Introduction
Cloud computing is often about access to processing power, online software and applications, and data storage. It involves interpersonal computing and various other activities that include the use of networking sites at the social level. Cloud computing provides an innovative way of dynamically improving and increasing capabilities and people capacities without necessarily having to invest in training of new staff, purchase of new infrastructure, or engaging new software. It widens the range and capability of information technology and avails immense opportunities to many people. Cloud computing has grown and developed over a couple of years from a potential business concept to being one of the largest and fastest growing components of information technology (Ayers, 2012) . More and more information about people and business corporations is continuously being placed in the clouds, raising concerns about just how safe the cloud environment is. Many potential clients are reluctant to use the cloud technology for storage of their data despite the recent hype about the relatively new technology. Security concerns continue to be a key impediment to the acceptance and use of cloud computing. This paper will explore the various security issues and the concerns that have come with the use of the cloud computing system.
Literature Review
According to Buckley (2014) the adoption of a cloud computing system by an enterprise or an individual can pose security and privacy risks associated with access to the data. Information which is transmitted by an individual or a company through a cloud computing system can pose a varying degree of security or privacy risk, depending on the granted privileged user access and issues about the rights to data access and ownership. It is critical that individuals and businesses take their time to acquaint themselves well with their service providers and the associated regulations before they can commit to use of some applications and services (Mathkunti, 2014) . Customers are held responsible for the privacy and security of their data solutions since they have a choice over service providers, with the freedom to choose between providers that allow third party auditing of security levels and those that do not allow. Providers must comply with the regulatory terms that they commit to. The location of data is determined by the existing contracts and some clients might never get to know the jurisdiction or country in which their data is stored. Data segregation is a key practice in cloud computing, particularly when encrypted data from a variety of entities or individuals is placed in the same location. The service provider should deploy a mechanism for the separation of such information in such a situation. Cloud computing technology providers should as well have a data recovery mechanism for the protection of client data in case of any breaches. Additionally, there are no well-defined investigative mechanisms that a client can legally pursue if they suspect any kind of faulty activity or unwelcome interference from the provider. Service providers may also lack long term viability, thereby exposing clients to data breaches especially when the provider merges with another or is bought out and the client cannot retract their data or the contract (Winkler, 2011) .
Delegate your assignment to our experts and they will do the rest.
Winkler (2011) explored a variety of security and privacy risks associated with the adoption of the cloud computing system along with their possibility, effects, and the predisposing elements in the system. He discussed security specifications and goals with relativity to data recovery, location, and separation. Shah et al, (2016) looked into far reaching security issues such as the privacy of sensitive and personal information, payment for services, and data integrity in cloud computing. They discussed the risk predisposition of the cloud computing system, grouping the risks into three broad groups: those related to security controls, those related to technology, and those related to the characteristics of the cloud. They also looked into the security inconveniences presented by the cloud computing service delivery model, with a particular focus on the Software as a service (SaaS) model. Tari (2014) focused on various cloud computing security concerns and the results of a study by the International Data Corporation (IDC) to discuss security and privacy management in the system. Other researchers explored other concerns associated with cloud computing from perspectives such as cloud service delivery model, cloud architecture, cloud stakeholders, and cloud-provided components (Buckley & Wu, 2014) .
Today many enterprises and individuals across the globe and in all sectors of the economy have a desire to adopt a cloud computing system but have security fears. Security and privacy assurance is needed for the wide scale adoption and acceleration of cloud computing technology and for response to the regulatory drivers. The technology is transforming and shaping the future of information technology. The lack of a compliance and regulatory environment is however drawing back the efforts made so far in the adoption and growth of the dynamic technology. This paper presents a thorough analysis of the security issues associated with cloud computing with a focus on the variety of cloud deployment and service delivery systems.
Deployment Models of Cloud Computing
Cloud computing has three main models of cloud deployment. These are the private cloud, the public cloud, and the hybrid cloud. The term private cloud is relatively new and is usually used by some providers to describe services that are similar in functionality to private networks. A private cloud is put up within a company’s internal operations data center. The private cloud pools together the virtual applications and scalable resources that it provides and avails them for use and sharing by the cloud users. A private cloud is different from the public cloud in that the resources and applications that it holds are under the management of the company, as it happens with intranet. Use of the private cloud provides more security than the public cloud since its internal exposure is specified. Only the company and those who have the right can access data that is stored on the particular private cloud.
The public cloud is a description of cloud computing technology in its traditional and popular sense. The public cloud provides resources on a dynamic scale and on a self-service and smooth basis over the internet and through web services and/or applications, all this from a third-party and off-site provider. The provider shares the resources in the public cloud and charges depending on computations on smooth utilities. The billing system is similar to a prepaid power metering system because it is built on a model that allows consumers to pay as per their consumption. The system also allows for a rise in demand for optimization of the cloud. The public cloud exposes data to malicious attacks and security risks, making it less secure than other cloud computing models.
The hybrid cloud is a system characterized by the linkage of a private cloud to either one or more off-site cloud services. It is protected by a secure network, managed from a central point and runs like a single system. This system offers virtual solutions in information technology through a combination of both private and public clouds. It provides more security for the applications and the data while allowing different parties to access data through the internet. The hybrid cloud also allows for interfaces with various other data management systems via its open architecture. This system can describe configuration which links local devices with cloud services. Additionally, it can read configurations that combine physical, virtual, and collocated assets while acting as a protector such as a spam filter or a firewall, consequently enhancing data security.
Service Delivery Models in Cloud Computing
There are three main service delivery models in cloud computing. These models are Infrastructure as a service, Platform as a service, and Software as a service. They are abbreviated as IaaS, PaaS, and SaaS, respectively. In IaaS, the provider shares their resources at a pay per use charge with their clients who are bound by a service contract. The system is a one-tenant cloud layer operating under totally abstract hardware that allows clients to make use of it with no concerns about the associated technicalities. The cloud is affordable since it is not as costly as the other systems. It is however not secure because it only has a firewall and load balancing for data protection. Applications and data that move into the cloud system need more protection and security from the host.
PaaS is hosted on the servers of the internet service provider. It is a set of development tools and software that works in a way that is similar to IaaS, but offers a complimentary level of functionality. Those who use the services of this delivery system are able to transfer a significantly higher amount of their capital investment costs to their operational spending. They however must appreciate higher constraints and some possible level of lock-in which is brought about by the layers added for higher utility. Virtual machines are used to optimize the functionality this system. It is critical that the integrity of software applications and the effective enforcement of checks for authenticity are upheld and bolstered across all the networking channels in the event of data transfer. This is basically because the virtual machines used in the system need to be secured from malicious attacks and data malware.
The SaaS delivery model is a system where a vendor hosts applications and makes them available to clients through a network, usually the internet. Applications in SaaS are availed through browsers. The security of web browsers is therefore vital. SaaS applications can be secured through various means such as extendable mark-up language and encryption, among others.
A combination of the delivery models with three types of clouds produces an all-encompassing cloud which is interconnected through linkage devices and themes for data security. Virtual physical resources, hardware, middleware platforms, and enterprise applications are provided and utilized as services from the cloud. Both cloud providers and their customers should maintain cloud security and privacy at all interfaces.
Conclusion
Cloud computing has transformed how people use the internet. It has however come with its downsides which we are discussed in this paper. These security risks call for caution in the adoption of cloud computing. The modern technological revolution has come with the rapid emergence of new technological advancements which have the potential to not only ease access to information and data, but also make life easier. It is however important that users of these new technologies are careful and understand the associated risks. This paper has highlighted key security concerns associated with cloud computing. With effective security solutions, cloud computing can become the preferred virtual and affordable information technology solution for enterprises and individuals.
References
Alani, M. M. (2014). Securing the Cloud: Threats, Attacks and Mitigation Techniques. Journal of Advanced Computer Science & Technology, 3 (2), 202.
Ayers, P. (2012). Securing and controlling data in the cloud. Computer Fraud & Security, 2012 (11), 16-20.
Buckley, A. I., & Wu, F. (2014). Security Policies for Securing Cloud Databases. International Journal of Advanced Computer Science and Applications, 5 (6).
Mathkunti, N. M. (2014). Cloud Computing: Security Issues. International Journal Of Computer And Communication Engineering, 3 (4), 259-263.
Shah, A., & Kannan, J. (2016). Fog Computing: Securing the cloud and preventing insider attacks in the cloud. International Journal Of Engineering And Computer Science .
Tari, Z. (2014). Security and Privacy in Cloud Computing 1(1), 54-57. IEEE Cloud Computing, 1 (1), 54-57.
Winkler, V. J. (2011). Securing the Cloud: Cloud Computer Security Techniques and Tactics. Waltham: Elsevier.
