Privacy Efficiency of Maintaining Security in Cloud Computing
Interest in maintaining security in cloud computing has developed rapidly over the recent years. This is as a result of the advantages of significant flexibility in privacy, efficiency and availability of the computing resources at affordable costs (Halpert, 2011). Privacy and security, however, have remained a concern for most of the organizations and agencies considering cases of migrating applications to cloud computing environments. Organizations have been able to facilitate improvements in efficiency and the ability to ensure quick responses and reliability to the needs of consumers through contracting for cloud services. Cloud computing encompasses a significant range of underlying configuration and technology options (Halpert, 2011). Due to the implications cited for availability and greater flexibility at reliable costs, cloud computing has become a subject of great deals in privacy.
Privacy Efficiency of Maintaining Security in Cloud Computing
The service benefit of cloud computing from the economies of scale involves versatile use of specialization, resources and practicable efficiencies. However, much about cloud computing aims to identify the significant paradigms to use in providing a taxonomy concept for conceptualizing the importance of security and privacy. Public cloud computing was a vital deployment model with significance in the modern technological advancement (Halpert, 2011). A public cloud involves an infrastructure and computing resources made available over the internet to the general public. The outlook of cloud computing varies significantly among organizations. This is due to the inherent differences in purpose, exposure to the general public, assets held, tolerance to risk and the faced threats.
From a security perspective, determining the reliability of cloud services under the deployment model for an organization is challenging without proper understanding of the organization environmental context (Brands, 2000). This majorly involves examining the context in which such organization carries out its operations and the risks from plausible security threats it faces. Therefore, an organized set of security objectives forms a key aspect in making decisions about information outsourcing technology services (Brands, 2000). This is in relation to decisions about transitioning organizational resources to the perspective of public cloud computing.
Cloud computing models
This is a model established to enable convenience, on-demand network access to a shared configurable computing resource pool. The resources can be provisioned and released through minimized management of service provider interaction (Mahmood & Hill, 2011). Cloud computing has two forms of significant models, namely delivery and deployment models. The network architecture of cloud computing has three different network entities meant to enhance data security as follows:
- User: this is an entity that has the data for storage in the cloud and relatively relies on cloud computing for data storage and computation. Users can be either individual or enterprise
- Cloud server: it is an entity managed through a cloud service provider in the provision of secure data storage services. It has significant computation resource and storage space.
- The third party auditor: this is an optional TPA with the expertise and capabilities that users lack. It is trusted in assessing and exposing security risk of cloud storage services upon request on behalf of the user.
In data storage, users are able to store data through the cloud server provider into a significant set of cloud services running on a distributed, simultaneous and cooperated manner. Data redundancy employment is possible through techniques of erasure-correcting codes (Horrigan, 2008). This is to tolerate the results as the data stored grows in significance and size. Privacy efficiency enables the maintenance of such data for application purposes in which users interact with the cloud computing servers through the CSP. This enables the accessibility or retrieval of data. To ensure the data is secure, the user may sometimes perform block level operations on such data. The general forms of such operations include the block update, insert, delete, and append (Horrigan, 2008).
As the users are unable to access data at this level, it is of significance to ensure the data is correctly stored and efficiently maintained. The users, therefore, should have the security means to make continued correctness assurance guarantee privacy, efficiency (Van Blarkom, 2003). This is to enforce the cloud storage service-level cited agreement of the data stored. In this model, point-to-point communication channels are of significance between the cloud server and immediate users. This requires authentication and reliability which are achievable in practice.
In order to attain the objectives of the research, the following research questions guide the research:
- Which cloud computing services are used today and what are the possible security requirements in respect to confidentiality?
- Which cloud architecture is relatively available and what are some of the security controls do the service providers have in place with respect to privacy efficiency?
- How can cloud architecture be classified on the area of security efficiency?
- How can mapping be created for privacy, data classes to cloud computing architecture operating on securing data?
Key privacy and security issues
Insights into the vital aspects of security are gleaned from reporting cases of the early adopters. The researchers experimenting and analyzing the available cloud provider platforms have also reported security issues (Gallagher, 2013). In ensuring privacy efficiency in cloud computing, there are significant factors that are considered, including compliance, governance, architecture, and identity and access management. It involves the aspect of conformance, especially with the specification established, regulation standard or the law. Governance as one of the vital factors involves an oversight and control over procedures, policies and standards in application development (Gallagher, 2013). This is also applicable in implementation, monitoring and testing of the deployed cloud computing services. The table below provides the summary of security mechanisms as provided by the major cloud service providers.
|Security mechanisms of the service providers|
|Password recovery||90% use the common services 10% use the sophisticated techniques|
|Encryption mechanism||40% use the SSL encryption 20% use the encryption mechanism 40% utilizes the advanced methods such as the HTTP|
|Data location||70% of the data centers have locations in more than one country|
|Availability history||40% indicate of data loss 60% indicate of data availability as well|
|Proprietary/open||10% have an open mechanism|
|Monitoring services||70% provide the extra monitoring services 10% use an automatic technique 20% are never open about such issues|
To ensure the dependability and security for cloud data storage under the respective models, organizations should aim to design reliable mechanisms for verifying dynamic data (Mahmood & Hill, 2011). Through such operations, the following is achieved:
- Storage correctness: this ensures users of their data appropriate storage through assuring them that the data is kept intact in the cloud all the time.
- Data error fast localization: this is to locate the significant malfunctioning servers when the data corruption has already been detected.
- Dynamic data support: this is applicable in maintaining a similar level of the storage correctness assurance. This applies even if users make modifications, performs deletions or append the data files in the cloud.
- Dependability: this is meant to enhance the availability of data against Byzantine failures, server colluding attacks, and malicious data modification. This may include limiting the effects resulting from data errors of cases of server failures.
- Lightweight: this enables users to perform correctness checks on the storage within limited overhead.
Faster networks, cheaper processor and the increase of mobile devices are driving the aspect of innovation rapidly. Cloud computing is the core enabler and manifestation of such transformation and is expected to disrupt and reshape an entire framework of industries in the future. The global perspective on cloud computing therefore necessitates standardized technical solutions and methodologies to facilitate privacy assessment of risks. This is to establish an adequate level of data security. The robust privacy data protection requires interoperable in-built privacy components to ensure compliance with significant principles such as data maximization in cases of complex architectures is possible.
Brands, S. (2000). Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. The MIT Press; ISBN 0-262-02491-8.
Gallagher, S. (2013). VMware private cloud computing with v Cloud Director. Hoboken, N.J: Wiley.
Halpert, Ben. (2011). Auditing Cloud Computing: A Security and Privacy Guide. Wiley.
Horrigan, J. (2008). Use of Cloud Computing Applications and Services. Retrieved from Pew Research Center: www.pewinternet.org/Reports/2008/Use-of-Cloud-Computing-Applications-and-Services.aspx
Mahmood, Z., & Hill, R. (2011). Cloud computing in enterprise architectures. London: Springer-Verlag.
Van Blarkom, J. B. (2003). Handbook of Privacy and Privacy-Enhancing Technologies – The case of Intelligent Software Agents. Retrieved from e-Europe: ftp://ftp.cenorm.be/PUBLIC/CWAs/e-Europe/DPP/CWA15263-00-2005-Apr.pdf