Cloud Computing is defined as an environment in which users can share their resources with others in pay per use model. The supplies are stored centrally and can access from anywhere. Despite these advantages, there still exist significant issues that need to be considered before shifting into the cloud. Security stands as a considerable obstacle in cloud computing. This Article gives an overview of the security issues on data storage along with its possible solutions. It also provides a brief description of the encryption techniques and auditing mechanisms.

Introduction

Cloud computing nowadays is an emergent IT technology which has gained limelight in research. Cloud computing is the combination of many pre-existing technologies that have matured at different rates and in different contexts.

The goal of cloud computing is to allow users to take benefit of all these technologies. Many organizations are moving into the cloud because it will enable the users to store their data on clouds and can access at any time from anywhere. Data breaching is possible in the cloud environment since data from various users and business organizations lie together in a cloud. And also by sending the data to the cloud, the data owners transfer the control of their data to a third person that may raise security problems. Sometimes the Cloud Service Provider (CSP) itself will use/corrupt the data illegally.

Security and privacy stand as the primary obstacle to cloud computing, i.e., preserving confidentiality, integrity, and availability of data. As simple solution encrypt the data before uploading it onto the cloud. This approach ensures that the data are not visible to external users and cloud administrators but has the limitation that plain text-based searching algorithm is not applicable.Synopsis

Synopsis

The National Institute of Standard and Technology’s (NIST) defined cloud computing as a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. The NIST has listed five main characteristics of cloud computing as:

  • On-demand self-service: Resources are available to users based on their demand.
  • Broad network access: The services are rendered over the network, and the users can access it if having an internet connection.
  • Resource pooling: Resources from vendors are pooled to serve multiple users.
  • Rapid elasticity: Users can access the resources whenever needed and also they can release the funds when they no longer required.
  • Measured service: Users have to pay only for the time they are using the resources.

The delivery models in cloud shown in Figure 1. They are:

  • Infrastructure as a Service (IaaS): The IaaS model offers the support to run the applications.
  • Platform as a Service (PaaS): The PaaS model enables the application developer with a development environment and also offer the services provided by the vendor.
  • Software as a Service (SaaS): In SaaS model, the users can use the software for rent instead of purchasing it.
Delivery models
Figure 1. Delivery models

The deployment models in the cloud are:

  • Public Cloud: The cloud is said to be public cloud if its services are rendered for open use by the general public. It may be owned, managed and operated by a business, academic, or government organization, or some combination of them. Amazon, Google are examples of a public cloud.
  • Private Cloud: The cloud is said to be closed cloud if it is owned and managed solely by an organization and its services are rendered to the users within the organization.
  • Community Cloud: A community cloud is an infrastructure shared by several organizations which supports a specific community.
  • Hybrid Cloud: A hybrid cloud is a combination of public and private clouds.

VIDEO: Public Cloud vs Private Cloud vs Hybrid Cloud

Threats in Cloud Computing

There are certain aspects associated with Cloud Computing as a result of which many organizations are still not confident about moving into the cloud. The Computer Security Alliance Group has listed the threats that may occur in cloud computing. They are:

  • Abuse of cloud computing.
  • Insecure Interfaces and API’s.
  • Malicious Insiders.
  • Shared Technology Issues.
  • Data Loss and Leakage.
  • Account or Service Hijacking.
  • Unknown Risk Profile.
  • Hardware Failure.
  • Natural Disasters.
  • Closure of Cloud Service.
  • Cloud-related Malware.
  • Inadequate Infrastructure Design and Planning.

Among these data loss and leakage was ranked as the second most common threat. Data loss and leakage occurs due to lack of security and privacy in both storage and transmission. To reduce this risk, the data security aspects taken into account are:

  • Data-in-transit: Data-in-transit refers to the data during transfer either from data owner to cloud provider or from a cloud provider to an owner.
  • Data-at-rest: Data-at-rest refers to the data in the storage.
  • Data lineage: Data lineage specifies what happened to data from its source through distinct applications and its use for auditors. Data lineage is difficult for public clouds.
  • Data provenance: Data provenance is not just proving the integrity of data, but the more specific history of the data, i.e., who created, modified and deleted the data in the cloud.
  • Data remanence: Data remanence refers to the data left behind after deletion.

This Article highlights the issues related to data storage. Data Storage refers to storing the data on a remote server hosted by the CSP. The benefits of data storage in the cloud are:

  • Provides unlimited storage space for storing user’s data.
  • A user can access the data at any time from anywhere using an internet connection in more than one machine.
  • No need to buy the storage device for storing the data.

The primary constraint in data storage was an absence of security and privacy which arises due to loss of control over the data. The requirements for secure data storage are:

  • The data on the cloud must be confidential, and CSP should not be able to compromise it at any cost.
  • Data access must be given to the intended use only.
  • The data owner must have full control over the authorization of data.

Security and Privacy Issues in Data Storage

Cloud Computing allows the users to store their data on the storage location maintained by a third party. Once the data is uploaded to the cloud, the user loses its control over the data, and the data can be tampered by the attackers. The attacker may be an internal (CSP) or external. Unauthorized access is also a common practice due to weak access control. The protection of information arises the following challenges:

  • Access control: Are there appropriate controls over access of data when stored in the cloud?
  • Structured versus unstructured: How is the data are stored? Whether it supports data access speedily?
  • Integrity/availability/confidentiality: How are data integrity, availability and privacy maintained in the cloud?
  • Encryption: Several laws and regulations require that certain types of information should be stored only when encrypted. Is this requirement supported by the CSP?

The security and privacy issues related to data storage are confidentiality, integrity, and availability.

INTERESTING VIDEO: How Google Protects Your Data

Confidentiality

The principal dispute in cloud computing is confidentiality. Data confidentiality means accessing the data only by authorized users and is strongly related to authentication. In another way, secrecy means keeping users data secret in the cloud systems. As we are storing the data on a remote server and transferring the control over the data to the provider here arises the questions such as:

  • Will the sensitive data stored on the cloud is confidential?
  • Will the cloud provider itself be honest?

For ensuring confidentiality, cryptographic encryption algorithms and secure authentication mechanisms can be used. Encryption is the process of converting the data into a form called ciphertext that can be understood only by the authorized users. Encryption is an efficient technique for protecting the data but has the obstacle that data will be lost once the encryption key is stolen. The primary potential concern is:

  • How is the data in the cloud be protected?
  • If encryption is used what will be its key strength?

It all depends on the CSP. CSP itself will encrypt the user data before storing, and the keys will be disclosed only to the authorized persons. But some CSPs allow the users to encrypt their data before uploading into the cloud. The encrypted data is usually stored on the server, and the keys are revealed only to the authorized users. Different cryptographic algorithms are available for encryption. In symmetric cryptography involves the use of the private key is used for both encryption and decryption as shown in Figure 2. In symmetric algorithms, the data is encrypted by using a private or secret key, and the same key is used for decryption also. Symmetric algorithms include DES, AES, and Blowfish, etc. In DES has been a public crucial symmetric encryption, introduced in 1976 and is used in many commercial and financial applications. DES is more comfortable to implement in both hardware and software but is slower and has poor performance. DES was replaced by AES encryption which is fast and flexible and was used to protect information in smart cards and online transactions. The critical size of 256 bits is more secure, but sometimes it is too complicated. Blowfish introduced in 1993 is one of the most common public domain encryption algorithms. Blowfish is fat and straightforward encryption algorithm.

Symmetric encryption
Figure 2. Symmetric encryption.

In general symmetric algorithms are more straightforward and faster but not efficient that both sender and receiver share the same secret or private key.

Asymmetric encryption algorithms also called public key encryption involves the use of public key and private key. In asymmetric encryption algorithms, the sender encrypts the data using the public key of the receiver and the receiver will decrypt it using his private key. The most popular asymmetric encryption algorithm is RSA encryption which is developed in 1978. It provides increased security as the private keys do not need to be revealed to anyone. Another advantage is it provides mechanisms for digital signature. Digital signatures along with RSA encryption ensure the security of data in the cloud. A numeric name is a mathematical scheme for proving the authenticity of data.

Predicate encryption is also a kind of asymmetric encryption which allows decrypting selected data instead of decrypting all of it. Identity-Based Encryption (IBE) is public key encryption which uses the unique information about the identity of the user as a public key and guarantees authenticity. The major advantage of asymmetric encryption is it provides more security. The disadvantage is its speed, i.e., symmetric algorithms are faster than asymmetric algorithms. Figure 3 depicts the asymmetric encryption technique.

The above encryption techniques have the limitation that for searching the data from the file, the entire data has to be decrypted. It is a time-consuming process, and thus searchable encryption was introduced. Searchable encryption allows build an index for the file containing the keywords and is encrypted and stored along with the record so that while searching the data only the keywords are decrypted rather than the entire file and search is made on it.

Asymmetric encryption
Figure 3. Asymmetric encryption.

Efficient encryption is homomorphism encryption which allows the CSP to carry out operations on encrypted file rather than decrypting it, which provides the same result. The key used for encryption is kept secret by the user and not revealed to the CSP, so it is more secure.

All these encryption algorithms will improve the security of data but maintain the encryption key as the secret is a difficult task for the CSP as more users dumping their data. As the key is with the CSP sometimes, it is possible to hack the data.

Integrity

Another serious problem faced by cloud computing is integrity. The integrity of data means to make sure that the data has not been changed by an unauthorized person or in an illegal way. It is a method for ensuring that the data is real, accurate and safeguarded from unauthorized users. As cloud computing supports resource sharing, there is a possibility of data being corrupted by unauthorized users. Digital Signatures can be used for preserving the integrity of data. The simple way for providing integrity is using Message Authentication Code (MAC). Message Authentication Code is a cryptographic checksum calculated using hash functions and is sent along with the data for checking the integrity. Auditing mechanisms can also be used for preserving integrity. In private auditing, the integrity of data is verified by the data owner using algorithms. Public verification means assigning a Trusted Third Party (TPA) by the data owner to check the integrity of the data. The TPA cannot access the data but can verify whether the data is modified or not and will report to the owner.

Remote Data Auditing refers to a group of protocols for verifying the correctness of the data over the cloud managed by CSP without accessing the data. As shown in Figure 4 Remote Data Auditing follows response challenge process which involves the following steps:

  • The data owner processes the file and generates Metadata and handover it to the TPA.
  • The TPA generates a challenge and transmits to CSP for checking the data correctness.
  • On receiving the challenge, the CSP calculates the response and send it to TPA.
  • After receiving the response, verification is done by TPA to check whether the data is stored correctly by the provider.

Provable Data possession is also a remote auditing mechanism. In all PDA mechanisms, the data owner or TPA will check the integrity of data. However, TPA is not able to verify the integrity independently when the data owner fails to send the metadata for verification. The TPA does not have the permission to take countermeasures without informing the owner.

To overcome this proxy PDP was defined in which remote data auditing task was assigned to a proxy on the warrant.

Remote auditing mechanism.
Figure 4. Remote-auditing mechanism.

Availability

Availability refers to being available and accessible to authorized users on demand. Availability of cloud computing systems aims to ensure that its users can use them at any place and at any time.

RELATED TOPIC:

  1. Data Storage Security
  2. Cloud Installation Services In Florida

Conclusion

Cloud computing enables users to store their data in the remote storage location. But data security is the significant threat to cloud computing. Due to this many organizations are not willing to move into the cloud environment. To overcome this, confidentiality, integrity, availability should be encapsulated in a CSP’s Service Level Agreement (SLA) to its customers. Otherwise, ensure that any sensitive information is not put into a public cloud and if any it is to be stored in encrypted form. Effective auditing mechanisms also can be used for providing data integrity.

Data Storage Security: Data storage security means different kinds of methods and settings which makes storage resources available to the authorized users and trustworthy networks and makes is unavailable to the other group of people. This kind of methods and settings can also be used for hardware, programming, communications and for organizational policy.

DATA SECURITY AND PROTECTION METHODS:

The importance of data storage methods is huge. In today’s world securing data has become a mammoth task. Data protection methods include encryption of data, traffic encryption and VPN, access control and user authorization, network monitoring, reporting and forensics and intrusion prevention system also.

Encryption of Data:

Encryption means changing the information in such a way so that it becomes unreadable for the common users except those possessing special knowledge (usually referred to as a “key”) as it allows them to change the data in a readable form. Encryption of data is necessary as it allows us to protect the data from those persons with whom we don’t want to share our data. In business it can be used to protect corporate secrets, governments can use it to secure classified with information, and many individuals use it to protect personal information to guard against things like identity theft. Approximately 78% people use this method to protect their data.

Encryption of folder can protect folder contents, which could contain emails, chat histories, tax information, credit card numbers, or any other sensitive information. In this way, even if your computer is stolen that data is safe.

Traffic encryption:

Traffic encryption is actually officially known as hypertext transfer protocol secure (HTTPS) which secures the conduction of information to and from a website. It ensures secure communication in a computer network and at present, it is widely used for internet security. In HTTPS, the communication protocol is encrypted by Transport Layer Security (TLS), or formerly, its predecessor, Secure Sockets Layer (SSL). The protocol is often referred to as HTTP over TLS or HTTP over SSL.

The prime motive behind HTTPS is verification of the accessed website and protection of the privacy and trustworthiness of the exchanged data. It protects against man-in-the-middle attacks. The bidirectional encryption of communications between a client and server protects against spying and tampering of the communication. In practice, this provides a reasonable promise that one can protect their data from imposition. About 60% people use this method to protect their data.

Access control and user authorization:

Authorization means such kind of security systems challenge you to prove you are the customer, user, or employee whom you claim to be, using a password, token, or other forms of testimonial. People are actually less familiar with the term authorization, they actually know it as access control. About 56% people use it to protect their valuable data.

Authentication verifies person’s identity and enables authorization. It decides what a person’s identity is allowed to do. For example, any student of a university can create and use an identity (e.g., a username) to log into that university’s online service but the university’s authorization policy must ensure that only you are authorized to access your individual account online once your identity is verified.

Network monitoring:

A network monitoring system generally keeps the track of the whole IT substructure with all devices and systems. Everything that uses a defined interface and delivers status information via standard protocol is controlled by administrators can monitor. The monitoring software must simply establish contact with the device or service using an IP address and can then retrieve the current device status. This helps the IT department to keep an eye on the status of every area in the IT infrastructure at all times. The main motive is to achieve supreme accessibility and finest performance in the network. To do this, the network monitoring system must cover three security-significant aspects which include monitoring the actual security systems, identifying unusual occurrences, and checking environmental parameters.

Apart from the above-mentioned methods intrusion prevention system, forensics, backup of data regularly can secure data which are valuable to us.

TYPES OF DATA SECURITY MEASURES:

Securing data should be a vital area of concern for every type of business owner. When one save all his business information for example clients contact, loss, gain, his bank account number in the computer then if anyone wants to harm his business he or she can simple hack his data. In this regard, data security should be everyone’s prime priority.

According to the most recent Verizon Data Breach Investigations Report, an estimated “285 million records were compromised in 2008.” And about 74 percent of those occurrences were from outside sources. Following are some data security measures which has been implemented for securing our data:

  1. Establish strong passwords

Keeping a strong password is one of the easiest measures which can protect our data.

A combination of capital and lower-case letters, numbers and symbols and make it 8 to 12 characters can make a strong password.

We should not use any kinds of a name which is related to our personal lives, for example, our own name, phone number, numbers of letters which comes one after another in the keyboard according to the Microsoft.

We should also follow that the length of the password remains long or medium.

As for how often you should change your password, we should change our passwords after every 90 days says Roland Cloutier, Chief Security Officer for ADP.

We need to make sure every individual has their own username and password for any login system, from desktops to your CMS. And finally, writing password anywhere can be a dangerous thing too.

  1. Put up a strong firewall

In order to make a protected network firewall is a must. It can protect our network by controlling internet traffic coming into and flowing out of your business

  1. Install antivirus protection

Antivirus and anti-malware software are essentials in your arsenal of online security weapons, as well. They actually work as the last line of defense Cloutier added.

  1. Update your programs regularly

It is important to update your apps and other software as new updated versions are more useful and they maintain more modern ways to protect our data.

“Your security applications are only as good as their most recent update,” Watchinski, Senior Director of the Vulnerability Research Team for Sourcefire explains. “While applications are not 100 percent fool-proof, it is important to regularly update these tools to help keep your users safe.”

Frequently updating programs keeps a person up-to-date on any recent issues or holes that programmers have fixed.

  1. Secure your laptops

As laptops are portable they are easier to steal or they can be lost easily. Encrypting our laptop in a proper manner is the easiest way to keep our data secure. Encryption software changes the way information looks on the hard drive so that, without the correct password, it can’t be read.

We must not keep our laptops in the car or any other place open so that the thief cannot take them. Even if necessary we need to lock them in the trunk.

  1. Secure your mobile phones

Smartphones hold many of our data, sometimes we keep our most valuable passwords, data and security methods. Smartphones also can be stolen easily so we need to keep them secure for our own safety.

The must-haves for mobile phones: Encryption software, password -protection Remote wiping enabled.

Remote wiping is “extremely effective,” Cloutier says, recounting the story of one executive who lost his Blackberry in an airport after he had been looking at the company’s quarterly financials. The exec called IT in a panic, and within 15 minutes they were able to completely wipe the phone.

  1. Backup regularly

Scheduling regular backups to an external hard drive, or in the cloud, is a painless way to ensure that all your data is stored safely.

The general rule of thumb for backups: servers should have a complete backup weekly, and incremental backups every night; personal computers should also be backed up completely every week, but you can do incremental backups every few days.

Getting your data compromised is painful so need to back up them for our own benefits.

  1. Monitor diligently

All the great technologies do not have any use if there is no one to keep them or practice them. One good monitoring tool. Data-leakage prevention software, which is set up at key network touch points to look for specific information coming out of your internal network. It can be configured to look for credit card numbers, pieces of code, or any bits of information relevant to your business that would indicate a breach.

IMPORTANCE OF DATA SECURITY:

The importance of data security is huge. Data are one of the most important parts of our lives. Our business, job all these things are related to data. So, if anyone steals our data they can simply ruin our lives.

 Encryption is significant because it allows you to securely protect data that you don’t want anyone else to have access to. Encryption can securely protect folder contents, which could contain emails, chat histories, tax information, credit card numbers, or any other sensitive information.

Everyone is worried about moving sensitive data to the cloud, and many organizations perceive that the cloud is not as safe as their own data center. Encryption of data helps us move to the Cloud safely.

Encryption of data helps us to achieve secure multi-tenancy in the cloud. If you encrypt data before it enters the cloud, and retain control of the encryption keys, you can ensure your data is safe, regardless of its neighbors. Hy-Trust Data Control provides the ability to encrypt the data in VMs before moving them to the cloud while you retain control of the encryption keys in your data center.

Lastly, it can be said that encryption is mandatory for our cause if we do not encrypt our data our personal information will be hacked and our life will be more disastrous. So, we need to save our data for our own betterment and for our own safety.