The security of networks is essential to the success of cloud computing architectures. The number of users of cloud computing technology is rapidly increasing, emphasizing the need for information security in a cloud-computing environment. The databases that enable cloud computing environments need to be secured and securing networks that allow access to these databases is essential to the overall goal of providing information security in the context of cloud computing. One security issue in cloud computing is to protect sensitive data from hackers, especially since this data can be penetrated either locally or remotely in the context of external management of security-based services. As a result, finding new ways to increase security of services in the cloud-computing environment is crucial. The importance of networks in maintaining database security in a cloud-computing environment is increasing as the array of security threats to the networks is becoming more sophisticated.

The challenges include the porous perimeters because of the collaborative nature of cloud computing and higher security measures for personal computers, laptops, tablets, and mobile devices. The security threats come in many forms such as intrusions, malwares, worms, and viruses. These threats can travel across the boundaries of the network and are even able to bypass network security perimeters. As such, the need to develop better security measures are vital, and this can only be accomplished by making a thorough evaluation of the impact of network on database security. The current practices include network access control measures such as compliance verification, security patches, anti-virus signature files, identity policies and user authentication protocols. In this paper, we will some of the key research questions associated with this issue. We follow it up with a discussion on the current state of security measures through a comprehensive review of latest literature. This research has attempted to investigate the network security issues of cloud computing framed by existing literature, the researcher’s professional experience in networking and data security, a small-scale exploratory survey, and an analytical research procedure. To answer the research questions, the paper gives details of the five layers of security that include perimeter, network, data, application and host. The contents included in this paper focus on network security issues in cloud computing such as the denial of service, pot scanning, network sniffing, and man-in-the-middle-attack. We also take a look at software security issues such wrapping of the XML signature, browser security, and malware injection in the context of network security issues facing the cloud computing.

Section 1: Introduction

Cloud computing has become essential to the economical and scalable growth of information technology. The dynamics that cloud computing offers in terms of on-demand computing facilities bolster organizational operations with new options for harnessing the benefits of information technology (Krautheim, 2009). Cloud computing builds on external collaboration to transform libraries into powerful repositories of information and knowledge (Scale, 2009). It also offers innovation for enterprises through computing by changing it into a more cost-efficient massive cluster of resources for large, corporate-scale data mining (Shroff, 2010). The foregoing examples showcase how cloud computing offers scalability, cost-effectiveness, and flexibility among other advantages. However, in keeping with IT innovations, and the fact that cloud computing is a new technology, it raises quite a number of issues and challenges associated with many of the latest technologies. Most of these issues focus onthe security aspects of cloud computing (Krautheim, 2009).

Security in cloud computing necessitates complete awareness of the threats to information that it transmits and stores, the network where information flows, and the infrastructure which supports its operations (Krautheim, 2009). One opportunity which may possibly be explored to neutralize the threats to cloud computing is its architecture. It has a front-end section and a back-end section (Avresky, Diaz, Boder, Ciciani& Dekel, 2009). The front-end section is anything that uses the cloud services – it may be end users, clients, or applications. The back-end section is a network of servers with computer programs or applications and data storage or the database (Dave, 2009). Accordingly, the focus of this research is to identify the security threats to those networks of servers, applications, and databases, also known as the backend section of the cloud environment or architecture. This research will also review how network security impacts the database servers which house the most critical items in the cloud environment data (Sunke, 2012).

The back-end in the cloud context is very similar to the architecture of any massive data center, but the data center is shared among users much more in the clouds than in any previous technology (Birman, 2012). The Local Area Network (LAN) in the back-end section of the cloud environment must, therefore, be secured from its access point, and be layered with security protocols inside the network. Layered security is aimed at maintaining ample initiatives to ensure security in different levels of the cloud environment. Security at access points may not be enough to protect the network because it can be breached. Inside the host, security must also be layered around the servers as a whole so that they can provide additional layers of security, so that even if one layer is breached, another can prevent further damage (Rittenhouse &Ransome, 2012). Figure 1 shows some of the key layers of security in a networked environment: the perimeter, the network, servers, applications, and data. We will look into these aspects of security in more details later in the paper.

Figure 1: Layers of Security

Policies must be set up in the LAN to elevate the local networks’ security. Continuous checking, monitoring and auditing of compliance with the policies must be conducted. Network policies may include no response on certain websites. Other methods that can be used include authorization procedures on certain objects in the network, thus providing another layer of security.

From a technical viewpoint, the layered security approach secures the cloud computing environment in five different levels: The perimeter, the network, the host, the application, and the data. From experience, there are a number of security initiatives applicable for each different level of security. However, the applicability of security measures should always be evaluated throughout the enterprise. For example, at the perimeter which is the outermost layer of security, protection can be enhanced through the use of firewalls, network-based anti-viruses, or virtual private networks (VPN). There are always advantages and disadvantages in using any technology for security.

All the three aforementioned measures have been available for quite some time and any IT department staff should be well-acquainted with this technology in terms of their operational requirements and their capability to provide the needed protection. However, it should also be considered that aside from the legitimate IT experts, hackers, and other unscrupulous elements in the digital world are also quite familiar with these technologies and have contrived ways to get around the security defenses offered by such technologies. An example would be the anti-virus software, which works as long as the software algorithm already has the signature of the virus or if the virus is known to the anti-virus program.

Meanwhile, an encrypted VPN network still works very well, but experience-wise, it is cumbersome from the perspective of many IT department staff since this initiative places an administrative encumbrance in the management of the associated encryption keys and maintenance of user groups required on a regular basis. The aforementioned measures will not always work the same way in the cloud environment. The perimeter level is not well defined in the cloud environment for organizations which rely on Platform as a Service (PaaS) and Software as a Service (SaaS) because of multi-tenancy. In these two types of deployments, a client company has the option to configure their cloud security, but, since services are shared in the cloud with other firm clients of the cloud service provider, technically, containment of cloud security in the perimeter level may be lost (Halpert, 2011).

The LAN must deploy applications that can sniff attackers, and make sure that data goes to the client that made the request. This calls for the network which is the second layer of security for the cloud environment. The network level refers to a firm’s internal LAN and itsWAN, and is the mainfocus in this paper. For a single organization, the network level includes desktop computers and servers as well as relay connections to off-site office locations (Ashley, 2003). Many networks, particularly, those in the clouds are open behind the perimeter. Therefore, once malicious elements have penetrated the network, chances are, these elements can travel through the network without difficulty. This condition is prevalent among small and even medium size firms.

From practice, there are at least three common security measures are typically adopted for the network-level: Intrusion protection systems (IPS) and intrusion detection systems(IDS); tools for assessment of vulnerability (VA); and access control or user authentication (Patil et al., 2012). Any undesirable elements which may pose a threat for information security in cloud settings which can pass through firewalls are intercepted through IDS/IPS and VA technologies. VA tools serve to automate the checking of network vulnerabilities. Manually checking for vulnerabilities is impractical, if not impossible, owing to the frequency required for the checks to be made in order for them to make a difference in network security. Figure 2 shows a sample of VA tool developed by Latls Networks firm called Vulnerability Assessment and Management (VAM). The VA tool identifies all network vulnerabilities and validates vulnerability repair processes. The products included on this VA tool include server, desktop and remote vulnerability assessment management. The VAM products as shown by the figure manage and assess vulnerability on different segments of firm’s network. The figure shows VA tool installation and the products included in the tool can use a single machine and manage network from a single user interface. The layered security approach defends and protects against common attacks and threats that affect network security. The shaded regions in the figure show how VA products functions and the common threats dealt with by the layered security model.

Figure 2: Layered Network Security Approach

Source: Ashley, M (2003). Layered Network Security: A best-practice approach.Latis Networks, Inc.

From years of working with these network-level security technologies, various weaknesses have been observed. Particularly IDS technologies are prone to false alarms, which alert the IT department of an organization of intrusion even if there is none (Patil et al., 2012). Another disadvantage of IDS technologies is that the frequency of false alarms can either cover or bury real malicious elements attempting to intrude the network security system. By experience, with the passage of time and the frequency of false alarms, IT personnel mayget insensitive of intrusion alerts similar to how the boy who cried wolf in popular folklore was ignored by the people thinking that the call for help was not for real.

Additionally, while Ashley (2003) indicated that most IDS products commercially available have IPS in their core, the challenge of maintaining an optimum IPS/IDS system is borne by the IT security staff. Poorly optimized systems eat up resources, and worse, deny or terminate data requests from legitimate users. Another aspect to consider is that access control technologies available commercially or as integrative solutions by network security providers may not be compatible with an organization’s network devices. Solving this problem by using a number of access control systems entails additional costs. The most problematic aspect of such incompatibility issues observed from practice was that of using an integrated solution even from providers with good reputations opens up more hazards than protection to the network. As indicated by Ashley (2003, a more experienced practitioner in data networking and network security observed that “implementing an integrated solution across your network may be difficult. Such a patchwork, multi-product approach may actually introduce additional vulnerabilities to your network”.

It is, therefore, important that the cloud environment set up its authentication procedure properly to identify and intercept intruders and hackers invading the network. Authentication procedures distinguish between genuine clients on one hand, and viruses, worms or malicious attackers on the other. This prevents or avoids virus, worms, or any other malicious items or deliberate attacks from infiltrating the cloud’s network of servers. Authenticating all users requesting access to cloud services ensures that only persons and programs which have been approved can gain access to the cloud (Chang, Jang, Ahn, Choi, 2011).

The third layer of security for the cloud environment is host security level, which pertains to devices such as routers, switches and servers. Devices used in the host level have configured parameters that must be set in an appropriate manner to avoid creation of exploitable security holes (Paquet, 2009). Some examples of parameters included in the host security level are registry settings and services on patches and device. To provide security at the host level, there are technologies such as Host-based Vulnerability Assessment, Host-based Intrusion Detection System, Anti-Virus, and Network Access Control. The host-based IDs are similar to network IDs in performance. However, the major difference is that host IDs uses a single network device. Host IDs are characterized by a high degree of protection in cases of proper administration. The second technology is Host-based VA tool, and it is used in scanning single network device in security vulnerability. The devices are accurate, making it possible for them to make minimal demands on the resources used by hosts. These must be properly administered for them to provide the required security. Network access control as a network access control technology used in the host level protects individual host and the network. The control ensures that the host has all the required security measures such as firewalls. Anti-virus applications are another technology that provides security in the host layer. However, technology must be used together with network tools based on anti-virus.

Application security is the third layer of security in cloud environment, and it has received increased attention (Ashley, 2003). Applications that are not properly protected provide an opportunity for unauthorized people to access confidential records and data. Technologies that provide security at the application level include application shield, input validation, and access control. Application shield is a type of application-level firewall. The application ensures that both request that are outgoing and incoming have permissions from given applications. To perform their tasks, the application shields are installed on database servers, email servers and web servers. The major advantage of application shield is that it is integrated on the backend, but transparent to the end users. Securing a web-based application may require some of the following measures:

· Input Validation: How do you know that the input your application receives is valid and safe? Input validation refers to how your application filters, scrubs, or rejects input before additional processing.

· Authentication: Who are you? Authentication is the process that an entity uses to identify another entity, typically through credentials such as a user name and password.

· Authorization: What can you do? Authorization is the process that an application uses to control access to resources and operations.

· Configuration Management: Who does your application run as? Which databases does it connect to? How is your application administered? How are these settings secured? Configuration management refers to how your application handles these operational issues.

· Auditing and Logging: Who did what and when? Auditing and logging refer to how your application records security-related events.

· Exception Management: When a method call in your application fails, what does your application do? How much does it reveal about the failure condition? Do you return friendly error information to end users? Do you pass valuable exception information back to the caller? Does your application fail gracefully?

· Session Management: A session refers to a series of related interactions between a user and your Web application. Session management refers to how your application handles and protects these interactions.

Data security is the fifth level of the layered security in cloud computing environment (Ashley, 2003). The level contains encryption and a blend of policies. The level recommends that all data should be encrypted at all stages in support of other security measures. Encryption of data protects it across network depending on organizational policies that gives details on the people authorized to access data. Technologies used in the data security level include encryption and user authentication or access control. In the user authentication, it is only the authorized users who can get access to data as in other levels of security such as application, host and network. Implementation of data encryption is implemented at the operating system, application and data level. The most commonly encryption strategies used in the data level include PKI-based encryption strategies such as RSA and PGP (Bidgoli, 2006).

The afforested scheme is, however, easier said than done in the cloud. In the security management context of technologies prior to cloud computing, security policy may be achieved by a combination of automated and human interaction. The same is not sufficient and practical in the cloud environment, where the security requirements call for more sophisticated operations. Particularly, as delineated in Chang, Abu-Amara, and Sanford (2010):

These requirements influence the management of IT resource operations, IT SP’s interactions with external actors in Cols, and service customers’ behaviors in relation to the security offerings. They impact the baseline architecture of the service framework, service usage patterns, application regulations, service monitoring capability, and accessibility of users or user groups (p. 259).

The foregoing discussion brings back the core of cloud computing security to network architecture as indicated in Chang, et al. (2010), and focuses the spotlight back on the impact network security in supporting and protecting data in the cloud. This is because the basic interface of the integrated cloud computing system is to the client organization’s enterprise LAN which in turn in connected to the WAN (Norman, 2007).

Background of the Study

Cloud computing consists of a group of IT services that are delivered to a consumer over a network on a chartered basis, and with the capacity to scale up or down their service demands. In most cases, cloud computing services are distributed by a third party with infrastructure ownership (Glisic, 2011). To date, it is a rapidly emerging technology owing to the benefits it offers to business organizations. A few of its advantages include its contributions to resilience, outsourcing of non-essential activities, flexibility, scalability, and efficiency. However, despite the potential gains that have been realized from cloud computing services, a number of organizations are reluctant in embracing the technology due to its limitations, particularly security-related concerns linked with it (Wood et al., 2009; Van der Molen, 2010).

The concept of handing over confidential information to a third party company may prove worrisome, and customers need to be cautious in comprehending the risks of data violation in this computing environment. For this reason, security issues in network computing environments have become the greatest hurdle (Mansfield &Antonakos, 2010) to its reception. Moreover, safety issues (Filial and Erra, 2012) are ranked first as the ultimate challenge in cloud computing. Fowler (1999) maintained that unless intruder attacks are to be carried out as an inside job, no thief would waste their time finding ways to access information through the front door unless they expect typical behavior, such as when people put their keys under the doormat. There exist several vulnerabilities in methods for network security in the cloud computing environment. The network is vulnerable from both the front end i.e., the remote interface and the back end i. e, the LAN side. The impact of LAN and WAN on network security, therefore, exerts a direct bearing on data security in the cloud environment.

The fact that most cloud service providers support a multi-tenant computing design requires that the IT departments of client organizations strike a balance between the security of client’s local dedicated infrastructure and the advantages of an enhanced economy from a shared environment in the cloud (Van der Molen, 2010). This sharing of the resources among different tenants presents with additional security issues that must be met in the virtual machine environment that is typically being used to support multiple tenants. Networking among the virtual machines is addressed through software and requires network security implementation.

Nature of the Problem

The security of networks in the cloud computing context is paramount to the success of cloud computing itself. Certain challenges must, however, be addressed so that cloud computing can be proven as a viable option vis-à-vis traditional data services (Patil et al, 2012). As it has been established earlier, security of the network can, in turn, positively impact the current state of cloud computing security. This research has attempted to investigate the phenomenon of cloud computing framed by existing literature, the researcher’s professional experience in networking and data security, a small-scale exploratory survey, and an analytical research procedure.

Technical literature on networking and information security provided the theoretical underpinnings for this study. Meanwhile, insights from practice-based applications were derived from the researcher’s professional experience and were compared with the findings of a quantitative survey and the available knowledge on the topic to triangulate findings from three sources of information. This was accomplished through an analytical research process procedure called mixed methodology(LoBiondo-Wood, & 2006). Mixed methodology involves the use of both quantitative and qualitative approaches that undergo through several research processes. In this study, both qualitative and quantitative data is collected and analyzed together making it a mixed methodology (Joyner, Rouse, &Glatthorn, 2012). This study uses triangulation design to obtain different data in explain the same topic. The reason for using the mixed method is to utilize the strengths of both qualitative and quantitative method in overcoming the associated weaknesses. The sampling uses quantitative strand of the research, while the analysis and explanation of the results uses quantitative methodologies.

Rationale and Purpose

One of the security issues in cloud computing is the lack of host-based software models as many utilize network based IDS and IPS as a means for protection (Patil et al, 2012; Paquet, 2009). The simplicity of this resolution in the cloud computing environment is attractive and cost efficient to many as it only requires an attachment of one or two appliances to the network. Historically, this was the initial solution to the problem as the cloud architecture system used network appliances through a distribution model. This model is able to target application transactions in the external environment efficiently. However, scholars cite that first generation solutions can no longer be applied today due to the increased threat vectors, insider access to servers and even abuse of application users. As such, a combination of host-based solutions and network appliances is recommended for database security in LANs (Zhen Qi Wang et al., 2012; Sunke, 2012; Coronel et al., 2009).

The rise of virtual machines in cloud architecture requires a more sophisticated security system, especially since the entire network often flows outside the premises of organizations. An example of this would be the Cloud Computing Test Bed created by the collaboration of Hewlett-Packard, Intel, and Yahoo!. This joint effort formulated solutions for centralizing the control and operation of the virtual infrastructure and machines, and a dynamic resource provision (Popovskij, Barkalov&Titarenko, 2011). With the emergence of virtual machines, appliance-based security deployments are, therefore, no longer the only solution in a LAN system. Increasing demands indicate the need for organizations to change their security capacity requirements within a relatively short time (Coronel et al., 2009). The key motivation of this paper is to address the challenges of cloud security, especially in assuring confidentiality and privacy among clients. And we want to look into the network security related issues in depth. The objective is to compile, enhance, or develop measures to address security risks in cloud technology concentrated on LAN-based databases to aid in the development of the cloud computing industry (Lightstone, et. al.,2007). Thus, this research investigates the impact of LANs on database security in a cloud computing environment. Although security threats are persistent even in the wide area network (WAN), LAN is experiencing broad fundamental changes, whereas there are no fundamental changes in store for the WAN (Fornes, 2010). The significant impact of LAN in maintaining database security in the cloud-computing environment dramatically increases as the threats are mounting. In this respect, securing databases on virtual machines or cloud environments is a must and the challenge is to detect, isolate, and clean vector threats in a LAN cloud-computing environment to ensure protection (Sridhar, 2010).

Research Problem

The main objective of this research is to increase the security measures in a LAN cloud-computing environment in order to assure protection for clients and users even in the midst of emerging collaborative technologies that pose a risk to the system. The research is performed to learn the advantages of cloud computing under a safe architectural system where privacy and protection are maintained. Moreover, the development of security initiatives are imperative to properly monitor the traffic volume within the LAN systems as these are expected to increase in ratio to the number of users in the next five years (Stallings, 2007). Specifically, the focus of this research is to identify the security of networks of servers, applications and databases, in the back end section of the cloud environment or architecture. Additionally, a review of how LAN security impacts the database servers which house the most critical item in the cloud environment, the data, is also presented (Dlodlo, 2011).

Research Questions

This study is guided by the following research questions:

· What are the key network security issues and related challenges for cloud computing?

· How are these network security issues being addressed today?

· What are the effective means for addressing some of the network security issues in cloud computing?

Significance of the Research

The significant impact of networks in maintaining data security in the cloud computing environment dramatically increases as the array of threats mount. The need to develop security measures to ensure protection of data is crucial due to the fast paced nature of cloud computing architecture. One of the main problems is to address the porous perimeters that scholars cite as having become insufficient due to the need for securing not only personal computers, but also laptops and PDAs (Chee& Franklin, 2010). Mobile devices also now have access to cloud technology, making it necessary to manage the flow of secure data between mobile devices and the data center. The end goal is to create a secure network leading to database security in order to build a strong cloud computing environment under the guise of better controls (Cleveland, 2009).

Common viruses or threats can easily penetrate the perimeters. Malwares, worms, and bots are all known to be able to bypass LAN security perimeters. Furthermore, most security measures only protect one side of the chain instead of having an end-to-end protection; this is either only a server-side protection or a client-side security measure. Examples are network access control measures, including compliance verifications, security patches, anti-virus signature files, identity policies and user authentication protocols (Wang et al., 2011). Results of this study will help IT administrators and staff to identify and deal with such malware and intruder attacks.

LAN systems, as part of cloud architecture, is also becoming known for being victims of sophisticated attacks found in the network system. Hackers are able to crash systems using the Internet access at any point in the network (White et al., 2002). Machines can also become infected via remote access, wherein attacks can even be sent via remote devices or programs. With an effective database security system, the personal information of users is protected, and passwords or identities cannot be extracted from personal computers or from corporate databases. As such, LAN systems can be tapped to apply in-network security devices in order to detect any anomalies from the front and back end (Wang et al., 2011).

Nature, History, Trends and New Developments

The main developments in information technology that addresses security issues are the growth of high performance networks and complex applications. This is evident in the use of high-level software protocols such as SIP, RPC, and SOAP. The security issues are wide ranging from multiple users accessing the same information to the transfer of data to the workflow system and into the database. Furthermore, security threats are found throughout the flow, even in e-mail and web applications, creating a cycle of multiple security checks (Coronel et al., 2009).

This repetitious security checking method is applied into the different sections of the LAN system that conducts protocol checks, traffic inspections, and spam and virus detections among others. This is often used by many companies where high performance network complexities resolve their security issues through network-based appliances. The appliance architecture is placed in multiple layers aimed to protect various security threats, which often appear in multiple quantities. This increases the security requirements to meet the scalability and network topology of a cloud computing environment. As such, even the front-end customers utilize security appliances in order to secure themselves from the threats found in the high volume of traffic (Coronel et al., 2009).

The challenge remains of being able to detect, isolate and clean vector threats in a LAN cloud computing environment to assure protection. Significantly, scholars cite the architecture of the cloud computing environment in creating un-auditable networks exacerbated by the emerging use of mobile end systems and end users. The lack of regulations in the industry also contributes to the problem, wherein varying levels of data protection and compliance verification exists. Scholars also cite that emerging information technology innovations are actually risky applications, such as the collaborative tools in VoIP, instant messaging and other wireless applications that are included in the LAN cloud computing environment (Coronel et al., 2009). Though such tools increase the collaborative nature, they also compel multiple LANs with varying degrees of security to interact with each other under the same workflow system (Yan, 2010). Such tunnel systems may be a fast route for data interchange, but vulnerabilities exist in the system, which can be exploited, especially in high volume traffic where IM, HTTP, and firewalls may not be able to detect and control hacker attacks. These walls exist to provide database security; and as such, cloud computing environments will require the placement of application firewalls that are content based in order to control the manner in which information is accessed (Coronel et al., 2009).

Section 2: Literature Review and Theoretical Framework

In 2007, cloud computing turned out to be the most popular technique among other computing models used before (Jensen, 2009; Henderson &Iyer, 2010; Reimer, 2007). Cloud computing is used to describe a computing system where users can connect to a vast network of computing resources, data, and servers that reside usually on the Internet, rather than on a local server, a LAN or in a data center (Sridhar, 2010, Kay, 2008). There are basically three types of cloud computing: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS) (Redkar, &Guidici, 2011). As such, the current literature review analyses the security and network issues related to computing. Attacks in cloud computing are discussed, including denial of service and sniffing. Lastly, security issues including data protection and browser security are discussed.

Though cloud computing offers several benefits, there are a number of security challenges which organizations have to address. Such challenges include the CIA issue, and they affect cloud computing (Guttman, &Roback, 1995). This is important if such institutions can have the flexibility in data usage and also in differentiating their data from that of others so as to increase their privacy, confidentiality, integrity and reliability among their customers (Bugiel et al., 2011). The issue of security is critical in cloud computing because when organizations can control and secure their networks, risks such as the stealing of codes and manipulation of critical information in the cloud is prevented or stopped altogether (Cloud Security Alliance, 2010)

Security Issues in Cloud Computing

Diverse network issues that arise in cloud computing include some of the following: Denial of service, which occurs when hackers overflow cloud servers with recurrent service requests so rapidly and in such a manner that they damage the network. The computing system is unable to keep pace with the requests because the server is unable to establish access points and establish who is a legitimate, regular client. For instance, the hackers can take over a web server, and as a result, reduce the functionality of a cloud server from providing effective services to clients. Thousands of requests from hackers slow down the response that a genuine provider can get within an appropriate time frame. The most common counter measure in this case is to decrease user privileges and connections to the server (Scarfone, 2007).In addition to the counter measures used, Kona Security solutions from Akamai offer a solution for the DDoS. The solution is the most widely used in delivering web security. The Akamai solution prevents layer attacks and preserves site availability and performance (Akamai, 2013).

Another network issue that arises in cloud computing is the “Man in the Middle Attack” which poses a great security challenge. This affects the security socket layer (SSL) if it is not properly configured. For instance, when two parties communicate, the SSL may not be installed properly, resulting in the hacking of the data between the two parties by an intruder. It has been proposed that a necessary countermeasure for this threat has been to focus on the proper installation of the SSL, where it should be checked properly before communicating with authorized subscribers (Han, 2010).

A third issue is network sniffing which takes place when an intruder gains access of the network through un-encrypted data. This occurs due to password failure,poor encryption, or inadequate security passwords when communicating. This results in data loss during transmission to the third unauthorized party. Such cases have been witnessed lately when a Tweeter encryption password was broken into, resulting in loss of valuable data (Henderson &Iyer, 2010).

Another issue dealing with security in cloud computing is known as “port scanning”. There may be certain problems concerning port scanning that might be compromised by an attacker such as Port 80 (HTTP), which is continually open because it is used to provide necessary web services to cloud users. Additional ports, such as 21 (FTP), are rarely opened and only when necessary. Consequently, ports ought to be secured by encoded channels until the cloud server is configured appropriately. Security measures from this hacking consist of firewalls which are used to safeguard data from port attacks (Jensen, 2009).

In addition to issues in network security threats, network security has application issues that are important in cloud computing. A group called OWASP deals with software security and it incorporates ten security issues that include Cross-Site Request Forgery, Insecure Direct Object References, injection, session management and Broken Authentication, Security Misconfiguration and Failure to Restrict URL Access (Burke, 2012). In addition, security application issues dealt with by OWASP also includes Unvalidated Forwards and Redirects, insufficient Transport Layer Protection, Security Misconfiguration, Insecure Cryptographic Storage and Cross-Site Scripting (Burke, 2012).

SQL Injection Attacks, which is another issue in security for cloud computing, is used by attackers when they employ special characters to return data such as SQL scripting, which ends up when the cloud clause is modified. As such, they can add more information to it and compromise the integrity of the original organizational data. For instance, hackers can alter an argument value of variable 1=1 in such a manner that it returns complete tables of 1==1, which always appears to be true. In the end, the stored data is compromised, deleted, or manipulated by the hackers (Goles& Chin, 2005)

A final issue could be “cross-site scripting” which is an attack that occurs in web servers where a genuine subscriber enters the correct URLof a given website on the other side, a hacker re-directs the user’s search query to their own website with an aim of accessing vital user information. For instance, in most cases, a user may enter a URL address bar and the hacker subsequently, re-directs the use to hacker-related sites accessing sensitive date in the process (Yang, 2003).

Currently, there are a number of identified security challenges in the LAN networks within the cloud computing process. Some of these include such things as wrapping of the XML signature element attack. This is used to protect a component name, value, and attribute from criminal parties. However, it is unable to protect the lining of documents and data (Jamil&Zaki, 2011b). Invaders target the constituent by altering the SOAP posts and replacing them with anything they like. This problem has been effectively counter measured by employing digital certificates such as X.509 and applies the combination of WS security with an XML signature to a stipulated component. A list of components should be issued by XML labels so it is able to decline the posts which have mysterious files and also castoff unanticipated e-mails from the customer (Jensen, 2009).

Browser security is also a challenge because requests from the client are always sent to the browser which, in turn, uses SSL to encrypt user credentials. SSL maintenance works from point to point in order to communicate, indicating if there is a third party person, then the intermediate host is able to decrypt the documents, In the event a hacker connects, by sniffing packages on intermediate clouds, the invader may acquire the authorizations of the operator and apply these identifications in the cloud computing system posing as a valid customer (Jensen, 2009). The necessary measure for this outbreak is that the retailer should install the WS-security model on web browsers, since WS-security operates at message levels which use XML encryption for constant security of SOAP posts that are hard to decrypt by intermediary subscribers (Grover, et.al, 1994). WS-security applies security to web services and it acts as an extension to SOAP. The security is a member of web services specifications that gives specifications of how confidentiality and integrity can be enforced (O’Neill, 2003). The mechanisms described by WS-Security include how to sign and encrypt SOAP messages, and how to attach security tokens (O’Neill, 2003).

Another type of attack is done with malware injection which is aimed at damaging virtual application services through spiteful actions. An intruder produces his individual malicious applications, virtual or service machine applications, and inserts or runs it into the cloud configuration (Booth, 2004). Upon accessing the cloud network, these appear like a genuine request, while, in truth, it only mimics the genuine requests. The invader at this point has the capacity to upload virus plug-ins into the cloud server (Grossman &Yunhong, 2009). Once implemented, it spoils the cloud configuration and damages the hardware, thus compromising service delivery. Once the operator requests the malicious database, the cloud tosses the virus to the customer over the internet (Kim, 2009). Thus, through the cloud, the machines configured to the cloud system are infected by the virus. As such, authentic validation and scanning of the received mail, data, documents, and messages should be done. Stockpile the unique copy files of the application via the hash tag and contrast it with the hash value generated by future service applications. Through such actions, an attacker may not create genuine hash values in the cloud or intrude the cloud system (Grover, et al., 1994).

Through flooding attacks, an intruder is able to attack the cloud servers openly. One of the observable attack systems in the cloud networks is when the attacks occur at scalable measures and they are usually vigorous (Cloud Security Alliance, 2010). In most cases, increased numbers of server requests results in an expanded cloud system and size. In order to serve the clients, the cloud operators initialize new services in order to maintain easy flow. However, attack requests persist in some services when attackers bring in various requests resulting in the system reacting to them and this makes the system unable to provide normal request services for the users. Such attacks have economic impacts also as they increase the cost of the services but the denial of genuine services is the largest impact (Knight, 2009). Some cases prompt owners to allocate additional funds for unexpected security conditions that may suddenly increase the traffic. One way to protect cloud servers from invader attacks is by intrusion detection systems which function to filter the spiteful applications or even by installing effective firewalls. However, even interruption recognition systems sometimes provide fake signals that misinform the administrators (Han, 2010).

Protecting data in cloud computing is the most crucial factor when it comes to confidentiality and maintaining customer integrity. This way, the server providers ensure that data is protected in a legal manner (Hayes, 2008). However, at times, the data and other documents are compromised during information transfers when the “Man in the Middle” mimics a genuine customer and hacks or obtains access to confidential information. It is necessary to treat data with all measures, such as authentication, proper SSL checks, and validation of requests, before sending data across networks (Catteddu, 2010).

Conclusion

Networks are an integral aspect in the cloud computing architecture as they connect users to the cloud computing resources. The number of users utilizing this emerging technology is rapidly increasing, emphasizing the need for data security in the cloud computing environment. The security issues in cloud computing include issues such as viruses, worms, denial of services, SQL injection, cross-site scripting, XML signature wrapping, and man-in-the-middle attacks to name a few. Currently, finding new ways to increase secure services in the cloud computing environment is crucial to the success of clouding computing as the scalable business model.

These solutions include the need to develop security technologies to assure protection of data in the fast paced nature of a cloud computing architecture. The challenges include the porous perimeters because of the collaborative nature of cloud computing. This includes higher security measures for personal computers, laptops, PDAs and mobile devices. The security threats come in many forms such as malware, worms, bots and Trojans. These viruses travel within the LAN system and are even able to bypass LAN security perimeters. As such, the need to develop better security measures are vital that can only be accomplished by making a thorough evaluation of the impact of LAN on database security. The current practices include network access control measures such as compliance verification, security patches, anti-virus signature files, identity policies and user authentication protocols.

In addition to its many benefits, cloud computing offers, safer and more cost effective operations to its consumers compared to other channels of computing should be a key goal for its success. However, cloud computing is also affected by security concerns and threats posed by hackers. Even so, there are numerous security models and recommendations that have been put in place to increase the safety and security in cloud computing. These security measures rely on the capacity of the website and the web services structure. Given the cost benefits of cloud computing, a thorough analysis of the security issues is essential and needed for its success.

Section 4: Design and Method

Research Design and Implementation

This section presents the general procedures and techniques which are deemed appropriate in the conduct of this research, which covers activities from the collection and analysis of data, to the interpretations of results. The discussion presents a systematic analysis and organization of both principles and processes in carrying out a scientific inquiry (in Etheridge, 2004). Research design, sampling design, instrumentation, validation of the quantitative research instrument, data gathering procedure, and statistical treatment of data are presented in sufficient detail

The research design presents a systematized plan employed by the researcher to address the objectives of the paper in a valid, objective, accurate and economical manner. As De Vaus (2001) explained, a sound research design ensures that the evidence obtained can help address the research questions. As hinted under the nature of the research in Section 1, this research adopted a mixed methods research design. In a mixed methods approach, qualitative methods, together with quantitative methods, are both utilized. This is deemed as the best approach to the problems posed in this research, taking the cue from Hesse-Biber (2010). In this research, findings from the qualitative method, particularly content analysis from technical literature reviewed for this document, were compared with the results from the quantitative method performed through a survey. The comparison is aimed towards triangulation to ascertain whether theory matches practice.

A population, in research and statistics, is defined by Burt, Barber & Rigby as the “total set of elements (objects, persons, regions, neighborhoods, etc.) under examination in a particular study” (Burt, Barber & Rigby, 2009, p. 4). These elements possess specified characteristics of interest in this study. On the other hand, sampling is defined by LoBiondo-Woods &Haber as “the process of selecting representative units of a population for study in a research investigation” (LoBiondo-Woods & Haber, 2006, p. 261). Sampling involves a procedural determination of the number of elements drawn from the population, called the sample size. The most important reason for using sampling is economic – to reduce the cost of collecting data. Other reasons for sampling which are applicable to the present study include: processing speed, accuracy, and accessibility (LoBiondo-Woods & Haber, 2006; Black, 2010).

A non-probability method of sampling was used in the quantitative strand of this research. In non-probability sampling, some elements of the population may have no chance of being included in the sample, and hence, the level of representation of a sample taken using this technique cannot be demonstrated scientifically (Austin and Pinkleton, 2006). This method of sampling is especially suited for studies which aim to explore and generate theory or ideas as enunciated in Gray, Williamson, Karp, and Dalphin (2007).

Research Methods and Implementation

The quantitative strand of the research involved the participation of 30 respondents, comprising of IT administrators or IT staff, involved in networking and database management administration from business organizations which are subscribed to cloud computing technology and are based in Colorado Springs. Purposive sampling or judgment sampling, a non-probability sampling was used in the selection of respondents. As described in Anderson, Sweeney, and Williams (2009), in judgment sampling, persons who are deemed knowledgeable on the topic of the study and are thus, representative of the population of interest, are selected based on the decision of the researcher.

Contact details of prospective respondents were sourced from company websites. Respondents were then sent invitation emails or telephone calls to inform them about the survey and request their participation. A total of 100 respondents were invited, but only 30 voluntarily agreed to participate. Informed consent forms were sent to all 30 respondents by email. Prospective respondents were requested to read the form carefully. The informed consent specifically stated that respondents who agree to join the survey will take charge of getting the necessary permission from their respective organizations to join the survey. After they received permission, they were requested to affix their signatures electronically and send back the consent form to the researcher. The respondents were given options to complete the survey either by emailed questionnaires or by a short telephone interview.

A total of 17 (56.67%) respondents answered the survey through email and the rest (13 or 43.33%) opted for the telephone interview with the researcher reading the questions and the choices and the respondent giving the answer, which the researcher recorded in a blank survey questionnaire. A coding guide was prepared for the questionnaire responses and this was used to facilitate processing the responses for the preparation of the data matrix, and later, for the data analysis. A copy of the survey questionnaire is shown in Appendix A.

Descriptive and inferential statistics were used in the analysis of quantitative data. Four items were included in the survey. The first item inquired whether they have encountered experiences where cloud computing compromised data in their databases. The second item dealt with the respondents’ assessment of the level of their network and/or database security. Responses were provided using a three-point Likert scale (low, medium, high). Meanwhile, the third and fourth items inquired about the advantages and type of problems, respectively, encountered by the respondents pertaining to database security and management in cloud computing. All responses are shown in Appendix B.

Respondent characteristics in terms of their positions in their organization and the size of the organizations they work with are presented in terms of frequency and percentage distributions in pie charts. Figure 1 show the distribution of the respondents when they are grouped according to their positions as IT administrators or IT staff. Figure 2 displays the distribution of the respondents when they are grouped according to the size of the organizations they work with (small or medium).

Position-wise, the research involved more IT administrators than IT staff in charge of networking or information security. The proportion of administrators was almost double that of IT staff.

Two-thirds of the companies represented in the research are small-size organizations. The remaining one-third are medium-size organizations. No large organizations were represented in the study since their IT administrators/IT staff declined the invitation to participate in the survey.

For the first item, the responses were analyzed using inferential statistics, particularly chi-square analysis. The following null and alternative hypotheses were evaluated using non-directional or two-tailed analysis and received a 0.05 level of significance:

Null hypothesis: There was no significant difference in the distribution of instances of compromised database security in the cloud computing environment between small- and medium-sized businesses in the research locale.

Alternative hypothesis: There is a significant difference in the distribution of instances of compromised database security in the cloud computing environment between small- and medium-sized businesses in the research locale.

For the second item, the responses were analyzed using inferential statistics, particularly independent samples t-test. The following null and alternative hypotheses were evaluated using non-directional or two-tailed analysis and received a 0.05 level of significance:

Null hypothesis: There is no significant difference in the level of database security between small- and medium-size organizations in the research locale.

Alternative hypothesis: There is a significant difference in the level of database security between small- and medium-size organizations in the research locale.

For the third and fourth items, the responses were analyzed using descriptive statistics, particularly frequency and percentage distributions. Data were reported as bar graphs. Means were interpreted using the researcher-constructed interpretation scale as shown in Appendix B.

Section 5: Results

This section presents the results of the survey and analysis of the findings. The quantitative findings of the survey are shown and discussed first and an analysis follows. With respect to the first research question on security issues and challenges of cloud computing, the following results were gathered:

Experiences of Compromised Data in Cloud Computing

Figure 3. Clustered bar-chart of experiences of compromised data in cloud computing

Tables 1 and 2 present the cross tabulation of data with respect to experiences of compromised data in cloud computing, and the findings of the chi-square test. The cross-tabulation of survey responses in Table 1 was arranged in terms of experiences of compromised data among small- and medium-sized organizations. The findings showed that almost three quarters of the respondents reported their companies experienced instances of compromised data, whereas approximately a quarter reported they have not experienced compromised data.

Table 1. Cross tabulation of experiences of compromised data


			Company size		Total
			Small	Medium	Total
compromise	Experienced instances of compromised data in cloud computing	Count	15	7	22
		% of Total	50.0%	23.3%	73.3%
	Did not experience instances of compromised data in cloud computing	Count	5	3	8
		% of Total	16.7%	10.0%	26.7%
Total		Count	20	10	30
Total		% of Total	66.7%	33.3%	100.0%

Exactly three-quarters of the small organizations and 70% of the medium-sized firms which were represented in the research have experienced their data being compromised. The statistics showed that almost the same proportion of small- and medium-sized organizations have experienced data security problems.

Table 2. Chi-square results


	Value	Df	Asymp. Sig. (2-sided)	Exact Sig. (2-sided)	Exact Sig. (1-sided)
Pearson Chi-Square	.085^a	1	.770
Continuity Correction^b	.000	1	1.000
Likelihood Ratio	.084	1	.772
Fisher's Exact Test				1.000	.548
Linear-by-Linear Association	.082	1	.774
N of Valid Cases	30
a. 1 cells (25.0%) have expected count less than 5. The minimum expected count is 2.67.
b. Computed only for a 2x2 table

Findings from the chi-square test showed that there is no significant difference in the experiences of compromised data in cloud computing whether the organization is small or medium-sized. In which case, the null hypothesis that there is no significant difference in the distribution of instances of compromised database security in the cloud computing environment between small- and medium-sized businesses in the research locale (χ2=0.085, df=1, p=0.770) is accepted. Note than no large organizations were represented in the study because they declined the invitation.

The researcher expected the above results and would like to confirm if instances of compromised data may be logically pinpointed to low network security among the organizations. Thus, the study also checked the status of the network/database security among the represented organizations based on the evaluation of the respondents. Tables 3 and 4 present the descriptive statistics and the results of the independent samples t-test to evaluate the second hypothesis of the study.

Table 3.T-test results: Descriptives

Group Statistics
	Company size	N	Mean	Std. Deviation	Std. Error Mean
Data/Network Security Level	Small	20	1.25	.444	.099
Data/Network Security Level	Medium	10	1.30	.483	.153

By merely looking at the descriptive statistics, it is readily apparent that the general levels of network/data security, as assessed by the respondents in the organizations they represent, are gravitated towards low. The mean level of security among the small-size companies is 1.25. Meanwhile, the mean level of security among the medium-size companies is 1.30. This finding substantiates this researcher’s earlier-stated observation that small- and medium-size companies generally have low security, particularly in the perimeter level.

Findings from the independent samples t- test showed that there is no significant difference in the level of network/data security among small- or medium-sized organizations. Therefore, the null hypothesis that there is no significant difference in the level of database security between small- and medium-size organizations in the research locale (t=-0.282, df=28, p=0.780) is accepted.

Table 4. Independent samplest-test results

		Levene's Test for Equality of Variances		t-test for Equality of Means
		Levene's Test for Equality of Variances							95% Confidence Interval of the Difference
		F	Sig.	t	df	Sig. (2-tailed)	Mean Difference	Std. Error Difference	Lower	Upper
Data/Network Security Level	Equal variances assumed	.297	.590	-.282	28	.780	-.050	.177	-.413	.313
Data/Network Security Level	Equal variances not assumed			-.274	16.799	.787	-.050	.182	-.435	.335

This substantiates this researcher’s observation from practice that many small or medium sized businesses experience compromised data and that these organizations are not sufficiently protected while using cloud computing. This generalization does not, in any way, intend to belittle the advantages of cloud computing as identified in literature. In fact, this research attempted to find support for such advantages from the experiences of the respondents. However, findings from this research gave evidence that organizations subscribed to cloud computing technologies and are exposed to its limitations or weaknesses can benefit from the outcome of this research.

Advantages of Cloud Computing as Experienced by the Respondents

Figure 4 presents the results of the survey with respect to the advantages organizations experience from cloud computing. Seven advantages were included in the survey for the respondents to assess based on their experience with their respective organizations, but respondents were encouraged to add more as the case may be.

Legend (for some of the one-word labels): Capacity=frees up capacity for investment in new projects; Speed=rapid implementation; Capital=reduced capital expenditure; Resources=access to a wide array of resources; Productivity=increased end-user productivity.

Based on the experiences of the respondents, the most apparent advantage of cloud computing is reliability, which garnered a mean of 3.83, indicating that this advantage or benefit of cloud computing is very often observed in their organizations. This finding concurs with that of Bugiel, et al. (2011). A cursory examination of the responses showed that all of the above-mentioned advantages have been observed or experienced in the organizations represented, with one exception. This exception is one of capacity, which is the shortened form of the benefit of freeing up capacity for investment in new projects, where 11 out of 30 or 36.67% of the respondents claimed they never experienced. This researcher, however, believes that freeing-up capacity for new investments through cloud computing had not yet been experienced by small organizations since investing in newer projects are not prioritized in their planned business strategy. Accordingly, 7 of these foretasted 11 firms or 63.64% are small organizations.

Also included in the top three most reported benefits of cloud computing are access to a wide array of resources and increased end-user productivity. The respective means are 3.60 and 3.57, which suggests that both benefits are observed often. The findings concur with Shroff (2010) and with Van der Molen (2010).

Problems/Issues inCloudcomputing as Experienced by the Respondents

The problems/issues commonly encountered among the organizations represented in the study are presented in Figure 5.

Results revealed that security is the main problem/issue reported by the respondents from small- and medium-sized organizations with a mean of 4.53 (always) out of a possible 5.This finding explains the necessity for the conduct of this research and substantiates the wisdom of Krautheim’s (2009) observation. He stated that in order ensure security in cloud computing, there should be a complete awareness of the threats to information transmitted and stored, the network where information flows, and the infrastructure which supports its operations. In fact, three other problems which surfaced in the survey, namely access denial (mean=2.80, AV), access delay (mean=3.43, AV), and data loss (mean=3.10, AV) may also be consequences of network security issues in the cloud environment.

Access delays reported in the survey may be what Menken (2009) discussed as a bottleneck in the access of information brought about by intruder attacks in the LAN network. Access denial or denial of service could probably have occurred as intruders caused cloud servers to overflow with reoccurring service requests so quickly and in a destructive manner that they damage the network. Since the network is unable to keep pace with the requests, denial of service occurs. Data loss is also a risk in cloud computing and data encryption, which is generally used in preventing unauthorized access to data, does not necessarily prevent data loss as explained by Halpert (2011).

On the other hand, the second and third most experienced problems/issues in cloud computing are compatibility and interoperability, with respective means of 3.63 and 3.57. The means indicate that instances of these limitations in the organizations represented are observed often. However, these two problems/issues are not associated with cloud security. From practice, many existing cloud technologies have been known to be incompatible with a number of applications because, in the process of providing scalability, compatibility was sacrificed. Meanwhile, interoperability is also a problem because of the absence of standardizations with respect to cloud computing technologies. These two cloud computing issues reported in the problem were also recognized by Van der Molen (2010), together with security issues.

As may be learned from this research, the cloud computing environment is expected to increase in number as its benefits are becoming more apparent for various industries. By increasing the security protocols, customers actually receive more value in their investment since they are able to share services with other LAN networks. The end goal is to create a positive impact of LAN on database security in order to build a strong cloud-computing environment under the guise of better controls. Therefore, discussion of results will focus on security issues in the cloud computing environment which may be resolved through a robust or strengthened LAN/WAN network architecture.

In view of the reported problems/issues in cloud computing and the goals of this research, a look at the work of Menken (2009) shows three key technology challenges in protecting sensitive data in modern IT architectures. The author discusses, at length, current problems with LANs on database security in a cloud computing environment. The first problem is the limitations of existing database security approaches. Second is the security consideration when deploying virtualization and thirdly, it recommends a distributed monitoring system to safeguard information under a cloud computing environment. As this was published in 2009, the author was able to gather the latest information and problems in the industry. Moreover, a discussion of information technology security trends was emphasized, indicating the end of appliance-based solutions. This is the installation of hardware as a means for security and protections where the security protocols are inefficient to meet the security challenges of the future (Menken, 2009).

Therefore, database and information security in cloud computing starts with a secure network, both on the client side and the host side. From several years of professional experience, secure network architecture follows all regulatory requirements for information security. Such secure networks have several levels of security and are constantly monitored to ensure that there are no undetected breaches of security. Such networks consist of firewalls, HTTP or HTPPs servers, intrusion detection and prevention systems, Kerberos servers, secure LAN servers, and time servers. The use of multiple subnets, VLANs, and proper management and storage of keys are also excellent approaches.

On the base level, intrusion detection and prevention systems are useful as long as these are provided both on the network side and the host side in order to secure the LAN. Additionally, a time server is a must for secure network architecture. Sadly, some network professionals have overlooked the importance of time servers. Basically, a valid time source is needed to log information in properly (Wadlow, 2000) and for this reason, a dedicated time server is an integral part of a secure network.

While other professionals find little use for firewalls, this researcher believes that application firewalls and the configuration of the cloud network are essential for security purposes. This is true, both in the case of inbound and outbound network communications. It has been proven in practice that only specific ports which are needed to interface with other servers should be open within the private network and the Internet LAN for security. This specific port should be restricted only to the Internet Protocol (IP) addresses of the concerned servers which it needs to communicate with and is off limits to other IP addresses. The same is true with the network firewall, which should be configured to predefine TCP traffic. For instance, it should be available only within TCP 80 and 443 and open only to the IP addresses of specific HTTP and/or HTTPS servers.

A system log server is also an integral part of a secure network. It is common knowledge among IT professionals that a system log server records all information from firewalls, routers, servers, and switches. Analyzing all events in the system is part of the vigilance required to secure the network. The IT Department can automate the process to facilitate the tedious task, but human monitoring helps in ensuring a secure network and database system.

Secure LAN servers keep only encrypted information. All information that flows into the secure LAN servers are encrypted and stored, and does not flow out of the secure LAN server. Administrators need to make sure that only the minimum number of essential people has access to the secure LAN server. Additionally, proper monitoring and architecture configuration should ensure that only appropriate information enter the server for processing.

The last of the basic components of a secure local area network is Kerberos servers. This researcher has had some experience with these types of servers and these are very critical components of secure LAN. According to Hagen & Jones (2006), Kerberos was originally developed by the Massachusetts Institute of Technology as a distributed authentication server for client/server applications with strong cryptography as a means by which clients can prove their identities to other servers over the network and is explained thusly:

Kerberos works by exchanging encrypted security information between clients which can be users or machines, the Kerberos authentication server, and the resource one is trying to access. The information that is mutually exchanged when attempting to prove ones identity is known as a ticket. The information used to encrypt tickets and subsequent communications is known as a key. Once the identity of a client is verified, that client is granted a Kerberos token that can be used to verify its identity to any Kerberos-aware site (Hagen Jones, 2006, p. 29).

Use of Kerberos servers bolsters LAN security since the tokens are time-stamped which automatically expire in a specified length of time unless the token is renewed by the identified user. It is important to note that the timestamp oneither a Kerberos token or ticket is verified by the Kerberos system only if the time and date are synchronized across all Kerberos servers and clients. This is another reason why time servers are important for network security.

Section 6: Conclusions

Scholars cite that cloud computing is all but certain in the information technology industry, making it necessary to conduct a thorough analysis of the subject matter at hand. More importantly, the sophistication of hackers in illegally acquiring sensitive information is a crucial issue that needs to be addressed. The development of security protocols, whether additional layers of software over hardware systems, or something else, must be evaluated in order for customers and providers to determine the best course of action. Customization and continued development in this field is necessary as collaborative technologies are an emerging computing science field in the 21st century.

The objective of this research is to increase knowledge of the security measures in a LAN cloud computing environment in order to assure protection for clients and users even in the midst of emerging collaborative technologies that pose a risk to the system. This is in order to achieve the advantages of cloud computing under a safe architectural system whereby privacy and protection are maintained. Moreover, the development of security technologies are imperative to properly monitor the traffic volume within the LAN systems as these are expected to increase in the amount of usage in the next five years.

In addition to the recommended measures in this section for enhanced security in the LAN network from the previous section, the discussions may further be directed to the use of multiple subnets, virtual local area networks (VLANs), and better management of encryptions keys. This is over and above human vigilance and close monitoring. Cloud computing is a great technology with many benefits, but security issues must first be addressed for organizations to continuously and securely enjoying its advantages. The LAN/WAN world present a golden opportunity to buttress network security in the cloud environment. This research introduced the fundamental aspects of such security solutions.

References

Akamai, (2013). KONA Security Solutions, Web site security. [Online] Available from http://www.akamai.com/html/solutions/site_defender.html?campaign_id=F-MC-13553.[Accessed on 16 August 2013].

Anderson, D. R., Sweeney, D. J., & Williams, T. A. (2009). Essentials statistics for business and economics (10^thed.). Mason, OH: Thomas Higher Education.

Ashley, m. (2003).Layered network security: A best practice approach. Louisville, CO: Latis Networks.

Austin, E. W. & Pinkleton, B. E. (2006).Strategic public relations management: planning and managing effective communication programs. Mahwah, NJ: Lawrence Erlbaum Associates.

Avresky, D. R., Diaz, M., Bode, A., Ciciani, B. & Dekel, E. (Eds.). (2009). Computing: First International Conference, CloudComp 2009, Munich, Germany, October 2009 - Revised selected papers. New York, NY: Springer.

Bidgoli, H., (2006). Handbook of Information security, key Concepts, Infrastructure, Standards, and Protocols. New Jersey: John Wiley & Sons, Inc.

Birman, K. P. (2012). Guide to reliable distributed systems: Building high-assurance applications and cloud-hosted services. London: Springer.

Black, K. (2010). Business statistics for contemporary decision making (6^th Ed.). Hoboken, NJ: John Wiley and Sons.

Booth, D. (2004). Web Service Achitecture, Retrieved from htt://www.w3.org:

http://www/w3/org/TR/wsarch/wss.pdf

Bugiel, S., Numberger, S., Sadeghi, A. R., & Scheider, T. (2011). Twin clouds: An

architecture for secure cloud computing. Workshop on Crytography and Security in Clouds. Zurich. Retrieved from http://www.zurich.ibm.com/~cca/csc2011/

submissions/bugiel.pdf

Burt, J. E., Barber, G. M. & Rigby, D. L. (2009). Elementary statistics for geographers (3^rd ed.). New York: The Guilford Press.

Burke, P., (2012). Top Web Application security issues.

Catteddu, D. (2010). Cloud computing. Retrieved from http://www.enisa.europa.eu/act/rm/

files/deliverables/cloud-computingrisk-assessment

Chang, H., Jang, C., Ahn, H. & Choi, E. (2011). Authentication platform for provisioning in cloud computing. In G. Lee, D. Howard & D. Slezak (Eds.), Convergence and hybrid information technology: 5^th International Conference, ICHIT 2011 Daejon, Korea, September 2011 Proceedings (pp.244-248). New York:Springer.

Chang, W., Abu-Amara, H. & Sanford, J. (2010).Transforming enterprise cloud services. New York: Springer.

Chee, B. & Franklin, C. (2010), Applications for Clouds, Chapter 4 in Cloud Computing: Technologies and Strategies of the Ubiquitous Data Center. CRC Press

Cleveland T. (2009) ‘Database security in a cloud computing environment’ IT World [online] available from

Cleveland, T. (2009). LAN / WAN Security of Database on Cloud Computing Environment. Infoworld Inc. Available at http://www.infoworld.com/d/security-central/forums/lanwan-security-database-cloud-computing-environment-853 Retrieved on 5th September 2010

Cloud Security Alliance (2010)

Coronel, C. (2009). Database Systems: Design, Implementation, and Management. Boston: course technology; 009 Edition

Dave, P. (2009, June 31). SQL SERVER – Introduction to Cloud Computing. Retrieved July 4, 2010, from SQL Authority: http://blog.sqlauthority.com/2009/07/31/sql-server introduction-to-cloud-computing/

De Vaus, D. (2001).Research design in social research. London: Sage.

Dlodlo, N, (2011), 'Legal, Privacy, Security, Access and Regulatory Issues in Cloud Computing', Proceedings of the European Conference on Information Management & Evaluation, pp. 161-168.

Filiol, E. & Erra, R. (Eds.). (2012). Proceedings of the 11^th European Conference on Information Warfare and Security: The Institute Ecole Superteure en Informatique, Electronique et Autimatique, Laval, France, 5-6 July 2012. Reading, GBR: Academic Publishing International.

Ethdridge, D. (2004). Research methodology in applied economics (2^nd Ed.). Oxford: Blackwell.

Fornes, D. (2010), The Software as a Service Dilemma, The Software Advice Blog, Retrieved from http://www.softwareadvice.com/articles/uncategorized/the-software-as-a service-dilemma-104071/

Glisic, S. G. (2011). Advanced wireless communications & Internet: Future evolving technologies (3^rd Ed.). West Sussex, GBR: John Wiley & Sons.

Goles T. & Chin, W. (2005). Information systems outsourcing relationship factors: Detailed

Conceptualization and initial evidence. DATA BASE, 36(4), 47-67.

Gray, P. S., Williamson, J. B., Karp, D. A., & Dalphin, J. R. (2007).The research imagination: an introduction to qualitative and quantitative methods. New York: Cambridge University Press.

Grossman, R.L. & Yunhong , G. (2009). Sector and sphere: The design and implementation

of a high performance data cloud. Philosophical Transactions of the Royal Society:

Mathematical, Physical, and Engineering Sciences, 367(1987), 2429-2445.

Grover, S., Khosravi, H., Kolar, D., Moffat, S. & Kouvanis, M.E. (2009). RKRD:

Runtime kernel rootkit detection. In J. Filipe & M.S. Obaidat (Eds.),

International Conference on e-Business and Telecommunications, ICETE 2008:

Revised selectd papers, Porto, Portugal, July 2008 (pp. 224-236). Heidelberg, DEU:

Springer.

Guttman, B., & Roback, E. A., (1995). An Introduction to Computer Security: The Nist handbook. U. S: Nist Special Publication.

Halpert, B. (2011). Auditing cloud computing: A security and privacy guide. Hoboken, NJ: John Wiley & Sons.

Han, Y. (2010). On the clouds: a new way of computing. Information Technology Library.

29(2), 87-92.

Henderson,J.C. & Iyer ,B.(2010). Preparing for the future: understanding the seven

capabilities of cloud computing. MIS Quartely Executive, 9(2), 117-131.

Hesse-Biber, S. N. (2010). Methods research: merging theory with practice. New York: The Guilford Press.

Jamil, D. & Zaki, H. (2011). Security issues in cloud computing and countermeasures International Journal of Engineering Science and Technology (IJEST), 3(4), 2672-2676.

Jensen, M., Schwenk, J., Gruschka, N. & Iacono, L. L. (2009). On technical security issues in Cloud Computing, IEEE International Conference in Cloud Conouting, 109-116.

Joyner, R. L., Rouse, W. A., & Glatthorn, A. A., (2012). Writing the Winning Thesis or Dissertation. U.S: Guilford Press.

Kay, R. (2008). Quickstudy: cloud computing. Retrived from

http://www.computerworld.com

Kim, W. ( 2009). Cloud computing: Status and prognosis. Journal of Object Technology, 8(1), 65-72. Retrieved from: http://www.jot.fm/issues/issue_2009_01/ column4/

Krautheim, F. J. (2009). Private virtual infrastructure for cloud computing. In Proceedings of the 2009 conference on hot topics in cloud computing (pp. 5-5). USENIX Association. Retrieved from http://static.usenix.org/events/hotcloud09/tech/full_papers/krautheim.pdf

Lightstone, S., Teorey, T., and Nadeau, T., (2007) Physical database design: the database professional's guide to exploiting indexes, views, storage, and more. San Francisco, CA: Elsevier.

LoBiondo-Wood, G. & Haber, J. (2006). Nursing research: methods and critical appraisal for evidence-based practice (6^th ed.). St. Louis, MO: Mosby/Elsevier.

Maiwald, E. (2003). Network security: A beginner’s guide. New York, NY: McGraw Hill Professional.

Mansfield, K. C. & Antonakos, J. L. (2010).Corporate networking from LANs to WANs: Hardware, software & security. Boston, MA: Course Technology-Cengage Learning.

Menken, I. (2009). Cloud computing - The complete cornerstone guide to cloud computing best practices: Concepts, terms, and techniques for successfully planning computing technology. Concord, CA: Emereo Publishing

Paquet, C. (2009) “Network security using Cisco IDS IPS”, Pearson Education

Patil, S., Rane, P., Kulkami.P.& Meshram.B.B. (2012). “IDS vs. IPS” International Journal of Computer Networks and Wireless Communications (IJCNWC), No. 1, 86-90.

Popovskij, V., Barkalov,A. & Titarenko, L. (2011). Control and adaptation in telecommunication systems: Mathematical foundations. Berlin, DEU: Springer.

Ratha, B. (2012). Local area network. Retrieved from http://www.clib.dauniv.ac.in/E-Lecture/Local_Area_Network.pdf

Redkar, T., &Guidici, T., (2011).Windows Azure Platform.USA: Apress.

Reimer, J. (2007, April 8). Dreaming in the “Cloud” with the XIOS web operating system. Retrived from http://arstechnica.com/business/2007/04/dreaming-in-the-cloud-with-the-xios-web-operating-system/

Rittinghouse, J. &Ransome, J. (2009).Cloud Computing: Implementation, management, and security. Boston. MA: CRC Press.

Scale, M. S. E. (2009).Cloud computing and collaboration. Library Hi Tech News, 26(9), 10-13.

Scarfone, K.S.A. (2007). Guide to secure web services. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-95/SP800-95.pdf

Shroff, G. (2010). Enterprise cloud computing: Technology, architecture, applications. New York, NY: Cambridge University Press

Sridhar, T. (2010). ‘Cloud computing- A premier: Part 2- Infrastructure and implementation.’ The Internet Protocol Journal, Volume 12, no.4. Retrived from http://www.ciscosystems.com/web/about/ac123/ac147/archived_issues/ipj_12 4/124_cloud2.html

Stallings, W., (2007). Network security essentials (3^rd ed.). Upper Saddle

River, NJ: Prentice Hall.

Sunke, B. (2012). Research and of network intrusion detection systems.Texas A&M University-Corpus Christi. Available at: http://sci.tamucc.edu/~cams/projects/320.pdf

Van der Molen, F. (2010).Get ready cloud computing: A comprehensive guide to virtualization and cloud computing. Zaltbommel, NDL: Van Haren Publishing.

Wadlow, T. A. (2000). The process of network security: Designing and managing a safe network. Reading, MA: Addison Wesley Longman.

Wang, C., Wang, Q., Ren, K., & Lou, W. (2009). Ensuring data storage security in cloud computing. Proceedings of the 17^th International Workshop on Quality of Service, 1-9. Retrieved from http://www.ece.iit.edu/~ubisec/IWQoS09.pdf.

Wang, L., Ranjan. R., Chen. J. & Benarallah.B. (2011). Cloud computing: Methodology, systems, and application. Los Angeles, CA: CRC Pree

White, B., Leprau, J., Stoller, L., Ricci, R., Guruprasad, S, et al.(2002). An integrated experimental environment for distributed systems and networks, ACM SIGOPS Operating Systems Review – OSSDI ’02 Proceedings of the 5^th Symposium on Operating Systems Design and Implementation, 36(S1), 255-270.

Wood, P., Shenoy, P., Gerber, A., Ramakrishna, K. K. and Van Der Merwe, J. (2009) The case for enterprise-ready virtual private clouds. Proceedings of HotCloud ’09 Workshop on Hot Topics in Cloud Computing, San Diego, CA, June 2009. Retrieved from http://static.usenix.org/event/hotcloud09/tech/full_papers/wood.pdf.

Yan, H, (2010), 'On the clouds: A new way of computing', Information Technology & Libraries, 29, 2, pp. 87-92.

Yang, A. (2003). Guide to XML web services security. Retrieved from http://www.cgisecurity.com/ws/WestbridgeGuideToWebServicesSecurity.pdf

Zhen Qi Wang, Dan Kai Zhang (2012) HIDS and NIDS hybrid intrusion detection system

model design. Advanced Engineering Forum, (Volumes 6- 7), 991-994. DOI:

10.4028/www.scientific.n

Appendices

Appendix A

Survey Questionnaire

Please provide the following information by ticking the options provided or writing your response when applicable.

Position: ¡ IT Administrator

¡ IT Staff in charge with network security and/or database management

Type of Business Organization Represented: ¡ Small

¡ Medium

¡ Large

Organization Represented is Subscribed to Cloud Technology ¡ Yes

¡ No

Have you encountered issues regarding compromised data in cloud computing?

¡ Yes

¡ No

What is the current level of network security in your organization?

¡ Low

¡ Medium

¡ High

From experience, have you observed the following advantages of cloud computing in your organization? Feel free to add more on the space provided. How often are these advantages observed?

Access to a wide array of resources	¡ Always	¡ Very Often	¡ Often	¡ Sometimes	¡ Never
Flexibility	¡ Always	¡ Very Often	¡ Often	¡ Sometimes	¡ Never
Increased productivity	¡ Always	¡ Very Often	¡ Often	¡ Sometimes	¡ Never
Reduced capital expenditures	¡ Always	¡ Very Often	¡ Often	¡ Sometimes	¡ Never
Rapid implementation	¡ Always	¡ Very Often	¡ Often	¡ Sometimes	¡ Never
Reliability	¡ Always	¡ Very Often	¡ Often	¡ Sometimes	¡ Never
Scalability	¡ Always	¡ Very Often	¡ Often	¡ Sometimes	¡ Never
___________________________	¡ Always	¡ Very Often	¡ Often	¡ Sometimes	¡ Never
___________________________	¡ Always	¡ Very Often	¡ Often	¡ Sometimes	¡ Never
___________________________	¡ Always	¡ Very Often	¡ Often	¡ Sometimes	¡ Never

From experience, have you observed the following problems/issues regarding cloud computing in your organization? Feel free to add more on the space provided. How often are these advantages observed?

Access to a wide array of resources	¡ Very Often	¡ Often	¡ On the Average	¡ Sometimes	¡ Never
Security issues	¡ Very Often	¡ Often	¡ On the Average	¡ Sometimes	¡ Never
Interoperability	¡ Very Often	¡ Often	¡ On the Average	¡ Sometimes	¡ Never
Compatibility	¡ Very Often	¡ Often	¡ On the Average	¡ Sometimes	¡ Never
___________________________	¡ Very Often	¡ Often	¡ On the Average	¡ Sometimes	¡ Never
___________________________	¡ Very Often	¡ Often	¡ On the Average	¡ Sometimes	¡ Never
___________________________	¡ Very Often	¡ Often	¡ On the Average	¡ Sometimes	¡ Never

Appendix B

Likert Scale Interpretation Guide for Survey Items 3 and 4

Statistical Limits for the Mean	Survey Response	Interpretation for Item 3		Interpretation for Item 4
Statistical Limits for the Mean	Survey Response	Interpretation	Abbreviation	Interpretation	Abbreviation
4.65 - 5.00	5	Always	AL	Very Often	VE
3.51- 4.64	4	Very Often	VE	Often	OF
2.50 - 3.50	3	Often	OF	On the average	AV
1.36 - 2.49	2	Sometimes	SO	Sometimes	SO
1.00 - 1.35	1	Never	NE	Never	NE

Tai Cleveland Doctorate Student at Colorado Technical University

Saturday, July 26, 2014

Dr. Tai Cleveland Academic Paper

Abstract