computing is transforming the way information technology is applied. It is
without a doubt that Cloud computing offers tremendous advantages for business.
Among the benefits includes accessibility, flexibility, and economic saving.
However, with cloud adoption comes risks such as security and privacy. Although
more companies are moving towards the cloud, there are a handful others that
resist moving due to security and privacy reasons. This paper discusses cloud
computing various services models, identify significant benefits and
challenges, particularly, security problems. The
article also, suggests some solutions and strategies to apply to reduce cloud
computing, cloud deployment models, cloud computing advantage, Security
Computing Benefits and Risks
Cloud computing is
virtualization of computer resources. The concept was first presented at the
end of 2007 by IBM Corporation in its Technical White Paper (Ullah and Xuefeng
2013). Cloud Computing became popular in the 2000s due to the widespread use of
Internet and smartphones.
The term “Cloud
Computing” does not have a universally or academically accepted concise
definition. As such, Cloud Computing is defined in many ways. Below are some of
of Standards and Technology NIST sees it as a “Model for enabling convenient,
on-demand network access to a shared pool of configurable computing resources
(network, servers, storage, applications, services) that can be rapidly
provisioned and released with minimal management effort or service provider
interaction” (Alhamazani et al, 2015).
Usman Namadi (2015) claims NIST
definition has industry-wide acceptance compare to other cloud computing
definitions. According to Namadi (2015), NIST defines essential concepts and
characteristics of cloud computing such as modeling, hosting and deployment
As cited in Libor
(2012), Schneider (2008) defines it as a “system of technologies and
services that have commoditized IT to make it more readily consumable, scalable
and cost-effective for everyone.”
Ullah and Xuefeng
(2013) argue that cloud computing represents the future of information age and
that it is an emerging Internet-based supercomputing model. Ullah and Xuefeng
(2013) see cloud computing as the convergence and evolution of several concepts
from virtualization, distributed storage, grid, and automation management.
Cloud computing stores software and data in a large data center which according
to Ullah and Xuefeng (2013) creates security concerns. Ullah and Xuefeng (2013)
argue that the growth of cloud computing is determined by its security which is
not yet mature.
According to the
above mentioned different concepts of cloud computing, one may understand cloud
computing as a virtual computer resource which provides access to applications
and services from anywhere at any time.
1. The Characteristics of a Cloud
the cloud computing definitions discussed above, one can easily conclude
accessibility as one of cloud computing characteristics. With cloud computing,
data is accessed from anywhere using any compatible device and the Internet. I
believe availability is one of the defining characteristics of the cloud. Other
essential cloud computing characteristics Ullah and Xuefeng (2013) explain
in their article titled “Cloud Computing:
A Prologue” are summarized below:
A. Internet-centric: Ullah
and Xuefeng (2013) state internet accessibility as the vital characteristic of
the cloud computing.
Networks, servers, storage, constitute a pool of virtual resources. In cloud
computing, the service provides virtual resources are pooled together to
service multiple consumers.
C. Reduce the terminal equipment
requirement: Users of the cloud only need web browsing
software and internet access devices to access the application of the cloud,
and thus reduces the demand for the terminal equipment.
D. Ease of use for the user:
The user only needs to know the network access to the service. The user does
not need cloud computing expertise.
Cloud computing can expand seamlessly, as the dynamic expansion is possible
from a small scale to large scale cluster.
F. Facilitate data sharing:
The distributed nature of cloud computing allows many users to share the same
data and software by connecting to the internet.
G. Pay per use: The user pays for service used, if not
service is used there is no payment.
Amina (2014) discuss other essential
characteristics of Cloud Computing. The first feature Amina (2014) mentioned is
on-demand service which gives the consumer unilateral provision computing
capabilities and self-service such as server time and network storage,
automatically without human interaction. The other cloud characteristics Amina
(2014) address is measured service. Cloud computing allows to monitor, control
and report resource usage.
2. Service Models and Deployment Models
are different cloud service models and cloud deployment models. As cited in Alali and Chia-Lun (2012), the NIST identifies three
cloud service models and four cloud deployment models. These models are
infrastructure has three layers. Each layer abstraction and infrastructure complexity
level varies, as well as the type of the service the layers deliver. Cloud computing
services can be classified as:
(IaaS) – first layer
includes a whole computing environment, all the software, and the hardware
required for the application to run. IaaS eliminate the need to buy or maintain
servers and firewalls for companies. IaaS allows the use of computer hardware
and system software, including operating systems and communication networks in
which the cloud provider is responsible for hardware installation, system
configuration, and maintenance (Alali and Chia-Lun, 2012). Amazon EC2 and Citrix Cloud Center
offer IaaS services.
(PaaS) – second layer
Second layer provides all the facilities required to develop and execute an
application. PaaS includes a computing platform to support the development of
web applications and services entirely residing on the Internet (Alali and Chia-Lun, 2012). Hence, PaaS resolves
developers need to maintain or configure structures required for application
development. An example includes Google Apps, SaleForce.com, and 3Tera
According to Fortinová
(2013), PaaS services are subcategorized as follow:
A development environment – servers used
by programmers to continuously develop
Testers use testing and/or Q&A
environment – another set of servers
Production environment – this is where the
application is transferred once it is approved for routine (or test) operation.
(SaaS) – third and last layer
is the final software developed using the first and the second layer
infrastructure. SaaS allows users to run a variety of software applications on
the Internet without having possession or managing applications (Alali and
Chia-Lun, 2012). SaaS is the software that the end users access and service
offered by retails such as Amazon. As explained in his research Skemp (2017),
the most common conception of cloud computing is software as a service (SaaS). Microsoft’s
Hotmail (released in 1996), Dropbox (2007) and media streaming services such as
Hulu, Netflix are some of SaaS applications.
There are four
cloud computing deployment methods. Anima (2014) elaborates each method as
cloud: As the name implies Public cloud is publicly
available for a wide range of customers. Public cloud infrastructure may be
owned and managed by a business and/or government organization. However, it
exists on the service provider premises.
cloud: Private cloud is solely owned by a single
organization. “It can be managed by the organization or a third party and can
exist on or off premises of the organization” (Alali and Chia-Lun, 2012).
cloud: Community cloud is shared by many consumer groups
and supports a community that shares a common interest such as mission,
security requirements, and policy. Amina (2014) also notes that Community cloud
may be controlled by one or more of the organizations in the community.
cloud: Hybrid cloud combine two or more of the other cloud
infrastructure mentioned above. In Hybrid combination, each of the
infrastructures remains unique entities but bound by standardized or
proprietary technology that enables data and application portability.
Table 1: Summary of the various features
of cloud deployment models (Sen, 2013)
3. Benefits and Impacts
More and more
companies are moving towards cloud computing due to several benefits it offers.
Looking at its growth in the past decades, one can predict that cloud computing
as a critical factor for businesses in the next decade. A study by Gartner as
cited by Amina (2014) states cloud computing as the first among the top 10 most
important technologies and with a better prospect in successive years by
companies and organizations. Skemp’s (2017) findings show that 57 percent of
companies in 2009 were planning to make strategic cloud investments compare to
only 2 percent who used PaaS in 2009. Some of the cloud computing benefits are
flexibility, economic saving, resource sharing, and green computing.
saving: By moving into cloud computing companies can avoid the
need for software or physical network infrastructure purchases which in turn
results in cost saving and in IT capital expenditure reduction. According to U.S. Department of Commerce (2008), as Alali
and Chia-Lun (2012) quoted, the investment in IT represents an average of 50
percent of capital expenditure budgets. With cloud computing companies
outsource software and application from cloud vendors and pay a service fee. The service fee is based on
consumption; thus, companies only pay for the service used. Furthermore, the
service provider covers all the maintenance and updates required for the
cloud computing is scalable. Businesses can adjust computing capacity as
needed. Besides, changing a service provider is easier if necessary.
C. Resource sharing and collaboration: cloud
computing made accessing data and services from anywhere faster and easier.
Further, cloud computing increases collaboration in the workflow by allowing
telecommuting and by updating work files in real time for the team.
D. Green computing:
cloud computing is eco-friendly. Because the service provider hosts the
servers, business use less energy. Servers can get hot and require climate
controlling system. Cloud vendors work on a much larger scale and can control
the server’s climate efficiently. Cloud vendors usually locate the data center
and other facilities often in colder places and thus consume less energy.
Table 2: Summary of other cloud
computing advantages and disadvantages (Fortinová, 2013).
4. Risks and Challenges
applications are popular and are gaining millions of users, there are concerns
that come along with a move to the cloud. Skemp (2017) list data ownership and security
as the first disadvantage of cloud computing. The other concerns being openness
and interoperability of cloud services developed by various corporations
Security and Privacy
In cloud computing
client’s data is hosted on outside server and business lack control over the
cloud infrastructure which is owned and managed by the service provider.
“Clients don’t have virtual access to instances outside their privacy zones,
leaks are thus largely mitigated,” (Libro, 2012). Further, Libor’s (2012) study
emphasize that if data is not encrypted while in transit, unauthorized third
party may intercept and divert them. Libor (2012) assert that this as the main
downside for many companies, by mentioning Zhou et al.’s (2010) survey that
showed 74.6 % out of 244 managers listing security as their primary source of
The most common
potential attack on the cloud listed in Amina’s (2014) article titled “Cloud Security Issues and Challenges”
of Service (DoS) attacks: DoS very difficult for security experts to
Malware injection attack: This attack attempt aims at injecting a malicious
service implementation or virtual machine into the cloud system. Such kind of
Cloud malware could serve any particular purpose ranging from eavesdropping via
subtle data modifications to full functionality changes or blocking (Amina, 2014).
Channel attacks: Includes attacks that are based on measuring various
computation time also known as timing side channel attack
attack: “Phishing is an attempt to access personal information from
unsuspecting user through social engineering techniques” (Amina, 2014). It involves sending Webpages links that seems
legitimate but leads to fake location. According to Cloud Security Alliances
(CSA) cloud service providers do not maintain sufficient control over systems to
avoid being hacked or spammed (Amina, 2014).
Machine (VM) Rollback attack: The hypervisor can suspend a VM at any time
during execution, take a snapshot of current CPU states, disk and memory and
resume a snapshot later without guest VM
awareness (Amina, 2014). By doing these, the attacker can clean the
history and will not be caught.
Other cloud computing challenges
Ahmat (2015) explained includes:
A. Cyber Attacks and Hacking of Sensitive Information: Cloud computing
faces as many attacks as other web services like web hosting. Hackers who can
break into the cloud can steal sensitive information such as credit card
numbers and financial records.
B. Data Loss and Leakage: Users’ data can suffer both from accidental
data loss and from malicious intrusive actions. The threat of data compromise increases in the cloud, due to the
number of and interactions between risks and challenges which are either unique
to cloud, or more dangerous because of the architectural or operational
characteristics of the cloud environment (Shah, Anandane, & Shrikanth, 2013).
Unavailability of data
Another risk with
cloud computing is data unavailability. According to Smith’s (2009) research,
there are bugs in the cloud that is yet to be fixed. Smith (2009) points out
instances in which cloud service became unavailable for hour or days due crash.
5. Proposed Solutions
The service providers play a significant
and the ultimate role in securing the cloud infrastructure they host. Not only
the service provider but business should also take measure to eliminate the
risks of cloud adoption. Some of the
security countermeasures suggested in Amina (2014) are summarized below:
management: Access control mechanisms such as Firewalls and intrusion detection
systems should be applied to ensure only authorized user has access to the
policy enhancement: well-established security policies can reduce the risk and
helps in better manage the cloud.
protection: data protection tools such as data loss prevention systems,
anomalous behavior pattern detection tools, and encryption tools provide a
real-time detection and monitoring of the traffic and audit trails.
techniques implementation: tools such as Log inspection can be used to collects
and analyzes operating system and application logs for security events
planning to move to the cloud, a study done by Fortinová
(2013) recommend a step by step process. Fortinová (2013) argues that
moving to cloud computing is accompanied by risk. Thus, steps should be taken
to eliminate the threat. Below are some of the steps recommend by Fortinová
decision to move over to Cloud Computing.
analysis of ICT (information and communications technology) processes or
projects to be moved over to the cloud.
of a supplier – cloud provider.
diligence of the provider (however not in the same scope as when purchasing a
and entry of the contract
of the project’s transfer stage.
of the mutual relationship between the recipient and the cloud provider (the
has capabilities to solve businesses technological and financial problem. Yet there are some downsides to cloud computing security being
the first factor. If cloud computing risks left unaddressed, the
consequences for companies can be costly and can affect business’s survival. According
to Puranik (2017) cloud services are expected to grow exponentially in the next
few years. So is the security challenges of the cloud.
Per Puranik (2017), 2017 is year of more cyber-attacks
than any year in history. The CIA Vault 7 hack and the Equifax data breach to
mention a few. It is also important to note that cloud services are still
growing therefore new threats and attacks will emerge that target specific
cloud services. Therefore to make a move to cloud computing
advantageous, companies should analyze the risks associated with cloud adoption
and take the necessary step to limit the risks.