Cloud Computing Security Concerns and Challenges
There are numerous security issues for cloud computing as it encompasses many technologies including networks, databases, operating systems, virtualization, resource scheduling, transaction management, load balancing, concurrency control and memory management. Therefore, security issues for many of these systems and technologies are applicable to cloud computing. For example, the network that interconnects the systems in a cloud has to be secure and mapping the virtual machines to the physical machines has to be carried out securely. Data security involves encrypting the data as well as ensuring that appropriate policies are enforced for data sharing. Various security concerns in a cloud computing environment are as under:-
- Security concern #1: With the cloud model control of physical security is lost because of sharing computing resources with other companies. No knowledge or control of where the resources run.
- Security concern #2: Companies violating the law(risk of data seizure by (foreign) government).
- Security concern #3: Storage services provided by one CSP may be incompatible with another CSP’s services if user decides to move from one to the other (e.g. Microsoft cloud is incompatible with Google cloud).
- Security concern #4: Who controls the encryption/decryption keys? Logically it should be the customer.
- Security concern #5: Ensuring data integrity of the data (transfer, storage, and retrieval) really means that it changes only in response to authorized transactions. A common standard to ensure data integrity does not yet exist.
- Security concern #6: In case of Payment Card Industry, Data Security Standard (PCI DSS) data logs must be provided to security managers and regulators.
- Security concern #7: Users must keep up to date with application improvements to be sure they are protected.
- Security concern #8: Some government regulations have strict limits on what data about its citizens can be stored and for how long, and some banking regulators require that customer’s financial data remain in their home country.
- Security concern #9: The dynamic and fluid nature of virtual machines will make it difficult to maintain the consistency of security and ensure the auditability of records
- Security concern #10: Customers may be able to sue cloud service providers if their privacy rights are violated, and in any case the cloud service providers may face damage to their reputation. Concerns arise when it is not clear to individuals why their personal information is requested or how it will be used or passed on to other parties.
Cloud Computing Challenges
Adoption of cloud computing is associated with numerous challenges because users are still skeptical about its authenticity. Research is still in progress to identify and address the challenges of meeting the requirements of next generation private, public and hybrid cloud computing architectures, also the challenges of allowing applications and development platforms to take advantage of the benefits of cloud computing. Many existing issues have not been fully addressed, while new challenges keep emerging from industry applications. Some of the challenging issues in cloud computing are given below.
Service Level Agreements (SLA’s): Cloud is administrated by SLA that allow several instances of one application to be replicated on multiple servers if need arises; depending on a priority scheme, the cloud may minimize or shut down a lower level application. A big challenge for the Cloud customers is to evaluate SLAs of CSP. Most vendors create SLAs to make a defensive shield against legal action, while offering minimal assurances to customers. So, there are some important issues, e.g., data protection, outages, and price structures, that need to be taken into account by the customers before signing a contract with a CSP. Few basic questions related to SLA are uptime i.e. are they going to be up 99.9% of the time or 99.99% of the time? And also how does that difference impact your ability to conduct the business? Is there any SLA associated with backup, archive, or preservation of data. If the service account becomes inactive then do they keep user data? If yes then how long
Cloud Data Management: Cloud data can be very large (e.g. text-based or scientific applications), unstructured or semi-structured, and typically append-only with rare updates Since service providers typically do not have access to the physical security system of data centers, they must rely on the infrastructure provider to achieve full data security. Even for a virtual private cloud, the CSP can only specify the security setting remotely, without knowing whether it is fully implemented. The infrastructure provider, in this context, must achieve the objectives like confidentiality, auditability. Confidentiality, for secure data access and transfer, and auditability, for attesting whether security setting of applications has been tampered or not. Confidentiality is usually achieved using cryptographic protocols, whereas auditability can be achieved using remote attestation techniques. However, in a virtualized environment like the clouds, VMs can dynamically migrate from one location to another; hence directly using remote attestation is not sufficient. In this case, it is critical to build trust mechanisms at every architectural layer of the cloud.
Data Encryption: Encryption is a key technology for data security. Understand data in motion and data at rest encryption. Remember, security can range from simple (easy to manage, low cost and quite frankly, not very secure) all the way to highly secure (very complex, expensive to manage, and quite limiting in terms of access). You and the provider of your Cloud computing solution have many decisions and options to consider. For example, do the Web services APIs that you use to access the cloud, either programmatically, or with clients written to those APIs, provide SSL encryption for access, this is generally considered to be a standard. Once the object arrives at the cloud, it is decrypted, and stored. Is there an option to encrypt it prior to storing? Do you want to worry about encryption before you upload the file for cloud computing or do you prefer that the cloud computing service automatically do it for you? These are options, understand your cloud computing solution and make your decisions based on desired levels of security.
Migration of virtual Machines: Applications are not hardware specific; various programs may run on one machine using virtualization or many machines may run one program. Virtualization can provide significant benefits in cloud computing by enabling virtual machine migration to balance load across the data center. In addition, virtual machine migration enables robust and highly responsive provisioning in data centers. Virtual machine migration has evolved from process migration techniques. More recently, Xen and VMWare have implemented “live” migration of VMs that involves extremely short downtimes ranging from tens of milliseconds to a second.
Interoperability: This is the ability of two or more systems work together in order to exchange information and use that exchanged information. Many public cloud networks are configured as closed systems and are not designed to interact with each other. The lack of integration between these networks makes it difficult for organizations to combine their IT systems in the cloud and realize productivity gains and cost savings. To overcome this challenge, industry standards must be developed to help cloud service providers design interoperable platforms and enable data portability. Organizations need to automatically provision services, manage VM instances, and work with both cloud-based and enterprise-based applications using a single tool set that can function across existing programs and multiple cloud providers. Thus, there is a need to have cloud interoperability.
Access Controls:Authentication and identity management is more important than ever. And, it is not really all that different. What level of enforcement of password strength and change frequency does the service provider invoke? What is the recovery methodology for password and account name? How are passwords delivered to users upon a change? What about logs and the ability to audit access? This is not all that different from how you secure your internal systems and data, and it works the same way, if you use strong passwords, changed frequently, with typical IT security processes, you will protect that element of access.
Energy Resource Management: Significant saving in the energy of a cloud data center without sacrificing SLA are an excellent economic incentive for data center operators and would also make a significant contribution to greater environmental sustainability. It has been estimated that the cost of powering and cooling accounts for 53% of the total operational expenditure of data centers. The goal is not only to cut down energy cost in data centers, but also to meet government regulations and environmental standards. Designing energy-efficient data centers has recently received considerable attention. This problem can be approached from several directions. For example, energy efficient hardware architecture that enables slowing down CPU speeds and turning off partial hardware components has become commonplace. Energy-aware job scheduling and server consolidation are two other ways to reduce power consumption by turning off unused machines. A key challenge in all the above methods is to achieve a good trade-off between energy savings and application performance.
Multi-tenancy: There are multiple types of cloud applications that users can access through the Internet, from small Internet-based widgets to large enterprise software applications that have increased security requirements based on the type of data being stored on the software vendor’s infrastructure. These application requests require multi-tenancy for many reasons, the most important is cost. Multiple customers accessing the same hardware, application servers, and databases may affect response times and performance for other customers. For application-layer multi-tenancy specifically, resources are shared at each infrastructure layer and have valid security and performance concerns.
Server consolidation:Increased resource utilization and reduction in power and cooling requirements achieved by server consolidation are now being expanded into the cloud. Server consolidation is an effective approach to maximize resource utilization while minimizing energy consumption in a cloud computing environment. Live VM migration technology is often used to consolidate VMs residing on multiple under-utilized servers onto a single server, so that the remaining servers can be set to an energy-saving state.
Reliability & Availability of Service: Challenge of reliability comes into the picture when a cloud provider delivers on-demand SaaS. The software needs to have a reliability quality factor so that users can access it under any network conditions (such as during slow network connections). There are a few cases identified due to the unreliability of on-demand software. One of the examples is Apple’s MobileMe cloud service, which stores and synchronizes data across multiple devices. It began with an embarrassing start when many users were not able to access mail and synchronize data correctly. To avoid such problems, providers are turning to technologies such as Google Gears, Adobe AIR, and Curl, which allow cloud based applications to run locally, some even allow them to run in the absence of a network connection. These tools give web applications access to the storage and processing capabilities of the desktop, forming a bridge between the cloud and the user’s own computer. Considering the use of software such as 3D gaming applications and video conferencing systems, reliability is still a challenge to achieve for an IT solution that is based on cloud computing .
Common Cloud Standards: Security based accreditation for Cloud Computing would cover three main areas which are technology, personnel and operations. Technical standards are likely to be driven by organizations, such as, Jericho Forum1 before being ratified by established bodies, e.g., ISO2 (International Standard Organization). For the operational elements, there are some workable solutions such as tweaking the ISO 27001 and using it as the default measurement standard within the framework of the SAS 704. Currently, one of the main problems is that there are many fragmented activities going in the direction of Cloud accreditation, but a common body for the coordination of those activities is missing. The creation of a unified accreditation body to certify the Cloud services would also be a big challenge .
Platform Management: Challenges in delivering middleware capabilities for building, deploying, integrating and managing applications in a multi-tenant, elastic and scalable environments. One of the most important parts of cloud platforms provide various kind of platform for developers to write applications that run in the cloud, or use services provided from the cloud, or both. Different names are used for this kind of platform today, including on-demand platform and PaaS. This new way of supporting applications has great potential. When a development team creates an on-premises application (i.e., one that will run within an organization), much of what that application needs already exists. An operating system provides basic support for executing the application, interacting with storage, and more, while other computers in the environment offer services such as remote storage.