Cloud computing is a compilation of existing techniques and technologies, packed within the emerging infrastructure paradigm that offers enhanced scalability, elasticity, business agility, faster startup time, reduced management costs and just-in-time availability of resources for large scale infrastructure that refers to both the applications delivered as services over the internet and the hardware and the systems software in the datacenters that provide those services.
Below is the list of features and attributes that have a direct impact on information technology (IT) budgeting but also affect traditional security, trust and privacy mechanisms:
- Making use of internet-based services to support business process
- Rent out IT-services on a utility-like basis
- Rapid deployment
- Low startup costs/ capital investments
- Costs based on usage or subscription
- Multi-tenant sharing of services/ resources
The acceptance of cloud computing may move quite quickly depending on local requirements, business context and market specificities. The economic potential of cloud computing and its capacity to fast-track innovation are hamming business and governments under increased pressure to adopt cloud computing based solutions.
Privacy, Security and the Cloud
Privacy and security has always been the essential issues when it comes to cloud computing. Before applying for cloud services or providing your personal information, one should always make sure that you go through the privacy policies.
Here is the list of points that an organizations should follow before it intend to move personal information into the cloud:
- Implement a privacy compliance program that addresses collection and use of personal information in the cloud.
- Verify the type of data that will be sent to the cloud and how the information will be stored by the cloud provider. Outsourcing the data storage may generate a risk of misuse or unauthorized disclosure and therefore an organization may choose to retain its most confidential information under its direct control.
- Certify that the suitable consents have been obtained to send personal information to a cloud provider. An organization needs to maintain “control” over personal information that is sent to the cloud provider and prevent secondary uses of that personal information. If the cloud provider will use personal information for new purposes then additional individual consents may need to be obtained.
- Review the cloud provider’s contract terms to ensure that personal information received by the cloud provider is treated in a manner consistent with the organization’s obligations under applicable privacy laws.
Cloud environment provides a secure controls that help in protecting the confidentiality, availability and integrity of the systems and data that exists in the cloud. In order to protect data at rest, in transit and in use, cloud makes use of an appropriate procedure and makes use of technical protections.
These controls help in reducing attacks on a cloud system.
Preventive controls strengthen the system against incidents, normally by reducing the vulnerabilities. Strong authentication of cloud users makes it less likely that unauthorized users can access cloud systems, and more likely that cloud users are positively identified.
Detective controls helps in detecting and reacting appropriately to each and every incidents that takes place. In the event of an attack, a detective control will signal the preventative or corrective controls to address the issue.
Corrective controls reduce the consequences of an incident by limiting the damage. These controls are mainly used either during or after an incident.
Trust in Cloud Computing
Trust revolves around ‘assurance’ and confidence that data, entities, information or processes will function or behave in expected ways. A trusted cloud environment is designed to stand the test of time. It should provide high availability and resilience to adverse events. A trust value comprises of various parameters that are necessary dimensions along which security of cloud services.
Security, privacy and compliance are the three pillars that help in building up organizations trust in cloud services. Below are some reasons and elements why you should trust cloud:
- Cloud network management makes network monitoring very easy
- Single pane monitoring for network health
- CSA (Cloud Service Alliance) service challenges are used to assess security of a service and validity of the model. Adequacy of the model is also verified by evaluating trust value for existing cloud services.
- The CloudTrust Protocol (CTP) mechanism by which cloud service consumers ask for and receive information about the elements of transparency as applied to cloud service providers.
Cloud computing is a promising and emerging technology for the next generation of IT applications. Reducing data storage and processing cost is a mandatory requirement of any organization, while analysis of data and information is always the most important tasks in all the organizations for decision making. Cloud providers have to safeguard the Privacy and Security of personal and confidential data of organizations and users to provide and support trustworthy cloud computing services. Though cloud computing make use of many techniques and elements in providing security, privacy and building trust in their users but still there are many gaps to be filled which can only be done by making these techniques more effective.