Cloud computing is a popular mode of computing in which large groups of remote servers are interconnected to enable centralized data storage and online access to network resources and services. The primary focus of cloud computing is resource sharing. Cloud resources shared by multiple users and are also allocated dynamically on demand. For example, using cloud computing you can serve a specific application, say e-mail, during the Asia Pacific business hours, and later allocate the same application to serve the North American business hours. This mode of networking can thus reduce the load on the servers, save electricity, rack space, expenses, and most importantly, reduce damage to the environment. This mode can also cause privacy issues in cloud networks.
Cloud computing can be classified into public clouds, private clouds, and hybrids clouds; depending on the type and sensitivity of data that each cloud handles.
Public clouds provide data services over a network that is open for public use. Public cloud usage can be free or be on a pay-per-usage model.
Private clouds provide data services for a single organization. As the name implies, the data in a private cloud is accessible only to authorized users of an organization.
Hybrid clouds are a combination of private and public clouds. For example, your organization might opt for a hybrid cloud if you have business-critical data that needs to be on a private cloud while some of this data must be used by a business intelligence application that is hosted on a public cloud.
There are various computing components that work together to implement a cloud computing network. Networking is one of the important components that enable cloud computing. With the advent of server virtualization, virtual and physical networks work in tandem to provide best-in-class virtualization and cloud services. To leverage the benefits of cloud computing, data centers are increasingly using cloud computing. Cloud data center focuses on providing data center connectivity from various external networks to services located within a multitenant data center. A cloud data center typically has more challenging business requirements than a traditional data center, which services only a single entity. Multitenancy requires high security, scalability, and performance. You can discover, build, manage, and monitor your cloud data center from Network Director, using the Datacenter View. Network Director supports three types of cloud infrastructure providers—VMware vCenter, OpenStack, and a combination of OpenStack and NSX plugin.
For a skilled hacker, a major company’s cloud system is a treasure trove – sensitive data, including millions of bank account logins, email addresses, and Social Security numbers can be just a few clicks away. While the cloud provides unprecedented benefits to digital businesses, it can also leave customer and employee data vulnerable.
Major data breaches at tech giants like Yahoo (YHOO), which subsequently confirmed that more than one billion of its email accounts were compromised in August 2013, demonstrate that no company is completely safe from a hack. Oracle (ORCL), Sony (SNE), T-Mobile (TMUS) and Dropbox are just a few other consumer tech companies that have dealt with massive hacks in recent years. Retailers such as Target, Neiman Marcus, and Home Depot have also experienced massive breaches of customer data.
And the average internet user, unaware of their data’s vulnerability, has yet to take the necessary steps to protect their information.
“The problem with the cloud is that it simply expands the systemic vulnerabilities that have existed since the Internet was developed. The internet was built for redundancy, not security,” Will Donaldson, CEO of digital security firm nomx, told FOXBusiness.com. “So every single hack since then has been patched, but the vulnerabilities remain and continue to increase. Until people take back their data and assume responsibility for it, they have little recourse against the large providers.”
Additionally, The massive breach suffered by credit rating firm Equifax Inc. earlier this month has been a boon to investors in cybersecurity stocks. The Equifax hack, which compromised the personal data of more than 140 million Americans, was the latest in a string of hacks affecting major companies in recent years, underscoring the need for companies to bolster cybersecurity defenses. Predictably, the stocks of firms specializing in cybersecurity have rallied after the Equifax breach was announced Sept. 7, with investors betting that companies will purchase more cybersecurity services going forward.
Since Sept. 7, shares of FireEye Inc. increased by 17.4 percent, Symantec Inc. by 12.3 percent, and Fortinet Inc. by 3 percent, as of Sept. 15. The ETFMG Prime Cyber Security ETF, which tracks the performance of a select group of companies in the cyber security industry, was up 2 percent during that span.
Despite elevated investor interest and demand for cybersecurity services, the security industry as a whole has been underwhelming in terms of growth and innovation and may be ripe for consolidation.
Traditionally, companies centralized their systems and data in on-premises data centers. This type of system architecture employs a “walled garden” defense—deploying strong firewall hardware around the data center and defending the walls vigorously. Think of the typical spy or “heist” movie where an intruder attempts to penetrate a well-defended room full of servers.
Most cybersecurity firms specialize in the “walled garden” defense strategy.
But a recent secular shift by companies away from self-administered data centers toward decentralized cloud storage has complicated matters. For many companies, the majority of data is stored in the cloud, often via software as a service (SaaS) or infrastructure as a service (IaaS) platforms such as Amazon Web Services, ServiceNow, or Workday. In this type of setup, security often depends on software inherent in these services instead of hardware.
Last year, marketing research firm Gartner predicted that by 2019, more than 30 percent of the 100 largest software vendors’ new software investments will be cloud-only.
“The cloud, being by its very nature distributed, dissolves the concept of network perimeter,” Credit Suisse points out. “As workloads move out of data centers, it becomes less clear at what point the bounds of the corporate network begin and where they end.”
This inevitable shift could see corporate IT departments allocate budget dollars away from traditional firewall solution providers in cybersecurity as SaaS and IaaS platforms gain more traction.
Privacy Issues in Cloud networks
- Data Integrity
Data integrity is one of the most critical elements in any information system. Generally, data integrity means protecting data from unauthorized deletion, modification, or fabrication. Managing entity’s admittance and rights to specific enterprise resources ensures that valuable data and services are not abused, misappropriated, or stolen.
- Data Confidentiality
Data confidentiality is important for users to store their private or confidential data in the cloud. Authentication and access control strategies are used to ensure data confidentiality. The data confidentiality, authentication, and access control issues in cloud computing could be addressed by increasing the cloud reliability and trustworthiness.
Because the users do not trust the cloud providers and cloud storage service providers are virtually impossible to eliminate potential insider threat, it is very dangerous for users to store their sensitive data in cloud storage directly. Simple encryption is faced with the key management problem and cannot support complex requirements such as query, parallel modification, and fine-grained authorization.
- Data Availability
Data availability means the following: when accidents such as hard disk damage, IDC fire, and network failures occur, the extent that user’s data can be used or recovered and how the users verify their data by techniques rather than depending on the credit guarantee by the cloud service provider alone.
The issue of storing data over the transborder servers is a serious concern of clients because the cloud vendors are governed by the local laws and, therefore, the cloud clients should be cognizant of those laws. Moreover, the cloud service provider should ensure the data security, particularly data confidentiality and integrity. The cloud provider should share all such concerns with the client and build a trust relationship in this connection. The cloud vendor should provide guarantees of data safety and explain the jurisdiction of local laws to the clients. The main focus of the paper is on those data issues and challenges which are associated with data storage location and its relocation, cost, availability, and security.
Locating data can help users to increase their trust in the cloud and increases the risk of privacy issues in cloud networks. Cloud storage provides a transparent storage service for users, which can decrease the complexity of the cloud, but it also decreases the control ability on the data storage of users. Benson et al. studied the proofs of geographic replication and succeeded in locating the data stored in the Amazon cloud.
- Data Privacy
Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal them selectively. Privacy has the following elements.
|(i)||When: a subject may be more concerned about the current or future information being revealed that information from the past.|
|(ii)||How: a user may be comfortable in his/her friends can manually request his/her information, but the user may not like alerts to be sent automatically and frequently.|
|(iii)||Extent: a user may rather have his/her information reported as an ambiguous region rather than a precise point.|
In commerce, the consumer’s context and privacy need to be protected and used appropriately. In organizations, privacy entails the application of laws, mechanisms, standards, and processes by which personally identifiable information is managed.
In the cloud, the privacy means when users visit the sensitive data, the cloud services can prevent a potential adversary from inferring the user’s behavior by the user’s visit model (not direct data leakage). Researchers have focused on Oblivious RAM (ORAM) technology. ORAM technology visits several copies of data to hide the real visiting aims of users. ORAM has been widely used in software protection and has been used in protecting the privacy in the cloud as a promising technology. Stefanov et al. proposed that a path ORAM algorithm is state-of-the-art implementation.
The privacy issues differ according to different cloud scenarios and can be divided into four subcategories as follows:
|(i)||how to enable users to have control over their data when the data are stored and processed in the cloud and avoid theft, nefarious use, and unauthorized resale,|
|(ii)||how to guarantee data replications in a jurisdiction and consistent state, where replicating user data to multiple suitable locations is a usual choice, and avoid data loss, leakage, and unauthorized modification or fabrication,|
|(iii)||which party is responsible for ensuring legal requirements for personal information,|
|(iv)||to what extent cloud subcontractors are involved in processing which can be properly identified, checked, and ascertained.|
- Strategy and policy
Whatever one’s attitude, security still requires active engagement. Moreover, when thinking about implementing cloud security, organizations are not typically starting from scratch, but rather building upon policies and practices already in place.
As the first step to any strategy, companies should understand their own data and any associated risks. For instance, a retailer that needs to be Payment Card Industry (PCI)-compliant must encrypt credit card information. Then it should determine which parts of the organization will be collecting that information and which parts will not. Every company has its own data profile, security objectives, and workflows.
If businesses already have guidelines or service definitions in place, it is a good idea to maintain them for the cloud to avoid frustrating internal users. Integrating a cloud-based policy into an existing IT security framework, however, may involve retraining and possibly enhancing the risk management process. Higher risk tends to be associated with larger volumes of data, and security requirements, such as encryption, should be based on the risk level.
- The high stakes
Apart from policy, a company needs the controls that actually implement cloud security. The knowledge is commonly available, if not universally applied. In an NTT webinar last year, Director of Consulting Patrick Schraut offered a useful overview of available options.
Schraut’s mix of recommended controls included assessing the vendor, generating keys in-house, encrypting browser inputs and other communication, managing user access and securing hypervisors, to name a few. In the end, by implementing a full suite of multi-layered controls, an organization can execute a comprehensive security strategy and operations in the cloud with confidence.
The stakes, however, remain high. It is for good reason that these measures and countermeasures are often described in terms of cyberwarfare. In that context, where scale and resources matter, being allied with NTT is a decided strategic advantage. Staffed by more than 1,500 security specialists, architects, and engineers, NTT’s security division has 10 security operations centers (SOCs), and 40 percent of global Internet traffic uses its Global Threat Intelligence Platform (GTIP), which detects and defends against 6.2 billion attacks and analyzes more than 3.5 trillion logs annually.
Cybersecurity is also characterized by a kind of arms-race or spy-versus-spy dynamic. One battle on the horizon that has experts concerned will involve the fate of existing encryption techniques when quantum computing becomes commonly available.
Whether defending against exploit kits, malware, brute force, DDoS or other attacks of today, or anticipating the post-quantum cryptographic fights of tomorrow, organizations promoting trust, transparency, and security do well to align with the top brains in the security industry. Among those is NTT Fellow Dr. Tatsuaki Okamoto, recognized at the RSA Conference 2017 annual awards program for Excellence in the Field of Mathematics.
Among Dr. Okamoto’s contributions to the security, the field is path-breaking research into third-generation cryptography. Unlike symmetric, public-key, or identity-based cryptography, this latest form is designed to provide highly functional cryptosystems and is applicable to privacy issues in cloud networks.
- Constant vigilance
Security calls for vigilance and dedicated professionals. Whether seeking cloud security certifications for internal employees, hiring new professionals or working with a managed security services partner, IT security teams are engaged in the critical task of protecting high-value assets: information that keeps them relevant to and trusted by customers, and competitive in the global marketplace.
As the internet is evolving every second, it is the responsibility of both the user and the service provider to constantly be vigilant to the threats to their data and privacy issues in cloud networks. Implementation of multiple verification processes and encryption processes is one of the initial countermeasures against the recent increase in hacking activity all around the world. This kind of hacking is also a form of cyber-terrorism causing privacy issues in cloud networks which the world is recognizing and the respective governments are taking measures to ensure the integrity of their countries cyberspace is not breached but a worldwide expedition is imperative.