Authors: Devanshi Bhatt, Ishika Desai, Kunal Parekh
Certificate: View Certificate
With the aid of a significant quantity of virtual storage, cloud computing delivers on-demand services through the Internet. The key advantages of cloud computing are that the customer does not need to build up costly computer equipment and that the cost of its services is lower. Cloud computing has been integrating with the industry and many other fields in recent years, which has encouraged researchers to do research on new related technologies. Individual users and enterprises migrate their applications, data, and services to the cloud storage server due to the availability of its services and scalability for computing activities. Regardless of its benefits, the shift from local to remote computing has created a slew of security risks and hurdles for both consumers and providers. Many cloud services are delivered by a trusted third party, posing additional security risks. The cloud provider offers its services through the Internet and employs several online technologies, which raise new security concerns. This article explored the fundamentals of cloud computing, as well as security concerns, threats, and solutions. Furthermore, the article discusses various essential cloud themes, such as the cloud architectural framework, service and deployment model, cloud technologies, cloud security ideas, threats, and assaults. The report also highlights a number of outstanding research challenges concerning cloud security.
A computer in the past would use as much electricity as one now and take up the same amount of space as a room. It would also include extravagant electrical components like network devices and processors that produced less computing output. These days, small hard drives replace such appropriate spaces, and expensive electrical components are replaced by cheap network gadgets. The development of a sizable distributed system that pools a lot of resources into one unit and can manage computationally demanding tasks like scientific simulations is possible as a result of the increase in processing power and infrastructure nodes.
Two well-known distributed system components are clusters and grids. Grids and clusters are two different approaches. While grids are made for large dispersed and heterogeneous networks, the cluster paradigm allows for the coupling of homogeneous networks. The cluster strategy is more expensive because to the high cost of central processing units, such as parallel supercomputers. Using middleware, such as MPICH, which is a less expensive solution, standalone resources, such as desktop PCs are connected. The grid, which is produced over the Internet, is the architecture that desktop and home users use the most frequently to create servant computational nodes. One illustration of such a grid is the Large Hadron Collider (LHC) computing grid at CERN. The primary drawback of grid computing is that it makes management more challenging.
We don't consider how electricity is generated or how it enters the channel when we connect an electric gadget to a channel. The virtualization of electricity makes this occurrence possible. Although this electricity can be accessed through a wall socket, it actually hides a power plant and a widely spread infrastructure. This concept forms the basis for researchers' studies when information technology is expanded; these studies involve giving users who are uninformed of how their internals work important data and services. It is believed that the computing environment is entirely virtualized.
High levels of security and privacy for related data and services are attained through the negotiation of a Service Level Agreement (SLA) between cloud service providers and cloud customers. There is no common method for developing a SLA, though. A SLA report for the provided services is described in the study (Kandukuri et al., 2009), which is advantageous to both users and suppliers. These SLA reports, however, might not properly take into account client losses. In order to guarantee that the data of its users is completely protected, several cloud service providers, such as Google, Amazon (2015), and SalesForce, withhold extensive SLAs and omit a number of other service-related variables. The best illustration is Amazon Elastic Cloud Computing (EC2) (Amazon, 2015), which offers its users the virtual hardware abstraction.
II. CLOUD AND SECURITY
Cloud computing is defined by the National Institute of Standards and Technology (NIST) as a model that enables convenient, on-demand network access to a shared pool of reconfigurable computing resources (such as networks, servers, storage, applications, and services) that can be quickly provisioned and released with little management work or service provider interaction. Three cloud service models, four cloud deployment models, and five key features are used by NIST to define cloud computing.
The aforementioned graphic shows that there are three service models, four deployment methods, and five characteristics of cloud computing. Technologies including virtualization, grid computing, distributed computing, web 2.0 technologies, service-oriented architecture, and utility computing have given rise to the cloud.
A. Characteristics of Clouds
The following are the top five properties of clouds:
These five essential characteristics differentiate cloud computing from traditional computing approaches. Apart from the above five characteristics, virtualization and multi-tenancy also form important part of cloud characteristics.
???????B. Cloud Service Models
The three service models—SaaS, PaaS, and IaaS—identified by the NIST cloud computing definition offer customers a variety of service management operations and expose various access points into cloud systems, which in turn gives adversaries a variety of attacking surfaces. Therefore, it is crucial to think about the impact. of cloud service models and the various problems with security implementation and design that they provide.
For instance, SaaS enables consumers to access cloud services over a network connection, typically the Internet and a Web browser. In terms of SaaS cloud system security, Web browser security has received a lot of attention. Since virtual machines (VMs) run on hypervisors on hosts and are given to cloud users of IaaS, hypervisor security for achieving VM isolation has been intensively researched by IaaS cloud providers that use virtualization technologies.
They are able to pool memory, 1/0 devices, storage, and processing power into a virtual pool of resources using cloud computing technology to offer services to end users and SaaS and PaaS providers. IaaS application is, of course, less developed than SaaS because numerous critical technologies still require research and development.
III. THE DIFFICULTIES OF CLOUD COMPUTING IN SECURITY
Cloud is now a buzzword in the information technology sector, encompassing cloud computing, cloud software, cloud storage, cloud operating software, and cloud security. Through service submission, cloud computing offers a virtual infrastructure and services to outside users. The concept of IT infrastructure as a service, which allows computing services like water, electricity, and other public utilities, to access resources on-demand and pay for use, is reflected in cloud computing. It was therefore viewed as the third revolution in the information business and will serve as the foundation of the information society of the future.
The IT industry's development trend is cloud computing. However, allowing the user to go to the "cloud" also comes with a sizable number of issues. One of the most significant factors impeding the long-term development of cloud is security concerns. Some people think that since data and applications are stored in the "cloud" in the age of cloud computing and both public and private cloud providers provide technical support, centralised control management is advantageous for information security; In general, internal private clouds are more secure, economical, and effective than independent business divisions operating and maintaining systems. Cloud service providers with competent equipment and security professionals can offer full security protection and better and more affordably secure information security through the implementation of centralised cloud computing. The centralised management of cloud computing centres will become the main targets of hacker attacks, and with the system's size and previously unheard-of levels of openness, sharing, and complexity, its security issues are worse than ever.
As widely acknowledged, the era of cloud computing offers cost advantages and, to some extent, certain security benefits. However, it's imperative not to overlook the emerging security challenges that accompany cloud technology. These challenges pose significant obstacles to enterprise security. Reports indicate that cloud computing service providers have faced a multitude of security threats from various sources, each with varying degrees of severity. For instance, in both October 2007 and February 2008, Amazon's EC2 experienced extensive service disruptions. Amazon's cloud computing service, at one point, suffered an outage due to a lightning strike. Additionally, in March 2009, Google encountered a security breach that resulted in the disclosure of customer private information. In July 2009, Amazon's cloud computing services, including EC2, experienced a security failure, rendering their website inaccessible.
The analysis presented above relies more on public clouds than private ones. Private clouds mostly inherited the benefits of cloud computing in terms of security. Along with the usual security concerns, the private cloud also has internal oversight challenges. Private clouds have more expensive deployment costs despite having tighter security, but major businesses may afford to make the investment. For the vast majority of small and medium-sized businesses as well as individual users, the public cloud is still quite advantageous. In order to increase the security of the public cloud, research into associated security technology solutions should be accelerated. This will give the public cloud a wider market.
The Cloud computing is a growing trend in the IT sector since it is anticipated to dramatically lower the cost of existing technologies. The cloud computing industry has both positive and negative effects on information security. Whether we can maximise its advantages while minimising its drawbacks will determine the final outcome. Only in this manner will the cloud be able to truly reduce costs while enhancing productivity, efficiency, and security.
 https://ieeexplore.ieee.org/abstract/document/5283911  https://www.sciencedirect.com/science/article/abs/pii/S136341270900 0028  https://www.sciencedirect.com/science/article/abs/pii/S108480451630 2983  PG Shah, X Huang, D Sharma, “Algorithm Based on One\'s Complement for Fast Scalar Multiplication in ECC for Wireless Sensor Network” , Advanced Information Networking and Applications Workshops (WAINA), 2010 IEEE 24th International Conference.  PG Shah, X Huang, D Sharma, “Analytical study of implementation issues of Elliptical Curve Cryptography for Wireless Sensor networks”, Advanced Information Networking and Applications Workshops (WAINA), 2010 IEEE 24th International Conference.  X Huang, PG Shah, D Sharma,\"Multi-agent system protecting from attacking with elliptic curve cryptography\", Advances in Intelligent Decision Technologies - Smart Innovation, Systems and Technologies Volume 4, 2010, pp 123-131  Kandukuri, B.R. Paturi, V.R. ; Rakshit, A. , “Cloud Security Issues” , Services Computing, SCC \'09. IEEE International Conference, 2009  Kaufman, L.M., “Can Public-Cloud Security Meet Its Unique Challenges?” 2010  Sheikh Mahbub Habib, Sebastian Ries and Max Mühlhäuser, “Towards a Trust Management System for Cloud Computing” 2nd IEEE International Symposium on Trust and Security in Cloud Computing
Copyright © 2023 Devanshi Bhatt, Ishika Desai, Kunal Parekh. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.