LANWAN security of database in cloud computing
The current trends in information technology leave one wondering if security is anything we can be assured of. There are many computer frauds that have been targeted at computer systems. With databases being integrated in many websites and dynamic websites being created faster than creating security mechanisms, their security is very paramount for the integrity of the content it has to be assured.
Cloud computing is a buzz in the information technology industry. there has been effort by companies and individuals to store databases in the cloud but the big questions is whether there is enough mechanisms to assure their safety while they are stored in the cloud. the point of contentions here is that there are few companies which provide could computing services and they are the same companies who have to make sure that the security of what they store in their clouds is assured for their clients (Cleveland, 2009). Many argue that there should be third party companies who should be concerned with security of information that are stored in the cloud. Cloud computing providers are totally responsible for what is taking place in their clouds including the security of the data. Clients have had to communicate with these providers very often to make sure that all is well with their data in the cloud.
This paper will look at the various instances where the security of databases can be achieved in a cloud computing environment.
Chapter one
1.0 Introduction
1.1 Background
Cloud computing is a technology where data and different applications are stored on storage networks and servers which are located in a remote place and accessed by the users via the Internet. This technology of cloud computing allows businesses and consumers to get access to applications without the need of installing them on their own on-site servers. The applications are installed on remote servers. In the normal way of applications use, consumers purchase licenses for application software from their software provider and install them on their on-site servers. In cloud computing case, it is On Demand basis where consumers pay a subscription fee for the service. The use of this technology increases efficiency because the storage, memory and processing are centralized.
For one to understand the security of a database on a LAN and WAN, knowledge of cloud computing characteristics is of paramount significance. This technology involves sending services which have been hosted through the Internet. Cloud computing would be useless without the technologies like Web 2.0, Software as a Service (SaaS), and Data as a Service (DaaS). These technologies have made cloud computing a success (Cleveland, 2009). The main aim of cloud computing is to change the paradigm to another shift so that computing could get a new meaning information technology moved from desktop applications to getting services which are hosted in the cloud. There is a difference between cloud computing and cloud services where the latter involves a case where services are delivered over the Internet real-time.
Cloud computing is a technology where data and different applications are stored on storage networks and servers which are located in a remote place and accessed by the users via the Internet. This technology of cloud computing allows businesses and consumers to get access to applications without the need of installing them on their own on-site servers. The applications are installed on remote servers. In the normal way of applications use, consumers purchase licenses for application software from their software provider and install them on their on-site servers. In cloud computing case, it is On Demand basis where consumers pay a subscription fee for the service. The use of this technology increases efficiency because the storage, memory and processing are centralized.
There are three types of cloud computing. The first is the Software as a service (SaaS). This is the cloud computing type where applications are installed on the remote servers and then offered to the consumer as a service. A single instance of the application software is set to run on the cloud and serves multiple users or organizations. In the traditional software use, users would purchase the license and install them on their on-site servers. With cloud computing, the end-user will pay for the service as he uses it.
The second type of cloud computing is the Platform as a service (PaaS). Most companies started by providing SaaS to the end-users. Most of these companies have also started developing platform services for the end-users. In PaaS, products are provided to enable applications to be deployed on the end-users. Platforms act as an interface to enable users to get access to applications which are provided by partners or by customers. Some of the big players in this cloud computing industry like Microsoft, Google and Amazon have provided platforms which include Windows Live for Microsoft, Apps Engine for Google and EC2 for Amazon. Providers like Amazon, Google, and Microsoft have developed platforms which enable users to gain access to applications stored on centralized servers.
1.2 The problem
As cloud computing gains popularity, there are many questions that linger in the minds of the players which include how the information will still be considered private with the intrusion of the third-party companies in the same. What are the measures that companies using cloud computing are taking to ensure that their data is secure in the cloud What is the future of cloud computing Will the credentials of the data be entrusted on total strangers who are miles away
This paper will try to answer the problems of security of the database in the cloud. There are many databases which are being uploaded into the cloud and less is being done to address their security. I will explore the research that has been done in this area and the probable solutions that can be made to overcome the issue of insecurity.
1.3 The hypothesis
In this paper, I choose to deal on the following hypotheses
The issue of security of the databases in the cloud has been left to the third-party players. The companies who have implemented the cloud computing in their organization have left the issue of cloud computing to be managed by the players in this new field like Google and Microsoft Azure.
The issue of Web 2.0 technologies which have threatened the security of databases in storage areas which are miles away from the center. With the advent of cloud computing and virtualization, the access to the servers which are miles away is not so much trusted. It is imperative that the data be secured in the LAN of the cloud.
The issue of privacy of the data stored in a cloud computing environment. The storage of the data in the cloud is prone to access by third party
1.4 Research questions
This paper is based on the following research questions
What is the security level of the database which stored in the cloud How is the security of unauthorized access of the data and databases which are stored in the cloud There is much to desire for the control of data in the cloud. What is the responsibility of the corporate users in the cloud With all the hype that has been associated with cloud computing, there are issues which should be considered before any company shifts their paradigm and move completely to cloud computing (Dodani, 2009). There is the issue of lose of control for information. The end user will lose control of the information once they are sent to the cloud. Hackers are no longer teenagers who are idle but they have become expert IT professionals who have made hacking their full time mission. The issue of security cannot be left on remote managers and servers and expect that everything will be right. All the security is left to the third-party to ensure this. In theory, the data which is stored in the cloud is unusually safe and they are replicated across multiple machines. In case the data is lost, there is no local backup. This can be overcome if the users download all the documents which have been stored in the cloud to the desktop. This might be tedious to most users, the more reason why most of the users are still skeptical about moving to this new technology.
The second research question is to deal with performance of the database in the cloud. Cloud computing vendors may not meet the quality that is required for quality performance. There are standards that have been set for proper storage of data in any environment. With cloud computing vendors not regulated, it leaves a lot of security leaks which could be detrimental to the security and integrity of the data in the cloud (Dodani, 2009).
The third research question is about management of the database in the cloud. It is proving to be a difficult task to administer security and manage a virtualized corporate information technology environment. The management of the security in the cloud may be thwarted with the complications of the legalities that come with this. There are no tools available for the user to monitor the security level and manage cloud computing vendors and their products.
The forth question is about governance and regulatory compliance. With there are many questions that come in mind when outsourcing of services is raised in any organization. The processes of cloud computing, internal tools to be used by the buyers and third-party auditor process need to be addressed.
The fifth question is about finance of managing the security of the database in the cloud. Will the company be able to manage the management of the security in the cloud without adding any budgetary allocations to it If there are tools which will be developed by the buyers, will the tools be costly once they have been adopted by the company
1.5 Proof criteria
a) Null hypothesis
The hypothesis about the privacy of databases in the cloud is null. This is because there are formalities that are to be agreed before ownership of data is agreed upon. There are preliminary agreements that need to be done before the cloud computing firm and the organization wishing to store their data with the firm agree with the organization or company wishing to store their data in the cloud. This hypothesis is null and is not applicable in this scenario.
b) Alternate hypothesis
The hypothesis that the security of the data in the cloud is not secured is supported by many authors and researchers who have done their research on cloud computing. It is widely accepted that the use of cloud computing comes with a lot of security. Hackers are no longer teenagers who are idle but they have become expert IT professionals who have made hacking their full time mission. The issue of security cannot be left on remote managers and servers and expect that everything will be right. All the security is left to the third-party to ensure this.
c) Success criteria
The criteria that I will use to verify the hypothesis is right are taking a research to get the feel of the users of this technology on the field. The research to be carried out will help me get what the users of cloud computing feel the technology is doing for them. Many researches have been used get the authenticity of the hypotheses. Since there are some companies which have adopted this technology already, there is need then to have the feel of these companies about the technology.
d) Repeatability
There is some level of significance of the hypothesis. The current trends in information technology leave one wondering if security is anything we can be assured of. There are many computer frauds that have been targeted at computer systems. With databases being integrated in many websites and dynamic websites being created faster than creating security mechanisms, their security is very paramount for the integrity of the content it has to be assured.
1.6 Assumptions made
There are assumptions that must be made for the research to be a success. One of the assumptions is the fact that governments and organizations comply and accept this form of technology. The constraints experienced in rolling out cloud computing are mainly those imposed by governments which does not allow other countries to store data. An example is that of the Canadian government whereby data belonging to Canada is not allowed to reside in the Unite States. This is due to the Patriot Act. Another example is that of the French government where the government will not use Blackberry devices because all emails are routed via United States and therefore will become visible to Homeland Security. It is possible that with the presence of these constraints, the growth of the use of cloud computing will be retarded. This research assumes that the use of this technology has no constraints at all.
Another assumption that will be made is that the relevance of this technology is maintained as long as this research paper is being done. This research will remain relevant as long as all the findings in it are followed.
1.7 Dependencies
The dependencies that are involved include the fact the cloud has still some privacy and security issues that should still be looked into. There are issues that should still be looked upon.
The first issue to be considered when deploying cloud computing is the privileges given to users in order to access their data. Data which are stored outside the premises of an enterprise brings with the issue of security. Hoe safe is the data Who else assesses the data Data which have been outsourced bypass the controls of the personnel of the enterprise. The client should get as much information as possible about how the data is stored and how the integrity of this data is catered for. The providers should be asked specific information about their hiring of privileged administrators who will manage the data.
The second issue to be considered is the regulatory compliance. The consumers are responsible for the security and integrity of their own data even when this data is held and stored by other providers. In the case of traditional service providers, they are subjected to external audits by auditors who will normally check on the security policy of that enterprise. The cloud computing providers should accept to undergo these external audits and this should be agreed upon in written form.
The other security policy to be considered is about the location of the cloud. In most cases, consumers do not know where the cloud is located and even dont know which country it is. What they care is that their data is being stored somewhere. The providers should indicate, in written form, their jurisdiction and should accept to obey local security policies on behalf of the consumers.
Another issue is that consumers should be aware of the security breaches present with providers. Providers have always claimed that security is at its tightest in the cloud but this fact alone is not enough to assume security issues. It is good know that all security systems that have been breached were once infallible and so with newer technologies, they can be broken into. An example is Google which was attacked in 2007. Their Gmail services was attacked and had to make apologies. With this in mind, it is a good lesson to learn that even though systems might be tight in the cloud, it is not a full assurance that they will never be hacked. While providers of cloud computing face security threats, research has shown that cloud computing has become very attractive for cyber crooks. As the data become richer in the cloud, so should security become tighter.
1.8 Limitations
There are limitations that are expected to be met in the research of this paper. One of the limitations is the fact that the technology is still new and there are few companies which have put this technology in place. It will therefore be hard to get the data of the technology. Compared to other technologies which have been fully developed, cloud computing is still not well developed.
The other challenge is the fact that there is no standardization made yet concerning the cloud computing. Companies and private practioners still develop their own clouds without following a standard procedure.
Constraints
One of the constraints is that it is tedious getting data which are scanty. Scanty due to the fact that they are not well developed. I will have to get research material from online journals and not from free repository because they are not found in the public domain yet.
Chapter two
2.1 Literature review
There have been many discussions that have been written on cloud computing. McEvoy and Schulze discuss the limitations that were experienced with grid computing. These authors believe that the flaws that was experienced with grid computing. One of the problems of grid computing is the fact that it exposes too much detail of the underlying implementation thus making interoperability more complex and scaling almost impossible (McEvoy, Schulze, 2008). Instead of this being a flaw it became one feature of grid computing. When someone is looking for solution at a more abstract and higher level, that is where cloud computing becomes handy and plays a big role.
Jha, Merzky, Fox also give a descripti9on of clouds as providing higher level abstraction through which services are delivered to the customer. It is widely agreed that the difference between the cloud and grid is the complexity of the interface through which the services are delivered to the customer and the extent to which the resources underlying are exposed. With cloud computing, the interfaces of higher-level cloud restrict the services to off-the-shelf software, which are deployed as a generic shared platform (Jha, Merzky, Fox).
There are many papers and proceedings which discuss SaaS, cloud computing, virtualization, and grid computing. Several of the most useful references are summarized in this section. The references for both the support and conflicts of the various definitions are all included.
The have been various views about the cloud model. Some authors have argued that cloud computing model incorporates popular trends such as Web 2.0 SaaS, and DaaS. The main aim of all these revolutions is so that we may change the way we compute and shift absolutely from desktop based computing to services and resources which are hosted in the cloud.
There have been other explanations about cloud computing that gives the distinction between cloud services and cloud computing. He argues that a cloud service is any business or consumer service that is consumed and delivered over the Internet in real-time. Cloud computing on the other hand consists of a full information technology environment which consists of all the components of network products that make the delivery of cloud services a reality. This is what enables cloud services to be performed.
Another definition of cloud computing is that it is a style of computing where large and scalable information technology activities are provided as a service using Internet technologies to external customers. Cloud computing are characterized by their self-service nature where users customers acquire resources any time they wish to use these services as long they have an Internet connection and can get rid of these services when they are no longer interested in these services.
A cloud computing system is the environment where the consumption of cloud services is enables and made possible. Cloud computing is a new way where capacity is increased, capabilities added and functionalities exploited without the need to add any infrastructure to the system, train new skills or acquisition of a new software license. In this new setup, the services can be categorized into concepts depending on the needs of the consumer. These categories include Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), managed service providers (MSP), and utility computing which deals with products, services, and solutions that are consumed over the Internet real-time. The users of cloud computing do not possess any infrastructure of the system because there is no initial investment in serves or software licenses. They instead use the resources as a service and pay for the use of these resources which are supplied by the service provider. In this case, most cloud computing providers have options which feature computing items which range from lower-powered system units to units which require extensive multicore CPU systems which require
2.2 Research Questions
This paper is based on the following research questions
What is the security level of the database which stored in the cloud How is the security of unauthorized access of the data and databases which are stored in the cloud There is much to desire for the control of data in the cloud. What is the responsibility of the corporate users in the cloud With all the hype that has been associated with cloud computing, there are issues which should be considered before any company shifts their paradigm and move completely to cloud computing (Dodani, 2009). There is the issue of lose of control for information. The end user will lose control of the information once they are sent to the cloud. Hackers are no longer teenagers who are idle but they have become expert IT professionals who have made hacking their full time mission. The issue of security cannot be left on remote managers and servers and expect that everything will be right. All the security is left to the third-party to ensure this. In theory, the data which is stored in the cloud is unusually safe and they are replicated across multiple machines. In case the data is lost, there is no local backup. This can be overcome if the users download all the documents which have been stored in the cloud to the desktop. This might be tedious to most users, the more reason why most of the users are still skeptical about moving to this new technology.
The second research question is to deal with performance of the database in the cloud. Cloud computing vendors may not meet the quality that is required for quality performance. There are standards that have been set for proper storage of data in any environment. With cloud computing vendors not regulated, it leaves a lot of security leaks which could be detrimental to the security and integrity of the data in the cloud (Dodani, 2009).
The third research question is about management of the database in the cloud. It is proving to be a difficult task to administer security and manage a virtualized corporate information technology environment. The management of the security in the cloud may be thwarted with the complications of the legalities that come with this. There are no tools available for the user to monitor the security level and manage cloud computing vendors and their products.
The forth question is about governance and regulatory compliance. With there are many questions that come in mind when outsourcing of services is raised in any organization. The processes of cloud computing, internal tools to be used by the buyers and third-party auditor process need to be addressed.
The fifth question is about finance of managing the security of the database in the cloud. Will the company be able to manage the management of the security in the cloud without adding any budgetary allocations to it If there are tools which will be developed by the buyers, will the tools be costly once they have been adopted by the company
Chapter three
3.1 Introduction
The study was concerned with the assessment of the security of databases which have been stored in a cloud computing environment. The cloud computing has been installed with little research being done on the likely effects of the security breach in the cloud. An action learning approach was applied with an experimental learning context. Consequently, the learning concept is applicable for graduate students working on the modalities of the data and all the transactions which are taking place in the cloud.
Internal security factors
There are factors which are cropping which concern the security of the databases in a cloud computing environment. The internal factors are that of the integrity of the data when they have been sent to the cloud. It is widely believed that data which have been sent to be stored in remote place have their security compromised as the security systems in the remote sites are not well vetted. Unless the cloud computing player gives the client the rights to access the status of their information while they are stored in the cloud. Most of the security of data in the cloud is normally left to the full management of the company providing the hosting.
External security
The second security issue that concerns companies wishing to store their data in the cloud is about the external issues of security that should be adhered to. Most of the cloud computing players have their own security measures that are installed in place. There is the issue of lose of control for information. The end user will lose control of the information once they are sent to the cloud. Hackers are no longer teenagers who are idle but they have become expert IT professionals who have made hacking their full time mission. The issue of security cannot be left on remote managers and servers and expect that everything will be right. All the security is left to the third-party to ensure this.
3.2 Methodology
Due to few companies which have implemented cloud computing, it was hard getting a company to get the features and their views on cloud computing security. Most of the research were got from giant companies which have fully adopted cloud computing in their systems and have all the tools that are required to study this subject well. Most of the views were taken form renowned review sites which have a wide experience in getting company information and technology trends in the offing. These review sites have a balanced representation of the companies.
3.2.1Procedures
The results were from 5 companies which have widely dealt with cloud computing and are concerned with the security of the databases stored in the clouds. These companies have their representatives and program officers who were very helpful in this research. Data was collected using SPSS program. The views from the employees of these companies were captured in a questionnaire which was sent online. They were asked how they perceive their achievement of the database security in cloud computing. They were then asked of their personal feel of the extent to which the war against attacks in the cloud has been achieved.
In part 1, the respondents were told to imagine that they are the implementers of cloud computing in a company, that researchers are interested in knowing what goes through their mind when they make such a implementation decisions, and that there are no right or wrong answers. Participants were then asked a series of questions related to database security in cloud computing the type of cloud computing they wish to implement (attribute vs. consensus), the type of information source (personal vs. impersonal), type of heuristics (independent self-related vs. interdependent self-related), decision speed, consideration set, product involvement, and product knowledge. In part 2, participants were asked a series of individual differences in their technologies they wished to b implemented. In part 3, participants were presented with demographic questions such as age, gender, nationality, raceethnicity, and cultural identity. Once a participant finished the questionnaire, heshe was thanked and dismissed.
3.3 Statistical analysis
This section will discuss the statistical techniques that were used to get a clear analysis of the data and obtain the results in the analysis. There were two basic types of statistical analysis that were done which are descriptive and inferential analysis.
3.3.1 Descriptive statistics
These are the characteristics of the sample. The statistics that were used in this were the frequencies, means and standard deviations. Frequencies usually refer to the actual amount or the proportion that was obtained between the respondents which responded to a certain questions to these who did not respond. This study represents these in form of bar charts and tables. The arithmetic mean was used in the study to measure the central tendency which is used to determine the average response of respondents towards a test.
3.3.2 Inferential statistics
This is the statistics which allows the researchers to make inferences about the true differences in the population basing on the sample data. One of the in-thing in discussing the inferential statistics is the discussion of the significance of the study. This is discussed first in this paper.
3.3.3 Statistical significance
The hypotheses from the research cannot be tested directly given the size of the research and the constraints of time and finances that is associated with it. The differences which appear in the sample data may not be true in the ground. Cooper and Emory (1995) states that the statistical significance of a result is the probability that the relationship which was observed or a difference, that is , between means, in a sample occurred by pure chance and also that in the population from which the sample was drawn, there is no such relationship which is in existence. This value is computed in each statistical test that is performed and is treated as p-value.
Most of the p-values which are commonly used are 0.001 and 0.005. The value usually depends on the researcher and the level of risk they are willing to accommodate in their research. This risk is depicted in the Type 1Type 2 error. Cooper and Emory (1995) still insist that statistical significance is a very important tool should not be confused with scientific findings. They also distinguish between two significance test which statistical significance and practical significance. A research may be statistically important but yet when the variable that is being studied is not significant. Practical significance is measuring the importance of the research basing on other factors like cost of doing the research and the validity of the research.
Categories:
0 comments:
Post a Comment