You are on page 1of 11

Cloud Computing Security Issues

and Challenges

Security Policy Standard and Management

INF 806

Odegbesan Omobolaji Ayomide

A00018467

Abstract
The advancement of IT infrastructure and Technology is on a rapid growth, There is
need for easy access to information by individual and Organizations/firms at any
point in time in any geographical location with smart device without any special
Configuration or customization which requires very little resources in servicing. The
Cloud Computing is a practical example of this Technology/ Infrastructure. Cloud
Computing is an Internet based Technology which involves the storage, processing,
modification

and

sharing

of

Computer

resources

through

Interactions

and

interconnection of configurable devices by Individual or Organizations/Firms at an


affordable rate. (Wikipedia, 2015).
Cloud computing provides a ground technological standard for individuals and
organizations to take on without any major financial asset required on the part of
the organizations and individuals. Regardless of the enormous amount of
advantages or benefits that cloud computing provides, it is marred by security
challenges and issues which makes the acceptability rate of this technology by
individuals and organizations at a daunting rate. An example of this security
concern is the compromise, modification and theft of the critical and valuable
information either by hackers or third party handling the informations on the cloud
(Samson, 2013).

Introduction
The growth of the internet as become very rapid to the point that it allow the
sharing, storage, processing, transmission and modification of informations and
files of every kind, this new growth and development of Information Technology is
known as cloud computing (Chlcks & Cleveland, 2012). The cloud computing
provides a lot advantages such as low cost of maintenance, easy access anywhere
and anytime but as advantageous as cloud computing might be it as some
disadvantages which prevent some organizations and individuals form accepting it .
This easy is geared at looking at the major security issues and challenges thats
facing cloud computing. First the discussion of what cloud computing in the first
section which would be followed by the characteristics, service model, deployment

model in the next section which would be the followed by the major security
challenges and issues affecting cloud computing which would be supported by a
case study while a discussion and conclusion would be at the end of the paper.

Cloud Computing
The National Institute of Standard of Technology (NIST) defined cloud Computing as
a model for enabling ubiquitous, convenient, on demand network access to a shared
pool of configurable resource (e.g., networks, servers, storage, applications, and
services) that can be rapidly provisioned and released with minimal management
effort or service provider interaction (Michael Hogan, 2011), in other words cloud
computing is a virtual environment that can be access through the internet which
allows for the storage, processing, transmitting and sharing of computer resources.
This type of computing service is provided by a cloud service provider who manages
data at an affordable rate to the customer (Wikipedia, 2015).
There is an increasing amount of users moving from the old method of buying
hardware for the purpose of data maintenance which also as a downside of
hardware depreciation, high cost and immobility, this is also known as the (CAPEX
MODEL) to an era of storage over the cloud through the internet this is known as the
(OPEX MODEL) (Wikipedia, 2015).

Characteristics of cloud Computing


Cloud computing as several characteristics which make it a distinctive technology
as compared to other type of the Technologies. The major characteristics of cloud
computing are follows.
1. Shared computing infrastructure and resources:
Cloud computing is a technology which involves and based on the sharing of
computing resources for service rendering. The sharing of computing
resources is made possible with the use of the virtualized software mode.
Cloud computing resource s are made available across a number of
customers regardless of the deployment model (Corporation, 2010).
2. Provision of dynamic and on demand self-service:

This allows the users to easily provide themselves with the required services
and capabilities which is provided automatically by a software automation
system. This characteristic make cloud computing user friendly and simple to
use as there little or no interaction with the service provider or the host
company.

The

wide

range

of

network

accessed

cloud

computing

infrastructure/resource are easily accessible through device using standard


based application programme interface (API)

such as laptop, pc , mobile

devices over the internet (Corporation, 2010).


3. Service gauging facility:
Cloud computing system manages and measures customer used computing
resources, this is done by a metering system which is used to generate billing
information and reports, this is incorporated into the cloud computing
infrastructure. This characteristics allows for transparency as users are
appropriately billed on used services by customers (Corporation, 2010).

Service Model
Service models are the service delivered to the user on the bases of their needs and
requirement. This service are very distinct from each other in that they provide
different facilities and service for customers (Michael Hogan, 2011).There are 3
types of service model which are as follows
1. Software as a Service(Saas):
In this type of service model, the authorization and access to use a software
or application that is hosted on the cloud is purchased by the customer i.e.
the right to use the software or application hosted on the cloud by the cloud
provider is purchased by the user. The user does not have authorization to
manage and control cloud infrastructure, they only have the right to use the
application/software provided by the cloud provider (Michael Hogan, 2011).
2. Platform as a service(PaaS):
In this type of service model the customer or user acquires the right to access
the platform which allows them to implement, use and put up their own
application software in the cloud. The customer only have access to the
platform and doesnt the right to manage and control the cloud infrastructure
(Michael Hogan, 2011).

3. Infrastructure as a Service(Iaas):

This service model allow and grant the consumer to use the capability of
Storage, Processing and network and several other basic fundamental
computing resources and also allows the consumer to put up and deploy an
operating system; application but they dont control the cloud infrastructure.

Deployment Model
Cloud computing have 4 different types of deployment model which support user
needs and requirement as well as customer service requirement needs and
requirement.
The deployment model are as follows
1. Private Cloud
This type of deployment model is mainly for a Particular firm or organization,
this is an exclusive cloud. The cloud infrastructure is solely managed,
maintained, operated and controlled for a particular organization, this type of
deployment model may either be controlled by the organisation in their
premises or environment or by a third party cloud provider at a data center
(Michael Hogan, 2011).
2. Community Cloud:
In this type of deployment model, the cloud infrastructure is shared and used
by several organization that have a common need, interest and requirement.
This type of deployment model help to reduce cost as organizations that uses
the model slit the cost of running the cloud infrastructure. This cloud
infrastructure may either be ran at a third party data center by the cloud
provider or either on existing premises or off premises of any of the
organization (Michael Hogan, 2011).
3. Public Cloud:
This type of deployment model supports commercial use, the cloud
infrastructure is used by the public for profitmaking and commercial use. The
Customer is allowed to deploy and develop needed service at an affordable
cost (Michael Hogan, 2011).
4. Hybrid Cloud:

This

is

cloud

deployment

model

which

consist

of

several

cloud

infrastructure such as private cloud, community cloud and public cloud which
remain as separate and unique clouds but also have the capability to allow
the movement of application and data from one cloud to the other through a
standardized technology (Michael Hogan, 2011).

Cloud Computing security Issues and challenges


Cloud computing was once an IT business concept that was thought of but as
become a fast growing IT technology. This Technology as gained a good ground
amongst individuals and organization as it helps to save resources and effort used
to manage computing resources, this technology as completely revolutionized the IT
world, this technology promises a lot of benefits and advantages to the world but as
beneficial as the technology might be it is marred by some major issues and
challenges (Zimski, 2009). Due to this issues customers are skeptical about this new
technology because this issues are pressing issues that affects the users of this new
technology.
The major challenges facing cloud computing are can are cascaded in to three
broad distinctive categories which are as follows (Beal, 2011).
1. Data Protection:
Data Protection is one of the major challenges in cloud computing, customers
would have to hand out critical and valuable information to a third party
cloud provider; ensuring this that this vital information are highly protected is
a major concern for the customer and a major priority for the cloud provider.
This data must be highly protected through encryption other protection
technique with a precise role for the handler of this vital information, if not
properly handled or managed it can pose a high level of comprise risk of the
information (Beal, 2011).
2. User Authentication:
User authentication is another challenge in cloud computing as data residing
in a cloud needs to be accessed only by authorized user. This is a very critical
challenge in cloud computing security, the monitoring and restriction of who
is accessing the data in the cloud needs to be done by the cloud provider.
This challenge is major concern by both the customer and the service provide
as fake authentication are on high level in the present IT world. It is required

of the cloud provider to ensure a high level of authentication process and


proper monitoring of entry log who accessed what, when and how (Beal,
2011).
3. Contingency Planning:
The risk of having a data breach or comprised data in the cloud is on the high
level as the internet is not entirely secure a very good tool for the hackers to
use to steal and compromise vital information and data, there are other
factors like natural disasters which can damage, compromise, make data
unavailable and lost. There is a need for a plan to retrieve protect and restore
lost, stole or compromised data in the event that any compromise due to any
factor. Contingency plan should be put in place for unexpected event and
disasters if they should occur (Beal, 2011).
There other challenges and issues affecting cloud computing like data location, the
location of the stored data is one issue that is involve laws in a particular location
such as that a data might be highly secured in one location and but not very secure
in another location due to the laws of the location(Binning, 2009).

Case Study
Cloud Flare bosss Gmail hacked in redirect attack on 4Chan
This case study shows how the cloud flare bosss Gmail was a hacked in a redirect
to 4chan.Content distribution network Cloud Flare reset all its customer API keys
over the weekend after its CEOs personal and corporate Gmail was breached in an
elaborate attack on one customer, which appears to have been the 4Chan message
board.
According to Cloud Flare CEO Matthew Prince, a hacker last Friday exploited a subtle
flaw in Google Apps Gmail password recovery process, allowing them to break into
his personal account, breach his CloudFlare.com Gmail address, bypass Gmails twofactor authentication (TFA), and redirect one customers website. UGNazi, the
hacker group that claimed credit for the huge breach at billing software provider
WHMCS, has also laid claim to the attack on Cloud Flare, according to a report by
Softpediz

Prince said on Saturday Google confirmed there was a subtle flaw affecting not 2step verification itself, but the account recovery flow for some accounts. Google
said it had now blocked that attack vector. Prince did not use Gmails TFA for his
personal account, however, the company did for all its CloudFlare.com Gmail
accounts. Prior to Googles confirmation, Prince was alarmed that TFA didnt prevent
CloudFlare.coms accounts becoming compromised since it should have prevented
this attack, even if the attacker had the password.
Its unclear from Prince's explanation how the attacker somehow convinced
Google's account recovery systems to add a fraudulent recovery email address to
my personal Gmail account, however once it was compromised he said the attacker
was able to use the password recovery feature for his CloudFlare.com Gmail
account to access his corporate email. Prince said that no customer credit card
details were exposed since those details never pass through its servers but go
straight to a billing provider, and that it appears the attacker had not accessed its
core database or seen additional client data. However, a claim was made on the
Twitter account of UGNazi member Cosmo that UGNazi had gained full access into
Cloud flare's server and obtained the database", in a post flagging that 4Chan was
redirected to the UGNazi Twitter account.
Cosmo also told Softpedia that UGNazi did access Cloud Flare's main server, could
see all customer account information, including names, payment methods, user IDs,
and had access to reset any account on Cloud Flare. The hackers said they planned
on selling the information on Darkode. Cosmo also said Prince's explanation that the
attacker convinced Google's account recovery, was bogus, adding that there was
"no way you could social engineer a Google App. On Saturday Prince said Cloud
Flare found that some customer API keys were present in the email accounts that
were compromised, which was why it reset all API keys for things such as Cloud
Flare WordPress plugin.
In order to ensure they could not be used as an attack vector, we reset all customer
API keys and disabled the process that would previously email them in certain cases
to Cloud Flare administrator accounts, said Prince. Despite the troubling realisation
that Gmails two-factor authentication failed to prevent the attack when it should
have, Prince urged others to use it and said he has since turned the feature on for

his personal account. Also, even though the password reset process was used to
compromise Princes 20 + character, unique and randomised password, he
encouraged others to use an extremely strong password for email and to change
any password recovery email to an account that you do not use for anything else
and cannot easily be guessed by a determined hacker (Tung, 2012).

Discussion
This paper discussed about cloud computing, its characteristics, secures, above all
the issues and challenges face by cloud computing in IT world and this backed by a
case study which illustrates the importance of the three main categories of cloud
computing challenges and issues which are data protection, User authentication and
Contingency plan. This main challenges issues can be seen in the case study of the
Cloud flare where the CEO corporate and personal Gmail account where hacked by
bypassing the 2 factor verification which was the Gmail authentication system and
this lead to the compromise and theft of valuable and vital information and also
allow the hacker to gain access in the firms server and database which contain
valuable customers information which was stolen and sold by the hacker, and this
forced the firm to create a plan in other to prevent the reoccurrence of this event in
the future by putting preventing and proactive measures in place (Tung, 2012).
From this case study, it shows how daunting the three main challenges are to cloud
computing as it requires a proper, high level and serious attention in other to
successful resolve this cloud security issues and challenges.

Conclusion
This paper began by explaining the meaning of cloud computing alongside its
attribute and it noted main categorises of cloud computing issues and challenges
which was backed by a case study which is used to show the interaction between
theory and practise and the major cloud computing security issues and challenges
faced by stakeholders of this fast growing technological innovation which went on to
tell us how importance it is squarely face this challenges into to avoid and reduce
the risk associated with challenges such as data theft and compromise of vital data
and information, theft or use of fake identification by criminals and hackers using
the internet as a vital weapon for this security breach and also a bad contingency

plan can lead to valuable data lost with no way to retrieve this information when an
unexpected event happens.
In conclusion this paper showed that cloud computing also as major security issues
and challenges faced by customer and service providers despite the fact that it
provides allot of benefits to both the customers and the service providers. Cloud
computing as the potential of growing to the become a more secure virtual
environment in the future.

References
Beal,

V.

(2011,

04

11).

QuinStreet

Inc.

Retrieved

from

Webopedia

http://www.webopedia.com/DidYouKnow/Hardware_Software/cloud_computing
_security_challenges.html
Binning, D. (2009, 04 24). Tech Target . Retrieved from Computer Weekly :
http://www.computerweekly.com/news/2240089111/Top-five-cloudcomputing-security-issues
Chlcks, K. S., & Cleveland, D. (2012, 5 25). Wikinvest . Retrieved from Wikinvest
TM : http://www.wikinvest.com/concept/Cloud_Computing
Corporation, D. (2010). Introduction to Cloud. Montreal: Dialogic Corporation.
Michael

Hogan,

F.

L.

(2011).

NIST

Cloud

Computing

Standards

Roadmap.

Gaithersburg: National Institute of Standards and Technology.


Samson, T. (2013, 02 25). InfoWorld, Inc. Retrieved from InfoWorld Tech Watch:
http://www.infoworld.com/article/2613560/cloud-security/cloud-security-9-topthreats-to-cloud-computing-security.html
Tung, L. (2012, 6 4). IDG Communications Pty Ltd. Retrieved from IDG :
http://www.cso.com.au/article/426515/cloudflare_boss_gmail_hacked_redirect
_attack_4chan/
Wikipedia, t. f. (2015, 10 27). Wikimedia Foundation, Inc. Retrieved from Wikipedia,
the free encyclopedia: https://en.wikipedia.org/wiki/Cloud_computing

Zimski, P.

(2009,

09 6).

TechTaget .

Retrieved

from Computer weekly :

http://www.computerweekly.com/opinion/Cloud-computing-faces-securitystorm