Cloud Computing Security Issues

Introduction

Recently, cloud computing has being considered as the major transformational paradigm in IT environment. It provides the opportunity to both “use the computing and storage resources on a metered basis” as well as “reduce investments in computing infrastructure” (Krutz & Vines, 2010, p. 3). As the next evolutionary stage of web development and iterative concepts of parallel systems engineering, cloud computing is in high demand among both individual users and large organizations due to the lower costs of implementation, expanded opportunities for information retrieval, and high level of usability of the services. Moreover, it provides a number of effective solutions to organizations facing problems with meeting customer requirements and project objectives through introduction of collaborative project management techniques. It further helps to decrease project risks and allow more informed progress tracking through the distant ways of information retrieval when it comes to the case of remote workers.

The primary process of IT industry, development of software applications, has long ago converted from individual contribution by writing pieces of code into a group project approach, where total contribution is expected to raise industry’s profit. Given the growing volumes along with increased resources allocation, such project approach requires a high-level management involvement and assessment of alternatives before the project initiation phase. The objective of this recommendation paper is to advice on how the effective requirements gathering technique as an important part of the project management approach helps to succeed in the overall project scope through the employment of cloud computing tools and architecture. The security challenges will be also covered as the risk associated with cloud computing infrastructure.

Background

Cloud computing has first appeared as a term almost 50 years ago and further was established as a new technological concept of sharing the data remotely. By that time, John McCarthy started working on artificial intelligence concept and made a note on time-sharing of computers, or organization of several computers into a public utility that would act similarly to the telephone service (Rajaraman, 2014). The time sharing of a single workstation has been introduced by Massachusetts Institute of Technology a couple of years later in 1961, provoking interest to the concept of computers as utility stations (Rajaraman, 2014). There was no further significant advancement in this area until 1995, when Amazon has introduced book selling through the World Wide Web (Rajaraman, 2014).

This was a first successful idea of using infrastructure as a service, which later transformed into one of the cloud computing paradigms. Amazon’s success inspired other market players to realize themselves through remote customer care scenarios, publishing researches and introducing other web-based services like Salesforce in 1999 and Google Mail in 2004 (Rajaraman, 2014). Google has further become one of the frontliners in cloud-based services, introducing cloud storages up to 2 gigabytes available through Google Apps in 2006, followed by the remarkable advancement for cloud-based application development Microsoft Azura in 2010 and Smart Cloud by IBM in 2011 (Rajaraman, 2014). Later on, the term ‘cloud computing’ was used in various conferences and presentations, while the largest industry shift was created by Eric Schmidt and colleagues. Hence, it is further required to consider a complex nature of the term appearance and the relevance of cloud applications in the modern world of technology.

Current researches of the cloud computing are majorly focused around the advanced architecture and security issues associated with the concept. AlZain et al. (2013) analyzed the architecture of cloud computing by decomposing it into layers, classified into characteristics, delivery models and deployment models. Cloud computing characteristics describe the advantage of the technology and are explicitly researched by Wu et al. (2011), focusing on the advancements that ease the management process, simplify planning, predict disasters and minimize costs. The delivery models, which are also described as a “X-as-a-service” are the models which allow various levels of collaboration with end users. These structures are differentiated through the scope of services they are intended to cover as applications. For instance, Amazon web service is an example of infrastructure-as-a-service, Google Apps platform is a platform-as-a-service and the majority of webmail clients are the software-as-a-service. The deployment models are divided into the public, private, community and hybrid clouds and represent the way the clouds are accessed through the designated purposes by selected users.

Alternatives

It could be considered that cloud computing is the information technology which changed industry structure. While there is a multitude of industries which could be taken into account, the focus is made on the multinational environment which utilizes cloud computing for remote data storage. Cloud computing could be defined as Internet-based computing designed to provide shared services and processing resources to computing devices on-demand. As a result, users and enterprises are allowed to store and process organizational data remotely, utilizing third party server capabilities. The case of shared drives could be considered as dedicated physical spaces used by organizational departments for storing and archiving electronic data. Having limited physical capacities, it was required to regularly clean such drives, as well as to have a hard time with managing sensitive data stored on these drives. Moreover, such shared drives typically had limitation with accessibility from personal computers which have not had an established access to these resources, causing troubles for users attempting to access critical data from, for instance, smartphone or home-based personal computer.

Cloud computing resolved this problem by transiting shared drives to Internet-based resources, equally efficiently accessed from any device which has Internet connection. By creating various types of user rights, it has also maintained security requirements and hierarchical management of access to files per user groups. Other developments, like Sharepoints, were also acknowledged for using shared accessibility among teams engaged in a common project execution, decreasing dependence over locally stored files and allowing to create several versions of a single document to avoid simultaneous editing and thus avoiding double-work.

Installing new information technology is usually a benefit for organization, while it could have adverse effect on workers who could perceive changes in their jobs. Managers, therefore, should invest into development of workers who will be dealing with newly installed technology by explaining benefits and engaging them into practical training. However, eventually these efforts are complex and unrealistic if the organization fails to adhere to market needs and follow customer centricity models.

For instance, if new production system has been introduced, all workers involved into production process should go through a functional training or skill development initiative. This could be achieved by inviting consultants who would explain practical part of how system works, or engaging more skillful workers as peers, who could help colleagues in understanding technical features of the new system. Workers should also understand that installing new system does not usually equate to full automation, since there is still need in production maintenance and continuous system optimization, which might mean that some roles could be transformed into more advanced ones. Managers, though, should communicate the purpose of new technology installation openly, engaging workers into learning about new technologies and supporting them with additional information and advice when they are in need of professional support.

Proposed Solutions

This section is dedicated to the place of cloud computing concept in project management, referring mainly to the technical projects, as well as some known practices of employment. Potentially, it is worth considering projects initiated by Ilon Mask or specialists from the Silicon Valley as the driving factors in successfully resolving cloud computing issues and managing employment concerns. However, it is also important to acknowledge the importance of cost-effective solutions that will be at the same time sufficient to operate within large project scales. We will further review several main benefits that cloud computing could bring to the projects execution through the functionality described in previous section.

The first benefit is known as virtualization. By its nature, virtualization in information technologies refers to establishing a virtual version of certain hardware or software component, allowing executing programs and commands in the same way that they are expected to run in the similarly real conditions. Technically, this is the use of encapsulating layer that underlies an operating system, by this receiving a similar output as it would be expected from physical hardware (Pearce et al., 2013). Virtualization is important in technical projects due to the opportunity to simulate or test various application or approaches in different environments without investing significant costs into the implementation of various hardware components and program modules, simply simulating projects through different applications. It allows seeing how the program will behave under various operating systems and adjacent programs. In project output, this is definitely a benefit for the customer satisfaction since it shows the variety of user choices on the one hand and the product optimization as an important phase of project development on the other.

The second benefit is associated with more effective disaster recovery plans that allow better project flow and execution due to the opportunity to create unique folders in the cloud, thus limiting unauthorized access through implementation of security protocols as well as the stronger safety of the data storage which is not that evident in case of local data storage on personal devices. For example, the project that involves several parties located across the globe will benefit from having a secure cloud space that contains documentation, glossaries, wikis and comparative data analysis in the certain place that could be accessed anytime and anywhere from any device considering there is an authorization procedure in place (Gendron, 2014; Rajaraman, 2014). Users can simply modify various documents online, proceeding with the modification notes and several versions of the document available for review and backlogging in case of urgent need. Thus, the project will go smoother and the level of collaboration and mutual understanding will increase.

Costs and computing power is the third benefit that has been partially reviewed in virtualization part. Given that cloud usage in project management assumes unified data storage and imitation of performance under various system configurations, an organization might significantly reduce investments in purchasing of technology and equipment that will be used only once without further guaranteed utilization. However, partnership agreements and licensing issues might be complex to resolve in certain organizational cases.

Recommendations

This section is focused on the recommendation for the company to approach the cloud computing at one of the project execution steps which is a requirements gathering procedure. Project management practices indicate that requirements gathering in IT projects best defined as a process of data collection that precedes the actual development lifecycle in order to outline the expected project outcome through careful consideration of factors that influence the execution part. A requirement gathering is a process governed by quality assurance specialists that are subject matter experts keen on both business specification and technical side of the project. Specifically, the recommendation for the company is to introduce the quality assurance team as the part of the next project in order to analyze the project in terms of benefits that the cloud computing could bring. The role of quality assurance team in requirements gathering would be to serve as the expert function in fact-based decision making through advisory in cloud-based solutions, where the specialists are keen on the processes, costs and expected outcomes of actions that the development team is expected to do through the development lifecycle.

Conclusion

This recommendation paper reviewed the potential process of cloud-based decisions implementation if technical and software project management cases. It reviewed the background of the concept, targeting to suggest the logic behind using the cloud computing for complex business solutions and related security watch-outs. It has further outlined the architecture of the concept, specifying potential benefits that cloud computing could bring to the business. Based on that, the recommendation to the step in project management known as requirements gathering has been suggested, allowing more flexibility for organization in driving forward aforementioned projects. It is hypothesized that this recommendation will have a further positive contribution to the overall success of projects intended to be completed in upcoming year.

References

AlZain, M., Soh, B., & Pardede, E. (2013). A survey on data security issues in cloud computing: From single to multi-clouds. Journal of Software, 8(5), 1068-1078. Web.

Gendron, M. (2014). Business intelligence and the cloud: Strategic implementation guide. Wiley.

Krutz, R., & Vines, R. (2010). Cloud security: A comprehensive guide to secure cloud computing. Wiley.

Pearce, M., Zeadally, S., & Hunt, R. (2013). Virtualization: Issues, security threats, and solutions. ACM Computing Surveys, 45(2), 1-39. Web.

Rajaraman, V. (2014). Cloud Computing. Resonance, 19(3), 242-258. Web.

Wu, J., Shen, Q., Wang, T., Zhu, J., & Zhang, J. (2011). Recent advances in cloud security. Journal of Computers, 6(10), 2156-2163. Web.