Nowadays, cloud computing is one of the most prospecting methods to optimize the IT infrastructure. Cloud computing is a technology that allows using the Internet to host computing resources and provide services. The use of cloud computing allows a person to transfer service of applications and data storage systems, which have a very high level of reliability, provide virtually unlimited resources, repeatedly reduce maintenance costs, and provide users with ready service. Cloud computing technologies have many advantages, but the problem of data safety by using the cloud computing concept is becoming a principal constraint.
Cloud computing is a concept, according to which programs give results of operation in a window of a standard web browser on the local PC. At the same time, all suplements and their data necessary for operation are on a remote server on the Internet. “Just as the Internet revolutionized and democratized access to information, cloud computing is doing the same for Information Technology (IT)” (Winkler, 2011, p. 1). Therefore, cloud computing is software accessible to users via the Internet (or local network) as a service that allows using a convenient web interface for remote access to dedicated resources (computing resources, programs, and data). At the same time, the user’s computer acts as an avarage terminal connected to the network. The concept of cloud computing is actively used by different companies, for example, Google. The most typical example is the Google Docs service, which allows working with office documents through a browser. “Now, not only businesses but regular Internet users are also using cloud computing services such as Google Docs, Dropbox and more to access their files whenever and wherever they want” (Passary, 2015). The company D-Link is a mover of cloud computing. It moved most of its non-ERP application portfolio to the cloud. “It has improved enterprise agility and risk management, decreased IT costs and shifted its focus to the business” (Cearley, 2011). The company received about $2 million cost savings. The are many advantages of cloud computing:
- Reduction of requirements for the PC processing power. An indispensable condition is available access to the Internet;
- Fault tolerance;
- High speed of data processing;
- Reduction of costs for energy, software, and maintenance;
- Economy of disk space. Programs and data are stored in the Internet.
Disadvantages of cloud computing include:
- Dependency on preservation of user data from companies providing the service of cloud computing;
- Origination of new (cloud) monopolies;
- In some cases, security of data storing is under threat.
Threats of Cloud Computing
Data processing center (DPC) is a collection of servers located on the same site in order to increase efficiency and security. Protection of data centers is a network and physical security, as well as fault tolerance and reliable power. At present, the market offers a broad range of solutions for servers and data centers from various threats. They share orientation on a narrow range of tasks. However, the spectrum of these problems has undergone some expansion due to gradual replacement of classic hardware systems to virtual platforms. In addition to known types of threats (network attacks, application vulnerabilities in operating systems, malicious software), there are complexities associated with control of the medium (hypervisor), traffic between the guest machine, and differentiation of access rights. Operation of modern data centers in a number of industries requires closure of technical issues, as well as issues relating to their safety. Financial institutions (banks and processing centers) are subjected to a number of standards, implementation of which is laid on the level of technical solutions. Penetration of virtualization platforms has reached a level where almost all companies that use these systems very seriously address the issue of strengthening security in them.
In modern conditions, it is becoming increasingly difficult to protect business-critical systems and applications.The advent of virtualization has become an urgent reason for a large-scale migration of most systems on VMs. “With more recent advantage in virtualization, computers virtually multiplied inside their own cases in the form of VMs” (Winkler, 2011, p. 12). However, the task solution to perform safety relating to the operation of applications in the new environment requires a special approach. Many types of threats are studied sufficiently. Means of protection have been developed for them. Nevertheless, they still need to be adapted for use in cloud computing.
Existing Threats of Cloud Computing
Control and management of clouds are a security issue. There are no guarantees that all cloud resources are counted. There should not be uncontrolled virtual machines running unnecessary processes. It is a high-level type of threats as it is associated with handling of the cloud as a unified information system and general protection should be built individually. It is necessary to use the risk management model for the cloud infrastructure. At the core of physical security, there is strict control of physical access to servers and network infrastructure. Unlike physical security, in the first place, network security is a structure of a reliable model of threats, including intrusion prevention and firewall. Using a firewall involves filter operation in order to distinguish between the internal data center network and subnetworks with different levels of trust. It can be a separate server available from the Internet or servers from internal networks. In cloud computing, a virtualization technology performs a vital role of the platform.
Difficulties in Moving Normal Servers in Cloud Computing
Safety requirements for cloud computing do not differ from security requirements for data centers. However, data center virtualization and transition to cloud environments lead to the emergence of new threats. Internet access to the management of computing power is one of the key characteristics of cloud computing. In the majority of traditional data centers, physical layer controls engineers access servers. They work via the Internet in cloud environments. One of the main criteria for protection is differentiation of transparency of changes and access to control at the system level.
Dynamism of Virtual Machines
Virtual machines are dynamic. In a short time, it is possible to create a new machine, stop its work, and start it again. They are cloned and can be moved between physical servers. This variability is difficult and affects development of safety integrity. However, vulnerability of applications or the operating system in a virtual environment spreads uncontrollably and often occurs after a random period of time, for example, when restoring from a backup. In a cloud computing environment, it is important to secure the protection status of the system, while it should not depend on its condition and location.
- FREE plagiarism report(on request)
- FREE revision (within 2 days)
- FREE title page
- FREE bibliography
- FREE outline (on request)
- FREE e-mail delivery
- FREE formatting
- Quality research and writing
- 24/7/365 Live support
- MA, BA, and PhD degree writers
- 100% Confidentiality
- No hidden charges
- Never resold works
- 100% Authenticity
- 12 pt. Times New Roman
- Double-spaced/Single-spaced papers
- MA, BA, and PhD degree writers
- 1 inch margins
- Any citation style
- Up-to-date sources only
- Fully referenced papers
Vulnerability in a Virtual Environment
Cloud computing servers and local servers use the same operating systems and applications. For cloud systems, the threat of remote hacking or malware infection of PC is extremely high. The risk for virtual systems is also high. Parallel virtual machines increase the “attack surface”. A system of intrusion detection and prevention should be able to detect malicious activity at the level of virtual machines regardless of their location in the cloud.
Perimeter Protection and Network Demarcation
When using cloud computing, the network perimeter is smeared or disappears. It leads to the fact that protection of the less secure portion of the network determines the overall level of security. To distinguish between segments with different levels of trust in the cloud, virtual machines must provide themselves with protection by moving to the network perimeter to the virtual machine. Corporate firewall is the main component for the implementation of IT security policy and differentiation of network segments not able to influence servers hosted in the cloud.
Attacks on the Clouds and Solutions on their Removal
Traditional Attacks on Software
Vulnerabilities in operating systems, modular components, and network protocols are traditional threats, for protection against which it is sufficient to establish a cross-bridge screen, firewall, antivirus, IPS, and other components that solve this problem. It is important that data protection work effectively in virtualization.
Functional Attacks on the Elements of the Clouds
This type of attacks is associated with multi-layered clouds and the general principle of security. To protect against functional attacks for each part of the cloud, there are definite means of protection: effective protection against DoS-attacks for the proxy, integrity monitoring of pages for the Web server, the screen-level applications for the application server, protection against SQL-injection for database, correct backups for storage, as well as access control. Individually, each of these defense mechanisms has already been established. However, they have not come together for comprehensive protection of the cloud. Therefore, the task of integrating them into a single system should be solved during the creation of clouds.
Attacks on the Client
Most users are connected to the cloud using a web browser. However, there are such attacks as Cross Site Scripting, theft of passwords, interceptions of web sessions, the “man in the middle”, and many others. “Phishing, exploitation of software vulnerabilities such as buffer overflow attacks, and loss of passwords and credentials can all lead to the loss of control over a user account” (Babcock, 2014). The only way to repel this type of attack is the correct authentication and use of the encrypted connection (SSL) with mutual authentication. However, these remedies are not very comfortable and very wasteful for creators of the clouds. Moreover, there are many unsolved problems in this information security industry.
Attacks on the Hypervisor
The hypervisor is a key element of the virtual system. Its main feature is sharing of resources between virtual machines. The attack on the hypervisor can lead to the fact that one virtual machine may be able to access memory and resources to others. Futhermore, it will be able to intercept network traffic, take physical resources, and even displace the virtual machine from the server. As standard protection methods, it is recommended to apply specialty products for virtual environments, integration of host servers with directory service Active Directory, use of policies of complexity and password aging, as well as standardization of procedures for access to manage funds of the host server and use the built-in firewall of the virtualization host. Besides, it is possible to disable unused services such as, for example, web access to the server virtualization.
Attacks on Control Systems
A huge number of virtual machines used in the clouds requires a control system able to control creation, utilization, and transfer of virtual machines. Intervention in the control system can lead to invisible virtual machines that can block some virtual machines and substitute others (Pearson & Yee, 2012).
Solutions on Protection Against Security Threats from Cloud Security Alliance
The Cloud Security Alliance (CSA) has published the most effective ways to protect security of clouds. After analyzing information published by the company, there are the following solutions:
- Data integrity and encryption. It is one of the most efficient ways to protect data. The provider that gains access to data should encrypt customer information stored in the data center, as well as delete it permanently in case of absence of necessity.
- Protection of data in transmission. Encrypted data when transmitting should be available only after authentication. It will be impossible to read or make changes in data even in case of access through unreliable nodes. These techniques are well-known. Algorithms and reliable protocols AES, TLS, and IPsec have long been used by providers.
- Authentication is password protection. To ensure higher reliability, there are such means as tokens and certificates. For transparent interaction of the provider with the system identification at authorization, it is also recommended to use LDAP (Lightweight Directory Access Protocol) and SAML (Security Assertion Markup Language).
- User Isolation. It means the use of an individual virtual machine and a virtual network. Virtual networks should be deployed with the application of such technologies as VPLS (Virtual Private LAN Service), VLAN (Virtual Local Area Network), and VPN (Virtual Private Network). Frequently, providers isolate user data from each other by changing the code data in a single software environment. This approach has certain risks associated with the risk to find a hole in a non-standard code that allows access to the data. In case of a possible mistake in the code, the user can receive wrong data. In recent years, these incidents have occurred quite often.
Described solutions on protection against security threats of cloud computing have repeatedly been used by system integrators in the projects of building private clouds. After applying these decisions, a number of incidents has significantly decreased. However, many problems associated with protection of virtualization still require careful analysis and elaborate solutions (Krutz & Vines, 2010).
Cloud technologies are at the center of discussion since the advent of the concept of Web 2.0. Despite widely advertised promises of cost savings, many organizations are hesitant to implement cloud solutions for security reasons. Like any other technology, the cloud environment is vulnerable to malicious attacks. However, if to understand what security problems can be in the cloud, it can be concluded that the protection of the resources is possible.