Assessment of Cloud Computing Security Issue - MyAssignmenthelp.com

Question: Discuss about the Assessment of Cloud Computing Security Issue. Answer: Introduction Regarding the definition provided by National Institute of Technology and Standards, cloud computing is a framework that enables convenient, ubiquitous, network access to a pool of computer systems that share configurable computing resources. The framework can be provisioned or released with minimal or no management efforts. Cloud computing enable individuals to tap into virtual environments, applications, and basic computing tools supplied by software and technical infrastructures (iHLS, 2017). For deployment of cloud computing frameworks, three designations are commonly used. The designations are public, private, and hybrid cloud. The private cloud framework is where a client or the software vendor manages the cloud-computing infrastructure and makes available the shared technical resources to the users only. On the contrary, a public cloud framework ensures that the technical resources are available for the public to access. The clients have the chance to use the frameworks facili ties free of charge. The hybrid framework then combines the elements for both public and private frameworks (Alsafi, Abduallah, and Pathan, 2014). Cloud computing can also be categorized depending on the service it provides. Since Australia has a trade friendly environment because of its good policies, an affluent consumer base, and developed infrastructure the country has become an attractive market for global cloud exporters. According to Gartners report, net spending on cloud computing in Australia stood at $4.8 billion in 2016. The amount is forecasted to even grow by the end of 2017 to about $5.6 billion. The growth has also been associated with the fact that the country provides a good legal framework that combats cybercrime, well established intellectual property protections, and safe data center environments. In the cloud services market of Australia, the leading companies are Amazon Web Services, Equinix, Microsoft, and IBM. The private sector and the government are potential buyers of cloud services (IBM, 2017). The participation of Australia in trade agreements using digital components of trade has enabled the country to access the global computing market. According to the Australia-United States Free Trade Agreement, electronic supply of services and nondiscriminatory treatment of digital products are guaranteed. After joining the Government Procurement Agreement, Australia ensured that its accession enshrined protections against laws and policies that favored cloud suppliers. The agreement promoted trade in Australias digital economy. Such agreements facilitated copyrights protection, free flow of data, and prohibition of data localization. Overall, it is Australias proper ICT infrastructure that has suited cloud computing. The Australian government; through its National Broadband Network, is targeting 93% coverage of fiber broadband in schools, homes, and businesses come 2021 (Instruction, 2004). Aims and Objectives Aims The main aim of this activity is to identify challenges of security associated with the adoption of cloud computing then provide mitigation measures for such challenges Objectives To identify challenges of security associated with the adoption of cloud computing. To provide mitigation measures for such challenges. To provide detailed market assessment information on Australian companies interested in expanding or entering in international markets. To address issues regarding markets of cloud computing. To highlight factors that influence attractiveness and cohesiveness of global markets for Australian cloud-computing providers. Toranktop global cloud computing market of Australia while focusing on market potential and enterprise adoption. Research Questions What are security challenges associated with the adoption of cloud computing? What are the mitigation measures for the identified cloud computing challenges? What are the factors that influence attractiveness and cohesiveness of global markets for Australian cloud-computing providers? Methods Used In our activity, we use models, practices, and architectures to handle cloud computing security issues. The methods will be used to identify security issues and software engineering related solutions for handling the identified issues. The term cloud computing was not used until 2008 when reviews were performed on cloud computing resources provided by service providers like Google Apps Engine, Salesforce.com, Rackspace, among other companies (Cloud Services, 2017). The idea behind this research activity is to identify the best real-time practices for mitigating cloud computing security challenges. The result is to have the gaps stopping enthusiastic organizations from developing and using cloud computing stopped (Cloud Services, 2017). Most of the research activity in this paper has been made possible through the help of existing body of reports relating to the adoption of cloud computing adoption in several countries. The research sources have enabled us to cover an array of topics like the environment of digital international trade environment, Internet traffic and penetration, e-payments and e-trade readiness, ICT laws and regulatory environment, and usage of Internet business ICT. Other topics are: Cloud spending figures Overall readiness of networks. To get further information on the mentioned topics, other consulted resources were: The Global Information Technology Report -2015 (World Economic Forum). The G20 E-Trade Readiness Index-2014 (Economist Intelligence Unit) The Global Flows in a Digital Age Report-2014 (McKinsey Global Institute) The BSA Global Cloud Computing Scorecard-2013 (The Software Alliance) Gartners Public Cloud Services Spending Data (2013-2019) The final inputs on cloud computing challenges are comments that are from the Australian Department of Commerce concerning international cloud markets. All the findings from the mentioned sources are compared and analyzed. The obtained information is subjective because cloud-computing sector is fast changing and characterized by inadequate market data, which are publicly accessible. On the contrary, we have also performed an extensive review on the available data as provided in the reports. Therefore, in as much as the information sources do not perfectly capture the facet of global cloud markets, they still are a useful reference tool for professionals in cloud computing (Modi, et al., 2012). Literature Review Benefits of Security In Cloud Computing The ?exibility, power, and ease with which cloud-computing technology is employed come with several security challenges. In as much as cloud computing is a new way of making work and access of applications easier, several factors hinder its adoption. Some of the factors are content for migration, Service Level Agreements, security, among others. The framework of cloud computing comprises of an automatic updates feature. This feature works in the sense that every user can experience any change done by the frameworks administrator on any application. From the same, we can conclude that any software fault is experience by every user of the system. Such is a risk to any organization without proper security. As mentioned earlier, several research activities have proved that the adoption of cloud computing concept comes with several security concerns that companies must be ready to tackle. Among cloud computing challenges, security concerns come first as associate challenges of the framewo rk. Every organization employing cloud computing for its operations must ensure that it updates its security policies to reduce occurrences of security breaches (Modi, et al., 2012). Key Findings Cloud Computing Challenges According to IT related surveys on cloud computing, 74% of respondents (IT executives) claimed that security in the main challenge in the field of cloud computing. The cloud service provider is responsible for the security level of cloud computing services rendered. Such is because the providers are responsible for security provision and data storage. The challenges associated with cloud computing is categorized into: Data Security In this case, the challenge is considered in form of data protection. When service providers implement security measures in small and micro enterprises, it might not be as cost effective as required. However, in case two or more organizations share cloud resource, risks associated with data misuse becomes a possibility. In such a situation, securing of data repositories is advisable. The data itself should be secured as well in every stage such as transit, process, or even storage. Because such kind of resource sharing is prevalent in many cloud-computing scenarios, data protection is vital and such challenge should most importantly be addresses. In instances where a pool of resources is shared, ensuring data security can be challenging compared to personal computer protection. The problem has even become difficult to deal with in recent times due to the introduction of new paradigm cloud computing (Greenough, and Camhi, 2016). To ensure that the security on data repositories is enha nced, service providers need to provide authorization, better authentication, and controlled access for stored data. Some of the key areas associated with cloud computing data security include: Con?dentiality Organizational data being stored outside the boundaries of the firm should be protected against vulnerabilities. Protection should, thus include adoption of security checks by employees to ensure that such data is not maliciously attacked. There are tests used to help organizations validate and assess the extent of data protection. Such tests are access control weaknesses, cross-site scripting, injection flaws for OS and SQL, cross-site request forgery, hidden ?eld manipulation, cookie manipulation, insecure con?guration, and insecure storage (Swanson, 2015). Integrity There are no policies associated with data exchange oversight. However, ensuring that client data is secure involves the employment of thin clients in situations where few resources are available. Because only few resources are given access, storage of personal data like passwords is prohibited. Data integrity can also be assured by extra cloud features like unpublished APIs to secure data sections (Cloud Services, 2017). Availability The availability of data is one of the most problematic issues in data security. As a challenge, it causes organizations to face downtime issues. The unavailability or availability of a particular cloud service depends on signed contract between the cloud vendor and the client. However, other issues should be addressed in relation to data security. Such issues include: Data ownership rights Third party involvement Confirmation through cloud computing applications if the data provided by cloud providers is lawfully gained. Confirmation if data failure is an administrative or civil issue. The mentioned concerns are likely to occur because of data log multi transfers between federated cloud providers (Cloud Services, 2017). Data Locality Data locality includes issues pertaining to risk of seizure, jurisdictional issues, and inability to govern. The topic also associates with the use of cloud computing applications and storage services. Since it is clear that cloud computing allows data to be hosted anywhere, data has to be distributed in several regions. With that distribution, it then becomes clear that changing the geographical location of data leads change in laws governing the same data. Such, therefore, demonstrates data privacy and compliance laws of a given country affect that users data. Users should therefore, be informed about the geographical location in which their data is kept (in the cloud). Service providers can also provide the location of data if changes need to be made or in case a mechanism for tracking data location could help customers a great deal. The government always has the chance of compromising or seizing data of an organization because the information stored in the framework of cloud comp uting is in a single data repository. In such a case, data owners need to assure cloud providers if such data meet jurisdiction constraints before cloud storage. All the existing contractual commitments must be verified as well to determine if agreement to requirements of local privacy are met (PNMSOFT, 2017). Data Integrity Systems that maintain data integrity would ensure that assets could be accessed or modified by authorized personnel (in ways that are also authorized). Data modification to meet integrity could be imposed on hardware or software system entities. The integrity of data in an isolated system is maintained through transaction and database constraints. However, maintenance must be performed in a distributed environment. A distributed environment is one in which databases are spread to different places for the purpose of maintaining data integrity and avoiding data loss. Verification of data integrity is very important. It is important to verify data in case the server used is untrusted. Web-based services are associated with constant transaction management problems. Such problems are because of the HTTP services. The truth is that HTTP services dont guarantee delivery or support transaction. The problem can, therefore be managed through the implementation of transaction management at API (Application Programing Interface) levels. Standards for managing web services and data integrity exist. However, because the standards are not mature enough, they cannot be implemented. It is clear that vendors who deal with SaaS usually have their web service APIs exposed without transactional support. In addition, SaaS applications are likely to have multiple availability levels and Service Level Agreement (SLAs) complicated with data integrity and management of transactions within multiple SaaS applications. In adequate levels of data integrity control could lead to severe issues. Cloud computing service developers need to handle SaaS issues with a lot of care to ensure that the integrity of databases is not compromised when using the applications of cloud computing. In certain instances failure to check the integrity of data would likely lead to data fabrication. In simple terms, the management of data integrity in cloud storage starts with the correct management of metadata (P NMSOFT, 2017). Data Breaches When talking about cloud computing, we look into the fact that organizational or personal data is stored in the cloud environment. In case anyone with a malicious intent gets access to the cloud environment, the environment suffers a likelihood of high value target. A breach could occur through several ways. However, the most common are through accidental transmission issues or attack from the inside. If a breach occurs, data is compromised leading to increase of security risks. Breach notification is therefore, highly recommended in the cloud. Notification is important because it is used to notify serious attacks in the cloud (Rouse, 2017). Top Cloud Computing Markets Looking into issues of cloud computing in a global industry standpoint, maintaining a competitive, innovative, and open digital market while addressing data privacy issues continues to be a challenging issue. The cloud computing industry faces issues relating to data privacy and government efforts to ensure the maintenance of national security to its citizens. However, from the technological perspective, SaaS consolidation continues to be a success as well as the application of PaaS and IaaS. Clouds that are hybrid currently do well. Their market prevalence and utilization is also increasing (Supply Chain, 2017). However, the cloud computing industry as a whole is realizing a healthy expansion with increasing sales, business acceptance, and adoption. Furthermore, Gartner argues that by 2020, a no-cloud policy is likely to be as rare as a no Internet policy in the current society (Swanson, 2015). The 2015 World Economic Forum provides the top 20 nations according to the Network Readiness Index. As shown in figure two above, it is clear that all the countries are high income advanced. In as much as some of the highlighted countries make significant advances towards efforts of ICT development, those that are able to avail business needs and market opportunities are the most technologically developed and wealthiest nations. On the contrary, less advanced IT societies like Australia are currently increasing cloud-based services demand (Leading Edge, 2017). Industrial Overview With the quicker rise of SaaS and continued prominence of cloud computing, the cloud ecosystem is steadily shaping. The field is yet to show strongest growth in deployments and revenues. By 2016, the global revenues of SaaS had expanded by about $106 billion. However, it is forecasted that by SaaS will realize sales of about $132 billion by 2020 (Lombardo, 2017). According to Gartners report of 2016, a lot of forward-looking and insightful strategic business assumptions are made for the future of cloud computing. The assumptions are: The cloud-first approach has dominated the defensive stance of software vendor strategies. Come 2020, the no-cloud policy will be as rare as todays no-Internet. The hybrid framework will be most common though it will require the public cloud to be part of the entire strategy. Come 2020, a lot of computing power will be deployed; courtesy of PaaS and IaaS cloud providers (Oracle, 2017). IaaSs computing market has registered a 40% revenue growth annually since 2011. Such a growth is projected to continue with a further increase of 25% through to 2019. In as much as there are certain data and applications that will be locked on older technologies, the new solutions will be cloud-based leading to the increase in demand for infrastructural integration. Come 2019, IaaS providers will be responsible for delivering most virtual machines. According to Gartners report, computing revenue of PaaS and IaaS in 2016 is 13% less than worldwide servers revenue. However, come 2020, the revenue for PaaS and IaaS is likely to exceed $60 billion and even surpass that of servers (University, 2016). Recommendation In order to provide better oversight and manage cloud-computing services, this activity recommends that cloud providers should identify the recommended key criteria and contract provisions in situation when they are reviewing CSP contracts (Berman, 2014). By doing so, service providers will understand the risks they are likely to face in such situations. Another provision that should be addressed is carrying out an independent third-party assessment while including a description of IT controls as well as follow-up action plans for addressing reports that are issued (Lombardo, 2017). Conclusion In summary, this research paper has provided detailed market assessment information for Australian companies that interested in expanding or entering in international cloud markets. We have also exhaustively addressed issues within the global cloud-computing markets. On the same note, we have also highlighted the factors influencing the attractiveness and cohesiveness of global markets for Australian cloud-computing providers (Prof, 2017). The paper has also shown the top ranking for global cloud computing markets while focusing on market potential and enterprise adoption. Most of the information used in this research paper is based on data from the Australian Bureau of Economic Analysis alongside other relevant reports on regulations and policing, business adoption, and Internet infrastructure (Jessica, 2017). Reference Almudawi, N. (2016). Cloud Computing Privacy Concerns in Social Networks. [online] Available at: https://www.researchgate.net/publication/305682186_Cloud_Computing_Privacy_Concerns_in_Social_Networks [Accessed 7 Jun. 2017]. Alsafi, H., Abduallah, W., and Pathan, A. (2014). IDPS: An Integrated Intrusion Handling Model for Cloud Computing Environment. [online] Available at: https://staff.iium.edu.my/sakib/ndclab/papers/IDPS-v5.pdf [Accessed 7 Jun. 2017]. Bala, R. (2017). Unit Guide. [online]. Unitguides.mq.edu.au. Available at: https://unitguides.mq.edu.au/unit_offerings/72118/unit_guide [Accessed 24 Sep. 2017]. Berman, J. (2014). IBMs Emerging Market Strategy Has 3 Pillars. [online] Harvard Business Review. Available at: https://hbr.org/2014/11/ibms-emerging-market-strategy-has-3-pillars [Accessed 26 Sep. 2017]. Modi, D. Patel, H. Patel, B. Borisaniya, A. Patel and M. Rajarajan. (2012). A survey of intrusion detection techniques in Cloud, Journal of Network and Computer Applications. [online] Available at: https://dx.doi.org/10.1016/j.jnca.2012.05.003. Cloud Services. (2017). Cloud Computing Technologies: Cloud Services. Cloud Computing Technologies. [online] Available at: https://www.cloudcomputingtechnologies.com/ [Accessed 7 Jun. 2017]. Greenough, J. and Camhi, J. (2016). Here are IoT trends that will change the way businesses, governments, and consumers interact with the world. [online] Business Insider. Available at: https://www.businessinsider.com/top-internet-of-things-trends-2016-1?IR=T [Accessed 22 May 2017]. IBM (2017). IBM General Management Leadership Development Program. [online] Www-03.ibm.com. Available at: https://www-03.ibm.com/employment/gmldp/ [Accessed 26 Sep. 2017]. iHLS. (2017). Current IoT Security Industry Trends - iHLS. [online] iHLS. Available at: https://i-hls.com/archives/75718 [Accessed 22 May 2017]. Instruction, C. (2004). NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR INFORMATION SYSTEMS SECURITY OFFICERS. [online] Available at https://www.ecs.csus.edu/csc/iac/cnssi_4014.pdf [Accessed 22 May 2017]. Jessica, L. (2017). IBMs Generic Strategy and Intensive Growth Strategies - Panmore Institute. [online] Panmore Institute. Available at: https://panmore.com/ibm-generic-strategy-intensive-growth-strategies [Accessed 26 Sep. 2017]. Leading Edge. (2017). Cloud Computing vs. Traditional IT Infrastructure | Leading Edge. LeadingEdge IT Services Solutions. [online] Available at: https://www.leadingedgetech.co.uk/it-services/it-consultancy-services/cloud-computing/how-is-cloud-computing-different-from-traditional-it-infrastructure/ [Accessed 7 Jun. 2017]. Lombardo, J. (2017). IBMs Organizational Structure Product Management - Panmore Institute. [online] Panmore Institute. Available at: https://panmore.com/ibm-organizational-structure-product-management [Accessed 26 Sep. 2017]. Open Innovation. (2003). Open Innovation :: Open Innovation Community. [online] Openinnovation.net. Available at: https://openinnovation.net/about-2/open-innovation-definition/ [Accessed 24 Sep. 2017]. Oracle (2017). Working with the Payroll Cycle. Docs.oracle.com. Available at: https://docs.oracle.com/cd/E16582_01/doc.91/e15133/wrk_wi_payroll_cycl.htm#EOAPY00190 [Accessed 24 Sep. 2017]. Palmer, A. (2017). Actuaries Managing Risks. Available at: https://actuaries.asn.au/microsites/actuaries-managing-risk PNMSOFT. (2017). Business Process Management. [online] (BPM) Software. Available at: https://www.pnmsoft.com/resources/bpm-tutorial/bpm/ [Accessed 24 Sep. 2017]. Prof. (2017). IBM human resource practices and HRM theories: Integration of HRM theories into IBMs practices. [online] Profi20.livejournal.com. Available at: https://profi20.livejournal.com/11631.html [Accessed 26 Sep. 2017]. Rouse, M. (2017). What is business process management (BPM)? - Definition from WhatIs.com. [online] SearchCIO. Available at: https://searchcio.techtarget.com/definition/business-process-management [Accessed 24 Sep. 2017]. Supply Chain (2017). IBM and the Environment - Supply chain. [online] Ibm.com. Available at: https://www.ibm.com/ibm/environment/supply/ [Accessed 26 Sep. 2017]. Swanson, M. (2015). Developing Security Plans for Federal Information Systems. [online] Available at https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-18r1.pdf [Accessed 22 May 2017]. University, B. (2016). Information Assurance Security Plan. [online] Available at https://www.bellevue.edu/degrees/center-for-cybersecurity-education/pdfs/ia-security-plan.pdf [Accessed 22 May 2017].