Cloud computing is a fundamental shift from traditional client/server or tier architecture which lays emphasis on effective utilization of IT infrastructure, reduction in operational cost and optimum customer satisfaction thus helping the enterprise in increased profits with satisfied customers.
“Cloud Computing is a computational model (not a technology)” which aims at lowering the business costs by providing everything as “x as a service” to their customers via third party vendor (in public and hybrid clouds) using “pay as you go model”. Data is held largely in the big third party data centers which take us back to 70’s and 80’s era of some powerful machines with the differentiation of virtualized environment (servers, storage and networks) and multi-tenancy & scalability capability.
There are many security issues than the traditional “authentication & authorization, integrity, consistency, backup & recovery” which might turn out to be abuse of technology, if not considered.
The modern issues are as follows
- Security of data at data center: Organizations are skeptical about the data security because of “third party vendor and multi tenancy”. Choice of cryptographic and hash algorithms used, how it works at transport layer and how data protected from other tenants being the center issue. Multi-tenancy is the obvious choice for the cloud vendors for scalability but large enterprises see it as a weapon to exploit their huge database.
- Instance hijacking: when a hackers/intruders captures the instance of the application by simple hacking mechanism or through the other running instances of the application in a different geography. Virtual Machine or Instance attacks can be caused. Vm-Vm attacks can occur which can be lethal for whole cloud environment.
- Cloud v/s cloud: People are afraid that the intruders/hackers will abuse the cloud computing power to attack them. Hacker Thomas Roth claims to break all SHA-1 hashes of password length 1 to 6 in just 49 minutes.
- Virtualization: Virtualization of the application, desktop and server itself has many security issues, they Hypervisor may not be as powerful as it should be and it may lead to attacks.
- What about “data in motion”: Generally ,a service is replicated 3 or more times as in Windows Azure so considerable amount of data lies over the internet due to high replication for scalability and flexibility with geo-distribution around the world which “makes data available “ for good amount of time hence its security is a concern.
- No security standards, protocols and compliance on vendors: There is no industry standard definition of cloud computing, it’s working model, security algorithm, protocols and compliances which a company must follow. Enterprises resist public & hybrid clouds due to lack of legal support.
- Untrusted interfaces or the APIs: It is very difficult for the developer to make a secure application third party APIs and interfaces are hard to trust.
- Threat from future computational models- Quantum computing when it will be applied with the cloud computing then the computation will increase tremendously even without much powerful hardware.
“Security” is always a major issue for the customers be it large enterprise or be it end users. To have a satisfied customer it is essential that they must be provided with reliable security system.