Road Towards Cloud Computing – What are the issues? - Part - I

Road Towards Cloud Computing – What are the issues? - Part - I
...

Sandeep Sehgal

Last updated October 31, 2016


  • 454 Views

  I was talking at one of the training sessions on cloud computing course and interestingly everyone in that room was excited about the fact that it’s no longer a buzz word but it is a reality now. This emerging computing paradigm offers attractive financial and technology advantages to many small and big organizations and they have already started storing their data. In my opinion some of the technologies and services have not been fully evaluated with respect to security. Security is troubling concern for cloud computing as per survey conducted by IDC. In this session we discussed on growth and usage of the cloud systems and the issues that need to be addressed for its growth.

Issues and Solutions

The main problems cloud computing faces are preserving confidentiality and integrity of data in aiding data security. The primary solution for these problems is encryption of data stored in the cloud. However, encryption of data also brings up new problems. Here is an overview of some of the main problems faced by cloud systems and some solutions.

Trust

Trust between the Service provider and the customer is one of the main issues cloud computing faces today. There is no way for the customer to be sure whether the management of the Service is trustworthy, and whether there is any risk of insider attacks. This is a major issue and has received strong attention by companies. The only legal document between the customer and service provider is the Service Level Agreement (SLA). This document contains all the agreements between the customer and the service provider; it contains what the service provider is doing and is willing to do. However, there is currently no clear format for the SLA, and as such, there may be services not documented in the SLA that the customer may be unaware that it will need these services at some later time.

Legal Issues

There are several regulatory requirements, privacy laws and data security laws that cloud systems need to adhere to. One of the major problems with adhering to the laws is that laws vary from country to country, and users have no control over where their data is physically located.

Confidentiality

Confidentiality is preventing the improper disclosure of information. Preserving confidentiality is one of the major issues faced by cloud systems since the information is stored at a remote location that the Service Provider has full access to. Therefore, there has been some method of preserving the confidentiality of data stored in the cloud. The main method used to preserve data confidentiality is data encryption; however encryption brings about its own issues, some of which are discussed later.

Authenticity (Integrity and Completeness)

Integrity is preventing the improper modification of information. Preserving Integrity, like confidentiality is another major issue faced by cloud systems that needs to be handled, and is also mainly done by the use of data encryption. In a common database setup, there would be many users with varying amount of rights. A user with a limited set of rights might need to access a subset of data, and might also want to verify that the delivered results are valid and complete (that is, not poisoned, altered or missing anything) A common approach to such a problem is to use digital signatures; however, the problem with digital signatures is that not all users have access to the data superset, therefore they cannot verify any subset of the data even if they’re provided with the digital signature of the superset; and too many possible subsets of data exist to create digital signatures for each. Recently, researchers have tried to find solutions to this problem. The primary proposal is to provide customers with the superset’s signature and some metadata along with the query results. This metadata (called verification objects) lets customers fill in the blanks of the data which they don’t have access to and be able to validate the signature.

About the Author

Sandeep Sehgal, PMP, Passed CISSP Exam ,IBM Certified Sr. Project Manager, has 22 years industry experience. Currently he is Head Consulting and Training at Pallas Athena. He is a passionate trainer and consultant in the field of leadership/soft skills, project management and information security. Previously he has worked for Sify, IBM and CSC


{{detail.h1_tag}}

{{detail.display_name}}
... ...

{{author.author_name}}

{{detail.full_name}}

Published on {{detail.created_at| date}} {{detail.duration}}

  • {{detail.date}}
  • Views {{detail.downloads}}
  • {{detail.time}} {{detail.time_zone_code}}

Registrants:{{detail.downloads}}

Downloaded:{{detail.downloads}}

About the On-Demand Webinar

About the Webinar

Hosted By

...

{{author.author_name}}

{{author.author_name}}

{{author.about_author}}

About the E-book

View On-Demand Webinar

Register Now!

First Name*
Last Name*
Email*
Company*
Phone Number*

View On-Demand Webinar

Register Now!

Webinar Expired

Download the Ebook

Email
{{ queryPhoneCode }}
Phone Number {{ detail.getCourseAgree?'*':'(optional)'}}

Show full article video

About the Author

{{detail.author_biography}}

About the Author

{{author.about_author}}