Introduction
Cloud computing can be described as a system that enables users to work on their computers, process data, and store information using remote servers, which are hosted on the internet rather than using local servers.
Cloud computing is a very recent phenomenon that is coming out as the next big thing due to the convenience it offers the user (Bisong & Rahman, 2011, p. 31). It allows users to work from a machine from anywhere around the globe with instant access to a database they have stored their information.
At the same time, they are able to store whatever data they have generated without trouble. Cloud computing is solely dependent on the internet for storage and access of data. Thus, as Yan says, the availability of the internet is paramount for it to work (2010, p. 28).
Internet use has so many challenges with some of them being directly transferable to the use of clouds.
Even though all these advantages of cloud computing are significant, the study argues that several challenges with regard to cyber security afflict an organization deploying services of cloud service providers such as SaaS and PaaS.
Cyber security Vulnerabilities and Threats
Several vulnerabilities can be experienced while using the cloud facility. They include the following:
- Danger of losing information.
- Coexistence of tenants.
- Challenges Posed by Technological Dynamism.
- Threats of Malicious Attacks.
Danger of Losing Information
Cloud technology is fashioned in such a way that users of the facility are connected to a remote server form, which they access, use, and store information via the internet. Servers comprise physical equipment that can be stationed anywhere. Their connection to the internet is what makes them relevant to the cloud’s technology.
Such equipment though secure can be vulnerable to any form of risk that can lead to its destruction. The physical destruction of server equipment that holds the memory of the server can lead to permanent loss of all the information stored in there.
Dangers like fire, theft, and other phenomenon that can affect the servers can lead to loss of information stored there by different users unless the service provider has a back up that has not been affected by the destruction. Whenever such a damage or destruction happens, the users of the system are the big losers.
Coexistence of Tenants
Cloud technology came about because of the need for users to have an easily accessible server without the need of an individual to own a server. This technology attracted the interest of different users who had varied uses for the facility as well as intentions.
The mere fact that users are not aware of the security strength of the facility can make the facility vulnerable to misuse by users who might install malicious data that can affect the usability of the facility by other users as argued by Morsy, Grundy, and Muller (2010, p. 1).
Whereas the security settings might be secure for other users, it might not be as secure for users who have sensitive information that might be of interest to other hackers. This threat can offer an easy opportunity for hackers to access sensitive information as long as they can crack.
This form of exposure is a great insecurity to users who wish to have their information remaining confident as much as possible. Different users have varied amounts of data that they intend to bring to the system for different purposes.
This amount can expose servers to an overload, which can lead to the collapse of the whole system thus denying users access to the cloud system.
Challenges Posed by Technological Dynamism
The nature of technology is that it is dynamic and in a continuous state of evolution in that, every time, there is something new within the technological circles.
This situation poses a threat to users of the system because it will keep them in a constant mode of having to understand how the system works every other time there is a change. Most affected in this case is the security system that is in place for securing the system.
The biggest challenge to the security system is that it will always have to change with the continuous change in technology because an obsolete technology being used as security of the system is vulnerable to attacks by much more advanced software.
Security systems are expensive to develop and maintain for them to be effective against threats. Therefore, constant changing of the systems for them to be up to date with the technological changes can be very expensive to the service providers.
Failure by the service providers to keep an up-to-date security system can pose a very dangerous situation to the data and usage of the system because it will be facing high-risk possibilities of being hacked into by intruders (Bisong & Rahman, 2011, p. 35).
In case of such a lapse, the security of the system is not completely guaranteed.
Threats of Malicious Attacks
Cloud systems have become the most popular targets by hackers with malicious intentions who get attracted to it out of different reasons ranging from the need to steal to such reasons as curiosity usually.
The information technology system has made progress in the world by setting trends of what can be exciting to different users of the system. In so doing, it has bred users with different interests who tend to use the technology in ways that can be described as being professionally unethical.
Hackers of systems have different reasons for doing it. In most cases, they tend to steal security codes of the systems so that they can have access to data that has been stored. This attempt can lead to loss of crucial information by users, which might have great implications in their social and economic lives.
Bisong and Rahman (2011) postulate, “Moving to the cloud presents the enterprise a number of risks that include securing critical information like protection of intellectual property, trade secrets, and personally identifiable information that could fall into wrong hands” (p. 36).
This argument is an indication that clouds hold highly prized data that can be of interest to unauthorized parties.
Probability of Occurrence
The danger of losing information in case of destruction of servers used by clouds is real and can happen anytime thus leading to a complete loss of information by users off clouds. The probability of such an occurrence cannot be easily measured.
It can be placed between medium and low depending on the cause of destruction. In the case of physical destruction of the servers by natural calamities, the risk should be low because the choice of location by the service providers usually puts such issues in consideration.
The coexistence of tenants with different uses for the system on the same platform can offer a high threat of risk probabilities of an occurrence happening. This is simply because malicious users of the clouds are able to understand how it works. They may device ways of hacking into the system for their own selfish reasons.
The challenge of using clouds by the user is that users are never aware of the security measures put in place by the administrators of the system. At the same time, the security of the information they have entrusted with clouds is beyond them because they lack control over it.
This case therefore exposes the users of the system to vulnerabilities that the system might face from some of its own users who might be malicious. Clouds offer remote services to users as long as they meet certain conditions, which in most times are not stringent. Users of the system are at times anonymous.
Their identity cannot be easily verified together with their location thus making use of a common platform by different users a high-risk probability of a threat occurring.
The risk by challenges posed by technological dynamism can be placed as low because most of companies offering cloud services have invested a lot in human resources that are able to tackle the challenges of change. Experts and engineers who are the best brains in their field run the cloud technology.
Due to the infancy nature of the technology, a continuous work on bettering the system is being done. This effort has allowed providers to keep a close eye to the changes that happen in the technological arena with the view of infusing them with the system in use and hence a continuous upgrade of the system.
The risk posed by technological changes might be medium or high depending on the cloud service delivery mode. There are three modes available so far: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). The different modes determine users’ participation in securing their data.
‘Infrastructure as a Service’ is the most vulnerable compared to other modes. It is known to expose the user depending on the level of security measures put in place. The other two modes are safer compared to IaaS.
Threats of malicious attacks on the clouds can be described as high due to concerted efforts by hackers to gain confidential information being held by clouds.
Cloud technology has become attractive to hackers because of its ability to attract high-end users who seek their service thus making clouds vulnerable to attacks that may lead to loss of information by users.
The different modes of service delivery as adopted by cloud technique makes this threat real due to the common platform it offers its users. Furthermore, information stored in clouds is vulnerable because the user might not know when intruders have hacked into it. Only the providers of the service might know.
Depending on their choice, they can either inform the user or fail to do so. Threats of malicious attacks on the system are the biggest and most high-risk because of the platform the internet offers (Sara & Fiaz, 2012, p. 1326).
The internet offers the advantages of remoteness to access information. Therefore, hackers can pose as a threat from thousands of miles away and in the comfort of their homes.
Policies and Procedures for Managing Risks
The danger of losing information though physical damage of servers can be stemmed by the manufacturers of the equipment used by coming up with fireproof equipment in case of a fire, or generally equipment that cannot be easily damaged like black boxes used in aircrafts.
Equipment modeled this way can offer guarantees of safety in case of destructive risks. Standards for housing and location of server equipment should be set. At the same time, server equipment should be decentralized to different places with backup facilities being made available.
Service providers can manage the coexistence of tenants by setting standard security measures that have to be adhered to by all users. Users should provide the first line of security to their data against any form of hacking.
The system should monitor activities of all users in order to stem the activities of hackers before they go too far. The security measures by cloud providers need to undergo a third-party assessment program to ensure that they meet the necessary standards (Andrei, 2009, p. 8).
Coexistence of tenants should be managed at different levels with the service providers categorizing their users into the following segments: private cloud, public cloud, and hybrid cloud (Morsy, Grundy & Muller, 2010, p. 2). This strategy will enable different tenant to access clouds at different levels without feeling jeopardized.
The clouds system should operate as a dynamic venture that is in constant change. It should not be fixed on specific technology. Rather, it should operate on an interface that can allow easy migration to new technology without having to change the baseline of its operations.
This strategy however should be in tandem with security features so that new gains do not compromise old gains.
Cloud providers should have an up-to-date security system scanner that should scan all the data that comes through the system.
This scanner will protect the data that users have stored from malicious damages of access by unauthorized parties. These scanners should be updated with the National Vulnerability Database that records all new forms of threats to the information technology (Sara & Fiaz, 2012, p. 1325).
By keeping away malicious attacks, the data in the system can be described as safe because these attacks are the most dangerous to information technology users. By setting standards hinged on the national standard, most of the attacks can be contained in time.
Customer Satisfaction
When policies are put in place to mitigate these vulnerabilities, cloud-computing seekers can develop confidence and hence increase their satisfaction with services in the event that policies help to reduce cyber security threats to which the services seekers are susceptible.
Customer satisfaction will be achieved by implementing the foresaid steps and policies because they will guarantee the security of their information when it comes to using the clouds. The use of the internet is based on satisfactory security features because users tend to avoid sites that they are not sure about.
The same kind of trust is applicable here because the threats are the same and that the mode of usage is the same.
The paper holds that the significance of cloud computing is akin to the need for reducing internal IT cost associated with the maintenance of software platforms coupled with the costs of purchasing new software.
This effort is vital to meet the increased software demand in case expansion of the pool of employee base in a company especially when software comes with single user licenses.
Reference List
Andrei, T. (2009). Cloud Computing Challenges and Related Security Issues. Web.
Bisong, A., & Rahman, S. (2011). An Overview of the Security Concerns in Enterprise Cloud Computing. International Journal of Network Security & Its Applications, 3(1), 30-45.
Morsy, A., Grundy, J., & Muller, I. (2010). Analysis of the Cloud Computing Security Problem. Proceedings of APSEC 2010 Cloud Workshop, Sydney Australia. Web.
Sara, Q., & Fiaz, K. (2012). Cloud Computing: Network/Security Threats and Counter Measures. Interdisciplinary Journal of Contemporary Research in Business, 3(9), 1323-1329.
Yan, H. (2010). On the Clouds: A New Way of Computing. Information Technology and Libraries, 29(2), 87-92.