Seven security concerns in the cloud

The basic concept of cloud computing emerged in the 1950s when mainframe computers were coming to the fore and users would instigate processing from their dummy terminals. However, in modern parlance, cloud computing represents much more in that the dummy terminals are no longer simple input/output devices but might themselves be high-powered desktop workstations, laptops, tablets and smart phones accessing, not a mainframe, but a distributed network of servers, processors, sensors and other remote equipment.

There are many advantages of taking tasks into the cloud for individuals, companies and organizations, including location independence, scalability, flexibility, reliability (and remote upgrades), multi-tenancy and space saving. cloud computing service, which provides worthy benefits on a pay-per-use basis, will propagate rapidly and change the way many organizations carry out their function. However, recent high profile outages and security breaches have hinted not every cloud has a silver lining. Writing in the International Journal of Cloud Computing, Tawfiq Alashoor of The Pennsylvania State University-Capital College, in Middletown, Pennsylvania, explain that in addition to the critical security issues pertaining to confidentiality, integrity, availability, and auditing of cloud computing services, there are seven primary issues that must be considered by those organizations who wish to make use of such systems:

1 Location of data stored: many users are uncomfortable not knowing precisely where their data is stored, particularly if the need for data confidentiality is very high. Moreover, some providers establish data centers in regions where data privacy laws may be inadequate if they exist.

2 Protection level: the level of protection in the cloud for data transmission and deletion may not be appropriate.

3 Multi-tiered service: providers sometimes use different vendors’ services to deliver computing services which exacerbates the level of security concern for consumers due to a multi-tiered service in which security policy and data distribution variations exist amongst vendors.

4 Sharing the cloud: for instance the public cloud serves more than one subscriber which gives rise to data privacy concerns. The threat of sharing data in a network serving many users has been described by others as “the tragedy of the commons”.
5 Application programming interfaces (APIs): the security level of applications used among applications for interoperability, such as tokens and cookies, is an issue.

6 Data breach activities: consumers might be more anxious about the impact of any data breach or hacking act to the cloud, because the consequences could be more substantial than those when a single physical server of their own is compromised.

7 Level of control: in most cases, consumers have low levels of control on the cloud.

Alashoor, T. (2014) ‘Cloud computing: a review of security issues and solutions’, Int. J. Cloud Computing, Vol. 3, No. 3, pp.228–244.

Author: David Bradley

Award-winning, freelance science writer based in Cambridge, England.