The security concerns

Abstract

Cloud computing is on the boom so is the security concerns related to its usage. Researchers and cloud computing services providers are in search of state of the art models to ensure the availability, security and safety of the users' information

Cloud computing is the next generation architecture of IT Enterprise. Conventionally, the IT software and infrastructure was under physical, logical and personnel controls. Cloud computing provide an opportunity to share these resources to obtain better performance. But there are some managerial issues with cloud computing. Users are not satisfied with the current information security facilities. Security challenges posed by cloud computing are open problem now a days.

The ultimate solution to this problem is in standardized cloud service, highest level of freedom of customers in cloud's ecosystem and facility of continuous monitoring of information owned by customers

1. Introduction

Number of computing techniques take part in the evolution of cloud computing. In early 1990's, Peer to peer networking allows super computers to form networks which are capable to perform intensive computational tasks. At that time grid computing was developed [5]. Following Grid Computing, in 1991 the thought of utility computing begun. Sometimes it is called as "An On Demand Service". In utility computing, users can access central computational resources using internet to process their computational tasks [9]. Utility computing was an idea to metered the computational service like other conventional public utilities, such as water, electricity, and telephone etc. consumers have to pay bills for using the computational resources. Most probably, the idea of cloud computing was developed from utility computing. [9] A computer network which does not have a single point failure [7] (which means if a computer in a network fails any other computer take over the task of crashed computer) is called Autonomic computing. This term of autonomic computer came about before "Cloud Computing" has evolved [9]. In these kinds of services human intervention is not needed. In case of failure of a particular computer/ system, computer software can switch between different systems Software-As-A-Service (SaaS) is a model of software deployment in which customers can use the software on demand provided by the vendor. It is a service that allows users to use software on rent rather than purchase. SaaS software vendors may host the application on their own web servers. There is a contract between service provider and the vendor for certain period of time for the usage of application or other services like storage etc. when the contract is expired it can be renewed if that particular service is further required.

Cloud computing gets its name, "Cloud", as a metaphor for the Internet. The cloud provides communication infrastructure. [3]. Most of the time we picture of cloud is used to represent the network computing, without any further detail inside about the architecture as shown in Figure 1.

According to [3], the word of cloud computing is term that was borrowed from telecom industry. Up to the 1990s, data circuits, were hard-wired between destinations. Then, long-haul telephone companies began offering Virtual Private Network (VPN) service for data communications. Telephone companies were able to offer VPN-based services with the same guaranteed bandwidth as fixed circuits at a lower cost because they could switch traffic to balance utilization as they saw fit, thus utilizing their overall network bandwidth more effectively [11].

In 1960's, Joseph Carl Robnett Licklider innovated the term "Intergalactic Computer Network", which was the first conception of what would eventually become the Internet [11]. It is believed that John McCarthy was the first researcher who introduces the concept of cloud computing, when he gave the idea that computation can be used as utility [7]. In 1999, Salesforce.com was the first company who provide different software applications for utility usage via its simple web site. Latterly, in early 2000, big giants of software industry such as Microsoft, IBM, and Amazon started broadening Cloud Computing services. Microsoft provided SaaS via web services. Amazon launched the trend setter application of Amazon Mechanical Turk, which provide on demand work force to its customers. Amazon launch the "Elastic Compute Cloud" (EC2) in 2006, which allow individual users and small companies (with limited resources) to use computer recourses to execute their application/ programs [7]. Google & IBM are now actively researching on this topic in different research institutes such as CarnegieMellon, Stanford University, Berkeley, the University of Maryland, the University of Washington, and Massachusetts Institute of Technology [6]. Recent launch of web 2.0 allows users to use services such as Google apps and docs allowing them to use browser based enterprise applications. Even at government level, different governments (including Chinese government) are seriously thinking to adopt this technology to deliver better service to their countrymen. Recently, the local government of Dongying, China announces her plan of collaboration with IBM to use cloud computing for economic development in region under her control. Dongying, renowned of its industry and oil fields, is planning to use IBM's cloud infrastructure to promote e-government and support the city's transition from an industrial to services-based economy [13].

2. World with cloud computing

Conventional software applications launched by SAP, Oracle and Microsoft were very complex as well as costly. They need a data center with office space, power, cooling, bandwidth, networks, servers, and storage along with a dedicated manpower with troubleshooting expertise. They need development, testing, staging, production, and failover environments [11].

Imagine the world (not too far away) in which there are no desktop pcs and laptops only you need, is your mobile on which you can retrieve all the (processed) results for decision making. Imagine a world where you don't have to purchase and install software, don't have to worry about data loss, don't need the latest and greatest hardware to run your applications and you can access you data any time, from any place, from anywhere.

Topic of cloud computing is very interesting as it is leading the world to new era of World Wide Web. The world is going be a technical world and cloud computing is assisting that to be done. Cloud Computing has a bright future as a service on demand.

3. Hurdles on the way to cloud computing era

Cloud computing is the future of internet. It is believed that it would take over the desktop computers but there are security, domination of few companies and legal issues on the way. These issues have to be addressed for the flourishing future of cloud computing.

There are many safety concerns about the information stored on servers of cloud computing. The question arises in the mind like, is the information stored cloud servers safe from hackers, data loss and any other malicious activity? Several companies have been suffered from data hacking and loss of data. For example, Google recently was a victim of such activity when their service completely collapsed in Europe [1]. With the continued warm use of the World Wide Web, it is becoming more attractive to cyber cooks. Such institutions are now very well aware of these risks and are continually researching to improve their services and doing more research on the security issues of Cloud Computing.

Big companies like Microsoft, Google, IBM and Amazon are trying to dominate the cloud technology. These competitors are trying to provide the best services to users. Amazon has already started renting out cloud computing services. Others are offering largest storage capacity at cheaper cost. The burning issues are how to decide which company is suitable for your business?

The biggest issues, cloud computing is facing these days, are cost, privacy and security concerns. Even in the presence of these issues, cloud computing has many success stories. Researchers and cloud computing service providers are working hard to overcome these issues some of the efforts regarding security and privacy of cloud computing are discussed in next section.

4. Related Work

Like all new technologies, cloud computing have a lot of questions. In following subsection these concerns related to cost, security and privacy of cloud computing are discussed.

4.1. Towards Trusted Cloud Computing

The Max Planck Institute for Software Systems designed the Trusted Cloud Computing Platform (TCCP). It is also Infrastructure as a Service (IaaS) providers like Amazon EC2 which ensures confidential environment for customers' virtual machines. [8]

The customers of cloud computing are always in fear that their information may not leak or tempered. This research is a deliberate effort to counter this fear. IaaS is at lower layer service of the cloud computing infrastructure. It is easier to guarantee confidentialality of computation at this lower level. It is not manageable as one go up the layer service of the cloud computing. Amazon and GoGrid offer full user access to entire virtual machines hosted by them [8]. Their research is mostly revolving around Eucalyptus, like EC2 (Amazon) it is an open source Infrastructure as a Service platform.

The TCCP have to portions is called TVMM (Trusted Virtual Machine Monitor) and TC (Trusted Coordinator). TVMM has the ability to protect its integrity over time, and complies with the TCCP protocols. The TC manages the set of nodes that can run a customer's VM securely. They call these nodes trusted nodes. To be trusted, a node must be located within the security perimeter, and run the TVMM [8]. To secure the VMs, each TVMM running at each node cooperates with the TC in order to 1) confine the execution of a VM to a trusted node, and to 2) protect the VM state against inspection or modification when it is in transit on the network. The critical moments that require such protections are the operations to launch, and migrate between VMs [8].

Cloud computing provides state of the art computational and storage facilities to run any kind of business as compared to in-house application running. Running application on a cloud is as simple as you are logging in to your email account, all you have to do, just log in to system and customize it and start executing your application. You do not need to worry about installing, configuring, up-gradation or any troubleshooting task [11]. This is what cloud computing is all about. All type of business applications are available in the cloud, from performance monitoring to decision making application.

4.2. CloudViews

As said earlier, security is the major concern in cloud computing. One of the questions that strike the mind is, "does anyone else sharing my information stored on the cloud?" Keeping this question in mind, Roxana Geambasu & Roxana Geambasu of University of Washington pinpoints a new venue (so called CloudViews) of research in the field of cloud computing. They constructed model to utilize the cloud services without the fear of information leakage among other users of same cloud [4].

4.3. Cost of service

While choosing cloud computing service provider, cost of the service is another issue that is taken into account. Each new customer is in search of best services at lower cost. Researchers of the University of California, Santa Cruz, NetApp and Pergamum Systems are looking at the trade-offs between storing data, including data that might not be called on that often, and simply recalculating results as needed [2]. The focus of their research is to conduct a Cost Analysis model to choose the most efficient strategy for dealing with computed results because user are interested in terms of service usage than the infrastructure they are provided.

5. Concluding Comments

As the cloud computing becoming popular day by day, security concerns in cloud computing are also on the rise. Awareness of security concerns in Web2.0 also gives rise to security fear in technologies like social networks, wikis, RSS etc.

Users of cloud computing have security threats, like information leakage and hacking etc in their minds. Questions come in mind like, "how to satisfy the customers that their information is secure?" and "Which model or metrics would ensure the security of information in web 2.0 technology".

While talking about the concerns of users we should not forget the concerns of the services providers. There must be a balance between requirement of user and those of providers. If a users asks for guarantees for its information security then on the providers end it is to be decided to what extent the customers is allowed to access the system.

Continuous monitoring is required to effectively preclude security gaps. Application that provides the user access to monitor their data stored on the system (Cloud) will assure its security. Although modern servers have capability to address the problem of hacking still such application would provide a redundant shield against such malicious activity. It would not only fulfill user desire of security but also helps the service providers to investigate the security breaching incidents.

Before 2009, we have very little knowledge about risks and solution to security problem in cloud computing but now people have start thinking and made guidelines to address this problem. Now we are heading towards standardized cloud service, which is the ultimate solution to this problem. Another thing I would like to add here is that vendors have to provide greatest degree of freedom to customers.

6. References