Cloud computing is a new paradigm where services and resources are provided to users over the Internet.
The cloud itself is not a product, but rather a data transmission and storage model. Basically, it is a term used to describe a global network of interconnected remote servers functioning as a single ecosystem to store and manage data, run applications, provide content or services to users.
Although the term “cloud” may suggest something ethereal, there is actually a huge infrastructure consisting of numerous physical resources (communications networks, servers, storage systems, applications, services, etc.) behind it. This allows multiple users manage all their files at any time and from anywhere as long as they stay connected to the Internet.
Types of Clouds
There are several different models of cloud computing services. They have emerged to provide the right solution for a wide range of user needs.
- Public Cloud: Cloud resources, such as servers and storage, are owned and managed by a third-party provider who delivers them over the Internet. This provider also owns and manages all hardware, software, and other infrastructure components. A user can access these services and manage his/her account using a web browser.
- Private Cloud: Cloud computing resources are used exclusively by a single organization which manages them and decides who can access the infrastructure that is usually installed at a local data center of on the organization premises.Hybrid Cloud: This model combines elements of a public cloud and a private cloud using a technology that allows data and applications to be shared between them. Users may own some parts and share others, but in a controlled environment.
Cloud services can be divided into three main categories:
- Software as a Service (SaaS): In this model, applications are delivered over the Internet. Users access them from a connected device using a web browser. Some of SaaS examples include email servers, online office tools, and file sharing.
- Platform as a Service (PaaS): This is a model where a user can enjoy the benefits of a fully functional service-oriented platform without having to purchase or maintain the equipment or applications. For example, procuring hosting services for websites, databases, email, etc.
- Infrastructure as a service (IaaS): In this model, users are provided with all the infrastructure they need to install their applications and services without having to worry about maintaining a physical server, communications infrastructure, or storage. It can be a virtual machine, a CPU, a hard disk along with the necessary storage and bandwidth.
Advantages of Cloud Computing
- Files can be accessed and modified anytime, from any location, on any Internet-connected device.
- Flexibility in terms of storage capacity and processing power.
- Saving backup copies in the cloud.
- Reasonable price.
- Facilitating teamwork.
Disadvantages of Cloud Computing
- When there is no Internet connection or if the service provider’s equipment fails, you will not be able to access the files in the cloud.
- Since the service provider owns, manages and controls the cloud infrastructure, customers have minimal control over it, even after it is removed from the cloud.
- Even though service providers tend to implement the best security standards, a cyberattack could compromise the data stored in the cloud.
- Apart from attacks by third parties, information security threats can also originate from the service provider itself.
Cloud computing provides various data storage and processing capabilities based on third-party servers. As a result, when you decide to use the cloud, you lose physical access to your data and have to trust your cloud service provider to implement adequate security measures to protect your information.
Cloud computing security includes a wide range of policies, technologies, and controls aimed at protecting cloud-based data, applications, and infrastructure.
There are many different security concerns associated with cloud computing all of which can be divided into two broad categories: issues faced by providers (organizations offering cloud-based software, platforms, or infrastructure as a service) and those faced by customers (companies or people using the cloud to run applications or store data).
Cloud security is a shared responsibility: the provider must make sure that the offered infrastructure is secure and that the customers’ data is protected, while users are responsible for taking measures to ensure secure access by using efficient authentication methods.
For an effective cloud security architecture, the right defenses must be deployed in the right places by identifying potential entry points for attacks, establishing safeguards to eliminate weaknesses and mitigate the effect of attacks.
While there are many types of controls used in a cloud architecture, they usually fall into one of the following categories:
- Deterrent controls: They are used to reduce the probability of attacks on a cloud system. They warn potential attackers by informing them that there will be severe consequences if they choose to proceed.
- Preventive controls: They strengthen the system’s protection against incidents by reducing or eliminating vulnerabilities. They provide reliable user authentication, reducing the probability of unauthorized access and ensuring positive user identification.
- Detective controls: They are designed to detect threats as they occur and react appropriately. Attacks on the cloud system and its supporting communication infrastructure are usually detected by system and network security monitoring, including intrusion detection and prevention.
- Corrective controls: They are implemented while an attack is in progress or after it has occurred to mitigate the consequences, usually by limiting the damage. These controls are primarily designed to restore a compromised system from backup copies.
It is generally recommended to select and implement cloud security controls according to the existing risks which are determined by assessing threats, vulnerabilities, and their impact. Furthermore, service providers and their users should negotiate the terms of liability and establish how incidents involving data breach will be resolved.
Cloud computing security has quickly become a major concern for everyone who uses this technology due to the sensitive nature of information they store on the Internet.
The process of synchronizing files between different devices and the cloud is a critical vulnerability from the point of view of data protection, making data encryption indispensable for a high level of security.
Most cloud storage providers offer some form of file encryption either on the server side (to store information) or on the client side.
Server-side encryption is the method used by most cloud storage services. It means that data in an unencrypted form is uploaded to server, where it is encrypted using the user’s password. Files are transmitted via a secure connection (HTTPS/SSL). However, while this method offers protection against attacks by third parties, data privacy is not guaranteed as the server administrator or another insider can obtain access to the data and/or encryption keys.
With client-side encryption, files are encrypted locally before they leave the device connected to a cloud service. Ideally, the password should never leave the client device, meaning that the cloud service provider only stores and synchronizes data, but cannot see its content. However, not all applications support this. Although less common, this method offers the advantage of better privacy protection: the user’s information in an unencrypted form is stored only on their devices, and even if the server or files are compromised, the intruder will obtain only encrypted data and not the original content. The drawback here is that if you forget the password, you will never be able to recover it or use the files online, because they are stored on the server in an encrypted from and can only be modified from the client device.
Cloud security remains a pressing challenge, and both customers and cloud service providers need to work together proceeding from the understanding that protecting the information exchanged between them is a shared responsibility.