Introduction
Cloud computing has emerged as a technology that can increase organizational performance by offering numerous competitive advantages to the company. This technology offers distributive IT hardware and software capabilities to a company therefore saving costs that would have been incurred on IT infrastructure. The efficiency of business operations is increased as the organization is able to become more agile and effective by scaling its IT infrastructure.
However, companies are wary of some threats attributed to cloud computing services. This fear has made some companies hesitant to transfer their data to cloud computing services. This paper will highlight some of these fears and proceed to illustrate how the threats can be mitigated using solutions that are available in the market today.
Overview of Cloud Computing Services
While the concepts behind cloud computing have been in use for decades, the cloud computing phenomenon has become more prevalent over the last 6 years.
Rajnish et al. (2011) define cloud computing as a “pay-per-use model for enabling available, convenient, on-demand network access to a shared pool of configurable computing resources like networks, servers, storage, applications, and services that can be rapidly provisioned and released with minimal management effort or service” (p. 1227). It gives organizations access to numerous resources at a reduced cost.
Cloud computing provides different services to the end users. The first is software as a service and cloud service providers run this. The services offered by cloud computing include application services which are also known as services on demand.
The end user of the cloud computing services uses applications. In most cases, this end user is abstracted from the details of how the application runs behind the scenes. The customers do not own or manage the infrastructure or software (Qaisar & Khawaja, 2012).
Cloud computing also offers platform as a service. This is essentially a tool used by developers to develop websites without having specialized software installed on the system. Qaisar and Khawaja (2012) state that the application tools make it possible for users to execute programs without any administrative expertise.
The final service offered though cloud computing is an infrastructure which is the physical assets. The infrastructure as a service is owned, operated, maintained, and controlled by the cloud service providers. According to Mendhe and Kamble (2012), the infrastructure supports various operations implemented through cloud computing such as storage, routing and networking.
Types of Cloud Deployment Models
A deployment model is a particular method of delivering a service. There are a number of dominant deployment models used in cloud computing. The first deployment model is the public cloud where the infrastructure is the property of one organization which sells cloud services for the society.
Escalante (2010) explains that in the public cloud deployment, a service provider makes massively scalable IT resources, such as CPU and storage capacities, or software applications, available to the general public. The defining characteristics of this model are the public availability of the cloud services and the accessibility of the services by internet. The capital expense for the public cloud is reduced since the provider enjoys significant economies of scale as resources are shared by many end users.
Another deployment model is a private cloud where the cloud computing services are provided for the exclusive use of one organization. The infrastructure of the cloud computing is the property of the company or it might be rented by the organization for its own use. The services provided are accessible and managed in a corporate network and typically, access to the cloud is limited to one department.
Private clouds are mostly implemented by large corporations with multi-location presence (Rajnish et al., 2011). This deployment allows the company to benefit from the resource pooling concept made possible by cloud computing without suffering from the concerns about security, performance and reliability typically associated with public clouds. A major challenge for the private cloud model is that the company will have to buy, build and manage its clouds making it expensive.
Cloud computing services can also be deployed using the community cloud model. In this case, organizations that have common goals or requirements utilize the same cloud infrastructure. Members of the community cloud can be from one or more organizations since these clouds often comprise of groups of individuals and organizations collaborating for the purpose of a particular mission or concern (Wrycza, 2012).
The final deployment model is a hybrid cloud. In this case, characteristics of public and private clouds are merged. In the hybrid deployment model, the company makes use of cloud computing services by providing and managing some of its services while the rest are outsourced to an external provider. (Escalante, 2010, p.31).
Hybrid clouds are implemented in such a way that the organization is able to benefit from the advantages of the public cloud environment while still benefiting from the advantages of the private cloud. For this reason, the hybrid cloud can be considered “a private cloud extending its boundary into a third party cloud environment to obtain additional (or non-mission critical) resources in a secure and on-demand manner” (Escalante, 2010, p.69).
Common Threats in Cloud Computing
There are a number of threats associated with implementing cloud computing. Nkhoma and Dang (2013) confirm that cloud security is the primary barrier preventing most companies from adopting cloud computing.
This fear is not unfounded since if the cloud infrastructure is insecure, it could lead to major problems between the company and its stakeholders. The first threat is breach of data confidentiality. In most cases, cloud service providers obtain data storage services from other companies and this exposes the private customer information and data therefore increasing risk of unauthorized access.
Another prevalent threat in cloud computing is data leakage and loss. Data leakage is likely to occur in the cloud environment since data might be moved around servers. Talreja and Sahu (2012) reveal that most cloud servers lease a server from other service providers in order to increase efficiency and reduce cost. While this makes the operations more flexible, it increases the chances that the data will be leaked to other users.
Cloud computing increases the threat of data theft through insider and outsider attacks. Rajnish et al. (2011) elaborates that a fraudulent employee may fish and steal data that belongs to the customers of the cloud service provider. Hackers often carry out outsider attacks with the aim of stealing information or compromising the system.
Priya and Ward (2013) reveal that information on public clouds may be prone to computer hackers or data brokers who have access to the cloud. This risk exists mostly because the cloud services make it possible to access multiple customers’ information on the same server.
Cloud computing also raises the problem of data integrity. When data is on the cloud, it is accessible to many people. If there is no differentiation of sensitive and non-critical data, then everyone will have access to material that might be sensitive (Rajnish et al., 2011).
The risk of data loss is more pronounced in cloud computing. Data loss can occur if the cloud provider decides to shut down the cloud because of some problems. The customer data stored in the cloud will disappear and the customer will not be able to access it.
Solutions to Threats
Back up storage solutions should be used to counter loss of data due to damage of the cloud infrastructure. Priya and Ward (2013) assert that the risk that the system might be damaged leading to data loss is real. The prudent customer should therefore require the cloud computing service provider to have off-site backup services. In addition to this, the provider should have an elaborate disaster recovery and continuity plan that can be implemented in case of a catastrophic failure.
Data security can be guaranteed by implementing strict user controls. The business should make use of multi-tiered information classification models to ensure that data is categorized based on its sensitivity level and users are granted different access restrictions.
Such an implementation will ensure that the company’s sensitive information is only accessible to a few key authorized personnel (Nkhoma & Dang, 2013). Vendors should make use of trusted third party for the verification and approval of user identity, therefore ensuring that unauthorized access is prevented.
Companies should negotiate a customer-oriented contract when getting into an agreement with the vendor. Such an agreement should increase the liability of the vendor in case of access or availability issues in the cloud. Priya and Ward (2013) Warns that in most cases contracts between customers and cloud service providers tend to “favor the vendors, which posses greater leverage over the customer” (p.22).
The cloud service provider should use strong encryption standards during data transfers. Encryption ensures that even if data is intercepted by a malicious party, it cannot be read. This offers further protection to the data in the cloud and protects it from opportunistic hackers.
Mendhe and Kamble (2012) explains that encryption ensures that users can be confident that their sensitive information is inaccessible to unauthorized parties even if they do not know where their input and output data is managed.
Data security encompasses physical security of the cloud computing infrastructure. If this security is compromised, data loss might occur. The business should therefore look for a reputable vendor who is well known for providing adequate security.
Effective physical security can be assured by providing around the clock surveillance to the site where the physical infrastructure is kept (Nkhoma, & Dang, 2013). The vendor should make use of sophisticated security measures such as biometric screening and authentication to ensure that only authorized personnel can physically access the servers.
Conclusion
This paper has provided an overview of cloud computing and highlighted some of its benefits, including reduced costs and flexibility. The paper has also noted that risks such as data security and privacy concerns and prevent many companies from using cloud computing.
Using the solutions proposed in this paper, these threats could be addressed and companies will not fear transferring their data to cloud computing services. The companies will therefore be able to benefit from the numerous advantages that cloud computing brings to the business and experience increased productivity.
References
Escalante, A. (2010). Handbook of Cloud Computing. NY: Springer.
Mendhe, T., & Kamble, P.A. (2012). Survey on Security, Storage, and Networking of Cloud Computing. International Journal on Computer Science and Engineering, 4(11), 1780-1785.
Nkhoma, M.Z. & Dang, D.P. (2013). Contributing Factors of Cloud Computing Adoption: a Technology-Organisation-Environment Framework Approach. Proceedings of the European Conference on Information Management & Evaluation, 2(1), 180-188.
Priya, D., & Ward, C. (2013). Cyber-Security Threats and Privacy Controls for Cloud Computing, Emphasizing Software as a Service. The Computer & Internet Lawyer, 30(3), 20-24.
Qaisar, S., & Khawaja, F. (2012). Cloud Computing: Network/Security Threats and Countermeasures. IJCRB, 3(9), 1323-1329.
Rajnish, C., Rajshree, D., & Bhattacharjee, J. (2011). A Survey on Cloud Computing Security, Challenges and Threats. International Journal on Computer Science and Engineering, 3(3), 1227-1231.
Talreja, M., & Sahu, A. (2012). Security Issues in Cloud Computing. International Journal on Computer Science and Engineering, 4(11), 1863-1867.
Wrycza, S. (2012). Research in Systems Analysis and Design: Models and Methods. NY: Springer.