Security Risks and Concerns in Cloud Computing

Question: Discuss about theSecurity Risks and Concerns in Cloud Computing. Answer: Introduction The purpose of making this report is to analyze and evaluate risks and security concerns with cloud computing in context of company that provides accounting software. In business organizations, cloud computing is used for various purposes and it has become an essential way to access information from remote system easily and quickly over internet. There are various other benefits of cloud computing that makes it useful for IT users. As we know that use of cloud computing is increasing among people, then it has become necessary for them to know about risk and security concerns of cloud computing. The major topics that we will discuss here in this report are background of cloud computing, risk and security concerns in cloud in context of accounting and applicant service providers. Discussion XYZ Pvt. Ltd. is a company that provides account software. People are satisfied with products and services of this company. This company is using cloud computing services for running its business among people worldwide. While providing cloud computing services what kind of risks and security concerns are faced by this company, we will evaluating here in this report. Before moving towards discussion of risks and security concerns of cloud computing, here is requirement to emphasize on background of cloud and its literature concepts. (Journal of Accountancy, 2016) Background of Cloud Computing Cloud computing has evolved through number of phases that consists of grid and utility computing, application service provision and software as a service (SaaS). But this primary concept of delivering computing resources was rooted in sixties. This was developed with the vision that everyone on the globe must be inter-connected to access programs and data at any site. This vision is actually related to cloud computing. With this vision, further amendments and improvements, this latest concept of cloud computing was introduced. Amazon EC2/S3 was the first widely accessible cloud computing. If at one side, advancements in cloud computing are increasing, then on other side, security and privacy concerns of cloud computing was also encountered by its users and it is still going on. In next segment of this report we will discuss that how XYZ Pvt. Ltd. Company is facing these problems. (ComputerWeekly, 2016) Risk and Security Concerns in Cloud in Context of Accounting Service Providers For business organizations like given accounting company way of doing business has changed. It is commonly arguing that cloud computing is gaining a great deal of energy worldwide. According to analysis, revenue of cloud services is forecast to reach $68.3 billion in 2010. Most of the account base and other business organizations are running their businesses by using web cloud based applications. Cloud platform has eliminated the need for in-house technology infrastructure that includes servers and software to purchase, execute and maintain. Besides this, there are various other benefits available of cloud computing for business organizations and those benefits include quick implementation of business processes, less upfront costs that consists of cost of hardware and IT employees those are not required to be in-house and no hardware and maintenance cost is required in case of cloud computing. (Abraham, A., Muda, A., Choo, 2016 ) With these benefits, risks and security concerns put influence over business organizations. XYZ Pvt. Ltd. Company will face following risk and security concerns of cloud computing. Breaches of Important Information Credentials Compromise and Broken Authentication Hacking Interfaces and APIs Exploitation of system vulnerabilities. Hijacking Accounts Malicious Insiders Permanent Data Loss Denial of Service Attack (Skyhigh Networks, 2015) Breaches of Important Information Breaches of essential information is a common security issue that is encountered by cloud users. This is happened because cloud networks face threats like traditional networks. Due to this data breach, confidential information of organizations and their customers, that is stored into their databases may get lost. In this case, if XYZ Pvt. Ltd. Company is giving account software services to its customers through cloud computing then they need to be careful about personal information of its customers. Besides this, after selling of account software, customers will also pay online and in this case, credit card information of customers can be breached from companys database by hackers. (Rashid, 2016) Credentials Compromise and Broken Authentication Data breaches and other kind of attacks basically occur due to lax authentication, weak passwords and poor certificate management. These are some weak points of security management that must be seriously taken into consideration. In case of XYZ Company. if they will not manage security of databases and login credentials, then it is definitely possible hackers can easily guess passwords and can access confidential information. Precisely, compromise in login credentials directly leads to breakage in authentication. (Academia.edu, 2016) Hacking Interfaces and APIs In every cloud service and application, APIs are offered. Interfaces and APIs are used by IT teams to manage and interact with cloud services. In cloud computing, from authentication and access to controlling and monitoring of encryption and other activities, are depend upon security of API. Company XYZ also uses APIs to provide account software by cloud computing services. Therefore it is responsibility of technical department of this company to keep security of APIs. (SearchCloudComputing, 2016) Exploitation of System Vulnerabilities System vulnerabilities and other exploited bugs in programs are mostly encountered by users of cloud computing. This problem is becoming bigger with advent of multitenancy in cloud computing. When databases, memory and other resources are shared by business organizations then they create new surfaces for hackers for accessing this information. XYZ company also do this while using cloud services, so it will be better for them to be careful about their activities and actions. Otherwise heavy loss of information can occur. The practices like regular vulnerability scanning, prompt patch management and quick follow up regarding system threats are helpful for controlling system vulnerabilities. For regulated industries, it is necessary to patch quickly as possible. (incapsula.com, 2016) Hijacking Accounts Hacking, phishing, malware attacks and other network frauds are so much popular among IT users and cloud computing has enhanced these vulnerable activities. This is because attackers can spy on activities, manipulate transactions and can make modifications in data. Cloud applications may also use by them to perform their harmful attacks. Sharing of confidential information by organizations also lead to hijacking of accounts, because in this sharing, personal and business information is accessed by hackers. If company XYZ is sharing its information over internet without any security then it is possible that account can be hijacked by hackers. Accounts should be monitored properly so that online payment transactions can be done securely without any problem. The main thing is to protect credentials of account from hackers. Malicious Insiders Malicious insiders is also a big problem for business organizations and it has many faces such as a current or former employee, a system administrator, a contractor or a business partner. The main agenda of malicious attack is from data theft to revenge. In cloud services it is also happened by hellbent insider that can destroy whole infrastructures and manipulation of data. All systems those depend solely on cloud service provider for security like encryption, they are considered at risk. That is XYZ Company should also have awareness about this concerning factor and it is recommended to XYZ Company to control encryption process and keys and minimizing access to users. These are some crucial factors to consider by this organization. Permanent Data Loss Permanent data loss is a big problem for all cloud computing users. Cloud is a matured service but still data loss occur due to provider error. When attack is conducted by malicious hackers then then they always try to permanently delete data which is difficult to recover if you dont have any backup and recovery software. This can also be happened with XYZ Company and their confidential information may get lost. In this case, it is responsibility of this company to be carefully maintained its important information over network. Permanent data loss is not easy to perform by hackers, if cloud service providers will encrypt data on cloud database, then prevention is possible. Denial of Service Attack Denial of service attack is also a vulnerable attack that is also faced by cloud users. In this attack, hackers break the server access from all users who are connected with it and they cannot access any website from that server. DoS attack is not a new problem that is facing by cloud users and this problem has very bad impact. Denial of Service attack gets large amount of processing power. High volume DDoS attack is very common and main target of this attack is web server and database vulnerabilities. For XYZ and other business organizations must be careful about this denial of service attack which is vulnerable for cloud database and its information. These are some essential risks and security concerns of cloud computing that are commonly faced by business organizations like XYZ Pvt. Ltd. Company. After this whole discussion about risk and security concerns of cloud platform, further we will emphasize on protection mechanism that are discussed in theory and literature for security and privacy of cloud platform. Protection Mechanism For Cloud Computing in Theory and Literature This is an important segment of this report and here we will emphasize that how security and privacy of cloud computing can be maintained. According to literature review of Al-Anzi, Tadav Soni (2014), suggest that there is requirement to follow security model for cloud computing and this model should include governance, risk management and compliance. Today cloud security requirements are varied dynamically due to its dynamic nature and ownership of customer. This security model must be applied to each type of cloud such as private, hybrid and public. (Digital Guardian, 2014) Security Governance In cloud security model, security governance, risk management and compliance refers to fundamental responsibility of the organization for identifying and implementation of various important processes and control organizational structure to provide effective security to cloud users. Governance is set of policies, laws and technologies that are required in business organizations to achieve security objectives. (BlackStratus, 2015) Identity Management In case of people and identity management, only authorized users should be able to access information. This is known as authorization and authorized access of data. In case of cloud computing, authorized access is required to get rid of security issues and risks that we have already discussed above.( Chang, 2016) Application Security According to Al-Anzi, Yadav and Soni (2014), Application security is also an essential way to maintain privacy and security into cloud platform. In this case, XML encryption and XML signature will be better to use. These are actually helpful to provide prevention from XML attacks and other web services attacks. (Chorafas, 2011) Data and Information Security Data and information security are also most important in cloud computing. For achieving data and information security, cloud computing management must focus on how data should be stored, processed and audited. Besides this, here recommendation to implement intrusion detection and protection system is also provided. Physical Infrastructure In every kind of web service, its infrastructure plays an important role. Similarly in cloud environment, its infrastructure needs to be secured and reliable. For physical measurements of structure there is requirement to use biometric access controls and computer access controls. According to literatures review, above listed protection mechanism will definitely provide help to get prevention from risky cloud environment. These protection mechanism can be implemented in cloud environment and in case of other network technologies. Conclusion and Future Trends After this whole discussion we can say that it is necessary for XYZ Pvt. Ltd. Company to consider above discussed cloud computing issues, if it wants to provide better outcomes to its services. If this company is facing any kind of above discussed problem then it will be better to implement above discussed protection mechanisms. It is responsibility of technical department of this company to be careful about these issues of cloud computing security. If we talk about future of XYZ Company then this company is doing efforts to run advanced security tools in organization and they also providing better training to their employees for using cloud services properly and with appropriate security. To satisfy customers with quality results is responsibility of every business organization. References ComputerWeekly. (2016). A history of cloud computing. Retrieved 24 September 2016, from https://www.computerweekly.com/feature/A-history-of-cloud-computing Journal of Accountancy.(2016). Cloud Computing: What Accountants Need to Know. Retrieved 24 September 2016, from https://www.journalofaccountancy.com/issues/2010/oct/20102519.html Abraham, A., Muda, A., Choo, Y. Pattern analysis, intelligent security and the internet of things. Skyhigh Networks. (2015). 9 Cloud Computing Security Risks Every Company Faces. Retrieved 24 September 2016, from https://www.skyhighnetworks.com/cloud-security-blog/9-cloud-computing-security-risks-every-company-faces/ Rashid, F. (2016). The dirty dozen: 12 cloud security threats. InfoWorld. Retrieved 24 September 2016, from https://www.infoworld.com/article/3041078/security/the-dirty-dozen-12-cloud-security-threats.html Academia.edu.(2016). Cloud Computing Security Challenges (Literature Review). Retrieved 24 September 2016, from https://www.academia.edu/20333158/Cloud_Computing_Security_Challenges_Literature_Review_ Digital Guardian.(2014). 27 Data Security Experts Reveal The #1 Information Security Issue Most Companies Face With Cloud Computing Storage. Retrieved 24 September 2016, from https://digitalguardian.com/blog/27-data-security-experts-reveal-1-information-security-issue-most-companies-face-cloud BlackStratus.(2015). How to Overcome Security Issues in Cloud Computing. Retrieved 24 September 2016, from https://blackstratus.com/overcome-security-issues-cloud-computing/ SearchCloudComputing. (2016). Cloud computing and application security: Issues and risks. Retrieved 24 September 2016, from https://searchcloudcomputing.techtarget.com/tip/Cloud-computing-and-application-security-Issues-and-risks incapsula.com.(2016). Top 10 Security Concerns for Cloud based Services. Retrieved 24 September 2016, from https://www.incapsula.com/blog/top-10-cloud-security-concerns.html Chorafas, D. (2011). Cloud computing strategies. Boca Raton, Fla.: CRC Press. Chang, V. A proposed cloud computing business framework.