Cloud, commonly known as “The Cloud” is a rented storage space on internet for individual users as well as for corporate customers. While using cloud, our data security is at risk. The important concern for us is that how we can keep our data secure. Many experts advise that we should not put extremely sensitive data on cloud. This information can be kept in on your own devices. Mobile devices due to their limited storage and computing abilities need clouds. Most of the clouds in our mobile devices like Google and Drop Box are free of cost and leave out the need of putting a new SD card. Same is case for corporate users that have large chunk of corporate data from surveys, researches, accounts, marketing etc. It saves a large cost for individuals and enterprises. Cloud computing service provider lends you all those services and large storage space on comparatively lower costs. For corporate customers, Cloud Computing is claimed to be an efficient and cheap solution. It is said to be a replacement of the client-server model. However, this paradigm shift has resulted in the loss of control over data and has aroused a number of new security and privacy problems.
If for an individual or a company, using Cloud is the only option, than some research must be done in order to choose the right Cloud Computing. Most famous cloud providers are
- Sugar Sync
- Amazon Cloud Drive
- Windows Live Mesh
- Spider Oak
Major cloud Service models:
Most of the cloud services refer to three major types of service model i.e.
- Infrastructure as a service (IAAS),
- Platform as a service (PAAS),
- Software as a service (SAAS).
Each model offers different capabilities. Other cloud computing services include:
- Business process as a service
- Data as a service
- Security as a service
- Storage as service
Cloud computing has several deployment models that include:
- Hybrid and
Lets review some of the main security issues of the Cloud Computing
Security issues in The Cloud:
Cloud computing relies on shared computing resources instead of having local servers or personal devices to handle the applications. Different services like Servers, Storage and Applications are delivered to the customer’s computers and devices through internet. There are two main issues that exist with security and privacy of Cloud Computing
Loss of control over data:
- Typical issue due to the loss of control over data is due to cloud operation on internet which is working globally and is built on self regulating technologies. Hence services react and make decisions on their own. Since most of the famous clouds are used by people all over the globe, no one knows where the data is being stored, and processed.
- The data is not always sufficiently protected and involves security threats like eavesdropping, DNS spoofing, and Denial-of-Service attacks.
- The trans- border flow of data makes the security and control issues more complex, not only for the companies but for the countries making the legislations to secure the data. Every country has its own legislation for data security on cloud in its own border. If you have a security complaint, no one knows where the security crack was done.
- This becomes more sensitive when Cloud Computing services perform data mining techniques to analyze users data. Social media applications most of the time encourage users to share their private life e.g. private photos. Compliance is not an effective solution since legislative compliance is not sufficiently defined.
Dependence on the provider:
- In case a user decides to stop using a cloud service, there is no guaranteed deletion of data. It is impossible to delete all copies of electronic material because user have no idea that at which places the copies of data lie.
- If the Cloud Computing provider goes bankrupt and stops providing services, the customer faces problems in accessing data. Some Cloud Computing services like Google Docs do not include any contract between the customer and Cloud Computing provider. In this case there is nothing to refer to.
- Cloud Computing services are usually offered by large providers that deals with smaller customers. Therefore , customer do not have many choices in order to change its service provider.
- The facts related to processing and storage of data, e.g. the physical location of data storage should be transparent in the contract between cloud computing provider and the customer.
- It is wise to keep the local backup of essential data by customers to guarantee the availability of data.
- The telecommunications network that supports the cloud computing services should be secured and protected against malware and DOS attacks. An external audit should be conducted for this purpose.
- The usual users should be educated regarding the new cloud computing technology. They should be educated to make competent decisions including what information should be transferred into the Cloud and under what circumstances.
- A number of studies today show that encrypted data is safest data on the cloud. In this case, not even the cloud service administrators can access your data. Data in the form of files and folders can be zipped and protected with passwords. These passwords should be strong enough to be hacked. Simply share the passwords, if the user wants to share the data.
- An encrypted cloud service may cost higher but is a fair solution to privacy attacks. Some clouds like Spider Oak and Wuala provide complete privacy by encrypting your files on your own computers and secure them safely on the cloud in addition to providing storing and back up services.