I was talking at one of the training sessions on cloud computing course and interestingly everyone in that room was excited about the fact that it’s no longer a buzz word but it is a reality now. This emerging computing paradigm offers attractive financial and technology advantages to many small and big organizations and they have already started storing their data. In my opinion some of the technologies and services have not been fully evaluated with respect to security. Security is troubling concern for cloud computing as per survey conducted by IDC. In this session we discussed on growth and usage of the cloud systems and the issues that need to be addressed for its growth.
Issues and Solutions
The main problems cloud computing faces are preserving confidentiality and integrity of data in aiding data security. The primary solution for these problems is encryption of data stored in the cloud. However, encryption of data also brings up new problems. Here is an overview of some of the main problems faced by cloud systems and some solutions.
Trust between the Service provider and the customer is one of the main issues cloud computing faces today. There is no way for the customer to be sure whether the management of the Service is trustworthy, and whether there is any risk of insider attacks. This is a major issue and has received strong attention by companies. The only legal document between the customer and service provider is the Service Level Agreement (SLA). This document contains all the agreements between the customer and the service provider; it contains what the service provider is doing and is willing to do. However, there is currently no clear format for the SLA, and as such, there may be services not documented in the SLA that the customer may be unaware that it will need these services at some later time.
There are several regulatory requirements, privacy laws and data security laws that cloud systems need to adhere to. One of the major problems with adhering to the laws is that laws vary from country to country, and users have no control over where their data is physically located.
Confidentiality is preventing the improper disclosure of information. Preserving confidentiality is one of the major issues faced by cloud systems since the information is stored at a remote location that the Service Provider has full access to. Therefore, there has been some method of preserving the confidentiality of data stored in the cloud. The main method used to preserve data confidentiality is data encryption; however encryption brings about its own issues, some of which are discussed later.
Authenticity (Integrity and Completeness)
Integrity is preventing the improper modification of information. Preserving Integrity, like confidentiality is another major issue faced by cloud systems that needs to be handled, and is also mainly done by the use of data encryption. In a common database setup, there would be many users with varying amount of rights. A user with a limited set of rights might need to access a subset of data, and might also want to verify that the delivered results are valid and complete (that is, not poisoned, altered or missing anything) A common approach to such a problem is to use digital signatures; however, the problem with digital signatures is that not all users have access to the data superset, therefore they cannot verify any subset of the data even if they’re provided with the digital signature of the superset; and too many possible subsets of data exist to create digital signatures for each. Recently, researchers have tried to find solutions to this problem. The primary proposal is to provide customers with the superset’s signature and some metadata along with the query results. This metadata (called verification objects) lets customers fill in the blanks of the data which they don’t have access to and be able to validate the signature.