Introduction
Cloud computing is among the fastest growing sectors of information technology. In fact, organizations are rapidly using the concept in business circles. Currently, it has become a key part of the information technology industry.
However, a majority of organizations are faced with the chief decision on whether or not it is advisable to embrace the technology and move their data as well as that of their customers to a specialized cloud organization to host and handle the information (Gold 2012, p. 23).
Indeed, a majority of innovative companies have embraced the concept motivated by the savings inherent in storing information in a cloud. Cloud computing like any other online undertaking comprises of a range of risks, which are significant to the companies (Rizwana & Sasikumar 2012).
Aim
This research seeks to examine the risks that face data confidentiality, privacy and theft by hackers. Consequently, the study proposes the ways in which security and privacy can be achieved in this increasingly complex technological advancement era.
Research Questions
- Has the new technology of cloud computing experienced security and privacy issues in the past?
- Are cloud providers making appropriate actions to mitigate the loss of data, disclosure of information and mitigate hacking?
- Does the risk of loss of security and privacy prevent organizations from enrolling the services of cloud providers?
- What are the available precautions for dealing with privacy, confidentiality and security issues in cloud computing?
Importance of study
There has not been extensive study on cloud computing. The providers of cloud computing possess considerable information regarding the risks involved.
However, the clients who are largely strangers in the information technology circles require to be informed about the potential risks involved in entrusting their information to a provider on a shared network. This study is crucial as it presents ways in which data risks may be mitigated.
Objectives
This study will investigate whether it is possible for organizations to transfer, store, access and compute data without posing information risk to privacy and security.
Literature Review
According to Rejoice (2012), cloud computing is a web based computing whereby data and information are kept in a networked resource. This enables the information and data to be accessible from any global location as long as the internet is available. In the recent years, the concept of clouding has been renown as a leading podium for distributing data on the web (Anthony, 2011).
The concept has many advantages and gains alongside a wide range of data security issues. Rejoice (2012) insists that users of cloud computing should shun host organizations that do not offer security on data hosted. A company such as Google which is a leader in technology has made tremendous effort by investing in cloud computing.
The company acknowledges that having publicity of information security is essential for success (Helft, 2009). Inherently, irrespective of the security measures that cloud providers have used in the past, they still fall victim to hackers and information loss (Rejoice, 2012).
Migration to cloud computing
The responsibilities of organizations to secure information collected both from the organizations’ operations and customers such as credit card information keep increasing. In part, the escalation in responsibility is due to the increasing customer concern regarding the use of personal information (Kroll, 2013). However, this does not significantly influence cloud providers from keeping away from business.
Instead, the organizations invest in research and development as mitigation methods that will help avoid the loss of data, hacking and protect the security of information. The migration to cloud computing is currently a rush for share of the benefits presented by the concept for both the users and providers (Rajnish, 2011).
Kalyvas, overly and Karlyn (2013) indicates that there was a prediction by Gartner, Inc. that by 2013 the concept would attract more than $14 billion (Gartner, 2009). Currently, many organizations including those in the financial sector are making use of cloud computing services.
By influencing production of goods at a low cost, commercialize services as goods, and software without intellectual property rights to reduce expenses, the concept has emerged to be an appealing choice for most big and emerging companies (Gray & Patterson, 2013).
These attributes no longer leave companies with the option on whether to transfer information to cloud providers or not. However, when the companies do, they will have the enabling capacity to balance the risks and benefits of cloud computing (Kalyvas, Overly & Karlyn 2013).
Past privacy and security issues
Despite massive migration to cloud computing, there is substantial risk especially at this time when organizations are finding themselves subjected to an increasingly demanding range of state data security and privacy laws.
There are document preservation demands by authorities and a variety of other liability standards (Lanois, 2011). The perspectives are observable in the main area of clouding that has not succeeded to reverberate with business.
Cloud hosts usually flaunt the services as possessing superior access, privacy and security (Tamer, 2013). Lately, varieties of sophisticated failures have caused many in the entrepreneurial circles to extend additional scrutiny to the claims. The incidents have made it crucial to verify whether the promises are addressed in the host service level agreement (Kalyvas, Overly & Karlyn 2013).
In 2011, Amazon’s Elastic Cloud Compute (EC2) service failed in the eastern of the United States for a number of days (Stern, 2008). The company eventually managed to recover most of the data though media reports indicated that some of the clients’ data were permanently lost (Armbrust, 2010). The incident focused a ray of light on the fine print usually included in the service level promises.
The criticality of cloud computing is gradually increasing to an extent that even negligible failures may become exceedingly costly to the business clients. In 2011, Microsoft’s cloud-based Office 365 called SkyDrive and Hotmail completely failed for more than three hours costing the clients millions. The adoption of cloud-based product software is in its premature stages.
Thus, as more providers emerge with substandard storage systems business clients who have widely adopted cloud computing without internally installed options may experience considerable monetary and productivity expenses from even slight outages (Mark, 2011).
Mitigation measures
Risks related to cloud computing resolutions should typically be assessed on two variables. These include the criticality of the company processes being supported by the alternative and the sensitivity of the information intended to be transferred and stored. Measures that may be taken by the users of cloud computing service can be based on three types of risks. These risks are low, medium and high (Kalyvas, Overly & Karlyn 2013).
The resolution to take on clouding should be derived from the reimbursement the business will receive compared to the threats involved. When decision is made to adopt cloud computing, the contractual security and functional precautions should be taken to alleviate the risk.
Recommendations for extenuating clouding threats
The clouding concept entails reaching the data hosted and systems distantly where the clients information is stored (Arapinis, 2012). Within the customary hardware-procurement as well as software-authorization accords, each supplier sets up the apparatus inside the clientele surroundings.
The client retains the full control of the data stored. In contrast, cloud-computing setting provides that the host must retain the hardware, software, and the clientele information in a joint platform (Arapinis, 2012).
The client priorities change from installation, organization and approval to service accessibility, performance levels, data security and control. It is hence imperative to have agreement provisions including insurance, protection, intellectual property, guarantees and limitations to the legal responsibility.
The identification and fixing of the relevant contract documents are fundamental moves towards ensuring that data in cloud computing is not lost in the hands of the provider.
However, identifying all the relevant contract documents is not straightforward given the many aspects involved in ensuring that sensitive information is stored, accessed conveniently and there is high degree of privacy and security (Armbrust, 2009).
In most instances, a portion or the entire contract may be stored in the cloud through assigned web pages. These include service availability and continuity, service levels, information security, redundancy, ownership, user rights and conversion.
Methodology
Cloud computing is currently a hot issue in business circles. It has not been well studied as it is still in its early stages. Upon assessing, the learning style that would be most appropriate for the study style to be adopted is interpretivist approach. This would help the researcher to collect and interpret issues surrounding cloud computing albeit over a short period of the concepts existence.
Research involves working out problems, evaluating the relationships and building on the content of knowledge. In essence, it is a preparation or blueprint for finding an answer to the research problem identified by the researcher (Smith & Dainty, 1991). The foundation of the whole research process is the formulation and clarification of the research topic (Ghauri & Gronhaug, 2005).
Upon finalizing the selection of the research topic, it will be relatively easier to pick the research method that will be employed. However, to comprehend the risks involved in cloud computing in an effort to develop mitigation measures, it is fundamental that the background of cloud computing, benefits and the drawbacks be established.
The dynamics that may influence the prejudice of the subject must also be established (Denzin & Lincoln, 1998). In this research, concrete familiarity, observation, evaluation, and development of abstract concepts are critical in arriving at a credible research that enables the formulation of fundamental recommendations.
These are the elements that obliged the researcher to tilt towards the interpretivist approach as the researcher intends to develop solutions to the privacy and security issues posed by cloud computing.
Methods
Primary Sources
Although cloud computing is a relatively new concept, there is a wide range of information available. Journal articles, books and periodicals have been published offering a range of information regarding the issues related to cloud computing. These resources form a fundamental source of information in this research.
The researcher has substantial knowledge of information technology hence is able to evaluate the information gathered in order of relevancy. Using the interpretive approach, the researcher will competently evaluate the information to address the research topic and sufficiently respond to the research questions.
The researcher will develop mitigation measures that companies should implement to ensure that they attain a reasonable level of data security and privacy in the context of cloud computing.
Interviews
Interviews will be another method that this study will employ. The use of the combined research methods will ensure that the study appends something distinctive to the researcher’s comprehension of the specific phenomena. Interviews are explanatory and categorize issues with intensity and in a holistic manner.
However, this depends on the ability of the researcher to have considerable knowledge on the issues being researched. Thus, the researcher is able to ask relevant questions necessary in addressing the research topic. The importance of interviews is that they present the researcher with the opportunity to examine further and gather information that could not have been acquired using other methods.
Conclusion
The expected outcomes and contributions
Cloud computing has not only been observed as beneficial to business, but also pose threats to the same objective the concept is supposed to serve.
This research contributes to the issues of privacy and security of data by observing past events, the actions that the providers and clients take in mitigating risks. Consequently, the researcher makes recommendations regarding the measures that should be taken to ensure the security and privacy of data in clouds.
Potential limitations
Potential limitations in carrying out the study are largely brought about by the fact that the concept has not been around for long. This means that the stakeholders have not observed much about the concept.
In fact, the leaders in information technology industry including Google and Microsoft have not fully explored the potentiality of the concept or the short and long-term issues that cloud computing may bring to the information technology industry including the respective customers. Besides, securing interviews with appropriate knowledgeable stakeholders may be a challenge.
References
Anthony, B 2011, ‘An overview of the security concerns in enterprise cloud computing’, International Journal of Network Security & Its Applications (IJNSA), vol. 3. no.1, pp. 30-45.
Arapinis, M 2012, ‘Privacy supporting cloud computing: ConfiChair case study’, Trustworthy Voting Systems, vol. 2. no. 1, pp. 1-16.
Armbrust, M 2009, ‘Above the clouds: a view of cloud computing’, Technology Representative, vol. 1. no. 2, pp. 2009-2028.
Armbrust, M 2010, ‘A view of cloud computing’, Communications of the ACM, vol. 53. no. 4, pp. 50-58.
Denzin, K & Lincoln, Y 1998, The landscape of qualitative research: theories and issues, Sage Publications, Thousand Oaks.
Gartner, I 2009, Gartner highlights five attributes of cloud computing. Web.
Ghauri, P & Gronhaug, K 2005, Research methods in business studies: a practical guide, Essex and Pearson Education Limited, London.
Gold, J 2012, ‘Protection in the cloud: risk management and insurance for cloud computing’, Journal of Internet Law, vol. 15. no. 12, pp.23-28.
Gray, J & Patterson, D 2013, ‘A conversation with Jimmy Gray’, ACM Queue, vol. 1. no. 4, pp. 8–17.
Helft, M 2009, ‘Google confirms problems with reaching its services’, International Journal of Computer Applications, vol. 4. no. 9, pp. 4-10.
Kalyvas, R, Overly, M & Karlyn, M 2013, ‘Cloud computing: a practical framework for managing cloud computing risk-part I’, Intellectual Property & Technology Law Journal, vol. 25. no 3, pp. 7-18.
Kroll, K 2013, ‘Protecting data from inside and outside threats’, Information Governance, vol. 1. no. 2, pp. 46-48.
Lanois, P 2011, ‘Privacy in the age of the cloud’, Journal of Internet Law, vol. 1. no. 1, pp. 3-17.
Mark, D 2011, ‘Cloud computing privacy concerns on our doorstep’, Communications of the ACM, vol. 54. no. 1, pp. 36–38.
Rajnish, C 2011, ‘A survey on cloud computing security, challenges and threats’, International Journal on Computer Science and Engineering (IJCSE), vol. 1. no. 2, pp.1227-1231.
Rejoice, P 2012, ‘Security issues in cloud computing’, International Journal on Computer Science and Engineering, vol. 4. no. 11, pp. 1863-1867.
Rizwana, S & Sasikumar, M 2012, ‘Security issues in cloud computing: a survey’, International Journal of Computer Applications, vol. 44. no. 19, pp. 4-10.
Smith, N & Dainty, P 1991, Management research handbook, Routledge, London.
Stern, A 2008, Update from Amazon regarding s3 downtime. Web.
Tamer, C 2013, ‘Risks and benefits of business intelligence in the cloud’, Northeast Decision Sciences Institute Annual Meeting Proceedings, vol. 1. no. 1, pp. 86-95.