Cloud Computing and Security Challenges
Abstract
Cloud Providers offer a pool of shared resources to their Customers through the cloud network. Nowadays, shifting to cloud is a very optimal decision as it provides pay-as-you-go services to customers. Cloud has boomed high in E-business and other industries for its advantages like multi-tenancy, resource pooling, storage capacity etc. In spite of its vitality, it exhibits various security flaws including loss of sensitive data, data leakage and few others related to cloning, resource pooling and so on. In order to comprehend security threats, this study is presented so as to effectively refine the crude security issues under various areas of cloud. This study also aims at revealing different security threats under the cloud models and IT governance to stagnant these threats within Cloud.
Keywords- Characteristics, Deployment Model, Service Models, Data Location Compliance, Ancillary Data, Attack Surface.
I. Introduction
Cloud Computing has emerged as a very well-known technique to support large and voluminous data with the help of shared pool of resources and large storage area.
Peter Mell and Timothy Grance[1], have defined cloud computing as “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
A cloud service is generally used by the clients as and when needed, normally on hourly basis. This “on-demand” or “pay as you go” approach makes the cloud service flexible, where end user can have a great deal or modest service the way they desire at any point of time , where the service is entirely administered by the provider. Noteworthy improvements in each key components includes virtualization, distributed computing and also the improved access to high speed internet service therefore weak economy have speeded up the inflate of cloud computing rigorously.
***II. *** Understanding cloud computing
**A.5 Essential Cloud Characteristics
i. On-demand self-service: A consumer can unilaterally provision computing capabilities, such as service time and network storage, as needed automatically without requiring human interaction with each service provider
ii. Broad network access: Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations).
iii. *** Resource pooling: The provider’s computing resources are pooled to serve multiple consumers. Resources can be dynamically assigned and reassigned according to customer demand. Customer generally may not care where the resources are physically located but should be aware of risks if they are located offshore*
iv. Rapid elasticity: Capabilities can be expanded or released automatically (i.e., more CPU power, or ability to handle additional users) .To the customer this appears seamless, limitless, and responsive to their changing requirements.[1]
v. Measured service: Customers are charged for the services they use and their usage. There is a metering concept where customer resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.[1]
**B.4 Cloud Deployment Model
Figure 1: Cloud computing type
i. Private cloud: Private cloud is cloud infrastructure operated solely for a single organization, whether managed internally or by a third-party and hosted internally or externally. Undertaking a private cloud project requires a significant level and degree of engagement to virtualize the business environment, and requires the organization to reevaluate decisions about existing resources.[4][5]
ii. Community cloud: Community cloud shares infrastructure between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.), whether managed internally or by a third-party and hosted internally or externally. The costs are spread over fewer users than a public cloud (but more than a private cloud), so only some of the cost savings potential of cloud computing are realized.[3][4]
iii. Public cloud: A cloud is called a "public cloud" when the services are rendered over a network that is open for public use. Technically there may be little or no difference between public and private cloud architecture. Generally, public cloud service providers like Amazon AWS, Microsoft and Google own and operate the infrastructure and offer access only via Internet [6]
iv. Hybrid cloud: Hybrid cloud is a composition of two or more clouds (private, community or public) that remain unique entities but are bound together, offering the benefits of multiple deployment models. Gartner, Inc. defines a hybrid cloud service as a [cloud computing service that is composed of some combination of private, public and community cloud services, from different service providers.]A hybrid cloud service crosses isolation and provider boundaries so that it can’t be simply put in one category of private, public, or community cloud service. It allows one to extend either the capacity or the capability of a cloud service, by aggregation, integration or customization with another cloud service. By finally "hybrid cloud" architecture, companies and individuals are able to obtain degrees of fault tolerance combined with locally immediate usability without dependency on internet connectivity. Hybrid cloud architecture requires both on-premises resources and off-site (remote) server-based cloud infrastructure.[3][7]
**C.4 Cloud Service Models
i. Software as a Service (SaaS): The capability provided to the consumer use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g. Web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user specific application configuration settings.[1]
ii. Platform as a Service (PaaS): The capability provided to the consumer to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.[1][7]
iii. Infrastructure as a Service (IaaS): The capability provided to the consumer to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).[1]
iv. Network as a service (NaaS): A category of cloud services where the capability provided to the cloud service user to use network/transport connectivity services and/or inter-cloud network connectivity services. NaaS involves the optimization of resource allocations by considering network and computing resources as a unified whole. Traditional NaaS services include flexible and extended VPN, and bandwidth on demand. NaaS concept materialization also includes the provision of a virtual network service by the owners of the network infrastructure to a third party.[8]
*** III. *** Cloud security challenges.
Security has been one of the most challenging issues for the IT executives particularly in cloud implementation. There exist numerous security anxieties that are preventing companies from captivating advantages of the cloud. Several studies identified security as the primary level confront for cloud users. In this section, taxonomy related to cloud computing security has been presented.
There are existing security challenges, experienced in other computing environments, and there are new elements which are necessary to consider. The challenges include
**A.Governance
Cloud computing requires an appropriate IT governance model to ensure a secured computing environment and to comply with all relevant organizational information technology policies. As such, organizations need a set of capabilities that are essential when effectively implementing and managing cloud services, including demand management, relationship management, data security management, application lifecycle management, risk and compliance management. A danger lies with the explosion of companies joining the growth in cloud computing by becoming providers. However, many of the infrastructural and logistical concerns regarding the operation of cloud computing businesses are still unknown. This immaturity may have ramifications for the industry as whole.
Achieving and maintaining governance and compliance in cloud environments brings new challenges to many organizations. Things you might need to consider include: [9]
Jurisdiction and regulatory requirements
· Can data be accessed and stored at rest within regulatory constraints?
· Are development, test and operational clouds managing data within the required jurisdictions including backups?
Complying with Export/Import controls
· Applying encryption software to data in the cloud: Are these controls permitted in a particular country/jurisdiction?
· Can you legally operate with the security mechanisms being applied?
Compliance of the infrastructure
· Are you buying into a cloud architecture/infrastructure/service which is not compliant?
Audit and reporting
· Can you provide the required evidence and reports to show compliance to regulations such as PCI and SOX?
· Can you satisfy legal requirements for information when operating in the cloud?
The ability to reduce capital investment for computing resources, and instead, satisfy computational needs through operational expenses is an advantage of cloud computing. Cloud computing can lower the initial cost of deploying new services and shorten the time required to gain a tangible benefit from the investment (i.e., accelerate the time-to-value), thus better aligning expense with actual use. However, the normal processes and procedures an organization uses to acquire computational resources as capital expenditures may be easily bypassed by a department or an individual, and the procuration obscured under day-to-day operations .
**B.Data
Cloud places data in new and different places, not just the user data but also the application (source) code. Who has access, and what is left behind when you scale down a service? Other key issues include:
Data Location Compliance
One of the most common compliance issues facing an organization is data location .Use of an in-house computing center allows an organization to structure its computing environment and to know in detail where data is stored and what safeguards are used to protect the data. In contrast, a characteristic of many cloud computing services is that data is stored redundantly in multiple physical locations and detailed information about the location of an organization’s data is unavailable or not disclosed to the service consumer. This situation makes it difficult to ascertain whether sufficient safeguards are in place and whether legal and regulatory compliance requirements are being met. For example, NARA regulations include facility requirements for the storage of federal records and stipulate a minimum height above and distance away from a flood plain. External audits and security certifications can alleviate this issue to some extent, but they are not a panacea. [2]
Trust: Data Ownership
The organization’s ownership rights over the data must be firmly established in the service contract to enable a basis for trust and privacy of data. The continuing controversy over privacy and data ownership rights for social networking users illustrates the impact that ambiguous action can have on the parties involved. Ideally, the contract should state clearly that the organization retains exclusive ownership over all its data; that the cloud provider acquires no rights or licenses through the agreement, including intellectual property rights or licenses, to use the organization’s data for its own purposes; and that the cloud provider does not acquire and may not claim any interest in the data due to security . For these provisions to work as intended, the terms of data ownership must not be subject to unilateral amendment by the cloud provider.[2]
Trust: Ancillary Data
While the focus of attention in cloud computing is mainly on protecting application data, cloud providers also hold significant details about the accounts of cloud consumers that could be compromised and used in subsequent attacks. Payment information is one example; other, more subtle types of information, can also be involved. For example, a database of contact information stolen from a SaaS cloud provider, via a targeted phishing attack against one of its employees, was used in turn to launch successful targeted electronic mail attacks against consumers of the cloud service. The incident illustrates the need for cloud providers to protect and report promptly security breaches occurring not only in the data the cloud provider holds for its consumers, but also in the data it holds about its consumers, regardless of whether the data is held within or separately from the cloud infrastructure.
Other types of ancillary data that exists involve information the cloud provider collects or produces about customer-related activity in the cloud. They include data collected to meter and charge for consumption of resources, logs and audit trails, and other such metadata that is generated and accumulated within the cloud environment. Unlike organizational data, a cloud provider may be more inclined to claim ownership over the operational and other types of metadata it collects. Such data, if sold, released, or leaked to a third party, however, is a potential threat to an organization’s privacy, since the data could be used to infer the status and outlook of an organization’s initiative (e.g., the activity level or projected growth of a startup company). Several points to consider clarifying in a service contract are the types of metadata collected by the cloud provider, the protection afforded to the metadata, and the organization’s rights over metadata, including ownership, opting out of collection or distribution, and fair use.
Data Isolation
Data can take many forms. For example, for cloud-based application development, it includes the application programs, scripts, and configuration settings, along with the development tools. For deployed applications, it includes records and other content created or used by the applications, including deallocated objects, as well as account information about the users of the applications. Access controls are one means to keep data away from unauthorized users; encryption is another. Access controls are typically identity-based, which makes authentication of the user’s identity an important issue in cloud computing. Lacking physical control over the storage of information makes encryption is the only way to ensure that it is truly protected. [2]
Data must be secured while at rest, in transit, and in use, and access to the data must be controlled. Standards for communications protocols and public key certificates allow data transfers to be protected using cryptography and can usually be implemented with equal effort in SaaS, PaaS, and IaaS environments .Procedures for protecting data at rest are not as well standardized, however, making interoperability an issue due to the predominance of proprietary systems. Capabilities also vary greatly across service models, and cryptographic protection may not be feasible for some environments, particularly PaaS and SaaS environments. The lack of interoperability affects the availability of data and complicates the portability of applications and data between cloud providers. Protecting data in use is an emerging area of cryptography with little practical results to offer, leaving trust mechanisms as the main safeguard.
Data Sanitization
The data sanitization practices that a cloud provider implements have obvious implications for security. Sanitization involves the expunging of data from storage media by overwriting, degaussing, or other means, or the destruction of the media itself, to prevent unauthorized disclosure of information. It applies in various equipment refresh or maintenance situations, such as when a storage device is removed from service or repurposed. Data sanitization also applies to backup copies made for recovery and restoration of service and residual data remaining upon termination of service.
In a public cloud computing environment, data from one consumer is physically collocated (e.g., in an IaaS data store) or commingled (e.g., in a SaaS database) with the data of other consumers, which can complicate matters. Many examples exist of researchers obtaining used drives from online auctions and other sources and recovering large amounts of sensitive information from them (e.g., [Val08]). With the proper skills and equipment, it is also possible to recover data from failed drives, if they are not disposed of properly . Service agreements should stipulate sufficient measures that are taken to ensure data sanitization is performed appropriately throughout the system lifecycle.
**C.Architecture
Standardized infrastructure and applications; increased commoditization leading to more opportunity to exploit a single vulnerability many times. To complement the server side of the equation, cloud-based applications require a client side to initiate and obtain services. While Web browsers often serve as clients, other possibilities exist. In addition, an adequate and secure network communications infrastructure must be in place. Many of the simplified interfaces and service abstractions on the client, server, and network belie the inherent underlying complexity that affects security and privacy .Looking at the underlying architecture and infrastructure, some of the considerations include: [2][8]
Attack Surface
The hypervisor or virtual machine monitor is an additional layer of software between an operating system and hardware platform that is used to operate multi-tenant virtual machines and is common to IaaS clouds. Besides virtualized resources, the hypervisor normally supports other application programming interfaces to conduct administrative operations, such as launching, migrating, and terminating virtual machine instances. Compared with a traditional, non-virtualized implementation, the addition of a hypervisor causes an increase in the attack surface. That is, there are additional methods (e.g., application programming interfaces), channels (e.g., sockets), and data items (e.g., input strings) an attacker can use to cause damage to the system.
Virtual servers and applications, much like their non-virtual counterparts, need to be secured, both physically and logically. Following organizational policies and procedures, the operating system and applications should be hardened when producing virtual machine images for deployment. Care must also be taken to provision security for the virtualized environments in which the images run .For example, virtual firewalls can be used to isolate groups of virtual machines from other hosted groups, such as production systems from development systems, or development systems from other cloud-resident systems. Carefully managing virtual machine images is also important to avoid accidentally deploying images under development or containing vulnerabilities.
Virtual Network Protection
Most virtualization platforms have the ability to create software-based switches and network configurations as part of the virtual environment to allow virtual machines on the same host to communicate more directly and efficiently. For example, for virtual machines requiring no external network access, the virtual networking architectures of most virtualization software products support same-host networking, in which a private subnet is created for intra-host communications. Traffic over virtual networks may not be visible to security protection devices on the physical network, such as network-based intrusion detection and prevention systems .To avoid a loss of visibility and protection against intra-host attacks, duplication of the physical network protection capabilities may be required on the virtual network. While some hypervisors allow network monitoring, their capabilities are generally not as robust as those in tools used to monitor physical networks. Organizations should consider the risk and performance tradeoffs between having traffic hidden within the hypervisor versus exposing that traffic to the physical network for monitoring.
Client-Side Protection
A successful defense against attacks requires securing both the client and server side of cloud computing. With emphasis typically placed on the latter, the former can be easily overlooked. Services from different cloud providers, as well as cloud-based applications developed by the organization, can impose more exacting demands on the client, which may have implications for security and privacy that need to be taken into consideration. Web browsers, a key element for many cloud computing services, and the various plug-ins and extensions available for them are notorious for their security problems. Moreover, many browser add-ons do not provide automatic updates, increasing the persistence of any existing vulnerabilities.
The growing availability and use of social media, personal Webmail, and other publicly available sites also have associated risks that are a concern, since they increasingly serve as avenues for social engineering attacks that can negatively impact the security of the browser, its underlying platform, and cloud services accessed. For example, spyware was reportedly installed in a hospital system via an employee’s personal Webmail account and sent the attacker more than 1,000 screen captures, containing financial and other confidential information, before being discovered . Having a backdoor Trojan, keystroke logger, or other type of malware present on a client, runs counter to protecting the security and privacy of public cloud services, as well as other Internet-facing public services being accessed.
**D.Assurance
Challenges exist for testing and assuring the infrastructure, especially when there is no easy way for data center visits or penetration (pen) tests. Some of the Challenges include:
Service Level Agreements (SLAs).
There were several open issues reported with crafting cloud service provider SLAs. Feedback indicated a severe need for SLA templates and contractual language that enterprises could work from and adapt. There were three areas of particular concern. The first was mapping regulatory and standards requirements to specific terms that fit into an SLA. The second was being able to craft an SLA that cloud providers would accept that still meet the burden of internal and external audit. The third was the need for better processes to map the terms of service in the agreements that enterprises had with their customers to an SLA with cloud providers. Respondents indicated that there was a significant gap, in some cases, between their requirements and the terms that cloud service providers would agree to. Many had to shop around before finding a provider that met their requirements. In all cases, the inability of a cloud provider to meet explicit regulatory requirements would derail a deal. Beyond explicit regulatory requirements, many respondents indicated that security requirements were not adequately detailed in many current provider SLAs.
Contingency planning and disaster recovery for cloud implementations.
Business Continuity and Disaster Recovery (BC/DR) are the contingency plans and measures designed and implemented to ensure operational resiliency in the event of any service interruptions. BC/DR plans have always been important to any business. As IT systems have become more central to all areas of business, the ability to quickly and reliably recover these systems has become critical. This, in conjunction with increased focus on BC/DR from regulatory bodies, has helped ensure that BC/DR planning and testing is much higher on the agenda for most businesses.
Cloud centric BC/DR makes use of the cloud’s flexibility to minimize cost and maximize benefits. For example, a tenant could make use of lower specification guest machines as replication targets for data and systems, thus minimizing costs. With the ability to quickly ramp up these machines, and even the number of machines (guests), in a BC/DR scenario, the tenant would have the same benefits as hosting the fully specified systems 24/7. This ability to minimize cost, while also providing full performance should DR be invoked, is a key benefit of the cloud's flexibility and resilience.
When using the cloud for operational processes and/or production systems, an organization’s BC/DR requirements must be included in their procurement, planning, design, management, and monitoring of their cloud environments and cloud service providers. BC/DR requirements should be embedded in service or operational level objectives.
Cloud providers typically do not offer a complete BC/DR service, which may include office space, monitors, phones, etc. Cloud providers primarily offer availability for servers/systems and storage, and possibly end-user access via virtual desktops. All aspects of the services to be provided in the case of an invocation should be negotiated and defined fully in their service level agreement (SLA).
*** IV. *** Conclusion and future work
Cloud computing has made customers both thrilled and edgy. They are excited by various opportunities provided by the cloud and are anxious as well to the questions related to the security it offers. When users migrate their data on cloud they would be alarmed with the security flaws inherent to the cloud environment. These security threats with cloud computing have emerged as one of the very plausible topics. This study has put points on security threats found across the cloud models and its governance. This study will further be extended by security prevention mechanisms for Cloud and how to align Cloud with IT governance for Egypt Stock Exchange.
References
1- "The NIST Definition of Cloud Computing". National Institute of Standards and Technology. July 2011
2- “Guidelines on Security and Privacy in Public Cloud Computing”. National Institute of Standards and Technology. Dec 2011
3- “Gartner Says Cloud Computing Will Be As Influential As E-business” gartner.com June, 2008
4- “Just don't call them private clouds” news.cnet.com January, 2009
5- “There's No Such Thing As A Private Cloud” ,informationweek.com January, 2009
6- “HP's Turn-Key Private Cloud – Application Development Trends". Adtmag.com. 2010-08-30
7- “Mind the Gap: Here Comes Hybrid Cloud” ,blogs.gartner.com September, 2012
8- “The role of virtualization in future network architectures”, Ádám Kapovits , June 2011
9- “Transformation to Cloud Services Sourcing: Required IT Governance Capabilities”, Anton Joha, Marijn Janssen, September 2012.
* *