Challenges Faced By Cloud Security

Challenges Faced By Cloud Security

Challenges Faced By Cloud Security

Cloud Infographic_001

Cloud computing has revolutionized the way businesses manage their data. The amount of data produced by the corporate sector has increased at a rapid rate over the past few years. In order to handle this exponential need for storage space, organizations need a reliable and secure approach with which they can use to optimize their operations, which in turn will reduce costs. Cloud computing provides suitable development environments, rapid resources for operating platforms, application environments and backup and storage of data at low costs. But, some of the factors that make cloud computing such a convenience for managing resources also raise considerable security concerns.

Challenges Faced by Cloud Security

Cloud computing inherits the security issues pertaining in the technologies that it uses, which consists chiefly of the risk of a breach in the integrity or confidentiality of information. One security measure is encrypting stored data, but there are drawbacks with encryption and it does not always protect data. This presents a very challenging situation for cloud security professionals. Seven of these challenges are discussed below:

1) Breach of Trust

In cloud services, it is very important that the service provider has the trust of his customer and he does not exploit this in any way. There is no way to be 100% sure of your cloud service providers being trustworthy. There are certain legal issues entangled with cloud security as well, because there are certain laws that cloud service providers should comply with and these laws vary from country to country. Users have no idea or control over where or in what jurisdiction their data is being physically stored over the cloud.

2) Maintaining Confidentiality

Preventing improper disclosure of information is maintaining confidentiality of data. Service providers have full access to your data, so they have the opportunity to misuse this information. This issue requires proper attention from an information security analyst in order to ensure your data is not being shared without your permission.

3) Preserving Integrity

Integrity is preventing illegal modification of data or its instances. Users with privilege to your data can easily modify it unless it is encrypted. One entity with such privilege is a cloud service provider. Preserving integrity of data over the cloud is a viable challenge to security researchers.

4) Authenticity and Completeness

In a cloud, there may be multiple users with varying levels of access privilege to your data. A user with limited access may have access to a subset of data, but he needs to be assured that this subset is valid and verified. Digital signatures are used for providing a validation, proof of authentication for access to a superset of data. Certain approaches inspired by Merkle trees and signature aggregation are used for digital validation of data. But still there are vulnerabilities for this issue in cloud security.

5) Risk Factors Associated with Virtual Machines

In a typical cloud model application, processes are run from within virtual machines. These virtual machines are on a shared server with other virtual machines running as well, some of which may be malicious. Security researchers have proved that attacks from one virtual machine to another is possible. Therefore, cloud security experts consider this a serious issue.

6) Vulnerabilities from Shared Resources

Cloud data running on multicore processors is vulnerable to application data being compromised, because, as researches have shown, applications can communicate through the cores and may exchange data as well. With the multi tenancy architecture of a cloud server in which many applications are stored on the same server, it is always possible for malicious users to intercept data from the network channel.

7) Issues with Encryption

Although encrypting data seems like the solution for preserving confidentiality, integrity and authenticity on the cloud, this approach does have shortcomings. For one, this is not a cost effective method because to decrypt data, an enormous amount of computational time is added to the processing time. Each time a query runs in the database, both the cost and time increases dramatically, especially if the amount of data is very large. Encryption algorithms are subject to get tracked down as well. Cloud security professionals have the challenge of continuing to reinforce this technique.

Cloud computing can be used for carrying out various IT functions, and providing security to the cloud is not an easy task for cloud security professionals as there are various security concerns.

There are many benefits to cloud computing. Cloud computing provides a viable means for building cost effective solutions which are substantially flexible. By using virtual servers on internet, cloud computing provides easy delivery platforms for serving business and eases out more expensive consumer IT services.

However, there are serious risks of integrity and confidentiality for data shared on a cloud. This is because required services are often outsourced from a third party, which makes it difficult to ensure security and privacy of data.

Security professionals still need to deal with the architectural flaws of the cloud computing model so that cloud computing can be made more reliable and trustworthy.

By Chetan Soni

Sorry, comments are closed for this post.

Comic
InformationWeek Reveals Top 125 Vendors Taking the Technology Industry by Storm

InformationWeek Reveals Top 125 Vendors Taking the Technology Industry by Storm

InformationWeek Reveals Top 125 Vendors Five-part series details companies to watch across five essential technology sectors SAN FRANCISCO, Sept. 27, 2016 /PRNewswire/ — InformationWeek released its list of “125 Vendors to Watch” in 2017. Selected by InformationWeek’s expert editorial team, the companies listed fall into one of five key themes: infrastructure, security, cloud, data management and…

Part 1 – Connected Vehicles: Paving The Way For IoT On Wheels

Part 1 – Connected Vehicles: Paving The Way For IoT On Wheels

Connected Vehicles From cars to combines, the IoT market potential of connected vehicles is so expansive that it will even eclipse that of the mobile phone. Connected personal vehicles will be the final link in a fully connected IoT ecosystem. This is an incredibly important moment to capitalize on given how much time people spend…

Embedded Sensors and the Wearable Personal Cloud

Embedded Sensors and the Wearable Personal Cloud

The Wearable Personal Cloud Wearable tech is one avenue of technology that’s encouraging cloud connections and getting us all onto interconnected networks, and with the continued miniaturization and advancement of computing the types of wearable tech are always expanding and providing us with new opportunities. A few years ago, smartwatches were rather clunky devices with…

SWIFT Says Bank Hacks Set To Increase

SWIFT Says Bank Hacks Set To Increase

Bank Hacks Set To Increase SWIFT, whose messaging network is used by banks to send payment instructions worth trillions of dollars each day, said three clients were hacked over the summer and cyber attacks on banks are set to increase. The theft of $81 million in February from Bangladesh’s central bank using SWIFT messages rocked…

Automated Application Discovery Introduced By Savision At Microsoft Ignite 2016

Automated Application Discovery Introduced By Savision At Microsoft Ignite 2016

Automated Application Discovery ATLANTA, GEORGIA – September 26, 2016 – Savision, a market leader in service-oriented monitoring solutions that unify IT operations with IT service management, today announced the release of its automated application discovery module for Unity iQ. Savision’s automated application discovery module offers an agentless, trigger-based discovery method that captures infrastructure elements, application dependencies, as well…

Don’t Be Intimidated By Data Governance

Don’t Be Intimidated By Data Governance

Data Governance Data governance, the understanding of the raw data of an organization is an area IT departments have historically viewed as a lose-lose proposition. Not doing anything means organizations run the risk of data loss, data breaches and data anarchy – no control, no oversight – the Wild West with IT is just hoping…

Having Your Cybersecurity And Eating It Too

Having Your Cybersecurity And Eating It Too

The Catch 22 The very same year Marc Andreessen famously said that software was eating the world, the Chief Information Officer of the United States was announcing a major Cloud First goal. That was 2011. Five years later, as both the private and public sectors continue to adopt cloud-based software services, we’re interested in this…

Three Ways To Secure The Enterprise Cloud

Three Ways To Secure The Enterprise Cloud

Secure The Enterprise Cloud Data is moving to the cloud. It is moving quickly and in enormous volumes. As this trend continues, more enterprise data will reside in the cloud and organizations will be faced with the challenge of entrusting even their most sensitive and critical data to a different security environment that comes with using…

Part 1 – Connected Vehicles: Paving The Way For IoT On Wheels

Part 1 – Connected Vehicles: Paving The Way For IoT On Wheels

Connected Vehicles From cars to combines, the IoT market potential of connected vehicles is so expansive that it will even eclipse that of the mobile phone. Connected personal vehicles will be the final link in a fully connected IoT ecosystem. This is an incredibly important moment to capitalize on given how much time people spend…

Big Data and Financial Services – Security Threat or Massive Opportunity?

Big Data and Financial Services – Security Threat or Massive Opportunity?

Big Data and Financial Services Cloud Banking Insights Series focuses on big data in the financial services industry and whether it is a security threat or actually a massive opportunity. How does big data fit into an overall cloud strategy? Most FI’s have a positive mind-set towards cloud IT consumption as it not only enables…

Explosive Growth Of Data-Driven Marketing

Explosive Growth Of Data-Driven Marketing

Data-Driven Marketing There is an absolute endless amount of data that is being accumulated, dissected, analyzed with the important bits extracted and used for a number of purposes. With the amount of data in the world has already reached into multiple zettabytes annually. A Zettabyte is one million petabytes or one thousand exabytes. With data…

Cloud Infographic: IoT For Automotive Deconstructed

Cloud Infographic: IoT For Automotive Deconstructed

IoT For Automotive Deconstructed The IoT automotive industry is moving rapidly with many exciting growth opportunities available. We’ve written about some of the risks and benefits as well as some of the players involved. One thing for certain as that the auto industry is starting to take notice and we can expect the implementation of a…

Cloud Infographic – Guide To Small Business Cloud Computing

Cloud Infographic – Guide To Small Business Cloud Computing

Small Business Cloud Computing Trepidation is inherently attached to anything that involves change and especially if it involves new technologies. SMBs are incredibly vulnerable to this fear and rightfully so. The wrong security breach can incapacitate a small startup for good whereas larger enterprises can reboot their operations due to the financial stability of shareholders. Gordon Tan contributed an…

Cloud Infographic – The Future Of Big Data

Cloud Infographic – The Future Of Big Data

The Future Of Big Data Big Data is BIG business and will continue to be one of the more predominant areas of focus in the coming years from small startups to large scale corporations. We’ve already covered on CloudTweaks how Big Data can be utilized in a number of interesting ways from preventing world hunger to helping teams win…

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

Why Businesses Need Hybrid Solutions Running a cloud server is no longer the novel trend it once was. Now, the cloud is a necessary data tier that allows employees to access vital company data and maintain productivity from anywhere in the world. But it isn’t a perfect system — security and performance issues can quickly…