Introduction
The area of networking has been very interesting for me given the fact that there are very new technologies that are in the world today. Of great concern to me is the cloud computing. This is where the data of an organization is stored somewhere; very far from the company. I am interested to see how the ownership of data will be tackled. In this era of information age there still a lot to be desired (Huang, Shin, & Ya, 2009). What is more, with the recent rise in attacks in computer systems and the increase in Web 2.0 applications, there are many things that must be solved and aligned in order to say that the cloud is secure.
I am interested with this topic because of the fact that there are many computer systems which are intertwining and the integrity of the data should be kept intact. For this to be a reality there should be theories and policies that must be followed. Cloud computing is very interesting because it has new technologies that come with. Truly, there are many that still go in the security of information systems.
Companies With the fast moving technological world, companies are leveraging the use of information technology to have a competitive edge over the others. Organizations have shifted to the use of technology platforms to compete and not the availability of new markets anymore. Clients are looking for companies which use state-of-the-art technologies. Worldwide experience has shown that the use of advanced technologies is the main source of competitive advantage for many growing manufacturing and service industries.
Cloud computing is one of the latest technologies that is the buzzword in the technology sector today (Krawetz, 2006). Many companies are bracing themselves for the use of this technology to leverage their operations and come up with cheaper storage solutions for their businesses. Companies have gone a notch higher to set up their own clouds and thus the coming up of private clouds in companies. The following sections will look into the structure of private cloud as compared with other cloud computing systems like the public cloud and hybrid cloud. It will also look into how companies are using this technology to leverage their businesses for more profitability.
Cloud computing is a buzz in the information technology industry. There has been effort by companies and individuals to store data in the cloud but the big questions is whether there is enough mechanisms to assure their safety while they are stored in the cloud. The point of contentions here is that there are few companies which provide cloud computing services and they are the same companies who have to make sure that the security of what they store in their clouds is assured for their clients. Many argue that there should be third party companies who should be concerned with security of information that are stored in the cloud.
Cloud computing providers are totally responsible for what is taking place in their clouds including the security of the data. Clients have had to communicate with these providers very often to make sure that all is well with their data in the cloud.
As cloud computing gains popularity, there are many questions that linger in the minds of the players which include how the information will still be considered private with the intrusion of the third-party companies in the same. What are the measures that companies using cloud computing are taking to ensure that their data is secure in the cloud? What is the future of cloud computing? Will the credentials of the data be entrusted on total strangers who are miles away?
For one to understand the security of a data in the cloud, knowledge of cloud computing characteristics is of paramount significance. This technology involves sending services which have been hosted through the Internet. These technologies have made cloud computing a success. The main aim of cloud computing is to change the paradigm to another shift so that computing could get a new meaning; information technology moved from desktop applications to getting services which are hosted in the cloud (Gritzalis, 2009). There is a difference between cloud computing and cloud services where the latter involves a case where services are delivered over the Internet real-time.
Cloud computing is a technology where data and different applications are stored on storage networks and servers which are located in a remote place and accessed by the users via the Internet. The applications are installed on remote servers (Stone, & Jose, 2007). In the normal way of applications use, consumers purchase licenses for application software from their software provider and install them on their on-site servers. In cloud computing case, it is On Demand basis where consumers pay a subscription fee for the service.
The other very vital practice to be considered is that of security. It has been discovered that many chief information officers and IT executives give security as their number one area of concern when it comes to implementation of cloud computing. This is especially true because with cloud computing, data is moved from an on-site premise to a cloud. When considering implementing cloud computing, one should look keenly and determine which standards will be implemented for securing data in transit. It is worth noting that enterprises move more enterprises to the cloud, which in turn increases the volume of sensitive data flowing between the two points. The cloud computing providers should be able to assure the consumers that the transit of this sensitive data is secure and free from interception.
Best practices for cloud security
Cloud computing has some attributes which must be assessed so that all matters of security and privacy is well tackled. The areas of data integrity, privacy of data, recovery of data, and evaluation of legal issues needs to be critically analyzed for risk to be minimized. It is therefore imperative that customers must demand proper explanation of security policies and should know the measures that these providers are taking in place in order to assure their clients that they will not be exposed to security vulnerabilities in their course of their use of these services. They should also be able to identify vulnerabilities which were not anticipated at first.
The first issue to be considered when deploying cloud computing is the privileges given to users in order to access their data. Data which are stored outside the premises of an enterprise brings with the issue of security. How safe is the data? Who else assesses the data? Data which have been outsourced bypass the controls of the personnel of the enterprise. The client should get as much information as possible about how the data is stored and how the integrity of this data is catered for.
The second issue to be considered is the regulatory compliance. (Callow, 2008). In the case of traditional service providers, they are subjected to external audits by auditors who will normally check on the security policy of that enterprise (Callow, 2008). The cloud computing providers should accept to undergo these external audits and this should be agreed upon in written form.
The other security policy to be considered is about the location of the cloud. In most cases, consumers do not know where the cloud is located and even don’t know which country it is. What they care is that their data is being stored somewhere. The providers should indicate, in written form, their jurisdiction and should accept to obey local security policies on behalf of the consumers.
Another issue is that consumers should be aware of the security breaches present with providers. Providers have always claimed that security is at its tightest in the cloud but this fact alone is not enough to assume security issues. It is good know that all security systems that have been breached were once infallible and so with newer technologies, they can be broken into. An example is Google which was attacked in 2007.
Their Gmail services was attacked and had to make apologies. With this in mind, it is a good lesson to learn that even though systems might be tight in the cloud, it is not a full assurance that they will never be hacked. While providers of cloud computing face security threats, research has shown that cloud computing has become very attractive for cyber crooks. As the data become richer in the cloud, so should security become tighter.
Case study 2: Tiered architecture data security
The rise of online transactions has led to the use of databases more than before. There has been rise in dynamic websites because, unlike the years of yonder where the database tools were today, proprietary, there are good tools that are free and can be used to develop databases which are robust in nature and can handle data very efficiently. What is more, with the use of open source technologies and spirit, more people are using open source tools and technologies to develop databases with the least effort. Many of these databases are the source of information which is being circulated on the Internet, but who cares?
There have been online transactions including online banking, education, and online shopping. All these systems make extensive use of databases. The databases are no longer used to facilitate the storage of data alone; they are also used to facilitate the working of these online systems.
Although the databases have proved to be of great benefit to the current information systems, there is a problem which is lurking and is a time bomb for the future systems. This is because the systems which are using these databases have insufficient security measures that they have put in place to counter any attacks that may be experienced in their system. With the coming up of cloud computing and being adopted by many organizations, the safety of the databases is of paramount importance to many organization (Kioskea, 2010). Also, the rise in computer fraud of late is enough reason to keep companies and IT professionals on their toes in databases security.
Of late, computer hackers are no longer youngsters who are idling on the Internet but they are full time computer professionals who are aiming to get personal information so that they can use in online shops and online banks to wreck havoc to the owners of this personal information. The Information Technology is growing very fast and in that sense, there are a lot of personal data that are being posted to the Internet everyday and these data need to be protected from attack. Unfortunately, many companies are not aware of this threat and leave their information in the hands of unqualified staff that have less concern for this information.
IT background of the issue
There has been a lot of database use for most companies. This is due to the fact that database driven websites are more interactive as compared to the static websites. Another reason is that updating a static website is more cumbersome than that of a dynamic one. The reason is that for a dynamic website, one has to update the data in the database alone unlike that of a static website whereby one has to update each and every page that displays the data.
Most websites have databases in the background. The databases are accessed by a program that is called a web server.
A web server normally handles the transaction processes in the web system. The web server will include programs like IIS, and Apache server. There is a scripting program that serves the requests between the web server and the database (McEvoy, & Schulze, 2008). These scripting programs include PHP, and ASP. The structure of this system is shown in the diagram above.
The client represents the program that is used by the user to send requests to the database. An example is Mozilla, Google Chrome, and Internet explorer. The application server includes the programs like Apache and IIS. They are normally included with the scripting language in place. The structure is similar across lot web applications.
The use of technologies like AJAX has made the use of these databases even better. This is because with this technology the users can retrieve data from the database without the page refreshing. This saves time.
The Impact of the issue
With the increase in the use of databases, there is a risk that is bound to strike any time in the near future. This is because there is a lot of fraud that is going on in the Internet. Most of the fraudsters target personal information that is stored in these databases (Micro, 2007). The rise in this trend can be attributed to the fact that there is a lot of revolution going on in the use of the Internet. Of worth noting is the fact that there is the rise of Web 2.0 applications like online banking and shopping. These applications have given rise to hackers of all kinds to want for the personal information so that they use it to withdraw money from the user’s account. This is a serious issue that has been of great concern for many.
Another impact is that with this technology in place, it will be difficult to maintain the system because a database expert will be required to make any corrections to the system. Some of the technologies that are associated with database processing are difficult to work on and will require only experts to configure and update it. This is costly to the organization because it will also mean that they get someone who is conversant to the systems.
Solution to problems arising from the use
One of the solutions is that any organization should have a security policy that will be able to check on the security breaches and ensure that all the data are used and manipulated as per the stipulated policy.
The very basic of the security is authenticating network users and the equipment that log into the database. Unwanted external connections can be blocked by use of a firewall in software or hardware form. There should be resources access policy that defines who is authorized to access what within the organization. Systems with sensitive data should be kept offline and routinely checked to ensure they are secure. Any know software back door entry should be addressed including a routine security patch update from the software manufacturers.
References
Callow, B 2008, Extending enterprise security beyond the perimeter, Cengage, New York.
Gritzalis, S 2009, ‘New attacks paradigms’, IEEE computer journal. Vol. 12, No. 3, pp. 23-45.
Huang, C, Shin, Y, & Ya, H 2009, ‘The structure of a signature over the Internet’, International journal on network security. Vol.12, No. 23, pp.51-53.
Kioskea, S 2009, Introduction to 3-Tier Architecture, 1st edn. Web.
Krawetz, N 2006, A review of network security, 2nd edn. Web.
McEvoy, G, & Schulze, B 2008, ‘Using clouds to address grid limitations’, In Workshop on Middleware for Grid Computing.
Micro, T 2007, Cloud computing security, O’Reilly Inc., New York.
Stone, B, & Jose, B 2007, ‘Web 2.0 security’, International journal on computers and network security, Vol. 10, No. 23, pp. 65-67.