Abstract
The cloud computing services’ impact on the market has been steadily growing in the past decade, and the providers of these technologies are the companies with billions in revenue. More businesses decide to substitute their costly facilities with the cheaper and often more reliable option of cloud technologies. The providers generally adhere to the well-established guidelines that allow them to prevent major security interventions, yet there are still instances when they occur. Hacker attacks and data breaches are the main issues cloud computing services face at this moment, and even big companies struggle to develop tools that would completely eradicate these problems. Yet, the implementation of strict rules of conduct and the adoption of modern decryption technologies can help providers deal with security issues.
Introduction
The Internet has become the main driving force of the global economy, and its widespread adoption has forced both big and small companies, as well as governmental bodies, to invest in the network infrastructure. As a result, modern businesses and enterprises have begun to rely heavily on large arrays of data, which usually require massive facilities necessary for its storage that are costly and often difficult to manage. Cloud computing provides an opportunity to discard all the expensive and inefficient infrastructure and facilitates the implementation of various IT-based services customers may need. The concept of the technology was originally proposed by John McCarthy in the 1960s and since has attracted a lot of interest for its accuracy, scalability, and sustainability (Attaran & Woods, 2018). Yet, despite all the benefits that accompany cloud computing, enterprises are often reluctant in their decision to deploy it because of potential risks that may arise during its use. This paper will address the existing security issues and present possible alternatives to cloud computing technology, as well as provide case studies that will give an insight into all the factors at play.
Background
Cloud computing technology is divided into three main and generally accepted categories of services which include: Platform as a Service (PaaS), Software as a Service (SaaS), Infrastructure as a Service (IaaS). The latter allows customers to rent servers from a provider and use their resources for hosting their applications or operating systems on demand, without the need to maintain their own facilities (Madni et al., 2016). Saas provides an opportunity for clients to use services over the Internet for free or a fee that they pay directly to the vendor, it also does not require installation. PaaS is primarily used by developers as a framework upon which they build their applications, it “provides application environments as elastic, on-demand services” (Krancher et al., 2018, p. 777). These three types of technologies are used for different purposes, providing storage, a platform for application development, or virtual infrastructure, and they all have their advantages as well as disadvantages.
Challenges faced by some cloud services
The security challenges still remain a topical issue for cloud computing technology, and many companies often struggle with successfully preventing breaches and leaks that may occur in their systems. For example, important data can be stored on untrusted cloud platforms that do not use proper security means, which may lead to loss of the information or its stealing. One of the primary challenges facing cloud computing is Distributed Denial of Service attack (DDoS), which is performed by targeting various basic server resources, thus causing the service to stop functioning. DDoS attacks are usually launched from several computers which have malware installed, this makes it hard for the service to differentiate the real users from the attackers (El-Sofany et al., 2019). The most recent attack occurred to Amazon Web Services and generated a large volume of requests, “approximately 44% larger than any network volumetric event previously detected on AWS” (AWS Report, 2020, p. 3).
Another serious security concern for cloud computing is the data breach, which constitutes a data breach unauthorized access to private data, loss or theft of information. Since cloud services are widely used by companies from different spheres, their clients’ data may be of any nature, including credit card information, social security number, and intellectual property. The transfer of customers’ private data to the cloud services providers’ servers means that clients no longer have full control over their privacy. For instance, in 2014, there was unauthorized access to 80 million accounts of JPMorgan customers, “A total of 76 million users’ and 7 million businesses’ personal information” (Ahmed & Litchfield, 2016, p. 83). This example shows that cloud computing services are imperfect and serious precautions and preventive measures have to be taken before moving all the important data to their servers.
Alternatives, Management and Outcome
It is of crucial importance for any organization to maintain a reliable framework of data policies and be aware of the most effective practices to protect their and their clients’ information. Nevertheless, the providers of cloud services themselves offer a large variety of instruments and solutions that aim at keeping the customers’ data private and inaccessible to external agents. The most widely used of these tools is two-factor authentication, a “verification technique using two means of the identification chosen from two categories” (Mohsin et al., 2017, p. 4). Yet, this type of control must be used only in situations that are non-critical, since it only prevents any unauthorized access to the data. Moreover, the alternative way that protects the information itself is encryption, and it is one of the most promising technologies nowadays. There are many studies concerning this topic, but Gai et al. (2016) have produced one of the most interesting of them.
Gai et al. (2016) have developed a model called Dynamic Data Encryption Strategy (D2ES), to maintain the highest level of privacy of the data belonging to cloud services’ users. They also created an algorithm that automatically selected data packages for encryption based on certain variables that included the facility capacity and the time constraints (Gai et al., 2016). The researchers carried out an experiment where they tested the D2ES model in various experimental settings and compared it with Brute Force technology. The results showed this approach had an adaptive and superior performance, which justifies his potential implementation in the sphere of cloud computing as a means to prevent major data thefts.
Recommendations
Apart from better encryption, there are other guidelines that are necessary for cloud services provider’s security concerns. First of all, such companies have to be accountable to both their clients and their governments, strictly following all the compliance requirements and adhering to the practice of audits. This will ensure that the companies will not try to conceal any major data breach or theft of customers’ private information. They also have to be prepared for the event of a security breach, “Cloud providers should develop a response plan in case of any incident like data breaches, data loss…” (Kalaiprasath, 2017, p. 486). The existence of a well-thought-out “playbook” will facilitate the company’s response and allow it to stick to the existing framework. It is also important to update the system after people leave their job, “a disgruntled former employee can cause harm by misusing the privileges that were not revoked” (Alani, 2016, p. 53). Updating the system is also beneficial after discovering new weaknesses that may be abused by hackers.
Conclusion
With the introduction of the Internet, cloud services have gained their reputation as reliable systems that make people’s lives easier and can be tailored to the customers’ needs. Yet there are still certain challenges this technology faces, primarily those concerning its security and protection of clients’ data. Among such issues are Distributed Denial of Service attacks that aim at achieving complete shutdown of the targeted systems and which are still used against big companies such as AWS. Another serious problem is the data breach that endangers the clients’ private information and has serious implications for the providers’ credibility, such instances are rare but still affect some businesses. Encryption constitutes a promising alternative way to address the aforementioned problems and protect the clients’ data. There are many possible encryption methods, but the Dynamic Data Encryption Strategy presents a successfully tested approach that can be readily implanted. Cloud service providers also have to follow strict guidelines that ensure the security of the system and customers’ information. Developing a plan for the event of a data breach and consistent updates also play an important role in the company’s due diligence.
References
Ahmed, M., & Litchfield, A. T. (2016). Taxonomy for Identification of Security Issues in Cloud Computing Environments. Journal of Computer Information Systems, 58(1), 79–88. Web.
Alani, M. M. (2016). General cloud security recommendations. In Elements of cloud computing security 51-54. Springer, Cham. Web.
Attaran, M., & Woods, J. (2018). Cloud computing technology: A viable option for small and medium-sized businesses. Journal of Strategic Innovation and Sustainability, 13(2), 94-106. Web.
AWS Shield (2020). Threat Landscape Report – Q1 2020. Web.
El-Sofany, H. F., El-Seoud, S. A., & Taj-Eddin, I. A. (2019). A case study of the impact of denial of service attacks in cloud applications. Journal of Communications, 14(2), 153-158. Web.
Gai, K., Qiu, M., Zhao, H., & Xiong, J. (2016). Privacy-Aware Adaptive Data Encryption Strategy of Big Data in Cloud Computing. 2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud). Web.
Kalaiprasath, R., Elankavi, R., & Udayakumar, D. R. (2017). Cloud. security and compliance-A semantic approach in end to end security. International Journal Of Mechanical Engineering And Technology (Ijmet), 8(5), 482-494. Web.
Krancher, O., Luther, P., & Jost, M. (2018). Key affordances of platform-as-a-service: Self-organization and continuous feedback. Journal of Management Information Systems, 35(3), 776-812. Web.
Madni, S. H. H., Latiff, M. S. A., Coulibaly, Y., & Abdulhamid, S. M. (2016). Resource scheduling for infrastructure as a service (IaaS) in cloud computing: Challenges and opportunities. Journal of Network and Computer Applications, 68(2), 173–200. Web.
Mohsin, J. K., Han, L., Hammoudeh, M., & Hegarty, R. (2017). Two Factor Vs Multi-factor, an Authentication Battle in Mobile Cloud Computing Environments. Proceedings of the International Conference on Future Networks and Distributed Systems – ICFNDS ’17. Web.