Abstract
Cloud computing is an intact new archetype that offers a non-conventional computing exemplar for association to take up information technology and respected utility. Cloud computing provides platform for entrance to numerous, boundless site from flexible work out to on require provision to active storage and computing prerequisite execution. It is observed that potential gain attained in the course of cloud computing is at rest uncertain for generously reachable resources and open-ended resources which blow cloud implementation. Design, level dependency, flexibility, and multi-tenancy are such factors which penetrate new dimension of cloud form. Study of cloud problems is discussed in this article. Varying, active, and secure cloud model implementation face so many challenges which are covered in this paper. Any proposed security for cloud is enclosed, and derivative aspect of cloud security are denoted by this survey.
Access provided by CONRICYT-eBooks. Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
Currently, cloud security has turned into a very vivacious problem in the computing world. One major part on which the present era business depends on outsourcing of computational services and resources, which are speeding up due to progressive cloud computing. Distributed system divided subsequently into a cloud computing which presents for extremely elastic resource group, storage, and computing resources. By the time, the major approach to get accessibility of software and stored information in the value addition to exited process on the cloud explains how they can influence the distributed cloud computing model. Is it your cloud secure? Elsewhere is there any deliberative examination for its security? Whenever the matter of connectivity of cloud with external world it would be suspect or might be damaged through exploiting by threats and attacks of vulnerabilities. Cloud provides low-load services and applications which are aggravated business, engineering, and academic to use cloud as host. At the different side with various types of technical resources, there are various attack surface with their oddity can negotiate security in presented model of cloud computing. Some of the numerous problems are:
-
Cloud security
-
Multi-tenancy
-
Dealer lock-in
-
SLA administration
-
Service portability
-
Protected information management.
These are prime problems which become obstacles for cloud computing model. Now, the cloud contributor and further so from clients point of view. Following reasons denote that approval of cloud model is obstruct because cardinal factor security.
-
SLA: Required data becomes non-accessible threat where it is lacking prospective at service layer concurrence.
-
Multi-tenancy: Same physical and rational medium accessed by the unusual occupants.
-
Loss of control: Unawareness of storing and accessing of data from third party which is referred as subcontract security administration.
Inside this manuscript, it is analyzed that security concerns implicated in the cloud computing models. The purpose is to recognize the variety of attack vectors and security issues significant to cloud models. This article depicts complete study designed for every weakness to underline its source reasons. This research should assist cloud consumers and providers to include an insight to understand the cloud security issues and how they can oppose these issues. This paper is well thought-out as follows. Respective security problems are covered in Sect. 2. Cloud security implications and linked research challenges significant issues that bother cloud computing model is included in Sect. 3. Section 4 denotes the exploration conclusions and summary. Finally, Sect. 5 winds up the paper with future work and subsequent steps.
2 Cloud Computing Security Issues
Cloud computing exemplar provides 3 service delivery and deployment model. The delivery models are as given below:
-
1.
Private cloud: Particular body included in the private cloud platform.
-
2.
Public cloud: It is accessible toward freely by civic consumers to enroll and utilize the obtainable infrastructure.
-
3.
Hybrid cloud: Confidential cloud which expands for utilization of equipments, services, and application in unrestricted clouds.
The deployment models are as follows:
-
1.
Infrastructure-as-a-service (IaaS): Computer component like network equipments, servers, and memory space which delivered as service is known as IaaS.
-
2.
Platform-as-a-service (PaaS): To build up, install, and control the application users need platform, equipments, and business which are provided by cloud.
-
3.
Software-as-a-services (SaaS): The necessity of application execution in cloud infrastructure which becomes platform for hosting application and is contributed by cloud.
This additional factor enhances the requirement to have security issues, addresses and probably mitigation for threats to cloud design, as enclosed in this study paper. Survey done on these cloud computing issues:
-
Multi-tenancy
-
Elasticity
-
Availability of Information(SLA)
-
Cloud secure federation (Fig. 1).
As it is relevant, the review performed by IDC venture board, Fig. 2 reveals the pinnacle cloud security concerns and problems that associations face at what time they look frontward to embrace cloud’s advantages. Cloud computing has a set of propose related to its supple and flexible [1] structural design. When it comes to transportation of protected information, the cloud purchaser and contributor should have equally shared dependability in the form of faithful affiliation and harmonize. The next part denotes the cloud security implications based on fundamental issues discovered in this part.
3 Cloud Security Implications and Remediations
Cloud is eternally changing and vibrant as well as composite, principally for the reason that of a variety of aspects such as: storage on demand, computing on demand, virtualization requirement, elastic computing, multi threading/processing, multi-tenant atmosphere and so on. Due to limitations and requirements, it moves from right place to affect correct security in time.
-
1.
Cloud Multi-tenancy
Cloud was constructed and used for a number of reasons of which some of the most cardinal reasons were shared computing, shared memory, storage, and access resources. Cloud suppliers install multi-tenancy as de facto norms to accomplish proficient usage of resources, though reducing price. Resources, storage, services, and applications of all residents who live at similar platform of supplier’s site can be included in multi-tenancy. Multi-tenancy can be best denoted in Fig. 3.
-
2.
Elasticity
Elasticity is an additional significant factor of cloud computing which expands capabilities of customers from top-to-bottom level different resources accessed for services which are highly on demand. For suppliers, increasing and decreasing the level of resident’s equipments propose view of neighbors for using the space before occupied. Data or information is unwrap and misplace then it becomes extremely damaging situation for association and industry (Fig. 4).
-
3.
Availability of Information
Because of numerous problems, highly required data or information cannot be accessed as soon as needed that become threatening for association while porting services, procedures, and applications of cloud. Because of necessity of any country with respect to physical data storage from specific organizer’s computing and storage resources getting off and destroy. In this era, information is everything overlooking still the minimum feature can escort competition winning the client. Figure 5 explores cloud service level agreement.
-
4.
Cloud Secure Federation
As soon as a cloud user leverages application and information that depend on services from vivid clouds, it will require to sustain its security necessities imposed on both clouds and in between. This represents a range of problems as when numerous clouds collaborate together to transport a larger pool of resources or incorporated services, their security requirements need to be federated and forced on physically and rationally various cloud platforms whether it would be IaaS, PaaS, or SaaS (Fig. 6)
4 Conclusion
Cloud is vivacious which has countless facets together good as well as bad. Although qualities provide like you go through model, flexibility of resource adoption or reduction, lower total cost of ownership (TCO), and approximately no upfront investment, there are a lot of issues, despite of its merits which can prohibit adoption of cloud by business, data security which ported to cloud. There are many safety implications appropriate to cloud model of which this manuscript has attempted to focus on top of the majority serious ones.
All these issues stem for the incoherence of consumers skirting cloud models which bar them to leverage power of cloud.
To excellently use the model, we need to chunk the offered security issues and speak to the security anxieties/implications. Based on the facts and particulars searched above, we can go over the main point the cloud security concerns as below:
-
A.
A few of the security suggestions are derived as of the expertise which structures the especially essential of cloud like virtualization.
-
B.
Multi-tenancy is one more area which needs greatest awareness to control some attacks on victim resources from malicious users cloud security include prime issue is tenant segregation that provides solution of SaaS level bottom to physical communication.
-
C.
Cloud security management is extremely vital to organize and handle the client facing data and the way supplier’s infrastructure (material/rational) roles.
-
D.
The cloud model be supposed to enclose a security binding as denoted in Fig. 7, so that every access to any item of the cloud proposal ought to get ahead through multilayer security solution.
By this conversation, it is suggested that cloud computing security is at least integrate the subsequent solution(s) to make certain that supplier is at equality with in-house hosting despite the fact that, end user/tenant is secured of its data confidentiality and reliability.
-
A.
Flexible engine, cloud APIs, and CML like systems which provide elastic platform for security. These should be based on industry encryption and certification rules.
-
B.
Support for multi-tenancy with separation in place somewhere each one occupant can simply perceive its data, information and security configurations. Separation at logical VM and hypervisor level as well as physical level, for example, different blades on the existing circumstance be supposed to offer in a delicate approach such that only an occupant has right of access to its resources, through license to clean the data before release resources to supplier pool. This will make sure that any resources being reassigned are appropriately scrubbed for data.
-
C.
Suppliers should support combination and synchronization by way of tenant’s managerial security policy [16] next to variety of levels to deliver incorporated security. This into twist involves that the security pertained is layered.
-
D.
Suppliers should be adjustable to meet regular environmental alterations and stakeholders requested to guarantee that the cloud security build is upheld irrespective of where some modification acquire place.
5 Future Work
Article concludes the assorted cloud security challenges and purpose can be signified clarification about vivid cloud security problems wherever alleviation are often ported as of Infrastructure, platform- and software-as-a-service, and generously accessible to fusion to confidential cloud designs. Association such while Cloud Security Alliance (CSA) [2] and NIST are trying to set collectively standards for cloud computing security and resolution the concerns discussed in this research paper. It is recommended to accept an adaptive approach in undertaking the cloud security issues which will assist in the difficult conception and combing of security requirement of different stakeholders at various levels of details. As next steps, we would collect data inseminated from a variety of stakeholders (providers, consumers, vendors) such that different cloud models with their limitations and qualities can be modified to security issue mitigation techniques, which are neither inactive nor single time (security is always long-lasting phenomena).
References
ENISA: Cloud computing: benefits, risks and recommendations for information security. www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment/at_download/fullReport/
Cloud Security Alliance (CSA): http://www.cloudsecurityalliance.org/
Velte: Cloud Computing—A Practical Approach. Tata McGraw-Hill Edition (ISBN-13:978-0-07-068351-8)
Sosinsky, B.: Cloud Computing Bible. Wiley Publishing Inc. (ISBN 13:978-0470903568)
IDC: IDC ranking of issues of cloud computing model. http://blogs.idc.com/ie/?p=730/
Kretzschmar, M., Golling, M.: Security management spectrum in future multi-provider inter-cloud environments—method to highlight necessary further development. In: 5th International DMTF Academic Alliance Workshop on Systems and Virtualization Management (SVM), pp. 1–8 (2011)
Guitart, J., Torres, J.: Characterizing cloud federation for enhancing providers’ profit. In: IEEE 3rd International Conference on Cloud Computing (CLOUD), pp. 123–130 (2010)
Uttam Kumar, T., Wache, H.: Cloud broker: bringing intelligence into the cloud. In: IEEE 3rd International Conference on Cloud Computing (CLOUD), pp. 544–545 (2010)
Lampe, U., Wenge, O., Müller, A., Schaarschmidt, R.: Cloud computing in the financial industry—A road paved with security pitfalls? In: 18th Americas Conference on Information Systems (AMCIS). Association for Information Systems (AIS) (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Kathad, C., Bhalodia, T. (2018). Deliberative Study of Security Issues in Cloud Computing. In: Aggarwal, V., Bhatnagar, V., Mishra, D. (eds) Big Data Analytics. Advances in Intelligent Systems and Computing, vol 654. Springer, Singapore. https://doi.org/10.1007/978-981-10-6620-7_62
Download citation
DOI: https://doi.org/10.1007/978-981-10-6620-7_62
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-6619-1
Online ISBN: 978-981-10-6620-7
eBook Packages: EngineeringEngineering (R0)