Security of Cloud Computing
Service-on-demand is a very useful way to have access to the services and not worry about having something that does not need to be used all the time. It saves the space, money, time, the consumption of resources, and preserves the environment. Taxi, for example, is very useful in the big cities, where having a car is not as great as it could look like.
What is about the information technologies? In order to illustrate the situation one should just think about the number of programs that are not used all the time but users have paid money for them. Email programs, text processing programs, pictures’ processing programs, and others might not be used all the time but they are still present. In addition, all the data is concentrated on one particular device. It is not safe and limits users in regards to the ability of having access to this information. Cloud computing solves most of these issues (Bourke). This paper is aimed to explore the concept of cloud computing, describe the principles of work, present the main features, evaluate the architecture of the typical “cloud”, assess the benefits and drawbacks of the concept in order to provide appropriate background for understanding such issues as privacy and security in this area.
The idea of cloud computing is in the providing users with services on their demand, as it is realized with electricity grid. It is Internet-based computing, where services’ providers use their shared servers in order to provide resources, software, and data to the users’ computers and other devices, only if it is needed. This concept is a natural evolution of the earlier virtualization, utility computing, and service-oriented architecture models (Schauland).
The architecture of the cloud system is created by the systems architecture of the software systems that constitute the cloud. A typical architecture consists of numerous cloud components that communicate with each other, utilizing application programming interfaces. The cloud is usually based on the web services. The idea is in the following: multiple programs, each of which is able to do one thing very well, work together via universal interfaces (Schauland).
Cloud computing architecture has two most significant components: the front end and the back end. The part, which is seen by the client (end user), is the front end. The front-end part includes the network or computer of a client and the application that is used to establish access to the cloud via user interface (web browser, for example). The back-end part, accordingly, is the cloud itself. This part includes computers, servers, data storage devices, infrastructure, networks, and everything else needed to create the computing power, sufficient for serving cloud clients (Schauland).
The main benefits of its usage are as follows: flexible services, provided “on demand”; lower cost of necessary equipment and reduced expenditures for maintenance and support; incredible independence from place and device; improved security and reliability; substantial scalability; and progressive nature (Bourke).
Costs’ benefits are connected with the initial idea to refuse the use of separate powerful computers for each employee, for example, if the same operations can be performed in the cloud from much less powerful devices. Independence from place and device is an obvious benefit, since users are able to have access to the services and their information from anywhere and anytime.
Security and reliability are improved in the cloud computing because of the utilization of new principles of the data centers organizations (Bourke). They are centralized, which makes it easier to protect them, but the services are distributed, which makes the disaster recovering much faster. Finally, the progressive nature of the concept is the main benefit of cloud computing, because it is continuously developing. It makes cloud computing better and adds new features much faster than in case of the old-fashion computer systems.
The main benefit of cloud computing, the independence from place and device, is directly dependent on the availability of the Internet connection and it is the main disadvantage of cloud computing as well. If there are no opportunities to get access to the Internet, the services and data are not available. Such state of things limits the application of cloud computing worldwide (Bourke).
According to Friedman and West, security in the cloud computing should comply with the following principles: confidentiality, integrity, availability, accountability, and resilience. Thus, confidentiality stands for keeping data private, supported by efforts of users and services providers, as well as by technical tools (encryption, access control, etc.). Integrity refers to the confidence that the data stored in the cloud is the same one that was placed there and it has not been altered anyhow by the unauthorized third parties. Availability is, clearly, the most crucial issue, because it is one of the key features of cloud computing (Vizard; Friedman & West). It must be assured by any means necessary. Accountability tracks actions in a cloud so it would be easy to identify parties responsible for different activities. Assurance refers to the necessity of system behavior as it has been specified by service provider. The clients should not worry that services might not work as the have to. Finally, resilience in a system stands for the opportunity to deal with different security threats rather than just failing with providing services (Vizard; Gillam).
The entire concept of cloud computing is built on sharing resources in the networking environment. Therefore, the level of risks heightens by default. The control mechanisms of the computers engagement in a cloud can be attacked and thus, third parties could break the isolation between users and gain unauthorized access to data or resources (Duvall; Violino). Another potential threat to security could be outlined as forging credentials in order to gain access to the cloud privileges of as user. For instance, an emailed password in the cloud environment being in possession of a wrong person can put security of an entire organization at risk (Duvall; Violino).
Additionally, the data that is no longer in use and that is stored in the cloud should be either properly deleted or protected with additional encryption. Remote server in the cloud is not the best place for storing sensitive data in regards to security, even if it is not used. Finally, it is not that easy to appropriately limit access to a computer within a cloud or detect inappropriate use of it (Friedman & West).
The same technologies have changed the medical industry substantially as well. The things is in the shift in patients’ records management area. Such concept as personal health record (PHR) has emerged in the past few years and it can be described as a patient-centric model that allows heath information exchange and facilitates it.
The idea of this concept is in a patient’s ability to manage and control personal data in a remote centralized place that can be accessed from anywhere over the Internet. It is an excellent opportunity for all medical facilities to have standardized and moreover, comprehensive medical record for any patient, using this concept (PHR) (Verma). The most appropriate place for keeping such records is a cloud. Cloud computing has become very popular for the past decade and provides necessary capacities in terms of performance and storage volumes to very different organizations and private clients (Verma).
However, there is substantial concern regarding the secureness of keeping private health records in a cloud. Therefore, it is important to provide this concept with mechanisms that would assure security measures for PHR in any cloud. Data encryption is the most appropriate solution in this case. There is a problem of assuring security in a cloud for PHR using encryption methods.
Discussion of the Problem
As one have already mentioned, the main problem of keeping PHR in a cloud is security concerns. Among these concerns, the following can be emphasized: privacy of patients’ personal health data and identification of the person who could get access to these records. The reasons of such concerns are conditioned by the peculiarities of any cloud. Patients lose physical control to their personal health data (Preimesberger; Ming et al.; Löhr, Sadeghi and Winandy).
They upload or place it any other way to servers of the cloud provider directly. Cloud services provider cannot assure strong privacy assurance. It leads to such possible security problems as insider-provoked leakage of data, the servers can be subjects to malicious outside attacks, and data can be accessed by unauthorized third parties on the way of information transition from its owner to a cloud (Preimesberger; Ming et al.; Löhr, Sadeghi and Winandy).
The successful solution of the issue data secureness assuring in a cloud is one of the cornerstones on the way to achieve the main objective – providing protected access to PHR to the interested parties. For example, such cloud provider as Google has reported attacks on its service Gmail with intent to obtain personal data of users. Therefore, attackers potentially could have commenced attacks on Google Health, PHR service by Google. The appropriate solution has to be developed.
Cloud computing is developing in rapid pace and provides benefits as well as certain drawbacks and security issues to its customers. Therefore, the following recommendations could be given in order to improve it: transparency, competition, and legal clarification (CCSWG; Gillam). Transparency is the key to gaining the trust of the clients and improving their confidence in cloud privacy and security. Providers should give clients as much information as possible regarding the security precautions they should take. In addition, providers should be ready to disclose information about cloud down-time and data breaches in order to provide clients with real-time information about the situation with their information (Morsy, Grundy, & Müller; Friedman & West).
Competition has always been a driving force for market development in disregard to area. As it was stated before, aggregation data at one place and inability to export it to another cloud service could cause substantial problems for cloud customers. Therefore, it would be necessary to develop market and provide opportunities for customers to choose the service provider or providers and wisely manage the data (Morsy, Grundy, & Müller; Friedman & West).
Legal clarifications are vital for cloud computing at this point of development. The appropriate acts that protect the secureness and privacy of customers’ data should be updated according to the realities of these days, since a lot has changed already (Morsy, Grundy, & Müller; Friedman & West).
Concept of the “cloud” applied to the world of information technologies is a unique opportunity for both providers and consumers. The related privacy and security issues are inevitable and yet not resolved. It is important to understand that this area is not explored enough and still is not clearly regulated because of its innovative nature. Therefore, in order to resolve security issues, mitigate security risks, and substantially improve privacy, all stakeholders should be equally engaged into the process of cloud computing improvement (CCSWG; Gillam; Friedman & West).
Users and providers should work together and provide mutual support to be able to figure out how the above-mentioned security issues can be solved. Activities in cloud computing area should be supported by governments to provide it with legal base for the further international development of this outstanding concept. Such engagement of all parties into the process of standardization, legislation, and improvement of cloud computing and the idea of providing services on demand should substantially mitigate security risks and substantially improve privacy within any “cloud” (CCSWG; Gillam Friedman & West).
Invention and implementation of cloud computing to the world of information technologies is the next step of creation global information field. At the same time, it causes the shift in paradigm of personal computing technologies and brings it to the Internet. There are numerous benefits from using “cloud” as the storage of information. However, there are structural problems with cloud computing that causes rather substantial security and privacy issues. They, in turn, should be resolved to make possible further development of cloud computing. Providers and users should consider particular threat vectors and trends in this area to develop appropriate countermeasures. Overall stakeholders’ engagement, transparency of cloud service, competition on the market, and improved legislative base are the keys to the above-mentioned improvements and development. Cloud computing provides health industry with outstanding opportunities to have access to medical records anytime and anywhere. However, the current issues with security have to be solved to allow this solution to work in full.