Advantages of Cloud Computing

The concept of cloud computing can be considered one of the most advanced sectors which can be related to the latest technology which are in use in recent times. The technology is being adopted by most of the organisation due to the factor that there is a vast field of advantage which can be achieved from the concept. The main aim of the concept of the adaptation is that to exhibit different security aspects in the data which is stored in the concept of the cloud (Ali, Khan & Vasilakos, 2015). Despite the different risk factors which are involved in the technology the field of advantage which can be achieved from the concept is very much on the higher end. The cloud concept helps the organisation to concentrate more on the critical internal activity of the organisation rather than spending time on data security and other aspects which are taken care of by the cloud providers. Most of the data which is saved in the concept of the cloud can be considered to be very much crucial so it can be stated here that the security of the data can be considered as one of the major priority in this concept. There are different types of the provision of data security which are implemented by the cloud provider so that there is no unethical activity possess in the data (Avram, 2014). In the concept of cloud, there is not the only aspect of storing of data of the organisation, but it can be used for other purposes as different types of services (SaaS, PaaS and Iaas) which can be very much beneficial for the organisation

The main aim of the report is to take into consideration different aspects which are related to the concept of cloud computing. The community-based charity organisation is planning to move to a public cloud vendor to provide some services. Taking into consideration the different movement aspects are taken into consideration in the report, and the overall parameters of the cloud are majorly discussed in the report.

In the concept of the cloud, there can be different issues which are related to the employee data security. The main aspect which can be stated here that who has the overall access of the data. The security aspect of the data can be judged directly from the aspect of the different security solution which is provided from the end of the cloud providers. There are different methods which can be used for the attackers to attack the cloud environment. When there is an insecure network phone to access the network directly, the user can get hacked or get attacked. On the other hand, the contractor of the network uses the application of web that has a vulnerability which is embedded, it can be a backdoor which is not protected, and in such situation, the user can get attacked.

Security Measures Implemented by Cloud Providers

In some of the situation it can be stated that during the password transfer between the user and the cloud providers, the account can be hacked. The nature of cloud computing it can be stated that it involves some of the ceding control from the aspect of the customer to the providers of the service (Avram, 2014). The aspect of security and control cannot be related to each other. According to research, it can be stated that data security in the concept of cloud computing is potentially superior to the security in a corporate data centre due to the same technique which drives so much good through the marketplace: division of labour and economics of scale. Due to the security cost are distributed among a large number of customers in the centre of the cloud, the cloud providers are very much able to apply far more resources in the physical, operational security measure and technical (Ali, Khan & Vasilakos, 2015). The security measures which are implemented are far better than the security aspects which are delivered by the government agencies and most of the corporations. Most of the large providers of cloud also implement operating multiple data centre with replicated data across facilities to safeguard the data from intruders. The core business which is related to the operation of cloud service providers is delivering IT services and operating.

An expertise level of security and experience are brought together in the concept of data security by the managed cloud service providers. It can be stated here that security expertise and technologies in the data of the cloud may surpass that in different data centres of the corporation there is a valid concern which is related to the security. In what it is referred to as a “fourth tier” of the architecture of the cloud: the public internet through which the services of the cloud are delivered to the end user.

The privacy of the data in the concept of the cloud can be considered to be very much important. The concept is due to the factor that in most of the cases crucial data of the organisation are saved in the concept of the cloud. If there is any privacy issue in the data, it would be very much a loss for the organisation. Sometimes it can be stated that attackers tend to get hold of the data into the concept of the cloud for their gains. The loss of privacy which is related to the cloud provider can be considered as a serious threat relating to confidentiality, data integrity, and the principle of privacy. There was a resolution which was passed in the year 2009 from fifty countries relating to the security of the data. It stated that there was an urgent requirement of the setting of privacy laws within the world without any boundary set between them and achieve a proposal for an international standard of law. Its direct motive is to define a set of right and principle which has guaranteeing internationally and uniformly with regards to the processing of data and facilitate the international flow of inherent personal data in the globalised world.

Privacy Concerns in Cloud Computing

The complexity which is related to the service provider of the cloud has introduced some parameters. The consumers and the service providers are cautioned respectively about the guarantee which is related to the compliance services which are ready and adopting a different type of services. The cloud service providers implemented a safe method of flow of the personal data irrespective of the national boundaries, the challenge part which can be associated with the concept is that checking of the life cycle of the data processing and its direct compliance of the legal framework (Oliveira, Thomas, Espadanal, 2014). Relating to the service which is offered by the cloud providers it can be stated that there are many questions which can arise in the context which determines the risk which is associated with the security and privacy of information.

• Who are the direct stakeholders who are involved in the operation of the cloud?
• What are their responsibility and roles?
• Where is the place where the data are stored?
• What are the policies which are implemented which would be directly meeting the expectation of the privacy and security of the data in the cloud?
• What are the rules which are related to the data processing aspect?

In regards to the issue which is related to the privacy of the data, the Madrid Resolution stated that every person should have a clear idea of the transparent policies with regards to the processing which are related to the personal data. The stakeholders should be able to specify the requirement which is related to the meeting the expected level of privacy and security.

The recent Resolution of Madrid provides an international standard which is related to the protection of privacy, but it can be stated here that there is no such universal privacy legislation binding covering the countries in the world. In the aspect of cloud computing service, the complexity of the privacy is increasing on a day to day basis (Ali, Khan & Vasilakos, 2015). The application of legal framework into the concept of cloud can be considered to be a difficult task in hand when regimes are not harmonised, it directly depends on the location of the data and directly involves blurred division of the responsibility between the stakeholders.

A recent ENISA report stated that some challenges and rules are associated with the directive 95/46/EC in the context of “the cloud computing environment, for which the roles of controller and processor still need to be determined on a case-by-case basis and about the nature of the cloud services”.

One of the objectives which are related to the ICT standard is to directly define the effective and appropriate technical measures for the aspect of implementing the principle of privacy in the cloud computing. The standard which exists in the mechanism of the privacy of the data is stated below with the help of a table.

Data Life Cycle	Privacy principle	Privacy protection measure	Example of PETs and ICT standard
Collection	Purpose and proportionality specification	Minimization of data	Blind signature and anonymous communication ISO/IEC JTC/SC 27 WG2 and WG5
Processing and sharing	Fairness and lawfulness, the right of access and consent	Data access control	Dashboard of privacy OASIS XACML, ITU-T X.1142.
Storage	Security measures of sensitive data and accountability	Confidentiality	AES NIST Encryption (FIPS 197)
Deletion	Right to delete and openness (Avram, 2014).	Confidentiality	Deletion of anonymisation hash function protocol ISO/IEC JTC1/SC 27 WG2

The Need for Privacy Legislation in the Cloud Computing Environment

The second example which can be stated here is the duty of the confidentiality. The data controller is those who are involved at any stage of the processing having the direct duty to maintain the confidentiality of the data which are personal. The data which are stored in the concept of the cloud should be highly secured for example the process of encryption should be implemented properly into the concept of data so that there is no issue faced relating to the privacy of the data. Nevertheless, it can be stated here that this method could be very much expensive regarding computing power. The main advantage which is related to the concept is directly cancelled out taking into consideration the overhead in the process when the handling of the encryption of data making the process of encrypted data unpractical for most of the use cases. It can be considered as one of the biggest questions about how and if the process of encryption and cloud computing come together in a form which is meaning full. At the end of the contractual relationship between the cloud provider and the data subject, the data is directly subjected to the request from the person who is responsible for the detection of the personal data that might be stated as unnecessary (Botta et al., 2014). There are different techniques which can be implemented such as different methodology and technical measure which can offer a solution for the aspect of requirement refining and avoid of the disclosure of the data.

Despite there being different kinds of concerns relating to the privacy of the cloud computing there is no genuine standard which applies to the concept. To directly foster the aspect of adaptation of the cloud services standard would be required to be set for the assessment and the selection of the solution that would be meeting the level of privacy and security of the data which is stored in the concept of the cloud. Working on the standard can be considered as one of the most important sectors of the investigation. Over the past few years, there has been a different organisation who are involved in bringing up the standard of operation which would be included and would be implementing a standard of working in the sector. This standard can be considered to be very much useful in the aspect of defining the requirement and avoiding of the disclosure of the personal data of the organisation. Taking into consideration a situation which occurred in the year 2006 relating to the breach of the privacy by the AOL owing the anonymisation of the data of thousands of users that had been posted online in the context of processing by researchers. This event resulted in the breach of the data which hamper the normal working of thousands of people. 

Conclusion

Generally speaking, it can be stated here that digital identity can be considered to be fundamental in the concept of cloud computing, particularly with the aspect of recent consequent scale and upsurge on which the architecture is implemented. In most of the cases, the data which are stored in the concept of the cloud is accessed by the service providers. During the deployment of the data, it can be stated that there are no known facts provided by the end of the cloud providers about who is going to access the data. The identity of the person who has the overall control of the data is not known due to the factor that there can be a digital identity issue in the concept of the cloud. There are different concerns relating to the identity aspect which is in charge of the data. Sometimes it can be stated that the identity aspect of the data can be related to the security of the data. If there is an identity issue seen in the data it can directly affect the access point of the data. The data can be hacked in the process, and it can be used for different purpose (Oliveira, Thomas, Espadanal, 2014).

Identity lack can be seen in most of the cases which means that if there are any issue faced within the concept of the data who is directly responsible for it cannot be depicted. Digital identity can be considered one of the biggest problem in the sector of cloud computing due to the factor that it directly reflects the security of the data which is stored in the concept of the cloud. Research is being conducted in the field to minimize the gap which exist in the sector. There are various methods which can be used in order to provide a method which would be protecting the digital identity aspect of the data which are stated below:

• Access should be given to the person who has the direct permission to indulge in the data.
• There should be restricted access to the data.
• Data should frequently be updated so that there is no problem associated with the quality of the data.
• Identification of the problem should be made in an optimal time manner so that they do not impose any problem on the security of the system.
• The customer or the organisation should be able to know who has the overall control of the data which is stored in the concept of the cloud. This majorly means that who has the overall control of the data of the cloud.
• The communication aspect between the customer and the cloud providers should be optimal (Yan et al., 2016). This provides a basic guideline which stated that how and where the data would be saved in the concept of the cloud.
• The security policy of the cloud should be updated which means the enhancement of the security policy should be implemented so that there is no issue faced related to the different sectors of the risk which are involved into the working of the system.

When an organisation save a data in the concept of the cloud the data can be very much important. In most of the cases, the cloud providers provide a detail report of the security policy of the data which would be included in the process. This details may not have enough of the detailing which provide an overview of the security aspects of the data. The cloud providers do not in any context provide the security mechanism which would be included in the working of the data. In the concept of the cloud, the customer or the organisation does not have any idea of the place the data is stored this can be considered as a problem because security aspects would be breached in this context (Oliveira, Thomas, Espadanal, 2014). There are different sectors which should be taken into consideration in the aspect of providing solution issue are the access point of the customer of the organisation, the security of the data which is stored. The access permission of the data onto who can have direct access to the data, how and from where the data can be accessed and the time which is involved in the process which is involved in the retrieval of the data. The main risk factor which can be included in this context is the problem related to ethical assess to the account. The username and the password which are set should be strong enough so that attackers cannot directly get indulged into the concept. The cloud provider should be able to detect the problem at an early stage so that it does not reinforce a problem which is related to the breach of data.

It can be stated here that not all data are meant are suitable to be stored in the concept of the cloud. The assessment of risk and direct analysis can also be required in this context. According to the recent research, it can be stated that there is a requirement of analysis and risk assessment, the stake which is related to sensitive data in the concept of the cloud is very much high even if the encryption of the data is done (Chen, 2015). One of the exceptions which can be stated here is that when a private cloud is being used on premises of the customer. Privacy, security and compliance can be considered as a responsibility which is contractual between the customer and the cloud provider. It can be stated that the cloud provider’s liability is very much limited. It is very much important to take into consideration that ones the data which are sensitive are placed in the cloud, the organisation can no longer have control over the data, and it prevails in the territory of the cloud providers.

There can be a different type of technique and schematics which can be used for the aspect of minimisation of the risk factors which are related to the unauthorised sharing and access. Relating to the risk events which occur in the concept of the cloud, 80% of the data fraud and theft occur due to events which occur internally. Extend of minimisation of the risk factors directly depends on the aspect of the extent of control of the data of the cloud and the deployment of the customer’s data (Mei, Li & Li 2017). There is an increase in the number of cyber criminals which directly shifts the attack of the target of the provider of the cloud since the payload which is related to the sensitive data can be considered very much huge taking into consideration multi organisations. Whenever there is an event of a hacker getting indulged into the parameters of the cloud every data of the organisation can be a fair game to get indulged, and the data can be retrieved quite easily. To get the in-depth security of the data the cloud provider need to take into consideration different security architectures using performing the following activities:

• Data encryption versus disk encryption.
• Vigilant monitoring relating to infrastructure and its employee.
• The system configuration should be done to delete the temporary data file and encryption keys which depends on the ending of the session.
• Management which is done carefully and prompt destruction of the system snapshot which is taken into system administration (these snapshots should also be managed under the policies which are strict and procedures and destroyed at an early stage as their purpose is completed).
• Provisioning the ability to detect the virtual machines rogue.
• Ensuring that the compliance of requirement and privacy of the customer are not directly breached as this may lead to exposure of the sensitive data of the organisation and the customer.
• Conducting regular external and internal assessment of vulnerability and analysis.
• Daily conduct of audit since the network which is being worked upon can be very much dynamic.

There can be different types of consideration which should be taken into consideration while safeguard of the sensitive data of the organisation or the customer is taken into consideration. There are different characteristics of the data which are stored in the concept of the data. One of the most important aspects which can be taken into consideration is that the customer or the organisation’s data and who has control over the data. The organisation before moving to the concept of the cloud have a tendency that the data of the organisation are in safe hands, but it can be stated here that the cloud providers do not give a concise idea of what are the security mechanism which would be included into the process and who would be in access of the data and who would be protecting the data. There should be a constant law which should be implemented by the cloud providers towards the customer so that they have a clear idea about who is in control of the data and who is managing the overall data of the organisation. Moreover, it can be stated that most of the people tend to indulge in the concept of the cloud due to the various factors of advantage which is achieved from the concept. One of the issues which are seen in the sector in this sector is the access point of the data (Sadiku, Musa & Momoh, 2014). The data should be accessible to the customer and the organisation at any point of time despite any discrepancy involved in the process.

Conclusion

The report can be concluded on a note that for the community-based charity the movement to the concept of the cloud can be very much beneficial. There are different aspects of the cloud which the organisation can indulge into and make use of the technology to gain competitive advantage. There are few security aspects which are involved in the concept of the cloud, but it can be stated that the sector of advantage is more in the concept. Before inventing of the technology of cloud the organisation had to spend a lot of time in the concept of securing the data of the organisation. The technology of cloud can be very much beneficial in the way which reduces the pressure and takes the control over. It can be stated here that shortly the concept of the cloud would be more beneficial in the way of enhancing the services which are related to the concept. More and more organisation would be indulging in the concept of the cloud which would be enhancing the services which are being primarily being given by the cloud providers.

References

Ali, M., Khan, S. U., & Vasilakos, A. V. (2015). Security in cloud computing: Opportunities and challenges. Information sciences, 305, 357-383.

Avram, M. G. (2014). Advantages and challenges of adopting cloud computing from an enterprise perspective. Procedia Technology, 12, 529-534.

Botta, A., De Donato, W., Persico, V., & Pescapé, A. (2014, August). On the integration of cloud computing and internet of things. In Future internet of things and cloud (FiCloud), 2014 international conference on (pp. 23-30). IEEE.

Botta, A., De Donato, W., Persico, V., & Pescapé, A. (2016). Integration of cloud computing and internet of things: a survey. Future Generation Computer Systems, 56, 684-700.

Chen, X. (2015). Decentralized computation offloading game for mobile cloud computing. IEEE Transactions on Parallel and Distributed Systems, 26(4), 974-983.

Chen, X., Jiao, L., Li, W., & Fu, X. (2016). Efficient multi-user computation offloading for mobile-edge cloud computing. IEEE/ACM Transactions on Networking, (5), 2795-2808.

Díaz, M., Martín, C., & Rubio, B. (2016). State-of-the-art, challenges, and open issues in the integration of Internet of things and cloud computing. Journal of Network and Computer Applications, 67, 99-117.

Etro, F. (2015). The economics of cloud computing. In Cloud Technology: Concepts, Methodologies, Tools, and Applications (pp. 2135-2148). IGI Global.

Gai, K., Qiu, M., Zhao, H., Tao, L., & Zong, Z. (2016). Dynamic energy-aware cloudlet-based mobile cloud computing model for green computing. Journal of Network and Computer Applications, 59, 46-54.

Gangwar, H., Date, H., & Ramaswamy, R. (2015). Understanding determinants of cloud computing adoption using an integrated TAM-TOE model. Journal of Enterprise Information Management, 28(1), 107-130.

Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The rise of “big data” on cloud computing: Review and open research issues. Information Systems, 47, 98-115.

Li, J., Li, J., Chen, X., Jia, C., & Lou, W. (2015). Identity-based encryption with outsourced revocation in cloud computing. Ieee Transactions on computers, 64(2), 425-437.

Manvi, S. S., & Shyam, G. K. (2014). Resource management for Infrastructure as a Service (IaaS) in cloud computing: A survey. Journal of Network and Computer Applications, 41, 424-440.

Mei, J., Li, K., & Li, K. (2017). Customer-Satisfaction-Aware Optimal Multiserver Configuration for Profit Maximization in Cloud Computing. T-SUSC, 2(1), 17-29.

Oliveira, T., Thomas, M., & Espadanal, M. (2014). Assessing the determinants of cloud computing adoption: An analysis of the manufacturing and services sectors. Information & Management, 51(5), 497-510.

Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation, management, and security. CRC press.

Sadiku, M. N., Musa, S. M., & Momoh, O. D. (2014). Cloud computing: opportunities and challenges. IEEE potentials, 33(1), 34-36.

Sanaei, Z., Abolfazli, S., Gani, A., & Buyya, R. (2014). Heterogeneity in mobile cloud computing: taxonomy and open challenges. IEEE Communications Surveys & Tutorials, 16(1), 369-392.

Soyata, T., Ba, H., Heinzelman, W., Kwon, M., & Shi, J. (2015). Accelerating mobile-cloud computing: A survey. In Cloud Technology: Concepts, Methodologies, Tools, and Applications (pp. 1933-1955). IGI Global.

Wang, B., Zheng, Y., Lou, W., & Hou, Y. T. (2015). DDoS attack protection in the era of cloud computing and software-defined networking. Computer Networks, 81, 308-319.

Wei, L., Zhu, H., Cao, Z., Dong, X., Jia, W., Chen, Y., & Vasilakos, A. V. (2014). Security and privacy for storage and computation in cloud computing. Information Sciences, 258, 371-386.

Xia, Z., Wang, X., Zhang, L., Qin, Z., Sun, X., & Ren, K. (2016). A privacy-preserving and copy-deterrence content-based image retrieval scheme in cloud computing. IEEE Transactions on Information Forensics and Security, 11(11), 2594-2608.

Yan, Q., Yu, F. R., Gong, Q., & Li, J. (2016). Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges. IEEE Communications Surveys & Tutorials, 18(1), 602-622.

Zhan, Z. H., Liu, X. F., Gong, Y. J., Zhang, J., Chung, H. S. H., & Li, Y. (2015). Cloud computing resource scheduling and a survey of its evolutionary approaches. ACM Computing Surveys (CSUR), 47(4), 63.