SlideShare a Scribd company logo

Security issues in cloud computing for msmes

I
iaemedu

This document summarizes a research paper on security issues related to cloud computing for micro, small, and medium enterprises (MSMEs). The paper discusses how MSMEs have started adopting cloud computing solutions to improve operations and cope with challenges from increasing competition. While cloud computing provides benefits like efficient online applications and flexibility, security poses challenges when storing data remotely with unknown providers. The paper focuses on analyzing security risks for MSMEs adopting cloud technologies and identifying their actual needs, requirements, and expectations for cloud services.

1 of 8
Download to read offline
1
2
3
4
5
6
7
8
International Journal of AdvancedJOURNAL OF ADVANCED RESEARCH (Print), INTERNATIONAL Research in Management (IJARM), ISSN 0976 – 6324 IN MANAGEMENT (IJARM) ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012) ISSN 0976 - 6324 (Print) ISSN 0976 - 6332 (Online) Volume 3, Issue 2, July-December (2012), pp. 21-28 IJARM © IAEME: www.iaeme.com/ijarm.html ©IAEME Journal Impact Factor (2012): 2.8021 (Calculated by GISI) www.jifactor.com SECURITY ISSUES IN CLOUD COMPUTING FOR MSMES Mr. Hemantkumar Wani Dr. N. Mahesh Department of Management studies Department of Management studies Shri Jagdiprasad Jhabarmal Tibrewala Shri Jagdiprasad Jhabarmal Tibrewala University University Rajasthan, India Rajasthan, India sayhemant@rediffmail.com nadiminty.mahesh@gmail.com ABSTRACT This research paper focuses on the security issues of Cloud computing in the sector of micro, small & medium enterprises (MSMEs). The more MSMEs competition intensifying and earlier adaption of latest internet based application and services have led to greater opportunities that are worthwhile to be seized. The opening up the world IT based markets has posed many challenges with the flooding of IT enabled services and applications. It makes an aim come true for the users to get all the resources instantly from various locations that are not known. But there are lot of hurdles in accomplishing this idea in the form of security parameters and backup issues. Keywords-MSME(Micro,Small& Medium Enterprises), SLA,SSL technology, firewall,Middle server. I. INTRODUCTION Indian manufacturers especially from MSME sector have started to adapt software and technology solutions that have further revolutionized by the concept of cloud computing, which offer cutting-edge and innovative solution to cope with these challenges. In recent past, the concept of cloud computing has revolutionized the world of IT. Cloud computing enables an efficient delivery of business applications online that are accessible from web browsers. The cloud computing can supply a new type of computing and business model for MSMEs. The MSME sector has adapted this concept worldwide and has implemented it to improve their overall operations. The type (SaaS, PaaS, etc) of cloud service an MSME will likely use, the disaster recovery options consideration and the cloud computing services in term of IT services and applications that effects on business and the economy. Security risks should be 21
International Journal of Advanced Research in Management (IJARM), ISSN 0976 – 6324 (Print), ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012) analyze in adopting cloud computing technologies along with the actual needs, requirements and expectations of the MSMEs for cloud computing services. Cloud computing emerged from so called distributed computing and grid computing. Here the user can access any service which he/she wants for a specific task and for a specific amount of time [1]. Cloud computing provides us with a facility of sharing and interoperating the resources between different users and the systems being owned by the organizations. Security is a major hindrance in such type of systems because if the users are storing their data in a remote location owned by an unknown person and an organization then their data is not protected. Members communicating to each other should have a good level of trust so as to share the data and resource with each other. In actual scenario, the cloud is the concept of virtualizing the local system of the user using remote cloud operating system to get a virtual desktop with a specific or a choice of operating systems to choose of operating systems to choose and to store the personal data and execute the application from anywhere. The customers or the user purchase the computing power depending on their demand and are not concerned with the underlying technologies used. The resources used and data accessed are owned by a third party and operated by them. This third party may not be located in the same area the user lives may be in the state or country. II. CLOUD STRUCTURE AND TYPES Public cloud: It is basically used by lot of users in the whole world and the security aspects act as utmost hindrance in such situations. It is basically a pay per use model in which users pay as per their use which becomes very useful and cost effective for the companies they are working for and for themselves. Private Cloud: In private cloud we get additional benefits like additional security as the company has the server at its end. As a way to exercise greater control over security and application availability, some enterprises are moving toward building private clouds. With the right approach and expertise in place, this type of setup can offer the best of both worlds: the cost-effectiveness of cloud computing and the assurance that comes with the ability to manage data and applications more closely. Hybrid cloud: It provides services by combining private and public clouds that have been integrated to optimize service. The promise of the hybrid cloud is to provide the local data benefits of the private clouds with the economies, scalability, and on-demand access of the public cloud. The hybrid cloud remains somewhat undefined because it specifies a midway point between the two ends of the continuum of services provided strictly over the Internet and those provided through the data centre or on the desktop. [2] 22
International Journal of Advanced Research in Management (IJARM), ISSN 0976 – 6324 (Print), ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012) III. MODELS OF CLOUD COMPUTING A. Model 1:Infrastructure as a service(Iaas) The key aspects of IT infrastructure, hardware, facilities, and administration have traditionally been the domain of IT departments within each company. Dedicated personnel install and configure servers, routers, firewalls, and other devices in support of their respective employers. This equipment requires dedicated housing as well as environmental controls, emergency power, and security systems to keep it functioning properly. Finally, every company allocates additional space where IT personnel work to support the infrastructure that is in place. Every aspect of IT infrastructure has evolved on its own, yet-until now - has not moved toward integration. For example, a company purchases software it needs and then purchases a server to run it. If data storage is necessary for files or databases, disk arrays and hard drives are added into the mix to accommodate the needs of the company. A local network is maintained to provide employees access to IT resources, and high speed internet connectivity for voice and data is added to the company account as necessary. Practically speaking, each IT system has its own management system, with some systems requiring the addition of a specialized worker to the staff. Infrastructure as a service takes the traditional components of IT infrastructure, takes them off site, and offers them in one unified, scalable package to companies who can manage them through one management interface. Infrastructure as a service results in IT services that easily conform to the changing requirements of a business. Because the infrastructure does not reside on the premises, obsolete equipment, upgrades, and retrofits no longer play a role in the company's decision to adopt new technology [3]. The IaaS provider takes care of that seamlessly allowing the business to focus on its mission .Cost effectiveness augments the convenience of IaaS. Because the IaaS provider has massive platforms segmented for each customer, the economies of scale are enormous, providing significant cost savings through efficiency. The need for every company to maintain its own infrastructure is eliminated through IaaS. The power of IaaS brings the resources needed to service government and enterprise contracts to businesses of every size. IaaS improves reliability because service providers have specialized workers that ensure nearly constant uptime and state-of-the-art security measures. Infrastructure as a Service is a form of hosting. It includes network access, routing services and storage. The IaaS provider will generally provide the hardware and administrative services needed to store applications and a platform for running applications. Scaling of bandwidth, memory and storage are generally included, and vendors compete on the performance and pricing offered on their dynamic services. IaaS can be purchased with either a contract or on a pay-as-you-go basis. However, most buyers consider the key benefit of IaaS to be the flexibility of the pricing, since you should only need to pay for the resources that your application delivery requires [4]. B. Model 2:Software as a Service(SaaS) Software is ubiquitous in today’s business world, where software applications can help us track shipments across multiple countries, manage large inventories, train employees, and even help us form good working relationships with customers. For decades, companies have run software on their own internal infrastructures or computer networks. In recent years, traditional software license purchases have begun to seem antiquated, as many vendors and customers have migrated to software as a service business model. Software as a service, or 'SaaS', is a software application 23
International Journal of Advanced Research in Management (IJARM), ISSN 0976 – 6324 (Print), ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012) delivery model by which an enterprise vendor develops a web-based software application, and then hosts and operates that application over the Internet for use by its customers. Customers do not need to buy software licenses or additional infrastructure equipment, and typically only pay monthly fees (also referred to as annuity payments) for using the software. It is important to note that SaaS typically encapsulates enterprise as opposed to consumer-oriented web-hosted software, which is generally known as web 2.0. According to a leading research firm, the SaaS market reached $6.3B in 2006; still a small fraction of the over $300B licensed software industry. However, growth in SaaS since 2000 has averaged 26% CAGR, while licensed software growth has remained relatively flat. Demand for SaaS is being driven by real business needs — namely its ability to drive down IT-related costs, decrease deployment times, and foster innovation [5]. Both public and private cloud models are now in use. Available to anyone with Internet access, public models include Software as a Service (SaaS) clouds like IBM LotusLive™, Platform as a Service (PaaS) clouds such as IBM Computing on Demand™, and Security and Data Protection as a Service (SDPaaS) clouds like the IBM Vulnerability Management Service. Private clouds are owned and used by a single organization. They offer many of the same benefits as public clouds, and they give the owner organization greater flexibility and control. Furthermore, private clouds can provide lower latency than public clouds during peak traffic periods. Many organizations embrace both public and private cloud computing by integrating the two models into hybrid clouds. These hybrids are designed to meet specific business and technology requirements, helping to optimize security and privacy with a minimum investment in fixed IT costs. All these services are cost effective but have a lot of issues regarding security and backup. Depending upon the implementation and platform needed the central server can send the request to the respective server. IV. REQUIREMENTS OF SECURITY It gives a general description of security services and related mechanisms, which can be ensured by the Reference Model, and of the positions within the Reference Model where the services and mechanisms may be provided. Extends the field of application of ISO 7498 [6] to cover secure communications between open systems. Adds to the concepts and principles included in ISO 7498 but does not modify them. In the fig 1, we have showed how the requirements are fulfilled in our proposed system. a. Authentication and Authorisation User can be identified in this model as we are using the SSL security for that purpose. A governance body is acting as an interface between the user and the cloud servers. There will be encryption between the user and central server and between the central server and cloud of servers. User details will be stored within the central server in the form of UserID etc and validation will be done accordingly. Hence the requirement is fulfilled in this. Authorization is not a big issue in private cloud because the system administrator can look into it by granting access only to those who are authorized to access the data. Whereas in public cloud it will become more hectic due to requests from normal users have to be taken into considerations. Privileges over the process flow have to be considered as the control may flow from one server 24
International Journal of Advanced Research in Management (IJARM), ISSN 0976 – 6324 (Print), ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012) to another. Respective UserID will be saved in the central servers after the registration and authorization can be done easily as the respective rights can be stated there. b. Confidentiality Confidentiality plays a very important role as the data has to be secure and should not be reviled anywhere. This can be achieved in this system as we have used Dual SSL technology. User’s data, profiles etc have to be maintained and as they are virtually accessed various protocols (security) have to be enforced. If we standardize the whole cluster of a particular sector then it can be easily imposed. With regard to data-in-transit, the primary risk is in not using a vetted encryption algorithm. Although this is obvious to information security professionals, it is not common for others to understand this requirement when using a public cloud, regardless of whether it is IaaS, PaaS or SaaS. It is also important to ensure that a protocol provides confidentiality as well as integrity (e.g., FTP over SSL [FTPS], Hypertext Transfer Protocol Secure [HTTPS], and Secure Copy Program [SCP])—particularly if the protocol is used for transferring data across the Internet. Merely encrypting data and using a non-secured protocol (e.g., “vanilla” or “straight” FTP or HTTP) can provide confidentiality, but does not ensure the integrity of the data (e.g., with the use of symmetric streaming ciphers) [6]. c. Integrity Integrity is maintained as the hashing is done in SSL technology. The major drawback in case of this technology is the excessive redundant data due to which the bandwidth is used up and the packet size is increased. From a privacy and confidentiality perspective, the terms of service may be the most important feature of cloud computing for an average user who is not subject to a legal or professional obligation. It is common for a cloud provider to offer its facilities to users without individual contracts and subject to the provider’s published terms of service. A provider may offer different services, each of which has distinct terms of service. A cloud provider may also have a separate privacy policy. It is also possible for a cloud provider to conduct business with users subject to specific contractual agreements between the provider and the user that provides better protections for users. The contractual model is not examined further here. If the terms of service give the cloud provider rights over a user’s information, then a user is likely bound by those terms. A cloud provider may acquire through its terms of service a variety of rights, including the right to copy, use, change, publish, display, distribute, and share with affiliates or with the world the user’s information. There may be few limits to the rights that a cloud provider may claim as a condition of offering services to users. Audits and other data integrity measures may be important if a user’s local records differ from the records maintained on the user’s behalf by a cloud provider. d. Availability Another issue is availability of the data when it is requested via authorized users. The most powerful technique is prevention through avoiding threats affecting the availability of the service or data. It is very difficult to detect threats targeting the availability. Threats targeting availability can be either Network based attacks such as Distributed Denial of Service (DDoS) attacks or CSP availability. For example, Amazon S3 suffered from two and a half hours outage in February 2008 and eight hours outage in July 2008. In the next section, we will discuss the identity and access management practices of the cloud computing by tackling some protocols 25
International Journal of Advanced Research in Management (IJARM), ISSN 0976 – 6324 (Print), ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012) such as Security assertion Markup Language (SAML), Open Authentication (OAuth) protocol and a comparison between these two techniques to conclude the best solution. e. Non-repudiation Non-repudiation is the requirement which states that if a sender is sending the data to the other end. In our proposed system this requirement is fulfilled by the middle server because it has the routing table as well as the table of content of all the servers in the cloud with corresponding server ID, name, location etc. Due to the routing table’s entry of server ip, receiver and sender ip we can state that if the user has sent the request he cannot deny it and if receiver gives acknowledgement or response he also cannot deny of giving it. f. Backup and Disaster Recovery A cloud may be used for production operations, so it is important to have a backup and disaster recovery policy in place. The backup policy should define what data is backed up, how long backups are kept, as well as costs associated with those services. Similarly, in the event of a catastrophic failure of a private cloud, a failover plan should be in place. This plan may include using multiple data centers to host a private cloud or running jobs in a more conventionally organized cluster environment with manual management of jobs. The details of how to implement backup and disaster recovery will vary by your needs and resources, but it is essential for business continuity planning to have some policy in place [8]. V. USE OF PROPOSED MODEL In the proposed system we have introduced an idea in which we have defined a central server which will be having a router table which contains cloud Id, the corresponding user Id , the actual server Id to which the user is connecting to. The source ip and the destination ip also have been put into the table. Figure 1. Architecture Diagram of proposed model 26
International Journal of Advanced Research in Management (IJARM), ISSN 0976 – 6324 (Print), ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012) TABLE I. ROUTING TABLE UID SID Source IP Destn IP 12017 2747 191.268.67.67 101.123.22.25 86770 2967 111.125.25.23 102.124.12.35 Time Cloud ID Packet Server Lease Time Size Name 500mins 222 437kb ABC 30mins 800mins 266 128kb XYZ 18mins It also contains the actual amount of data flow that is the packets per second transfer rate. On the user end there will be personal firewall and the connectivity between the user and the central server will be encrypted using SSL encryption standards that are regularly used now-a-days. Again at the Central server’s end there will be an application level firewall which will check whether the packets are malicious or not. Application-level firewalls (sometimes called proxies) have been looking more deeply into the application data going through their filters. Fig.2 shows the architectural diagram of the proposed system. By considering the context of client requests and application responses, these firewalls attempt to enforce correct application behavior, block malicious activity and help organizations ensure the safety of sensitive information and systems. They can log user activity too. Application-level filtering may include protection against spam and viruses as well, and be able to block undesirable Web sites based on content rather than just their IP address. [6] Further what we have suggested is to make a separate cluster of clouds for banking sector, educational sector, government bodies (will not contain confidential data). The user has a personal firewall at his end. The central server say for banks as an example consists of a table which consists of the user ID, server id, its name and all the related information through which a governance body can back track the server and the user. When a user tries to connect to a particular server from the cloud then his/her user id sever id source ip and destination ip are saved. The total time of synchronization, packet size being transferred server name and the total lease time in case of a secure connection is saved in the table incase if the user is not able to connect to a server i.e., if the ping shows connection time out we can easily track the server from the central servers routing table. Even the user credentials and the session are secured by SSL technology. Further we can achieve more security by clubbing different security algorithms with SSL [9]. There is a secured connectivity between the user and the central server and between cloud’s servers. Due to double encryption all the security requirements are fulfilled in this model. Tracking the server is also simple because their will be a table which will help us know the cloud id server name, server id and the corresponding organizations name whose server it is. So if the server is not getting connected then we can track it. We also have to standardize all the servers in the cloud for a particular sector like banking sector, the centralized banks and co-operative banks 27
International Journal of Advanced Research in Management (IJARM), ISSN 0976 – 6324 (Print), ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012) etc have to come together and use standardized protocols so as to achieve this proposal. Even by standardizing in education sector we can achieve a common place to gain knowledge and we can use the services as according. We have also included the routing table below which depicts the actual scenario. I. CONCLUSION The model we have proposed is having its own advantages in case of security and backup. Due to a middle server technology in between the user and the cloud server we can easily track the user as well as the server in the cloud. We can also nexus both public cloud and private cloud together in one with hybrid clouds. Due to SSL security the security parameters are also taken into consideration. This model can help cloud computing and make it reach new ends. REFERENCES [1] Peter Mell and Tim Grance,”The NIST Definition of Cloud Computing”http://csrc.nist.gov/groups/SNS/cloud-computing/ [2] Architectural Requirements Of The Hybrid Cloud Information Management Online, February 10, 2010 Brian J. Dooley [3] http://cloudstoragestrategy.com/2010/01/cloud-storage-for-the-enterprise---part-2-the-hybrid- cloud.html By Steve Lesem on January 25, 2010 [4] R. Nicole, “Title of paper with only first word capitalized,” J. Name Stand. Abbrev., in press. [5] http://www.wikinvest.com/concept/Software_as_a_Service [6] Tim Mather, Subra Kumaraswamy, and Shahed Latif”Cloud Privacy and security” pp. 529– 551, September 2009: First Edition [7] "IBM Point of View: Security and Cloud Computing"Cloud computing White paper November 2009. [8] Zhidong Shen,2010 2nd International Conference on Signal Processing Systems (ICSPS). [9] Palivela Hemant, Hemant Wani “Development of Servers In Cloud Computin To Solve Issues Related To Security And Backup” (CCIS-IEEE Conference.Beijing ,China). 28

More Related Content

PDF
70 74
Editor IJARCET
 
PDF
Secure Cloud Hosting.paper
jagan339
 
PDF
A Survey on Cloud Computing Security – Challenges and Trust Issues
IJCSIS Research Publications
 
PDF
SecSecuring Software as a Service Model of Cloud Computing: Issues and Solutions
ijccsa
 
PDF
Neural Network Web-Based Human Resource Management System Model (NNWBHRMSM)
ijcncs
 
PDF
IRJET- Effective Privacy based Distributed Storage Structure
IRJET Journal
 
PDF
A survey on data security in cloud computing issues and mitigation techniques
eSAT Publishing House
 
PDF
A study on_security_and_privacy_issues_o
Pradeep Muralidhar
 
70 74
Editor IJARCET
 
Secure Cloud Hosting.paper
jagan339
 
A Survey on Cloud Computing Security – Challenges and Trust Issues
IJCSIS Research Publications
 
SecSecuring Software as a Service Model of Cloud Computing: Issues and Solutions
ijccsa
 
Neural Network Web-Based Human Resource Management System Model (NNWBHRMSM)
ijcncs
 
IRJET- Effective Privacy based Distributed Storage Structure
IRJET Journal
 
A survey on data security in cloud computing issues and mitigation techniques
eSAT Publishing House
 
A study on_security_and_privacy_issues_o
Pradeep Muralidhar
 

What's hot (18)

PDF
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET Journal
 
PDF
Implementing Iris in the Railway Control Office Application for Secure Saas i...
IJERA Editor
 
PDF
A Proposed Virtualization Technique to Enhance IT Services
Hossam Al-Ansary
 
PDF
Services, security challenges and security policies in cloud computing
eSAT Journals
 
PDF
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
IJERA Editor
 
PDF
IRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET Journal
 
PDF
IRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET Journal
 
PDF
Basics of Cloud Computing
ijsrd.com
 
PDF
Abstraction and Automation: A Software Design Approach for Developing Secure ...
iosrjce
 
PDF
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...
iosrjce
 
PDF
Security Issues’ in Cloud Computing and its Solutions.
IJCERT JOURNAL
 
PDF
IRJET- An Overview on Cloud Computing and Challenges
IRJET Journal
 
PDF
Host your Cloud – Netmagic Solutions
Netmagic Solutions Pvt. Ltd.
 
PDF
IMPROVING PRIVACY AND SECURITY IN MULTITENANT CLOUD ERP SYSTEMS
acijjournal
 
PDF
Cloud Computing: Overview & Utility
iosrjce
 
PDF
Securing the e health cloud
Bong Young Sung
 
PDF
Software defined networking
Netmagic Solutions Pvt. Ltd.
 
PDF
SECURITY ISSUES IN CLOUD COMPUTING
International Journal of Technical Research & Application
 
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET Journal
 
Implementing Iris in the Railway Control Office Application for Secure Saas i...
IJERA Editor
 
A Proposed Virtualization Technique to Enhance IT Services
Hossam Al-Ansary
 
Services, security challenges and security policies in cloud computing
eSAT Journals
 
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
IJERA Editor
 
IRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET Journal
 
IRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET Journal
 
Basics of Cloud Computing
ijsrd.com
 
Abstraction and Automation: A Software Design Approach for Developing Secure ...
iosrjce
 
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...
iosrjce
 
Security Issues’ in Cloud Computing and its Solutions.
IJCERT JOURNAL
 
IRJET- An Overview on Cloud Computing and Challenges
IRJET Journal
 
Host your Cloud – Netmagic Solutions
Netmagic Solutions Pvt. Ltd.
 
IMPROVING PRIVACY AND SECURITY IN MULTITENANT CLOUD ERP SYSTEMS
acijjournal
 
Cloud Computing: Overview & Utility
iosrjce
 
Securing the e health cloud
Bong Young Sung
 
Software defined networking
Netmagic Solutions Pvt. Ltd.
 
SECURITY ISSUES IN CLOUD COMPUTING
International Journal of Technical Research & Application
 
Ad

Viewers also liked (9)

PDF
Software process and product quality assurance in it organizations
iaemedu
 
PDF
Barriers and enablers in implementation of lean six sigma in indian manufactu...
iaemedu
 
PDF
Knowledge management strategies in higher education
iaemedu
 
PDF
Indian managers in multinational companies and their commitments
iaemedu
 
PDF
Regression, theil’s and mlp forecasting models of stock index
iaemedu
 
PDF
Visualization of sorting algorithms using flash
iaemedu
 
PDF
Brand loyalty among consumption of pickle in tamil nadu
iaemedu
 
PDF
Implementation performance analysis of cordic
iaemedu
 
PDF
Advanced agriculture system
iaemedu
 
Software process and product quality assurance in it organizations
iaemedu
 
Barriers and enablers in implementation of lean six sigma in indian manufactu...
iaemedu
 
Knowledge management strategies in higher education
iaemedu
 
Indian managers in multinational companies and their commitments
iaemedu
 
Regression, theil’s and mlp forecasting models of stock index
iaemedu
 
Visualization of sorting algorithms using flash
iaemedu
 
Brand loyalty among consumption of pickle in tamil nadu
iaemedu
 
Implementation performance analysis of cordic
iaemedu
 
Advanced agriculture system
iaemedu
 
Ad

Similar to Security issues in cloud computing for msmes (20)

PDF
Microsoft Cloud Computing E-Book
ZAG Technical Services
 
DOCX
Cloud computing
Abhijit Bilgi
 
PPTX
Cloud Computing in Business and facts
Arun Ganesh
 
PDF
IBM Point of View: Security and Cloud Computing
IBM India Smarter Computing
 
PDF
IBM Point of view -- Security and Cloud Computing (Tivoli)
IBM India Smarter Computing
 
PDF
PSee Solutions
KatieDew2
 
PDF
IRJET- Cloud Computing: Security Issues Challenges and Solution
IRJET Journal
 
PDF
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...
United International Journal for Research & Technology
 
PDF
Cloud computing-overview
jaimehra05
 
PDF
Cloud computing-overview
sri_kanth0526
 
PDF
How secured and safe is Cloud?
IRJET Journal
 
PDF
Seminar report on cloud computing
Jagan Mohan Bishoyi
 
PDF
Cloud computing
HussainSamaah1
 
PDF
A Complete Guide to Cloud Computing, Everything You Need To Know.pdf
Venpep2
 
DOCX
Cloud Computing Applications and Benefits for Small Businesses .docx
clarebernice
 
PDF
Outsourcing Business to Cloud Computing Services: Opportunities and Challenges
white paper
 
PPT
Radu crahmaliuc 23feb2012
Agora Group
 
PDF
Best cloud computing training institute in noida
taramandal
 
PDF
IRJET- An Ample Analysis of Cloud Computing Assessment Issues and Challenges
IRJET Journal
 
PDF
10 security concerns cloud computing
Hossam Zein
 
Microsoft Cloud Computing E-Book
ZAG Technical Services
 
Cloud computing
Abhijit Bilgi
 
Cloud Computing in Business and facts
Arun Ganesh
 
IBM Point of View: Security and Cloud Computing
IBM India Smarter Computing
 
IBM Point of view -- Security and Cloud Computing (Tivoli)
IBM India Smarter Computing
 
PSee Solutions
KatieDew2
 
IRJET- Cloud Computing: Security Issues Challenges and Solution
IRJET Journal
 
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...
United International Journal for Research & Technology
 
Cloud computing-overview
jaimehra05
 
Cloud computing-overview
sri_kanth0526
 
How secured and safe is Cloud?
IRJET Journal
 
Seminar report on cloud computing
Jagan Mohan Bishoyi
 
Cloud computing
HussainSamaah1
 
A Complete Guide to Cloud Computing, Everything You Need To Know.pdf
Venpep2
 
Cloud Computing Applications and Benefits for Small Businesses .docx
clarebernice
 
Outsourcing Business to Cloud Computing Services: Opportunities and Challenges
white paper
 
Radu crahmaliuc 23feb2012
Agora Group
 
Best cloud computing training institute in noida
taramandal
 
IRJET- An Ample Analysis of Cloud Computing Assessment Issues and Challenges
IRJET Journal
 
10 security concerns cloud computing
Hossam Zein
 

More from iaemedu (20)

PDF
Tech transfer making it as a risk free approach in pharmaceutical and biotech in
iaemedu
 
PDF
Integration of feature sets with machine learning techniques
iaemedu
 
PDF
Effective broadcasting in mobile ad hoc networks using grid
iaemedu
 
PDF
Effect of scenario environment on the performance of mane ts routing
iaemedu
 
PDF
Adaptive job scheduling with load balancing for workflow application
iaemedu
 
PDF
Survey on transaction reordering
iaemedu
 
PDF
Semantic web services and its challenges
iaemedu
 
PDF
Website based patent information searching mechanism
iaemedu
 
PDF
Revisiting the experiment on detecting of replay and message modification
iaemedu
 
PDF
Prediction of customer behavior using cma
iaemedu
 
PDF
Performance analysis of manet routing protocol in presence
iaemedu
 
PDF
Performance measurement of different requirements engineering
iaemedu
 
PDF
Mobile safety systems for automobiles
iaemedu
 
PDF
Efficient text compression using special character replacement
iaemedu
 
PDF
Agile programming a new approach
iaemedu
 
PDF
Adaptive load balancing techniques in global scale grid environment
iaemedu
 
PDF
A survey on the performance of job scheduling in workflow application
iaemedu
 
PDF
A survey of mitigating routing misbehavior in mobile ad hoc networks
iaemedu
 
PDF
A novel approach for satellite imagery storage by classify
iaemedu
 
PDF
A self recovery approach using halftone images for medical imagery
iaemedu
 
Tech transfer making it as a risk free approach in pharmaceutical and biotech in
iaemedu
 
Integration of feature sets with machine learning techniques
iaemedu
 
Effective broadcasting in mobile ad hoc networks using grid
iaemedu
 
Effect of scenario environment on the performance of mane ts routing
iaemedu
 
Adaptive job scheduling with load balancing for workflow application
iaemedu
 
Survey on transaction reordering
iaemedu
 
Semantic web services and its challenges
iaemedu
 
Website based patent information searching mechanism
iaemedu
 
Revisiting the experiment on detecting of replay and message modification
iaemedu
 
Prediction of customer behavior using cma
iaemedu
 
Performance analysis of manet routing protocol in presence
iaemedu
 
Performance measurement of different requirements engineering
iaemedu
 
Mobile safety systems for automobiles
iaemedu
 
Efficient text compression using special character replacement
iaemedu
 
Agile programming a new approach
iaemedu
 
Adaptive load balancing techniques in global scale grid environment
iaemedu
 
A survey on the performance of job scheduling in workflow application
iaemedu
 
A survey of mitigating routing misbehavior in mobile ad hoc networks
iaemedu
 
A novel approach for satellite imagery storage by classify
iaemedu
 
A self recovery approach using halftone images for medical imagery
iaemedu
 

Security issues in cloud computing for msmes

  • 1. International Journal of AdvancedJOURNAL OF ADVANCED RESEARCH (Print), INTERNATIONAL Research in Management (IJARM), ISSN 0976 – 6324 IN MANAGEMENT (IJARM) ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012) ISSN 0976 - 6324 (Print) ISSN 0976 - 6332 (Online) Volume 3, Issue 2, July-December (2012), pp. 21-28 IJARM © IAEME: www.iaeme.com/ijarm.html ©IAEME Journal Impact Factor (2012): 2.8021 (Calculated by GISI) www.jifactor.com SECURITY ISSUES IN CLOUD COMPUTING FOR MSMES Mr. Hemantkumar Wani Dr. N. Mahesh Department of Management studies Department of Management studies Shri Jagdiprasad Jhabarmal Tibrewala Shri Jagdiprasad Jhabarmal Tibrewala University University Rajasthan, India Rajasthan, India sayhemant@rediffmail.com nadiminty.mahesh@gmail.com ABSTRACT This research paper focuses on the security issues of Cloud computing in the sector of micro, small & medium enterprises (MSMEs). The more MSMEs competition intensifying and earlier adaption of latest internet based application and services have led to greater opportunities that are worthwhile to be seized. The opening up the world IT based markets has posed many challenges with the flooding of IT enabled services and applications. It makes an aim come true for the users to get all the resources instantly from various locations that are not known. But there are lot of hurdles in accomplishing this idea in the form of security parameters and backup issues. Keywords-MSME(Micro,Small& Medium Enterprises), SLA,SSL technology, firewall,Middle server. I. INTRODUCTION Indian manufacturers especially from MSME sector have started to adapt software and technology solutions that have further revolutionized by the concept of cloud computing, which offer cutting-edge and innovative solution to cope with these challenges. In recent past, the concept of cloud computing has revolutionized the world of IT. Cloud computing enables an efficient delivery of business applications online that are accessible from web browsers. The cloud computing can supply a new type of computing and business model for MSMEs. The MSME sector has adapted this concept worldwide and has implemented it to improve their overall operations. The type (SaaS, PaaS, etc) of cloud service an MSME will likely use, the disaster recovery options consideration and the cloud computing services in term of IT services and applications that effects on business and the economy. Security risks should be 21
  • 2. International Journal of Advanced Research in Management (IJARM), ISSN 0976 – 6324 (Print), ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012) analyze in adopting cloud computing technologies along with the actual needs, requirements and expectations of the MSMEs for cloud computing services. Cloud computing emerged from so called distributed computing and grid computing. Here the user can access any service which he/she wants for a specific task and for a specific amount of time [1]. Cloud computing provides us with a facility of sharing and interoperating the resources between different users and the systems being owned by the organizations. Security is a major hindrance in such type of systems because if the users are storing their data in a remote location owned by an unknown person and an organization then their data is not protected. Members communicating to each other should have a good level of trust so as to share the data and resource with each other. In actual scenario, the cloud is the concept of virtualizing the local system of the user using remote cloud operating system to get a virtual desktop with a specific or a choice of operating systems to choose of operating systems to choose and to store the personal data and execute the application from anywhere. The customers or the user purchase the computing power depending on their demand and are not concerned with the underlying technologies used. The resources used and data accessed are owned by a third party and operated by them. This third party may not be located in the same area the user lives may be in the state or country. II. CLOUD STRUCTURE AND TYPES Public cloud: It is basically used by lot of users in the whole world and the security aspects act as utmost hindrance in such situations. It is basically a pay per use model in which users pay as per their use which becomes very useful and cost effective for the companies they are working for and for themselves. Private Cloud: In private cloud we get additional benefits like additional security as the company has the server at its end. As a way to exercise greater control over security and application availability, some enterprises are moving toward building private clouds. With the right approach and expertise in place, this type of setup can offer the best of both worlds: the cost-effectiveness of cloud computing and the assurance that comes with the ability to manage data and applications more closely. Hybrid cloud: It provides services by combining private and public clouds that have been integrated to optimize service. The promise of the hybrid cloud is to provide the local data benefits of the private clouds with the economies, scalability, and on-demand access of the public cloud. The hybrid cloud remains somewhat undefined because it specifies a midway point between the two ends of the continuum of services provided strictly over the Internet and those provided through the data centre or on the desktop. [2] 22
  • 3. International Journal of Advanced Research in Management (IJARM), ISSN 0976 – 6324 (Print), ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012) III. MODELS OF CLOUD COMPUTING A. Model 1:Infrastructure as a service(Iaas) The key aspects of IT infrastructure, hardware, facilities, and administration have traditionally been the domain of IT departments within each company. Dedicated personnel install and configure servers, routers, firewalls, and other devices in support of their respective employers. This equipment requires dedicated housing as well as environmental controls, emergency power, and security systems to keep it functioning properly. Finally, every company allocates additional space where IT personnel work to support the infrastructure that is in place. Every aspect of IT infrastructure has evolved on its own, yet-until now - has not moved toward integration. For example, a company purchases software it needs and then purchases a server to run it. If data storage is necessary for files or databases, disk arrays and hard drives are added into the mix to accommodate the needs of the company. A local network is maintained to provide employees access to IT resources, and high speed internet connectivity for voice and data is added to the company account as necessary. Practically speaking, each IT system has its own management system, with some systems requiring the addition of a specialized worker to the staff. Infrastructure as a service takes the traditional components of IT infrastructure, takes them off site, and offers them in one unified, scalable package to companies who can manage them through one management interface. Infrastructure as a service results in IT services that easily conform to the changing requirements of a business. Because the infrastructure does not reside on the premises, obsolete equipment, upgrades, and retrofits no longer play a role in the company's decision to adopt new technology [3]. The IaaS provider takes care of that seamlessly allowing the business to focus on its mission .Cost effectiveness augments the convenience of IaaS. Because the IaaS provider has massive platforms segmented for each customer, the economies of scale are enormous, providing significant cost savings through efficiency. The need for every company to maintain its own infrastructure is eliminated through IaaS. The power of IaaS brings the resources needed to service government and enterprise contracts to businesses of every size. IaaS improves reliability because service providers have specialized workers that ensure nearly constant uptime and state-of-the-art security measures. Infrastructure as a Service is a form of hosting. It includes network access, routing services and storage. The IaaS provider will generally provide the hardware and administrative services needed to store applications and a platform for running applications. Scaling of bandwidth, memory and storage are generally included, and vendors compete on the performance and pricing offered on their dynamic services. IaaS can be purchased with either a contract or on a pay-as-you-go basis. However, most buyers consider the key benefit of IaaS to be the flexibility of the pricing, since you should only need to pay for the resources that your application delivery requires [4]. B. Model 2:Software as a Service(SaaS) Software is ubiquitous in today’s business world, where software applications can help us track shipments across multiple countries, manage large inventories, train employees, and even help us form good working relationships with customers. For decades, companies have run software on their own internal infrastructures or computer networks. In recent years, traditional software license purchases have begun to seem antiquated, as many vendors and customers have migrated to software as a service business model. Software as a service, or 'SaaS', is a software application 23
  • 4. International Journal of Advanced Research in Management (IJARM), ISSN 0976 – 6324 (Print), ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012) delivery model by which an enterprise vendor develops a web-based software application, and then hosts and operates that application over the Internet for use by its customers. Customers do not need to buy software licenses or additional infrastructure equipment, and typically only pay monthly fees (also referred to as annuity payments) for using the software. It is important to note that SaaS typically encapsulates enterprise as opposed to consumer-oriented web-hosted software, which is generally known as web 2.0. According to a leading research firm, the SaaS market reached $6.3B in 2006; still a small fraction of the over $300B licensed software industry. However, growth in SaaS since 2000 has averaged 26% CAGR, while licensed software growth has remained relatively flat. Demand for SaaS is being driven by real business needs — namely its ability to drive down IT-related costs, decrease deployment times, and foster innovation [5]. Both public and private cloud models are now in use. Available to anyone with Internet access, public models include Software as a Service (SaaS) clouds like IBM LotusLive™, Platform as a Service (PaaS) clouds such as IBM Computing on Demand™, and Security and Data Protection as a Service (SDPaaS) clouds like the IBM Vulnerability Management Service. Private clouds are owned and used by a single organization. They offer many of the same benefits as public clouds, and they give the owner organization greater flexibility and control. Furthermore, private clouds can provide lower latency than public clouds during peak traffic periods. Many organizations embrace both public and private cloud computing by integrating the two models into hybrid clouds. These hybrids are designed to meet specific business and technology requirements, helping to optimize security and privacy with a minimum investment in fixed IT costs. All these services are cost effective but have a lot of issues regarding security and backup. Depending upon the implementation and platform needed the central server can send the request to the respective server. IV. REQUIREMENTS OF SECURITY It gives a general description of security services and related mechanisms, which can be ensured by the Reference Model, and of the positions within the Reference Model where the services and mechanisms may be provided. Extends the field of application of ISO 7498 [6] to cover secure communications between open systems. Adds to the concepts and principles included in ISO 7498 but does not modify them. In the fig 1, we have showed how the requirements are fulfilled in our proposed system. a. Authentication and Authorisation User can be identified in this model as we are using the SSL security for that purpose. A governance body is acting as an interface between the user and the cloud servers. There will be encryption between the user and central server and between the central server and cloud of servers. User details will be stored within the central server in the form of UserID etc and validation will be done accordingly. Hence the requirement is fulfilled in this. Authorization is not a big issue in private cloud because the system administrator can look into it by granting access only to those who are authorized to access the data. Whereas in public cloud it will become more hectic due to requests from normal users have to be taken into considerations. Privileges over the process flow have to be considered as the control may flow from one server 24
  • 5. International Journal of Advanced Research in Management (IJARM), ISSN 0976 – 6324 (Print), ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012) to another. Respective UserID will be saved in the central servers after the registration and authorization can be done easily as the respective rights can be stated there. b. Confidentiality Confidentiality plays a very important role as the data has to be secure and should not be reviled anywhere. This can be achieved in this system as we have used Dual SSL technology. User’s data, profiles etc have to be maintained and as they are virtually accessed various protocols (security) have to be enforced. If we standardize the whole cluster of a particular sector then it can be easily imposed. With regard to data-in-transit, the primary risk is in not using a vetted encryption algorithm. Although this is obvious to information security professionals, it is not common for others to understand this requirement when using a public cloud, regardless of whether it is IaaS, PaaS or SaaS. It is also important to ensure that a protocol provides confidentiality as well as integrity (e.g., FTP over SSL [FTPS], Hypertext Transfer Protocol Secure [HTTPS], and Secure Copy Program [SCP])—particularly if the protocol is used for transferring data across the Internet. Merely encrypting data and using a non-secured protocol (e.g., “vanilla” or “straight” FTP or HTTP) can provide confidentiality, but does not ensure the integrity of the data (e.g., with the use of symmetric streaming ciphers) [6]. c. Integrity Integrity is maintained as the hashing is done in SSL technology. The major drawback in case of this technology is the excessive redundant data due to which the bandwidth is used up and the packet size is increased. From a privacy and confidentiality perspective, the terms of service may be the most important feature of cloud computing for an average user who is not subject to a legal or professional obligation. It is common for a cloud provider to offer its facilities to users without individual contracts and subject to the provider’s published terms of service. A provider may offer different services, each of which has distinct terms of service. A cloud provider may also have a separate privacy policy. It is also possible for a cloud provider to conduct business with users subject to specific contractual agreements between the provider and the user that provides better protections for users. The contractual model is not examined further here. If the terms of service give the cloud provider rights over a user’s information, then a user is likely bound by those terms. A cloud provider may acquire through its terms of service a variety of rights, including the right to copy, use, change, publish, display, distribute, and share with affiliates or with the world the user’s information. There may be few limits to the rights that a cloud provider may claim as a condition of offering services to users. Audits and other data integrity measures may be important if a user’s local records differ from the records maintained on the user’s behalf by a cloud provider. d. Availability Another issue is availability of the data when it is requested via authorized users. The most powerful technique is prevention through avoiding threats affecting the availability of the service or data. It is very difficult to detect threats targeting the availability. Threats targeting availability can be either Network based attacks such as Distributed Denial of Service (DDoS) attacks or CSP availability. For example, Amazon S3 suffered from two and a half hours outage in February 2008 and eight hours outage in July 2008. In the next section, we will discuss the identity and access management practices of the cloud computing by tackling some protocols 25
  • 6. International Journal of Advanced Research in Management (IJARM), ISSN 0976 – 6324 (Print), ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012) such as Security assertion Markup Language (SAML), Open Authentication (OAuth) protocol and a comparison between these two techniques to conclude the best solution. e. Non-repudiation Non-repudiation is the requirement which states that if a sender is sending the data to the other end. In our proposed system this requirement is fulfilled by the middle server because it has the routing table as well as the table of content of all the servers in the cloud with corresponding server ID, name, location etc. Due to the routing table’s entry of server ip, receiver and sender ip we can state that if the user has sent the request he cannot deny it and if receiver gives acknowledgement or response he also cannot deny of giving it. f. Backup and Disaster Recovery A cloud may be used for production operations, so it is important to have a backup and disaster recovery policy in place. The backup policy should define what data is backed up, how long backups are kept, as well as costs associated with those services. Similarly, in the event of a catastrophic failure of a private cloud, a failover plan should be in place. This plan may include using multiple data centers to host a private cloud or running jobs in a more conventionally organized cluster environment with manual management of jobs. The details of how to implement backup and disaster recovery will vary by your needs and resources, but it is essential for business continuity planning to have some policy in place [8]. V. USE OF PROPOSED MODEL In the proposed system we have introduced an idea in which we have defined a central server which will be having a router table which contains cloud Id, the corresponding user Id , the actual server Id to which the user is connecting to. The source ip and the destination ip also have been put into the table. Figure 1. Architecture Diagram of proposed model 26
  • 7. International Journal of Advanced Research in Management (IJARM), ISSN 0976 – 6324 (Print), ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012) TABLE I. ROUTING TABLE UID SID Source IP Destn IP 12017 2747 191.268.67.67 101.123.22.25 86770 2967 111.125.25.23 102.124.12.35 Time Cloud ID Packet Server Lease Time Size Name 500mins 222 437kb ABC 30mins 800mins 266 128kb XYZ 18mins It also contains the actual amount of data flow that is the packets per second transfer rate. On the user end there will be personal firewall and the connectivity between the user and the central server will be encrypted using SSL encryption standards that are regularly used now-a-days. Again at the Central server’s end there will be an application level firewall which will check whether the packets are malicious or not. Application-level firewalls (sometimes called proxies) have been looking more deeply into the application data going through their filters. Fig.2 shows the architectural diagram of the proposed system. By considering the context of client requests and application responses, these firewalls attempt to enforce correct application behavior, block malicious activity and help organizations ensure the safety of sensitive information and systems. They can log user activity too. Application-level filtering may include protection against spam and viruses as well, and be able to block undesirable Web sites based on content rather than just their IP address. [6] Further what we have suggested is to make a separate cluster of clouds for banking sector, educational sector, government bodies (will not contain confidential data). The user has a personal firewall at his end. The central server say for banks as an example consists of a table which consists of the user ID, server id, its name and all the related information through which a governance body can back track the server and the user. When a user tries to connect to a particular server from the cloud then his/her user id sever id source ip and destination ip are saved. The total time of synchronization, packet size being transferred server name and the total lease time in case of a secure connection is saved in the table incase if the user is not able to connect to a server i.e., if the ping shows connection time out we can easily track the server from the central servers routing table. Even the user credentials and the session are secured by SSL technology. Further we can achieve more security by clubbing different security algorithms with SSL [9]. There is a secured connectivity between the user and the central server and between cloud’s servers. Due to double encryption all the security requirements are fulfilled in this model. Tracking the server is also simple because their will be a table which will help us know the cloud id server name, server id and the corresponding organizations name whose server it is. So if the server is not getting connected then we can track it. We also have to standardize all the servers in the cloud for a particular sector like banking sector, the centralized banks and co-operative banks 27
  • 8. International Journal of Advanced Research in Management (IJARM), ISSN 0976 – 6324 (Print), ISSN 0976 – 6332 (Online), Volume 3, Issue 2, July-December (2012) etc have to come together and use standardized protocols so as to achieve this proposal. Even by standardizing in education sector we can achieve a common place to gain knowledge and we can use the services as according. We have also included the routing table below which depicts the actual scenario. I. CONCLUSION The model we have proposed is having its own advantages in case of security and backup. Due to a middle server technology in between the user and the cloud server we can easily track the user as well as the server in the cloud. We can also nexus both public cloud and private cloud together in one with hybrid clouds. Due to SSL security the security parameters are also taken into consideration. This model can help cloud computing and make it reach new ends. REFERENCES [1] Peter Mell and Tim Grance,”The NIST Definition of Cloud Computing”http://csrc.nist.gov/groups/SNS/cloud-computing/ [2] Architectural Requirements Of The Hybrid Cloud Information Management Online, February 10, 2010 Brian J. Dooley [3] http://cloudstoragestrategy.com/2010/01/cloud-storage-for-the-enterprise---part-2-the-hybrid- cloud.html By Steve Lesem on January 25, 2010 [4] R. Nicole, “Title of paper with only first word capitalized,” J. Name Stand. Abbrev., in press. [5] http://www.wikinvest.com/concept/Software_as_a_Service [6] Tim Mather, Subra Kumaraswamy, and Shahed Latif”Cloud Privacy and security” pp. 529– 551, September 2009: First Edition [7] "IBM Point of View: Security and Cloud Computing"Cloud computing White paper November 2009. [8] Zhidong Shen,2010 2nd International Conference on Signal Processing Systems (ICSPS). [9] Palivela Hemant, Hemant Wani “Development of Servers In Cloud Computin To Solve Issues Related To Security And Backup” (CCIS-IEEE Conference.Beijing ,China). 28