The purpose of this paper is to talk about how security concerns of cloud computing matter to business as well as to other organizations and looking for the solution of the problems. Public cloud computing provides immense convenience but at the same time consists of huge privacy and security risks. The paper will discuss this problem from survey done by other researchers and the realistic problems cause by leakage of cloud data.
The reason why I decided to pick this topic is because this cloud technology has never been as related to us as today. We take photos everyday and instantly upload to all kinds of social media and share to others by cloud service; discussing group work and editing documents through goggle drives with teammates without having actual meeting and backing up the data without consuming the storage of hardware. Nowadays cloud service has become kind of “fashion trend” so every relevant industries want to take advantage of it and become more competitive than their rivals.
However the security of data accompanied the widely use of cloud computing is becoming the major concern which cannot be neglected any more. The first article is “Cyber Security Considerations When Moving to Public Cloud Computing” by Muhammad A. Bedlams, which mainly examines the potential and possibility of data security concerns to derail the future of public cloud computing. I am so interested in the Cloud computing since The reason why chose this article is because that the author interviewed four real- life companies which represented different level of profitability and scale of operation.
The best definition of cloud computing provide by (Brands, 2010) as ” collections of IT resources, (servers, databases, and applications) which are available on an on-demand basis, provided by a service company, available through the Internet, and provide resource pooling among multiple users. ” Since the service is provided by specific company and use Internet as medium, the two possible questions initiated here is the accessible and non-isolated location of data( Internet) and ethics worries of insiders.
According to the article, Cloud Security Alliance(2011) identifies seven major threats– Abuse and Nefarious Use of Cloud Computing Services; Insecure Application Program Interfaces; Malicious Insiders; Shared Technology Issues; Data loss/Leakage; Account Service and Traffic Hijacking and Unknown Risk Profile. From the feedback of the questionnaire conducted, the four companies which identified as Alpha, Beta, Gamma, and Theta corresponding to their rank in annual profitability, shows different caring in terms of Preventive and contingency, Network security, General security.
However, data security comes to first place no matter for the member of Fortune 1 00 companies like Alpha or the business entity only consisting of two partners like Theta. But there is limitation in the study since it doesn’t have a large sample size which impacted the reliability and validity of the results. It may not able to generalize the results of the study but the fact that data security becoming the most important concern is not hard to imagine since data is the core of a company. And another shortcoming of the articles is lack of possible solution to the problems.
However, in the other article I studied, the leaking of documents of the U. S. National Security Agency earlier 2014 reignited the concerns of vulnerability of the cloud service. The author of “Cloud computing 2014: Moving to a zero-trust security model”, Fijian, talked about the leaking of NSA and further discussed possible way to improve cloud security. This reminded me of the Hollywood photo scandal happened in 2014. On August 31, a collection of around 500 private pictures of celebrities were posted online and spread across Internet.
The images were believed to have been obtained via a breach of Apple’s cloud services suite cloud. This happening caused so bad influence to those people involved and led to worries of the privacy problem of cloud. According to what Fijian suggested in his article, there some way to help protect the data stored in cloud. The several key areas include data encryption, key management and data ownership, rationalization, and the need for increased government transparency, to improve cloud security. F you are wondering why intricate data encryption is the most effective way of securing data in cloud and why providers don’t just do it at the first place, let me tell you. “Cloud encryption is a service offered by cloud storage providers whereby data, or text, is transformed using encryption algorithms and is then laced on a storage cloud” (Rouse) Since basic encryption such as password cost less, most provider would not bother to provide more complicated encryption before.
But with the security problems occurred over and over again, encryption has gained more and more attention, For instance, Google Cloud Storage now automatically encrypts all new data before it’s written to disk. Such server-side encryption will soon be available for older data stored in Google clouds. As for the key management system, people starts to worried about the insider leaking because just most companies don’t reveal their hiring standards and policies, people who hold the key may take advantage of it.
In addition, the key could also be requested by government agencies without notifying the data owners. The article started from the realistic data leaking and then talked about the key areas of cloud security needed to be pay attention and mentioned the improvements made by all different service companies which is more down-to-earth than the first article which is pure academic study. But it is true that these two articles investigated cloud security from different perspectives and combined to be more completed.