Computing Security – Network Application Levels

Network Computing Security

The intention to adopt cloud computing has increased rapidly in many organizations. Cloud computing offers many potential benefits to small and medium enterprises such as fast deployment, pay-for-use, lower costs, scalability, rapid provisioning, rapid elasticity, ubiquitous network access, greater resiliency, and on-demand security controls. Despite these extraordinary benefits of cloud computing, studies indicate that organizations are slow in adopting it due to security issues and challenges associated with it. In other words, security is one of the major issues which reduces the cloud computing adoption. Hence, cloud Service Providers should address privacy and security issues as an urgent priority and develop efficient and effective solutions.

Application Level Security
Security levels in the cloud

Cloud computing utilizes three delivery models (SaaS, PaaS, and IaaS) to provide infrastructure resources, application platform and software as services to the consumer. These service models need different level of security in the cloud environment. According to Takabi et al. (2010), cloud service providers and customers are responsible for security and privacy in cloud computing environments but their level of responsibility will differ for different delivery models. Infrastructure as a Service (IaaS) serves as the foundation layer for the other delivery models, and a lack of security in this layer affects the other delivery models. In IaaS, although customers are responsible for protecting operating systems, applications, and content, the security of customer data is a significant responsibility for cloud providers. In Platform as a service (PaaS), users are responsible for protecting the applications that developers build and run on the platforms, while providers are responsible for taking care of the users’ applications and workspaces from one another. In SaaS, cloud providers, particularly public cloud providers, have more responsibility than clients for enhancing the security of applications and achieving a successful data migration. In the SaaS model, data breaches, application Vulnerabilities and availability are important issues that can lead to financial and legal liabilities.

Infrastructure Security Levels

Bhadauria and his colleagues (2011) conducted a study on cloud computing security and found that security should be provided at different levels such as network level, host level, application level, and data level.

Network Level Security: All data on the network need to be secured. Strong network traffic encryption techniques such as Secure Socket Layer (SSL) and the Transport Layer Security (TLS) can be used to prevent leakage of sensitive information. Several key security elements such as data security, data integrity, authentication and authorization, data confidentiality, web application security, virtualization vulnerability, availability, backup, and data breaches should be carefully considered to keep the cloud up and running continuously.

Application level security

Studies indicate that most websites are secured at the network level while there may be security loopholes at the application level which may allow information access to unauthorized users. Software and hardware resources can be used to provide security to applications. In this way, attackers will not be able to get control over these applications and change them. XSS attacks, Cookie Poisoning, Hidden field manipulation, SQL injection attacks, DoS attacks, and Google Hacking are some examples of threats to application level security which resulting from the unauthorized usage of the applications.

Data Security

Majority of cloud service providers store customers’ data on large data centres. Although cloud service providers say that data stored is secure and safe in the cloud, customers’ data may be damaged during transition operations from or to the cloud storage provider. In fact, when multiple clients use cloud storage or when Multiple Devices are synchronized by one user, data corruption may happen. Cachin and his colleagues (2009) proposed a solution, Byzantine Protocols, to avoid data corruption. In cloud computing, any faults in software or hardware that usually relate to inappropriate behavior and intrusion tolerance are called Byzantine fault tolerance (BFT). Scholars use BFT replication to store data on several cloud servers, so if one of the cloud providers is damaged, they are still able to retrieve data correctly. In addition, different encryption techniques like public and private key encryption for data security can be used to control access to data. Service availability is also an important issue in cloud services. Some cloud providers such as Amazon mentions in their licensing agreement that it is possible that their service is not available from time to time. Backups or use of multiple providers can help companies to protect services from such failure and ensure data integrity in cloud storage.

By Mojgan Afshari

Jen Klostermann

Telemedicine to medical smartphone applications

Telemedicine to medical smartphone applications With the current and growing worldwide concerns regarding the Coronavirus (COVID 19). Telemedicine is more important now than ever. What ...
Cloud Image Migration

The Best Web Migration Should Be Invisible to Your Customers

How you approach a migration of your assets to the AWS Cloud is important to getting it right When the British-bank TSB decided to migrate ...
Kevin Julian

Patients Increasingly are embracing technology, and so must the pharmaceutical industry

Patients Increasingly Embracing Technology COVID-19 has driven home the need to use digital solutions more broadly, which means C-Suites may be turning to their CTOs ...
Mark Kirstein

2020 Market Predictions: Cloud-Services Growth Will Continue

2020 Tech Market Predictions The beginning of every new year is a healthy time for businesses to survey the cloud landscape, reflect on the market ...
Bill Talbot

How IT Operations Can Survive and Thrive in a Multi-cloud World

IT Operations Can Thrive in a Multi-cloud World IT operations teams are contending with the reality that growing volumes of workloads are running across multiple ...
Business Virtual

Open Virtual Exchange (OVX) – Helping DSPs Fast Track the Monetization of SDWAN

Open Virtual Exchange (OVX) Bring agility and speed to market with intelligent network automation Digital Service Providers (DSPs) do have high expectations from virtual network ...