3rd International Conference on System Modeling & Advancement in Research Trends (SMART)

College of Computing Sciences and Information Technology (CCSIT) ,Teerthanker Mahaveer University , Moradabad
[2014]

Cloud Computing Security: Issues And Challenges

Tanvi Agrawal1, Dr. Ambuj Kumar Agarwal2, Prof. Dr. S.K. Singh3
1
Research Scholar, AIIT, Amity University, Lucknow
2
Associate Professor, College of Computing Sciences and Information Technology
Teerthanker Mahaveer University, Moradabad India
3
HOD AIIT, Amity University, Lucknow
1
tnvagrawal2909@gmail.com
2
ambuj4u@gmail.com
3
sksingh1@amity.edu
of data ownership; enterprises should spend time
Abstract— Cloud computing is a set of IT services that are
provided to a customer over a network with the ability to scale getting to know their providers and their
up or down the service requirements. Cloud computing has been regulations as much as possible before assigning
imagined as the next generation architecture for IT enterprises. some trivial applications first to test the water, (2)
In cloud data is transferred among the server and client. In this
paper we have discussed about the various issues and challenges regulatory compliance - clients are accountable
of cloud computing security. for the security of their solution, as they can
choose between providers that allow to be
Keywords— Cloud computing, privacy, infrastructure, audited by 3rd party organizations that check
virtualization
levels of security and providers that don't (3)
data location – depending on contracts, some
clients might never know what country or what
I. INTRODUCTION
jurisdiction their data is located (4) data
Cloud computing has been presented as the next segregation - encrypted information from
generation architecture for the IT enterprise. In the
multiple companies may be stored on the same
traditional approach the IT services under proper
hard disk, so a mechanism to separate data
physical, logical and personnel controls. Cloud
computing comprise of activities such as the use of should be deployed by the provider. (5)
social networking sites and interpersonal computing. recovery-every provider should have a disaster
Cloud computing is mainly concerned with recovery protocol to protect user data (6)
accessing online software application, data storage investigative support - if a client suspects faulty
and processing power. Several trends are opening activity from the provider, it may not have many
up the era of Cloud Computing, which is an legal ways pursue an investigation (7) long-term
internet-based development and use of computer viability - refers to the ability to retract a
technology. The important force behind cloud contract and all data if the current provider is
computing is the presence of broadband and bought out by another firm.[2] The Cloud
wireless networking, falling storage costs and Computing Use Case Discussion Group
progressive improvements in Internet computing discusses the different Use Case scenarios and
software. related requirements that may exist in the cloud
II. RELATED WORKS DONE model. They consider use cases from different
perspectives including customers, developers
The major security issues that need to be and security engineers.[3] ENISA investigated
addressed before enterprises consider switching the different security risks related to adopting
to the cloud computing model. They are as cloud computing along with the affected assets,
follows: (1) privileged user access-information the risks likelihood, impacts, and vulnerabilities
transmitted from the client through the Internet in the cloud computing may lead to such risks.[4]
poses a certain degree of risk, because of issues Balachandra et al, 2009 discussed the security

10
 3rd International Conference on System Modeling & Advancement in Research Trends (SMART)
College of Computing Sciences and Information Technology (CCSIT) ,Teerthanker Mahaveer University , Moradabad
[2014]

SLA’s specification and objectives related to by the public availability of the cloud service
data locations, segregation and data recovery.[5] offering and on the other hand by the public
Kresimir et al, 2010 discussed high level security network that is used to communicate with the cloud
concerns in the cloud computing model such as service. Public clouds are less secure than the other
data integrity, payment and privacy of sensitive clouds because it produces an additional burden of
information.[6] Bernd et al, 2010 discuss the ensuring all applications and data accessed on the
security vulnerabilities existing in the cloud public clouds are not subjected to malicious attacks.
platform. The authors grouped the possible Private Cloud: Private cloud computing systems
vulnerabilities into technology-related, cloud emulate public cloud service offerings within an
characteristics-related, security controls organization’s boundaries to make services
related.[7] Subashini et al discuss the security accessible for one designated organization. Private
challenges of the cloud service delivery model, cloud computing systems make use of virtualization
focusing on the SaaS model.[8] Ragovind et al, solutions and focus on consolidating distributed IT
(2010) discussed the management of security in services often within data centers belonging to the
Cloud computing focusing on Gartner’s list on company. Utilization on the private cloud can be
cloud security issues and the findings from the much more secure than that of the public cloud
International Data Corporation enterprise.[9] because of its specified internal exposure.
Morsy et al, 2010 investigated cloud computing Hybrid Cloud: A hybrid cloud is a cloud
problems from the cloud architecture, cloud environment comprised of two or more different
offered characteristics, cloud stakeholders, and cloud deployment models. For example, a cloud
cloud service delivery models perspectives.[10] consumer may choose to deploy cloud services
A recent survey by Cloud Security Alliance processing sensitive data to a private cloud and
(CSA)&IEEE indicates that enterprises across other, less sensitive cloud services to a public cloud.
sectors are eager to adopt cloud computing but The result of this combination is a hybrid
that security are needed both to accelerate cloud deployment model. Hybrid deployment model can
adoption on a wide scale and to respond to be complex and challenging to create and maintain
regulatory drivers. It also details that cloud due to the potential disparity in cloud environment
computing is shaping the future of IT but the and the fact that management responsibilities are
absence of a compliance environment is having split between the public cloud provider and private
dramatic impact on cloud computing growth.[11] cloud provider.
Several studies have been carried out relating to
security issues in cloud computing but this work
presents a detailed analysis of the cloud
computing security issues and challenges
focusing on the cloud computing deployment
types and the service delivery types.
III. SECURITY ISSUES IN CLOUD COMPUTING
Cloud Deployment Models
Cloud services can be deployed in different ways,
depending on the organizational structure and the
provisioning location. Four deployment models are Fig. 1 Example of Cloud Deployment Models

usually distinguished, namely public, private, Community Cloud: In a community cloud,

community and hybrid cloud service usage. organizations with similar requirements share a
Public Cloud: The deployment of a public cloud cloud infrastructure. It may be understood as a
computing system is characterized on the one hand generalization of a private cloud, a private cloud

11
 3rd International Conference on System Modeling & Advancement in Research Trends (SMART)
College of Computing Sciences and Information Technology (CCSIT) ,Teerthanker Mahaveer University , Moradabad
[2014]

being an infrastructure which is only accessible by

one certain organization. Membership in the
community does not necessarily guarantee access to
or control of all the cloud's IT resources. Parties
outside the community are generally not granted
access unless allowed by the community.
Cloud Computing Service Delivery Models
Service delivery in Cloud computing comprise of
three service models, namely Infrastructure-as-a-
Service (IaaS), Platform-as-a-Service (PaaS),
Software-as-a-Service (SaaS).
Infrastructure-as-a-Service(IaaS): The services on Fig. 1 Example of Cloud Computing Service Delivery Models

the infrastructure layer are used to access essential Software-as-a-Service (SaaS): Software-as-a-
IT resources that are combined under the heading Service provides complete applications to a cloud’s
Infrastructure-as-a-Service (IaaS). These essential end user. It is mainly accessed through a web portal
IT resources include services linked to computing and service oriented architectures based on web
resources, data storage resources, and the service technologies. SaaS is most often
communications channel. They enable existing implemented to provide business software
applications to be provisioned on cloud resources functionality to enterprise customers at a low cost
and new services implemented on the higher layers. while allowing those customers to obtain the same
The cloud has a compelling value proposition in benefits of commercially licensed, internally
terms of cost, but ‘out of box’ IaaS only provides operated software without the associated
basic security(perimeter firewall, load balancing etc) complexity of installation, management, support,
and applications moving into the cloud will need licensing, and high initial cost. The architecture of
higher levels of security provided at the host. SaaS-based applications is specifically designed to
Platform-as-a-Service(PaaS): PaaS comprises the support many concurrent users (multitenancy) at
environment for developing and provisioning cloud once. Software as a service applications are
applications. The principal users of this layer are accessed using web browsers over the Internet
developers seeking to develop and run a cloud therefore web browser security is vitally important
application for a particular platform. They are
supported by the platform operators with an open or
IV. CHALLENGES IN CLOUD COMPUTING
proprietary language, a set of essential basic
services to facilitate communication, monitoring, or Companies are increasingly aware of the
service billing, and various other components, for business value that cloud computing brings and are
instance to facilitate startup or ensure an taking steps towards transition to the cloud. Like
application’s scalability and/or elasticity. Clients any new technology, the adoption of cloud
computing is not free from issues. Some of the most
using PaaS service transfer even more cost from
important challenges are as follows:
capital investment to operational expenses but must
acknowledge the additional constraints. The use of A. Security and Privacy: The top most
Virtual machines act as a catalyst in PaaS layer concern that everybody seem to agree as
cloud computing. They must be protected against a challenge with cloud is security. The
malicious attacks such as cloud malware. data security and privacy concerns ranks
top on almost all of the surveys. The
main challenge to cloud computing is
how it addresses the security and privacy
concerns of businesses thinking of

12
 3rd International Conference on System Modeling & Advancement in Research Trends (SMART)
College of Computing Sciences and Information Technology (CCSIT) ,Teerthanker Mahaveer University , Moradabad
[2014]

adopting it. The fact that the valuable transferring an organization’s data to and
enterprise data will reside outside the from public and community cloud and
corporate firewall raises serious concerns. cost per unit of computing resource is
Hacking and various attacks to cloud likely to be higher. This problem is very
infrastructure would affect multiple high if we use hybrid cloud.
clients even if only one site is attacked.
E. Performance and Bandwidth Cost:
These risks can be mitigated by using
Businesses can save money on hardware
security applications, encrypted file
but they have to spend more for the
systems, data loss software, and buying
bandwidth. This can b a low cost for
security hardware to track unusual
smaller application but can be high for
behavior across servers. data-intensive application. Delivering
B. Service Delivery and Billing: It is intensive and complex data over the
difficult to assess the costs involved due network requires sufficient bandwidth.
to the on-demand nature of the services. Because of this, many businesses are
Budgeting and assessment of the cost waiting for a reduced cost before
will be very difficult unless the provider switching to the cloud.
has some good and comparable
F. Performance / Insufficient
benchmarks to offer. The service-level
responsiveness over network: Delivery of
agreements (SLAs) of the provider are
complex services through the network is
not adequate to guarantee the availability
clearly impossible if the network
and scalability. Businesses will be
bandwidth is not adequate. Many of the
reluctant to switch to cloud without a
businesses are waiting for improved
strong service quality guarantee.
bandwidth and lower costs before they
C. Service Quality: Service quality is one of consider moving into the cloud. Many
the biggest factors that the enterprises cloud applications are still too bandwidth
consider as a reason for not moving their intensive.
business applications to cloud. They feel
G. Integration: Many applications have
that the SLAs provided by the cloud
providers today are not sufficient to complex integration needs to connect to
guarantee the requirements for running a other cloud applications as well as other
production applications on cloud on-premise applications. These include
especially related to the availability, integrating existing cloud applications
performance and scalability. In most with existing enterprise applications and
cases, enterprises get refunded for the data structures. There is a need to
amount of time the service was down but connect the cloud application with the
most of the current SLAs down cover rest of the enterprise in a simple, quick
business loss. Without proper service and cost effective way.
quality guarantee enterprises are not H. Recoverability: Data stored in the cloud
going to host their business critical is subjected to regular integrity tests to
infrastructure in the cloud. guarantee its recoverability. Most cloud
D. Costing model: Cloud consumers must service providers replicate data three of
consider the tradeoffs amongst four times instead of making real
computation, communication and backups. This means they can recover
integration. While migrating to the cloud from disk crashes and major disasters.
can significantly reduce the infrastructure However, most service providers do not
cost, it raise the cost of data guarantee the backup and recovery of
communication i.e. the cost of data which is “accidentally” deleted by

13
 3rd International Conference on System Modeling & Advancement in Research Trends (SMART)
College of Computing Sciences and Information Technology (CCSIT) ,Teerthanker Mahaveer University , Moradabad
[2014]

the end-users themselves. A government V. CONCLUSION

body must therefore make or arrange its Cloud computing is an important trend in the
own backups. field of information provision and related ICT. It
Another problem is that turns computer processing power and data storage
data in clouds can be stored indefinitely. into a utility for collective use, as has long been the
Depending on the type of data and the case of gas, water, and electricity. The rise of cloud
applicable legislation, this may not be computing has been particularly strong, is set to
permitted. Service providers only process continue, and is irreversible. In view of the
and store data. So, they may have advantages for government organizations, cloud
insufficient knowledge of statutory computing should also be trusted and supported
retention periods or mandatory within the public sector, both at central and local
clearances. Public authorities have an government levels and within executive agencies.
important role to play in this regard.
Cloud providers can guarantee that REFERENCES
information has actually been destroyed, [1] Kuyoro S. O., Ibikunle F. & Awodele O., “Cloud Computing Issues and
Challenges,”
but the owner of the data needs to ensure [2] J. Brodkin. (2008, Jun.). “Gartner: Seven cloud-computing security
that the destruction has been initiated. risks.” Infoworld
[3] Cloud Computing Use Case Discussion Group. "Cloud Computing
I. Protection: Privacy measures protect UseCases Version 3.0," 2010
personal information in such a way that [4] ENISA. (2009, Feb) "Cloud computing: benefits, risks and
recommendations for information security.”
others cannot access it. Various identity
[5] R. K. Balachandra, P. V. Ramakrishna and A. Rakshit. “Cloud Security
and access management systems support Issues.” In PROC
cloud services with a wide range of [6] P. Kresimir and H. Zeljko "Cloud computing security issues and
privacy and security measures. These challenges."
include low security level with password- [7] B. Grobauer, T. Walloschek and E. Stöcker, "Understanding
Cloud Computing
based authentication, to high security [8] S. Subashini, and V. Kavitha. (2010) “A survey on security issues
level with attribute-based authentication in service delivery models of cloud computing.” J Network
Comput Appl doi:10.1016/j.jnca.2010.07.006. Jul.,2010.
systems. The latter systems use state-of-
[9] S. Ramgovind, M. M. Eloff, E. Smith. “The Management of
the-art privacy-supporting certificates. Security in Cloud Computing.
Efficient process organization is also [10] M. A. Morsy, J. Grundy and Müller I. “An Analysis of the Cloud
important in the event that the authorities Computing Security Problem” In PROC APSEC 2010
[11] Cloud Security Alliance (CSA). Available:
raise any questions. http://www.cloudsecurityalliance.org[Mar.19,2010]

14