A quantitative analysis of current security concerns and solutions for cloud computing

biomed - Gonzalez Nelson , Miers Charles , Redígolo Fernando , Simplício Marcos , Carvalho Tereza , Näslund Mats , Pourzandi , Pourzandi Makan

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

18 pages

English

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

A propos
Informations
Extrait

Description

The development of cloud computing services is speeding up the rate in which the organizations outsource their computational services or sell their idle computational resources. Even though migrating to the cloud remains a tempting trend from a financial perspective, there are several other aspects that must be taken into account by companies before they decide to do so. One of the most important aspect refers to security: while some cloud computing security issues are inherited from the solutions adopted to create such services, many new security questions that are particular to these solutions also arise, including those related to how the services are organized and which kind of service/data can be placed in the cloud. Aiming to give a better understanding of this complex scenario, in this article we identify and classify the main security concerns and solutions in cloud computing, and propose a taxonomy of security in cloud computing, giving an overview of the current status of security in this emerging technology.

Informations

Publié par	biomed
Publié le	01 janvier 2012
Nombre de lectures	6
Langue	English
Poids de l'ouvrage	3 Mo

Extrait

Gonzalezet al. Journal of Cloud Computing: Advances, Systems and Applications2012,1:11 http://www.journalofcloudcomputing.com/content/1/1/11

R E S E A R C HOpen Access A quantitative analysis of current security concerns and solutions for cloud computing 1* 1,41 11 Nelson Gonzalez, Charles Miers, Fernando Red´ıgolo, Marcos Simpl´ıcio, Tereza Carvalho, 2 3 MatsN¨aslundandMakanPourzandi

Abstract The development of cloud computing services is speeding up the rate in which the organizations outsource their computational services or sell their idle computational resources. Even though migrating to the cloud remains a tempting trend from a ﬁnancial perspective, there are several other aspects that must be taken into account by companies before they decide to do so. One of the most important aspect refers to security: while some cloud computing security issues are inherited from the solutions adopted to create such services, many new security questions that are particular to these solutions also arise, including those related to how the services are organized and which kind of service/data can be placed in the cloud. Aiming to give a better understanding of this complex scenario, in this article we identify and classify the main security concerns and solutions in cloud computing, and propose a taxonomy of security in cloud computing, giving an overview of the current status of security in this emerging technology.

Introduction Security is considered a key requirement for cloud com-puting consolidation as a robust and feasible multi-purpose solution [1]. This viewpoint is shared by many distinct groups, including academia researchers [2,3], business decision makers [4] and government organi-zations [5,6]. The many similarities in these perspec-tives indicate a grave concern on crucial security and legal obstacles for cloud computing, including service availability, data conﬁdentiality, provider lock-in and reputation fate sharing [7]. These concerns have their origin not only on existing problems, directly inherited from the adopted technologies, but are also related to new issues derived from the composition of essential cloud computing features like scalability, resource shar-ing and virtualization (e.g., data leakage and hypervisor vulnerabilities) [8]. The distinction between these classes is more easily identiﬁable by analyzing the deﬁnition of the essential cloud computing characteristics proposed by the NIST (National Institute of Standards and Technology) in [9], which also introduces the SPI model for services

*Correspondence: nmimura@larc.usp.br 1 EscolaPolit´ecnicaattheUniversityofS˜aoPaulo(EPUSP),Sa˜oPaulo,Brazil Full list of author information is available at the end of the article

(SaaS, PaaS, and IaaS) and deployment (private, public, community, and hybrid). Due to the ever growing interest in cloud computing, there is an explicit and constant eﬀort to evaluate the current trends in security for such technology, consider-ing both problems already identiﬁed and possible solu-tions [10]. An authoritative reference in the area is the risk assessment developed by ENISA (European Network and Information Security Agency) [5]. Not only does it list risks and vulnerabilities, but it also oﬀers a sur-vey of related works and research recommendations. A similarly work is the security guidance provided by the Cloud Security Alliance (CSA) [6], which deﬁnes security domains congregating speciﬁc functional aspects, from governance and compliance to virtualization and iden-tity management. Both documents present a plethora of security concerns, best practices and recommendations regarding all types of services in NIST’s SPI model, as well as possible problems related to cloud computing, encom-passing from data privacy to infrastructural conﬁguration. Albeit valuable, these studies do not focus on quantifying their observations, something important for developing a comprehensive understanding of the challenges still undermining the potential of cloud computing.

© 2012 Gonzalez et al.; licensee Springer. This is an Open Access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/2.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.