How Much Is The Cloud Secure?
The magnitude of cloud computing is ever increasing and the growing span of attention that it received in the past both in the industrial and scientific communities managed to earn it a position among the world’s top ten important technologies, with still better prospects for organisations and companies in the future years.
According to Hashizume, et.al (2013, p5) “Cloud Computing is a flexible, cost-effective, and proven delivery platform for providing business or consumer IT services over the Internet” But is the Cloud Secure? This was a question that had not managed to get a clear answer as individuals with different perspectives prefers a different answer to the question. While several researchers (Hashizume, et.al., 2013; Hamlen, et.al., 2010; Lombardi, & Pietro, 2011; Jaatun, Lambrinoudakis, &Rong, 2012; Ahmed, & Hossain, 2014; Ayoleke, 2011) debate on the different security challenges and threats associated with the use of cloud computing, there are strong advocators of cloud computing being safe as studies prove that the location of data matters much more than its accessibility (Linthicum, 2014).
According to Linthicum (2014) although to date, several executives seem to deny the importance of cloud computing, however, its worth has been proved over time. A majority of researchers and academicians have focused on the security and privacy issues related to cloud computing and at the end more are concerned with its security issues than its importance and benefits however still a few are working to prove its worth.
Cloud computing according to several researchers and users contain within itself an added risk level with the basic reason being defined as its nature of outsourcing essential services to third party, making it harder to maintain its privacy and security along with demonstrating any kind of compliance and supporting service and data availability (Hashizume, et.al., 2013).
Cloud computing powers on several different technologies including Web 2.0, virtualization, SOA, etc and these technologies bring with them their associated risks and security issues. Although through identifying the system’s main vulnerabilities and focusing on threats associated with the systems possible solutions can be derived, however, in general, the image of cloud computing being a risky process is widespread.
Exploring the research work on the topic revealed ample work been and being done with regards to making cloud computing secure and reliable and different researchers have given different solutions to problems related to dealing with the systems vulnerabilities, techniques of safeguarding data amidst processes that are untrusted, use of virtualization for enhancing security and protection to cloud users, etc (Lombardi, & Pietro, 2011). All the work done in the area supports the concern that is associated with the security and privacy challenges associated with the cloud.
The most major evidence of the cloud not being secure is the revelation that stated that Google in 2012 was requested by the government for about 21,389 times to access information that buffeted about 33,634 user accounts in total. Microsoft in the same period received about 70,665 requests from legal entities and the government asking for information affecting 122,015 accounts, which was three times more than Google received. Even though Microsoft honoured only 2.2% of those requests, still 1,558 user accounts were affected while the other 79.8% requests resulted in the disclosure of transactional and subscriber related information affecting 56,388 user accounts (Mearian, 2013). Irrespective of the claims that storage services make regarding the data being encrypted, there is never any guarantee of it. There is evident that government alone tap into the internet search engine files and of cloud service providers busting any myth that says that cloud is a totally private place to store data. Experts in large quantities agree that there is no place where your precious data is safe and secure and a cloud is no left out option as well.
The biggest advocate against the claim of cloud being secure is that it is not owned personally or under personal control, and this leads to the major criticising on cloud and concerns of many organisations and businesses. Although cloud service claims even in their service agreements that all their data is encrypted however decrypting of your data may only be a legal request or a rogue employee’s action away. According to the security expert, even in cases where service providers claim of customers being the generator and maintainer of their own encryption, there is no way of ensuring that they themselves do not have any kind of access to the information (Mearian, 2013).
After presenting the argument related to why the cloud is so famously considered as being non-secure, it is best to consider what its advocates in favour, had to say about the whole scenario. There is no doubt that a majority of people understand its importance and are ready to explore ways to overcome the shortcomings, in form of finding solution to the security and privacy factors related, however there are individuals still who advocate that the discussion behind cloud being insecure is more political and emotional than being rational and factual.
According to Alert Logic’s Fall (2012) report, the threat activity variation is not as significant as the location of the infrastructure, as anything placed outside is prone to risk, whether it be cloud or enterprise, the chances of being attacked are equal, as by nature attacks tend to be opportunistic.
The report also further reveals that attacks that are based on web applications hit both on premise (44%) and service provider environment (53%), affecting the later one more severely than the latter one. The users of on-premise environment averagely experience about 61.4 attacks, whereas the customer of service providers averagely face 27.8 attacks, thus users of on-premise environment suffer more brute attacks as well compared to service provider environment users.
As far as cloud computing is concerned there are a lot of myths associated with cloud being insecure compared to other traditional approaches. One basic reason behind the paranoia is the fact that the whole process seems insecure owing to storing a large amount of your precious data on servers that are not under personal control or are not personally owned.
Analysts argue that control does not guarantee security. This is also evident by the report discussed above. Going through attacks history and incidences of the past it has been defined that location of data matters less compared to the means that are used to access it. This is the case for both traditional enterprise and cloud-based computing systems. Additionally, it is also significant to remember that creators of enterprise’s cloud-based platforms generally focus more on the governance and security compared to creators of systems that will live within the firewall.
It is essential to know that systems that are built on the same severity and inflexibility will not be completely secure irrespective of whether they are cloud based or not. The best way to go about things is to centre on a well-executed and defined strategy of security based on the correct enabling technology. Focusing on the platform is irrelevant.
The best way to ensure governance and security of your data rely on ensuring the below mentioned three steps after which cloud can also be a secure option for anyone.
- Understand your requirements related to governance and security for your specifically chosen data store or system. A majority of people who deploy security in their traditional or cloud systems are not properly aware of the problems that they are targeting to solve them. The targeted problems need to be identified upfront.
- It is also significant to know that controlling the access to data is much more important than worrying about its location. Have insight on how your data is accessed and keep a look out for breach opportunities. Breaches tend to occur wherever there is vulnerability irrespective of whether you practice an on-premise system or cloud system.
- Lastly, make the process of vulnerability checking a necessity as any untested system is insecure irrespective of whether it is cloud-based or traditional based system.
Cloud computing does have its pros and cons and while the benefits are still exceeding the minus points for certain businesses type, for the others, the argument against cloud being insecure being strong, still the concepts and ideas about cloud are unexpected to change in the near future, however the work being done in the areas of eliminating security and privacy issues from cloud computing and the suggestion of new ideas are a positive step towards better utilization of cloud computing and a better secure view of it in future. Having said that it is essential to mention that proper planning is a prerequisite to cloud systems use as without it, cloud computing can seriously become a risky business. Moreover the same can also be said for enterprise systems as without planning even they too are prone to risks greater than faced today, bringing all advocates back to step one, finding the best way to plan foolproof security of precious data.
- Ahmed, M., & Hossain, M. A. (2014) Cloud Computing and Security Issues In The Cloud. [online] International journal of Network Security & Its Applications (IJNSA). 6(1), p. 25-36. Available from: http://airccse.org/journal/nsa/6114nsa03.pdf [Accessed: 28th July 2015]
- Alert Logic’s fall. (2012) Cloud Security Report. [online] Available at http://www.alertlogic.com/resources/cloud-security-report/ [Accessed: 28th July 2015].
- Ayoleke, I. (2011) Cloud Computing Security Issues and Challenges. [online] Available from http://www.researchgate.net/publication/259072387_Cloud_Computing_Security_Issues_and_Challenges[Accessed: 28 July, 2015].
- Hamlen, K., Kantarcioglu, M., Khan, L., & Thuraisingham, B. (2010) Security Issues For Cloud Computing. [online] International Journal of Information Security and Privacy. 42(2), p. 39-51. Available from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.376.3145&rep=rep1&type=pdf [Accessed: 28th July 2015].
- Hashizume, K., Rosado, D. G., Medina, E. F., & Fernandez, E. B. (2013) An Analysis of Security Issues For Cloud Computing. [online] Journal of Internet Services and Applications. 4, p. 5. Available from http://link.springer.com/article/10.1186/1869-0238-4-5/fulltext.html [Accessed: 28th July 2015]
- Jaatun, M. G., Lambrinoudakis, C., & Rong, C. (2012) Special issue on Security in Cloud Computing. [online] Journal of Cloud Computing. 1, p. 17. Available from http://link.springer.com/article/10.1186%2F2192-113X-1-17 [Accessed: 28th July 2015].
- Linthicum, D. 2014. Clouds Are More Secure than Traditional IT Systems … And Here’s Why. [online] Available from http://searchcloudcomputing.techtarget.com/opinion/Clouds-are-more-secure-than-traditional-IT-systems-and-heres-why [Accessed: 28 July, 2015].
- Lombardi, F, & Pietro, R. D. 2011. Secure Virtualization for Cloud Computing. [online] Journal of Network and Computer Applications. 34(4) p. 1113-1122. Available from http://www.sciencedirect.com/science/article/pii/S1084804510001062 [Accessed: 28th July 2015].
- Mearian, L. (2013) No, Your Data Isn’t Secure In The Cloud. [online] Available at: http://www.computerworld.com/article/2483552/cloud-security/no–your-data-isn-t-secure-in-the-cloud.html [Accessed: 28 July, 2015]