cloud computing security issues and challenges
Post on 10-Apr-2016
2 Views
Preview:
DESCRIPTION
TRANSCRIPT
Cloud Computing Security Issues and Challenges
Security Policy Standard and Management
INF 806
Odegbesan Omobolaji Ayomide
A00018467
Abstract
The advancement of IT infrastructure and Technology is on a rapid growth, There is need for easy access
to information by individual and Organizations/firms at any point in time in any geographical location
with smart device without any special Configuration or customization which requires very little
resources in servicing. The Cloud Computing is a practical example of this Technology/ Infrastructure.
Cloud Computing is an Internet based Technology which involves the storage, processing, modification
and sharing of Computer resources through Interactions and interconnection of configurable devices by
Individual or Organizations/Firms at an affordable rate. (Wikipedia, 2015).
Cloud computing provides a ground technological standard for individuals and organizations to take on
without any major financial asset required on the part of the organizations and individuals. Regardless of
the enormous amount of advantages or benefits that cloud computing provides, it is marred by security
challenges and issues which makes the acceptability rate of this technology by individuals and
organizations at a daunting rate. An example of this security concern is the compromise, modification
and theft of the critical and valuable information either by hackers or third party handling the
information’s on the cloud (Samson, 2013).
Introduction
The growth of the internet as become very rapid to the point that it allow the sharing, storage,
processing, transmission and modification of information’s and files of every kind, this new growth and
development of Information Technology is known as cloud computing (Chlcks & Cleveland, 2012). The
cloud computing provides a lot advantages such as low cost of maintenance, easy access anywhere and
anytime but as advantageous as cloud computing might be it as some disadvantages which prevent
some organizations and individuals form accepting it .
This easy is geared at looking at the major security issues and challenges that’s facing cloud computing.
First the discussion of what cloud computing in the first section which would be followed by the
characteristics, service model, deployment model in the next section which would be the followed by
the major security challenges and issues affecting cloud computing which would be supported by a case
study while a discussion and conclusion would be at the end of the paper.
Cloud Computing
The National Institute of Standard of Technology (NIST) defined cloud Computing “as a model for
enabling ubiquitous, convenient, on demand network access to a shared pool of configurable resource
(e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released
with minimal management effort or service provider interaction” (Michael Hogan, 2011), in other words
cloud computing is a virtual environment that can be access through the internet which allows for the
storage, processing, transmitting and sharing of computer resources. This type of computing service is
provided by a cloud service provider who manages data at an affordable rate to the customer
(Wikipedia, 2015).
There is an increasing amount of users moving from the old method of buying hardware for the purpose
of data maintenance which also as a downside of hardware depreciation, high cost and immobility, this
is also known as the (CAPEX MODEL) to an era of storage over the cloud through the internet this is
known as the (OPEX MODEL) (Wikipedia, 2015).
Characteristics of cloud Computing
Cloud computing as several characteristics which make it a distinctive technology as compared to other
type of the Technologies. The major characteristics of cloud computing are follows.
1. Shared computing infrastructure and resources:
Cloud computing is a technology which involves and based on the sharing of computing
resources for service rendering. The sharing of computing resources is made possible with the
use of the virtualized software mode. Cloud computing resource s are made available across a
number of customers regardless of the deployment model (Corporation, 2010).
2. Provision of dynamic and on demand self-service:
This allows the users to easily provide themselves with the required services and capabilities
which is provided automatically by a software automation system. This characteristic make
cloud computing user friendly and simple to use as there little or no interaction with the service
provider or the host company. The wide range of network accessed cloud computing
infrastructure/resource are easily accessible through device using standard based application
programme interface (API) such as laptop, pc , mobile devices over the internet (Corporation,
2010).
3. Service gauging facility:
Cloud computing system manages and measures customer used computing resources, this is
done by a metering system which is used to generate billing information and reports, this is
incorporated into the cloud computing infrastructure. This characteristics allows for
transparency as users are appropriately billed on used services by customers (Corporation,
2010).
Service Model
Service models are the service delivered to the user on the bases of their needs and requirement. This
service are very distinct from each other in that they provide different facilities and service for
customers (Michael Hogan, 2011).There are 3 types of service model which are as follows
1. Software as a Service(Saas):
In this type of service model, the authorization and access to use a software or application that
is hosted on the cloud is purchased by the customer i.e. the right to use the software or
application hosted on the cloud by the cloud provider is purchased by the user. The user does
not have authorization to manage and control cloud infrastructure, they only have the right to
use the application/software provided by the cloud provider (Michael Hogan, 2011).
2. Platform as a service(PaaS):
In this type of service model the customer or user acquires the right to access the platform
which allows them to implement, use and put up their own application software in the cloud.
The customer only have access to the platform and doesn’t the right to manage and control the
cloud infrastructure (Michael Hogan, 2011).
3. Infrastructure as a Service(Iaas):
This service model allow and grant the consumer to use the capability of Storage, Processing
and network and several other basic fundamental computing resources and also allows the
consumer to put up and deploy an operating system; application but they don’t control the
cloud infrastructure.
Deployment Model
Cloud computing have 4 different types of deployment model which support user needs and
requirement as well as customer service requirement needs and requirement.
The deployment model are as follows
1. Private Cloud
This type of deployment model is mainly for a Particular firm or organization, this is an exclusive
cloud. The cloud infrastructure is solely managed, maintained, operated and controlled for a
particular organization, this type of deployment model may either be controlled by the
organisation in their premises or environment or by a third party cloud provider at a data center
(Michael Hogan, 2011).
2. Community Cloud:
In this type of deployment model, the cloud infrastructure is shared and used by several
organization that have a common need, interest and requirement. This type of deployment
model help to reduce cost as organizations that uses the model slit the cost of running the cloud
infrastructure. This cloud infrastructure may either be ran at a third party data center by the
cloud provider or either on existing premises or off premises of any of the organization (Michael
Hogan, 2011).
3. Public Cloud:
This type of deployment model supports commercial use, the cloud infrastructure is used by the
public for profitmaking and commercial use. The Customer is allowed to deploy and develop
needed service at an affordable cost (Michael Hogan, 2011).
4. Hybrid Cloud:
This is a cloud deployment model which consist of several cloud infrastructure such as private
cloud, community cloud and public cloud which remain as separate and unique clouds but also
have the capability to allow the movement of application and data from one cloud to the other
through a standardized technology (Michael Hogan, 2011).
Cloud Computing security Issues and challenges
Cloud computing was once an IT business concept that was thought of but as become a fast growing IT
technology. This Technology as gained a good ground amongst individuals and organization as it helps to
save resources and effort used to manage computing resources, this technology as completely
revolutionized the IT world, this technology promises a lot of benefits and advantages to the world but
as beneficial as the technology might be it is marred by some major issues and challenges (Zimski, 2009).
Due to this issues customers are skeptical about this new technology because this issues are pressing
issues that affects the users of this new technology.
The major challenges facing cloud computing are can are cascaded in to three broad distinctive
categories which are as follows (Beal, 2011).
1. Data Protection:
Data Protection is one of the major challenges in cloud computing, customers would have to
hand out critical and valuable information to a third party cloud provider; ensuring this that this
vital information are highly protected is a major concern for the customer and a major priority
for the cloud provider. This data must be highly protected through encryption other protection
technique with a precise role for the handler of this vital information, if not properly handled or
managed it can pose a high level of comprise risk of the information (Beal, 2011).
2. User Authentication:
User authentication is another challenge in cloud computing as data residing in a cloud needs to
be accessed only by authorized user. This is a very critical challenge in cloud computing security,
the monitoring and restriction of who is accessing the data in the cloud needs to be done by the
cloud provider. This challenge is major concern by both the customer and the service provide as
fake authentication are on high level in the present IT world. It is required of the cloud provider
to ensure a high level of authentication process and proper monitoring of entry log who
accessed what, when and how (Beal, 2011).
3. Contingency Planning:
The risk of having a data breach or comprised data in the cloud is on the high level as the
internet is not entirely secure a very good tool for the hackers to use to steal and compromise
vital information and data, there are other factors like natural disasters which can damage,
compromise, make data unavailable and lost. There is a need for a plan to retrieve protect and
restore lost, stole or compromised data in the event that any compromise due to any factor.
Contingency plan should be put in place for unexpected event and disasters if they should occur
(Beal, 2011).
There other challenges and issues affecting cloud computing like data location, the location of the stored
data is one issue that is involve laws in a particular location such as that a data might be highly secured
in one location and but not very secure in another location due to the laws of the location(Binning,
2009).
Case Study
Cloud Flare boss’s Gmail hacked in redirect attack on 4Chan
This case study shows how the cloud flare boss’s Gmail was a hacked in a redirect to 4chan.”Content
distribution network Cloud Flare reset all its customer API keys over the weekend after its CEO’s
personal and corporate Gmail was breached in an elaborate attack on one customer, which appears to
have been the 4Chan message board.
According to Cloud Flare CEO Matthew Prince, a hacker last Friday exploited a subtle flaw in Google
App’s Gmail password recovery process, allowing them to break into his personal account, breach his
CloudFlare.com Gmail address, bypass Gmail’s two-factor authentication (TFA), and redirect one
customer’s website. UGNazi, the hacker group that claimed credit for the huge breach at billing software
provider WHMCS, has also laid claim to the attack on Cloud Flare, according to a report by Softpediz
Prince said on Saturday Google confirmed there was a subtle flaw affecting not 2-step verification itself,
but the account recovery flow for some accounts.” Google said it had now blocked that attack vector.
Prince did not use Gmail’s TFA for his personal account, however, the company did for all its
CloudFlare.com Gmail accounts. Prior to Google’s confirmation, Prince was alarmed that TFA didn’t
prevent CloudFlare.com’s accounts becoming compromised since it should have prevented this attack,
even if the attacker had the password.”
It’s unclear from Prince's explanation how the attacker somehow convinced Google's account recovery
systems to add a fraudulent recovery email address to my personal Gmail account, however once it was
compromised he said the attacker was able to use the password recovery feature for his CloudFlare.com
Gmail account to access his corporate email. Prince said that no customer credit card details were
exposed since those details never pass through its servers but go straight to a billing provider, and that it
appears the attacker had not accessed its core database or seen additional client data. However, a claim
was made on the Twitter account of UGNazi member Cosmo that UGNazi had gained full access into
Cloud flare's server and obtained the database", in a post flagging that 4Chan was redirected to the
UGNazi Twitter account.
Cosmo also told Softpedia that UGNazi did access Cloud Flare's main server, could see all customer
account information, including names, payment methods, user IDs, and had access to reset any account
on Cloud Flare. The hackers said they planned on selling the information on Darkode. Cosmo also said
Prince's explanation that the attacker convinced Google's account recovery, was bogus, adding that
there was "no way you could social engineer a Google App. On Saturday Prince said Cloud Flare found
that some customer API keys were present in the email accounts that were compromised, which was
why it reset all API keys for things such as Cloud Flare WordPress plugin.
In order to ensure they could not be used as an attack vector, we reset all customer API keys and
disabled the process that would previously email them in certain cases to Cloud Flare administrator
accounts, said Prince. Despite the troubling realisation that Gmail’s two-factor authentication failed to
prevent the attack when it should have, Prince urged others to use it and said he has since turned the
feature on for his personal account. Also, even though the password reset process was used to
compromise Prince’s 20 + character, unique and randomised password, he encouraged others to use an
extremely strong password for email and to change any password recovery email to an account that you
do not use for anything else and cannot easily be guessed by a determined hacker” (Tung, 2012).
Discussion
This paper discussed about cloud computing, its characteristics, secures, above all the issues and
challenges face by cloud computing in IT world and this backed by a case study which illustrates the
importance of the three main categories of cloud computing challenges and issues which are data
protection, User authentication and Contingency plan. This main challenges issues can be seen in the
case study of the Cloud flare where the CEO corporate and personal Gmail account where hacked by
bypassing the 2 factor verification which was the Gmail authentication system and this lead to the
compromise and theft of valuable and vital information and also allow the hacker to gain access in the
firms server and database which contain valuable customers information which was stolen and sold by
the hacker, and this forced the firm to create a plan in other to prevent the reoccurrence of this event in
the future by putting preventing and proactive measures in place (Tung, 2012).
From this case study, it shows how daunting the three main challenges are to cloud computing as it
requires a proper, high level and serious attention in other to successful resolve this cloud security
issues and challenges.
Conclusion
This paper began by explaining the meaning of cloud computing alongside its attribute and it noted main
categorises of cloud computing issues and challenges which was backed by a case study which is used to
show the interaction between theory and practise and the major cloud computing security issues and
challenges faced by stakeholders of this fast growing technological innovation which went on to tell us
how importance it is squarely face this challenges into to avoid and reduce the risk associated with
challenges such as data theft and compromise of vital data and information, theft or use of fake
identification by criminals and hackers using the internet as a vital weapon for this security breach and
also a bad contingency plan can lead to valuable data lost with no way to retrieve this information when
an unexpected event happens.
In conclusion this paper showed that cloud computing also as major security issues and challenges faced
by customer and service providers despite the fact that it provides allot of benefits to both the
customers and the service providers. Cloud computing as the potential of growing to the become a more
secure virtual environment in the future.
ReferencesBeal, V. (2011, 04 11). QuinStreet Inc. Retrieved from Webopedia :
http://www.webopedia.com/DidYouKnow/Hardware_Software/cloud_computing_security_chal
lenges.html
Binning, D. (2009, 04 24). Tech Target . Retrieved from Computer Weekly :
http://www.computerweekly.com/news/2240089111/Top-five-cloud-computing-security-issues
Chlcks, K. S., & Cleveland, D. (2012, 5 25). Wikinvest . Retrieved from Wikinvest TM :
http://www.wikinvest.com/concept/Cloud_Computing
Corporation, D. (2010). Introduction to Cloud. Montreal: Dialogic Corporation.
Michael Hogan, F. L. (2011). NIST Cloud Computing Standards Roadmap. Gaithersburg: National Institute
of Standards and Technology.
Samson, T. (2013, 02 25). InfoWorld, Inc. Retrieved from InfoWorld Tech Watch:
http://www.infoworld.com/article/2613560/cloud-security/cloud-security-9-top-threats-to-
cloud-computing-security.html
Tung, L. (2012, 6 4). IDG Communications Pty Ltd. Retrieved from IDG :
http://www.cso.com.au/article/426515/cloudflare_boss_gmail_hacked_redirect_attack_4chan/
Wikipedia, t. f. (2015, 10 27). Wikimedia Foundation, Inc. Retrieved from Wikipedia, the free
encyclopedia: https://en.wikipedia.org/wiki/Cloud_computing
Zimski, P. (2009, 09 6). TechTaget . Retrieved from Computer weekly :
http://www.computerweekly.com/opinion/Cloud-computing-faces-security-storm
top related