I am currently online visiting Faculty faculty with Shepherd University this Fall semester 2021 and teaching Python, C# and C++.
Tuesday, September 28, 2021
Saturday, July 26, 2014
Dr. Tai Cleveland Practitioner Paper
Colorado Technical University
Article #2 in the Capstone Paper Option Submitted to
The Graduate Council
in Partial Fulfillment of
The Requirement for the Degree of
Doctor of
Computer Science with a concentration
in Enterprise
Information Systems
Department of Computer Science
By
Tai Cleveland
BS, Electronic Engineering Technology 1991, from NSU
Tahlequah, Oklahoma
MS, Information Systems Security, 2006 from CTU
Colorado Springs, Colorado
April 10, 2013
Tai Cleveland
Colorado Technical University
Impact of LAN/WAN on Database Security in the Cloud
Computing Environment
Abstract
Cloud computing has been gaining momentum as a business
platform due to its practically unlimited Internet-powered infrastructure as
well as its various advantages over proprietary applications. However, while
subscriptions to cloud-based services results in cost efficiency among users,
the open nature of the cloud computing environment exposes it to security
threats. The attractiveness of the cloud computing environment lies in the
simplicity with which organizations can enhance their information system and
almost effortlessly adapt to it. The very simplicity, which entices
organizations to the clouds, nevertheless renders it vulnerable to unscrupulous
entities that prey on corporate and confidential client data to serve their
selfish motives through unauthorized access.
As cloud applications and services operate in a virtual
environment, the open nature of the technology empowers businesses through data
and device independence, sharing capability, scalability, and agility. The same
virtual environment, however, makes database security a primary concern as the
openness of its enhanced virtual interfaces facilitates easy access and/or
transfer of information across computer channels. This renders cloud computing
a potential target for security attack vectors in the form of denial of service
(DoS), cloud malware injection, authentication, and man-in-the-middle
cryptographic attacks, among others. The mere fact that information is stored
in databases makes them critical areas for data security. The local area
network/wide area network (LAN/WAN) bridges the interconnectivity between
organizational users and cloud services, and this is one aspect of data
security in cloud computing which can benefit from further research. Therefore,
this study will attempt to assess the impact of LAN/WAN on database security in
the cloud computing environment.
Table of
Contents
Abstract........................................................................................................................................... 2
Table of Contents............................................................................................................................ 3
Introduction..................................................................................................................................... 4
Background of the Study.................................................................................................... 6
Problem Statement............................................................................................................ 11
Methodology................................................................................................................................. 15
Summary and Conclusions............................................................................................................ 17
References..................................................................................................................................... 19
Introduction
Security issues are a key concern in
cloud computing in the light of new security threats which evolve.vis a vis,
the rapid advances in Internet and information technology. It is thus
reasonable to expect that these threats will perpetuate within creasing use of technology.
New countermeasures are necessary to maintain the integrity of the information
technology systems susceptible to these threats (Michael & Denolt, 2010;
Sridhar, 2010). Security issues, therefore, constitute an enduring concern in cloud
computing (Verma & Kaushal, 2011).
Traditionally, data security models
are aimed at protecting the perimeter of the organization. In the more recent technology
environment, however, this approach is no longer sufficient. Particularly, in
the case of cloud computing, potential risks are as likely to come from within
the organization as from external sources. Among other critical procedures,
measures to control data corruption, access, disruption and loss must be
adapted to the new cloud computing paradigm. This poses a great challenge for
organizations which have migrated to the clouds because whether it is in the public
or private cloud, data is practically under the control of the service
providers (Wang, 2012).
Businesses that have migrated their
information systems to the clouds are at the mercy of data security being
offered by providers unless they opt to reinforce their data security at their
own costs. Needless to say, therefore, that data security is not guaranteed
fail-secured. Accordingly, cloud-enabled organizations are concerned with the
security of their information, especially with regard to exposure to
unauthorized parties. Moreover, attacks are changing to more sophisticated
forms to gain access to specific types of data and take control of valuable
corporate information.
Cloud computing offers a
multiplicity of advantages to business organizations, ranging from cost
efficiency to easier exchange of valuable data within various frameworks.
Nevertheless, businesses face many challenges with their migration from
traditional to open systems. As data travels through wired and/or wireless
networks, data protection is essential. Data protection is especially vital to
assure client confidentiality and security compliance for businesses. Being an
emergent technology, cloud computing will undoubtedly benefit from research
aimed at bolstering data protection and security. This alone provides a strong
justification for the conduct of the proposed study.
There
are a number of external factors which may affect the proposed study. The
factors include: Data location or database, otherwise data centers; network
topology of the underlying environment; data segregation; external servers,
especially when they are compromised; and pertinent regulations (Sangroya,
Kumar, Dhok & Varma, 2010). These will be explained in the next section.
One aspect of data security in the cloud computing
environment which can benefit from further research is the local area
network/wide area network (LAN/WAN). According to Cleveland (2009), LAN/WAN database
security is customized by cloud service providers in response to various
customer needs given the level of control the organization needs or requires.
However, data security offered by cloud service providers is usually not
sufficient which necessitates other ways of ensuring data security of the
LAN/WAN in the cloud computing database. Protection and proper reporting is
seen as a positive framework on which to formulate software to counteract
threats. Furthermore, increased awareness of Trojan and hacker attacks, as well
as other vector attacks, is crucial in being able to build a standard database
server security.
Ultimately, being prepared against the aforementioned
security attacks is viewed to be important in database security as LAN/WAN
systems are now integral to industry business practices. LAN/WAN systems are
vital as they assure faster data exchange and efficient information storage.
Furthermore, LAN/WAN networks facilitate ideal interconnectedness both in a
wired and wireless framework (Mather et al., 2009).
According to Lyon, (1997) devices connected to a LAN or to
the Internet by means of modern technologies that include well-known and
not-so-well-known ports increase the need for secure operation . Improved WAN
performance adds an extra degree of security by transporting data through
distinctive well-secured pipelines. Both LAN and WAN security implementations
are beneficial for both service providers and enterprises as they broaden
virtual networks outside their facilities, leading these security measures to
enhance higher network productivity (Cole, 2009). To facilitate strengthening
of data security in the cloud- computing environment through LAN/WAN, there is
a need to assess its impact in the cloud from the perspective of business
organizations subscribed to cloud services and service providers.
This proposed study will, therefore,
serve as a forum for organizations and providers to contribute their
experiences in securing their business data in the cloud, particularly with
respect to LAN/WAN. Inputs from the study will eventually be synergized to
develop a best practices approach that could lead to better infrastructure
development as explained in Rittinghouse and Ransome (2009). To this end, it is
hoped that organizations who have harnessed cloud computing utilities will be
able to effectively monitor data exchanges, especially in terms of securing
access from the back to the front- end portions of the system. This is integral
to intelligent security management, and the proposed study will be instrumental
in rendering a higher level of data security in the context.
Background of the Study
Hackers take advantage of open systems by striking during
data transfers as more companies are entering the cloud-computing environment
(Dumas, 2013).Computer security experts, therefore, cite the need to safeguard
memory, CPU, storage, and program execution in order to mitigate any security
attacks. LANs and WANs are at the core of cloud services as these networks
serve as links between the providers and consumers of cloud-based applications
and other utilities (Lin & Devine, 2010),
Accordingly, the main challenge in the LAN/WAN system is the implementation
of proper distribution channels where encryption algorithms are used while data
is being transferred over the Internet. A case in point would be wireless LANS
using the IEEE 802.11b technology standard since encryption here can easily be
broken. Once encryption is broken, the corporate network can be illegally
accessed and hackers can intercept data being transmitted at will (Joshi,
2004).
Furthermore, the lack of well-defined security
standardizations should be emphasized. There is a lack in transparency with
respect to security measures and processes applied by cloud service providers.
Cloud consumers currently have to trust their providers that the services they
are subscribed to are compliant with current security standards. To illustrate,
a formidable establishment renowned for its online business and one of the
pioneers in cloud-based technology announced in 2010 that it is compliant with
ISO 27001 and PCI DSS Level 1, which are baseline security measures for
traditional computing. The problem, however, is that to date, “no agreed
standard criteria for running a secure cloud infrastructure exist” (Doelitzscher,
Reich, Knahl & Clarke, 2013, p. 130). The question of whether the security
standards for traditional computing apply to cloud based computing has not yet
been settled.
The rate in which organizations are transferring from
traditional models of computing into the new software architectures is also a
security alarm making it necessary to become aware of new threats and
vulnerabilities. Many cite the lack of ERP and operating systems in business
applications as a striking vulnerability whereby many virtual business
transactions create increasing security problems (Rittinghouse & Ransome,
2009). Access control can, therefore, be enhanced to mitigate the risks of
compromising the security of corporate and client information (Buyya, et al.,
2011). In this regard, LANs and WANs are potential areas for tightening access
control to bolster data security by virtue of their function in the cloud
computing architecture.
A
number of external factors are, however, believed to influence data security in
cloud computing. Data loss or data security threats cannot be assumed on just
one point of failure, because data may be located at various geographically-distributed
nodes in the cloud. Thus, there are multiple points where data security may be
compromised in the cloud. Organizational and individual users of cloud
computing services generally do not have knowledge of the underlying network
topology of the cloud-based service they are subscribed into. They are,
therefore, constrained by this impediment in cases where clients may want to
supplement data security on their end (Sangroya, Kumar, Dhok & Varma,
2010).
Data
stored in the clouds are usually shared in the same environment as other data.
The common approach of encrypting data to prevent unauthorized users from
benefitting from hacked data does not present a sufficient solution for
security problems pertaining to data segregation. In cases when cloud servers are
compromised, shutting down servers to protect data will result in
unavailability of data, which is as challenging as data loss or unauthorized
data access for business organizations. Additionally, compliance to emerging
cloud regulations by government bodies may also exert some influence on the
data security since cloud service providers are subject to adhere to security
audits (Sangroya, Kumar, Dhok & Varma, 2010).
The development of the cloud as a
business system was pioneered by Amazon.com, with multiple data centers
utilized based on a utility computing basis. This trailblazing practice further
enhanced their operational efficiency as an online retailer. The firm
successfully maintained their database security by prioritizing protection of
their LAN/WAN system(Reese, 2009). Amazon’s cloud model implemented technology
to facilitate provision of more control for their clients via the LAN/WAN
system. While off-premise data storage in Amazon’s data centers are subject to
connectivity and latency constraints between the clients’ LAN and the data
centers, security measures, particularly encryption, strengthened database
protection (Hurwitz, Kuafman, Halper & Kirsch, 2012).
The cloud architecture has since
been developed by other companies such as Google and IBM with strides in the
improvement of the security systems. The current trend is to transfer company
owned hardware and software assets and sharing systems on a per-service basis.
This amasses huge savings for the company with the reduction of cost- upkeep
expenditures on their end (Reese, 2009).
As the Internet and online retailing has boomed since the
new millennium, the lack of standardization has led to the creation of a Cloud
Security Alliance by eBay and ING, among others, in order to promote best
practices in the industry. The alliance has since been adopted as a platform to
share information and security experiences with other computer technology
experts (Messmer, 2009). Forming alliances presents an opportunity for
organizations to partner with cloud providers to help reduce their overall risk
exposure. Accordingly, the alliance group has announced fifteen domain areas of
concern that should be prioritized for organizations in order to assure database
security in a LAN/WAN system. These are governance and enterprise risk,
information and life-cycle management, compliance and audit, e Discovery, which
is production of electronically stored
information (Buyya,
Broberg & Gościński, 2011), encryption
and key management, application security, identity and access management and
incident response. Other technological groups such as Sun Microsystems, VMware
and IBM have cited portability, interoperability and monitoring as key security
issues in a LAN/WAN security database (Rittinghouse & Ransome, 2009).
The rate at which businesses use on-demand
cloud computing is noteworthy, as adoption rates have doubled annually(Buyya,
Broberg & Gościński, 2011). However, businesses
must be able to adapt to cloud technology without hampering their own daily
operations. Security issues constitute an enduring concern in cloud computing
(Verma & Kaushal, 2011).Ironically, security threats evolve in tandem with
technology and new countermeasures are
necessary to maintain the integrity of the information technology systems
susceptible to these threats. It is thus reasonable to expect that the threats
will rise with the increasing use of technology (Michael & Denolt, 2010;
Sridhar, 2010).
The main issues of database security on a LAN/WAN
cloud-computing environment are the lack of standardizations, business models,
and varying opinions on sources of security threats. Furthermore, the increase
in the number of security providers is adding confusion for organizations as
how tobest address the issues at hand. Database security is a top priority, but
balancing this with the cost savings of adopting a cloud-computing environment
creates a myriad of problems for users and organizations. An additional problem
is the availability of experts in cloud computing technology is few as it is
only an emerging technology (Gnanasundaram & Shrivastava, 012). Moreover, manycite the rate of change of an organization’s security
measures are lower compared to the ability of hackers to create software
programs that are aimed to steal confidential information ( Lambert, 2005;
Mather, et al., 2009; Jackson, 2012) . This indicates the need for industry
experts to formulate stronger alliances to counteract looming security risks in
the horizon (Mather et al., 2009).
Problem Statement
Cloud computing is seen as an advantageous technological
advancement being adopted by many industries globally. Its sharing mechanism
generates faster savings and higher profit margins that are beneficial to many
businesses. Meanwhile, Information sharing in a LAN/WAN security database is
vulnerable to security risks under a cloud-computing environment. This is due
to the use of the Internet to transfer data from front- to back-end users. It
is even complicated more with the use of multiple servers storing and sending
data across various computers. Therefore, before adopting cloud computing, it
is imperative for organizations to consider the security system before
embarking on a company-wide infrastructure shift.
The cloud computing architectural environment must be robust
against security threats and physical defects in order for the company to
optimize gains. This will require an understanding of the risks inherent in
cloud computing by applying best practice methods and following legal
compliance guidelines (Rajan, 2010). Any technology
solution which enhances company operations and/or financial performance will
have its own drawbacks. The attractiveness of cloud computing in terms of
expanse and flexibility is countered by underlying threats to security.
Companies should, therefore, weigh their options very carefully before changing
to the new technology.
The age of infallible database security systems no longer
exist, especially with the open nature of cloud computing environments. As
such, the realization of threats is necessary in order to mitigate security
risks in its adoption (Mather et al., 2009). If, indeed the advantages of
migration into the cloud offset the risks to security that an organization may
be exposed, such risks should nonetheless be manageable. The impenetrability of
LANs and WANs from unauthorized intrusion during data transmission, and even
during storage, presents a viable direction for enhanced security measures. To
this end, a deeper knowledge of the impact of LANs and WANs in database
security in the cloud environment offers a potent area for research.
A key motivation for the research is the opportunity to address
the challenges database security face especially in assuring public
confidentiality and privacy. More over, the Internet and cloud computing are invaluable
tools in the business process. Optimizing the advantages of cloud computing is
crucial for industries so that they can harness the power of the Internet to
improve their financial performance.
The objective of this study is, therefore, to promote best
practices in the industry while developing security software programs to
address security risks. It is, likewise, equally important to conduct an
intelligent management and resource allocation of cloud computing providers in
order to build a reliable and efficient business infrastructure model that satisfies
both companies and consumers in terms of cloud services and data security. Best
practices, however, do not exist in a vacuum. Data security practices which one
company successfully implemented on their end need to be communicated with
comparable organizations to verify whether the practice is generally applicable
to other companies or uniquely useful to just one organization. It is hoped
that Inputs from other firms can help develop one company practice into an
industry best practices network.
The expected outcome is to promote a better understanding
of LAN/WAN database computing security in a cloud-computing environment to the
general public. Significantly, basic security measures can be initiated for
small to medium sized companies in order to protect the interests of all
parties within the system of networks. The promotion of a best practices
approach is to build mutually beneficial relationships with providers and users
creating a strong virtual organization. This serves as a preventive method for
data loss, insider threats, and organized crime using high-tech methods that
will be ultimately advantageous for all users.
Cloud computing is the technology of the future. With
Internet technology advancing in leaps and bounds, virtual computing in the cloud
is the ultimate technology to learn more about in the next decade. A synergy of
expert knowledge and crucial company experiences of cloud service providers and
consumers can help elevate cloud computing into the next level where data is no
longer a hindering threat, but a facilitating opportunity for corporate growth
and expansion.
The SaaS or “Software as a Service” is seen to be the most
vulnerable, wherein hackers can easily use this route to enter the business
database and information technology systems. Experts cite that newer systems
are, in fact, more susceptible than traditional computer architectures as cloud
computing, in effect makes business operations seem to have fewer boundaries.
The invention of other electronic gadgets such as the PDA and the laptop is
also a source of security threats, especially with their ability to store
customer information as high as 8GB. All of these gadgets also contain private
information that lacks encryption methods. More importantly, the ability to
transfer data between computers is also a source of data loss within companies,
making it necessary to apply physical security measures. This includes
monitoring all sources of information whether electronic, hard copy or in
transit (Mather et al., 2009).
Amongst all these sources is the ability to monitor transit
information in a LAN/WAN system as firewalls and intrusion detection systems
serve as the current best practices in information security. The promotion of
regular risk evaluations is also necessary by auditing risk threats for
businesses under a cloud-computing environment. Other than data loss is data
leakage, as mobile technologies make it easier for hackers and even employees
to use data and transfer information. This has increased the call for the
development of data loss prevention systems to be included in the LAN/WAN
security of database in a cloud-computing environment. By installing this
software, compromised computers with data leakage and mobile technology
invasion can be prevented, thereby reducing the risk into manageable monitoring
facilities (Mather et al., 2009).
The cloud-computing environment has highlighted the need
for de-parameterization, wherein a collaborated oriented architecture is
advocated. It is through this manner that organizations and security experts
can conduct securing collaborations with various vendors and online customers.
This will result in a forum-type sharing that will allow the development of
technology that suits customers and organization’s needs. An open style
communication system is seen to be advantageous for all concerned, as it is a
mode for information sharing of security practices (Mather et al., 2009).
Collaboration forums will help organizations form
partnerships with security consultants to determine the latest threats. This is
especially vital in cases where organizational crime is viewed to have
penetrated LAN/WAN database security systems by as much as thirty percent. This
exploitation figure is only an estimate as experts cite fraudulent activities
are rising by more than twenty percent globally per year. High tech criminals
are estimated to profit at least $200 million dollars in combined data theft,
phishing and hacking activities. The Internet is, in fact, a large area of
concern for LAN/WAN database security mainly through the large number of transactions
ongoing at any given time. This impacts the organization’s ability to properly
do data tracking through the system (Mather et al., 2009).
The virtual characteristic of the LAN/WAN in cloud
computing is evidence of its key strengths and inherent weaknesses, especially
in attacks using mobile malware. Industrial espionage is also crucial with the
apparent weaknesses of Web 2.0 technologies. Business models are seen to be
vulnerable to attacks as they shift from traditional to cloud models creating
large problem areas in terms of becoming indiscriminate victims to hacker
attacks. This results in emphasizing the need for collective action by organizations
under the cloud-computing environment. Protection and proper reporting is seen
as a positive framework to formulate software to counteract threats.
Furthermore, increased awareness of Trojan and hacker attacks is crucial in
being able to build a standard database server security. Ultimately, this is
viewed to be particularly important in database security as LAN/WAN systems are
now integral to industry business practices. LAN/WAN systems are vital as they
assure faster data exchange and efficient information storage. It facilitates
ideal interconnectedness both in a wired and wireless framework (Mather et al.,
2009).
Forums are expected to develop an open standards framework
for cloud computing security as this is currently being supported by HP, IBM,
AMD and Microsoft. The need for standardization is apparent in order to build
integrity into the LAN/WAN system. A multifaceted approach is necessary in
creating a security framework that encompasses many domains e.g. private,
public, virtual and non-virtual entities. This multi-tenant approach is seen to
be the most viable in building an end-to-end security environment (Mather et
al., 2009).
Methodology
According to Cleveland (2009) LAN/WAN database security is
customized to the various customer needs given the level of control the
organization needs or requires to give up to the cloud service providers.
However, this is not sufficient, necessitating the inculcation of other ways of
ensuring LAN/WAN data security in the cloud computing data base. One of these ways
is encryption. End-to-end data encryption adds encryption to communication
paths ensuring only the intended party having the correct identity accesses the
data in a LAN/ WAN platform.
For further security of data in a cloud computing system,
each cloud service should be secured and must have its encryption turned on.
Another way of securing a database is by the use of the Hashing Method of
cryptography, where the information cannot be decoded until the person wishing
to access it matches the hash value of the new message as required (Stallings,
2007). Moreover, data in databases should be backed-up using modern
technologies such as RAID technologies to ensure that, in case of any
eventuality where the data becomes corrupted or deleted, processes can be
restored swiftly with minimum losses in data, especially in the most sensitive
ones.
According to Lyon, (1997) devices connected to a LAN or
connected to the Internet by means of a modem, run many services that watch both
well-known and unknown ports which increase the need for secure operation
platforms. Improved WAN performance adds an extra degree of security by
necessitating data to be transported through distinctive pipelines that are well
secured. Both LAN and WAN security implementations are beneficial for both
service providers and enterprises as they appear to broaden virtual networks
outside their facilities leading to these security measures enhancing higher
network productivity (Cole, 2009).
The research design will be exploratory in nature, using
quantitative and qualitative research methods. The use of second-hand materials
such as academic books and scholarly materials will be an invaluable resource
in meeting the research objectives. These objectives are to ascertain the
effectiveness of forums as an ideal source of standardization in LAN/WAN
database security systems and whether this is an effective tool in developing
new security technologies. Second, a collection of best industry practices in
security measures will be conducted to contribute to existing literature on the
subject. This will add to the breadth of knowledge in applying basic security
measures and complex security protocols.
The research philosophy will be descriptive: Gathering data
from known technological companies and security providers. A qualitative
approach will be applied in soliciting first hand sources to determine the
effectiveness of current practices and security breaches if any. It is crucial
to understand security concerns in the LAN/WAN system, especially gathering
experiences from companies that have adopted cloud-computing environments.
Furthermore, understanding the related substantive issues will be highlighted
wherein the methodological design of this undertaking is viewed to be
advantageous to the researcher. The final goal is to search for an optimal
solution against security risks through an analytical framework.
Summary and
Conclusions
The advantages of cloud computing are many, from cost
efficiencies to easier exchanges of valuable data within multiple frameworks.
Security developers today face many challenges with the large migration of
organizations from traditional to open natured systems. Data protection as it
travels through either a wired or wireless network is necessary. This is
especially vital to assure client confidentiality and compliance for
businesses. Being able to monitor data exchanges is integral to intelligent
security management especially securing access from the back to front end
portions of the system. Significantly, a forum will provide an avenue for all
organizations and customers to develop a best practices approach that is seen
to lead to better infrastructure development (Rittinghouse & Ransome,
2009).
The cloud
computing architecture using a LAN/WAN system has the advantage of
virtualization and application centralization, wherein in database security, it
can be prioritized in order to promote further growths. Security protocols can
be initiated by software systems that include firewalls and intrusion detection
features that protect all network users. More importantly, the shared system
creates a dynamic environment that makes it difficult for hackers to penetrate.
Furthermore, this highlights the human element in database security management
wherein insiders can instigate threats. A deeper understanding of basic and
complex database security approaches are viewed to develop a long-term security
strategy that is a progress of intelligent
References
Buyya, R.,
Broberg, J., & Gościński, A. (Eds.). (2011). Cloud computing: Principles and paradigms. Hoboken, N.J.: Wiley.
Doelitzscher,
F., Reich, C., Knahl, M. & Clarke, N. (2013). Understanding cloud audits,
In S. Pearson & G. Yee (Eds.), Privacy and security for cloud computing
(pp. 125-166). London: Springer.
Dumas, M. B.
(2013). Diving into the bit stream: Information technology meets society in
a digital world. New York, NY: Rutledge.
Gnanasundaram,
S. & Shrivastava, A. (Eds.). (2012). Information storage management:
Storing, managing, and protecting digital information in classic, virtualized,
and cloud environments (2nd ed.). Indianapolis, IN: John Wiley
& Sons.
Hurwitz, J.,
Kaufman, M., Halper, F. & Kirsch, D. (2012). Hybrid cloud for dummies.
Hoboken, NJ: John Wiley & Sons.
Jackson, G. M.
(2012). Predicting malicious behavior: Tools and techniques for ensuring
global security. Indianapolis, IN: John Wiley & Sons.
Joshi, V. C.
(2004). E-finance: Log in to the future. Thousand Oaks, CA: Sage Publications.
Lambert, L.
(2005). The Internet: A historical encyclopedia. Santa Barbara, CA:
ABC-CLIO - MTM Publishing.
Lin, G. &
Devine, M. (2010). The role of networks in cloud computing. In B. Furht &
A. Escalante (Eds.), Handbook of cloud computing (pp. 65-82). London:
Springer.
Mather, T., Kumaraswamy, S. & Latif, S. (2009). Cloud security and privacy: An enterprise perspective
on risks and compliance. New York: O'Reilly Media.
Messmer, E. (2009). Cloud security alliance formed to
promote best practices: eBay and ING are among founding members. Retrieved
from http://www.networkworld.com/news/2009/033109-cloud-security-alliance.html
Rajan, S. (2010). Cloud security series-Sarbanes Oxley compliance.
Retrieved from http://cloudcomputing.sys-con.com/node/1622079.
Reese, C. (2009). Cloud
application architectures: Building applications and infrastructure in the cloud.
New York, NY: O'Reilly Media
Rimal,
B. R., Choi, E. & Lumb, I. (2010). A taxonomy, survey & issues of cloud
computing ecosystems. In N. Antonopoulos & L. Gillam (Eds.), Cloud
computing: Principles, systems and applications (pp. 21-46). Heidelberg,
DEU: Springer Science + Business Media.
Rittinghouse, J. & Ransome, J. (2009). Cloud computing: Implementation, management,
and security. Boston, MA: CRC Press.
Sangroya, A., Kumar, S., Dhok, J. & Varma, V. (2010).
Towards analyzing data security risks in cloud computing environments. Communications
in Computer and Information Science, 54, 255-265.
Slabeva, K. S. & Wozniak, T. (2010). An introduction to
cloud computing. In K. S. Slabeva, T. Wozniak &S. Ristol (Eds.), Grid
& cloud computing: A business perspective on technological applications.
Heidelberg, DEU: Springer Business + Media.
Verma, A. & Kaushal, S. (2011). Cloud computing
security issues and challenges: A survey. In A. Abraham, J. L. Mauri, J. F.
Buford, Suzuki, J. & S. M. Thampi (Eds.), Proceedings from ACC 2011: The
First International Conference on Advances in Computing and Communications
(pp. 445-454). Heidelberg, DEU: Springer Science + Business Media.
Dr. Tai Cleveland Academic Paper
Article # 2 in the Capstone Paper Option Submitted to
The Graduate Council
in Partial Fulfillment of
The Requirement for the Degree of
Doctor of Computer Science with a concentration
in Enterprise
Department of Computer Science
By
Tai Cleveland
BS, Electronic Engineering Technology 1991, from NSU
MS, Information Systems Security, 2006 from CTU
March 20, 2013
Table of Contents
Abstract
The security
of networks is essential to the success of cloud computing architectures. The
number of users of cloud computing technology is rapidly increasing,
emphasizing the need for information security in a cloud-computing environment.
The databases that enable cloud computing environments need to be secured and
securing networks that allow access to these databases is essential to the
overall goal of providing information security in the context of cloud
computing. One security issue in cloud computing is to protect sensitive data
from hackers, especially since this data can be penetrated either locally or
remotely in the context of external management of security-based services. As a
result, finding new ways to increase security of services in the
cloud-computing environment is crucial. The importance of networks in
maintaining database security in a cloud-computing environment is increasing as
the array of security threats to the networks is becoming more sophisticated.
The challenges include the porous perimeters because of the
collaborative nature of cloud computing and higher security measures for personal
computers, laptops, tablets, and mobile devices. The security threats come in
many forms such as intrusions, malwares, worms, and viruses. These threats can
travel across the boundaries of the network and are even able to bypass network
security perimeters. As such, the need to develop better security measures are
vital, and this can only be accomplished
by making a thorough evaluation of the impact of network on database security. The current practices include network access
control measures such as compliance verification, security patches, anti-virus
signature files, identity policies and user authentication protocols. In this
paper, we will some of the key research questions associated with this issue.
We follow it up with a discussion on the current state of security measures
through a comprehensive review of latest literature. This research has
attempted to investigate the network security issues of cloud computing framed
by existing literature, the researcher’s professional experience in networking
and data security, a small-scale exploratory survey, and an analytical research
procedure. To answer the research
questions, the paper gives details of the five layers of security that include
perimeter, network, data, application and host. The contents included in this
paper focus on network security issues in cloud computing such as the denial of
service, pot scanning, network sniffing, and man-in-the-middle-attack. We also take a look at software security
issues such wrapping of the XML signature, browser security, and malware
injection in the context of network security issues facing the cloud computing.
Section
1: Introduction
Cloud computing has become essential
to the economical and scalable growth of information technology. The
dynamics that cloud computing offers in terms of on-demand computing facilities
bolster organizational operations with new options for harnessing the benefits
of information technology (Krautheim, 2009). Cloud computing builds on external
collaboration to transform libraries into powerful repositories of information
and knowledge (Scale, 2009). It also
offers innovation for enterprises through computing by changing it into a more
cost-efficient massive cluster of resources for large, corporate-scale data
mining (Shroff, 2010). The foregoing examples showcase how cloud computing offers scalability, cost-effectiveness, and
flexibility among other advantages.
However, in keeping with IT innovations, and the fact that cloud
computing is a new technology, it raises quite a number of issues and
challenges associated with many of the latest technologies. Most of these
issues focus onthe security aspects of cloud
computing (Krautheim, 2009).
Security in cloud computing
necessitates complete awareness of the threats to information that it transmits
and stores, the network where information flows, and the infrastructure which
supports its operations (Krautheim, 2009). One
opportunity which may possibly be explored to neutralize the threats to cloud
computing is its architecture. It has a front-end section and a back-end
section (Avresky, Diaz, Boder, Ciciani& Dekel, 2009). The front-end
section is anything that uses the cloud services – it
may be end users, clients, or applications. The back-end section is a network
of servers with computer programs or applications and data storage or the
database (Dave, 2009). Accordingly, the focus of this research is to identify
the security threats to those networks of servers, applications, and databases,
also known as the backend section of the cloud environment or architecture.
This research will also review how network security impacts the database
servers which house the most critical items in the cloud environment data
(Sunke, 2012).
The back-end in the cloud context is very similar to the
architecture of any massive data center, but the data center is shared among
users much more in the clouds than in any previous technology (Birman,
2012). The Local Area Network (LAN) in
the back-end section of the cloud environment must, therefore, be secured from
its access point, and be layered with security protocols inside the network.
Layered security is aimed at maintaining ample initiatives to ensure security
in different levels of the cloud environment. Security at access points may not
be enough to protect the network because it can be breached. Inside the host,
security must also be layered around the servers as a whole so that they can
provide additional layers of security, so that even if one layer is breached,
another can prevent further damage (Rittenhouse &Ransome, 2012). Figure 1
shows some of the key layers of security in a networked environment: the
perimeter, the network, servers, applications, and data. We will look into
these aspects of security in more details later in the paper.
Figure 1: Layers of Security
Policies must be set up in the LAN to elevate the local
networks’ security. Continuous checking, monitoring and auditing of compliance
with the policies must be conducted. Network policies may include no response
on certain websites. Other methods that can be used include authorization
procedures on certain objects in the network, thus providing another layer of
security.
From a technical viewpoint, the layered security approach
secures the cloud computing environment in five different levels: The
perimeter, the network, the host, the application, and the data. From
experience, there are a number of security initiatives applicable for each
different level of security. However, the applicability of security measures
should always be evaluated throughout the enterprise. For example, at the
perimeter which is the outermost layer of security, protection can be enhanced
through the use of firewalls, network-based anti-viruses, or virtual private
networks (VPN). There are always advantages and disadvantages in using any
technology for security.
All the three aforementioned measures have been available
for quite some time and any IT department staff should be well-acquainted with
this technology in terms of their operational requirements and their capability
to provide the needed protection. However, it should also be considered that
aside from the legitimate IT experts, hackers, and other unscrupulous elements
in the digital world are also quite familiar with these technologies and have
contrived ways to get around the security defenses offered by such
technologies. An example would be the anti-virus software, which works as long
as the software algorithm already has the signature of the virus or if the
virus is known to the anti-virus program.
Meanwhile, an encrypted VPN network still works very well,
but experience-wise, it is cumbersome from the perspective of many IT
department staff since this initiative places an administrative encumbrance in
the management of the associated encryption keys and maintenance of user groups
required on a regular basis. The aforementioned measures will not always work
the same way in the cloud environment. The perimeter level is not well defined
in the cloud environment for organizations which rely on Platform as a Service
(PaaS) and Software as a Service (SaaS) because of multi-tenancy. In these two
types of deployments, a client company has the option to configure their cloud
security, but, since services are shared in the cloud with other firm clients
of the cloud service provider, technically, containment of cloud security in
the perimeter level may be lost (Halpert, 2011).
The LAN must deploy applications that can sniff attackers,
and make sure that data goes to the client that made the request. This calls
for the network which is the second layer of security for the cloud
environment. The network level refers to a firm’s internal LAN and itsWAN, and
is the mainfocus in this paper. For a single organization, the network level
includes desktop computers and servers as well as relay connections to off-site
office locations (Ashley, 2003). Many networks, particularly, those in the
clouds are open behind the perimeter. Therefore, once malicious elements have
penetrated the network, chances are, these elements can travel through the
network without difficulty. This condition is prevalent among small and even
medium size firms.
From practice, there are at least three common security
measures are typically adopted for the network-level: Intrusion protection
systems (IPS) and intrusion detection systems(IDS); tools for assessment of
vulnerability (VA); and access control or user authentication (Patil et al.,
2012). Any undesirable elements which may pose a threat for information
security in cloud settings which can pass through firewalls are intercepted
through IDS/IPS and VA technologies. VA tools serve to automate the checking of
network vulnerabilities. Manually checking for vulnerabilities is impractical,
if not impossible, owing to the frequency required for the checks to be made in
order for them to make a difference in network security. Figure 2 shows a
sample of VA tool developed by Latls Networks firm called Vulnerability
Assessment and Management (VAM). The VA tool identifies all network vulnerabilities
and validates vulnerability repair processes. The products included on this VA
tool include server, desktop and remote vulnerability assessment management.
The VAM products as shown by the figure manage and assess vulnerability on
different segments of firm’s network. The figure shows VA tool installation and
the products included in the tool can use a single machine and manage network
from a single user interface. The layered security approach defends and
protects against common attacks and threats that affect network security. The
shaded regions in the figure show how VA products functions and the common
threats dealt with by the layered security model.
Figure 2: Layered Network Security Approach
Source:
Ashley, M (2003). Layered Network
Security: A best-practice approach.Latis Networks, Inc.
From years of working with these network-level security
technologies, various weaknesses have been observed. Particularly IDS
technologies are prone to false alarms, which alert the IT department of an
organization of intrusion even if there is none (Patil et al., 2012). Another
disadvantage of IDS technologies is that the frequency of false alarms can
either cover or bury real malicious elements attempting to intrude the network
security system. By experience, with the passage of time and the frequency of
false alarms, IT personnel mayget insensitive of intrusion alerts similar to
how the boy who cried wolf in popular folklore was ignored by the people
thinking that the call for help was not for real.
Additionally, while Ashley (2003) indicated that most IDS
products commercially available have IPS in their core, the challenge of
maintaining an optimum IPS/IDS system is borne by the IT security staff. Poorly
optimized systems eat up resources, and worse, deny or terminate data requests
from legitimate users. Another aspect to consider is that access control
technologies available commercially or as integrative solutions by network
security providers may not be compatible with an organization’s network devices.
Solving this problem by using a number of access control systems entails
additional costs. The most problematic aspect of such incompatibility issues
observed from practice was that of using an integrated solution even from
providers with good reputations opens up more hazards than protection to the
network. As indicated by Ashley (2003, a more experienced practitioner in data
networking and network security observed that “implementing an integrated
solution across your network may be difficult. Such a patchwork, multi-product
approach may actually introduce additional vulnerabilities to your network”.
It is, therefore, important that the cloud environment set
up its authentication procedure properly to identify and intercept intruders
and hackers invading the network. Authentication procedures distinguish between
genuine clients on one hand, and viruses, worms or malicious attackers on the
other. This prevents or avoids virus, worms, or any other malicious items or
deliberate attacks from infiltrating the cloud’s network of servers.
Authenticating all users requesting access to cloud services ensures that only
persons and programs which have been approved can gain access to the cloud
(Chang, Jang, Ahn, Choi, 2011).
The third layer of
security for the cloud environment is host security level, which pertains to
devices such as routers, switches and servers. Devices used in the host level
have configured parameters that must be set in an appropriate manner to avoid
creation of exploitable security holes (Paquet, 2009). Some examples of
parameters included in the host security level are registry settings and
services on patches and device. To provide security at the host level, there
are technologies such as Host-based Vulnerability Assessment, Host-based Intrusion
Detection System, Anti-Virus, and Network Access Control. The host-based IDs
are similar to network IDs in performance. However, the major difference is
that host IDs uses a single network device. Host IDs are characterized by a
high degree of protection in cases of proper administration. The second
technology is Host-based VA tool, and it is used in scanning single network
device in security vulnerability. The devices are accurate, making it possible
for them to make minimal demands on the resources used by hosts. These must be
properly administered for them to provide the required security. Network access
control as a network access control technology used in the host level protects
individual host and the network. The control ensures that the host has all the
required security measures such as firewalls. Anti-virus applications are
another technology that provides security in the host layer. However,
technology must be used together with network tools based on anti-virus.
Application security is the third layer of security in
cloud environment, and it has received increased attention (Ashley, 2003). Applications that are not properly protected provide an
opportunity for unauthorized people to access confidential records and data.
Technologies that provide security at the application level include application
shield, input validation, and access control. Application shield is a type of
application-level firewall. The application ensures that both request that are
outgoing and incoming have permissions from given applications. To perform
their tasks, the application shields are installed on database servers, email
servers and web servers. The major advantage of application shield is that it
is integrated on the backend, but transparent to the end users. Securing a
web-based application may require some of the following measures:
·
Input Validation: How
do you know that the input your application receives is valid and safe? Input
validation refers to how your application filters, scrubs, or rejects input
before additional processing.
·
Authentication: Who are you? Authentication is the process
that an entity uses to identify another entity, typically through credentials
such as a user name and password.
·
Authorization: What
can you do? Authorization is the process that an application uses to control
access to resources and operations.
·
Configuration
Management: Who does your application run as? Which databases does it connect
to? How is your application administered? How are these settings secured?
Configuration management refers to how your application handles these
operational issues.
·
Auditing and Logging:
Who did what and when? Auditing and logging refer to how your application
records security-related events.
·
Exception Management:
When a method call in your application fails, what does your application do?
How much does it reveal about the failure condition? Do you return friendly
error information to end users? Do you pass valuable exception information back
to the caller? Does your application fail gracefully?
·
Session Management: A
session refers to a series of related interactions between a user and your Web
application. Session management refers to how your application handles and
protects these interactions.
Data security is the fifth level of the layered security in
cloud computing environment (Ashley, 2003).
The level contains encryption and a blend of policies. The level recommends
that all data should be encrypted at all stages in support of other security
measures. Encryption of data protects it across network depending on
organizational policies that gives details on the people authorized to access
data. Technologies used in the data security level include encryption and user
authentication or access control. In the user authentication, it is only the authorized
users who can get access to data as in other levels of security such as
application, host and network. Implementation of data encryption is implemented
at the operating system, application and data level. The most commonly
encryption strategies used in the data level include PKI-based encryption
strategies such as RSA and PGP (Bidgoli, 2006).
The afforested scheme is, however, easier said than done in
the cloud. In the security management context of technologies prior to cloud
computing, security policy may be achieved by a combination of automated and
human interaction. The same is not sufficient and practical in the cloud
environment, where the security requirements call for more sophisticated
operations. Particularly, as delineated in Chang, Abu-Amara, and Sanford
(2010):
These
requirements influence the management of IT resource operations, IT SP’s
interactions with external actors in Cols, and service customers’ behaviors in
relation to the security offerings. They impact the baseline architecture of
the service framework, service usage patterns, application regulations, service
monitoring capability, and accessibility of users or user groups (p. 259).
The foregoing discussion brings back the core
of cloud computing security to network
architecture as indicated in Chang, et al. (2010), and focuses the spotlight back on the impact network
security in supporting and protecting data in the cloud. This is because the basic interface of the
integrated cloud computing system is to the client organization’s enterprise
LAN which in turn in connected to the WAN (Norman, 2007).
Cloud computing
consists of a group of IT services that are delivered to a consumer over a
network on a chartered basis, and with the capacity to scale up or down their
service demands. In most cases, cloud computing services are distributed by a
third party with infrastructure ownership (Glisic, 2011). To date, it is a
rapidly emerging technology owing to the benefits it offers to business
organizations. A few of its advantages include its contributions to resilience,
outsourcing of non-essential activities, flexibility, scalability, and
efficiency. However, despite the potential gains that have been realized from
cloud computing services, a number of organizations are reluctant in embracing
the technology due to its limitations, particularly security-related concerns
linked with it (Wood et al.,
2009; Van der Molen, 2010).
The concept of
handing over confidential information to a third party company may prove
worrisome, and customers need to be cautious in comprehending the risks of data
violation in this computing environment. For this reason, security issues in
network computing environments have become the greatest hurdle (Mansfield
&Antonakos, 2010) to its reception. Moreover, safety issues (Filial and
Erra, 2012) are ranked first as the ultimate challenge in cloud computing. Fowler (1999) maintained that unless intruder
attacks are to be carried out as an inside job, no thief would waste their time
finding ways to access information through the front door unless they expect
typical behavior, such as when people put their keys under the doormat. There exist several vulnerabilities in
methods for network security in the cloud computing environment. The network is
vulnerable from both the front end i.e., the remote interface and the back end i.
e, the LAN side. The impact of LAN and WAN on network
security, therefore, exerts a direct bearing on data security in the cloud
environment.
The fact that most
cloud service providers support a multi-tenant computing design requires that
the IT departments of client organizations strike a balance between the
security of client’s local dedicated infrastructure and the advantages of an
enhanced economy from a shared environment in the cloud (Van der Molen, 2010).
This sharing of the resources among different tenants presents with additional
security issues that must be met in the virtual machine environment that is
typically being used to support multiple tenants. Networking
among the virtual machines is addressed through software and requires network
security implementation.
Nature of the Problem
The security of
networks in the cloud computing context is paramount to the success of cloud
computing itself. Certain challenges must, however, be addressed so that cloud
computing can be proven as a viable option vis-Ã -vis traditional
data services (Patil et al, 2012). As it has been established earlier, security
of the network can, in turn, positively impact the current state of cloud
computing security. This research has attempted to investigate the phenomenon
of cloud computing framed by existing literature, the researcher’s professional
experience in networking and data security, a small-scale exploratory survey,
and an analytical research procedure.
Technical
literature on networking and information security provided the theoretical
underpinnings for this study. Meanwhile, insights from practice-based
applications were derived from the researcher’s professional experience and
were compared with the findings of a quantitative survey and the available
knowledge on the topic to triangulate findings from three sources of
information. This was accomplished through an analytical research process
procedure called mixed methodology(LoBiondo-Wood, & 2006). Mixed
methodology involves the use of both quantitative and qualitative approaches
that undergo through several research processes. In this study, both
qualitative and quantitative data is collected and analyzed together making it
a mixed methodology (Joyner, Rouse, &Glatthorn, 2012). This study uses
triangulation design to obtain different data in explain the same topic. The
reason for using the mixed method is to utilize the strengths of both
qualitative and quantitative method in overcoming the associated weaknesses. The sampling uses quantitative strand of the
research, while the analysis and explanation of the results uses quantitative
methodologies.
Rationale and Purpose
One of the security issues in cloud computing is the lack
of host-based software models as many utilize network based IDS and IPS as a
means for protection (Patil et al, 2012; Paquet, 2009). The simplicity of this
resolution in the cloud computing environment is attractive and cost efficient
to many as it only requires an attachment of one or two appliances to the
network. Historically, this was the initial solution to the problem as the
cloud architecture system used network appliances through a distribution model.
This model is able to target application transactions in the external
environment efficiently. However, scholars cite that first generation solutions
can no longer be applied today due to the increased threat vectors, insider
access to servers and even abuse of application users. As such, a combination
of host-based solutions and network appliances is recommended for database
security in LANs (Zhen Qi Wang et al., 2012; Sunke, 2012; Coronel et al.,
2009).
The rise of virtual machines in cloud architecture requires
a more sophisticated security system, especially since the entire network often
flows outside the premises of organizations. An example of this would be the
Cloud Computing Test Bed created by the collaboration of Hewlett-Packard,
Intel, and Yahoo!. This joint effort formulated solutions for centralizing the
control and operation of the virtual infrastructure and machines, and a dynamic
resource provision (Popovskij, Barkalov&Titarenko, 2011). With the
emergence of virtual machines, appliance-based security deployments are,
therefore, no longer the only solution in a LAN system. Increasing demands
indicate the need for organizations to change their security capacity
requirements within a relatively short time (Coronel et al., 2009). The
key motivation of this paper is to address the challenges of cloud security,
especially in assuring confidentiality and privacy among clients. And we want
to look into the network security related issues in depth. The objective is to
compile, enhance, or develop measures to address security risks in cloud technology
concentrated on LAN-based databases to aid in the development of the cloud
computing industry (Lightstone, et.
al.,2007). Thus, this research investigates the impact of LANs on
database security in a cloud computing environment. Although security threats
are persistent even in the wide area network (WAN), LAN is experiencing broad
fundamental changes, whereas there are no fundamental changes in store for the
WAN (Fornes, 2010). The significant impact of LAN in maintaining database
security in the cloud-computing environment dramatically increases as the
threats are mounting. In this respect, securing databases on virtual machines
or cloud environments is a must and the challenge is to detect, isolate, and
clean vector threats in a LAN cloud-computing environment to ensure protection
(Sridhar, 2010).
Research Problem
The main objective of this
research is to increase the security measures in a LAN cloud-computing
environment in order to assure protection for clients and users even in the
midst of emerging collaborative technologies that pose a risk to the system.
The research is performed to learn the advantages of cloud computing under a
safe architectural system where privacy and protection are maintained.
Moreover, the development of security initiatives are imperative to properly
monitor the traffic volume within the LAN systems as these are expected to
increase in ratio to the number of users in the next five years (Stallings,
2007). Specifically, the focus of this research is to identify the security of
networks of servers, applications and databases, in the back end section of the
cloud environment or architecture. Additionally, a review of how LAN security
impacts the database servers which house the most critical item in the cloud
environment, the data, is also presented (Dlodlo,
2011).
Research
Questions
This
study is guided by the following research questions:
·
What are the key network security issues and related challenges for
cloud computing?
·
How are these network security issues being addressed today?
·
What are the effective means for addressing some of the network
security issues in cloud computing?
Significance of the Research
The significant
impact of networks in maintaining data security in the cloud computing
environment dramatically increases as the array of threats mount. The need to develop security measures to
ensure protection of data is crucial due to the fast paced nature of cloud
computing architecture. One of the main problems is to address the porous
perimeters that scholars cite as having become insufficient due to the need for
securing not only personal computers, but also laptops and PDAs (Chee&
Franklin, 2010). Mobile devices also now have access to cloud technology,
making it necessary to manage the flow of secure data between mobile devices
and the data center. The end goal is to create a secure network leading
to database security in order to build a strong cloud computing environment
under the guise of better controls (Cleveland, 2009).
Common viruses or threats can easily
penetrate the perimeters. Malwares, worms, and bots are all known to be able to
bypass LAN security perimeters. Furthermore, most security measures only
protect one side of the chain instead of having an end-to-end protection; this
is either only a server-side protection or a client-side security measure.
Examples are network access control measures, including compliance
verifications, security patches, anti-virus signature files, identity policies
and user authentication protocols (Wang et al., 2011). Results of this study
will help IT administrators and staff to identify and deal with such malware
and intruder attacks.
LAN systems, as part of cloud architecture, is also
becoming known for being victims of sophisticated attacks found in the network
system. Hackers are able to crash systems using the Internet access at any
point in the network (White et al., 2002). Machines can also become infected
via remote access, wherein attacks can even be sent via remote devices or
programs. With an effective database security system, the personal information
of users is protected, and passwords or identities cannot be extracted from
personal computers or from corporate databases. As such, LAN systems can be
tapped to apply in-network security devices in order to detect any anomalies
from the front and back end (Wang et al., 2011).
Nature, History, Trends and New Developments
The main developments in
information technology that addresses security issues are the growth of high
performance networks and complex applications. This is evident in the use of
high-level software protocols such as SIP, RPC, and SOAP. The security issues
are wide ranging from multiple users accessing the same information to the
transfer of data to the workflow system and into the database. Furthermore,
security threats are found throughout the flow, even in e-mail and web
applications, creating a cycle of multiple security checks (Coronel et al.,
2009).
This repetitious security
checking method is applied into the different sections of the LAN system that
conducts protocol checks, traffic inspections, and spam and virus detections
among others. This is often used by many companies where high performance
network complexities resolve their security issues through network-based
appliances. The appliance architecture is placed in multiple layers aimed to
protect various security threats, which often appear in multiple quantities.
This increases the security requirements to meet the scalability and network
topology of a cloud computing environment. As such, even the front-end
customers utilize security appliances in order to secure themselves from the
threats found in the high volume of traffic (Coronel et al., 2009).
The challenge remains of being
able to detect, isolate and clean vector threats in a LAN cloud computing
environment to assure protection. Significantly, scholars cite the architecture
of the cloud computing environment in creating un-auditable networks
exacerbated by the emerging use of mobile end systems and end users. The lack
of regulations in the industry also contributes to the problem, wherein varying
levels of data protection and compliance verification exists. Scholars also
cite that emerging information technology innovations are actually risky
applications, such as the collaborative tools in VoIP, instant messaging and
other wireless applications that are included in the LAN cloud computing
environment (Coronel et al., 2009). Though such tools increase the
collaborative nature, they also compel multiple LANs with varying degrees of
security to interact with each other under the same workflow system (Yan,
2010). Such tunnel systems may be a fast route for data interchange, but
vulnerabilities exist in the system, which can be exploited, especially in high
volume traffic where IM, HTTP, and firewalls may not be able to detect and
control hacker attacks. These walls exist to provide database security; and as
such, cloud computing environments will require the placement of application
firewalls that are content based in order to control the manner in which
information is accessed (Coronel et al., 2009).
Section
2: Literature Review and Theoretical Framework
In 2007, cloud computing turned out to be the most popular
technique among other computing models used before (Jensen, 2009; Henderson
&Iyer, 2010; Reimer, 2007).
Cloud computing is used to describe a computing system where users can connect
to a vast network of computing resources, data, and servers that reside usually
on the Internet, rather than on a local server,
a LAN or in a data center (Sridhar, 2010, Kay, 2008). There are
basically three types of cloud computing: Infrastructure as a Service (IaaS),
Platform as a Service (PaaS) and Software as a Service (SaaS) (Redkar,
&Guidici, 2011). As such, the current literature review analyses the
security and network issues related to computing. Attacks in cloud computing are discussed,
including denial of service and sniffing. Lastly, security issues including
data protection and browser security are discussed.
Though cloud computing offers
several benefits, there are a number of security challenges which organizations
have to address. Such challenges include the CIA issue, and they affect cloud
computing (Guttman, &Roback, 1995). This is important if such institutions
can have the flexibility in data usage and also in differentiating their data
from that of others so as to increase their privacy, confidentiality, integrity
and reliability among their customers (Bugiel et al., 2011). The issue of
security is critical in cloud computing because when organizations can control
and secure their networks, risks such as the stealing of codes and manipulation
of critical information in the cloud is prevented or stopped altogether (Cloud
Security Alliance, 2010)
Security Issues in Cloud Computing
Diverse network
issues that arise in cloud computing include some of the following: Denial of
service, which occurs when hackers overflow cloud servers with recurrent
service requests so rapidly and in such a manner that they damage the network. The computing system is unable to keep pace
with the requests because the server is unable to establish access points and
establish who is a legitimate, regular client.
For instance, the hackers can take over a web server, and as a result,
reduce the functionality of a cloud server from providing effective services to
clients. Thousands of requests from
hackers slow down the response that a genuine provider can get within an
appropriate time frame. The most common
counter measure in this case is to decrease user privileges and connections to
the server (Scarfone, 2007).In addition to the counter measures used, Kona
Security solutions from Akamai offer a solution for the DDoS. The solution is
the most widely used in delivering web security. The Akamai solution prevents
layer attacks and preserves site availability and performance (Akamai, 2013).
Another network issue that arises in cloud computing is the “Man in the
Middle Attack” which poses a great security challenge. This affects the
security socket layer (SSL) if it is not properly configured. For instance, when two parties communicate,
the SSL may not be installed properly, resulting in the hacking of the data
between the two parties by an intruder.
It has been proposed that a necessary countermeasure for this threat has
been to focus on the proper installation of the SSL, where it should be checked
properly before communicating with authorized subscribers (Han, 2010).
A third issue is network sniffing
which takes place when an intruder gains access of the network through
un-encrypted data. This occurs due to
password failure,poor encryption, or inadequate security passwords when
communicating. This results in data loss
during transmission to the third unauthorized party. Such cases have been witnessed lately when a
Tweeter encryption password was broken into, resulting in loss of valuable data
(Henderson &Iyer, 2010).
Another issue dealing with security
in cloud computing is known as “port scanning”.
There may be certain problems concerning port scanning that might be
compromised by an attacker such as Port 80 (HTTP), which is continually open
because it is used to provide necessary web services to cloud users. Additional ports, such as 21 (FTP), are
rarely opened and only when necessary.
Consequently, ports ought to be secured by encoded channels until the
cloud server is configured appropriately.
Security measures from this hacking consist of firewalls which are used
to safeguard data from port attacks (Jensen, 2009).
In addition to issues in network security threats, network security has
application issues that are important in cloud computing. A group called OWASP
deals with software security and it incorporates ten security issues that
include Cross-Site Request Forgery, Insecure Direct Object References,
injection, session management and Broken Authentication, Security
Misconfiguration and Failure to Restrict URL Access (Burke, 2012). In addition,
security application issues dealt with by OWASP also includes Unvalidated
Forwards and Redirects, insufficient Transport Layer Protection, Security
Misconfiguration, Insecure Cryptographic Storage and Cross-Site Scripting
(Burke, 2012).
SQL Injection Attacks, which is
another issue in security for cloud computing, is used by attackers when they
employ special characters to return data such as SQL scripting, which ends up
when the cloud clause is modified. As
such, they can add more information to it and compromise the integrity of the
original organizational data. For
instance, hackers can alter an argument value of variable 1=1 in such a manner
that it returns complete tables of 1==1, which always appears to be true. In the end, the stored data is compromised,
deleted, or manipulated by the hackers (Goles& Chin, 2005)
A final issue could be “cross-site
scripting” which is an attack that occurs in web servers where a genuine
subscriber enters the correct URLof a given website on the other side, a hacker
re-directs the user’s search query to their own website with an aim of
accessing vital user information. For
instance, in most cases, a user may enter a URL address bar and the hacker
subsequently, re-directs the use to hacker-related sites accessing sensitive
date in the process (Yang, 2003).
Currently,
there are a number of identified security challenges in the LAN networks within
the cloud computing process. Some of
these include such things as wrapping of the XML signature element attack. This is used to protect a component name,
value, and attribute from criminal parties.
However, it is unable to protect the lining of documents and data
(Jamil&Zaki, 2011b). Invaders target
the constituent by altering the SOAP posts and replacing them with anything
they like. This problem has been
effectively counter measured by employing digital certificates such as X.509
and applies the combination of WS security with an XML signature to a
stipulated component. A list of
components should be issued by XML labels so it is able to decline the posts
which have mysterious files and also castoff unanticipated e-mails from the
customer (Jensen, 2009).
Browser security is also a challenge
because requests from the client are always sent to the browser which, in turn,
uses SSL to encrypt user credentials.
SSL maintenance works from point to point in order to communicate,
indicating if there is a third party person, then the intermediate host is able
to decrypt the documents, In the event a hacker connects, by sniffing packages
on intermediate clouds, the invader may acquire the authorizations of the
operator and apply these identifications in the cloud computing system posing
as a valid customer (Jensen, 2009). The
necessary measure for this outbreak is that the retailer should install the
WS-security model on web browsers, since WS-security operates at message levels
which use XML encryption for constant security of SOAP posts that are hard to
decrypt by intermediary subscribers (Grover, et.al, 1994). WS-security applies
security to web services and it acts as an extension to SOAP. The security is a
member of web services specifications that gives specifications of how
confidentiality and integrity can be enforced (O’Neill, 2003). The mechanisms
described by WS-Security include how to sign and encrypt SOAP messages, and how
to attach security tokens (O’Neill, 2003).
Another type of
attack is done with malware injection which is aimed at damaging virtual
application services through spiteful actions.
An intruder produces his individual malicious applications, virtual or
service machine applications, and inserts or runs it into the cloud
configuration (Booth, 2004). Upon
accessing the cloud network, these appear like a genuine request, while, in
truth, it only mimics the genuine requests.
The invader at this point has the capacity to upload virus plug-ins into
the cloud server (Grossman &Yunhong, 2009).
Once implemented, it spoils the cloud configuration and damages the
hardware, thus compromising service delivery. Once the operator requests the
malicious database, the cloud tosses the virus to the customer over the internet
(Kim, 2009). Thus, through the cloud, the machines configured to the cloud
system are infected by the virus. As such, authentic validation and scanning of
the received mail, data, documents, and messages should be done. Stockpile the
unique copy files of the application via the hash tag and contrast it with the
hash value generated by future service applications. Through such actions, an
attacker may not create genuine hash values in the cloud or intrude the cloud
system (Grover, et al., 1994).
Through flooding
attacks, an intruder is able to attack the cloud servers openly. One of the
observable attack systems in the cloud networks is when the attacks occur at
scalable measures and they are usually vigorous (Cloud Security Alliance,
2010). In most cases, increased numbers of server requests results in an
expanded cloud system and size. In order to serve the clients, the cloud
operators initialize new services in order to maintain easy flow. However,
attack requests persist in some services when attackers bring in various
requests resulting in the system reacting to them and this makes the system
unable to provide normal request services for the users. Such attacks have
economic impacts also as they increase the cost of the services but the denial
of genuine services is the largest impact (Knight, 2009). Some cases prompt
owners to allocate additional funds for unexpected security conditions that may
suddenly increase the traffic. One way
to protect cloud servers from invader attacks is by intrusion detection systems
which function to filter the spiteful applications or even by installing
effective firewalls. However, even interruption recognition systems sometimes
provide fake signals that misinform the administrators (Han, 2010).
Protecting data
in cloud computing is the most crucial factor when it comes to confidentiality
and maintaining customer integrity. This way, the server providers ensure that
data is protected in a legal manner (Hayes, 2008). However, at times, the data
and other documents are compromised during information transfers when the “Man
in the Middle” mimics a genuine customer and hacks or obtains access to
confidential information. It is necessary to treat data with all measures, such
as authentication, proper SSL checks, and validation of requests, before
sending data across networks (Catteddu, 2010).
Conclusion
Networks
are an integral aspect in the cloud computing architecture as they connect
users to the cloud computing resources. The number of users utilizing this
emerging technology is rapidly increasing, emphasizing the need for data
security in the cloud computing environment. The security issues in cloud
computing include issues such as viruses, worms, denial of services, SQL
injection, cross-site scripting, XML signature wrapping, and man-in-the-middle
attacks to name a few. Currently, finding new ways to increase secure services
in the cloud computing environment is crucial to the success of clouding
computing as the scalable business model.
These solutions
include the need to develop security technologies to assure protection of data
in the fast paced nature of a cloud computing architecture. The challenges
include the porous perimeters because of the collaborative nature of cloud
computing. This includes higher security measures for personal computers,
laptops, PDAs and mobile devices. The security threats come in many forms such
as malware, worms, bots and Trojans. These viruses travel within the LAN system
and are even able to bypass LAN security perimeters. As such, the need to
develop better security measures are vital that can only be accomplished by
making a thorough evaluation of the impact of LAN on database security. The current practices include network access
control measures such as compliance verification, security patches, anti-virus
signature files, identity policies and user authentication protocols.
In addition to
its many benefits, cloud computing offers, safer and more cost effective
operations to its consumers compared to other channels of computing should be a
key goal for its success. However, cloud computing is also affected by security
concerns and threats posed by hackers. Even so, there are numerous security
models and recommendations that have been put in place to increase the safety
and security in cloud computing. These security measures rely on the capacity
of the website and the web services structure. Given the cost benefits of cloud
computing, a thorough analysis of the security issues is essential and needed
for its success.
Section
4: Design and Method
Research Design and Implementation
This
section presents the general procedures and techniques which are deemed
appropriate in the conduct of this research, which covers activities from the
collection and analysis of data, to the interpretations of results. The
discussion presents a systematic analysis and organization of both principles
and processes in carrying out a scientific inquiry (in Etheridge, 2004).
Research design, sampling design, instrumentation, validation of the quantitative
research instrument, data gathering procedure, and statistical treatment of
data are presented in sufficient detail
The research design presents a systematized
plan employed by the researcher to address the objectives of the paper in a
valid, objective, accurate and economical manner. As De Vaus (2001) explained,
a sound research design ensures that the evidence obtained can help address the
research questions. As hinted under the nature of the research in Section 1,
this research adopted a mixed methods research design. In a mixed methods
approach, qualitative methods, together with quantitative methods, are both
utilized. This is deemed as the best approach to the problems posed in this
research, taking the cue from Hesse-Biber (2010). In this research, findings
from the qualitative method, particularly content analysis from technical
literature reviewed for this document, were compared with the results from the
quantitative method performed through a survey. The comparison is aimed towards
triangulation to ascertain whether theory matches practice.
A
population, in research and statistics, is defined by Burt, Barber & Rigby as
the “total set of elements (objects, persons, regions, neighborhoods, etc.)
under examination in a particular study” (Burt, Barber & Rigby, 2009, p.
4). These elements possess specified characteristics of interest in this study.
On the other hand, sampling is defined by LoBiondo-Woods &Haber as “the
process of selecting representative units of a population for study in a
research investigation” (LoBiondo-Woods & Haber, 2006, p. 261). Sampling
involves a procedural determination of the number of elements drawn from the
population, called the sample size. The most important reason for using
sampling is economic – to reduce the cost of collecting data. Other reasons for
sampling which are applicable to the present study include: processing speed,
accuracy, and accessibility (LoBiondo-Woods & Haber, 2006; Black, 2010).
A
non-probability method of sampling was used in the quantitative strand of this
research. In non-probability sampling, some elements of the population may have
no chance of being included in the sample, and hence, the level of
representation of a sample taken using this technique cannot be demonstrated
scientifically (Austin and Pinkleton, 2006). This method of sampling is
especially suited for studies which aim to explore and generate theory or ideas
as enunciated in Gray, Williamson, Karp, and Dalphin (2007).
Research Methods and
Implementation
The quantitative strand of the research
involved the participation of 30 respondents, comprising of IT administrators
or IT staff, involved in networking and database management administration from
business organizations which are subscribed to cloud computing technology and
are based in Colorado Springs. Purposive sampling or judgment sampling, a
non-probability sampling was used in the selection of respondents. As
described in Anderson, Sweeney, and Williams (2009), in judgment sampling,
persons who are deemed knowledgeable on the topic of the study and are thus,
representative of the population of interest, are selected based on the
decision of the researcher.
Contact details of
prospective respondents were sourced from company websites. Respondents were
then sent invitation emails or telephone calls to inform them about the survey
and request their participation. A total of 100 respondents were invited, but
only 30 voluntarily agreed to participate. Informed consent forms were sent to
all 30 respondents by email. Prospective respondents were requested to read the
form carefully. The informed consent specifically stated that respondents who
agree to join the survey will take charge of getting the necessary permission
from their respective organizations to join the survey. After they received
permission, they were requested to affix their signatures electronically and
send back the consent form to the researcher. The respondents were given
options to complete the survey either by emailed questionnaires or by a short telephone
interview.
A total of 17 (56.67%)
respondents answered the survey through email and the rest (13 or 43.33%) opted
for the telephone interview with the researcher reading the questions and the
choices and the respondent giving the answer, which the researcher recorded in
a blank survey questionnaire. A coding guide was prepared for the questionnaire
responses and this was used to facilitate processing the responses for the
preparation of the data matrix, and later, for the data analysis. A copy of the
survey questionnaire is shown in Appendix A.
Descriptive
and inferential statistics were used in the analysis of quantitative data. Four
items were included in the survey. The first item inquired whether they have
encountered experiences where cloud computing compromised data in their
databases. The second item dealt with the respondents’ assessment of the level
of their network and/or database security. Responses were provided using a
three-point Likert scale (low, medium, high). Meanwhile, the third and fourth
items inquired about the advantages and type of problems, respectively,
encountered by the respondents pertaining to database security and management
in cloud computing. All responses are shown in Appendix B.
Respondent
characteristics in terms of their positions in their organization and the size
of the organizations they work with are presented in terms of frequency and
percentage distributions in pie charts. Figure 1 show the distribution of the
respondents when they are grouped according to their positions as IT
administrators or IT staff. Figure 2
displays the distribution of the respondents when they are grouped according to
the size of the organizations they work with (small or medium).
Position-wise,
the research involved more IT administrators than IT staff in charge of
networking or information security. The proportion of administrators was almost
double that of IT staff.
Two-thirds
of the companies represented in the research are small-size organizations. The
remaining one-third are medium-size organizations. No large organizations were
represented in the study since their IT administrators/IT staff declined the
invitation to participate in the survey.
For
the first item, the responses were analyzed using inferential statistics,
particularly chi-square analysis. The following null and alternative hypotheses
were evaluated using non-directional or two-tailed analysis and received a 0.05
level of significance:
Null
hypothesis: There was no significant difference in the distribution of
instances of compromised database security in the cloud computing environment
between small- and medium-sized businesses in the research locale.
Alternative
hypothesis: There is a significant difference in the distribution of instances
of compromised database security in the cloud computing environment between
small- and medium-sized businesses in the research locale.
For
the second item, the responses were analyzed using inferential statistics,
particularly independent samples t-test. The following null and alternative
hypotheses were evaluated using non-directional or two-tailed analysis and
received a 0.05 level of significance:
Null
hypothesis: There is no significant difference in the level of database
security between small- and medium-size organizations in the research locale.
Alternative
hypothesis: There is a significant difference in the level of database security
between small- and medium-size organizations in the research locale.
For
the third and fourth items, the responses were analyzed using descriptive
statistics, particularly frequency and percentage distributions. Data were
reported as bar graphs. Means were interpreted using the researcher-constructed
interpretation scale as shown in Appendix B.
Section
5: Results
This
section presents the results of the survey and analysis of the findings. The
quantitative findings of the survey are shown and discussed first and an
analysis follows. With respect to the first research question on security
issues and challenges of cloud computing, the following results were gathered:
Experiences of Compromised Data
in Cloud Computing
Figure 3. Clustered
bar-chart of experiences of compromised data in cloud computing
Tables
1 and 2 present the cross tabulation of data with respect to experiences of
compromised data in cloud computing, and the findings of the chi-square test.
The cross-tabulation of survey responses in Table 1 was arranged in terms of
experiences of compromised data among small- and medium-sized organizations.
The findings showed that almost three quarters of the respondents reported
their companies experienced instances of compromised data, whereas
approximately a quarter reported they have not experienced compromised data.
Table 1. Cross tabulation of
experiences of compromised data
|
|
|||||
|
|
|
|
Company size
|
Total
|
|
|
|
|
|
Small
|
Medium
|
|
|
compromise
|
Experienced instances of compromised data in cloud
computing
|
Count
|
15
|
7
|
22
|
|
% of Total
|
50.0%
|
23.3%
|
73.3%
|
||
|
Did not experience instances of compromised data in
cloud computing
|
Count
|
5
|
3
|
8
|
|
|
% of Total
|
16.7%
|
10.0%
|
26.7%
|
||
|
Total
|
Count
|
20
|
10
|
30
|
|
|
%
of Total
|
66.7%
|
33.3%
|
100.0%
|
||
Exactly
three-quarters of the small organizations and 70% of the medium-sized firms
which were represented in the research have experienced their data being
compromised. The statistics showed that almost the same proportion of small-
and medium-sized organizations have experienced data security problems.
Table 2. Chi-square results
|
|
|||||
|
|
Value
|
Df
|
Asymp. Sig. (2-sided)
|
Exact Sig. (2-sided)
|
Exact Sig. (1-sided)
|
|
Pearson Chi-Square
|
.085a
|
1
|
.770
|
|
|
|
Continuity Correctionb
|
.000
|
1
|
1.000
|
|
|
|
Likelihood Ratio
|
.084
|
1
|
.772
|
|
|
|
Fisher's Exact Test
|
|
|
|
1.000
|
.548
|
|
Linear-by-Linear Association
|
.082
|
1
|
.774
|
|
|
|
N of Valid Cases
|
30
|
|
|
|
|
|
a. 1 cells (25.0%) have expected count less than 5. The
minimum expected count is 2.67.
|
|||||
|
b.
Computed only for a 2x2 table
|
|||||
Findings from the chi-square test showed that there is no
significant difference in the experiences of compromised data in cloud
computing whether the organization is small or medium-sized. In which case, the
null hypothesis that there is no significant difference in the distribution of
instances of compromised database security in the cloud computing environment
between small- and medium-sized businesses in the research locale (χ2=0.085,
df=1, p=0.770) is accepted. Note than no large organizations were represented
in the study because they declined the invitation.
The researcher expected the above results and would like
to confirm if instances of compromised data may be logically pinpointed to low
network security among the organizations. Thus, the study also checked the
status of the network/database security among the represented organizations
based on the evaluation of the respondents. Tables 3 and 4 present the
descriptive statistics and the results of the independent samples t-test to
evaluate the second hypothesis of the study.
Table 3.T-test results:
Descriptives
|
Group Statistics
|
|||||
|
|
Company size
|
N
|
Mean
|
Std. Deviation
|
Std. Error Mean
|
|
Data/Network Security Level
|
Small
|
20
|
1.25
|
.444
|
.099
|
|
Medium
|
10
|
1.30
|
.483
|
.153
|
|
By merely looking at the descriptive statistics, it is
readily apparent that the general levels of network/data security, as assessed
by the respondents in the organizations they represent, are gravitated towards
low. The mean level of security among the small-size companies is 1.25. Meanwhile,
the mean level of security among the medium-size companies is 1.30. This
finding substantiates this researcher’s earlier-stated observation that small-
and medium-size companies generally have low security, particularly in the
perimeter level.
Findings
from the independent samples t- test showed that there is no significant
difference in the level of network/data security among small- or medium-sized
organizations. Therefore, the null
hypothesis that there is no significant
difference in the level of database security between small- and medium-size
organizations in the research locale (t=-0.282, df=28, p=0.780) is accepted.
Table 4. Independent samplest-test results
|
|
|
Levene's
Test for Equality of Variances
|
t-test
for Equality of Means
|
|||||||
|
|
|
|
95%
Confidence Interval of the Difference
|
|||||||
|
|
|
F
|
Sig.
|
t
|
df
|
Sig.
(2-tailed)
|
Mean
Difference
|
Std.
Error Difference
|
Lower
|
Upper
|
|
Data/Network Security Level
|
Equal variances assumed
|
.297
|
.590
|
-.282
|
28
|
.780
|
-.050
|
.177
|
-.413
|
.313
|
|
Equal variances not assumed
|
|
|
-.274
|
16.799
|
.787
|
-.050
|
.182
|
-.435
|
.335
|
|
This substantiates this
researcher’s observation from practice that many small or medium sized
businesses experience compromised data and that these organizations are not
sufficiently protected while using cloud computing. This generalization does
not, in any way, intend to belittle the advantages of cloud computing as
identified in literature. In fact, this research attempted to find support for
such advantages from the experiences of the respondents. However, findings from
this research gave evidence that organizations subscribed to cloud computing
technologies and are exposed to its limitations or weaknesses can benefit from
the outcome of this research.
Advantages of Cloud Computing as
Experienced by the Respondents
Figure
4 presents the results of the survey with respect to the advantages
organizations experience from cloud computing. Seven advantages were included
in the survey for the respondents to assess based on their experience with
their respective organizations, but respondents were encouraged to add more as
the case may be.
Legend (for some of the one-word labels): Capacity=frees up
capacity for investment in new projects; Speed=rapid implementation; Capital=reduced
capital expenditure; Resources=access to a wide array of resources; Productivity=increased
end-user productivity.
Based
on the experiences of the respondents, the most apparent advantage of cloud
computing is reliability, which garnered a mean of 3.83, indicating that this
advantage or benefit of cloud computing is very often observed in their
organizations. This finding concurs with that of Bugiel, et al. (2011). A
cursory examination of the responses showed that all of the above-mentioned
advantages have been observed or experienced in the organizations represented,
with one exception. This exception is
one of capacity, which is the shortened form of the benefit of freeing up
capacity for investment in new projects, where 11 out of 30 or 36.67% of the
respondents claimed they never experienced. This researcher, however, believes
that freeing-up capacity for new investments through cloud computing had not
yet been experienced by small organizations since investing in newer projects
are not prioritized in their planned business strategy. Accordingly, 7 of these
foretasted 11 firms or 63.64% are small organizations.
Also
included in the top three most reported benefits of cloud computing are access
to a wide array of resources and increased end-user productivity. The
respective means are 3.60 and 3.57, which suggests that both benefits are
observed often. The findings concur with
Shroff (2010) and with Van der Molen (2010).
Problems/Issues inCloudcomputing
as Experienced by the Respondents
The
problems/issues commonly encountered among the organizations represented in the
study are presented in Figure 5.
Results
revealed that security is the main problem/issue reported by the respondents
from small- and medium-sized organizations with a mean of 4.53 (always) out of
a possible 5.This finding explains the
necessity for the conduct of this research and substantiates the wisdom of
Krautheim’s (2009) observation. He stated that in order ensure security in cloud computing, there should be a complete awareness of
the threats to information transmitted and stored, the network where
information flows, and the infrastructure which supports its operations. In
fact, three other problems which surfaced in the survey, namely access denial
(mean=2.80, AV), access delay (mean=3.43, AV), and data loss (mean=3.10, AV)
may also be consequences of network security issues in the cloud environment.
Access delays reported in the survey
may be what Menken (2009) discussed as a bottleneck in the access of
information brought about by intruder attacks in the LAN network. Access denial
or denial of service could probably have occurred as intruders caused cloud servers to overflow with reoccurring
service requests so quickly and in a
destructive manner that they damage the network. Since the network is unable to keep pace with
the requests, denial of service occurs. Data loss is also a risk in cloud
computing and data encryption, which is generally used in preventing
unauthorized access to data, does not necessarily prevent data loss as
explained by Halpert (2011).
On the other hand, the
second and third most experienced problems/issues in cloud computing are
compatibility and interoperability, with respective means of 3.63 and 3.57. The
means indicate that instances of these limitations in the organizations represented
are observed often. However, these two problems/issues are not associated with
cloud security. From practice, many existing cloud technologies have been known
to be incompatible with a number of applications because, in the process of
providing scalability, compatibility was sacrificed. Meanwhile,
interoperability is also a problem because of the absence of standardizations
with respect to cloud computing technologies. These two cloud computing issues
reported in the problem were also recognized by Van der Molen (2010), together
with security issues.
As may be learned from
this research, the cloud computing environment is expected to increase in
number as its benefits are becoming more apparent for various industries. By
increasing the security protocols, customers actually receive more value in
their investment since they are able to share services with other LAN networks.
The end goal is to create a positive impact of LAN on database security in
order to build a strong cloud-computing environment under the guise of better
controls. Therefore, discussion of results will focus on security issues in the
cloud computing environment which may be resolved through a robust or
strengthened LAN/WAN network architecture.
In view of the
reported problems/issues in cloud computing and the goals of this research, a
look at the work of Menken (2009) shows three key technology challenges in
protecting sensitive data in modern IT architectures. The author discusses, at
length, current problems with LANs on database security in a cloud computing
environment. The first problem is the limitations of existing database security
approaches. Second is the security consideration when deploying virtualization
and thirdly, it recommends a distributed monitoring system to safeguard
information under a cloud computing environment. As this was published in 2009,
the author was able to gather the latest information and problems in the
industry. Moreover, a discussion of information technology security trends was
emphasized, indicating the end of appliance-based solutions. This is the
installation of hardware as a means for security and protections where the
security protocols are inefficient to meet the security challenges of the
future (Menken, 2009).
Therefore,
database and information security in cloud computing starts with a secure
network, both on the client side and the host side. From several years of
professional experience, secure network architecture follows all regulatory
requirements for information security. Such secure networks have several levels
of security and are constantly monitored to ensure that there are no undetected
breaches of security. Such networks consist of firewalls, HTTP or HTPPs
servers, intrusion detection and prevention systems, Kerberos servers, secure
LAN servers, and time servers. The use of multiple subnets, VLANs, and proper
management and storage of keys are also excellent approaches.
On the base
level, intrusion detection and prevention systems are useful as long as these
are provided both on the network side and the host side in order to secure the
LAN. Additionally, a time server is a must for secure network architecture.
Sadly, some network professionals have overlooked the importance of time
servers. Basically, a valid time source is needed to log information in
properly (Wadlow, 2000) and for this reason, a dedicated time server is an
integral part of a secure network.
While other
professionals find little use for firewalls, this researcher believes that
application firewalls and the configuration of the cloud network are essential
for security purposes. This is true, both in the case of inbound and outbound
network communications. It has been proven in practice that only specific ports
which are needed to interface with other servers should be open within the
private network and the Internet LAN for security. This specific port should be
restricted only to the Internet Protocol (IP) addresses of the concerned
servers which it needs to communicate with and is off limits to other IP
addresses. The same is true with the network firewall, which should be
configured to predefine TCP traffic. For instance, it should be available only
within TCP 80 and 443 and open only to the IP addresses of specific HTTP and/or
HTTPS servers.
A system log
server is also an integral part of a secure network. It is common knowledge
among IT professionals that a system log server records all information from
firewalls, routers, servers, and switches. Analyzing all events in the system
is part of the vigilance required to secure the network. The IT Department can
automate the process to facilitate the tedious task, but human monitoring helps
in ensuring a secure network and database system.
Secure LAN
servers keep only encrypted information. All information that flows into the
secure LAN servers are encrypted and stored, and does not flow out of the
secure LAN server. Administrators need to make sure that only the minimum
number of essential people has access to
the secure LAN server. Additionally, proper monitoring and architecture
configuration should ensure that only appropriate information enter the server
for processing.
The last of the
basic components of a secure local area network is Kerberos servers. This
researcher has had some experience with these types of servers and these are
very critical components of secure LAN. According to Hagen & Jones (2006),
Kerberos was originally developed by the Massachusetts Institute of Technology
as a distributed authentication server for client/server applications with strong
cryptography as a means by which clients can prove their identities to other
servers over the network and is explained thusly:
Kerberos works by exchanging encrypted
security information between clients which can be users or machines, the
Kerberos authentication server, and the resource one is trying to access. The information that is
mutually exchanged when attempting to prove ones identity is known as a ticket.
The information used to encrypt tickets and subsequent communications is known
as a key. Once the identity of a client is verified, that client is
granted a Kerberos token that can be used to verify its identity to any
Kerberos-aware site (Hagen Jones, 2006, p. 29).
Use of Kerberos servers
bolsters LAN security since the tokens are time-stamped which automatically
expire in a specified length of time unless the token is renewed by the
identified user. It is important to note that the timestamp oneither a Kerberos
token or ticket is verified by the Kerberos system only if the time and date
are synchronized across all Kerberos servers and clients. This is another
reason why time servers are important for network security.
Section
6: Conclusions
Scholars cite
that cloud computing is all but certain in the information technology industry,
making it necessary to conduct a thorough analysis of the subject matter at
hand. More importantly, the sophistication of hackers in illegally acquiring
sensitive information is a crucial issue that needs to be addressed. The
development of security protocols, whether additional layers of software over
hardware systems, or something else, must be evaluated in order for customers
and providers to determine the best course of action. Customization and
continued development in this field is necessary as collaborative technologies
are an emerging computing science field in the 21st century.
The
objective of this research is to increase knowledge of the security measures in
a LAN cloud computing environment in order to assure protection for clients and
users even in the midst of emerging collaborative technologies that pose a risk
to the system. This is in order to achieve the advantages of cloud computing
under a safe architectural system whereby privacy and protection are
maintained. Moreover, the development of security technologies are imperative
to properly monitor the traffic volume within the LAN systems as these are
expected to increase in the amount of
usage in the next five years.
In
addition to the recommended measures in this section for enhanced security in
the LAN network from the previous section, the discussions may further be
directed to the use of multiple subnets, virtual local area networks (VLANs),
and better management of encryptions keys. This is over and above human
vigilance and close monitoring. Cloud computing is a great technology with many
benefits, but security issues must first be addressed for organizations to
continuously and securely enjoying its advantages. The LAN/WAN world present a
golden opportunity to buttress network security in the cloud environment. This
research introduced the fundamental aspects of such security solutions.
References
Akamai, (2013). KONA Security Solutions, Web site security. [Online]
Available from http://www.akamai.com/html/solutions/site_defender.html?campaign_id=F-MC-13553.[Accessed on 16 August 2013].
Anderson, D. R., Sweeney, D. J., & Williams, T. A. (2009). Essentials statistics for business and
economics (10thed.). Mason, OH: Thomas Higher Education.
Ashley, m. (2003).Layered network security: A best practice approach.
Louisville, CO: Latis Networks.
Austin,
E. W. & Pinkleton, B. E. (2006).Strategic
public relations management: planning and managing effective communication
programs. Mahwah, NJ: Lawrence Erlbaum Associates.
Avresky, D. R., Diaz, M., Bode, A., Ciciani, B. & Dekel, E. (Eds.).
(2009). Computing: First International Conference, CloudComp 2009, Munich,
Germany, October 2009 - Revised selected papers. New York, NY: Springer.
Bidgoli, H., (2006). Handbook of
Information security, key Concepts, Infrastructure, Standards, and Protocols.
New Jersey: John Wiley & Sons, Inc.
Birman, K. P. (2012). Guide to reliable distributed systems: Building
high-assurance applications and cloud-hosted services. London: Springer.
Black, K. (2010). Business statistics for contemporary
decision making (6th Ed.). Hoboken, NJ: John Wiley and Sons.
Booth,
D. (2004). Web Service Achitecture, Retrieved from htt://www.w3.org:
http://www/w3/org/TR/wsarch/wss.pdf
Bugiel, S., Numberger, S., Sadeghi, A. R.,
& Scheider, T. (2011). Twin clouds: An
architecture for secure cloud
computing. Workshop on Crytography and Security in Clouds. Zurich. Retrieved
from http://www.zurich.ibm.com/~cca/csc2011/
submissions/bugiel.pdf
Burt,
J. E., Barber, G. M. & Rigby, D. L. (2009). Elementary statistics for geographers (3rd ed.). New
York: The Guilford Press.
Burke,
P., (2012). Top Web Application security issues.
Catteddu, D. (2010). Cloud
computing. Retrieved from http://www.enisa.europa.eu/act/rm/
files/deliverables/cloud-computingrisk-assessment
Chang, H., Jang, C., Ahn, H. &
Choi, E. (2011). Authentication platform for provisioning in cloud computing.
In G. Lee, D. Howard & D. Slezak (Eds.), Convergence and hybrid
information technology: 5th International Conference, ICHIT 2011 Daejon,
Korea, September 2011 Proceedings (pp.244-248). New York:Springer.
Chang, W., Abu-Amara, H. &
Sanford, J. (2010).Transforming enterprise cloud services. New York:
Springer.
Chee, B. & Franklin, C. (2010),
Applications for Clouds, Chapter 4 in Cloud Computing: Technologies and
Strategies of the Ubiquitous Data Center. CRC Press
Cleveland T. (2009) ‘Database security in a cloud computing environment’ IT World
[online] available
from
Cleveland, T. (2009). LAN / WAN Security of Database on Cloud Computing Environment.
Infoworld Inc. Available at
http://www.infoworld.com/d/security-central/forums/lanwan-security-database-cloud-computing-environment-853
Retrieved on 5th September 2010
Cloud Security Alliance (2010)
Coronel, C. (2009). Database
Systems: Design, Implementation, and Management. Boston: course technology;
009 Edition
Dave, P. (2009, June 31). SQL SERVER – Introduction to Cloud Computing.
Retrieved July 4, 2010, from SQL Authority:
http://blog.sqlauthority.com/2009/07/31/sql-server
introduction-to-cloud-computing/
De
Vaus, D. (2001).Research design in social
research. London: Sage.
Dlodlo, N, (2011), 'Legal,
Privacy, Security, Access and Regulatory Issues in Cloud Computing',
Proceedings of the European Conference on Information Management &
Evaluation, pp. 161-168.
Filiol, E. & Erra, R. (Eds.). (2012). Proceedings
of the 11th European Conference on Information Warfare and Security:
The Institute Ecole Superteure en Informatique, Electronique et Autimatique,
Laval, France, 5-6 July 2012. Reading, GBR: Academic Publishing
International.
Ethdridge,
D. (2004). Research methodology in
applied economics (2nd Ed.). Oxford: Blackwell.
Fornes, D. (2010), The Software
as a Service Dilemma, The Software Advice Blog, Retrieved from
http://www.softwareadvice.com/articles/uncategorized/the-software-as-a
service-dilemma-104071/
Glisic, S. G. (2011). Advanced
wireless communications & Internet: Future evolving technologies (3rd
Ed.). West Sussex, GBR: John Wiley & Sons.
Goles T. & Chin, W. (2005).
Information systems outsourcing relationship factors: Detailed
Conceptualization and initial evidence. DATA BASE, 36(4), 47-67.
Gray,
P. S., Williamson, J. B., Karp, D. A., & Dalphin, J. R. (2007).The research imagination: an introduction to
qualitative and quantitative methods. New York: Cambridge University Press.
Grossman, R.L. & Yunhong , G. (2009).
Sector and sphere: The design and implementation
of a high performance data cloud. Philosophical Transactions of the
Royal Society:
Mathematical, Physical, and Engineering Sciences, 367(1987), 2429-2445.
Grover, S., Khosravi, H., Kolar, D.,
Moffat, S. & Kouvanis, M.E. (2009). RKRD:
Runtime kernel rootkit detection. In J. Filipe & M.S. Obaidat
(Eds.),
International Conference on e-Business and Telecommunications, ICETE
2008:
Revised selectd papers, Porto, Portugal, July 2008 (pp. 224-236). Heidelberg, DEU:
Springer.
Guttman, B., & Roback, E. A., (1995).
An Introduction to Computer Security: The Nist handbook. U. S: Nist Special
Publication.
Halpert, B. (2011). Auditing cloud
computing: A security and privacy guide. Hoboken, NJ: John Wiley &
Sons.
Han, Y.
(2010). On the clouds: a new way of computing. Information Technology
Library.
29(2), 87-92.
Henderson,J.C. & Iyer ,B.(2010). Preparing
for the future: understanding the seven
capabilities of cloud computing. MIS Quartely Executive, 9(2), 117-131.
Hesse-Biber,
S. N. (2010). Methods research: merging
theory with practice. New York: The Guilford Press.
Jamil, D. & Zaki, H. (2011). Security
issues in cloud computing and countermeasures International Journal of
Engineering Science and Technology (IJEST), 3(4), 2672-2676.
Jensen, M., Schwenk, J., Gruschka, N. & Iacono, L. L.
(2009). On technical security issues in Cloud Computing, IEEE International
Conference in Cloud Conouting, 109-116.
Joyner, R. L., Rouse, W. A., &
Glatthorn, A. A., (2012). Writing the
Winning Thesis or Dissertation. U.S: Guilford Press.
Kay, R. (2008). Quickstudy: cloud computing. Retrived from
Kim, W. ( 2009). Cloud computing: Status
and prognosis. Journal of Object Technology, 8(1), 65-72.
Retrieved from: http://www.jot.fm/issues/issue_2009_01/ column4/
Krautheim, F. J. (2009). Private virtual
infrastructure for cloud computing. In Proceedings
of the 2009 conference on hot topics in cloud computing (pp. 5-5). USENIX Association.
Retrieved from
http://static.usenix.org/events/hotcloud09/tech/full_papers/krautheim.pdf
Lightstone, S., Teorey, T., and Nadeau,
T., (2007) Physical database design: the database professional's guide to exploiting
indexes, views, storage, and more. San Francisco, CA: Elsevier.
LoBiondo-Wood,
G. & Haber, J. (2006). Nursing
research: methods and critical appraisal for evidence-based practice (6th
ed.). St. Louis, MO: Mosby/Elsevier.
Maiwald, E. (2003). Network security: A beginner’s guide. New York, NY: McGraw Hill
Professional.
Mansfield, K. C. & Antonakos, J. L. (2010).Corporate
networking from LANs to WANs: Hardware, software & security. Boston,
MA: Course Technology-Cengage Learning.
Menken, I. (2009). Cloud
computing - The complete cornerstone guide to cloud computing best practices:
Concepts, terms, and techniques for successfully planning computing technology.
Concord, CA: Emereo Publishing
Paquet, C. (2009) “Network
security using Cisco IDS IPS”, Pearson Education
Patil, S., Rane, P., Kulkami.P.& Meshram.B.B. (2012). “IDS vs. IPS” International Journal of
Computer Networks and Wireless Communications (IJCNWC), No. 1, 86-90.
Popovskij, V., Barkalov,A. & Titarenko, L. (2011). Control
and adaptation in telecommunication systems: Mathematical foundations.
Berlin, DEU: Springer.
Ratha, B. (2012). Local area network.
Retrieved from http://www.clib.dauniv.ac.in/E-Lecture/Local_Area_Network.pdf
Redkar, T., &Guidici, T., (2011).Windows Azure Platform.USA: Apress.
Reimer, J. (2007, April 8). Dreaming in
the “Cloud” with the XIOS web operating system. Retrived from
http://arstechnica.com/business/2007/04/dreaming-in-the-cloud-with-the-xios-web-operating-system/
Rittinghouse, J. &Ransome, J. (2009).Cloud Computing: Implementation, management,
and security. Boston. MA: CRC Press.
Scale, M. S. E. (2009).Cloud
computing and collaboration. Library
Hi Tech News, 26(9),
10-13.
Scarfone, K.S.A. (2007). Guide
to secure web services. Retrieved from
http://csrc.nist.gov/publications/nistpubs/800-95/SP800-95.pdf
Shroff, G. (2010). Enterprise cloud computing:
Technology, architecture, applications. New York, NY: Cambridge University
Press
Sridhar, T. (2010). ‘Cloud computing- A premier: Part 2- Infrastructure and implementation.’
The Internet Protocol Journal, Volume 12, no.4. Retrived from
http://www.ciscosystems.com/web/about/ac123/ac147/archived_issues/ipj_12
4/124_cloud2.html
Stallings, W., (2007). Network security essentials (3rd ed.). Upper Saddle
River, NJ: Prentice Hall.
Sunke, B. (2012). Research
and of network intrusion detection systems.Texas A&M University-Corpus
Christi. Available at: http://sci.tamucc.edu/~cams/projects/320.pdf
Van der Molen, F. (2010).Get ready cloud
computing: A comprehensive guide to virtualization and cloud computing.
Zaltbommel, NDL: Van Haren Publishing.
Wadlow, T. A. (2000). The process of network security:
Designing and managing a safe network. Reading, MA: Addison Wesley Longman.
Wang, C., Wang, Q., Ren, K., & Lou, W.
(2009). Ensuring data storage security in cloud computing. Proceedings of the
17th International Workshop
on Quality of Service, 1-9. Retrieved from http://www.ece.iit.edu/~ubisec/IWQoS09.pdf.
Wang, L., Ranjan. R., Chen. J. & Benarallah.B. (2011).
Cloud computing: Methodology, systems, and application. Los Angeles, CA: CRC
Pree
White, B., Leprau, J., Stoller, L., Ricci,
R., Guruprasad, S, et al.(2002). An
integrated experimental environment for distributed systems and networks,
ACM SIGOPS Operating Systems Review – OSSDI ’02 Proceedings of the 5th
Symposium on Operating Systems Design and Implementation, 36(S1),
255-270.
Wood, P., Shenoy, P., Gerber, A.,
Ramakrishna, K. K. and Van Der Merwe, J. (2009) The case for enterprise-ready virtual private clouds. Proceedings
of HotCloud ’09 Workshop on Hot Topics in Cloud Computing, San Diego, CA, June
2009. Retrieved from
http://static.usenix.org/event/hotcloud09/tech/full_papers/wood.pdf.
Yan, H, (2010), 'On the clouds:
A new way of computing', Information Technology & Libraries, 29, 2, pp.
87-92.
Yang, A. (2003). Guide to XML web
services security. Retrieved from
http://www.cgisecurity.com/ws/WestbridgeGuideToWebServicesSecurity.pdf
Zhen Qi Wang, Dan Kai Zhang (2012) HIDS and NIDS hybrid intrusion detection
system
model design. Advanced
Engineering Forum, (Volumes 6- 7), 991-994. DOI:
10.4028/www.scientific.n
Appendices
Appendix
A
Survey
Questionnaire
Please provide the following
information by ticking the options provided or writing your response when
applicable.
Position: ¡ IT Administrator
¡ IT Staff in charge with network security and/or database management
Type of Business Organization
Represented: ¡ Small
¡ Medium
¡ Large
Organization Represented is
Subscribed to Cloud Technology ¡ Yes
¡ No
- Have you encountered issues regarding
compromised data in cloud computing?
¡ Yes
¡ No
- What is the current level of network
security in your organization?
¡ Low
¡ Medium
¡ High
- From experience, have you observed the
following advantages of cloud computing in your organization? Feel free to
add more on the space provided. How often are these advantages observed?
|
Access to a wide array of
resources
|
¡
Always
|
¡
Very
Often
|
¡
Often
|
¡
Sometimes
|
¡
Never
|
|
Flexibility
|
¡
Always
|
¡
Very
Often
|
¡
Often
|
¡
Sometimes
|
¡
Never
|
|
Increased productivity
|
¡
Always
|
¡
Very
Often
|
¡
Often
|
¡
Sometimes
|
¡
Never
|
|
Reduced capital expenditures
|
¡
Always
|
¡
Very
Often
|
¡
Often
|
¡
Sometimes
|
¡
Never
|
|
Rapid implementation
|
¡
Always
|
¡
Very
Often
|
¡
Often
|
¡
Sometimes
|
¡
Never
|
|
Reliability
|
¡
Always
|
¡
Very
Often
|
¡
Often
|
¡
Sometimes
|
¡
Never
|
|
Scalability
|
¡
Always
|
¡
Very
Often
|
¡
Often
|
¡
Sometimes
|
¡
Never
|
|
___________________________
|
¡
Always
|
¡
Very
Often
|
¡
Often
|
¡
Sometimes
|
¡
Never
|
|
___________________________
|
¡
Always
|
¡
Very
Often
|
¡
Often
|
¡
Sometimes
|
¡
Never
|
|
___________________________
|
¡
Always
|
¡
Very
Often
|
¡
Often
|
¡
Sometimes
|
¡
Never
|
- From experience, have you observed the
following problems/issues regarding cloud computing in your organization?
Feel free to add more on the space provided. How often are these
advantages observed?
|
Access to a wide array of
resources
|
¡
Very
Often
|
¡
Often
|
¡
On
the Average
|
¡
Sometimes
|
¡
Never
|
|
Security issues
|
¡
Very
Often
|
¡
Often
|
¡
On
the Average
|
¡
Sometimes
|
¡
Never
|
|
Interoperability
|
¡
Very
Often
|
¡
Often
|
¡
On
the Average
|
¡
Sometimes
|
¡
Never
|
|
Compatibility
|
¡
Very
Often
|
¡
Often
|
¡
On
the Average
|
¡
Sometimes
|
¡
Never
|
|
___________________________
|
¡
Very
Often
|
¡
Often
|
¡
On
the Average
|
¡
Sometimes
|
¡
Never
|
|
___________________________
|
¡
Very
Often
|
¡
Often
|
¡
On
the Average
|
¡
Sometimes
|
¡
Never
|
|
___________________________
|
¡
Very
Often
|
¡
Often
|
¡
On
the Average
|
¡
Sometimes
|
¡
Never
|
Appendix
B
Likert
Scale Interpretation Guide for Survey Items 3 and 4
|
Statistical
Limits for the Mean
|
Survey
Response
|
Interpretation
for Item 3
|
Interpretation
for Item 4
|
||
|
Interpretation
|
Abbreviation
|
Interpretation
|
Abbreviation
|
||
|
4.65
- 5.00
|
5
|
Always
|
AL
|
Very
Often
|
VE
|
|
3.51-
4.64
|
4
|
Very
Often
|
VE
|
Often
|
OF
|
|
2.50
- 3.50
|
3
|
Often
|
OF
|
On
the average
|
AV
|
|
1.36
- 2.49
|
2
|
Sometimes
|
SO
|
Sometimes
|
SO
|
|
1.00
- 1.35
|
1
|
Never
|
NE
|
Never
|
NE
|
Subscribe to:
Posts (Atom)
