Is Cloud Computing Secure
Enough?
Abhay Singh, MSCLIS- 1st
Sem, IIIT-A
Cloud Computing is Internet-based computing, whereby shared resources, software and information are provided to computers and other devices on-demand, like the electricity grid. In its broadest sense, cloud computing describes something apparent to anybody who uses the Internet. Information is stored and processed on computers somewhere else -- "in the clouds" -- and brought back to your screen.
It is a paradigm shift from mainframe to client-server that preceded it in the early 1980s. Details are abstracted from the users who no longer have need of expertise in, or control over the technology infrastructure "in the cloud" that supports them. It is a byproduct and consequence of the ease-of-access to remote computing sites provided by the Internet. Typical cloud computing providers deliver common business applications online which are accessed from another web service or software like a web browser, while the software and data are stored on servers.
Commercial
offerings are generally expected to meet quality of service (QoS) requirements
of customers and typically offer SLAs. Companies across the technology industry are jockeying to
associate themselves with clouds. The major cloud service
providers include HP, IBM, VMware, Amazon, Google and Microsoft. Amazon.com Inc., better known for
peddling books online, began selling an Elastic Compute Cloud service in 2006
for programmers to rent Amazon's giant computers. Juniper Networks Inc., which
makes gear for transmitting data, dubbed its latest project Stratus. Yahoo Inc., Intel Corp. and a handful of
others recently launched a research program called Open Cirrus.
Cloud computing is quite cost
effective. If you're scaling up an application - that is active growth
projections and model, not simply a prototype - Amazon EC2 will provide
computing power for as little as 10 cents an hour, and time is measured only
when the cloud is actually working on behalf of a user, so if it is idling, the
user does not have to pay for it. In addition, at 10 cents per gigabyte of
bandwidth, it's extremely feasible to begin a large scale growth
projection.
A secondary benefit of using the
cloud is the ability to right-size a company's IT work force. The
absence of physical hardware and infrastructure security requirements allows the
company to devote more resources to the development of a technology product, as
opposed to positioning watchmen on the wall.
Thirdly, the cloud is infinitely
scalable. It is not necessary to worry about clustering, nodes, GeoIP content serving (that is, serving content from a
UK-based data center to a user in Germany as opposed to serving from Southeast
Asia, as an example). Simply put, the Cloud allows users to build as much
capacity and bandwidth as they are willing to pay for.
Every breached security system was once thought infallible
"The
richer the pot of data, the more cloud service providers need to do to protect
it," says IDC research analyst David Bradshaw. As more and more
information on individuals and companies is placed in the cloud, concerns are beginning to grow about just how safe an environment it is.
The
internet lacks the fundamental security protocols necessary to secure things as
they are. At the heart of cloud infrastructure is this idea of multi-tenancy
and decoupling between specific hardware resources and applications. In the jungle of multi-tenant data, the cloud provider
should be trusted that information will not be exposed. For their part, companies need to be vigilant, for
instance about how passwords are assigned, protected and changed. Cloud service
providers typically work with numbers of third parties, and customers are
advised to gain information about those companies which could potentially
access their data.
Concept
of cloud computing is new and even if hosting companies say that the data is
secured it can't be a 100% truth. Theoretically, data on cloud computing is unsafe
as it is replicated amongst multiple machines. In any case if the data goes
missing there are very less chances of local or physical backup. Simply
depending on cloud can be dangerous and there is always a risk of failure. In
order to save the data only solution is to download all cloud documents on local
machines. However, this is a lengthy process and every time the documents are
upgraded or updated, a new copy of the application will have to be downloaded.
There are a few fields of concern pertaining to
security of data on a cloud. They are:
->
Data
Protection and Privacy: Data from one user should be kept separate from the
data from another user and also third party access to users' data should be
kept under a check.
->
Identity
Management: Proper Identity Management protocols need to be implemented to ensure access control to information and resources.
->
Application
Security: The security of the applications provided also needs to be maintained
by the service provider.
->
Business
Continuity and Data Recovery: Proper plans should be in place for business
continuity and data recovery in case of a disaster or emergency.
Amazon
reaches into customers' Kindles and remotely deletes already-purchased books. Facebook launches Beacon, an
advertising mechanism that collects and publishes information about what users
do on external web sites on their Facebook profile
(only to apologize and offer opt-out later). Apple
denies approval for the Google Voice application in the App Store. Twitter doesn't offer the ability to
export more than 3,200 status updates. Flickr only
lets users to see the last 200 photos uploaded by them if they don't have a paid Pro
account. MySpace and Facebook
don't immediately remove photos from their servers when they are deleted. When a user is living in the cloud, he
is beholden to a third party who can make decisions about their data and
platform in ways never seen before in computing.
The cloud undoubtedly provides organizations with the opportunity to save money and achieve efficiency, by leveraging virtualization to centralize applications, storage and platforms into pay-as-you-go, scalable bites of a single system or network. But without security embedded into underlying technology that supports cloud computing, businesses are setting themselves up for a fall.