Cloud computing is a shared pool of configurable computing resources. It is basically a form of distributed architecture which makes the server centralized such that computing services can become scalable and as per the demand of the user. Cloud-based services are used by organizations to create web services. Cloud computing has now become immensely popular as it has the advantages of being able to work with limited resources and is on a need basis. Although cloud computing comes with its set of drawbacks wherein the data on the cloud is available for all and hence the protection of security and privacy of the data has become a major concern which has somewhere reduced its adaptation. The data on the cloud is vulnerable to cyber attacks and several tools have been developed to combat the security issues. This vulnerability of the data in the cloud is a barrier to adopting cloud computing. Surveys have shown that more than 70% of the chief technical officers believe that data security and privacy concerns hinder them to use cloud computing for their projects.
Is it easy to adapt to cloud computing?
Every new technology comes with its set of issues and challenges. There are several such problems that have been identified with cloud computing. The most common issue or challenge is a data breach. Over the cloud, when users enter some confidential information such as their net-banking password etc., it may be possible that an unauthorized user may steal the information and misuse it. Hence, in cloud computing, there is a risk of data breach. There is then an issue of data loss, data loss in case of cloud computing may occur when any encrypted data is maliciously stolen and decrypted using the security key. With cloud computing there could be service traffic hijacking which is a phenomenon in which when web services are used over cloud by creating an account over the internet, these accounts may get hijacked due to software vulnerabilities, trafficking etc. the hijacker, in this case, can manipulate data, see any customer information etc. The loss of confidentiality, in this case, is a risk. There could be insecure APIs over the cloud. Usually, an API (application programming interface) defines the manner in which a third party connects an application to the service.
The cloud brings with it complex data security challenges such as protection of confidential regulatory, business or government data, multiple organisations sharing the same infrastructure over the cloud, missing standards on how the cloud service providers erase existing data and reuse disk space, auditing and reporting standards, compliance standards, cloud hosting provider may have the visibility of a company’s data etc. When a service provider is giving the cloud service, the contract should mention that the data is secure and the service is trustable.
The cloud service provider is not the data owner, rather it is the organization who is buying the server space. Hence, data ownership lies with the owner of the data and the security guarantee lies with the service provider. Many times, the issue with cloud computing is that the servers are located at regions which may be different from that of the service provider and the organization itself. Tthe he is a compliance issue as some regulatory guideline would want the data within their own country. When the data is at a different location, it raises doubts about the security of the system. There could be security concerns in case of such a setup. There may be constraints on the trans-border flow of data and this data flow requires following national security and privacy laws which can prove to be extremely cumbersome. So this is also an issue with cloud computing.
So how does one deal with the issues of Cloud Computing and reap the benefits from it?
Every problem also has a solution to it. Cloud computing has several benefits and it is important that we use a few ways and means to ensure that we benefit maximum from cloud computing. To mitigate the risks that are identified with cloud computing, we can have a firewall installed in the systems. A firewall can be used to decrease the attack on the surface of virtual servers in any cloud computing environment. Usually, a two-directional that has been deployed on virtual machines can provide centralized security of the server. Such a firewall should include predefined templates for common enterprise server types. The firewall should enable isolation of virtual machine, be able to fine-grain filter source data, destination address and ports, cover all IP-based protocols such as UDP, TCP ICMP etc, cover frame types such as IP, ARP etc, be able to prevent Denial of Service (DoS) attacks, have design policies as per network interface and have the ability to not be hampered when the servers move from on-premise to cloud.
There should be technologies that shield any vulnerabilities in the enterprise applications and operating system until these vulnerabilities can be patched. When this can be done, there can be in time protection against known attacks or zero-day attacks. It is known that the cloud computing servers and virtual machines use the same operating systems, web applications and enterprise applications as the physical servers.
When an intrusion detection and prevention system is deployed in the form of a software on virtual machines, the software acts as a shield to any newly discovered vulnerabilities. The intrusion detection and prevention software and patched operating systems provide protection against viruses and hacks that attempt to compromise the virtual machines. The monitoring of integrity and the monitoring of critical operating systems and critical application files, registry keys, values and directories is extremely important to detect any unexpected and malicious changes that may compromise cloud computing resources and data. There is integrity monitoring software that is available. There should be log inspection software. The log inspection software collects and analyzes the operating system logs and application logs for security events. Such log inspection rules play a role in the identification of security threats or security attacks which can be found registered in log entries. The events recorded which detect any security issues can be directly sent to a standalone security system. There is log inspection software available that perform suspicious behaviour detection, collect security-related activities and optimize collection of security events at the data centre. For security issues to be detected, technologies such as integrity monitoring, firewalls and log inspection capabilities must be applied at the cloud server level.
Cloud computing has now become immensely popular as it has the advantages of being able to work with limited resources and is on a need basis. Although cloud computing comes with its set of drawbacks wherein the data on the cloud is available for all and hence the protection of security and privacy of the data has become a major concern which has somewhere reduced its adaptation.
