Security and Privacy Issues in Cloud

Computing

BY : Vishal kumar
Hritik prabhakar

1
INTRODUCTION

As per the definition provided by the National Institute for Standards and
Technology (NIST) (Badger et al., 2011), “Cloud Computing is a model for
enabling convenient, on-demand network access to a shared pool of
configurable computing resources (e.g., networks, servers, storage,
application, and services) that can be rapidly provisioned and released with
minimal management effort or service provider interaction”.

Cloud computing has become popular because of its great features. This
technology includes services like hardware, software and different platforms.
Cloud service providers provide services on the basis of client’s requests and
some cloud services providers are Amazon Web Services (AWS), Microsoft
Azure, Google Cloud Platform (GCP), Oracle Cloud. Instead of using remote
servers or local computers, cloud computing services can be used from a wide
range of resources. It is made up of a number of widely dispersed servers, or
"masters," which deliver requested services and resources to various clients,
or "clients" in a network, with the scalability and dependability of a data center.
The distributed computers provide on-demand services. Services are as
follows :

1. Software as a Service (SaaS)

2. Platform as a Service (PaaS)
3. Infrastructure as a Service (IaaS)
4. Function as a Service (FaaS)

A cloud is a set of software and hardware resources provided to the cloud.

Clients over the Internet on demand, i.e. when there is demand services are
provided to customers at the same time. this came out in a new way of
presenting service offerings. it worked change of business content. The cloud
has vastly improved the old way of looking at technology. It uses the Internet
to serve clients using virtual machines in a virtual environment.

But unfortunately, there are many issues with the security and privacy in the
usage of the cloud services. Security is an important topic in the cloud and its
uses. All systems immediately and organizations move to the cloud. Data
storage and convenience using the cloud will prompt the next generation to

2
switch to the cloud. but only the reason people refrain from using the cloud is
because of security concerns of the cloud faces various security issues.

Problem Statement
There are many security issues and obstacles encountered in cloud storage
systems. The problems that the cloud faces in the security arena are many. A
serious study because the same is necessary so that the problems
encountered can be fixed. In Cloud Computing, various algorithms have been
implemented to secure its storage systems. However, Cloud struggles with a
lack of security due to its wide reach availability. Since the Cloud will be the
most available trend in the future, there is a system security obligation to
ensure confidentiality and protect the satisfaction of their customers.

In current cloud architectures, for better security, data is divided into blocks or
frames using a process called Fragmentation. First, the client generates a key
pair using some parameters. And this key pair will be used to sign and decrypt
the file. Through encryption/decryption and other measurements, the server
can tell which users are real users. Next, the client generates a second key
pair. This key pair is used to generate the file block identifier. Based on
identity, the verifier can determine if the file has been modified. In the
advanced era, the use of multimedia data including audio, video, and image
data. So the data type can be added for any condition fragmentation criteria
otherwise data will be lost. there is no mentioned criterion for dividing data into
blocks, resulting in
data loss and cost increase. In this through the cloud host, the sender can
send the message in encrypted form to receiver. To send it to the
sender/recipient, just knowing the sender's identity is enough.but other
information such as certificates or public keys is optional. To decrypt an
encrypted message, the recipient must have his/her private key in a computer,
a single personal security device connects to computer. When either is
missing, the receiver cannot decrypt the message. But if a "personal security
device" is used, it will increase the cost as well as the burden for client.
Therefore, it is necessary to provide a better alternative to this device.

3
Features of Cloud Computing
Cloud computing brings a drastic and far-reaching change in the IT sector with
its features and services provided. Various advantages of cloud computing are
discussed below:

 Cost efficiency : Cloud computing is the most cost-effective way to use,

manage, and upgrade. It is a great advantage for organizations to reduce
costs by using cloud computing. Organizations can focus more on
expanding their business without worrying about hardware and software
updates. Everything is handled by the host, saving them time and money
businesses.

 Almost unlimited storage : Cloud computing offers unlimited storage.

Depending on the data and usage, users can choose different packages,
available in different models. In cloud computing, everything is online.
Users can store and access files at any time from the browser.

 Flexibility : Cloud computing is attractive to organizations because it

provides a flexible working environment. Users can access stored data
anytime, anywhere in the world. Company employees can access data files
and records at any time outside of the office.

 Scalability : By using cloud computing, businesses can easily scale their

services based on customer needs. Because cloud computing is a pay-to-
use model. Cloud services can be expanded at any time by paying a
worthy rental.

 Backup and Recovery : Easier data recovery and backup in cloud-based

systems. Since all data is stored in the cloud, backing up and restoring the
same data is easier than the task of storing the same data on a physical
device. To manage information retrieval, many cloud service providers
compete with each other. As a result, the entire backup and restore
process becomes much less hassle than with previous archiving methods.

 Automatic integrated software : Cloud users reduce additional efforts to

customize and integrate their applications. Some aspects of cloud
computing take care of these things on their own.

4
 Highly automated : If working in a cloud environment, there is no need to
purchase software updates. Everything is configured and ready to use.

 Easy access to information : Registered users can get the necessary

information anywhere on the Internet. This feature allows users to go
beyond time zone and geographic location issues. Users can easily get the
desired information.

 Deliver new services : Cloud technology allows creating a new layer of

applications and providing new interactive services for nature.

 Group collaboration : Users can access information from different

places. This gives an advantage to companies looking to set up their
offices in a distinct geographical location. Therefore, collaborating in a
workgroup is easy.

 Quick deployment : In cloud computing, the total time required for

deployment depends on the type of technology required for a business.
When the operation type is selected, the whole system can be fully
operational in a short time.

 Reliability : In desktop computers, all data can be lost due to hardware or

disk failure. This can destroy valuable information. But in the cloud, all the
data files are located on the cloud server. Therefore, computer failure will
not affect the stored files.

Challenges of Cloud Computing

Companionship is part of the special challenges associated with
distributed computing, however some of them can cause problems in transit
similarly, more cloud governance could offer an opportunity, if decided
with the attention and insight needed in the organizational stages.

5
Security and privacy - perhaps two of the most thorny issues in distributed
computing related to privacy and information security, as well as the vetting of
cloud usage by providers. cloud. These problems are ultimately attributed to
cloud service delivery management. These problems can be solved by
securing the information inside the association, while allowing it to be used as
part of the cloud. For this to happen, the security systems between the
association and the cloud must be efficient, and a hybrid cloud can fund such
a shipment.

Lack of Standards - Cloud has a registered interface; in any case, there is no

standard regarding these and therefore it is not conceivable that most types of
fog can interact with each other. The Open Grid Forum is adding an Open
Cloud Computing Interface to address this, and the Open Cloud Consortium
manages distributed computing standards and practices. Disclosure on these
social issues is expected to increase, but it is unclear whether they will meet
the needs of those communicating the regulatory bodies and the specific
interfaces these regulators have. request or not. On the other hand, updating
indicators to the latest as they are created will allow them to be used as
appropriate.

Continuously Evolving - Customer needs continue to evolve, as do capacity,

system administration, and interface requirements. This suggests that a
"cloud", especially an open cloud, is not static and continuously evolves in the
same way.

Support - The most commonly perceived objection to cloud governance is the

lack of rigidity and governance that occurs when organizations embark on any
level of cloud migration. Organizations should first consider their broader
approach to managing cloud operations and consider whether they will run it
in-house, 24/7, or have someone else run it. Organizations with a prepared
employee base can do this from within, but some can't, so there's no way to
overemphasize the insight and support layer. When choosing a cloud provider,
it's important to understand that delivered governance provides the flexibility to
allow customers to focus on their mid-tier business without encroaching on
other platforms. normal operation. A simple cloud facility with no additional
support would infer that the responsibility lies with the customer if they
experience any problems and any technical outages could affect your
business.

6
Reliability - When it comes to reliability, it all depends on choosing a supplier
it's honest and legal. Understanding the Service Level Agreement (SLA) is
important as some vendors guarantee 100% frame uptime evaluate and
reimburse the customer for any downtime. The main thing is the customer
strive to gain benefits before they give. This course, if anyone is interested
fragments in the operation of cloud or server administration are lost, you can
rest assured that the right support is in place to manage and compensate for
any problems.

Performance: - When considering your site's promotion, it's normal for

different organizations to focus on what they need now, rather than what they
need later. Under different circumstances, in the long run, enforcement will be
higher in the cloud due to more containment points and more flexibility. In
various cases (most famously running a database server), the execution may
not take place correctly on a regular server. It is reasonable for customers to
rate them. Cloud app to focus on when you are likely to reach the desired
peak and consider different encouraging responses based on your essential
needs. In cases where execution is the primary issue of choice, a "half-breed"
cloud may be the preferred course of action, allowing customers to participate
in the best of both worlds: adaptability and cost-effectiveness of distributed
computing and running dedicated servers. The 50/50 cloud arrangement
suggests that institutions can quickly introduce or "adjust" the limit for the
relevant time periods and reduce it as interest rates dwindle, keep IT costs at
a basic level by paying for the services they use. This eliminates the need to
perform large and dangerously systematic sporadic speculations without
expecting compromises in performance.

Flexibility - Flexibility can be a tough barrier to success, with some clients

worrying about losing control as they escape the risk of being "rushed" by a
single deal. Several types of clouds offer different levels of customization and
adaptability. Clouds that run the standard innovation stack and are interested
in cloud institutionalization are the most logical decision to capture application
flexibility. Adoption of open clouds has given rise to a huge energy boost, and
the future will most likely include the nexus of openness to openness and
openness to streamlined/facilitated private clouds. There are selection clusters
to suit the scope of requirements; This is just one example of being curious
and talking to suppliers about what they can offer.

7
2.Different Cloud Models:
Cloud Deployment Models
Customer needs are constantly evolving, and so are their requirements.
Capacity, Systems Management, and Interfaces. This is a "cloud", mainly
It's open, it's not static, it's constantly evolving. Figure shows them all.
Deployment model described below:

 Private cloud

The cloud framework is deployed for an elite by a single organization that

includes various consumers (such as business units). Can be asserted,
managed, and edited by an organization, an outsider, or a combination
thereof, and can be internal or external. A private cloud is a specific round-
robin processing model that involves a specific, secure cloud-based
environment in which a predefined customer can operate. Fundamentally like
other cloud models, private clouds give organizations access to virtualized
environments that use a central pool of physical system resources. Private
clouds, on the other hand, only allow access to the cloud through a single
affiliation, and that affiliation provides greater control and security. The specific
tools used by organizations that can be classified as private cloud
organizations can be extensive, making it difficult to represent what constitutes
a private cloud from a particular edge. Such organizations may be grouped on
a regular basis according to the areas they serve their customers. Properties
representing private clouds will integrate sole use shields for the cloud through
partnerships and stronger structural security measures. Rather, it can be

8
pictured as an open her cloud where various customers end up in a virtualized
organization, with all customers benefiting from the same server her pool
across the open structure. Private cloud organizations utilize specific pools of
physical PCs, which can be empowered internally or remotely and traversed
through engineering across private leased lines or mixed relationships to
ensure an open structure . The extra security provided by our dedicated cloud
model is great for everyone. Affiliation, including requirements for storing and
processing or performing personal information Tricky errands. For example,
private cloud organizations may be used by financial firms that are legally
obligated to store sensitive information, where premium resource tasks still
benefit greatly from distributed processing within their business infrastructure.
must enjoy.

 Community cloud

Cloud frameworks are offered for premium use by specific groups of people
common interests (strategy, fundamentals, technique and consistency).
Anyone can bill, monitor and use or more entities within the group, other
outsiders, or a mixture thereof It can be local or external.
A group cloud is a multi-tenant system shared by several clubs at a particular
social event and has standard registration concerns. Such concerns may
relate to related consistency, such as research requirements, or may relate to
execution needs, such as sponsoring proposals that require quick response
times on the spot. The goal of the Community Cloud is for associations to see
the benefits.
B. Open cloud, multi-tenancy, pay-as-you-go pricing
- but with the included level of protection, security and strategy coherence.
Most are connected to private clouds. The group cloud can be any local. or off-
premises and may be regulated by the establishment of an interest group
Outcast Managed Service Provider (MSP).

 Hybrid cloud :

It is a disbursed computing surroundings wherein an affiliation manages and

offers more than one advantages in-residence and has others given remotely.
Hybrid cloud is a disbursed computing surroundings that makes use of a
mixture of on-premises, personal cloud, and open cloud administrations with a
route of movement among the 2 phases.By giving provision of shifting the
workloads among open and personal clouds as consistent with the price and
desires changes, it gives an company with diverse sizeable adaptability

9
and statistics sending options. For example, an enterprise can ship an on-
premises personal cloud to have touchy or essential workloads, but use a 3rd
party open cloud supplier, for instance, Google Compute Engine, to have
less-discriminating resources, for instance, take a look at and modified
workloads. To keep clients confronting genuine and help statistics, a hybrid
cloud may want to in like way use Amazon Simple Storage Service (Amazon
S3). An object layer, for instance, Eucalyptus,can empower personal cloud
institutions with open clouds, Amazon Web Services (AWS).

Issues and Threats in Cloud Storage System

Cloud computing implies a loss of control.

Overall Security Concerns

 Gracefully lose control while maintaining accountability even if operational

responsibility falls upon 3rdparties.
 Provider, user security duties differ greatly between cloud models.

Governance

 Identify, implement a process, controls to maintain effective governance,

risk mgt, Compliance.

 Provider security governance should be assessed for sufficiency, maturity,

consistency with user ITSEC process.

10