Research Paper on Cloud Security and Related Compliance Issues

Introduction

Cloud computing is a technological advancement that has saved firms and individuals time and money. By definition, cloud computing is the practice of making use of remote servers to manage, process, and store data on the internet. The concept reduces the operational costs incurred by an individual or firm when hosting services and data. However, with the introduction of cloud computing, there was a need to enhance the security of the clouds to ensure the data stored in secure and accessible to authorized parties (Mathkunti, 2014). Various researchers have questioned the nature of adequate security measures required but according to Brunette and Mogull (2009), security is enforced in the customary way security control is implemented in a traditional IT environment. The only difference is the assets in use since they are distributed. In the essay, I will look at cloud security and the related compliance issues.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Using the cloud services requires some form of decorum to be followed. Cloud compliance is the required decorum and requires those seeking the services of cloud backup or storage services to adhere to the rules. Logically, data stored in the cloud moves from one's device's internal storage to the remote servers and it is prudent to understand the architecture of the cloud to ensure one conforms to the rules and regulations of the industry. Cloud compliance entails knowing what should be stored on the cloud, what should remain in the internal storage of one's device, the terms to be documented into Service Level Agreements (SLAs), and the necessary questions to ask in order to remain compliant to the industry rules and regulations. Compliance enhances cloud security by ensuring individuals and firms understand that data can be intercepted during transfer and practices such as encryption can help in preventing data manipulation or alteration (Kumar, 2016).

To offer on-demand computing services and resources, cloud computing has centralized server resources on a scalable platform despite having a distributed architecture. To understand compliance issues, one needs to understand the various stakeholders involved such as the CSPs (Cloud Service Providers), MSPs (Managed Service Providers), and ISPs (Internet Service Providers). Additionally, one needs to understand the services being offered such as PaaS (Platform as a service), IaaS (Infrastructure as a service), and SaaS (Software as a service) (Peng, 2012). When one understands the stakeholders and services on offer, one can make informed decisions on the state of compliance required or achieved. Clouds are a novel trend taking over from the grid system and one advantage of the clouds is that a user does not require to have expertise or knowledge to control the infrastructure. One can get is as a service where the user accesses the services through a web browser.

Despite the cloud offering various solutions to existing problems, it has its fair share of security issues. Some of the issues include access to applications and servers, data security, data location, data privacy, data transmission, patch management, data integrity, data availability, network security, data segregation, and virtual machine security. There needs to be some form of compliance to ensure the above issues are handled effectively. For instance, with network security, there is need to classify the network appropriately - whether shared, non=shared, private, public, and so on = to control problems associated with network level security such as sniffer attacks, DNS attacks, and reused IP addresses (Miller, 2004). Since data is stored on remote servers, there is a need for packet flow in the network to transmit data. However, failure to comply with the set guidelines and rules can result in sniffer attacks where data is captured during transmission.

Generally, cloud computing can be deployed in three different models namely public, private, and hybrid clouds (Solomon, 2018). Public clouds are hosted externally and the owners of a business have to deal with a vendor offering cloud computing services. Unlike public clouds, private clouds are hosted within an organization and the owners of a business do not have to deal with external vendors to acquire the services. A hybrid cloud is a combination of both the public and private clouds. Some of the benefits of cloud computing include increased efficiency, reduced costs, increased flexibility and easier deployment. However, cloud computing has some compliance risks such as data governance. Occasionally, providers of cloud services may fail to commit to the signed SLA. In such cases, the providers have full control of the customers' data. Such instances pose a security risk since customers believe the vendors have secured their data.

Conclusion

Conclusively, one of the major cloud computing security issues is compliance. Lack of compliance subjects one party to relying on another to safeguard the data. Cloud compliance is the required decorum and requires those seeking the services of cloud backup or storage services to adhere to the rules. Additionally, the sharing of resources is another issue facing cloud computing and has led to an increase in the security risks. Compliance enhances cloud security by ensuring individuals and firms understand that data can be intercepted during transfer and practices such as encryption can help in preventing data manipulation or alteration.

References

Brunette, G., & Mogull, R. (2009). Security Guidance for Critical Areas of Focus in Cloud Computing V2.1. Cloud Security Journal. Retrieved from https://cloudsecurityalliance.org/csaguide.pdf

Kumar, R. (2016). Cloud computing and security issue. International Journal Of Engineering And Computer Science. doi: 10.18535/ijecs/v5i11.18

Mathkunti, N. (2014). Cloud Computing: Security Issues. International Journal Of Computer And Communication Engineering, 3(4), 259-263. doi: 10.7763/ijcce.2014.v3.332

Miller, A. (2004). Is malware wrecking your computer?. Network Security, 2004(2), 5-6. doi: 10.1016/s1353-4858(04)00034-0

Peng, X. (2012). Efficient Construction Scheme of Software Service Outsourcing Industry. Journal Of Software, 7(11). doi: 10.4304/jsw.7.11.2583-2590

Solomon, J. (2018). Understanding different types of cloud computing and their benefits - Chargebee's SaaS Dispatch. Retrieved from https://www.chargebee.com/blog/understanding-types-cloud-computing/