Embed Size (px)
Citation preview
A General Overview and Analysis of Cloud Computing:
Concerns Regarding Security and Privacy of Data
Kyan Valipour
University of North Texas
Abstract
This paper gives a general overview and analysis of cloud computing by first briefly describing
what it is, and then the different types of services that are provided by third-party companies to
users needing the service. Afterwards, an explanation of the data flow and transmission process
is provided by closely observing the front-end and back-end components. Unfortunately, a
common theme faced within cloud computing is concerns over security and privacy during the
data flow, transmission and storage of data. As a result, researchers are designing security
architectures to create preventable measures against these threats.
A General Overview and Analysis of Cloud Computing:
Concerns Regarding Security and Privacy of Data
I. Introduction
The best definition for Cloud is defined in as large pool of easily accessible and
virtualized resources which can be dynamically reconfigured to adjust a variable load, allowing
also for optimum scale utilization (Porwal, Maheshwari, Pal, & Kakhani, 2012). According to
Porwal, Maheshwari, Pal, & Kakhani (2012), there are actually three different types of clouds
that serve their own purpose:
A. Public Cloud:
Generally, the third-party provider will be paid by the user to access any data via the
Internet. This data can be accessed via software applications or by other means
provided by the third-party provider.
B. Private Cloud:
Typically, these cloud services are considered to be the most secure since they are on
a private network. However, software updates and the infrastructure will need to be
purchased and maintained by the company. It is usually the IT department of an
organization that maintains it rather than a third-party provider.
C. Hybrid Cloud:
The utilization of both public and private clouds for the purpose of avoiding
unnecessary compliance issues.
Third-party servicing companies typically offer different types of services to users of
cloud computing. Public clouds are used by these servicing companies to offer either software
applications, web services, or another mean of accessing the front-end. Many users choose third-
party services for different reasons. According to Sareen (2013), these types of services include
the following:
A. Software as a Service (SaaS):
The user of the application is basically renting the usage of the infrastructure. The
provider will provide updates and patches regarding the software to keep up-to-date
versions for the user.
B. Platform as a Service (PaaS):
As it implies, the client or user is provided a platform. This offers the user more control
over the application itself by allowing the user more customizable options. However, it is
still the responsibility of the provider to give updates and patches regarding the platform.
C. Infrastructure as a Service (IaaS):
Resources that are related to hardware are distributed via the Internet as a virtualized
platform. The user has control over the platform itself. However, the user is not
responsible for managing the infrastructure.
D. Storage as a service (STaaS):
This type of service is the most commonly known. The user subscribes to a third-party
company to rent storage space.
E. Security as a service (SECaaS):
Along with the storage of data, comes the responsibility of keeping data safe from
compromise. Security threats are a common issue and concern for almost all
organizations.
F. Data as a Service (DaaS):
Data is offered on demand to the user. In other words, data that is stored by the provider
can be used by users. Data can be used commercially as well.
G. Test environment as a service (TEaaS):
Basically, the test environment is hosted on the cloud by the user to see if everything is
working properly.
H. Backend as a service (BaaS or MBaaS):
BaaS/MBaaS allows for web and mobile developers to link their application to the
backend storage. It also maintains the capabilities of providing features, simultaneously.
All of these types of service are offered by third-party companies to users. Some of these are
more recent than others. Such as, backend as a service (BaaS) and mobile backend as a service
(MBaaS). As technology advances, the types of services being offered by these third-party
providers expands as well.
Going forward, this paper will be organized discussing the following topics: Section II
will focus on a general overview of how cloud computing works. Section III will be discussing
security and privacy of data storage and transmission. Lastly, Section IV will provide an analysis
of the paper.
II. General Overview of How Cloud Computing Works
People often wonder how cloud computing works. The most common and well-known
being public clouds. As mentioned, it is a server that is usually hosted by a third-party company.
According to ovp (2014), there is a front end that allows the user to gain access to the system
itself through either a web browser or software application, and a back end which is comprised
of a computer network, servers and a database storage.
The front end includes the client’s computer (or computer network) and the application
required to access the cloud computing system (Strickland, n.d.). The user interface will depend
on the type of third-party servicing company that is used. Not all cloud computing systems have
the same user interface (Strickland, n.d.). For instance, some use the web browser, such as,
Chrome or FireFox, in order to access the interface. Other services offer users their own private
means of accessing their services. As shown in Figure 1 – general structure of clod computing
(Bhisikar & Sahu, 2013) below, the devices are able to access the type of service needed via
computer network connection:
Front-end is what the user sees via the devices, such as the ones depicted in Figure 1.
Otherwise, if it is a private server, the IT department will be in charge of the software and
infrastructure being used. On the back end of the system are the various computers, servers and
data storage systems that create the “cloud” of computing services (Sareen, 2013). Each
component has a specific duty. For instance, when the user wants to communicate and store data
with the server, the user interface is used via the web browser or software application platform.
Amongst the components in the back end, the central server administers the system following a
set of rules called protocols (ovp, 2014). The central software uses middleware. Basically,
middleware is the software that connects network-based requests generated by a client to the
back-end data the client is requesting (Stafford & McKenzie, n.d.). When the user wants to store
data into the back-end, the back-end actually generates multiple copies of the data in case
something unfortunate happens, such as data loss. Having to store multiple copies of data
requires storage space, which means that the more users the third-party company has, the more
storage space will be needed. The process of making multiple copies of data is also called
redundancy. The host will need to expand their database, or fool a physical server into thinking
it’s actually multiple servers, each running with its own independent operating system (Sareen,
2013). By doing so, the host will be able to maintain optimum efficiency. By maximizing the
output of individual servers, server virtualization reduces the need for more physical machines
(Sareen, 2013).
The cloud data storage architecture shown in Figure 2—cloud data storage architecture
model (Bhisikar & Sahu, 2013) provides an example of the general data flow:
As shown in Figure 2—cloud data storage architecture (Bhisikar & Sahu, 2013), there are
sometimes optional third party auditors. Many individuals and companies elect to hire a third-
party auditor (TPA). An optional TPA, who has expertise and capabilities that users may not
have, is trusted to assess and expose risk of cloud storage services on behalf of the users upon
request (Bhisikar & Sahu, 2013). TPAs can provide this type of service to users. In contrast to
traditional solutions, where the IT services are under proper physical, logical and personal
controls, cloud computing moves the application software and databases to the large data centres,
where the management of the data and services may not be fully understood (Bhisikar & Sahu,
2013). Therefore, exposing risks, such as, security and privacy.
III. Concerns Regarding Security and Privacy
Perhaps the biggest concerns about cloud computing are security and privacy (Sareen,
2013). Many small businesses, large organizations, schools, and higher education establishments
are hesitant to use these types of services. According to (Bhisikar & Sahu, 2013), security threats
faced by cloud data storage can come from two different sources. The first source may be from
the Cloud Service Provider (CSP). The CSP may have self interest in the data provided by the
sender. Not only does it desire to move data that has not been or is rarely accessed to a lower tier
of storage than agreed for monetary reasons, but it may also attempt to hide a data loss incident
due to management errors, convoluted failures and so on (Bhisikar & Sahu, 2013). Another
source that may pose a threat to valuable data may be another individual or company with
malicious intent. Depending on their capabilities and goals, data that is transmitted and stored
can be compromised by the individual or company. Data can either be modified or irretrievable
in some case scenarios. At times, advanced infiltrators can compromise all the storage servers
(Bhisikar & Sahu, 2013). Some may also gather data if the data transmission protocol is not
secure.
As a result, research regarding security and privacy is conducted to ensure safety of data
transmission and data storage. Currently, researchers are focusing on designing security
architectures to provide a solution on how to prevent these misfortunes for users. Gary Anthes
has described the various security research works in cloud are discussed (Bhisikar & Sahu,
2013). The research conducted by this individual has been used in designing new security
solutions by well-known companies, such as Microsoft, HP and IBM.
Additionally, other methods of ensuring security and privacy has been proposed as well.
Cong Wang has proposed their work on Data Storage security with respect to Quality of service
(Bhisikar & Sahu, 2013). The ability to check whether data has been breached, or having the
capability to see whether data has been modified or not can help users better protect their data.
The fact that data is not only stored but also transferred during data transmission or data flow
process, can pose a significant security issue as well. During the data transmission process, data
is essentially going from the front-end to the back-end. Therefore, depending on the type of
protocol being used when transmitting the data, can mean whether or not the data is sent
securely. The secure data transmission is anyhow achieved by protocols like IPSec, SSL over
web and the data over are also through web applications these current methods can be used for
secure data transmissions (Bhisikar & Sahu, 2013).
Furthermore, Sudha M has [also] proposed an idea for secure data transmission in cloud
computing using transport layer techniques, the idea proposed in that is used is socket
programming for secure data transmission over the client and server (Bhisikar & Sahu, 2013). In
short-hand, the idea of socket programming lies at the socket layer. At socket layer, before
sending it to the remote end the data will be encrypted for each byte and send encrypted data
(Porwal, Maheshwari, Pal, & Kakhani, 2012). This will ensure that the data carried by the
protocol will reach its destination to the back-end in a secure manner.
Analysis of the Three Cloud Computing Models
Each of the three cloud models serve their own purpose for the user. In other words, it
would depend on what the user wants to accomplish by using cloud storage. Each of the cloud
storage models have their own characteristics that differs one model from the other. Some of the
characteristics can be seen as a benefit or flaw, depending on how the user plans to use the cloud
storage model. Additionally, some may seek the benefits of having both cloud storages. Miller
(2018) breaks down each model by characteristics in the following chart below:
As shown in the chart comparison, some cloud models are more suitable for individuals
and small business owners. Whereas, some models may be more suitable for large organizations
and enterprises. Then there is the hybrid model, where organizations seek to have the
characteristics of both public and private models at their disposal. When choosing a model to
use, it is important to do research on key characteristics as well. In the following comparison
chart, Miller (2018) breaks it down further by providing the differences of each model in terms
of scalability, security, performance, reliability and cost:
When one model may provide better key characteristics than another model, it may also
lack in other key characteristics as well. This is why some choose the hybrid option. However,
more exposure would mean the individual or organization would have to take proper security
measures on both public and private cloud storage.
References
Bhisikar, P. and Sahu, A. (2013, March). Security in data storage and transmission in cloud
computing. International Journal of Advanced Research in Computer Science and
Software Engineering (3), 3. Retrieved from
https://pdfs.semanticscholar.org/dd89/a686fadc3cdaf61e44c4873cdd7dadd53c87.pdf
Miller, J.A. (2018). Private cloud storage (internal cloud storage). Retrieved from
https://searchstorage.techtarget.com/definition/private-cloud-storage-internal-cloud-
storage
ovp. (2014). How cloud computing works. Retrieved from https://www.youtube.com/watch?
v=DGDtujmOBKc
Porwal, A., Maheshwari, R., Pal, B.L., & Kakhani, G. (2012, March). An approach for secure
data transmission in private cloud. International Journal of Soft Computing and
Engineering (IJSCE), (2), 1. Retrieved from
https://pdfs.semanticscholar.org/1af2/4593eee54cfa5deefa82e58228dc928f37eb.pdf
Sareen, P. (2013, March). Cloud computing: types, architecture, applications, concerns,
virtualization and role of IT governance in cloud. International Journal of Advanced
Research in Computer Science and Software Engineering (3), 3. Retrieved from
https://pdfs.semanticscholar.org/ca5d/86b602c4fe2625ca80ac4da6704c18f6a279.pdf
Stafford, J. and McKenzie, C. (n.d.). Middleware. Retrieved from
https://searchmicroservices.techtarget.com/definition/middleware
Strickland, J. (n.d.). How cloud computing works: cloud computing architecture. Retrieved from
https://computer.howstuffworks.com/cloud-computing/cloud-computing1.htm
