Cloud has major security challenges which can be a nightmare for any organization or clients. This paper published in IEEE discusses the cloud implementation security challenges with greater details. It is really a good reference for cloud security and privacy researchers.
2. insider threats and root kits might take place due to use of
vulnerable access control mechanisms [5]. This requires
deploying strong security isolation mechanisms to eliminate
the threats by modifying the hypervisor directly access, or
installing a rootkit on virtualization host, in addition to the
probability of targeting the virtualization management system.
C. Key Management
There are several key management challenges within the
cloud environment such as: Key stores that must be protected
in storage, in transit, and in backup. Improper key storage may
lead to the compromise of all encrypted data. Accesses to key
stores have to be limited to the authorized personnel who
require the individual keys. These keys ought to be under
policies governing them. They should not be with the same
person who is given the keys and who is storing them since
loss of keys means loss of data which keys are protecting [6].
Several possible threats can occur in 1) Communication
channels between CSP and end users during cloud migration
and other business communications between CSP-to-CSP. 2)
Storage areas of clients' data. 3) Hypervisors and VMs.
Vulnerable area to threats should be securely protected and
iso lated by the use of appropriate up-to-date cryptography
systems with efficient key management to secure clients' data
and their applications on the cloud [4].
D. Data Governance and Regulatory Compliance
Clients are responsible for their data and applications even
if it resides on third party storage such as cloud [7]. There
should be shared data security terms and conditions included
in Service Level Agreements (SLAs) initiated between CSPs
and clients based on their data sensitivity. Cloud computing
must be under well developed information security governance
processes, as part of the client's overall corporate governance
obligations with due care in terms of scalability, availability,
measurability, sustainability and cost effectiveness. Since cloud
physical storages are widely distributed across multiple
jurisdictions that have different laws regarding to data
security, privacy, usage and intellectual property. CSPs are
responsible for incorporating the corresponding regulatory
compliance with government and legal country specific
policies when deploying clients' data and applications [4].
CSPs ought to satisfy privacy rules by using up-to-date
security techniques such as encrypting clients' data and
documents on the fly, and on the cloud with the use of strong
techniques (e.g. 256 bit AES algorithms) as well as using
frrewalls to restrict the traffic to each cloud instance by source
IP address. In addition to allowing the access to clients data
through Secure Socket Layer (SSL) encrypted endpoints.
Furthermore, providing a disaster recovery mechanism that
starts quickly in case of a server failure and developing an
authorization model to provide discretionary, role-based and
context-aware authorizations to prevent any unauthorized
access [8].
157731234: Cloud Implementation Security Challenges
E. Service Level Agreements (SLAs)
SLAs refer to a legal contract that describes the minimum
performance criteria CSPs promises to meet while delivering
the required service(s) to their client(s). It defines the
responsibilities of the related parties and sets out the remedial
action plus any consequences that will take effect if
performance falls below the promised standards [9]. Lack of
trust by clients will create a barrier against adopting cloud
computing paradigm. This lack of clients trust may occur as a
result of SLAs not offering a commitment to allow cloud users
to audit their data. The loss of data governance causes
concerns when user's sensitive data and mission-critical
applications move to a cloud computing environment where
providers cannot guarantee the effectiveness of their security
and privacy controls [10]. Clients must understand their
security requirements, what control and federation patterns are
necessary to meet those requirements in order to protect their
rights and themselves against critical business security threats,
besides holding CSP responsible for service failure and their
confidential data loss.
F. Multi-Tenancy
In cloud environment, multi-tenancy means clients can
share infrastructure and databases in order to take advantage of
cost and performance that comes with economies of scale.
Sharing IT resources may encounter threats of data loss,
misuse, or privacy violation. Ensuring security by means of
integrity, availability, confidentiality and non-repudiation is a
must in cloud computing environment where the clients' data
are under the control of CSP in multi-tenant shared
environment [11]. Security must be considered in all aspects of
cloud infrastructure as shown in Fig. 2 [12] below.
f SJtflwate SecuriiY_
MuitHenant Access Se(1J ¸ty l Identity J l Identity -.-kderatlon Authentication J
In ternet Application Security I Arti·DDoS II Arti·Villls I
.l Acce .. Contlol J 1M Identity t ana gem .. J . Antl.Spam J l AsAspep;;l . J
Platform Security
ª
I Framework II EnvironmentJ I Comp o€ent II S« n ty SR rt ty Serunty
interrace ID Secunty ...
f Infrastructure Sec�rffir
Virtual Environment Security Sha red Storage Secu rity
Semel, Il II Virtual Images loadingJ l Virtual I II Machine Data Data Iso lation Segre gation J Virtua l nehVOIK Data 1 EnciJ'Ption
border control , .. I ...
Destruction Auditing and
Compliance
II ManaUgmem ent J I Authoriz ation Management I
1 Access 1 management
I man:ament J
II M onito ring SelVlces I II Auditing Services J
Reporti ng I Serlfces I
,I . .. I,
Figure 2. Cloud Computing Security Architecture [12]
Proceedings of 2012 International of Cloud Computing, Technologies, Applications Management 175
4. H. Identity Management
Identity management is the building block of achieving
confidentiality, integrity and availability. Due to heterogeneity
in cloud systems and models, a federated identity management
system which allows users single sign on (SSO) is required
across mUltiple type of cloud systems that satisfies legal and
policy requirements [18]. Cloud computing has various
service delivery and deployment models that raised the need
for an appropriate identity management (IDM), in terms of
security, privacy, and provisioning of services to ensure the
authorised access as well as to manage access control points,
Virtual Machines (VMs) or service identities, etc. Meanwhile
access to its relevant stored data has to be monitored and
granted by the defmed access level for that mode as mentioned
in the SLA [19-20]. The security challenges for adopting these
models and the relative advantages and disadvantages are
listed in Table 2 [21].
TABLE.2 IDM Security Challenges [21]
10M Advantages Disadvantages Security Challenges
Independent 10M • Easy to implement • The user needs to remember • Should be highly configurable
stack • No separate integration with separate credential's. to facilitate compliance with the
the organization's directory. organization's policies.
Credential • Users do not need to remember • Require integration with the • There isa need to ensure
Synchronization multiple passwords. organization's di rectory. security of users credentials'
• Has higher security risk value during transit and storage to
due to the transmission of user preventtheirleaicage.
credentials' outside the
organization perimeter.
Federated 10M • Users do not need to remember • More complex to implement. • There isa shared need
multiple passwords. between the cloud vendor and
• No separate integration with client to ensure that proper
the organization's directory. trust relationship and validation
• Low security risk value as
are established for secure
compared to credential federation of user ident–ies.
synchronization.
1. Abuse and Nefarious Use of Cloud
Since cloud computing offers various computing services
on demand in low cost and sometimes in free trial versions,
people may misuse these services regarding to their benefits.
According to Cloud Security Alliance (CSA) [3] the threat of
misusing cloud computing services is a challenge that should
be faced since this threat can result from various situations
such as tampering of information by internal personnel
(malicious insiders), the destruction of network and system
resources by external personnel or hackers (malicious
outsiders) who intrude through the vulnerability of cloud
information system. In addition to threat of system failures
and information damage which caused by lack of
157731234: Cloud Implementation Security Challenges
accountability or carelessness of internal personnel, however,
system attack and information leakage are caused by
unprofessional operation of internal personnel. These threats
are illustrated in Fig.4 [17] as follows.
Natural Disastersl
Hardware and Software
Failures
A buse, Misuse and
Tampering with
I nformation
Malicious Attacks on
Networks and Systems
O rganization
Management
Figure 4. Cloud Information System Threat Factors [17]
Strong authentication and access control mechanisms
should be applied in addition to security and privacy tools and
techniques to provide isolation of clients from each other's
VMs, as well as applying disaster recovery methods to provide
data availability and to secure the data from environmental
incidents that causes data loss.
III. CONCLUSION
Several industries are moving towards adopting cloud
computing regarding to it significant features and low cost.
However, the industry data being under the control of CSP
created a risk of data leakage that posed a barrier against
trusting this agile paradigm. Clients must make sure that the
CSP is willing to undergo external audits and/or security
certifications. In this paper we tried to view cloud challenges to
be considered and solved in order for clients to be confident to
implement the cloud paradigm in critical industries.
ACKNOWLEDGMENT
Our gratitude goes to God Almighty who gave us the
knowledge to complete this work.
REFERENCES
[1] IBM, IBM Data Center Networking: Planning for virtualization and
cloud computing, International Technical Support Organization, 2011.
[2] Appistry, Unlocking the Promise of Cloud Computing for the
Enterprise Achieving scalability, agility and reliability with cloud
application platforms, [Online] Available at:
http://charltonb. typepad. com/papers/Unlocking_ the_Promise _ oC Cloud_
Computing_for _the_Enterprise. pd f .
[3] P. Praveen , et ai, Challenging Threats and Flaws in Cloud Computing
Environment, International Conference on Computing and Control
Engineering (lCCCE 2012), 12 13 April, 2012, pp.I-5.
[4] M. Srinivasan, et al., State-of-the-art Cloud Computing Security
Taxonomies A classification of security challenges in the present cloud
computing environment, In: International Conference on Advances in
Computing, Communications and Informatics (lCACCI-2012), ICACCI
'12, ACM, 2012, CHENNAI, India.
Proceedings of 2012 International of Cloud Computing, Technologies, Applications Management 177
5. [5] A. Tolnai and S. von Solms, The Cloud's Core Virtual Infrastructure
Security, Global Security, Safety, and Sustainability Communications
in Computer and Information Science, 2010, Volume 92, pp. 19-27.
[6] S. Lei, D. Zishan, and G. Jindi, Research on Key Management
Infrastructure in Cloud Computing Environment, Grid and Cooperative
Computing (GCC), 2010 9th Intemational Conference on, pp. 404-407,
Nov. 2010.
[7] F. Sabahi, Cloud computing security threats and responses,
Communication Software and Networks (ICCSN), 2011 IEEE 3rd
International Conference on, pp. 245-249, May 2011.
[8] M. Poulymenopoulou, F. Malarnateniou, and G. Vassilacopoulos, EEPR:
a cloud-based architecture of an electronic emergency patient
record, In Proceedings of the 4th International Conference on Pervasive
Technologies Related to Assistive Environments (PETRA 'II). ACM,
2011 , Article 35 , 7 pages
[9] R. Padhy, M. Patra, and S. Satapathy, SLAs in Cloud Systems: The
Business Perspective, International Journal of Computer Science and
Technology , March 2012, Vol. 3, Issue I. Page no. 481 488.
[10] K. Mu-Hsing, A Healthcare Cloud Computing Strategic Planning
Model, Computer Science and Convergence, Lecture Notes in
Electrical Engineering, 2012, Volume Il4, Part 6, pp. 769-775.
[II] CPB UK Ltd, Security Survey Results - Threats Anticipated by
Organisations, Business Technology Group (BTG), 2011 [Online]
A vailable at: http://www.btg-uk.com/security-research.html
[12] D. Chen, H. Zhao, Data Security and Privacy Protection Issues in Cloud
Computing, Computer Science and Electronics Engineering (ICCSEE),
2012 International Conference on , vol.l, no., pp.647-651, 23-25 March
2012.
[13] D. Zissis and D. Lekkas, Addressing cloud computing security issues,
Future Generation Computer Systems, Elsivier, Volume 28, Issue 3,
March 2012, pp. 583-592.
Mervat Bamiah, Sarfraz Brohi, Suriayati Chuprat, Muhammad Nawaz Brohi
[14] C. Probst, Privacy Penetration Testing: How to Establish Trust in Your
Cloud Provider, European Data Protection: In Good Health?, Springer
Jan 1, 2012, Part 3, pp. 251-265.
[15] D. Cappelli, A. Moore, and R. Trzeciak, The CERT Guide to Insider
Threats: How to Prevent, Detect, and Respond to Infonnation
Technology Crimes (Theft, Sabotage, Fraud), ser. SEI Series in
Software Engineering. Addison-Wesley Professional, 2012.
[16] W. Claycomb and A. Nicoll, Insider Threats to Cloud Computing:
Directions for New Research Challenges, in COMPSAC 2012:
Trustworthy Software Systems for the Digital Society, COMPSAC
2012, The 36th Annual International Computer Software and
Applications Conference 2012 .
[17] Q. Li and Z. Xie, A Correlation Analysis Method for Threat Factors in
Information System Based on Cloud Model, Machine Vision and
Human-Machine Interface (MVHT), 2010 International Conference on,
pp. 541-544, Apr. 2010.
[18] V. Winkler, Designing Cloud Security, chapter7 in Securing the
Cloud: Cloud Computer Security Techniques and Tactics, Elsevier,2012,
pp. 307-327.
[19] M. Srinivasan and P. Rodrigues, A roadmap for the comparison of
identity management solutions based on state-of-the-art IdM
taxonomies, Springer Communications in Computer and Information
Science, 2010 , pp. 349-358.
[20] M. Srinivasan and P. Rodrigues, Analysis on identity management
systems with extended state-of-the-art IdM taxonomy factors,
International Journal of Ad hoc, Sensor Ubiquitous Computing ,
December 2010, Vol.l, No.4, pp. 62- 70.
[21] S. Subashini and V.Kavitha A survey on security issues in service
delivery models of cloud computing, Journal of Network and Computer
Applications, Elsivier, Volume 34, Issue I, January 2011, Pages I-II
Proceedings of 2012 International of Cloud Computing, Technologies, Applications Management 178