Cloud Computing Security 11
CLOUD COMPUTING SECURITY
Throughout the computer science evolution, many trials have been done to disengage end users from hardware requirements, network computer needs, time sharing utilities, and commercial systems. The disengagement is becoming a reality as many business and academic leaders are moving towards cloud computing. A cloud is a distinct information technology environment designed to provide measured and scalable information technology resources remotely (Carstensen, Morgenthal & Golden 2012). All clouds have finite boundaries since they are specific environments used in the provision of remote IT resources. While the Internet offers open access to various web-based IT resources, clouds are privately owned IT resources that offer metered access.
Most of the Internet is devoted towards access of content-based resources published through the World Wide Web. However, cloud environments are devoted towards the provision of user-based access and back-end processing capabilities. Cloud computing is described as a subscription-based product where individuals can acquire computer resources and networked storage space (Huang et al. 2014). Cloud computing works like Hotmail, Gmail, Yahoo, etc., which cater for the housing of all software and hardware components necessary to sustain one’s personal email account. Just like an individual’s email, cloud-computing services are not stored on his/her personal computer, and one will need an Internet connection to access the service.
Cloud computing importance is constantly increasing and receiving enhanced attention from industrial and scientific communities. Through cloud computing, accounting institutions can safeguard consumer data while assuring performance and compliance to standards. Cloud computing is among the top five most significant technologies in the financial sector, which have better successive prospects by organizations. Through cloud computing, individuals and organizations have convenient, ubiquitous, and on-demand network accessibility to shared configurable resources. The shared configurable resources can be rapidly released and provisioned with little service provider interaction or management effort.
Cloud Computing Background
Based cloud computing, financial information contained in accounting software can be accessed at anytime from anywhere. Traditional computer setups need users to be in the same place as the data storage device. Cloud computing removes this step. The cloud-computing provider offers storage for the necessary software and hardware needed to run the business or personal applications (Huang et al. 2014). This is useful for small organizations, which cannot afford similar hardware and software storages used by bigger companies. Small organizations store their data in the cloud, which eliminates the expense of purchasing and maintaining memory storage devices. As the company operations continue, the owner may choose to reduce or increase their subscription.
Cloud computing services are divided into various types. The first type is called a public cloud. Any individual or company that has an Internet connection can use public cloud computing services (Huang et al. 2014). The other type is called the private cloud. Private cloud computing services are created for specific organizations or individuals and access is limited to the specific group. Accounting organizations implement private cloud computing due to the nature of the information they handle. The third type is community cloud computing. Community cloud computing services are shared among various companies or individuals who have the same requirements. The last type is the hybrid cloud. Hybrid computing clouds are a combination of two or more cloud computing types.
When choosing a cloud-computing provider, one considers their hardware and software requirements. Cloud computing providers offer specific functions providing the users with less or more control mechanisms over their cloud. Cloud computing providers are divided into three major types namely Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) (Denz & Taylor 2013). The three types are different based on the control mechanisms offered and what one expects the provider to offer.
Software as a Service provides access to both applications and resources. SaaS ensures one does not need to have their own physical copy of the software to install on their devices. SaaS ensures it is easier to have similar software on all of one’s devices through access on the cloud. In SaaS agreements, individuals and organizations have the minimum control mechanisms over the cloud.
Platform as a Service increases its level compared to the SaaS setup. PaaS providers offer individuals and companies access to various components they will need when developing and operating applications through the Internet. PaaS is an integrated platform used in development, testing, support, and deployment of web-based applications (Carstensen, Morgenthal & Golden 2012). In an Infrastructure as a Service agreement, companies and individuals completely outsource the resources like software, hardware, and storage that they need. IaaS is typically presented in a virtualization form.
Cloud computing is described as one of the most promising technologies within computer science and the financial sector. Cloud computing entails various significant characteristics. The characteristics are favorable for financial institutions making a move towards cloud computing. The first characteristic is elasticity/flexibility. Users can rapidly access computing resources when needed without a need of human interaction. Infrastructure scalability is another characteristic. Cloud computing architecture can be scaled vertically or horizontally based on the user’s demand (Denz & Taylor 2013). Another significant characteristic is location independence. A consumer lacks control mechanisms over the exact location of provided resources. However, the client has the ability to clarify location on higher abstraction levels like data center, state, or country.
Reliability is another key characteristic. Reliability ensures cloud computing is suitable for disaster recovery and operational continuity through the implementation of many redundant sites (Carstensen, Morgenthal & Golden 2012). Another characteristic is cost-effectiveness and economies of scale. Regardless of deployment models, cloud implementations tend to be large taking advantage of economies of scale. The last key characteristic is sustainability. Sustainability is achieved through enhanced efficient systems, carbon neutrality, and improved resource utilization.
Cloud Computing Security
Confidentiality and Data Security Issues
The main security risks and concerns for accounting companies and individuals moving to cloud computing services are confidentiality and data security issues (Denz & Taylor 2013). The issues entail specific problems like who is allowed to create data, who can access and alter the information, the data storage location, back-up availability, and how data transfer is done. Confidentiality ensures only authorized individuals can access the protected data. Data compromise risks increase as one moves to the cloud because of the increased number of involved parties, applications, and devices involved, which increases the number of access points.
When considering data security issues, various issues arise regarding data remanence, multi-tenancy, privacy, and security. Multi-tenancy denotes the resource-sharing characteristic. Various aspects of cloud computing include data, networks, programs, and memory sharing at the host level, application level, and network level. While subscribers are isolated through virtual levels, hardware is not separated. Multi-tenancy can be compared to multi-tasking in a computer’s operating system. Since common processing resources are shared, confidentiality and privacy risks arise. Data remanence entails residual representation of information that may have been removed or erased. Data remanence may result in the disclosure of private information.
Integrity is another key aspect of cloud computing for financial institutions. Integrity means only authorized users should modify an individual or company’s asset (Rountree & Castrillo 2014). Data integrity refers to the protection of data from unauthorized fabrication, modification, or deletion. Management of a company or individual’s rights and admittance to specific resources ensures abuse of valuable services or data does not occur. Preventing unauthorized access leads to enhanced confidence in system and data integrity. Such mechanisms also provide greater visibility in determining what or who may have accessed the system information or data, which affects accountability. Cloud computing providers are trusted to ensure data accuracy and integrity (Denz & Taylor 2013). A cloud model offers various potential threats like sophisticated insider attacks.
Availability entails property of cloud computing services being usable and accessible upon demand from authorized entities. Availability entails a system’s capability to run its operations even when various authorities misbehave. Financial data is important information that is constantly needed by institutions and individuals. Systems should continue their operations even after occurrence of security breaches. Leveraging users from the hardware infrastructure needs creates heavy reliance on ubiquitous network’s availability (Carstensen, Morgenthal & Golden 2012). The network is burdened with data processing and retrieval.
Malicious people are individuals motivated to create negative impacts on a company’s mission through taking actions, which compromise information integrity, availability, and confidentiality. When important information is processed outside an enterprise, the managers may not be aware of the risk levels and nature since they do not have direct and quick ability to counter and control the risks.
Security specialists are aware of inverse relationships between risk and loyalty. Malicious activities from an insider will affect a company’s internal activities, consumer trust, and reputation. This is an important aspect, as cloud-computing services require significant roles like cloud security personnel, cloud auditors, and cloud administrators, which are high-risk.
Cloud computing technologies provide a specific degree of resource scalability that has never been acquired before. Individuals and companies benefit from the additional storage space, computational requirements, and bandwidth allocation. The great advantage also provides a major drawback. Data should be managed within shared environments. A financial company may have many cloud providers to cater for their different needs. All the cloud providers used should be interoperable. In some situations, a financial institution may decide to change its cloud computing service provider. Changing to another provider may create major obstacles like lack of interoperability.
Trusted Third Party
By using trusted third party (TTP) services in a cloud leads to the creation of necessary trust levels, which provides ideal solutions in preserving authenticity, integrity, and confidentiality of communication and data systems. TTPs are entities that facilitate secure interactions among parties who trust the third party. TTPs offer end-to-end security services that are scalable and created on standards useful across various domains, specialization sectors, and geographical areas.
Cloud Computing Security Propositions
Access Management Guidance
Financial companies will require access management to secure their data. Access management will entail implementation of privileged user access. After data storage in the cloud, a provider controls data access by other entities. Limiting privileged user access is achieved using various methods (Rountree & Castrillo 2014). The first method is data encryption before sending the data to the cloud. This separates the capability of data storage from the capability of using the data. The second way is legally enforcing the needs of a cloud provider by implementing assurance mechanisms and contractual obligations to ensure data confidentiality is maintained at the required standards. Cloud computing providers should demonstrate access control policies, which prevent privileged escalation of standard users, support duty segregation, and enable user actions auditing.
Cryptographic Data Separation
Accounting databases store and make use of sensitive information. Protection of personal information and sensitive information within a cloud environment framework constitutes a significant factor crucial for successful deployment of AaaS and SaaS models (Denz & Taylor 2013). Cryptographic separation entails concealing data, computations, and processes in a way that makes them appear untouchable to the outsiders. Integrity, confidentiality, and privacy can be protected by encrypting data. Combining symmetric and asymmetric cryptographic offers efficiency for symmetric cryptography and maintaining security for asymmetric cryptography.
Cloud environments are virtual nets of various independent domains. The relationship between users and resources in cloud computing is dynamic and ad hoc. Users and resource providers are not in similar security domains. Users are often identified through their attributes or characteristics instead of predefined identities. Certificates offered by PKI facilities are used in enforcing access control within the web environment (Denz & Taylor 2013). The certificates are provided by certification authorities, which act as trusted centers within the global web environments. Attribute certificates entail attribute-value pair and principals to whom they apply.
Creating Security Domains
The introduction of federations will lead to efficient and effective trust relationships among involved entities. Federations are groups of legal corporations, which share a set of common rules and policies for online resources access. The federations provide legal structured frameworks, which enable authorization and authentication across various organizations (Rountree & Castrillo 2014). Cloud computing infrastructures should be organized in specific security domains enabling federated clouds. Federate clouds offer structured frameworks, which enable authorization and authentication across various companies.
Inevitably, cloud-computing services support surplus of information systems where benefits outnumber the shortcomings. Through cloud computing, deployment architectures are offered, with capabilities to address vulnerabilities. This paper has identified various cloud computing models, security and risk concerns, and methods of addressing the security issues for financial institutions. Vast possibilities provided by cloud computing should not be ignored due to the security issues. Addressing the security issues will ensure constant availability and reliability of the information system.
Carstensen, J, Morgenthal, J & Golden, B 2012, Cloud Computing, Ely, IT Governance Publishing.
Denz, R & Taylor, S 2013, ‘A survey on securing the virtual cloud’, Journal of Cloud Computing: Advances, Systems and Applications, vol. 2, no. 1, p.17.
Huang, C, Huang, L, Qin, Z, Yuan, H, Zhou, L, Varadharajan, V & Kuo, C 2014, ‘Survey on securing data storage in the cloud’, APSIPA Transactions on Signal and Information Processing, vol. 3.
Rountree, D & Castrillo, I 2014, Basics of cloud computing. Elsevier Syngress, Amsterdam.