Documente Academic
Documente Profesional
Documente Cultură
6]
On: 02 March 2015, At: 11:11
Publisher: Taylor & Francis
Informa Ltd Registered in England and Wales Registered Number: 1072954 Registered office: Mortimer House,
37-41 Mortimer Street, London W1T 3JH, UK
Computer Information Systems & Security, Our Lady of the Lake University , San Antonio ,
Texas , USA
Published online: 26 May 2011.
To cite this article: Derek Mohammed (2011) Security in Cloud Computing: An Analysis of Key Drivers and Constraints,
Information Security Journal: A Global Perspective, 20:3, 123-127, DOI: 10.1080/19393555.2010.544704
To link to this article: http://dx.doi.org/10.1080/19393555.2010.544704
Derek Mohammed
Computer Information Systems
& Security, Our Lady of the Lake
University, San Antonio, Texas
ABSTRACT In the emerging computing paradigm known as cloud computing, there are significant issues that need to be addressed in order for cloud
computing to be adopted as universally as the Internet. Among these issues,
the societal and technological issues around security for cloud computing are
some of the most important and will act as both drivers and constraints for
mass adoption of cloud computing. The goal of cloud computing is to share
data and services transparently among users of a massive grid referred to generically as the cloud. The promise of the cloud is in achieving significant cost
savings and information technology agility. This paper examines some of the
more important key drivers and constraints for secure cloud computing from
a societal and technological perspective. The societal issues addressed involved
trust, privacy, and user behavior and how security affects these factors. The
technological issues include scalability, reliability, encryption, data rights, and
transparency. Transparency is a constraint for cloud computing today, and a
case can be made that this is one of the most important issues needing resolution before corporations will move their computing infrastructure to the
cloud.
KEYWORDS cloud, computing, societal, technological, transparency
INTRODUCTION
Address correspondence to
Derek Mohammed, Our Lady of the
Lake University, Computer Information
Systems & Security, 411 S.W. 24th Street,
San Antonio, 78207.
E-mail: dmohammed@ollusa.edu
Cloud computing is defined in many different ways. Global industry participants, academia, and governments all have varying definitions of what
cloud computing is and of the innate value of the cloud. In this paper,
the definition from the National Institutes for Standards and Technology
(NIST) is used, which states: Cloud computing is a model for enabling
convenient, on-demand network access to a shared pool of configurable
computing resources (e.g., networks, servers, storage, applications, services)
that can be rapidly provisioned and released with minimal management
effort or service provider interaction (Mell & Grance, 2009, p. 1). The history of cloud computing is built upon the foundational technologies that
make up the modern Internet. The cloud was a construct that depicted
the network as a cloud. The first cloud computing platform was developed
around the concept of networking and the Transmission Control Protocol/
123
Internet Protocol (TCP/IP). The second cloud computing platform, the World Wide Web, was based
on the posting and sharing of information in the
form of documents. The frontier of cloud computing infrastructure involves servers, applications, data,
and heterogeneous platforms that will make computing ubiquitous, mobile, and provide the holy grail of
seemly unlimited bandwidth on demand.
The value of cloud computing is in the sharing of
information and services transparently among users of
a massive computing grid (Foster, Zhao, Raicu, & Lu,
2008). The technological progress in distributed, and
cloud computing has had a dramatic impact on society. The way we live, work, and relate to one another
has changed and will continue to have an impact on
society. The key to adoption of the cloud by individuals and institutions is to ensure the technology is
secure. Without security, validity, and privacy, cloud
computing for individuals and consumers will remain
islands of computing platforms and will not reach its
true potential. The U.S. government plans to migrate
large amounts of its computing resources to the cloud.
Therefore, various public sector entities are presently
engaged in defining and assessing cloud computing. In
doing so, security has to be a primary issue of concern.
Mell and Grance (2009) stated that the cloud
has both security advantages and disadvantages. For
instance, the unprecedented availability of services
which could be offered by the cloud will certainly
result in it being the technology of choice. However,
as Mell and Grance noted, the pooling of resources
in the cloud may results in data confidentiality and
integrity being questioned. If ignorance is bliss, then it
is good that the average citizen is ignorant to the security issues of the cloud. If they became fully aware of
how vulnerable their information was, they would dramatically scale back their use of on-line services. There
have been several reports where the cloud failures have
lead to major problems for consumers, for example:
Amazon lost service due to lightning strike to cloud
(Metz, 2009), Microsoft Azure cloud suffers first crash
(Clarke, 2009), Microsoft data loss (Ionescu, 2009), and
Rackspace apologizes for cloud outage (Brodkin, 2009).
125
CONCLUSIONS
Cloud computing is still an abstract marketing and
design concept for all but the most innovative organizations. Some view the clouds that exist today as
repackaged versions of the present Internet. What differs is the scale and magnitude of what the cloud
can do once massive computing power and nearly
unlimited bandwidth can be brought to even individual users. The impact of this capability that was once
reserved for government laboratories and universities
available to individuals will be truly revolutionary.
However, in order for the revolution to reach the
masses, the drivers and constraints discussed in this
paper will need to be addressed. Chief among the constraints that need to be addressed is transparency. Once
the cloud is transparent and users can access, manage,
and report on the state of their outsourced services and
data, the level of trust in these services will increase.
As a result, adoption of cloud computing in the global
marketplace will be widespread, and we will enter a new
era of computing.
REFERENCES
Brodkin, J. (2009). Rackspace apologizes for cloud outage, prepares
to issue service credits. Network World, November 5. Available
from: http://www.networkworld.com/news/2009/110509-rackspaceoutage-apology.html?fsrc=netflash-rss
Clarke, G. (2009). Microsoft Azure cloud suffers first crash. The
Register, March 16. Available from: http://www.theregister.co.uk/
2009/03/16/azure_cloud_crash/
Foster, I., Zhao, Y., Raicu, I., and Lu, S. (2008, November). Cloud computing and grid computing 360-degree compared. Proceedings of the
IEEE GCEW, pp. 110.
Hewitt, C. (2008). ORGs for scalable, robust, privacy-friendly client cloud
computing. IEEE Internet Computing, 12(5), 9699.
126
BIOGRAPHY
Derek Mohammed Ph.D., CISSP, CISA, PMP, currently teaches undergraduate and graduate level courses
in information security and assurance at Our Lady
of the Lake University in San Antonio, Texas. He
has worked extensively in both the public and private sectors to improve the security of their critical information systems. His research focuses on
improving the security of computer and network
systems.
127