Analysis of Cloud Computing

Analysisof Cloud Computing

InstitutionAffiliation

Tableof Contents

Abstract 3

Introduction 5

Premise 5

Study Limitations 6

Research Methodology 6

Research Design 6

Sampling Techniques 6

Data Collection Methods 6

Data Analysis 7

Report Analysis 7

Viability of the SPI model 8

Viability of SaaS 8

Viability of PaaS 9

Viability of IaaS 10

Vulnerabilities of Cloud Computing 11

Threats of Cloud Computing 11

Recommendations 12

Conclusion 13

References 15

Appendix 16

Questionnaire 16

Abstract

Cloudcomputing is a verified delivery platform that is flexible andcost-effective to provide consumer IT or commercial services throughthe internet. Nevertheless, the necessary amenities in cloudcomputing are usually subcontracted to a third party, making it hardto conserve information safety and privacy, provide data and serviceaccessibility, and exhibit compliance. These barriers, hence, putmodern cloud computing at an added level of risk. Moreover, cloudcomputing controls multiple technologies including virtualization,SOA, and Web 2.0. Cloud computing as well receives the securityconcerns for these technologies that are discussed here. The studyidentifies the major vulnerabilities in these organizations and themost significant dangers that exist in the writings related to CloudComputing. The study also identifies and compares the weaknesses andthreats giving their possible solutions. Cloud Computing is quiteimportant and has been increasing attention in the scientific andbusiness societies. Research shows that Cloud Computing is consideredamong the most significant technologies and has a better overlook inmultiple organizations in the successive years. Also, Cloud Computingfacilitates global and suitable along with on-demand net access toplenty of organized computing assets including networks,applications, storage, servers, and facilities. These resources canbe promptly availed and unconfined with slight administration poweror access provider collaboration (Dubey,&amp Rawat, 2014). Cloud computing is used to deliver architecture and computationalmodels in businesses. Its prime objective is providing fast,convenient and secure data storage as well as net computingfacilities. All the computing resources should be envisioned asinstallations and deliveries made through the web. The cloud alsofacilitates cooperation, swiftness, scalability, accessibility, andthe capacity to adjust to the variations in demand. Besides, thecloud also accelerates development work, providing potentials forcost saving through optimization and efficiency in computing. Cloudcomputing merges several computing notions and skills including SOA,virtualization, and Web 2.0 among other tools relying on theinternet. These technologies provide public organization applicationsonline via the web browsers to ensure satisfaction of the computingdesires of the consumers, whereas storage of the information andsoftware occurs on the servers. In several cases, cloud computing isused as a marketing term to symbolize the maturity of thetechnologies in providing services.

Keywordsused: cloud computing, security, SPI model, exposures, dangers.

Analysisof Cloud Computing

Introduction

Cloudcomputing is an internet-centered computing, where public data,resources, and software, are made available for computer machines anddevices that are on-demand. It involves a distributed infrastructurethat is made up of various interconnected devices, which containsassets that are placed together in a virtual machine (VM), whichsupports and controls itself. The architecture of cloud computing isdifferent from other disseminated systems due to detachment fromrelied physical system. With the addition or removal of resourcesunder the real needs, extreme flexibility is, therefore, facilitated.Cloud computing enables the sharing of computing and storage assetswhile targeting the reduction of computing costs in businesses(Rosado,2013).Cloud computing also facilitates the exchange of information amongpeople within a cloud. However, data stored in a cloud is inclined tovarious security issues such as hacking. This study, therefore,explains the different modification measures that companies use toguarantee safety for the data stored in the cloud.

Premise

Thestudy focuses on identifying the critical matters in CloudComputingaddressing the threats, weaknesses, and countermeasures, to evaluatewhether it is secure and convenient for businesses across the world.Cloud computing refers to an Internet-based distribution platformthat is flexible and cost-effective for the provision of business orcustomer IT services. Security is the protection of digital data, andIT resources against any internal or external harm. SPI model is oneof the common cloud computing service models. Vulnerabilities are theweaknesses that facilitate attack of the information systems

Study Limitations

Theselection criteria of the study sources were quite challenging sincethe study required the selected sources to be in English writings andavailable websites. The primary sources to be considered for theresearch included Science Direct, Google Scholar, ACM DigitalLibrary, and DBLP. Moreover, understanding the impact of cloudcomputing was another constraint since data used had to be fromreceived cites. Similarly, getting the right journals and renownedauthors of the topic was difficult.

Research Methodology Research Design

Thisstudy was conducted through qualitative and quantitative researchdesign. The study was concerned with the evaluation of CloudComputing to determine its security, privacy and conservative valueto organizations across the globe. The study also involved the use ofprimary data through interviews with various agencies. The resultinginformation was used to determine the efficiency of Cloud Computingin multiple groups.

Sampling Techniques

Thetarget population in this study comprised of the medium sizedbusinesses from different parts of the country.

Data CollectionApproaches

Thetwo forms of data collection are the primary and secondary collectionmodes. In the research, both methods were applied. Secondary data isused in referring to the security issues of Cloud Computing invarious businesses while primary data was employed in the form ofquestionnaires. In this case, Scholar Google, Science Direct and ACMdigital library were of great help in citing the references. However,the main type of data collection was primary and involved severalinterviews and questionnaires.

Data Analysis

Thissection dealt with the organization, interpretation, and presentationof the collected data. The SPI model, which consists of the SaaS,PaaS, and IaaS, was used in the identification of the significantvulnerabilities in the systems and the dangers initiated in theliterature regarding cloud computing and its environments. Threatsare potential attacks that result in the misuse of information orresources whereas vulnerability describes the defects in anarrangement that enables the attack to be effective. Several reviewsconcentrate on either a service model or drafting the overall cloudsecurity concerns without distinction between the threats and thevulnerabilities. The project describes the threats andvulnerabilities indicating their effects on various cloud servicemodels. Moreover, the study illustrates the relationship between theweaknesses and threats, and the ways in which these shortcomings canbe oppressed to perform an attack. Besides, the project representsthe recommendations concerning these risks, which are essential inthe provision of solutions or improvement of the identified problems.

Report Analysis

Mostapproaches to cloud computing identify, classify, conduct analysis,and list the number of vulnerabilities and threats associated withthe use of clouds for businesses. The study shows problems associatedto security in the clouds. The most common problems include datasecurity, trust and methods of recovery for any problems encounteredin cloud computing.

Viability of the SPImodel

TheSPI model mainly offers three services to its customers. Theseinclude Software as a Service (SaaS) that shows the proficiency ofcloud computing delivered to the business. The firm is supposed touse the applications of the supplier administering on a cloud set-up.The applications become readily available from the customer`s devicesvia a buyer interface such as the web browser. Moreover, it alsoprovides a platform as a service (PaaS) that offers the client theproficiency to organize his applications into the cloud structure(Rosado,Gómez, Mellado, &amp Fernández-Medina, 2012).The business can do this without having to install any tools on itsmachines. Therefore, PaaS provides resources such as operating systemand frameworks for software development that are developed to providea high level of services. SPI model also provides infrastructuralservices such as the ability to process, store, network, andcalculate.

Viability of SaaS

Whenthe software is used as a package, it delivers application servicesthat are on requests such as email used for internal communication,conferencing software and available business applications, forexample, the ERP and CRM. The users of SaaS software do not usuallyhave control over security and privacy. Therefore, this softwareraises some concerns regarding security.

Incloud computing applications are conveyed through the Internet usinga Web browser. Web applications are vulnerable to flaws that createthreats for cloud computing especially the use of SaaS. For example,hackers use the computers of the owner and execute maliciousactivities such as stealing valuable data. The security issues thatare related to Saas software are the same as those related to anyother web application. Moreover, the security solution that isprovided does not usually provide protection from attackers.

Saasapplication is scalable, configurable using metadata and has amulti-tenancy. Therefore, for businesses, each firm has itscustomized instance of the software. Moreover, when using theapplication, the vendor has to provide various cases of the requestfor every business, but they all utilize a similar request code.Therefore, the companies can modify certain configuration preferencesto suit their personal requirements. Furthermore, the application hasmulti-tenancy to ensure that a particular instance attends to almostall the businesses in a certain field and industry. Therefore, thisenables more efficient use of resources. However, storing data andinformation for multiple tenants is risky since there can be leakagesbetween the businesses. Therefore, security procedures are necessaryto guarantee that company`s information is retained separate fromother firms to enhance the privacy of data (Rosado,Gómez, Mellado, &amp Fernández-Medina, 2012).

TheSPI model`s SaaS application is accessible through the internet. Theweb browser ensures it easy to access the application from allnetwork devices that includes public and personal computers andmobile phones. Therefore, this makes the business vulnerable tovarious risks related to security.

Viability of PaaS

PaaSenables the use of cloud-based applications without the companyhaving to incur costs associated with purchase and maintenance of theunderlying hardware and software layers. PaaS ensures that there is areliable and secure network from the web browser. Therefore, itguarantees the security of the platform and the tools for thebusinesses. However, various safety issues accrue to the platformsuch as third party relationships whereby PaaS offers their party webservices known as mashups that conglomerate different source elementsinto one integrated entity. Moreover, developing the application iscomplex especially when ensuring the provision of secure applicationsthat are supposed to be put on the cloud. PaaS applications requireconstant upgrading which can be costly and compromise the security ofthe application.

Viability of IaaS

Whenusing Infrastructure as a service (IaaS), the corporation needs toprovide various capital tools for serving, storing, networking andcomputing that are in the form of virtual structures (Rosado,2013).The systems should be accessible through the internet. Therefore, theusers have the ability to control and manage the resources that areallocated to them. When using the IaaS, the cloud users can havebetter control on issues regarding security. However, it has mattersrelated to virtualization which provides opportunities for hackerssince it has an extra layer that must be secured.

Thereare multiple advantages relating to the adoption of Cloud Computing.However, significant barriers also exist hindering its adoption. Oneof the main obstacles is security, then issues concerning compliance,discretion, and authorized matters (Marian&amp Hamburg, 2012).Cloud computing, being quite a new computing model, stands at agreater risk of uncertainty on whether the security can be achievedat all stages and also, how the safety of the application istransferred to cloud computing. This uncertainty, therefore, makessecurity the principle concern with Cloud Computing by theinformation directors. The security issues related to dangerous areasincluding external data storage, multi-tenancy, and reliance on theunlimited internet, poor management, and incorporation with internalsecurity. Cloud has various particular features when equated to thetraditional machinery (Marian&amp Hamburg, 2012).For instance, it has a large scale and all resources owned by thecloud providers are disseminated, diverse, and entirely virtualized.The traditional safety measures like individuality, validation, andapproval are not adequate for clouds in their present system. On theother, the security panels in cloud computing are related to those inthe IT environments.

Vulnerabilities ofCloud Computing

Thereare also several vulnerabilities present in cloud computing. Thevulnerabilities affect the SPI model. Cloud providers usually provideservices that are mainly retrieved via APIs which have weakcredentials, inadequate authorization, and insufficient input dataauthentication. The cloud APIs are typically undeveloped and requirefrequent updating. Moreover, cloud computing is faced withvulnerabilities that are related to data where the data can be foundin different jurisdictions that are controlled by different laws.Moreover, there may be cases of incomplete deletion of data andbackup might be done by third party providers who may not betrustworthy (Rosado,Gómez, Mellado, &amp Fernández-Medina, 2012).Furthermore, storage, processing and transfer of information are donein clear, plain text. The virtual machines also possess severalvulnerabilities that affect privacy, security and cost effectiveness.While using the virtual machines, there is the possibility ofconversion of channels in the colocation.

Threats of CloudComputing

Themain threats involved with cloud computing include the account of thefirm being hijacked through social engineering and having weakcredentials. The hackers have access to the powers of the user theycan do malicious actions such as manipulate delicate data and evenrelay transactions (Turuk, Sahoo, &amp Addya, 2017). Moreover, dataleakages can occur when an organization’s data gets into the wronghands in the process of transferring, storing and processing.Furthermore, attackers can have access to the company’s webapplication and manipulate sent data from their application.Integration of data with the customers can be challenging and costly.The threats of cloud computing are represented by the graph below

Recommendations

Whileusing cloud computing, it is necessary to categorize and accesscontrol for the management of the cloud. Businesses can use CloudSecurity Alliance that ensures the use of best practices for theprovision of maximum security in cloud environments. The companyissues guidance on access management that shows a list of the bestpractices that can assure businesses and secure their privacy.Moreover, organizations need to use algorithms to create differentcredentials for cloud computing systems that use mobile phones. Thecredentials can change their value immediately the user changes theirlocality. Moreover, when he changes a specific amount of the datapacket the credentials also change.

Toavoid data leakage, companies can use fragmentation-redundancy andscattering technique that provides tolerance of intruders and securethe storage. The method mainly breaks down all sensitive data intovery insignificant fragments, therefore, ensuring that every piecedoes not consist of significant information. The pieces are laterdistributed in a redundant manner across various locations of thesystem. Moreover, to avoid data leakage using cloud computingcompanies can use digital signatures. The names should consist of RSAalgorithm that helps in the transfer of data over the internet.Furthermore, encryption of data is necessary for sensitiveinformation. It will be important to send and store encrypted data inthe cloud. Encryption can be used to guarantee that data is safewhile it is in the process of transfer in and out of the cloud.Encryption ad decryption may consume a lot of resources such as powerand time.

Manipulationof customer data can be avoided using web application scanners whichare a program that scans the web application using web front-end toensure there are no existing security vulnerabilities. Firms can alsouse the firewall to inspect any threats that could be present.

Conclusion

Cloudcomputing for businesses is a fairly new concept that has numerousbenefits to the users since it can maintain the privacy and securityof the user. However, there are some security issues involved incloud computing and organizations, and industries need to understandthe vulnerabilities existing in cloud computing to enable thecorporation to make the right shift towards the cloud. Businessesneed to use new security techniques, and the traditional solutionsneed to be redesigned to work properly with cloud architectures.Since cloud environment is made of sophisticated design that usesdifferent technologies, the old security tools may not necessarilyperform well in the cloud.

References

Dubey,S., &amp Rawat, T. (2014). Exploring cloud computing services forsupply chain management: Review. InternationalJournal of Advanced Research in Computer Science,5(1).

Marian,M., &amp Hamburg, I. (2012). Guidelines for increasing the adoptionof cloud computing within SMEs. Cloudcomputing 2012,19.

Rosado,D., Gómez, R., Mellado, D., &amp Fernández-Medina, E. (2012).Security analysis in the migration to cloud environments. FutureInternet,4(4),469-487. http://dx.doi.org/10.3390/fi4020469

Rosado,D. (2013). Securityengineering for cloud computing(1st ed.). Hershey, PA: Information Science

Turuk,A., Sahoo, B., &amp Addya, S. (2017). Resourcemanagement and efficiency in cloud computing environments(1st ed.). Hershey, PA: Information Science Reference.

AppendixQuestionnaire

1. What are the relevant issues in cloud computing?

…………………………………………………………………………………..

…………………………………………………………………………………..

……………………………………………………………………………………

2. What are the vulnerabilities involved in using cloud computing?

………………………………………………………………………………………

……………………………………………………………………………………….

………………………………………………………………………………………..

3. State three threats of using clouds

…………………………………………………………………………………………

………………………………………………………………………………………….

…………………………………………………………………………………………..

4. How beneficial has cloud computing been for the company?

…………………………………………………………………………………………..

……………………………………………………………………………………………