise due to its services oriented shared nature of business. These control categories are elaborated in detail underneath.

2.1 Deterrent Controls:

The deterrence oriented controls are established to reduce the amount of vulnerabilities in cloud services. It is also deliberate attacks from hackers and other cyber criminals are handled through increased deterrence in cloud services. The deterrence against the likely attacks is achieved through updated programs and firewalls erected at the premises of cloud services providers. It is highly likely that the cloud users lose their valuable data through a well-planned attempt of security breach at cloud services provider's infrastructure. The attackers take advantage of the latest technology to enter and destroy the security mechanism of cloud services providers (Krutz, & Vines, 2010).

The deterrence control measures are described in the client's security manuals as well as the assurances provided in the service level agreements (SLA). The deterrence control measures are significant in the cloud information security as there is always a threat of attacks. The threat perception and levels have to define as assessed risks in order to maintain a high level of security. The cybercrimes can also take place through the shared systems and criminals might gain access to the information stored in the system through seeking an account. The cloud services providers need to place adequate amount of checks for their client's identity. It can also be enhanced through monitoring cloud account activity using multiple techniques.

2.2 Preventative Controls:

Krutz et al. (2010) defines...

These vulnerabilities may arise through the violation of security policy. There are numerous preventive measures that can be taken in order to prevent the potential threats to cloud services security. The accurate preventive controls are required to provide an effective protection against the potential attacks through physical and virtual (network) security violations. The notable preventive controls are the applications developed for integration with the systems development life cycle approach. The system disables the users from using a high level of privileges. The users are only providing minimum to adequate amount of privileges in order to restrict their attempts for violating the security policy (Mather, Kumaraswamy, & Latif, 2009).
According to Mather et al. (2009) the significant preventive controls are also implemented through user authentications techniques, access control measures, and account management policies. There are browser handled and endpoint security measures that also ensure the preventive attacks are handled effectively in order to reduce the threat level. The usage of anti-virus, host-based IDS, host firewalls, and administration of virtual private networks are used as measures through policy for ensuring security in cloud computing. The applicable preventive actions for cloud computing security measures should be documented in the form of a list containing all possible states where the controls should also be defined (Ackermann, 2013).

2.3 Corrective Controls:

The rapid evolution of cloud computing services as a model for reduced infrastructure and upfront cost has also raised several security issues. The growth in number of users facilitated through cloud computing services has also raised the concerns of information and data that can be classified as vulnerable in cloud resources. It is also observed that prior to this situation the customers of cloud computing were used to secure and risk the data theft as their own decision (Isaca, 2011). However the later developments including government's initiative for using cloud resources has also raised various concerns.

The result of such development could be seen in terms of the corrective measures taken to secure cloud services through implementation of cloud security and information and data security corrective measures. The response of various communities, governments, and cloud services providers is also changing from reactive to proactive approach in implementation of corrective measures. According to Prodan, and Ostermann (2009) the assessment procedures adopted by federal and various state governments to perform vulnerability scanning is a cost effective method of initiating corrective actions. The system development life cycle approach is also regarded as significant in increasing usage of corrective measures for improvement in cloud computing information security.

2.4 Detective Controls:

According to Krutz et al. (2010) the detective controls are essential in aspect for effective cloud computing security measures. The detective controls implemented in cloud computing are required to discover the attempts made for security breach and activate the corrective and preventive controls. It can also be associated with the intelligent systems that are developed to interpret the attempts made to intrude the security settings of cloud computing. These controls also work as a coordinated insertion detections system that is also capable of detecting the violations of security policy, organizational policy and physical attempts to break in the system through breach of security apparatus.

The detective controls implemented for increasing security in cloud computing are mostly logging events and event correlation. The application vulnerability scanning and monitoring is also categorized as detective controls (Mather et al., 2009). These measures are a preemptive attempt to ensure data and information security ofcloud computing services. The cloud computing resources are secured through the auto activation of corrective and preventive measures initiated through the detective controls.

3 Dimensions of cloud security:

The cloud computing services offer three major types of services including software as a service (SaaS), infrastructure as a service (IaaS), and platform as a service (PaaS). All these services are used through networks and remote access is required to offer the services. The usage of these services also has different requirements and distinct level of controls required to ensure security for the users. These controls for cloud computing security are also segregated into three categories including SaaS, IaaS, and PaaS.

The security architecture for IaaS is concerning the assurance for the hosted applications to work according to the offered terms and conditions. The attacks on IaaS security could be dealt in similar ways as enterprise web applications in distributed architecture. The IaaS controls are essentially ensured by the user to allocate adequate level of access, user authentication, and network security. The users using the infrastructure need to ensure that they maintain an effective security policy. These controls are developed and implemented…

Continue Reading...
Sources used in this document:
References:

Ackermann, T. (2013). IT Security Risk Management: Perceived IT Security Risks in the Context of Cloud Computing. USA: Springer Gabler.

Aluru, S., Bandyopadhyay, S., Catalyurek, U.V., Dubhashi, D., Jones, P.H., Parashar, M., & Schmidt, B. (Eds.). (2011). Contemporary Computing: 4th International Conference, IC3 2011, Noida, India, August 8-10, 2011. Proceedings (Vol. 168).USA: Springer.

Buyya, R., Broberg, J., & Goscinski, A.M. (Eds.). (2010). Cloud computing: Principles and paradigms (Vol. 87). USA: John Wiley & Sons Inc.

Isaca. (2011). IT Control Objectives for Cloud Computing: Controls and Assurance in the Cloud. USA: ISACA.
Shread, P. (2012). Get Your Head in the Cloud. TIME Business & Money. Retrieved from: http://business.time.com/2012/05/30/get-your-head-in-the-cloud/
Cite this Document:
Copy Bibliography Citation

Related Documents

Essay
Cloud Computing and Data Security
Words: 5196 Length: 18 Document Type: Term Paper

It's a tidal wave that's going to engulf us all within the next five years. Cloud services will be a $160 billion industry by the end of 2011" (Ginovsky 2011, 21). Although the decision to transition from a traditional approach to cloud computing will depend on each organization's unique circumstances, a number of general benefits have been cited for those companies that have made the partial or complete transition to

Read More
Essay
The Cost Effectiveness of Using Cloud Computing
Words: 4573 Length: 15 Document Type: Research Paper

Cloud Computing and Organizational Cost Management The contemporary market trends have put a lot of pressure on many businesses to cut down on their spending and unnecessary costs using any reasonable measure. The globalization and the emerging trends in business demand that for any business to stand a chance to grow and expand across borders, it has to both adopt the current technology and do so at a reasonable cost that

Read More
Essay
Cloud Computing Assessing the Risks of Cloud
Words: 1163 Length: 4 Document Type: Essay

Cloud Computing Assessing the Risks of Cloud Computing Despite the many economic advantages of cloud computing, there are just as many risks, both at the information technologies (IT) and strategic level for any enterprise looking to integrate them into their operations. The intent of this analysis is to evaluate three of the top risks of cloud computing and provide prescriptive analysis and insight into how best to manage each. Despite widespread skepticism

Read More
Essay
Cloud Computing As an Enterprise Application Service
Words: 2648 Length: 10 Document Type: Essay

Cloud Computing as an Enterprise Application Service Reordering the economics of software, cloud computing is alleviating many of the capital expenses (CAPEX), inflexibility of previous-generation software platforms, and inability of on-premise applications to be customized on an ongoing basis to evolving customer needs. These are the three top factors of many that are driving the adoption of cloud computing technologies in enterprises today. Implicit in the entire series of critical success

Read More
Essay
Cloud Computing Strategy Cloud Computing Is Becoming
Words: 1567 Length: 5 Document Type: Term Paper

Cloud Computing Strategy Cloud computing is becoming big now, because it is easy to see how this kind of computing can be beneficial to all different types of businesses. Because of the value of cloud computing, the federal government is considering moving much of their information technology workload to the "cloud." In other words, much of the information would be stored in a way that would make access to it -

Read More
Essay
Cloud Computing Many Businesses Are Experimenting and
Words: 1041 Length: 3 Document Type: Research Paper

Cloud Computing Many businesses are experimenting and slowly embracing the concept of cloud computing and Web2.0 .organizations choosing projects which can reap full benefits from cloud computing and Web2.0.this evolution has began as organizations are now taking a crawl, walk run approach which is building towards an eventual implementation of cloud and Web2.0 implementation. Organizations are now following the pragmatic path towards cloud computing and Web2.0 through the adoption of new

Read More

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now