The Internet has provided access to a wealth of information and has made all of it easily accessible. This is possible due to advances in networking technologies that form the basis for the creation of the Internet. Networking has its own dimensions such as the Local Area Network (LAN) and the Wide Area Network (WAN); these have become the integral part of developing and utilizing the infrastructure and networking facilities. The computing model has shifted to what is known as “Cloud Computing” where one uses network-based resources to accomplish computing tasks. This ability of accessing information from anywhere has increased the possibility of illegal activities and has opened a new door of vulnerability to the security of data and is one of the biggest concerns for cloud computing. The most serious security problem is when the information is moved into the clouds because the company loses control over the data. This movement of data introduces an entirely new set of threat vectors to the information and computing resources that enable cloud computing.

The purpose of this study is to gather some specific information regarding the impact of network security in a cloud computing environment. The reason this specific topic was chosen is because of the importance of cloud computing both now and going forward. The role of the LAN and the WAN in the cloud computing environment is very crucial to data security because LANs and WANs are the pathways through which data travels and is accessed.

1.2 Current Trends

There are numerous trends in the field of security in cloud computing. The first trend is the use of data with mobile devices such as smart phones. As new solutions are developed for smart phones in order to facilitate access to information and data stored in the cloud, security breaches are common before solutions are created. Secondly, the world is currently in need of advanced tools for managing identity, and to access management and technology, especially because the clouds lead to virtualized and federated resources. Even when solutions are developed to combat security threats, these solutions fail to cope with a cloud of mixed heritage and environmental components. Also, the organization suffers from different employment processes to manage their cloud applications and data.

To face the challenges of high performance applications with a relatively simple implementations, networking companies have unveiled a series of equipment that could be placed somewhere on the network and monitor protocol violations, malicious code, viruses or spam. Even traditional software-oriented companies realize that often the easiest way to deal with complex, high performance networks has been by deploying a network device. Businesses usually find themselves carrying out different types of protocols, each aiming at alleviating a particular threat vector, and often this diverse quantity of each type of processing requires different requirements for scalability, performance and network topology. This approach results in a security environment where customers are only dealing with the number of appliances that need conservation and management in order to control their operation for all threats.

1.2.1 Implications of Current Trends

An important security issue for any organization's security teams and IT operators is in the network management area. Cloud computing through LANs and WANs has been exposed to increased vulnerability and this requires precautions to ensure the safety of information stored in databases (Nichols and Lekkas, 2002). These security teams and IT professionals are responsible for database development and to ensure that they are safe from malicious attacks. Security teams have the skills and expertise to dismantle the safety features and even if it is an unlikely problem, the possibility of occurrence should be considered. The second issue relates to the security protocol wherever a LAN or WAN is used. Some of the requirements of the protocol may include safety factors by which the program was created as well as the use of antivirus software. The third issue is related to the connection to establish procedures and links to transmit information. The links and the use of data services over a TCP Client/Server handshake, TCP connections, or symmetrical upload established connections are open targets for attacks. This is because these connections pass on information and data provided by the customer (Khare, 2006). If encryption is used by IT departments to ensure the security and confidentiality of information and data, the organization is still in danger of attack as hackers can still gain access to the network. When an attacker manages to penetrate the security protocols, the attacker can steal or destroy information stored in the database, and thus adversely affect the customers and organizations.

There should be no doubt that societal, governmental, industrial and international entities have a significant impact because of the pitfalls of leakage of personal, financial and secret governmental information. These concerns are the harbinger of cyber security laws.

1.3 Current State of Knowledge and the Research Questions

The general state of knowledge about the topic is that the databases are the reservoir of sensitive key information that must be protected to ensure public and/or user trust and to manage the business in the cloud environment. This research will look into the impact of network security of databases in a cloud computing environment.

Due to the fact that even seemingly secure networks have continued to suffer breaches of sensitive data in recent years, businesses have begun to look to provide another layer of security to protect their internal infrastructure. This is either to pose a safety net in case of a network violation, or to protect against malicious insiders. Before cloud computing, it was not common to monitor databases. For many reasons, including the prevalence of database breaches and the need for more stringent regulations concerning the prevention and notification of these breaches, customers now invest more time and effort to secure their databases. It is wonder that when IT security experts were first faced with the challenge of securing databases, they were looking for the same solutions used for the protection of their other asset, the network appliance. Indeed, some vendors quickly developed appliances that controlled network database protocols and the ability to control and protect access to the database over a network. Businesses were initially reluctant to give up the lack of visibility into database transactions on the spot and also, the database server. Later, due to the large potential for damage that could be done at local machines, it was clear to businesses that they needed to fully understand the threats to its database, and that it was necessary to monitor the local database and inside attacks.

At this point, device vendors are forced to add local representatives to address them, so many of today's network solutions are based on a hybrid network appliance and a host-based solution. In most cases, these devices send local traffic back into the analysis, and each transaction, which was originally performed on local area network appliances, is measured against policy. This hybrid approach is not ideal, but as long as most of the applications are running on network appliances locally, some companies were willing to accept the risk. This hybrid solution loses many advantages of a purely network-based solutions by introducing significantly more complex requirements such as the implementation of the core installation agent which requires the restart of the database server. And, as mentioned above, it still lacks protection against sophisticated attacks which are based inside the database itself, based on stored procedures, triggers and views. However, more importantly, they also fail to address several key technical issues when working with a virtualized environment.

The most important research question that is being developed after having the particular information is, “Does the network have a significant impact on the database security in the context of cloud computing?” This will be discussed in more detail in the context of discussion of the research methodology later in this proposal. Some of the questions being investigated in this research proposal are described next. We plan to do a survey of different sized enterprises to find out about the security issues in the context of cloud computing.

The first item that we will look into has to do with whether these enterprises have encountered experiences where the use of cloud computing compromised data in their databases.

The second item will get their views on the assessment of the level of their network and/or database security.

The third and fourth items will look into the advantages and type of problems, respectively, encountered by the respondents pertaining to database security and management in cloud computing.

We will review these in more detail when we talk about the research methodology. We will next look into the some of the literature review that was done to form a basis for this research proposal.

Chapter 2: Literature Review

2.1 Cloud Computing Model

Upon going through the different theoretical sources and areas of research, it can easily be concluded that there are a number of theories related to the different aspects of cloud computing. The number of theories related to LANs and WANs are comparatively quite low as compared to cloud computing and the different kind of areas that it encompasses. In this context, it is important to mention and outline the different theories related to cloud computing databases which have been presented by Mell & Grance (2011) as well as by Chou (2011).

The first theory presented by Chou related to the operation of cloud computing. The first theory has been entitled as, “You cannot productively discuss cloud computing without first defining what it is”. Hence, without an effective definition, it is not possible to develop a proper understanding regarding the different areas and segments which are covered by cloud computing. The technique used by Chou to define and explain this phenomenon is with the help of the 5-3-2 principle. However in simplifying the definition of cloud computing, Chou has provided a diagrammatic representation of the entire process showing the transitions through various forms of computing over the years as shown in Figure 1:

Figure 1: Changes in Computing Paradigms Leading to Cloud Computing

The second theory which has been presented by Chou is entitled the 5-3-2 principle. The theory has been entitled as ”The 5-3-2 principle defines the essence and scopes of the subject domain of cloud computing”. It is with the help of the 5-3-2 principle that Chou has been able to define a specific framework through the help and application of which understanding regarding the phenomenon of cloud computing can easily be enhanced. According to Chou, it is with the help of these principles that the application of cloud computing can easily be aligned with business values related to IT and also deliver solutions where this concept is easily applicable. The 5-3-2 principle is shown in Figure 2.

Figure 2 The 5-3-2 Principle of Computing

The third theory which has been presented by Chou is based on the 5-3-2 principle of cloud computing and describes the five essential characteristics, three delivery methods, and two deployment models of cloud computing. The theory basically encompasses the five characteristics which comprise a cloud application. This theory also includes the three steps of delivery methods which are employed in the computing process. They are mainly referred to as software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS).

The purpose and nature of a service can only be understood if we try to understand which of the two deployment methods which are actually used for the acquisition of this service. This particular method differentiates between private and public cloud computing.

Diagrammatic representation of the different theories in which characteristics, delivery methods, and deployment of the cloud computing phenomenon is shown in Figures 3, 4, and 5 below:

Figure 3: The 5 Essential Cloud Computing Characteristics

Figure 4: The 3 Cloud Services Delivery Methods

Figure 5: The 2 Deployment Models

2.2 Security in Cloud Computing

Apart from the theoretical literature that we have observed regarding the theories presently related to cloud computing, it is now important that the development of a conceptual framework regarding the application of cloud computing on database security and its impact upon WAN and LAN needs to be understood. It is, therefore, important that significant works which have been published during the innovation of this particular field are reviewed. In this context, it is also important to mention that much literature is found regarding cloud computing in comparison to the different and multiple kinds of impact it could have upon the security of databases and the usage of WANs and LANs.

Rochweg & Montero (2009), in their study, states that the National Institute of Standards and Technology (NIST) also provided a more objective definition of the term “world cloud” in which they say that the world cloud is used in a metaphoric sense which can be applied to the facilities and amenities that are provided to customers who are utilizing the facility of the Internet. With the help of either of these technologies, different kinds and natures of networks can be linked directly without the presence of any physical barriers.

2.3 Conceptual Framework

Typical cloud computing mechanisms involve and produce common business applications online that can easily be accessed from different types of web browsers while the software and data are stored on servers.

Oberle & Voith (2010) stated that cloud computing can be termed as the most contemporary form of innovation in the medium of Internet based computing and the ways through which it influences WANs and LANs. It is important to mention here that it is the technological foundation that has been provided by the Internet which has led to the construction of the infrastructure upon which all these developments can be made.

With such facilities and opportunities standing right at everyone’s disposal, it was not hard to believe that web pages that were once static in nature began to add features that could be improved and they could festoon their web material with the elements of interactivity. Such a kind of revolution was further catalyzed and facilitated by the hosted applications provided by the e-mail medium of Hotmail.

The addition of all these features that made their configuration user-friendly led to the development of a new service which came to be known as Software as a Service, or SaaS. As the accessibility and availability factors of cloud computing became an intrinsic component of private corporations, all of them grew to provide their customers with the benefits that are related to the operations of cloud computing.

Another important feature that is worth discussing here is that, irrespective of the nature of whether the network of the customer is private or public, data is always an integral part of it. Hence, it is essential to believe that for the effective functioning and operation of cloud computing, it is mandatory for it to be compatible with the database that allows the storage and circulation of different kinds of data which is being used.

Rik (2009), in his particular study, raises a key question that arises here of whether it is important to believe that cloud computing is not just a fad but if it is also driven by some powerful and tangible benefits that can be extracted from the utilization and subsequent implementation of such technologies. Irrespective of the fact of whether the cloud computing network is used as an internally developed resource in an organization, as a service that is provided to the company by a third-party or as a hybrid combination of either of the two technologies that have been discussed, it is accompanied with some powerful and highly resourceful advantages which drive the effectiveness of this technology.

Some of these benefitswill be described and explained during the different phases of this discussion. One of the prime advantages and benefits that can be extracted from this technology is specialization. With the help of specialization that is provided by cloud computing databases, a great deal of knowledge is used to set-up and operate systems that can both operate and address the crucial and vital issues of security, scalability and platform maintenance.

In the traditional model, each of these steps had to be done by an expert who specialized and was proficient in each of the fields, but with the advent of cloud computing technology. These tasks have been simplified to a substantial extent.

The technology of cloud computing enables us to utilize their expertise and services among experts who are shared among various customers. Instead of employing a single employee who can do all of these tasks, the scope of cloud computing allows a company the benefit of hiring individuals who have expertise in different areas. This allows for the extra employment of people who can, in turn, be compensated and the expenses can be distributed within a greater number of customers.

ITA (1998), in their research, raises the benefit of specialization available from cloud computing. A number of different advantages can be obtained from the variety and range of clients that will come to cloud computing by using the services provided by it. Another key factor driving the technology and the application of cloud computing is the economies of scale. This component is valid when the factor of return on investment or ROI is more important than the investment factor.

A realistic fact is that an ideal platform is very expensive to build. The budget and calculative part of the entire project includes servers, network equipment, backup power and redundant high-speed connectivity and this is coupled with the fact that most of the developmental projects conducted in such times may not necessarily gain the prevalence that it deserves. It is important to bring a shift in the prioritization of strategies and objectives in a business and that is exactly where the benefit of cloud computing comes into play.

Tavel (2007) stated that the technology of cloud computing and the subsequent relationship it has with the components of LAN and WAN makes use of economies of scale as the investment that has been made for the establishment of a cloud computing system can be utilized for the development of many different and diverse projects.

A major advantage of this entire context is that if a single project does not make a return on the investment that is anticipated, the technology that has once been established in the form of cloud computing can be used for the amortization of other projects that will be conducted for the subsequent development of further projects by the organization. The principle and application of economies of scale can also be applied to different tasks that are related to information technology.

King (2008) stated that if the backup is used as in the case of IT applications, then in a standalone environment the IT professional can manage and schedule the backup building process. But also, by applying the same principles in cloud computing, the backup process is operated through highly automated means. At the same time, the IT person can oversee and monitor the backup of thousands of customers, and the combination of various benefits that are provided in the form of cloud computing integrates a transformational revolution in the sector of technology development and its subsequent implementation in diverse technology settings.

Security in cloud computing necessitates complete awareness of the threats to information that it transmits and stores, the network where information flows, and the infrastructure which supports its operations (Krautheim, 2009). One opportunity which may possibly be explored to neutralize the threats to cloud computing is its architecture. It has both a front-end section and a back-end section (Avresky, Diaz, Boder, Ciciani& Dekel, 2009). The front-end section is anything that uses the cloud services – it may be end users, clients, or applications. The back-end section is a network of servers with computer programs or applications and data storage or the database (Dave, 2009). Accordingly, the focus of this research is to identify the security threats to those networks of servers, applications, and databases, also known as the backend section of the cloud’s environment or architecture. This research will also review how network security impacts the database servers which house the most critical items in the cloud’s environment data (Sunke, 2012).

The back-end in the cloud context is very similar to the architecture of any massive data center, but it is shared among users much more in the clouds than in any previous technology (Birman, 2012). The Local Area Network (LAN) in the back-end section of the cloud environment must, therefore, be secured from its access point, and be layered with security protocols inside the network. Layered security is aimed at maintaining ample initiatives to ensure security in different levels of the cloud environment. Security at access points may not be enough to protect the network because these points can be breached. Inside the host, security must also be layered around the servers as a whole so that they can provide additional layers of defense, so that even if one layer is breached, another can prevent further damage (Rittenhouse & Ransome, 2012). Figure 6 shows some of the key layers of security in a networked environment: the perimeter, the network, servers, applications, and data. These aspects of security will be examined in more detail later in the paper.

Figure 6: The Layers of Security

Policies must be set up in the LAN to elevate the local networks’ security. Continuous checking, monitoring and auditing of compliance with the policies must be conducted. Network policies may include no response on certain websites. Other methods that can be used include authorization procedures on certain objects in the network, thus providing another layer of security.

From a technical viewpoint, the layered security approach secures the cloud computing environment in five different levels: The perimeter, the network, the host, the application, and the data. From experience, there are a number of security initiatives applicable for each level of security. However, the applicability of security measures should always be evaluated throughout the enterprise. For example, at the perimeter which is the outermost layer of security, protection can be enhanced through the use of firewalls, network-based anti-viruses, or virtual private networks (VPNs). There are always advantages and disadvantages in using any technology for security.

All the three aforementioned measures have been available for a period of time and any IT department staff person should be well-acquainted with this technology in terms of their operational requirements and their capability to provide the needed protection. However, it should also be considered that, aside from the legitimate IT experts, hackers and other unscrupulous elements in the digital world are also quite familiar with these technologies and have contrived ways to get around the security defenses offered by such technologies. An example would be the anti-virus software, which works as long as the software algorithm already has the signature of the virus or if the virus is known to the anti-virus program.

Meanwhile, an encrypted VPN network still works very well, but experience-wise, it is cumbersome from the perspective of many IT department staff since this initiative places an administrative encumbrance in the management of the associated encryption keys and maintenance of user groups required on a regular basis. The aforementioned measures will not always work the same way in the cloud environment. The perimeter level is not well defined in the cloud environment for organizations which rely on Platform as a Service (PaaS) and Software as a Service (SaaS) because of multi-tenancy. In these two types of deployments, a client company has the option to configure their cloud security, but, since services are shared in the cloud with other firm clients of the cloud service provider, technically, containment of cloud security in the perimeter level may be lost (Halpert, 2011).

The LAN must deploy applications that can sniff attackers, and make sure that data goes to the client that made the request. This calls for the network, which is the second layer of security for the cloud environment, and refers to a firm’s internal LAN and WAN, and is the main focus in this paper. For a single organization, the network level includes desktop computers and servers as well as relay connections to off-site office locations (Ashley, 2003). Many networks, particularly, those in the clouds are open behind the perimeter. Therefore, once malicious elements have penetrated the network, chances are, these elements can travel through the network without difficulty. This condition is prevalent among small and even medium size firms.

From practice, there are at least three common security measures typically adopted for the network-level: Intrusion protection systems (IPS) and intrusion detection systems (IDS); tools for assessment of vulnerability (VA); and access control or user authentication (Patil et al., 2012). Any undesirable elements which may pose a threat for information security in cloud settings which can pass through firewalls are intercepted through IDS/IPS and VA technologies. VA tools serve to automate the checking of network vulnerabilities. Manually checking for vulnerabilities is impractical, if not impossible, owing to the frequency required for the checks to be made in order for them to make a difference in network security. One such VA tool, by Latis Networks, is called Vulnerability Assessment and Management (VAM). This VA tool identifies all network vulnerabilities and validates vulnerability repair processes. The products included on this VA tool include server, desktop and remote vulnerability assessment management. The VAM products as shown by the figure manage and assess vulnerability on different segments of the firm’s network. The figure shows VA tool installation and the products included in the tool can use a single machine and manage a network from a single user interface. The layered security approach, as shown in Figure 7, defends and protects against common attacks and threats that affect network security. The shaded regions in the figure show how VA products function and the common threats dealt with by the layered security model.

Figure 7: Example of Layered Network Security Approach

Source: Ashley, M (2003). Layered Network Security: A best-practice Approach. Latis Networks, Inc.

From years of working with these network-level security technologies, various weaknesses have been observed. Particularly IDS technologies are prone to false alarms, which alert the IT department of an organization of intrusion even if there is none (Patil et al., 2012). Another disadvantage of IDS technologies is that the frequency of false alarms can either cover or bury real malicious elements attempting to intrude the network security system. By experience, with the passage of time and the frequency of false alarms, IT personnel may get insensitive of intrusion alerts similar to how the boy who cried wolf in popular folklore was ignored by the people thinking that the call for help was not for real.

Additionally, while Ashley (2003) indicated that most IDS products commercially available have IPS in their core, the challenge of maintaining an optimum IPS/IDS system is borne by the IT security staff. Poorly optimized systems eat up resources, and worse, deny or terminate data requests from legitimate users. Another aspect to consider is that access control technologies available commercially or as integrative solutions by network security providers may not be compatible with an organization’s network devices. Solving this problem by using a number of access control systems entails additional costs. The most problematic aspect of such incompatibility issues observed from practice was that of using an integrated solution even from providers with good reputations which opens up more hazards than protection to the network. As indicated, a more experienced practitioner in data networking and network security observed that “implementing an integrated solution across your network may be difficult. Such a patchwork, multi-product approach may actually introduce additional vulnerabilities to your network” (Ashley, 2003).

It is, therefore, important that the cloud environment set up its authentication procedure properly to identify and intercept intruders and hackers invading the network. Authentication procedures distinguish between genuine clients on one hand, and viruses, worms or malicious attackers on the other. This prevents or avoids viruses, worms, or any other malicious items or deliberate attacks from infiltrating the cloud’s network of servers. Authenticating all users requesting access to cloud services ensures that only persons and programs which have been approved can gain access to the cloud (Chang, Jang, Ahn, Choi, 2011).

The third layer of security for the cloud environment is at the host security level, which pertains to devices such as routers, switches and servers. Devices used in the host level have configured parameters that must be set in an appropriate manner to avoid creation of exploitable security holes (Paquet, 2009). Some examples of parameters included in the host security level are registry settings and services on patches and devices. To provide security at the host level, there are technologies such as Host-based Vulnerability Assessments, Host-based Intrusion Detection Systems, Anti-Viruses, and Network Access Controls. The host-based IDs are similar to network IDs in performance. However, the major difference is that the host IDs use a single network device. Host IDs are characterized by a high degree of protection in cases of proper administration. The second technology is a Host-based VA tool, and it is used in scanning single network devices in security vulnerability. The devices are accurate, making it possible for them to make minimal demands on the resources used by the hosts. These must be properly administered for them to provide the required security. Network access control used at the host level protects individual host and the network. The control ensures that the host has all the required security measures such as firewalls. Anti-virus applications are another technology that provides security in the host layer. However, technology must be used together with network tools for better protection.

Application security is the fourth layer of security in cloud environment, and it has received increased attention (Ashley, 2003). Applications that are not properly protected provide an opportunity for unauthorized people to access confidential records and data. Technologies that provide security at the application level include application shield, input validation, and access control. Application shield is a type of application-level firewall. This application ensures that both requests that are outgoing and incoming have permissions from given applications. To perform their tasks, the application shields are installed on database servers, email servers and web servers. The major advantage of an application shield is that it is integrated on the backend, but transparent to the end users. Securing a web-based application may require some of the following measures:

· Input Validation: This is to determine the validity of the inputs that an application gets. This will ensure that an application receives valid and safe inputs. The application may filter inputs before additional processing can occur.

· Authentication: Authentication is the process of identifying another entity, typically through credentials which commonly includes a user name and password.

· Authorization: Authorization is the process that an application uses to control access to resources that an entity can make use of.

· Configuration Management: Configuration management determines how your application handles operational issues such versions of platforms and settings for interacting systems.

· Auditing and Logging: Auditing and logging determine to how an application records security-related events.

· Exception Management: This determines the handling of exceptional situations such as an error that an application may encounter.

· Session Management: A session refers to a set of interactions between a user and an application. Session management determines how an application handles and protects these interactions.

Data security is the fifth level of layered security in a cloud computing environment (Ashley, 2003). This level contains encryption and is a blend of policies which recommends that all data should be encrypted at all stages in support of other security measures. Encryption of data protects it across networks, depending on organizational policies, that gives details on the people authorized to access data. Technologies used in the data security level include encryption and user authentication or access control. In user authentication, it is only the authorized users who can get access to data as in other levels of security such as application, host and network. Implementation of data encryption is implemented at the operating system, application and data level. The most commonly used encryption strategies in the data level include PKI-based encryption strategies such as RSA and PGP (Bidgoli, 2006).

2.4 Additional Supporting Literature

Forman (2003), in his research, described the system architecture that is mainly applied in the development of a cloud computing system which involves multiple cloud components that are equipped with the convenience of operating over application program interfaces, web services and 3-tier architecture. The cloud computing model and the way it has been designed resembles much of the UNIX philosophy in which multiple programs are provided with the ability of performing single tasks and at the same time working together over universal interfaces. Another important feature that needs to be mentioned here is that the level of complexity in the entire cloud computing mechanism is controlled to a large extent due to its application and usage level which has also increased significantly.

Rogers (2008), in his work, also stated that the systems that result are much easier to manage as compared to their monolithic counterparts. The two significant features comprising the architectural foundations of cloud computing are known as the front end and the back end. The front part is the portion that can easily be viewed by the customer or the person using the computer.

This front end includes the client’s network and the applications which the client uses in the form of a web interface or browser. The back end of the architecture of the cloud computing structure comprises of the cloud itself which constitutes the different technical mechanisms and operations utilized in the execution of the entire operation which includes various computer systems, servers and other important data storage devices.

Sannella (1994) mentioned that the first tier involves the client which is the major component of the whole method through which it connects with the security of databases and subsequently WANs and LANs. In technological terminology, the meaning of client is applied to a different meaning and context. In the process of cloud computing, a cloud client comprises of computer hardware or software mechanisms that rely upon the cloud computing process for the delivery of the appropriate applications.

This first tier can also include the delivery of specifically designed processes and expertise related to cloud computing services. Some of the examples that can be included in the list of cloud clients are telephone companies, some specific types of computer systems, operating systems and internet browsers.

The next stage involves the application of the process. It is important to mention here that cloud applications involve the services of SaaS under the umbrella of which service the application is provided for over the Internet. With the convenience and its easy accessibility through the means of the Internet, the need and requirement for installing and running the program over the customer’s own personal computer has been eliminated. The applications features also tend to provide other associated benefits to the user which includes the facility of centralized feature updating which also obviates the need for downloading and upgrading of applications that are provided by the web browsers.

Bowman and Peterson (1993), through their work, shed light upon the deployment and mobility of applications without the complication of underlying hardware and software mechanisms which is largely averted along with WANs and LANs. This feature and tier of infrastructure ensures that, with the help of cloud infrastructure, a platform virtualization is made available in the form of a service.

Instead of wasting money on the purchase of servers and other integral equipment, cloud infrastructures provide them the amenity of outsourcing these services on a permanent basis. The last tier of servers comprises of computer software and hardware that are designed specifically for ensuring convenient and hurdle free accessibility of cloud computing services. These services include multi-core processing systems and the usage of operating systems which are used specifically for cloud computing requirements.

Marks & Lozano (2003) reported that in the ever changing world of today, even cloud databases and their respective mechanisms are constantly evolving and in relation to that, even the technologies that are related to this phenomenon are undergoing constant innovation. For consumer usage, the database that is being used by cloud computing technology is being developed and evolved on web2.0 basis. With unprecedented developments taking place in the sector of social media, user-generated content which is made available by this technology is gaining access which is also coupled with the level of trans-national business applications that are being utilized in this sector.

Sosinsky, (2011) stated that, for the conducting of effective business applications, it is important that the cloud computing databases must be compliant in the case of WAN and LAN with Atomicity, Consistency, Isolation, and Durability,(ACID) . To have better understanding of ACID, it is also important to consider examples of cloud computing databases and the way they can be applied to businesses in contemporary methodology.

Shroff (2010) explained that if a certain database is used for the powering of a cosmetic based website, and if the user Googles it with a certain specific shade of lipstick, he or she will immediately receive a long list of sites to visit. This is done in order to prevent him or her from visiting another competing website. If the website says that the preferred cosmetic is available in their inventory and completes the sale, this would be a result of inconsistent data which has led to the blockade of the entire transaction. The example clearly shows that, due to the presence of inconsistent data and other factors that may be present, the absence of cloud computing databases can affect business and other related commercial operations.

Several organizations find themselves attracted to virtualization and cloud computing architectures for many benefits, only to find that the complexity of ensuring adequate data safety is simply too great an obstacle. But adoption of these technologies by businesses is essential.
When deploying a storage solution for distributed database monitoring, businesses will find that it is not possible to protect sensitive information in these emerging computational models, compared to efficient and effective data security through their dedicated database servers.

The only way to ensure that databases run on virtual machines or in a cloud environment, without sacrificing the enormous advantages of these new architectures, is to use a software solution that shares the flexibility of virtual machines and cloud computing. The challenge is to create host-based solutions that do not suffer the same shortcomings that old host-based solutions had. These problems include intrusive implementations, performance problems, and the need to adapt quickly to new and changing environments, such as new operating system versions, new versions of applications, etc. Nair (2008) provided an overview of three basic approaches to the problem of the monitoring of databases. In a review of Nair, he describes three approaches:

A software-only approach typically requires turning on some level of native database auditing from which the software agent gathers data.

Another relatively new approach to database monitoring is to use a network appliance to monitor database traffic. These appliances either run as passive devices connected to a mirroring or Switched Port Analyzer (SPAN), or act as in-line devices, i.e., essentially database firewalls.

Finally, a combination of network appliances and local software auditing is an ideal way to address data activity monitoring in an enterprise. This maximizes the overall coverage of the auditing solution (Nair, 2008, 2-3).

While monitoring can protect the database, should an IT professional assess the shortcomings of this method by referring to the organization? It should especially pay attention to such limitations as stored procedures and triggers, encrypted network connections, pooled environments, and Security Incident and Event Management (SIEM) systems (Nair, 2008, p. 3).

The worth of this proposed study is obvious because it is done by industry professionals that have vast background and experiences. Furthermore, this study is backed up with the particular data and presentations that are the tools to facilitate the understandings regarding the proposed research topic and its related aspects.

When moving a database cloud, it is necessary to establish safety requirements. The cloud, which is dynamically scalable and utilizes virtualized resources are available for use on the Internet (Gartner, 2008) but database security is a problem because of the virtual set up and its use. Safety is important with regard to various IT services which may be provided through the cloud. “IT services types that can be provided through a cloud are far reaching. Computer facilities provide computational services so that users can use central processing unit (CPU) cycles without buying computers. Storage services provide a way to store data and documents. Different companies offer CRM services through its Multi-tenant shared facilities so clients can manage their customers without buying software. These are just the beginning of the provisions of all kinds of complex capabilities of enterprises and individuals” (Gartner, 2008). It is important to understand the latest security methods and current trends that block systems against potential threats. Existing methods and approaches are then applied to the current setting of cloud technologies.

Chapter 3: Methodology

3.1 Introduction

This section presents the general procedures and techniques which are deemed appropriate in the conduct of this research, which covers activities from the collection and analysis of data, to the interpretations of results. The discussion presents a systematic analysis and organization of both principles and processes in carrying out a scientific inquiry (in Etheridge, 2004). Research design, sampling design, instrumentation, validation of the quantitative research instrument, data gathering procedure, and statistical treatment of data are presented in sufficient detail

The research design presents a systematized plan employed by the researcher to address the objectives of the paper in a valid, objective, accurate and economical manner. As De Vaus (2001) explained, a sound research design ensures that the evidence obtained can help address the research questions. As hinted under the nature of the research in Section 1, this research adopted a mixed methods research design. In a mixed methods approach, qualitative methods, together with quantitative methods, are both utilized. This is deemed as the best approach to the problems posed in this research, taking the cue from Hesse-Biber (2010). In this research, findings from the qualitative method, particularly content analysis from technical literature reviewed for this document, were compared with the results from the quantitative method performed through a survey. The comparison is aimed towards triangulation to ascertain whether theory matches practice.

A population, in research and in statistics, is defined by Burt, Barber & Rigby as the “total set of elements (objects, persons, regions, neighborhoods, etc.) under examination in a particular study” (Burt, Barber & Rigby, 2009, p. 4). These elements possess specified characteristics of interest in this study. On the other hand, sampling is defined by LoBiondo-Woods &Haber as “the process of selecting representative units of a population for study in a research investigation” (LoBiondo-Woods & Haber, 2006, p. 261). Sampling involves a procedural determination of the number of elements drawn from the population, called the sample size. The most important reason for using sampling is economic – to reduce the cost of collecting data. Other reasons for sampling which are applicable to the present study include: processing speed, accuracy, and accessibility (LoBiondo-Woods & Haber, 2006; Black, 2010).

A non-probability method of sampling was used in the quantitative strand of this research. In non-probability sampling, some elements of the population may have no chance of being included in the sample, and hence, the level of representation of a sample taken using this technique cannot be demonstrated scientifically (Austin and Pinkleton, 2006). This method of sampling is especially suited for studies which aspire to explore and generate theory or ideas as enunciated in Gray, Williamson, Karp, and Dalphin (2007).

3.2 Research Design

Research is a demanding activity that requires multiple skills. The researcher must not only know how to administer, organize, manage and create projects, but he must also have skills in oral and written communication and , of course, have good training in the field of his research as well in research methodology.

The quantitative strand of the research will involve the participation of a number of respondents, comprising of IT administrators or IT staff, involved in networking and database management administration from business organizations which are subscribed to cloud computing technology and are based in Colorado Springs. Colorado. Purposive sampling or judgment sampling, which is a non-probability sampling, will be used in the selection of respondents. As described in Anderson, Sweeney, and Williams (2009), in judgment sampling, persons who are deemed knowledgeable on the topic of the study and are thus, representative of the population of interest, are selected based on the decision of the researcher.

Contact details of prospective respondents will be sourced from company websites. Respondents will be then sent invitations by email or telephone calls to inform them about the survey and request their participation. Informed consent forms will be sent to all respondents by email. Prospective respondents will be requested to read the form carefully. The informed consent specifically states that respondents who agree to join the survey will take charge of getting the necessary permission from their respective organizations to do so. After they receive permission, they will be requested to affix their signatures electronically and send back the consent form to the researcher. The respondents will have options to complete the survey either by emailed questionnaires or by a short telephone interview. The questionnaire is listed in Appendix A of this report.

3.3 Goals of Research

Descriptive and inferential statistics will be used in the analysis of quantitative data. Four items will be included in the survey.

The first item will inquire about whether they have encountered experiences where cloud computing compromised data in their databases.

The second item will get their views on the assessment of the level of their network and/or database security.

The third and fourth items will look into the advantages and type of problems, respectively, encountered by the respondents pertaining to database security and management in cloud computing.

3.4 Methodology and Research Questions

For the first item, the responses will be analyzed using inferential statistics, particularly chi-square analysis. The following null and alternative hypotheses will be evaluated for this item:

Null hypothesis: There was no significant difference in the distribution of instances of compromised database security in the cloud computing environment between small- and medium-sized businesses in the research locale.

Alternative hypothesis: There is a significant difference in the distribution of instances of compromised database security in the cloud computing environment between small- and medium-sized businesses in the research locale.

For the second item, the responses will be analyzed using inferential statistics, particularly, independent samples t-test. The following null and alternative hypotheses will be evaluated:

Null hypothesis: There is no significant difference in the level of database security between small- and medium-size organizations in the research locale.

Alternative hypothesis: There is a significant difference in the level of database security between small- and medium-size organizations in the research locale.

For the third and fourth items, the responses will be analyzed using descriptive statistics, particularly, frequency and percentage distributions. The data will be reported as bar graphs.

Summary

My choice to study cloud computing in my Doctoral program was because of the fact that cloud computing is one of the five most promising technologies in the future. Cloud computing has already been established to introduce well-deserved cost savings for businesses which opt to use cloud computing as compared to traditional information systems (Dinkar & Geetha, 2011). This fact can be exemplified by the fact that the Obama Administration is in total support of moving all government systems to the cloud to minimize operational expenditure within the government.

My research proposal has established that there are serious security concerns when it comes to cloud computing. Since cloud computing is the future of computing, I have taken a first step to study security challenges in cloud computing which need to be addressed in order to secure the future of cloud computing. In my future Doctoral research work, I would like to keep researching in the field of cloud computing to find out the best possible solutions for the security challenges which I have identified within my work. These challenges will further be studied while focusing on the networking section of cloud computing. My research will include a deep examination of the security issues which surround the networking aspect of cloud computing keeping the application, storage, and connectivity in view.

To further my work, I will then move into the next area of my research which will be to seek to unearth the most probable trends of cloud computing. This will ensure that I complete a two-stage research project whose first stage will include the detailed examination of the security challenges of cloud computing and the solutions which can be adopted by businesses to mitigate such security issues. This will be particularly important because, for cloud computing to move to the next step, the academic and professional community must provide solutions to the security challenges in cloud computing. Once these solutions have been proposed, I will move further to research, predict and make proposals of the next trends of cloud computing.

In conclusion, my research work within will involve a 1-2-3 part (component) study which will involve (1) a detailed examination of the issues and challenges facing cloud computing; (2) a proposal of solutions to the identified challenges and issues and; (3) an examination of the probable future of cloud computing beyond the currently available functionalities. This will be the epitome of my work and it will provide the professional and academic community with insights into the future of cloud computing, establishing the contribution of my work to society.

References

Antonopoulos, N. & Gillam, L. (2010). Cloud computing: Principles, systems and applications.

London: Springer.

Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., Lee, G., Patterson,

D., Rabkin, A., Stoica, I. & Zaharia, M. (2009). “Above the Clouds: A Berkeley View of Cloud Computing.” Electrical Engineering and Computer Sciences, University of California at Berkeley. Retrieved on April 14 2013 from: http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.pdf

Bernard, H. R. (1995). Research methods in anthropology (2nd ed.). London: SAGE.

Boran, S. (2003). IT Security Cookbook . New York: Magma.

Bowman et al. (1993). Reasoning about naming systems.ACM Transformation Program. Retrieved from http://dl.acm.org/citation.cfm?doid=161468.161471

Brooks, C. (2009, November 16). SaaS and the future of cloud rosy. Retrieved from http://www.CloudComputing.com

Bryman, A. (2008). Social research methods (3rd ed.). Oxford: Oxford University Press.

Buyya, Rajkumar, Broberg, J. & Goscinski (2011). Cloud Computing Principles and Paradigms. Hoboken, New Jersey: John Wiley & Sons, Inc.

Canavan, J. E. (2001). Fundamentals of network security. Norwood, MA: Artech House.

Chen, Y., Paxson, V., & Katz, R. (2010). What’s new about cloud computing security? Technical Report No. UCB/EECS-2010-5.

Chen, T. M. & Abu-Nimeh, S. (2011). Lessons from Stuxnet. Computer, 44(4):91-93.

Chou Y. (2011). “Chou’s Theories of Cloud Computing”, Retrieved on April 10 2013 from: http://blogs.technet.com/b/yungchou/archive/2011/03/03/chou-s-theories-of-cloud-computing-the-5-3-2-principle.aspx

Chow, R., Golle, P., Jackobsson, M., Shi, E., Staddon, J., Masouka, R. & Mollina, J (2009). Controlling data on the cloud: outsourcing computations without outsourcing control. Proc. Cloud Computing Security Workshop (CCSW09), pp. 85–90

Clarke, R. A. & Knake, R. K. (2012). Cyber War: The Next Threat to National Security and What to Do about It. New York: Ecco, an imprint of HarperCollins Publishers.

Cleveland, T. (2009). Database security in a cloud computing environment’ IT World.Cloud Security Alliance (2010). Top threats to cloud computing V1.0. https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf

Cloud Security Alliance (2011). Security guidance for critical areas of focus in cloud computing V3.0. https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf

Fennelly, Lawrence J. (2004). Effective Physical Security. Butterworth-Heinemann.

Fern´andez, A., Peralta, D., Herrera, F. & Ben´ıtez, J. M. (2012). “An Overview of E-Learning in

Cloud Computing.” Workshop on LTEC 2012, AISC 173, pp. 35–46.

Ferrari, D., & Verma, D. C. (1989). A scheme for real-time channel establishment in wide-area

networks. International Computer Science Institute.

Ford, B. (2012) “Icebergs in the clouds; the other risks of cloud computing.” Proc. 4^th Workshop

on Hot Topics in Cloud Computing, arXiv:1203.1979v2, 2012.

Forman, G. (2003). An extensive empirical study of feature selection metrics for text classification . J. Mach. Learn.

Forouzan, B. A. & Fegan, S. C. (2003). Local area networks. Boston: McGraw-Hill.

Fortier, P. J. & Desrochers, G. R. (1990). Modeling and analysis of local area networks. Boca

Raton: CRC Press.

Furht, B. & Escalante, A. (2011). Handbook of data intensive computing. New York: Springer.

Galbreath, Nicholas & Galbreath, Nick. (2002). Cryptography for Internet and Database Applications. Hoboken, New Jersey: John Wiley & Sons, Inc.

Gartner Group (2008). “Gartner’s hype cycle report, 2008. Technical report.” Gartner Group.

Retrieved on April 10 2013 from: http://www.gartner.com/.

Geelan, J. (2008). Twenty one experts define cloud computing.” Virtualization. Retrieved on

April 10 2013 from: http://virtualization.sys-con.com/node/612375.

Gentry, C. (2009). “Fully homomorphic encryption using ideal lattices.” Symposium on the

Theory of Computing (STOC), pp. 169-178.

Goldman, J. E. & Rawles, P. T. (2000). Local area networks: A business-oriented approach.

New York: Wiley.

Gillam, L. (2010). Cloud computing: Principles, systems and applications. London: Springer-Verlag.

Groth, D. & Skandler, T. (2009). Network and Study Guide, Fourth Edition. New York: Sybex Inc

Howe, K. R. (1988). Against the Quantitative-Qualitative Incompatibility Thesis or Dogmas Die Hard. Educational Researcher, 17(8), 10-16.

Hurwitz, J., Bloor, R., Kaufman, M., & Halper, F. (2010). Cloud Computing for Dummies. Hoboken, New Jersey: John Wiley & Sons, Inc.

Iachello, G. & Hong, J. (2007). End-user privacy in human-computer interaction. Foundations and Trends in Human-Computer Interactions, 1(1):1-137.

ITA. (1998). Implementation of technology: A developer’s guide to assessment of progress. –. Retrieved from https://www.howard.edu/.../Implementation%20of%20Technology--Assess%20Rubric.pdf

Jaeger, T., & Schiffman, J. (2010). Outlook: Cloudy with a chance of security challenges and improvements. IEEE security & privacy, 1(2), 77-80.

Jamil, E. (n.d). “What really is SOA. A comparison with Cloud Computing, Web 2.0, SaaS,

WOA, Web Services, PaaS and others.” Soalib Incorporated. Retrieved on April 10 2013

from: http://soalib.com/doc/whitepaper/SoalibWhitePaper_SOAJargon.pdf

Johnson, B. R., & Onwuegbuzie, A. J. (2004). Mixed Methods Research: A Research Paradigm whose time has come. Educational Researcher, 33(7), 14-26.

Kaeo, M. (2004). Designing network security. Indianapolis, IN: Cisco Press.

Kaufman, L. M. (2009). Data security in the world of cloud computing, security and privacy. J Inter. Security, 7(4), 56-62.

Khare, R. (2006). Network security and ethical hacking. Beckington: Luniver Press.

King, R. (2008). Cloud computing: Small companies take flight. Retrieved from http://www.businessweek.com/technology/content/aug2008/tc2008083_619516.htm

Kundra, V. (2012). Federal Cloud Computing Strategy. Federal IT , 1-33.

Kyriazis, et. al. (2010). A real-time service oriented infrastructure. International Conference on Real-Time and Embedded Systems . Singapore.

Lim, H. C., Babu, S. & Chase, J. S. (2010). Automated control for elastic storage. New York:

ACM Press.

Lim, H. C., Babu, S., Chase, J. & Parekh, S. (2009). Automated control in cloud computing:

challenges and opportunities. New York: ACM Press.

Lorido-Botran, T., Miguel-Alonso, J., & Lozano, J. (2012). “Auto-scaling Techniques for Elastic

Applications in Cloud Environments: Technical Report EHU-KAT-IK-09-12.” EHU.

Retrieved on April 10 2013 from: http://www.sc.ehu.es/ccwbayes/isg/administrator/components/com_jresearch/files/publications/autoscaling.pdf

MacVittie, L. (2009). “Load balancing is key to successful cloud-based (dynamic)

architectures.” DevCentral Home. Retrieved on April 14 2013 from:

http://devcentral.f5.com/weblogs/macvittie/archive/2009/01/23/loadbalancing-

is-key-to-successful-cloud-based-dynamic-architectures.aspx.

Accessed on 3 March 2010.Marks, E. A., & Lozano, B. (2009). Executive's guide to cloud computing. London: John Wiley and Sons.

Marinescu, D. (2012). “Cloud Computing: Theory and Practice.” University of Central Florida.

Retrieved on April 10 2013 from: http://www.cs.ucf.edu/~dcm/LectureNotes.pdf

McCarthy, S. (2011). Proven Practices: A Proven IT Study. IDC Government Insights.

Mell, P., and Grance, T. (2011). “The NIST Defintion of Cloud Computing”, Retrieved on April 10 2013 from: http://pre-developer.att.com/home/learn/enablingtechnologies/The_NIST_Definition_of_Cloud_Computing.pdf

Nair, M. S., Kevathy, R. & Tatavarti, R. (2008). An improved decision-based algorithm for

impulse noise removal. Image and Signal Processing, 1, 426-431

Nichols, R. K., & Lekkas, P. C. (2002). Wireless security: Models, threats, and solutions. London: McGraw-Hill.

McFedries, P. (2008). “The cloud is the computer.” IEEE Spectrum Online. Retrieved on April

10 2013 from: http://www.spectrum.ieee.org/aug08/6490.

Members of EGEE-II (2008), An EGEE comparative study: Grids and clouds - evolution or

revolution. Technical report. Enabling Grids for E-science Project. Retrieved on April 10

2013 from: https://edms.cern.ch/document/925013/.

McNamara, J. E. & Romkey, J. (1996). Local area networks: An introduction to the technology.

Boston: Digital Press.

Milojicic, D. (2008). Cloud computing: Interview with Russ Daniels and Franco Travostino.

IEEE Internet Computing, 5, 7–9.

Nayak, S. & Yassir, A. (2012). Cloud Computing As an Emerging Paradigm. International Journal of Computer Science and Network Security, 12(1): 61-65

Nichols, R. K., & Lekkas, P. C. (2002). Wireless security: Models, threats, and solutions . London: McGraw-Hill.

Pauly, M. (2013). “Cloud Computing End-To-End. Why Preparation Is Everything.” T-Systems.

Retrieved on April 14 2013 from: http://www.t-systemsus.com/umn/uti/508254_2/blobBinary/Backgrouder_DS-ps.pdf

Rannenberg, K., (2010). Security privacy - silver linings in the cloud: Proceedings. Berlin:

Springer.

Reda, J. F., Reifler, S., & Thatcher, L. G. (2005). Compensation committee handbook (2nd ed.). Hoboken, New Jersey: John Wiley & Sons, Inc.

Rhee, M. Y. (2003). Internet Security. Hoboken, New Jersey: John Wiley & Sons, Inc.

Rittinghouse, J. W. & Ransome, J. F. (2010). Cloud Computing Implementation, Management, and Security. Taylor and Francis Group, LLC.

Rogers, R. (2009). The end of the virtual: Digital methods. Amsterdam: Vossiuspers UvA.

Salomon, David. (2003). Data Privacy and Security. Springer.

Sannella, M. J. (1994). Constraint satisfaction and debugging for interactive user interfaces. Doctoral Thesis. University of Washington.

Shroff, G. (2010). Enterprise cloud computing: Technology, architecture, applications. Cambridge University Press.

Sosinsky, B. (2011). Cloud computing bible. John Wiley and Sons.

Savage, T. M., & Vogel, K. E. (2013). An introduction to digital multimedia. Burlington, MA:

Jones & Bartlett Learning.

Stallings, W. (2000). Local and metropolitan area networks. Upper Saddle River, NJ: Prentice

Hall.

Stockinger, H. (2007). Defining the grid: a snapshot on the current view. The Journal of

Supercomputing, 1, 3-17.

Tavel, P. (2007). Modeling and simulation design. AK Peters Ltd.

UNESCO (2010). Cloud Computing In Education.” UNESCO Institute for Information

Technologies in Education. Retrieved on April 10 2013 from: http://iite.unesco.org/pics/publications/en/files/3214674.pdf

Urgaonkar, B., Shenoy, P., Chandra, A., Goyal, P. & Wood, T. (2008). Agile dynamic

provisioning of multi-tier Internet applications. ACM Transactions on Autonomous and Adaptive Systems, 3(1), 1-39.

Vaquero, L., Rodero-Merino, L., Caceres, J. & Lindner, M. (2009). A Break in the Clouds:

Towards a Cloud Definition ACM. SIGCOMM Computer Communication Review,39(1),

50-55.

Weiss, A. (2007). Computing in the clouds. Networker, 4, 16-25.

Yao, A. C. (1986). “How to Generate and Exchange Secrets.” Proceedings of the 27 Annual IEEE Symposium on Foundations of Computer Science, 1986, pp.162-167.

Dinkar, S., & Geetha, M. (2011). Moving to the Cloud: Developing Apps in the New World of Cloud Computing. Elsevier.

Shakunthala, & Rangarajan. (2010). Emerging Trends in Computing 2010. Allied Publishers.

Appendix A

Survey Questionnaire

Please provide the following information by ticking the options provided or writing your response when applicable.

Position: ¡ IT Administrator

¡ IT Staff in charge with network security and/or database management

Type of Business Organization Represented: ¡ Small

¡ Medium

¡ Large

Organization Represented is Subscribed to Cloud Technology ¡ Yes

¡ No

Have you encountered issues regarding compromised data in cloud computing?

¡ Yes

¡ No

What is the current level of network security in your organization?

¡ Low

¡ Medium

¡ High

From experience, have you observed the following advantages of cloud computing in your organization? Feel free to add more on the space provided. How often are these advantages observed?

Access to a wide array of resources	¡ Always	¡ Very Often	¡ Often	¡ Sometimes	¡ Never
Flexibility	¡ Always	¡ Very Often	¡ Often	¡ Sometimes	¡ Never
Increased productivity	¡ Always	¡ Very Often	¡ Often	¡ Sometimes	¡ Never
Reduced capital expenditures	¡ Always	¡ Very Often	¡ Often	¡ Sometimes	¡ Never
Rapid implementation	¡ Always	¡ Very Often	¡ Often	¡ Sometimes	¡ Never
Reliability	¡ Always	¡ Very Often	¡ Often	¡ Sometimes	¡ Never
Scalability	¡ Always	¡ Very Often	¡ Often	¡ Sometimes	¡ Never
___________________________	¡ Always	¡ Very Often	¡ Often	¡ Sometimes	¡ Never
___________________________	¡ Always	¡ Very Often	¡ Often	¡ Sometimes	¡ Never
___________________________	¡ Always	¡ Very Often	¡ Often	¡ Sometimes	¡ Never

From experience, have you observed the following problems/issues regarding cloud computing in your organization? Feel free to add more on the space provided. How often are these advantages observed?

Access to a wide array of resources	¡ Very Often	¡ Often	¡ On the Average	¡ Sometimes	¡ Never
Security issues	¡ Very Often	¡ Often	¡ On the Average	¡ Sometimes	¡ Never
Interoperability	¡ Very Often	¡ Often	¡ On the Average	¡ Sometimes	¡ Never
Compatibility	¡ Very Often	¡ Often	¡ On the Average	¡ Sometimes	¡ Never
___________________________	¡ Very Often	¡ Often	¡ On the Average	¡ Sometimes	¡ Never
___________________________	¡ Very Often	¡ Often	¡ On the Average	¡ Sometimes	¡ Never
___________________________	¡ Very Often	¡ Often	¡ On the Average	¡ Sometimes	¡ Never

Tai Cleveland Doctorate Student at Colorado Technical University

Saturday, July 26, 2014

Dr. Tai Cleveland Literature Review

Chapter 1: Introduction

1.1 Background and Purpose of Study