Topic: Cloud Computing
Type: Research Paper Subject: Information Technology
Academic Level: Undergraduate
Style: MLA
Language: English (U.S)
Number of pages: 8 (double spaced, Times New Roman, Font 12)
Number of sources: 5
Task details
Write a 2000-word research paper that discusses the current state-of-the-art in cloud computing. The paper should discuss both the currently available technology and possible
New developments and designs to come in the next decade. The sources for your paper
are limited to the primary articles (not columns) in IEEE publications that have appeared
Since Jan. 2009:
1. Surname 1
Topic: Cloud Computing Type: Research Paper Subject: Information Technology
Academic Level: Undergraduate Style: MLA Language: English (U.S)
Number of pages: 8 (double spaced, Times New Roman, Font 12)
Number of sources: 5
Task details Write a 2000-word research paper that discusses the current state-of-the-art in cloud
computing. The paper should discuss both the currently available technology and possibleNew
developments and designs to come in the next decade. The sources for your paperare limited to
the primary articles (not columns) in IEEE publications that have appearedSince Jan. 2009:
2. Surname 2
Security and Privacy Threats Facing Cloud Computing Technology
INTRODUCTION
Cloud computing is a technology that works under the principle of resource sharing
through self-provision means. Most organizations utilize resource sharing of this technology by
storing data in the cloud, thereby economizing the use of resources while improving efficiency in
their operations (Walker, Brisken and Romney 44). The resources to be shared must, however,
be characterized by massive scalability and elasticity to facilitate the pay as you go model1
(Mather, Kumaraswamy and Latif 7). Quite a number of technologies have been incorporated in
cloud computing, primarily to enhance efficiency of cloud services2
(Cutillo, Molva and Strufe
94). Although this area is a recent development in computing, its initial users and researchers
who have experimented with the few cloud providers’ platforms and technologies already in the
industry, have repeatedly complained of vulnerabilities in the services offered. This paper will
delve on some of the security and privacy concerns that cloud computing face, from both
perspectives of the user and the service provider. The paper will also make some
recommendations on how the available and new approaches to be developed can help in solving
those issues. This means, both the current literature and future possible developments in
technology will be vitally necessary for a successful completion of the study.
LITERATURE REVIEW
1
Pay as you go is used to refer to a state where the user’s contract to use resources is instantly renewed when a
new payment for the resources is made on expiry of the previous payment.
2
Utility computing, virtualization, service-oriented architecture, and web 2.0 platforms are among the few
technologies incorporated in cloud computing
3. Surname 3
Existing written works (Mather, Kumaraswamy and Latif) depicts cloud computing as a
service factory, surrounding web-scale data centers. This service as evidenced from IBM,
Google, and Amazon platforms is vulnerable to cyber-attacks. Unfortunately, cloud service
users are naive to realize such weakness contained in cloud services, as all they value is the great
data processing and elastic resources they get from using cloud computing technology, making
them ignore the fact that cloud services are subject to issues like copyright violation, abuse of
privacy, and security breaches (Kai, Kulkareni and Hu). This fact is emphasized by Mather,
Kumaraswamy and Latif, who argued out that although cloud services contain many attractive
features, precaution measures should be observed before a user fully engages in the use of cloud
services. In this regard, Mather, Kumaraswamy and Latif acknowledged cloud computing
technology as a paradigm shift suitable to replace the traditional norms used by organizations to
organize their data center, and deperimitize their data infrastructure that might have been
possibly made opened by hackers as a result of using a weak data security framework that is
vulnerable to cyber attackers3
. However, the suitable approach that cloud providers should use to
shift to this new technology should have the capacity to consider data sensitivity, which can be
achieved via planning thoroughly to ensure that all computing processes are compliant with the
laid down regulations for a stable privacy to be maintained without any violation that possess the
potential to damage cloud users’ information or property. Lisovich, Mulligan and Wicker on
their part, understand cloud computing to entail demand-response systems that result into
detailed power-consumption data utilities, comprising a diversity of players whose aim is to help
users on how to effectively utilize their energies in data management and security, without
necessarily caring whether such efforts result in the creation of new privacy concerns in the
3
To deperimitize is to develop a strategy that employs the use of encryption and dynamic data-level
authentication to provide multi-level data protection
4. Surname 4
cloud computing environment (Lisovich, Mulligan and Wicker 11). In this context, their research
contrast that one of Mather, Kumaraswamy and Latif, who considered data security as the first
priority when a user makes a decision regarding outsourcing of information technology services
like cloud computing, especially if the decision entails moving an organization’s processes to the
cloud, known to have resources that are public and being shared by many users, with even some
having malicious intents that may breach security of other users’ data4
. As such, Mather,
Kumaraswamy and Latif in their opinion, recommends organizations before shifting to the new
technology, to take a risk-based approach that thoroughly analyzes the available security and
privacy options before moving all their processes to the cloud environment. This is one way
through organizations will be able to maximize the effectiveness of their operations and
minimize costs. Thus, this argument can be justified, as from a literal point of view, addressing
security and privacy issues after implementing the concerned system or process is not only
technical and expensive, but also renders the organization vulnerable to potential adversaries. As
such, it is essential for organizations to first understand cloud computing services offered by
cloud providers, in terms of their security and privacy issues, before fully dedicating their
operations to be accessed from the cloud. This includes making sure that the cloud computing
solution to be engaged is flexible to incorporate all security and privacy issues held by the
organization.
OBJECTIVE
The central directing principle of this study will be security and privacy issues that both
cloud providers and cloud users encounter in their operations. This means the study will be
answering the question that regard to security and privacy issues that cloud computing
4
Organization’s processes may be data, and applications used in daily running of the organization
5. Surname 5
technology face, by discussing various issues that renders the use of cloud services vulnerable.
Possible developments and designs that can secure this technology will also be highlighted to
make cloud computing more secure and attractive to users.
METHODOLOGY
No particular area was chosen to carry out the research as it was governing issues that
users across the globe face. Therefore, the researcher made the study an open-ended one.
Descriptive research designs, were, however, essential to facilitate proper understanding of the
research question. Besides, being a new emerging field, not much had been discussed to provide
users with a clear view of the benefits and risks associated with cloud computing. Therefore, it
was essential to provide some insights that would help users to come up with viable decisions on
whether or not to transfer all their organizational processes to the cloud environment.
Since the study was not to be practically conducted in the field, the primary source of
data was to be retrieved from secondary sources, including existing literature from previous
researches conducted by technology-oriented experts. However, sources to be used were strictly
to have been published after Jan 2009 in the IEEE magazines. This is because technology
changes on a daily basis, thereby using older sources would not have revealed the actual situation
faced by cloud computing providers and users on the ground. The sources to be used could easily
be accessed online with the help of Google Scholar, which is a recommended search engine for
academic tasks. As the data sources belonged to other people, the research was to receive
approval from his instructor before using them, in that, no commercial use of the data collected
would be allowed.
RESULTS AND DISCUSSION
6. Surname 6
From the study’s results, one major problem affecting users, especially organizations
relying on cloud computing was governance related issues. Mather, Kumaraswamy and Latif
from their point-of- view, understand governance in computing as a user control and oversight
over policies and procedures required in developing applications and acquiring information
technology services. A good example of governance problem is the inadequacy of organizational
control over its employees who arbitrarily use cloud computing services. Such practices were
found by the researcher to raise privacy concerns and security breaches, especially in situations
where some employees could go to an extent of disclosing customers’ information and leaking
out organization’s information to unauthorized people requiring such information for their
material gains. According to the study;
Employees could be tempted to leak out confidential data of an organization to its
competitors in exchange for money, especially if the organization that they worked for
did not treat them fairly in terms of compensation for their services.
In this regard, cloud providers should enforce the use of robust sensors and algorithms
that authenticates users before accessing data stored on their servers. Such algorithms should
have the capacity to analyze user data, in that, a user is allowed only to access information meant
for him or his organization. Additionally, cloud computing users should understand that risk
management in cloud computing is more technical. Therefore, they should help cloud computing
providers to enhance the security of the data they provide to be stored in the cloud, by ensuring
that adequate audit mechanisms and tools were used to encrypt and authenticate data at the
organizational level. From this argument, it is evidence that both the user and the provider were
to coordinate properly for the required governance to be achieved.
7. Surname 7
Apart from governance, the study also managed to reveal management of access and
identity as being an area of concern in cloud offering and using cloud computing services. In this
context, the research managed to establish that any user data submitted for storage to the cloud to
only be accessed by authorized personnel as a way of avoiding security breaches and maintain
data confidentiality. However, the researcher went ahead to establish that the framework that had
been implemented by most organizations to identify and authenticate users accessing their data
to incompatible with cloud computing platforms. To make the matter complicated, the study also
realized that changing the framework that had been already implemented at the organizational
level to make it cloud computing compatible, would not only be challenging, but expensive due
to the expertise required to carry out the changeover process. As such, Cutillo, Molva and Strufe
had to propose that organizations operate two frameworks, one for the organization and another
one for the cloud. Their proposal, however, turned out to be unpractical due to lack of
coordination between the user and the provider, in terms of the trust (Cutillo, Molva and Strufe
94). But since the area being studied was a technological one, carrying out various tests was still
viable. As such, new ideas like federation identification in service-oriented architecture needed
to be tested because the little available literature from previous studies had depicted federation
identification to have the potential of developing a strong relationship between the service
provider and the user, which could allow them to share digital identities and attributes across the
domain being used at both organizational and cloud computing levels. Such a strategy would be
meant to ensure that a user who sign-in to a domain used internally at the organization level
could access data stored on the external-based domain running cloud services. Additionally, the
new platform was not to allow multiple login using the same access codes, and therefore, it
would also use the user’s internet protocol (IP) address to map the user’s location to the domain.
8. Surname 8
From a literal point-of-view, implementing such an approach seemed to be easy. However, it the
researcher found it interesting that a thorough and precise interpretation of transactions with the
ability to manage user identification and access to both organizational-based and cloud-based
domains were required to provide assurance of a definite protection of both the internally and
externally based servers against cyber crimes and attacks5
. A research carried out at Anna
University also identified and proposed a new security framework that utilizes dispersion
techniques to discard the path and prevent the data packets send by a malicious device to a
network domain or cloud computing servers. This would be another approach to prevent multiple
logins into the system with the same security-authentication, thereby would also prevent
intruders from gaining unauthorized access to the system by only allowing authentic users to
access and use the services. According to Mather, Kumaraswamy and Latif, that framework was
to be referred to as “Reliable and Secure Framework”. He went ahead to quote as follows in the
IEEE Security and Privacy magazine;
The reliable and secure framework comes with a multi-path routing algorithm that is
characterized by an inbuilt potential to determine a set of device-disjoint reliable paths,
arranged from the highest order to the lowest order according to their reliability index,
thereby facilitating simultaneous dispersion and transmission of data packets via the most
reliable and secure disjoint paths.
According to Mather, Kumaraswamy and Latif’s argument, the reliable and secure framework if
successfully implemented and adopted by both cloud computing providers and organizations,
whose operations were internet-based, had the potential to add value as it would reduce overhead
and delay of packets that previously were being intercepted by the wrong people before reaching
5
Cybercrimes include spamming, hacking, or phishing as a result of the sheer number of connected devices,
sharing a pool of resources stored at a single place.
9. Surname 9
their intended destination. This was possible as the proposed framework was to increase the ratio
at which packet delivery would be occurring6
.
CONCLUSION
In a nutshell, the study primarily sought to find some of the security and privacy issues
related to the use and provision of cloud computing services. Governance and identification and
authentication were the issues recognized by the study. Although to some extent solving these
issues could turn out being a puzzle, the study managed to propose new ideas the reliable and
secure framework that would help organizations, who are the primary users of cloud computing,
and providers of the service to get rid of user identification and authentication. Governance, on
the other hand, was to be solved by having both the user and the provider understand risk
management issues related to cloud computing (Mather, Kumaraswamy and Latif 258).
However, this research does not mark the end of the road as many other issues related to the user
and provision of cloud computing services still exist. As such, the technology will only be
regarded as a viable shift from the traditional models and controls after all the remaining issues
have been studied and possible frameworks with ability to handle them proposed and
implemented for adoption by cloud computing users and providers.
6
Interception of confidential data like access codes may cost an organization to loss data, privacy, finance and
security breaches, especially if whoever manages to intercept such data has malicious intents.
10. Surname 10
Works Cited
Cutillo, L.A., R. Molva and T. Strufe. "Safebook: A privacy-preserving online social network
leveraging on real-life trust." Communications Magazine, IEEE (2009): 94, 101.
http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=5350374&url=http%3A%2F
%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D5350374
Kai, Hwang, S. Kulkareni and Yue Hu. "Cloud Security with Virtualized Defense and
Reputation-Based Trust Mangement." Dependable, Autonomic and Secure Computing.
Chengdu: IEEE, 2009. 717. http://ieeexplore.ieee.org/xpl/login.jsp?
tp=&arnumber=5380613&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls
%2Fabs_all.jsp%3Farnumber%3D5380613
Lisovich, M.A., D.K. Mulligan and S.B. Wicker. "Inferring Personal Information from Demand-
Response System." Security & Privacy, IEEE (2010): 11.
http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=5403146&url=http%3A%2F
%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D5403146
Mather, Tim, Subra Kumaraswamy and Shahed Latif. Cloud Security and Privacy: An
Enterprise Perspective on Risks and Compliance. New York: O'Reilly Media, Inc.,
2009.http://books.google.co.ke/books?
hl=en&lr=&id=BHazecOuDLYC&oi=fnd&pg=PR7&dq=IEEE+Security+and+Privacy+
Magazine&ots=Fz-6N-
rWC9&sig=JlN62Q3GbGyHRwzOcMEpKVVuLX8&redir_esc=y#v=onepage&q=what
%20is%20cloud%20computing&f=false
11. Surname 11
Walker, E., W. Brisken and J. Romney. "To Lease or Not to Lease from Storage Clouds."
Computer (2010): 44. http://ieeexplore.ieee.org/xpl/articleDetails.jsp?
tp=&arnumber=5445166&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls
%2Fabs_all.jsp%3Farnumber%3D5445166