You are on page 1of 36

CLOUD COMPUTING SECURITY CHALLENGES

DONE BY CHUKWUEKE CHIKA M.

AUGUST 2016

ABSTRACT

Cloud computing which also known as on-demand is computing is the latest stage in the
evolution of IT infrastructure. The term cloud computing is a computing model whereby
firms and individuals obtain their computing power and software application over the
internet, rather than purchasing their own hardware and software. It is an Internet based
computing service that provides shared processing resources and data to computers and
other devices on demand. This platform enable users and enterprises to store and process
their data with third party data centers. As much as it is important that some of these
activities be outsourced, security of the system should also be considered. Present day
global business environments presents numerous security threats and compliance

challenges. Thus, this seminar work provides more insight into some of these security
challenges and then recommend some mitigation measures to curb this security threats.

SECTION 1: INTRODUCTION
A. Background of Study

In most cases, when we draw the diagram of the Internet, it always has the shape of the
cloud. Therefore it is from this diagram that the name cloud computing was figured out.
The concept of cloud computing is a very interesting and important concept in the world
of Information Technology. It provides organization the ability to entrust some of their
organizational tasks to third party organizations. Some of these tasks include; (web hosting,
database management, server management etc.). One of the most wonderful ideas that led
to the evolution of cloud computing is to enable organizations pay more attention to their
2

major activities. For example, since Information technology has become so pervasive that
every organization has now adopted it, it means that they can only pay attention to their
own area of service and production while the services of information technology are handed
over to professionals in that field. Organizations like Dangote group now has their own
website and in having a website, a third party company is introduced which will take care
of the domain name and the hosting space. With this technology, Dangote group will more
easily and conveniently focus on their cement, salt, sugar and other of their production line
while the IT related tasks are outsourced to a third party vendor.

At this point, providing a suitable definition for a cloud is necessary. A cloud is a


collection of hardware and software that runs in a data center and enables the cloud
computing model. It is also necessary to provide few definitions of cloud computing from
several authors.
Cloud computing is a set of IT services that are provided to a customer over a network on
a leased basis and with the ability to scale up or down their service requirements (sharath.K
Sudarshan R. 2015).
Cloud computing is a model of organizing computers for enabling convenient, ubiquitous,
on demand network access to a shared pool of configurable IT resources (Dimitrios 2012).

NIST defines cloud computing as, a model for enabling convenience, on demand network
access to a shared pool of configurable computing resources (e.g., networks, servers,
storage, applications, and services) that can be rapidly provisioned and released with
minimal management effort or service provider interactions.

Cloud computing refers to the delivery of IT resources over the Internet as services. This
is opposed to hosting and operating these resources on pay-per-use or by monthly or yearly
subscription (Shenai 2013).

Fig 1 Cloud Computing Illustration

We could also say that cloud computing is a computing model whereby firms and
individuals obtain their computing power and software application over the internet, rather
than purchasing their own hardware and software. The major factors that led to the cloud
computing outbreak is the growing bandwidth power of the internet and also the need to
reduce cost of computing infrastructure and system resources. With cloud computing,
organization will pay more attention to their core activities and then the computing
activities (which are the activities that are not among their core activities) are outsourced
to vendors who are experts in that field. Cloud computing has become a highly demanded
service or utility due to the advantages of the high computing power, cheap cost of services,
high performance, scalability, accessibility and availability. As much as it is important that
some of these activities be outsourced, security of the system should also be considered.
Present day global business environments presents numerous security threats and
compliance challenges. It has been said by experts that most of the security challenges
faced by users are caused by the carelessness of the users. Therefore one must be careful
in also considering the security issues (challenges) faced by this cloud computing platform.
As stated earlier, one of the driving factors that led to the evolution of cloud computing is
the need to reduce cost of computing infrastructure and system resources. Since the major
aim of an organization is to make profit (reducing cost of production and services rendered
to them), the organizations should not be over concerned with cost reduction and in turn
fall into the wrong hands. But rather, a thorough check should be made so that the
5

organizations will not fall into the wrong hands or amateur vendors. Jeff Bezos, the CEO
Amazon said, I am not upset with someone who charges more for a product but I am
concerned with someone who might offer better experience. Some hardware and software
firms such as IBM, HP, Dell,
Google, Microsoft, SAP, Oracle and Salesforce.com are rendering some of the cloud
computing services with a high security level, although not 100% security. The major threat
to anything and everything done on the Internet is security, therefore, the first consideration
to be made before doing anything on the internet is the security level of the platform to be
adopted.

B. Motivation for this Topic

The internet has over time become so interesting and in fact is currently the largest virtual
community in existence. As a result of this, the relevance and importance of the Internet
with respect to this seminar work titled cloud computing security challenges is the key
motivation of this work so as to discuss in details the security issues and challenges of
cloud computing. Since there is a pervasive growth of information technology thereby
making organizations strive to adopt to the trends of information technology (having their
websites, mobile applications, online recruitment, database, online data processing etc) in

order not to be obsolete, this seminar work will therefore have great motivation attached to
it.

C. Statement of Problems

This seminar is aimed at creating more enlightenment on few problems which some
organizations face. These problems are;

Security issue: Although the emergence of cloud computing is a recent development,


insights into critical aspects of security can be gleaned from reported experiences of early
adopters and also from researchers analyzing and experimenting with available service
provider platforms and associated technologies. The sections that follow highlight securityrelated issues that are believed to have long-term significance for cloud computing.

Secure Data storage and transaction log: Data and transaction logs are stored in multitiered
storage media. As a result of this, manually moving the data between these tiers poses a
big problem as it involves time, high cost etc. This has led to the development of a new
system known as auto-tiered storage system where these data once they are needed are
called up automatically. But the major challenge in auto-tiered storage system is that it does

not take track of where the data are stored. As such, some data could be stored in a wrong
directory or even misplaced entirely.

Denial of Service: According to Martins (2016) Denial of Service is a technique attackers


will use to effectively shut off access to your site. They accomplish this by increasing
traffic on your site so much that the victims server becomes unresponsive. Criminal
perpetrators of DoS attacks often target sites or services hosted on high-profile web servers
such as banks, credit card payment gateways. It is similar to a group of people crowding
the entry door or gate to a shop or business, and not letting legitimate parties enter into the
shop or business, disrupting normal operations (Syam, 2009). Thus, when a server is
overloaded with connections, new connections can no longer be accepted.

The symptoms of a machine under DoS attack include;

1. Slow network performance in opening files or accessing websites


2. Unavailability of a particular web site
3. Inability to access any web site
4. Increase in the number of spam emails received(this type of DoS attack is
considered an e-mail bomb)
5. Disconnection of a wireless or wired internet connection
8

A denial-of-service attack is characterized by an explicit attempt by attackers to prevent


legitimate users of a service from using that service. There are two general forms of DoS
attacks: those that crash services and those that flood services (Kumar. 2010).

D. Aim and Objectives

This seminar work is aimed at creating enlightenment on the various security challenges
associated with cloud computing and providing more guidelines on how data store on the
cloud are been secured.

The objectives of these seminar work includes

1. Suggesting security measures to the cloud.


2. Create enlightenment on the vulnerability of the cloud.
3. Analyze some important question that should be asked and well answered before
knowing which cloud service providers to work with.
4. To suggest backup measures to the information stored in the cloud.

SECTION 2: Types of Cloud

There are basically five types of cloud which will be discussed briefly
9

i. Private Cloud: A private cloud is a cloud operated for a single organization which
can either be hosted internally or externally. In operating a private cloud, an
organization stands a high chance of security and improve businesses but on the
other hand, it requires a great deal of knowledge and it is also capital intensive to
implement. As earlier stated, one of the most important benefits of cloud
computing is that it enables organization focus on their major products and
services, but when an organization operates a private cloud, the responsibility
of the organization will be divided because more attention will be paid to their
cloud in order to make sure their data is secured.
ii. Public Cloud: A public cloud is a cloud that is operated over a network and is
also open for public use. There are basically three public cloud service providers
which are amazon AWS, Microsoft and Google. The public cloud is operated at
their respective service point and can be assessed through the internet. But for
customers to assess them, they need to purchase or lease a private connection to
a peering point offered by the cloud service provider.
iii. Community Cloud: A community cloud is a cloud that shares resources between
different organizations in the same community with common needs, whether they
are managed and hosted internally or externally.

10

iv. Hybrid Cloud: A hybrid cloud is a combination of two or more distinct clouds
(private, public and community) from different service providers that work
together and offer the benefit of multiple deployment models. For example,
guarantee trust bank can decide to operate a private cloud for its internal business
process but they have to connect to the Central Bank of Nigeria over a public
cloud (that is if Central Bank of Nigeria operates on a public cloud), therefore the
coming together of these private and public cloud will form a Hybrid cloud.
v. Distributed Cloud: A distributed cloud is a kind of cloud where resources are
stored in different machines in different locations but are connected to a particular
network. A typical example of a company that uses the distributed cloud is
Facebook. They have servers in different parts of the world; South Africa, India,
Europe, USA etc.

Section 3: Service Models of Cloud Computing

Cloud computing has three main service models which includes;

11

Fig 2: Cloud computing Service models

i. Infrastructure as a service (IaaS): Infrastructure as a service talks about the hardware


and software part of the cloud computing which includes, servers, networks,
operating systems etc. In Iaas, multiple users can be connected on a single hardware
and resources are distributed as a service.

12

Fig 3: Infrastructure as a Service ii. Platform as a Service (PaaS): Platform as a


service talks about the tools and services which are used to make coding and deploying
of the various software to be used easy, efficient and quick. These tools enhances project
planning, service billing, subscription and communication. Multiple users can
concurrently utilize the same application. Common standards are used to integrate web
services and databases.

13

Fig 4: Platform as a Service


iii. Software as a Service (SaaS): Software as a service talks of the applications designed
and developed for end-users which are usually delivered over the web. Here, services
are always delivered over the web from a central location. It has a one to many
models and users do not have the right to make upgrades or develop patches.

14

Fig 5: Software as a Service


Section 4: Overview of the Cloud Computing Security Challenges

In this section of this seminar work, I would like to review to some extent, the works and
publications that have been done on this topic CLOUD COMPUTING SECURITY
CHALLENGES. It is important to know that in this 21st century, there is nothing that has
not been done before but instead, we only have new ways of doing old things or new
versions of old technologies.
According to Sharath et al (2015), cloud computing security challenges are divided into
three parts which include; deployment model, service model and networks.
15

Deployment models talks of the various clouds which has been stated earlier. These clouds
includes; private cloud, public cloud, hybrid cloud, community cloud and distributed cloud.
Since these various clouds are open to users (both trusted and untrusted users) from
different parts of the world, it therefore implies that these clouds are vulnerable to various
challenges and attacks from users.
A. Security Challenges Related to Deployment Models
i. Resource Pooling: Resource Pooling is a term used in cloud computing environment
to describe a situation in which providers serve multiple clients, with provisional and
scalable services. It is a security challenge that occurs mainly on the private cloud.
Some of the resource pooling aspects that can affect the private cloud are, reuse of
resources by different tenant application, co-location of services belonging to
different tenants on the same physical server, the automated processes that handle
the allocation and de-allocation of resources.
ii. Motility of Data and Data residuals: Mobility of data talks about moving data or
information from one part of the storage media to another part while data residuals
talks about data or information that is not actively used on a computer system. Data
mobility sometimes leads to data residuals. Data residuals sometimes lead to data
redundancy and data redundancy sometimes leads to data loss.

16

iii. Elastic Perimeter: Evolving threats and ongoing shift in how services are deployed
puts security teams on a disadvantage unless they shift their thinking and expand
their strategies. This is the concept of elastic perimeters.
iv. Shared Multi-tenant Environment: Multi tenancy term in the IT world used to
describe the mode of operation of a software where a software operates in a shared
environment and it is used by multiple users known as tenants. Since the application
is shared (although the users do not see themselves), once a hacker successfully
hacks the application, every tenants that uses that application are left unsecured.
v. Unencrypted Data: Encrypting data is a proven way to secure your data online
because it will restrict the access of unauthorized users. On the other hand, any data
which is not encrypted and its stored in the cloud is completely unsecured.
vi. Authentication and Identity Management: This feature enables cloud computing
service providers to be able to authenticate and verify users before granting them
access to the cloud. In a situation whereby the login details of a particular user has
been captured by another user somewhere, the authentic user suffers from what is
known as denial of service.
B. Security Challenges Related to Service Models
The service models talk about the various kinds of services provided by the different cloud
service providers. As earlier stated, there are three major type of services with are provided
17

on the cloud. These services includes; Software as a Service (SaaS), Platform as a Service
(PaaS) and Infrastructure as a Service (IaaS). These different services also have their
various security threats attached to them. Some of the security challenges with the service
model includes;
i. Data Leakage and consequent problems: Data leakage is a situation in which an
organization or corporation collects data from a website and uses it without the
website owners permission. For examples, there are some website the request its
visitors to fill in their profile. These information includes, name, phone number,
email address, age, sex, etc, which are used to target ads to specific demographic
segment. The question now is how does these information leak? This leakage
occur when a third party uses a tracking pixel to collect data from the website. A
pixel is an invisible piece of code which hackers launches to targeted website in
order to extract information from the website. Once this code is launched, every
piece of information which the website visitors provided previously will be extracted
and thus, the hacker gets as much information as he wants.
ii. Malicious Attacks (Malware): Malware are malicious software that are used to
disrupt computer operators and users in order to gain access to a private computer,
post unwanted advertisements and carry out some unwanted actions which are
completely against the intention of the computer user. Some of these malware could

18

be Trojan Horse. iii. Backup and Storage: These are important features any cloud
user must have. Knowing fully well that the cloud is vulnerable to attacks, it is
therefore paramount for cloud users to maintain a backup file should incase the
information were hacked into in the cloud. But in ensuring a backup system is setup,
it is important to consider which method of storage to use in order to ensure that the
storage method used is not vulnerable to attacked and disaster. The reason is that if
we say the cloud is unsecured, then we must be able to have a secured backup.
iv. Shared Technological issues: Since the cloud was not designed for single user, it
therefore implies that a cloud infrastructure and facilities are shared among various
users located in different places. As a result of this, some users might want to feel
smarter than others by making attempts to intrude the domain of another user. To
prevent this, cloud providers must be alert always to ensure that each environment
that is provided to a particular user is monitored to inhibit unauthorized login.
v. Service Hijacking: This is a security challenge in which a third party completely
takes over the service of a particular cloud user for a period of time. This then leads
to denial of service.
vi. Virtual Machine Hopping: This is a kind of attack in which a third party (hacker)
jumps from one virtual machine to another. Since these virtual machines are located

19

on a single computer, the hacker could then launch an attack on the host computer
which will in turn affect every machine on the host.
vii. Virtual Machine Denial of Service: Denial of service has to do with flooding the
virtual machine with series of requests which is aimed at slowing down the speed of
a server so that it will not be able to process requests as quickly as possible.
C. Security Challenges Related to the Network
The third part of the security challenges is the network challenges. The network challenges
talks about the different security challenges encountered by users as they try to access their
information in the cloud. These security challenges includes:
i. Browser Security: This is the application of Internet Security to web browsers in
order to protect networked data and computer systems from breaches of privacy or
malware (Stephen, 2013).
ii. SQL Injection Attack: This is an attack that is launched as a written code in form of
SQL statement that is dumped in a database so as to collect information from a
database and send it to the attacker.
iii. UDP Flooding Attacks: This is an attack in which the attacker sends series of UDP
(User Datagram Protocol) packets to random ports on a remote server.

20

Fig 6: An attack using UDP


iv. XML Signature Element Wrapping: XML (Extensible Markup Language) signature
enables a user to send signed documents of a SOAP (Simple Object Access
Protocols) message to a receiver. Once the message is signed, having an
unauthorized access to it is somehow difficult because any modification done on this
message is detected by the receiving web service. But never the less, if an attacker
intends to carry out an attack on this document what he does is to change the message
algorithm.
SECTION 5: History of Cloud Computing
The idea of cloud computing evolved as a result of the overarching concept of delivering
computing resources through a global network in the 1960s by J.C.R. Licklider who was

21

responsible for developing the ARPANET (Advance Research Projects Agency


NETwork). His vision was for everyone on the globe to be interconnected and accessing
programs and data at any site and from anywhere.
Since the sixties, cloud computing has developed along a number of lines with web 2.0
been the most recent evolution. One of the greatest milestones in the history of cloud
computing was the arrival of salesforce.com in 1999, which pioneered the concept of
delivering enterprise applications via a simple website. The next development was Amazon
web services in 2002, which provided a suite of cloud based services including storage,
computation and human intelligence. In 2006, Amazon launched its Elastic Compute cloud
(EC2) as a commercial web service which allows small companies and individuals to rent
small computers on which to run their own computer application. Amazon EC2/S3 was the
first widely accessible cloud computing infrastructure service, which provides its SaaS
online video platform to UK TV stations and newspapers.
Another breakthrough took place in 2009 as web 2.0 hit its stride, which led to Google,
Microsoft and others to start offering browser based enterprise application, through
services known as Google App.
The most important contribution to the cloud computing has been the emergence of the
killer apps from leading technology giants like Microsoft and Google.

22

Another key factor that have enabled cloud computing to evolve include the maturing of
virtualization technology, the development of universal high speed bandwidth, and
universal software interoperability standards. Many IT professionals recognize the benefits
cloud computing offers in terms of increased storage, flexibility and cost reduction.
Considerations such as security, data privacy, network performance and economics are
likely to lead to a mix of cloud computing centres both within the company firewall and
outside of it. Applications will naturally move towards a cloud model as they become more
pervasively available through the web, require more data processing and span the
boundaries of multiple devices.

Fig: 7. History of cloud computing

23

Andreas Asander, vice principal of product management at virtualization security specialist


Clavister, said that once the security issues are resolved, cloud computing services can
enable an enterprise to expand its infrastructure, add capacity on demand , or outsource the
whole infrastructure, resulting in greater flexibility, a wider choice of computing resources
and significant cost savings.
Since cloud computing is greatly increasing in its pervasiveness, IT directors needs to
continue to manage their internal computing environments, while learning how to secure,
manage and monitor the growing range of external resources residing in the cloud. (Source:
A history of cloud computing by Arif Mohamed).

SECTION 6: The Technology Surrounding Cloud Computing

1. The first stage was in the 1950s which started with mainframe computing. Multiple
users were able to access a central computer through dumb terminal, whose only
function was to provide access to the mainframe. Because of the cost to buy and
maintain mainframe computers, it was not practical for organizations to buy and
maintain one for every employee nor did the typical user need the large storage
capacity and processing power that a mainframe provided. Providing shared access

24

to a single resource was the solution that made economical sense for its sophisticated
piece of data.
2. The second stage was the creation of virtual machines in the 1970. Using virtual
machine software like VMware, it became possible to execute one or more operating
systems simultaneously in an isolated environment. Complete computers (virtual)
could be executed inside one physical hardware which in turn can run a completely
different operating system. The VM operating systems took the 1950s shared access
mainframe to the next level, permitting multiple distinct computing environments to
reside on one physical environment. Virtualization came to drive the technology and
was an important catalyst in the communication and information evolution.
3. The third stage was when telecommunication companies started offering virtualized
private network connections in the 1990s. Before now, telecommunication
companies only offered single dedicated point-to-point data connections. The newly
offered virtualized private network connections had the same service as their
dedicated services at a reduced cost. Instead of building out physical structures to
allow for more users to have their own connection, telecommunication companies
were now able to provide users with shared access to the same physical
infrastructure.

25

SECTION 7: Trends in Cloud Computing

This trend was further divided into four other stages which include;
i. Grid computing: Solving large problems with parallel computing.
ii. Utility computing: Offering computing resources as a metered service. iii.
SaaS: Network-based subscription to applications.
iv. Cloud computing: Anytime, anywhere access to IT resources delivered dynamically
as a service. (SOURCE: A brief history of cloud computing by Maximilliano
Destefani)
SECTION 8: Conclusion

Much has been said about cloud computing but the point still remains that no matter the
expertise of the vendors, no vendor can guarantee complete security. For business that are
online, once there is a little break into the system, there is a high risk of losing a huge
amount of money. For example, when the server hosting konga or jumia crashes, no matter
how short the crash duration might be, this businesses will lose millions of naira as
customers will not be able to reach them and make their others. As such it is indeed a wise
saying that prevention is better than cure. Clients must always be careful at all time to
reduce their rate of vulnerability. Therefore, to play safer on the cloud, we could secure our
data in the cloud through the following;
26

1) Encryption: This is the process of translating plain text to encoded forms called
Cipher text or a code so that it becomes unreadable to all other people except those
who have the key to the information, Akanji, A.W( 2014).
There are two basic types of encryption which are
Symmetric Encryption: This is a pattern of encrypting in such a way that only one
key is used for both encryption and decryption.

Assymmetric Encryption: This is a type of encryption in which one key is use for
encrypting the data while another key is used in decrypting the data.
In choosing the encryption key to use, one must be careful enough to make sure that
the information is secured enough to the point that it will be difficult or almost
impossible for the key to be broken by an attacker. Encryption explains why
passwords are not readable but rather appear as bullet points. Also in recent time, a
new and better method of passwording has been developed which is known as
shadow passwords where you type in your password but it appears as if nothing was
type in, that is the passwords has been shadowed so that they do not appear to the
physical eyes.
2) User Identification And Authentication: If and organization store its a data in the
cloud, access to that data will be given to some specified group of people (which

27

means that not even all the staff in the organization has access to the data), as such
the system must be accurate enough to identify users who try to access the
information. Also, the system should be able to detect when more than one user try
to access the information with one login detail (this means that other users have
gotten the login details of an authentic user and then logs into the cloud as the real
user). This anomaly leads to denial of service as the authentic user would not be able
to log in until amendments are made. For example, when you create an account with
nairaland.com and you want to log in as a member, a confirmation code will be sent
to your email which you will input into the right text box before you can then login.
This process is known as user identification and authentication,
3) Trusted Third Party: Since cloud computing activities is mainly concerned with
outsourcing cloud-based services to third party organizations who are experts in this
field, it is important to ensure that the vendors are fully trusted and reliable. In order
to check for their reliability and competence, clients should visit the organizations
website to check out for comments from other clients or go to the organizations
forum for more information.

28

Fig 8: A hacker launching an attack on a server

To conclude this work, it is vital to know that various cloud service providers exist in their
hundreds. Some of the giants include; Amazon, Google, Microsoft, IBM, Oracle,
Salesforce.com, HP, Appfolio, Avarture, Cloud broker, Cloudboost, Dell, Firebase,
Lenovo, Adobe, Red Hat, SAP, Sun Microsystem, and a list of countless others. But one
common challenge faced by each of these cloud service providers is security. Therefore,
clients must be careful in making their choice of cloud service provider. According to
Gartner, Customers must demand transparency, avoiding vendors that refuse to provide
detailed information on security programs. Ask questions related to the qualifications of
policy makers, architects, coders and operators; risk-control processes and technical
29

mechanisms; and the level of testing that's been done to verify that service and control
processes are functioning as intended, and that vendors can identify unanticipated
vulnerabilities.

SECTION 9: Recommendation

Before choosing the cloud platform to use in your service, some of these questions must be
well asked and answered before selecting the cloud service providers to work with;

i. How Good Are These People? In choosing a cloud service provider, this question is
very relevant. Serious jobs like this should never be handed over to people who are
not good enough to handle it. It is important to know that not all that glitters is gold,
therefore not all organisations that claims they are good in providing cloud
computing services are as good as they claim. The giants in this business are google,
oracle, Microsoft and few other organisations. Although none of these companies
can guarantee 100% delivery.
ii. What Are Their Weaknesses? This question tends to find out the strength and
weaknesses of each of these companies. As earlier stated, none of these companies
can guarantee 100% delivery because hackers are restless. For this reason, it is
necessary to know where each of these companies are strong and where they are

30

without strength. When the area of strength of these organizations fit into the service
you want from them, then the organization is good to go.
iii. What Backup Measures Do They Offer? Since these cloud service providers are
vulnerable to attacks, it is therefore necessary for them to have backup database so
that even when their cloud is been hacked into, they will not completely lose
customers information.
iv. How Cheap is The Service? Since cloud computing aims at rendering sophisticated
services at a cheaper cost, then it must indeed be cheap enough for the clients to
easily afford without considering it as a high financial burden. Though companies
should not be more concerned with low cost but also focus on the quality of the
service. Jeff Bezos, the CEO Amazon said, I am not upset with someone who
charges more for a product but I am concerned with someone who might offer better
experience.

Once these questions and more (depending on the clients need) are answered, then making
the choice on which vendor to partner with will be less cumbersome.

Tracing back to the technological development around the world, I discovered that
technology increased at a slow pace before the 20th century. But between 1990 to 1950, it
doubled. Between 1950 to 1980 , it doubled again. Between 1980 to 1995, it doubled again.
31

Between 1995 to 2003 it doubled again. But since 2003 till date new technologies are been
developed almost on a daily bases that is since the introduction of web 2.0 and pervasive
computing. Thus is very clear that measures could be adopted to further mitigate the
security issues of the cloud else as the security challenges of the cloud grows higher, some
of the big and gigantic service providers might gradually fizzle away for smaller companies
to take over. For example, it was said that Amazon Web Service (AWS) went down for a
period of four days and as such, clients who used AWS suffered this fate for four days. And
as we know, whenever an organization runs out of service, losses are been incurred. If this
kind of situation occur the second time, then AWS will lose a lot of its potential clients to
other cloud providers. With the knowledge of this fact, technologies are been put in place
to secure the future of the cloud. Like, there is a great shift from centralized computing to
distributed computing so that the computing activities will not be done centrally but rather
distributed in various servers in various locations (various data centers). In some cases, an
organization could backup their data on two different clouds so that when one is down, the
other cloud will automatically takes over so that the organization will not run out of webbased service for a minute. But in recent time, innovations are ongoing which will enable
a single cloud to be located in different servers in different locations. The technology here
is that these different servers will host the same data of their clients. For example, AWS
will now be located in USA, China, South Africa and Germany. All these servers in
different location still contains the same data but the one situated in USA will be the
32

primary server while the other ones will be the backup servers so that once there is any
problem with the primary server, any of the backup servers will take over without the
knowledge of the clients and the users. By so doing, clients will not need to host their data
on two or more different cloud since it is technically impossible for the primary server and
all the backup servers to go down at the same time.

33

REFERENCES

Akanji, A.W.,Haastrup, A. V., Elusoji A.A. (2014): A comparative study of attacks


on databases and database security techniques. African journal of computing and
ICT. 7(5), 1-8.
Amadi, E.C. (2014). Network administration and server management: A
beginners guide. Owerri, imo state: Mariphlan computekz.

Arfan S. (2013). Opportunity and Challenges Using the Cloud Computing In The

Case Of Malaysian Higher Education Institutions.

ArifM. (2015). www.computerweekly.com/a_history_of_cloud_Computing

Behrouz, A.F., Sophia, C.F. (2007). Data communication and networking. Fourth
Ed.

Beloglazov.A., Hoon K.K., (2013) Power-aware Provisioning of Virtual Machines

for real- time Cloud Services,.

Dahunsi F.O (2013) Emerging and sustainable technologies for power and ICT in a

34

developing society: cloud computing for optimal ICT in Nigeria pp 70


Dimitrios Z. (2012). Addressing cloud computing security issues

Forouzan Networking series. McGraw-Hill: New York.

International Telecommunication Union (ITU). Cloud computing in Africa Situation


and Perspective, Telecommunication Development Sector pp72 April 2012
Juster K.I.,(2009) Cloud Computing Can Close the Development Gap, Foreign
Service Journal, pp. 47-50.

Maximilliano D. (2015) .A brief history of cloud computing

McDowell, M. (2009)."Cyber Security Tip ST04-015 - Understanding Denial-ofService Attacks"

Microsoft Corporation (2003).Improving Web Application Security: Threats and

Countermeasures

Sharath K. and Sudarshan R. (2015). Cloud computing security challenges.

Syam R. (2009)."Server Security Threats You Should Definitely Know


35

Thomas, W.S (2012). A guide on Microsoft Azure

Voorsluys.W., Broberg.J., and Buyya.R. (2011) Introduction to Cloud

Computing,introduction to cloud computing in cloud computing principles


and paradigms, rajkumar Buyya, james Borberg, and Andrzej Goscinski, Eds,
New Jersey, USA: John Wiley and Sons, pp. 38-42.

www.wikipedia.com/cloud_security_issues

Wyld.D.C. (2009), Moving to the Cloud: An introduction to Cloud computing in


government.

E-Government server, IBM Centre for the business of

government. Pp 23

Zhang.S., Chen.X., and Huo.X. (2010), Cloud Computing Research and


Development Trend, in

Second International Conference on Future Networks, pp. 93-97.

36