Abstract— life. It is a powerful computing model

Abstract— This paper
help us to understand and avoiding the concept of potential risk of cloud
computing. Cloud computing is emerging from internet technology that provides a
computing platform to individuals and organizations to perform different
varieties of tasks such as: business applications, customized system software,
developing reliable and efficient network environment. In this paper we
describes how can we overcome these potential risk and threats while include
securing our data over a cloud by adapting an effective security policy.

Keywords— Cloud Computing, Potential
risk, Cryptography, Cloud Database, Securities.

I.     
Introduction

Cloud computing has
generated significant interest in everyone’s life. It is a powerful computing
model came into existence around the end of 2007 1 that can facilitate
individuals and organizations to create a realistic network environment by
developing system software over a cloud.

 Cloud provides applications and storage spaces
over the internet as services with little bit cost. Now a days we all utilize
these services in our daily life such as: web-based email services i.e.
(Google, Yahoo, Hotmail); different social networking sites i.e. (Facebook,
LinkedIn, Twitter); cloud storage like (Dropbox, One-Drive, Google-Drive). The
basic principal of cloud computing is to shift the computing from the local
computer into the network 2.

Today the most important
computing technology we experiencing are cloud computing which is one of the
great advancement in computing technology. It focuses on the economical use of
resources available which facilitate effective and efficient way of the
computing by providing application software on-demand SaaS (Software as a
Service).

Nevertheless, cloud
computing is an important paradigm, however security and privacy risk in cloud
computing and developing efficient and effective solution are critical for its
success. Security issues associate with cloud computing happens every day like
cybercrime. Varieties of different techniques are used by hackers to gain unauthorized
access to the cloud for their illegal activities.

This
article illustrates the important issues of cloud computing to understanding
and avoiding the potential risk, threats, security and privacy challenges in
cloud. We also discuss various approaches to overcome these challenges and also
explore future work needed to provide effective trustworthy cloud computing environment.

 

II.  
Cloud Computing: Definition and Features

Cloud computing is a unique
computing model that enabling individuals and organizations a convenient and
on-demand network access to a shared pool of configurable computing resources
such as networks, applications, storage, server and services which are reliable
and effective with minimal management effort for computing.

For cloud computing, it must
be understand the basic principal characteristic of cloud computing that how
individuals and organizations use these services and how potential risks can be
avoiding.

There are 5-key characteristics including
on-demand self-services, universal network access, autonomous resources, swift
elasticity and measured services of cloud computing. These characteristic are absolute
and transparently. In its description of essential cloud characteristic,3 the
US National Institute of standards and Technology (NIST) provides IT services.

 

·        
On-demand services:

User can order and mange services without human
interaction with the service provider for example a web portal and management
interface.

·        
Universal network Access:

Cloud services are accessed via the network (usually
the Internet), by using standard mechanisms and protocol.

·        
Resource Pooling:

Computing resources are used to provide cloud services
that are realized using homogeneous infrastructure shared between all service
users.

·        
Swift elasticity:

Resources can be scaled up
and down rapidly and elasticity.

·        
Measured Services:

Measured services are reference to services where the
cloud provider optimized or monitors the use of computing resources such as:
automated resource allocation, load balancing, access control, capacity
planning and metering tools at some level of abstraction 4, 5.

Applications running or being
developing for cloud computing platform has various challenges of security and
privacy depending on its underlying models. There are 3-key models for delivery
in cloud computing such as; Saas (Software as a Service), PaaS (Platform as a
Service) and IaaS (Infrastructure as a Service).

Cloud computing builds
heavily on capabilities available through several core technologies:

·        
Infrastructure as a services
(IaaS):

IaaS also called bottom layer
is a one of the three fundamental services model of cloud computing. As with
all cloud computing services it provide access to computing resources in a
virtualized environment and can be utilized for effective and easily scalable
IT solution where complexity and expenses are outsourced to the cloud provider.
It offering some different features such as; virtual server space, network
access/connection, bandwidth, IP addresses and load balancing.

·        
Platform as a service (PaaS):

It is a category of cloud
computing that provides a platform and environment to allow developers to build
application on-demand. It allows users to create software application using
tools supplied by the provider. Some features that (PaaS) offering are;
operating system, Database management system, server software, tools of design
and development and hosting.

·        
Software as a service (SaaS):

Describes cloud
services where individuals and organizations are able to access software
application and wide range of tasks over the internet world widely. Google,
Twitter, Facebook are some examples of (SaaS). It can be scalable with upgrades
available on demand.

 

·        
Cryptography;

Many cloud
computing security requirements can be solvable by this cryptography technique.

Fig 1 – 3-Key cloud
delivery Model

 

Cloud computing services are divided
into four deployment models.

·        
Public Cloud;

Data is stored on shared server and is not separated from the
general population. Facebook and Gmail are examples of services where data is
stored on a public cloud.

·        
Private Cloud;

Data is stored in dedicated resources, not on shared server. This is
less cost effective but often the choice when sensitive information is present.

·        
Hybrid Cloud;

Data is stored on combination of dedicated and shared resources.

·        
Community Cloud;

Data is stored on shared servers, but customers are grouped together
by some level of organization. This type of service is often implemented when
cloud providers need to manage compliances obligation.

 

 

 

III.  cloud database services

Due to high demand,
cloud providers are offering a new service known as Database as a service or
DBaaS besides the traditional services i.e. (IaaS, PaaS, SaaS) which is an
essentially on-demand database for consumers from the cloud over the Internet

Outsourcing
database service is an essential part of cloud computing technology. Due to
advancements in network technology, the cost and latency of transmitting huge
amount of data from long distances has decreased significant whereas 6 in meantime,
the operational and management cost of database maintenance are several time
higher than its initial cost. Cloud service provider offers these solutions by
dividing data from large databases and spreading it across different servers
for providing parallel processing and computing for consumer.

Cloud service
provider offers multi-instance model for Database as a service (DBaaS)
environments. In this model a unique DBMS on a dedicated virtual machine is
running with specific customer. This feature provides better control over
administrative and other security issues and user authentication.

In general, the
multi-instance model of database cloud computing is highly recommended for
secure services because of its certain security features like data encryption.

IV. Security
challenges

There are number of
security concerns in Database cloud environment that organizations have to take
into consideration for data security. The main aspects of database security in
the cloud is to secure sensitive data while in rest or transmitted and in use
as well as data access control 7. That says;

·        
To ensure
that data on cloud does not get corrupted or hijacked, then it is important to
have safe and secure procedures for protecting data transfer to and from the
databases in the cloud.

·        
To ensure
confidentiality, then it is important that outsourced data which is stored in
cloud databases should be encrypted at all times.

·        
To ensure
integrity, then it is important that the data which is stored at cloud database
platform needs to be controlled and monitored properly.   

There are different
standard communication security protocols and procedures are available that are
used for protecting data. The main security challenges faced by cloud database
services are;

·        
Availability;

One of the critical
security aspects that organizations need consideration is that all system
resources are accessible and usable to individuals or organizations. Normally
there are many threats to availability which includes DOS attacks, equipment
failures and natural disasters in cloud. Infrastructure design of cloud
computing service to provide high availability and reliability are suffer from
unplanned.

·        
An Access Control Issues:

It is one of the main security threats of cloud databases that is
the loss of access control. When sensitive data migrate to cloud brings more
security risks of lose physically, logically and personal control over the
data. In order to ensure security of sensitive data, it is very critical for
cloud database administrator to proper control and monitoring procedures.

·        
Auditing and monitoring issues:

 Major benefits of cloud computing are
providing elasticity and flexibility but it brings different security risks.
Cloud databases scale up and down frequently for satisfying customer needs. Due
to all these factors which result in non-static environment where customers
have no visibility or accessibility of data in the physical infrastructures.

·        
Data Sanitization:

Sanitization is
another security risk in cloud computing which involves the deletion/removal of
data from storage media by overwriting. 7 In cloud environments, data from
different customers, individuals and organizations are physically co-located
together, which complicates the sanitization procedures.

Fig 2 –  Databases Cloud Computing

V.   
Defining potential risks of cloud

Potential risks refer to any risk
associated with an action that is possible, in certain circumstance. Generally
data security risks arise from cloud computing relate to an increase in threats
of data confidentiality due to common infrastructure, lack of privacy, data
security and data segregation.

Currently, the security model for cloud
seems to be relatively simpler and less secure. Cloud infrastructure typically
rely on web forms (over SSL) to create and manage account information for
end-user, and allows user to reset password and received password via email in
an unsafe and unencrypted communication.

VI.   possible potential risks

Some possible potential
risks of cloud computing are;

·        
Data Security:

There are number of
threats associated with cloud data services, not only covering traditional
security threats like network spy or illegal invasion attacks but also include
specific cloud computing threats for example; side channel attacks,
virtualization vulnerabilities.

·        
Data Loss:

Data loss is
applicable in both state as in rest and when in motion (transmitted over the
network). Data loss occur due to various reasons, including; data corruption,
data stolen, data storage devices physically damage or stolen, overwritten by
attackers, network penetration or intervention attack.

·        
Unauthorized Access:

Unauthorized access
is the biggest threats for the user of cloud computing. The probability that an
unauthorized access occur mostly in cloud computing rather than in traditional
system where functional management are accessible only few administrators.

·        
Internet Protocol:

Cloud computing
services are accessed by internet using standard protocols which must be
un-trusted such as security breach..

·        
Online Cyber Theft:

Cloud computing
services are providing powerful processing and computing huge amount of storage
space. Customer may be have some sensitive data stored on clouds become an
attractive target for cyber criminals. Online cyber thieves can steal passwords
to access user’s accounts to perform illegal activity.

·        
Shared Technology Issues:

The cloud services
provider use scalable infrastructure as SaaS, PaaS, IaaS where all of shared
technology can be attacked to gain unauthorized access to data.

·        
Data Breach:

Data breach is one of
the biggest threats of cloud computing in which sensitive, protected and
confidential data is stolen, viewed, copying or transmitted by an unauthorized
access to do so.

·        
Denial of Services:

There are various
ways an attackers can disrupt the services in virtual cloud computing
environment by attacking against the cloud service to render it inaccessible,
so disrupting the service of cloud computing.

·        
Lack of control:

Typically there are
many issues due to lack of control over a data in cloud computing which include
lack of transparency, data mining techniques to analyse sensitive user data and
mobile devices where data is transfer locally.

·        
Insecure Interfaces and APIs:

Various cloud
services on the internet are exposed by application programming interface. That’s
way APIs are accessible from anywhere on the internet where an attacker gaining
a token used by the customer to access the service through service API are used
to manipulate the customers data.

·        
Vendor Lock-in:

Vendor lock-in is a
common problem in cloud computing where customers are dependent on single cloud
provider technology and cannot move from one vendor to another in future
without legal constraints and costs.

·        
Reduced Operational Governance Control:

Due to reducing level
of operational governance control may increase the risk associated with the
operational control. For example; longer distance between cloud customer and
cloud provider makes unreliable network connection.

·        
Virtual exploits:

There are huge users
of virtualization, but there are different risks posed by the physical machine
and also including exploits i.e. its own unique threats that target the virtual
server hosts and the guests.

    

Fig 3 – Potential Risks

VII.            
  Avoiding
potential risk in cloud

In order to provide
best quality of services, the cloud service provider of cloud computing
infrastructure are responsible for ensuring secure cloud environment by
defining different security policies and advance security technologies. There
are some different precautionary security procedures that can be adopting to
avoid potential risk in cloud computing for securing data.

·        
Security Policy Enhancement:

There are
different scenarios that may serve for security policy enhancement. Assume that
with a valid credit card someone can utilize resources which are offered by
cloud services provider. Through this hackers can easily take advantage to
conduct malicious activities like attacking and spamming other computing
system. Such abuse behaviour caused by weak registration systems, credit card
frauds monitoring and block of public black lists could be applied 8.

·        
Identity and Access Management:

Identity and Access
Management (IAM) is the security constraint that enables the right individuals
to access the resources at the right times for the right reasons. IAM can
ensure only authorized users to access sensitive and private data and access
control mechanisms of data stored in the cloud to the end user’s. Not just only
do with the physical computing system it will also monitoring the traffic
control access to the data that is restricted by the security technologies.
There are different common tools such as firewalls that are used to restrict
access from un-trusted resources and malicious activities.

·        
Data Protection:

To ensure data protection of your data,
encryption must be very important when storing information in cloud computing
to protect it from unauthorized viewer. There are different security tools that
deal with data breaches threats. These tools include; data loss prevention
system, behaviour pattern detection tools, format preserving and encryption
tools, authentication and authorization technologies 9, 10.

·        
Prevention:

Another way is to take back-up of the data you store in the cloud. If
it is threatened then you will be able to recover information. There is another option to customise policies to provide another level
of security. We can do this by implementing a system that protects information
in correlation to its sensitivity by scanning in the appropriate order so that
the detection of threats and action should take places the priority of the
information.

·        
Encryption Consideration:

The best ways to
ensure confidentiality of sensitive data in the cloud computing environment is
to use encryption for data in transmitted as well as data at rest. There are
basically three encryption models are available to a cloud consumer for data.

 Partial
encryption: Encryption of the database that is based on standard encryption
techniques.

 Full
encryption: Encryption of the database that is based on standard encryption
techniques.

 Full encryption: Encryption of the database that is based on cloud provider’s
encryption technique

·        
Management Techniques and Strategies:

Management strategy and
techniques are typically involved numerous tasks including; performance
monitoring (response times, latency, up-time) security and compliance auditing
and management, initiating and overseeing disaster recovery. While cloud
computing growing more complex and a wide variety of private, hybrid, and public cloud-based systems and infrastructure already
in use, so cloud management tools needs to be just as flexible and scalable as
its cloud computing strategy.

Fig 4 – Secure Cloud
Procedures

 

VIII.          
Cloud Computing benefits in databases

Now a day, cloud
become more popular not only for storage but also for computing needs. To
analyse and evaluate the security techniques for data protection in the cloud
computing, cloud service provider classified them in four different sections
according to the security mechanisms that they provide are; authentication,
confidentiality, authorization and access control which brings consumer
satisfaction for data stored in cloud computing.

By adopting cloud
database will lower all operational expenses and IT complexities of any
business. It will help to replace costly business software because it requires
no traditional procedures, licences, installations, maintenance and management
by internal IT staff.

There is no doubt
that cloud databases can heap huge amount of benefits from cloud computing to
facilitate consumer effectively and efficiently with secure security
mechanisms. There are multiple advantages of using cloud databases technology
for businesses such like reliability, manageability, strategic edge, cost
saving, economics, scalability, empowerment etc.

 

 Fig 5 – Cloud Database

 

IX.
Conclusion and future work

This paper has been developed to understand and avoiding potential risk
that can be faced in cloud databases. Cloud users enjoys many different
benefits that cloud computing brings where security is key challenge. The main goal is to analyse and evaluate the security techniques in
cloud computing for data protection that are already accepted from the cloud
service providers which includes authentication, confidentiality, access
control and authorization.

The security
issues in cloud that must be conceder very important is a proper data security
in the cloud computing as abuse use of cloud computational resources, cloud
security attacks and data breaches. I recommended some important relating to data
protection security measures in the cloud computing that must be taken into
account. As cloud computing is in continual development in order to provide
secure data security protections its need more effort to solve these security
risks.

 

X.  
References

1       
Lizhe Wang, Gregor von
Laszewski, Andrew Yoinge, Xi He, Marcel Kunze, Jie Tao, Cheng Fu, “Cloud
computing: a perspective study”,generation computing , (volume 28,issue 2,
page: 137-146),2010.

2       
N Sadashiv, SMD Kumar,
“Cluster, grid and cloud computing: A detailed comparison”, computer science
& education (ICCSE), 6th international conference on, (page:
477-482), 2011.

3       
P. Mell and T. Grance,”
Effectively and Securely Using the Cloud Computing Paradigm (v0.25),”
presentation, US (NIST),2009; http://csrc.nist.gov/groups/SNS/cloud-computing
 

4       
Cloud security alliance, ”
Security Guidance for Critical Area of Focus in Cloud Computing V2.1,” http://www.cloudsecurityalliance.org.

5       
D. Catteddu and G. Hogben,
“Cloud Computing: Benefits, Risks and Recommendations for Information
Security,” ENISA, 2009; www.enisa.europa.eu/act/rm/files.

6       
1 Buyya Rajkumar, Broberg
James & Goscinski,Cloud Computing Principles and Paradigms, John Wiley
& Sons, Inc., Hoboken, New Jersey USA, 2011, ISBN: 978 0 470 88799 8.

7       
NIST, Guidelines on
Security and Privacy in Public Cloud Computing, December 2011,
http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf, 2012-05-05.

8       
A. Tripathi and A. Mishra,
“Cloud Computing Security Considerations Interface,” 2011 IEEE International
Conference on Signal Processing, Communications and Computing, Xi’an, China,
September  2011.

9       
Tackling the Insider Threat
http://www.bankinfosecurity.com

“Cloud Security Risks and Solutions,” White
Paper, BalaBit IT Security, Ju