Though cloud computing is upcoming
technology, potentially scalable solution to the business, but it is vulnerable
to lot many security challenges. Protection of data is the most significant fuss
in cloud computing. Therefore, over Internet cloud needs to be re-addressed on issues
like, Data Security and Privacy. The casualty of Data loss or Data leakage can
have immense impress on business. The act of averting Data leak is considered
most crucial and important challenges. Similarly Data Segregation and
Protection has substantial influence on information security. When multiple
organizations share resources there is high risk of data misusage. To avoid menace,
it is necessary to secure data depositories, also the data during transition
and at storage. To improve the security in cloud computing, it is vital to
provide access control for data stored in cloud.
The foremost areas in data
security, which needs to be introspected, are as follows:
Data
Confidentiality: Top probabilities are to be examined to assure
that data is fenced from any attacks. So safeguard workouts has to be done to guard
data from malignant users such as Cross-site Scripting, Access Control mechanisms
etc.
Data
Integrity: To provide protection to the data, a concept
of thin clients can be used where only few resources are available. Users
should not be allowed to store their personal data such as passwords so that
integrity can be assured.
Data
Availability: This is among the pertinent issues in the organizations
facing downtime. Data procurement supposed to be practiced as per the mutual agreement
between vendor and the client. As data is housed at cloud, the data is
distributed over the hybrid, heterogeneous locations, so to fetch the location
of data is toilsome. The spatial difference of data locations calls for better
data privacy & compliance procedures to traverse those geographic differences.
Data
Integrity: The data amendments, manipulations and
modifications should be authorized to respective person ONLY. Every transaction over cloud should follow
ACID Properties to preserver data integrity. As HTTP service is incapable to
support transaction, it should be implemented in the API itself.
Data
Access: The encryption techniques are adopted to assure,
data is shared among authorize users, only. The use of public & private key
distribution mechanisms allows users to access crucial data. The data security
policies must be supervening.
Confidentiality:
All type of data (Structured, Unstructured, Semi-structured) is stored on
remote servers. Confidentiality of data is of prime importance. User should be
aware of data storage locations & data privileges over cloud. Also, user
should be equipped to clear data understanding and its classification.
Breaches: A data
breaches over cloud occurs due to various reasons. The Infringement of data over
cloud is very high because of multiuser and multi-tenancy environment.
Segregation:
Data intrusion is very likely over cloud because of multi-tenancy environment. To store data by multiple users on cloud
servers there is a possibility of data intrusion. By injecting a client code or
by using any application, data can be intruded. Therefore, data segregation is
a necessity to store data separately. Tools & Solutions like SQL injection aws,
Data validation and insecure storage are very helpful to identify the Vulnerabilities
with data segregation.
Storage: The
concept of virtual machines is facing challenges of data storage, data accessibility
& data reliability. Virtual machines, stored in a physical infrastructure
may cause security risk. Data Center Operations has to have a reliable data
transfer mechanisms. Organizations using cloud computing applications needs to be
protected from data loss.
Solutions
to Data Security Challenges Encryption is suggested
as a better solution to secure information. Before storing data in cloud server
it is better to encrypt data. Data Owner can give permission to particular
group member such that data can be easily accessed by them. Heterogeneous data
centric security is to be used to provide data access control. A data security
model comprises of authentication, data encryption and data integrity, data
recovery, user protection has to be designed to improve the data security over
cloud. To ensure privacy and data security data protection can be used as a
service. To avoid access of data from other users, applying encryption on data
that makes data totally unusable and normal encryption can complicate
availability. Before uploading data into the cloud the users are suggested to
verify whether the data is stored on backup drives and the keywords in files
remain unchanged. Calculate the hash of the file before uploading to cloud
servers will ensure that the data is not altered. This hash calculation can be
used for data integrity but it is very difficult to maintain it. RSA based data
integrity check can be provided by combining identity based cryptography and
RSA Signature. SaaS ensures that there must be clear boundaries both at the
physical level and application level to segregate data from different users.
Distributed access control architecture can be used for access management in
cloud computing. To identify unauthorized users, using of credential or
attributed based policies are better. Permission as a service can be used to
tell the user that which part of data can be accessed. Fine grained access
control mechanism enables the owner to delegate most of computation intensive
tasks to cloud servers without disclosing the data contents.
A data driven
framework can be designed for secure data processing and sharing between cloud
users. Network based intrusion prevention system is used to detect threats in
real-time. To compute large files with different sizes and to address remote
data security RSA based storage security method can be used. In Conclusions,
data security solutions should be provided to overcome these challenges and
risk involved in cloud computing. Intelligent concrete standards for cloud
computing security can be developed. To provide a secure data access in cloud,
advanced encryption techniques can be used for storing and retrieving data from
cloud. Also proper key management techniques can be used to distribute the key
to the cloud users such that only authorized persons can access the data.