Introduction:
Cloud computing is a novel model of delivering information technology (IT) services to end users by facilitating convenient and on-demand access to a wide pool of shared computing resources such as servers, applications, storage, networks and services which can be easily configured, provisioned and availed to the end user with minimal effort from management or the cloud service provider. In this case, the cloud computing paradigm has transformed the way traditional (IT) products and services are delivered, managed and consumed by users. The technology promises accelerated innovation, rapid time-to-market delivery of IT products, the ability to scale business applications on-demand, and ultimately, improved cost effectiveness in running and maintaining IT infrastructure and services. Cloud computing services rely on network access to shared IT resources and thus utilizes the global internet infrastructure and technologies to avail IT services to individuals and organizations and this empowers both small and large enterprises since they are able to access and serve a wide user base. Cloud computing is still relatively new since it just emerged at the beginning of the 21st Century but since then, the technology has been widely hyped and businesses have made major shifts towards this model to reap it benefits. However, as the technology evolves conceptually and realistically, various legal/contractual issues have emerged regarding cloud security and privacy especially in regard to the entities responsible for securing data hosted in the cloud. In this regard, this research project aims at reviewing current cloud security and privacy issues, emerging trends and challenges. Some solutions to mitigate the mentioned issues and challenges are also proposed along with the vision (future expectations) of security and privacy in cloud computing environments.
Problem Statement.
A 2014 report by IHS Inc. the global expenditure of cloud services and infrastructure escalated to about $174.2 billion in 2014, which was a 20% increase from the previous year’s expenditure which stood at $145.2 billion [1]. The increased adoption of cloud services and the fact that the cloud is an open platform has widened the threat landscape making it susceptible to a wide variety of constantly evolving malicious attacks. In this regard, the security of cloud-hosted and in-transit data, access-control and management, data utilization management, regulatory/legal issues, and trust are the major security issues in the cloud. Previously proposed solutions geared towards improving cloud security have involved the use of cryptographic techniques but due to various limitations in computing efficiencies in the cloud, and the related constraints, traditional cryptographic techniques are not widely applied in cloud deployments. While homomorphic encryption schemes have very promising results in terms of securing data in the cloud, they still require lengthy computations and thus more scalable and efficient solutions are required.
On the other hand, ensuring trust in the cloud is quite challenging since trustworthy computing depends on two entities performing various dependent tasks. In traditional distributed IT deployments, trust is upheld using organizational security policies but in cloud models, control of data and applications is a duty delegated by the organization management to the cloud service provider, hence conventional policy-based enforcements have certain limitations [1]. Additionally, given that cloud computing business models encourage various provider and customer tiers in a single virtual infrastructure, coordination of incidence response activities efficiently without affecting continuity of business operations for other cloud clients, or without violating contractual agreements and laws is still a grey area.
Objectives:
The main goal of this research project is to perform a comprehensive overview of all issues to do with cloud computing security i.e. current industry trends, challenges, the threat landscape, user data privacy, and regulatory and contractual issues that come into play when securing the cloud. The main objectives of this study thus include:
In order to achieve the aforementioned objectives and ensure the dependability of cloud services, reliable enforcement of cloud security and privacy is required. One of the methods that can be used to achieve this is to use trusted third parties within the cloud environment together with cryptographic techniques to ensure the CIA of data and information [1]. Additionally, since the confidentiality of data and user authentication are intertwined, protecting user accounts from misuse is critical in controlling access to the cloud infrastructure resources such as applications, storage, devices and other objects. User authentication methods that employ cryptography and encryption can be used to secure cloud resource utilization but depending on the cloud deployment methods employed, there is need for efficient and scalable key management (assigning, distribution and revocation of security keys) [1].
Significance of Proposed Research:
Despite the various security risks and challenges associated with adopting cloud services, most businesses (both small and large scale) have already taken up multiple cloud products and services to handle a variety of business operations. These services range from online storage services, payroll and e-commerce applications to large-scale cloud-based CRM (Customer relationship management) and ERP (Enterprise resource planning) systems. This only shows that the cloud is growing more important to individuals and businesses, and as more data continues to be uploaded to the cloud, then security and privacy become paramount considerations. This research will help comprehensively analyze all issues, challenges and trends to do with cloud security and privacy especially with regard to protecting valuable information while at the same time leveraging the performance, costs savings benefits of the cloud.
References:
[1] Z. Tari, X. Yi, U. Premarathne, P. Bertok and I. Khalil, "Security and Privacy in Cloud Computing: Vision, Trends, and Challenges", IEEE Cloud Computing., vol. 2, no. 2, pp. 30-38, 2015.
