Introduction
Over the past several years the term cloud computing has become common in homes and organizations alike. Cloud computing can be defined as a pooled set of computing resources that are furnished via the internet. There are three types of cloud services typically available, these services are Platform as a Service (PaaS), Infrastructure as a Service (IaaS), and Software as a Service (SaaS). Organizations can benefit greatly from cloud services because they eliminate the need to buy and manage physical resources. Although such an action cuts cost it leaves organization victim to the vulnerabilities and threats that exist in cloud computing. Throughout this paper I will discuss the vulnerabilities and threats that come along with the adoption of cloud computing. In addition, I will discuss standards and policies that effectively manage the risk associated with cloud computing.
Threats & Vulnerabilities
The abuse and nefarious use of cloud computing is a threat to any organization that takes advantage of cloud services. Most providers of cloud services make it all too easy for cyber criminals to register for service, all that is need to register for service with many providers is a valid credit card (Cloud Security Alliance, 2011). In addition to the ease of registration providers offer free trials of their services allowing attacker to carry out attacks covertly on cloud services. By gaining such access cyber criminals can deploy malicious code, abuse known exploits, and send spam messages to those that are sharing the same resources.
Organizations are aware that threats can be internal as well as external, those that provide cloud services are no exception. The people who the service providers employ can pose...
... middle of paper ...
...ncy use(CIO, 2011).
FedRAMP is not alone in the effort to create standards regarding cloud computing. The National Institute of Standards & Technology (NIST) has published two draft publications specifically related to cloud computing. The first document, Special Publication 800-145 (Draft), has been created provide the NIST definition of cloud computing. The NIST has defined as the following:
“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.” (NIST, 2011)
At the World Congress on Engineering 2011 conference in London, U.K., it was noted that the issue of security matters for cloud computing requires revising (Pinto et al., 2011). As mentioned earlier, when going to a cloud network any internal control system is essentially transferred to the service provider. As such, Pinto et al. (2011) explains about the “existence of a new entity called a cloud security manager” whose responsibility it is to keep documentation of client access to the cloud as well as third party processing. To put it differently, the duties of the cloud security manager will be to manage the overall cloud system by instituting an internal control matrix.
Cloud Security Alliance CLOUD SECURITY ALLIANCE The Notorious Nine: Cloud Computing Top Threats in 2013, [online]. Available: https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf
Cloud computing is the transfer of computing data or information into Internet. Cloud computing services allows individuals and businesses to
Hackers have gotten there way into every technological gadget out there. Something simple as browsing the web can give hackers information about the people’s data. Before Cloud computing, hackers were stealing data from the physical hard drive by implementing a virus that would open a back door and send the data straight to the hacker’s server. As security measure Enterprises, small businesses and the normal consumers have started to store data on the cloud. However, what the user or business fails to understand is that the information on the cloud is just as vulnerable to be hacked as the physical information stored on the hard drive. As technology emerges, the cloud is uprising and users are resorting to it to store information, which needs to be properly implanted to prevent information from being stolen or lost.
New technologies raise new ethical challenges besides new technical problems. Cloud computing is the recent technology in IT that moves the data away from portable storage devices to large data centers called cloud. It basically means that every application given as services over the Internet to the user. In the view of User it is accessing his/her files, programs and other services through Internet which are hosted by other service providers. One more aspect of cloud computing is the cost effectiveness of this technology which attracted enterprises to use this technology to consume their IT services in a cost effective way. With the Commercialization of this technology, the hype around the Cloud computing technology growing in lightning speed. Now the Cloud Computing is in use, but still it is an emerging technology. It is a unknown thing that, how this technology can be used and for what purposes it will be used and what kind of ethical issues these developments will rise in future. A Precautionary Principle is obtained to control the rise of ethical issues. It is good to react before unexpected consequences occurs through these ethical issues. The technical problems can be solved at the time of rise but ethical problems need to be identified prior to the development to the success of the technology.
The origins of cloud computing dates back to the 1960s around the time computers were introduced. It was unknown specifically what cloud computing was until 1997 where Ramnath Chellappa, information systems professor, used the term “cloud computing” and placed a definition behind it (Cantu, 2011). After the introduction of what cloud computing does companies began switching to using these services to benefit their own company. Statistically, “in 2009, revenue for cloud services was just over 58.6 billion” (Cantu, 2011). The growth of cloud services is capturing more of the market where in 2011 cloud computing accounting is opening up on the global market at 2.3% with plenty of room to grow (Cantu, 2011).
“At its most basic, cloud computing is moving applications accessible from our internal network onto an internet (cloud)-accessible space. We're essentially renting virtual machines in someone else's data center, with the capabilities for immediate scale-out, failover, and data synchronization. In the past, having an Internet-accessible application meant we were building a website with a hosted database. Cloud computing changes that paradigm—our application could be a website, or it could be a client installed on a local PC accessing a common data store from anywhere in the world. The data store could be internal to our network or itself hosted in the cloud.” (Duchene, 2010)
During the past years a new solution appeared in the IT field, Cloud computing, and it is Impossible to overlook it, in light of the fact that Cloud computing permits organizations to outsource information, electronically mail, folders and different applications through virtual stages through the medium of servers
The Cloud is the inclusive term for a virtualized information technology computing environment, it began in the 1950s and has evolved itself into every organization. Cloud computing is very effect with individuals and businesses work, whether it be for data maintained or stored. The web-based environment make it more effective, rather than physically located in a user’s location. Whether it be infrastructure as a service, platform as a service, or software as a service, the cloud does have its benefits, just as well as its risks. Educating and understanding the possibilities and threats that comes with the power of this technology is important. Cloud computing is a representation convenient, on-demand network access to a shared computing resources. The possibilities are endless!
The fundamental idea behind a virtual machine is to remove the hardware of a single computer and make it a self-contained operating environment that behaves as it is a separate computer. Essentially, the virtual machine is software that executes an application and isolates it from the actual operating system and hardware. CPU scheduling and virtual-memory techniques are used so that an operating system can create the illusion that a process has its own processor with its own (virtual) memory. The virtual machine provides the ability to share the same hardware yet run several different operating systems concurrently, as shown in Figure 2-11.
During the boom of the microcomputer industry, or around 1980s, computers began to be deployed all around the world, in many cases with little or no care about operating requirements. As information technology operations started to grow in diversity, companies grew cautions of the need to control information technology resources. Companies needed fast Internet connection and nonstop operation to deliver systems and establish a presence on the Internet. A lot of companies build large facilities, which were named Internet data center and provided businesses with a range of solutions for systems to adopt and operate. Data centers for cloud computers are called cloud data center. The distribution of these terms has approximately abandoned and they are being established as “data center”. Business and government institutions are reviewing data centers to a higher degree in areas like security, availability, environmental impact and attachment to requirements. Requirements Documents from authorized organizations groups, like for example the Telecommunications Industry Association. Well-known operational metri...
Peter Mell and Time Grance’s piece, "The NIST Definition of Cloud Computing,” explains that with the Cloud has come a more efficient way for us to store and share data; however, it has also lead us to a lot of security breaches. To put it in laypeople terms, the cloud is the connection of all of the functions of our applications, connected to each of our multiple devices. It can be very easy to get scammed or taken advantage of through cloud computing, because if someone gets a hold of one of our devices (say, an iPhone, for example) they can literally destroy us by tapping in to every single application we store data
In cloud computing, the word cloud is used as a metaphor for “the internet”. So the cloud computing means “a type of internet-based computing”, where different services such as servers, storage and applications are delivered to an organization’s computers and devices through the internet.
There are several reason for the business to adopt cloud computing in order to benefit themselves. The following part is going to describe the two type of business that should adopt to cloud computing.
Cloud computing focuses on satisfying user requirements and providing all the necessary applications whenever they are needed.