Though cloud computing is upcoming technology, potentially scalable solution to the business, but it is vulnerable to lot many security challenges. Protection of data is the most significant fuss in cloud computing. Therefore, over Internet cloud needs to be re-addressed on issues like, Data Security and Privacy. The casualty of Data loss or Data leakage can have immense impress on business. The act of averting Data leak is considered most crucial and important challenges. Similarly Data Segregation and Protection has substantial influence on information security. When multiple organizations share resources there is high risk of data misusage. To avoid menace, it is necessary to secure data depositories, also the data during transition and at storage. To improve the security in cloud computing, it is vital to provide access control for data stored in cloud.
The foremost areas in data security, which needs to be introspected, are as follows:
Data Confidentiality: Top probabilities are to be examined to assure that data is fenced from any attacks. So safeguard workouts has to be done to guard data from malignant users such as Cross-site Scripting, Access Control mechanisms etc.
Data Integrity: To provide protection to the data, a concept of thin clients can be used where only few resources are available. Users should not be allowed to store their personal data such as passwords so that integrity can be assured.
Data Availability: This is among the pertinent issues in the organizations facing downtime. Data procurement supposed to be practiced as per the mutual agreement between vendor and the client. As data is housed at cloud, the data is distributed over the hybrid, heterogeneous locations, so to fetch the location of data is toilsome. The spatial difference of data locations calls for better data privacy & compliance procedures to traverse those geographic differences.
Data Integrity: The data amendments, manipulations and modifications should be authorized to respective person ONLY. Every transaction over cloud should follow ACID Properties to preserver data integrity. As HTTP service is incapable to support transaction, it should be implemented in the API itself.
Data Access: The encryption techniques are adopted to assure, data is shared among authorize users, only. The use of public & private key distribution mechanisms allows users to access crucial data. The data security policies must be supervening.
Confidentiality: All type of data (Structured, Unstructured, Semi-structured) is stored on remote servers. Confidentiality of data is of prime importance. User should be aware of data storage locations & data privileges over cloud. Also, user should be equipped to clear data understanding and its classification.
Breaches: A data breaches over cloud occurs due to various reasons. The Infringement of data over cloud is very high because of multiuser and multi-tenancy environment.
Segregation: Data intrusion is very likely over cloud because of multi-tenancy environment. To store data by multiple users on cloud servers there is a possibility of data intrusion. By injecting a client code or by using any application, data can be intruded. Therefore, data segregation is a necessity to store data separately. Tools & Solutions like SQL injection aws, Data validation and insecure storage are very helpful to identify the Vulnerabilities with data segregation.
Storage: The concept of virtual machines is facing challenges of data storage, data accessibility & data reliability. Virtual machines, stored in a physical infrastructure may cause security risk. Data Center Operations has to have a reliable data transfer mechanisms. Organizations using cloud computing applications needs to be protected from data loss.
Solutions to Data Security Challenges Encryption is suggested as a better solution to secure information. Before storing data in cloud server it is better to encrypt data. Data Owner can give permission to particular group member such that data can be easily accessed by them. Heterogeneous data centric security is to be used to provide data access control. A data security model comprises of authentication, data encryption and data integrity, data recovery, user protection has to be designed to improve the data security over cloud. To ensure privacy and data security data protection can be used as a service. To avoid access of data from other users, applying encryption on data that makes data totally unusable and normal encryption can complicate availability. Before uploading data into the cloud the users are suggested to verify whether the data is stored on backup drives and the keywords in files remain unchanged. Calculate the hash of the file before uploading to cloud servers will ensure that the data is not altered. This hash calculation can be used for data integrity but it is very difficult to maintain it. RSA based data integrity check can be provided by combining identity based cryptography and RSA Signature. SaaS ensures that there must be clear boundaries both at the physical level and application level to segregate data from different users. Distributed access control architecture can be used for access management in cloud computing. To identify unauthorized users, using of credential or attributed based policies are better. Permission as a service can be used to tell the user that which part of data can be accessed. Fine grained access control mechanism enables the owner to delegate most of computation intensive tasks to cloud servers without disclosing the data contents.
A data driven framework can be designed for secure data processing and sharing between cloud users. Network based intrusion prevention system is used to detect threats in real-time. To compute large files with different sizes and to address remote data security RSA based storage security method can be used. In Conclusions, data security solutions should be provided to overcome these challenges and risk involved in cloud computing. Intelligent concrete standards for cloud computing security can be developed. To provide a secure data access in cloud, advanced encryption techniques can be used for storing and retrieving data from cloud. Also proper key management techniques can be used to distribute the key to the cloud users such that only authorized persons can access the data.