Security Challenges and Ethical Issues in Cloud Computing
Introduction
The growth of computer technologies and Internet led to the introduction of cloud computing technology. As Avram (2014) indicated, the growth in technology and the Internet has facilitated the improvement in processing power, the interconnection of computing devices, and increased access to computing services. Modi et al. (2013) described the cloud computing technology as an environment that has shared pool of computing resources that client’s pay-on-demand to access conveniently using the Internet. These resources are provisioned and delivered with minimum interference or managerial effort from the services provider.
Get Help With Your Essay
If you need assistance with writing your essay, our professional essay writing service is here to help!
Common services offered in this technology include servers, storage facilities, services, networks, and applications (Hashem et al., 2015). Therefore, most organizations have adopted cloud computing services because they offer several advantages over traditional computing methods. In cloud computing, services are offered on-demand, which means that as a user you pay for what you want to use and when you need to use the service (Modi et al., 2013). Moreover, cloud services are accessed through the use of the Internet services using computing devices from different places around the globe. Cloud computing eliminates the need to invest in networking infrastructures, storage devices, huge office spaces, or powerful computing devices. Consequently, cloud computing lowers the costs involved in business operations.
Cloud computing has three layers, the platform, the application, and the system layers (Chou, 2013). The bottom layer contains the infrastructure as service layer (IaaS) that hosts computation resources such as storage infrastructure, memory, servers, and networking devices. The clients access the services in this layer through web interfaces and virtual machines. The second layer contains the platform as service (PaaS) or the cloud computing architecture. According to Chou (2013), PaaS is important in enabling the clients create and design specific applications. The final top layer consists of software as a service were users can rent the applications executed in cloud computing (Jadeja & Modi, 2012).
There are many benefits that clients enjoy for using cloud computing. However, there are several ethical issues such as privacy, security, integrity, confidentiality, as well as the availability of cloud resources and data that needs to be addressed (Akande, April, & Van Belle, 2013). Cloud vendors have legal and moral obligations of ensuring the data in cloud is safe from hackers and unauthorized users. This research paper will analyze past research studies to identify the security challenges and ethical issues existing due to the use of cloud computing, and solutions.
Ethical and Security Issues in Cloud Computing
Ownership, security, and privacy of data stored in cloud servers fall into legal gray areas because there lacks a legal framework or ways to enforce policies in cloud environment (Kshetri, 2013). Therefore, when the data stored by an organization in cloud’s vendor gets breached, the organization is most likely held legally responsible for data compromised. Kshetri (2013) argued that many cloud providers give false information to their users, especially in case of attacks. The study further argued that there is no effective controls put in place to assist in issues such as regulation of the third parties, offering data back-up services, or even regulating cloud service vendors from misusing cloud data entrusted to them by users. It is also of concern that the cloud vendors might discard or delete data using insecure ways, where hackers might retrieve information (Kshetri, 2013).
The other challenge in cloud computing is based on how technology is accessed, which creates confidentiality and data privacy concerns. According to Chou (2013), Internet and virtual machines are used to provision and deploy these services. The study further noted that hackers might take advantage and set up virtual machines in the cloud environment with the aim of conducting vulnerability tests. If the hackers identify weaknesses in cloud computing, they can utilize the high processing power allowed in cloud technology to conduct brute force attacks leading to distributed denial of services, thus creating availability issues (Chou, 2013).
Almorsy et al. (2016) stated that virtual machines operating systems are easily affected by security threats such as malware infections and viruses. Malware injection attacks include leakage of information, injection flaws, broken authentication, poor error handling, cross-site scripting, improper validation of data, poor session management and failure to restrict URL access among others (Chou, 2013). Additionally, malicious codes could be embedded on the virtual machine image, which can create a backdoor that attackers could use to manipulate data stored in cloud environment. Manipulating data files creates an integrity issue because cloud users can be fed with false data. Finally, Hashizume et al. (2013) identified that the ability to rollback virtual machines could expose previously fixed security vulnerabilities.
Another challenge in cloud computing affects the network infrastructure. Network security issues are identified in Khalil, Khreishah, and Azeem (2014) study as common disruptors of cloud computing technology. Cloud computing comprises of networked computing devices where the services are delivered through distributed networks and the Internet. As a result of how it is operated, there exist vulnerabilities in networks that attackers could exploit to hack the systems.
For instance, Khalil et al. (2013) noted poor network configurations and failure to implement network firewalls might lead to attacks. Lack of strong security measures in place to safeguard the networks might expose business to the external attackers who would gain access to software and hardware of cloud computing accounts. Khalil et al. (2013) also noted attackers could pretend to be genuine cloud computing users, but they would use access to cloud accounts to monitor and explore to find vulnerabilities in cloud computing.
The Khalil et al. (2013) lists other common challenges found in cloud computing such as social software vulnerabilities, engineering, phishing, and account as well as service hijacking attacks. In this form of attacks, the hackers use tricks into making the cloud users into providing personal information for their cloud accounts. Consequently, the attackers use the information to access cloud services and data that would most likely violate the integrity, the confidentiality or the availability of cloud data. An attack on cloud services has huge financial impact on clients, as illustrated in Modi et al. (2013) study. The study reported how the attack on Amazon cloud infrastructure affected the operations of BitBucket.org for over 19 hours, which led to huge losses.
Khalil et al. (2013) also identified that there is no oversight and audit of on cloud vendors. Cloud providers outsource services to third parties who handle sensitive information and data provided by cloud users. Therefore, lack of audit records creates an ethical and security issue because users do not understand how their data is stored, accessed, or used. Third parties and cloud services providers are not transparent on how they operate, creating a gap for data to be exploited and violating data copyright.
Failure to conduct rigorous background checks on employees is an ethical issue, which might lead to insider attacks. As noted in Kshetri (2013) study, malicious insider/insider attacks account for 40% in an organization. Therefore, malicious insiders might steal sensitive information to commit fraud or intellectual property for their personal gain, which violates data privacy. Insider attacks pose a serious threat to the organizations because they go undetected because they emanate from rogue administrators or disgruntled employees (Akande et al., 2013). Additionally, Chou (2013) study results indicated that of 607 cyber-attacks in the year 2011, 21% of them were from malicious insiders. Besides poor background checks, Chou (2013) gave undefined roles and poor security policies enforcement strategies as the leading causes of attacks.
Find Out How UKEssays.com Can Help You!
Our academic experts are ready and waiting to assist with any writing project you may have. From simple essay plans, through to full dissertations, you can guarantee we have a service perfectly matched to your needs.
View our academic writing services
Vendor or data lock in is another issue that affects cloud users. As described in Akande et al. (2013) study, cloud service providers lack standardized systems that limit the consumers to easily migrate from one service provider to another. Additionally, lack of standardization creates a security challenge and management uncertainties, especially when as user you fear a vendor might close the business, hike prices, or have reliability issues. Additionally, lock in makes it difficult for the users to migrate from one service to another even though it is clear that users might do well in an alternative.
Solutions
The ethical issues arise in cloud computing due to privacy concerns surrounding data storage. There are various strategies put in place to protect user information and data in cloud servers. A study by Li et al. (2010) indicated cloud vendors encrypt data stored on their servers to ensure privacy, integrity, and confidentiality. Chen and Zhao (2012) study stated encryption is a common solution to data confidentiality. Encryption utilizes keys to encrypt information into ciphertext that cannot be understood by an individual who does not have access to the keys. Therefore, the attackers might not understand the encrypted data even if they manage to steal from the cloud servers.
The study by Joshi, Vijayan, and Joshi (2012) proposed the use of cloud traceback (CTB) and cloud protector to protect cloud environment against the denial of services attacks. The CTB is used to identify and fine the source of the attacks using the deterministic packet marketing algorithm. The CTB is deployed at the edge of the routers to identify vulnerabilities in the system by filtering the packets in and out of the networks. If an attack is identified to come from a specific node, the administrators are alerted to block the computer from accessing cloud services.
Cloud computing vendors can protect their information systems and data using biometric features of the employees. The biometric systems as discussed in He and Wang (2015) utilizes an individual’s unique features such as face recognition systems, fingerprints, voice recognition, and iris scan. Therefore, only authorized users are allowed to access certain data at specific times, which is more efficient than the use of passwords. Additionally, the biometric systems have records of who accesses data, which means that in the event a malicious insider access data for their benefit, the company would easily know who accessed or leaked information.
A study by Jabir et al. (2016) noted that it is the responsibility of cloud users to protect the virtual machines used to access cloud services. One of the ways to secure virtual machines is the use of antivirus and firewall to protect the systems against the traditional attacks such as virus and worms. Khalil et al. (2014) stated that end-users could also use intrusion detection systems to investigate the traffic in and out of cloud network traffic, log files, and user behaviors to determine if users violate the users’ policies. Any user found to violate the security policies or authorized use are marked as spams, and they are blocked from accessing cloud services (Chou, 2013).
Conclusion
This research report was essential in defining and explaining in detail the cloud computing technology and ethical as well as security issues. This paper has noted some of the key benefits that make cloud computing popular. Cloud services are scalable, saves on cost of operations, and they can be viewed from any location at any given time with access of computing devices. Therefore, cloud services are essential because they increase business efficiency.
However, there are notable ethical challenges that significantly affect the rate using and relying on cloud services. The research studies reviewed in this paper noted security as the main issue in cloud computing. The security of cloud services is paramount because of the sensitive information stored in cloud servers. Additionally, the research papers suggested that the issues of security cloud computing largely exist due to the way users view the services. The cloud services are accessed using web applications, virtual machines, and the Internet. Therefore, typical network security vulnerabilities affect cloud computing. Such vulnerabilities include malware injections, denial of services attacks, and breach of privacy, integrity, availability, and confidentiality of cloud users in case of attacks.
The paper also offered various countermeasures to the use of ethical issues and security challenges affecting cloud computing. The common solutions include the use of antivirus and antimalware systems. The study suggested use of intrusion detection systems and firewalls to monitor the traffic in and out of network and block users identified as spams. Encryption and enforcing security policies is also identified as a solution to these problems.
References
- Akande, A. O., April, N. A., & Van Belle, J. P. (2013). Management issues with cloud computing. In Proceedings of the Second International Conference on Innovative Computing and Cloud Computing (p. 119).
- Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107. pp. 1-7. Retrieved from https://arxiv.org/abs/1609.01107
- Avram, M. G. (2014). Advantages and challenges of adopting cloud computing from an enterprise perspective. Procedia Technology, 12, 529-534. Doi: 10.1016/j.protcy.2013.12.525
- Chen, D., & Zhao, H. (2012). Data security and privacy protection issues in cloud computing. In 2012 International Conference on Computer Science and Electronics Engineering (Vol. 1, pp. 647-651).
- Chou, T. S. (2013). Security threats on cloud computing vulnerabilities. International Journal of Computer Science & Information Technology, 5(3), 79-88.
- Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The rise of “big data” on cloud computing: Review and open research issues. Information Systems, 47, 98-115. Doi: 10.1016/j.is.2014.07.006
- Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of security issues for cloud computing. Journal of Internet Services and Applications, 4(1), 5. Doi: 10.1186/1869-0238-4-5
- Jabir, R. M., Khanji, S. I. R., Ahmad, L. A., Alfandi, O., & Said, H. (2016, January). Analysis of cloud computing attacks and countermeasures. In Advanced Communication Technology (ICACT), 2016 18th International Conference on (pp. 117-123).
- Jadeja, Y., & Modi, K. (2012, March). Cloud computing-concepts, architecture, and challenges. In Computing, Electronics and Electrical Technologies (ICCEET), 2012 International Conference on (pp. 877-880). Doi: 10.1109/ICCEET.2012.6203873
- Joshi, B., Vijayan, A. S., & Joshi, B. K. (2012). Securing cloud computing environment against DDoS attacks. In 2012 International Conference on Computer Communication and Informatics (pp. 1-5). Doi: 10.1109/ICCCI.2012.6158817
- Khalil, I. M., Khreishah, A., & Azeem, M. (2014). Cloud computing security: a survey. Computers, 3(1), 1-35. Doi: 10.3390/computers3010001
- Kshetri, N. (2013). Privacy and security issues in cloud computing: The role of institutions and institutional evolution. Telecommunications Policy, 37(4-5), 372-386. Doi:10.1016/j.telpol.2012.04.011
- Li, J., Wang, Q., Wang, C., Cao, N., Ren, K., & Lou, W. (2010). Fuzzy keyword search over encrypted data in cloud computing. In 2010 Proceedings IEEE INFOCOM (pp. 1-5). DOI: 10.1109/INFCOM.2010.5462196
- Modi, C., Patel, D., Borisaniya, B., Patel, A., & Rajarajan, M. (2013). A survey on security issues and solutions at different layers of cloud computing. The Journal of Supercomputing, 63(2), 561-592. Doi: 10.1007/s11227-012-0831-5
Cite This Work
To export a reference to this article please select a referencing style below: