Authors: Saloni Mahesh Kargutkar, Shraddha Manoj Borkar
Certificate: View Certificate
Access control and data security are now two of the biggest issues with cloud computing. Users can access data from the cloud server through a process known as access control. There are numerous issues that arise while accessing data, including data security, lengthy access times, data loss, overhead, redundant data, etc. An overview of cloud computing basics is given in the first section of this paper. Additionally, this document also covers all cloud computing-related topics. Finally, future development directions for the cloud computing environment have been determined.
Using parallel computing, virtualization, utility computing, and service-oriented architecture, cloud computing is a novel technology. When used to supply a service, the term "cloud" can refer to a combination of networks, hardware, storage, and interfaces. Users can now access cloud services from a variety of information technology (IT) organisations, including Google, Yahoo, Amazon, and others .
Users of cloud computing don't have to worry about any hardware, software, or other devices. Users in this case are unaware of the true location of their data on cloud servers. Users of cloud computing can share data using an infrastructure that is made available to them. Users, Cloud Service Providers (CSPs), and Data Owners (DOs) are the three stakeholders involved in cloud computing. Every user's profile is saved by the CSP, which also manages all tasks . The CSP enables DOs to store their information or files on a cloud server, and users can retrieve these files as needed via the cloud server. There are only a few conditions for using cloud services:
The internet is the sole foundation for cloud services. We are aware that there are a lot of malicious individuals or hackers online. Therefore, security vulnerabilities with cloud services were common . The most important privacy and security concern is access control. Traditional access control approaches cannot be used in a cloud setting due to their static nature. The development of any access control model must take into account a number of key aspects of cloud services, including a sizable number of dynamic users, a sizable quantity of resource, etc. For cloud computing, numerous access control strategies have already been put out [4–12]. The following are this paper's main contributions:
a. The principles of cloud computing are discussed in the first section of this essay.
b. Each concern or issue related to cloud computing is covered in detail in this document.
c. The cloud computing environment has also been given many future work directions.
The remainder of the essay is divided into sections. The principles of cloud computing are presented in Section 2. All of the cloud computing's concerns have been thoroughly covered in section 3. The future work directions are highlighted in Section 4. In section 5, the paper's conclusions are presented.
II. FUNDAMENTALS OF CLOUD COMPUTING
A. Definitions of Cloud Computing
In cloud computing, customers are provided with an infrastructure to utilise as a working space. There are numerous ways to define cloud computing. Following is a list of some of them: • "Cloud computing is a novel kind of IT outsourcing that doesn't yet adhere to enterprise IT standards and isn't backed by the majority of the major corporate vendors." Staten J, among others . • "A Cloud is a type of parallel and distributed system made up of an assortment of connected, virtualized computers that are dynamically provisioned and presented as one or more unified computing resources based on service-level agreements established through negotiation between the service provider and consumers." - Buyya R et al.
B. Cloud computing history
There were huge mainframe computers in the 1950s. Users could not afford to purchase such a computer for personal use due to its high cost. They had established a technique known as "time sharing" as a result. A single computer could be used by several people thanks to "time sharing". J.C.R. Licklider attempted to connect all of the computers, which were dispersed throughout the world, in 1969 . John McCarthy, a scientist, received input on the "cloud" notion from other specialists before he first proposed the idea of providing compute as a public service. When IBM introduced the VM operating system in the 1970s, IT businesses began to utilise virtual machines in practise. Multiple computers operate in the same processing environment in this infrastructure. Virtualization is the term for this kind of connection. In the middle of the 1980s, IBM introduced a user-friendly computer. Microsoft also donated its operating system at that time. The internet began to provide enough bandwidth in 1990, and businesses connected their employees' computers to one another. Salesforce.com was the primary cloud computing milestone in 1999 . Delivering apps was its main objective. The following step of development was carried out by Amazon Web Services in 2002. Through Amazon Mechanical Turk, Amazon offered services such as compute, storage, and applications. Elastic Compute Cloud (EC2) by Amazon was made available for business use in 2006 . Companies and individual users can host their own apps in the cloud thanks to EC2. When Google and IBM collaborated, cloud computing significantly increased in popularity in 2007. Web 2.0 debuts on the market in 2009. Google and other businesses began to provide browser-based applications through "Google Apps." Many IT organisations today are aware of the advantages of the cloud computing environment. Cloud computing provides users with a new working environment and expands storage capacity in the IT sector.
???????C. Cloud Computing Features
Cloud computing has a variety of features, including:
???????D. Cloud Computing Benefits
Cloud computing has a number of advantages:
???????E. Cloud Computing Drawbacks
Cloud computing's drawbacks There are a number of drawbacks to cloud computing, which are described below:
???????F. Service Delivery Model
Three services, namely Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS), are typically used to supply cloud computing .
Advantages of Saas Providers:
2. Platform as a Service (PaaS): In PaaS, CSPs offer an environment complete with operating systems, databases, environments for running programming languages, and web servers. PaaS provides a cloud setting in which users can develop, execute, and deploy applications. Aneka, Azure, and other suppliers of PaaS are examples. PaaS has the following benefits:
3. Infrastructure as a Service (IaaS): IaaS is currently the most widely used in IT firms. The customer can typically access the cloud provider's infrastructure when using the IaaS approach. This infrastructure may include firewalls, storage, and networks. IaaS offers a variety of resources, including IP addresses, load balancers, virtual local area networks, raw storage, and software packages. IaaS suppliers include Amazon EC2, GoGrid, and others.
IaaS has the following benefits:
???????G. Model of Deployment
Private cloud, public cloud, community cloud, and hybrid cloud are the four basic types of clouds.
III. CLOUD COMPUTING PROBLEMS
The CSP in cloud computing must make sure consumers don't run into issues with security or data loss. The following is a list of some cloud computing issues:
A major issue with all forms of clouds is availability. The purpose of using the cloud environment is to give users access to services from anywhere at any time. The majority of the infrastructure and platforms offered by CSPs today are built on virtual machines. Here, traffic directed to IP addresses can be blocked by virtual computers. The virtual machines are added alongside these security measures to increase system availability in the cloud.
???????B. Security of Information
To maintain user data privacy in a cloud environment is to maintain the confidentiality of the cloud environment. The management of user data, which is housed across many data centres, depends heavily on confidentiality. To safeguard sensitive user data, the CSP must enforce confidentiality at several stages of cloud applications.
???????C. Access Management
Only people who are authorised to access the data on the cloud server can do so thanks to access control. The CSP monitors all access requests made by clients or users of the Public Cloud, Community Cloud, Hybrid Cloud, Organization User Private Cloud, through access control. There are numerous procedures to follow when accessing data or a file, including authentication, authorization, and accountability.
Cloud computing makes sensitive data or files more vulnerable. Because of government surveillance of databases, there may initially be a lot of concerns. Any country, where data were not previously preserved, can store data in a cloud environment. It is permissible for the government of that nation to view the information . Customers may receive no indication that a foreign authority has accessed their data. Second, any IT company employee with permission may give hostile users access to their database. Following that, malevolent people could access data or files on the cloud server.
???????D. Issues Associated
With Data the following list of data-related difficulties is provided:
E. Storage Related Issues
With the use of a cloud computing environment, data can be managed by a CSP or other party and saved on a cloud server. The data is divided into several tiny parts by the CSP. The CSP divides the data and then stores it in several data storage facilities. The data can be recovered from another piece of the data if any portion of the data crashes. There are numerous concerns regarding data storage, some of which are listed below:
???????F. Policy Issues
Policy Concerns Depending on the cloud situation, a cloud environment's privacy varies. Some clouds pose modest privacy dangers, while others pose significant privacy risks. On the basis of the calendar, social networks, people's locations, and preferences, services are occasionally tailored. The cloud server has a lot of policy difficulties.
Following is a list of some of them:
???????G. Security Issues
There was a self-control system for managing data in the conventional model. Because sensitive information may be stored outside the user's own domain, cloud security becomes a delicate topic. The public cloud raises more than just privacy concerns. According to a recent survey , the biggest concern facing the cloud environment is security. In cloud computing, the main problems are related to determining who is in charge of what kind of security. There is no standardised API, which causes this division of security concern. The cloud security alliance claims that account theft, malevolent insiders, unsecured interfaces, and problems with shared technology are the key problems with cloud computing .
???????H. Trust Issues
The concept of trust is challenging with the cloud server. The intention to tolerate vulnerability based on optimistic expectations about another person's intentions or actions is known as trust . One method of building trust online is security. Another element of trust is reputation, which is something that businesses value highly.
Many customers only consider a company's reputation. Persistent trust and dynamic trust are the two basic types of trust used in cloud computing. "Persistent trust" is related to a foundation with a long history. "Dynamic trust" addresses information that is transient or mutable.
???????I. Legal Aspects
Legal frameworks are a vital factor in the safeguarding of users' sensitive or confidential data. Such frameworks exist in every single nation. Sometimes it is uncertain which path a transaction will take to completion. Multiple nations may process a single transaction. Consequently, the judicial system in that nation compromises security.
Users of cloud computing are unaware of the precise location of the data storage. It might be kept anywhere in the world. So, depending on where the data is stored, a separate legislation may apply to the data.
Data and files are saved on the server in several copies. These copies are also controlled by various organisations. The location of data affects privacy legislation. Place restrictions also apply when sensitive data, such as financial or health information, is transferred .
???????J. Attacks on the Cloud Environment
Malicious users carry out a variety of attacks, which are crucial in a cloud setting.
IV. FUTURE WORK DIRECTIONS
The following future opportunities are provided in this section based on the conversations above:
These days, cloud computing is quite well-liked due to its adaptability and affordability. In the first section of this essay, the basics of cloud computing are covered. This paper discusses a number of cloud computing security challenges, including availability, confidentiality, access control, data-related, storage-related, policy-related, security-related, trust-related, legal-related, and attacks on the cloud environment. Future research directions are also discussed in this paper. In the future, a new access control paradigm for effective data access can be created.
 Q. Zhang, L. Cheng, and R. Boutaba, “Cloud computing: state-of-theart and research challenges,” Journal of Internet Services and Applications, vol. 1, no. 1, pp. 7-18, 2010.  S. Namasudra, S. Nath, and A. Majumder, “Profile based access control model in cloud computing environment,” Proc. of the International Conference on Green Computing, Communication and Electrical Engineering, IEEE, Coimbatore, India, pp. 1-5, 2014.  G. Anthes, “Security in the cloud,” Communications of the ACM, vol. 53, no. 11, pp. 16-18, 2010.  B. Balamurugan, P.V. Krishna, N.S. Kumar, and G.V. Rajyalakshmi, “An efficient framework for health system based on hybrid cloud with ABE-outsourced decryption,” in Artificial Intelligence and Evolutionary Algorithms in Engineering Systems, L.P. Suresh, S.S. Dash, and B.K. Panigrahi, Eds., Springer, India, pp. 41-49, 2014.  S. Namasudra and P. Roy, “Secure and efficient data access control in cloud computing environment: a survey,” Multiagent and Grid Systems-An International Journal, vol. 12, no. 2, pp. 69-90, 2016  B. Balamurugan and P.V. Krishna, “Extensive survey on usage of attribute based encryption in cloud,” Journal of Emerging Technologies in Web Intelligence, vol. 6, no. 3, pp. 263-272, 2014.  A. Majumder, S. Namasudra, and S. Nath, “Taxonomy and classification of access control models for cloud environments,” in Continued Rise of the Cloud, Z. Mahmood, Ed., Springer, London, pp. 23-53, 2014.  S. Sarkar, K. Saha, S. Namasudra, and P. Roy, “An efficient and time saving web service based android application,” SSRG International Journal of Computer Science and Engineering (SSRG-IJCSE), vol. 2, no. 8, pp. 18-21, 2015.  S. Namasudra and P. Roy, “A new table based protocol for data accessing in cloud computing,” Journal of Information Science and Engineering, in press.  B. Balamurugan and P.V. Krishna, “Enhanced role-based access control for cloud security,” in Artificial Intelligence and Evolutionary Algorithms in Engineering Systems, L.P. Suresh, S.S. Dash, and B.K. Panigrahi, Eds., Springer, India, pp. 837-852, 2014.  S. Namasudra and P. Roy, “A new secure authentication scheme for cloud computing environment,” Concurrency and Computation: Practice and Exercise, 2016. DOI: 10.1002/cpe.3864  S. Namasudra and P. Roy, “Size based access control model in cloud computing,” Proc. of the International Conference on Electrical, Electronics, Signals, Communication and Optimization, IEEE, Visakhapatnam, India, pp. 1-4, 2015.  J. Staten, “Is cloud computing ready for the enterprise?,” Forrester, 2008.  R. Buyya, C.S. Yeo, and S. Venugopal, “Market-oriented cloud computing: vision, hype, and reality for delivering IT services as computing utilities,” Proc. of the 10th IEEE International Conference on High Performance Computing and Communications, Washington, DC, USA, pp. 5-13, 2008.  B.R. Kandukuri, R.P. V, and A. Rakshit, “Cloud security issues,” Proc. of the International Conference on Services Computing, IEEE, pp. 517-520, 2009.  N.D. Naik and K.J. Modi, “Evolution of IT industry towards cloud computing: a new paradigm,” IJRIT International Journal of Research in Information Technology, vol. 1, no. 5, pp. 236-242, 2013.  J. Harauz, L.M. Kaufman, and B. Potter, “Data security in the world of cloud computing,” IEEE Computer and Reliability Societies, pp. 61-64, 2009.  I. Tsagklis, “Advantages and disadvantages of cloud computing-cloud computing pros and cons,” 2013. Available: http://www.javacodegeeks.com/2013/04/advantages-anddisadvantages-of-cloud-computing-cloud-computing-pros-andcons.html  E. Savolainen, “Cloud service models,” in Seminar-Cloud Computing and Web Services, University of Helsinki, Department of CS, 2012.  M.A. Morsy, J. Grundy, and I. Müller, “An analysis of the cloud computing security problem,” Proc. of APSEC Cloud Workshop, Sydney, Australia, 2010.  Global Netoptex. Demystifying the cloud-Important opportunities, crucial choices, 2009.  Regulation of Investigatory Powers Act 2000, Part II, UK. Available: http://www.legislation.gov.uk/ukpga/2000/23/part/II  I. Rastogi, A. Chandra, V.K. Gupta, and A. Vaish, “Privacy issues and measurement in cloud computing: a review,” International Journal of Advanced Research in Computer Science, vol. 4, no. 2, pp. 81-86, 2013.  P.K. Mckinley, F.A. Samimi, J.K. Shapiro, and C. Tang, “Service clouds: a distributed infrastructure for constructing autonomic communication services,” Proc. of the 2nd International Symposium on Dependable, Autonomic and Secure Computing, IEEE, Indianapolis, IN, pp. 341-348, 2006.  Top threats to cloud computing v1.0. Cloud security alliance, 2010.  D.M. Rousseau, S.B. Sitkin, R.S. Burt, and C. Camerer, “Not so different after all: a cross-discipline view of trust,” Academy of Management Review, vol. 23, no. 3, pp. 393-404, 1998.  L. Mearian, No, your data isn\'t secure in the cloud, 2013. Available: http://www.computerworld.com/article/2483552/cloud-security/no-- your-data-isn-t-secure-in-the-cloud.html  Guidelines governing the protection of privacy and transborder flow of personal data. Organization for Economic Co-operation and Development (OECD), Geneva.  R. Bhadauria, R. Chaki, N. Chaki, and S. Sanyal, “A survey on security issues in cloud computing,” Cornell University Library, Ithaca, NY, USA, 2013.
Copyright © 2022 Saloni Mahesh Kargutkar, Shraddha Manoj Borkar. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.