Privacy Issues and Internal Threats In Cloud Computing For SMEs

University of West

School of Computing and

Technology

Undergraduate Computing

Privacy Issues and Internal

Threats In Cloud Computing For

Small and Medium Business

Final Project Report

Student Name: Adam Student No: 21128785

PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student

no.21128785

FOR SMALL AND MEDIUM BUSINESS

Supervisor: Colin Tutor: ColinMarch 2015

FINAL PROJECT REPORT – MARCH 2015

Supervisor: Colin

Tutor: Colin

Student name Adam

Student Number 21128785

Submitted in support of BSc Computing and Information

Systems

March 2015

3


no.21128785


DECLARATION

“

”.

4


no.21128785


CONTENTSAbstract.......................................................61. Introduction................................................7

2. Literature review...........................................8

2.1. Cloud Networking.........................................9

2.2 Cloud Computing Service Models...........................9

2.2.1 Software as a Service (SaaS)..........................9

2.2.2 Platform as a Service (PaaS).........................10

2.2.3 Infrastructure as a Service (IaaS)...................10

2.3 Cloud deployment models.................................11

2.3.1 Public Cloud.........................................11

2.3.2 Private Cloud........................................11

2.3.3 Community Cloud......................................11

2.3.4 Hybrid Cloud.........................................11

2.4 Impact on SME...........................................11

3. Research Methodology.......................................13

4. Overall Discussion.........................................14

4.1 About Cloud Computing...................................15

4.2 Cloud Computing and SME Business........................15

4.3 Security of Cloud Network...............................16

5


no.21128785


4.4 Factors of Vulnerabilities..............................17

4.5 Maintenance of Security.................................18

5. Recommendations............................................20

6. Conclusion.................................................22

7. Critique and scope of future work..........................23

References....................................................24

Appendices....................................................27

6


no.21128785


ABSTRACTService Provisions have been one of the major enablers of success

in management and business functioning. It has always been given

a great weightage when organizing a particular business function.

With the introduction of computers in businesses during the

latter part of last century, this sphere has witnessed an

exponential growth. Ever since, a parallel field associated with

this function, such as information technology has developed and

there have been major strides in this direction. Computing power

of machines is getting increase in a very high speed. Almost

every 3 years, CPU’s computing power increase twice. However size

of the files keeps increasing also in an amazing rate. In recent

decade the size of file significantly has changed. Cloud

computing services have emerged as a major function with

substantive potential to provide greater opportunities, high

growth and superior competitive edge for small and medium

enterprises (SMEs). A collective feature believed to be true

about cloud computing focusses on the aspects of on-demand

accessibility of vastly obtainable and consistent computing

means; secure and convenient access to measurable services from

across locations, as well as data displacement from within the

organisation to the outside. While most of these aspects have

been categorically realized to a certain extent, cloud computing

7


no.21128785


is still a vast field to explore and deal with the challenges

that come in the way.

This paper aims to provide key insights into the privacy issues

and internal threats that come to hamper SMEs by adopting cloud

computing for their business functions. The results obtained

through detailed study of reasons behind SMEs shift towards

migrating to cloud computing services are both encouraging and

alarming. Undoubtedly, most SMEs have gained immensely by

reducing costs and being technologically at par with larger

organisations. But at the same time, the level of risk associated

with shifting to computing paradigms is undermined by most

companies. The paper identifies the types of risks and privacy

issues, while recommending greater education, awareness and

sensitization on cloud computing. The need for effective

corporate governance, stringent regulatory framework and

empathetic technological adoption by SMEs are stressed upon to

fight the darker side of an otherwise boon-to-business function

of Cloud Computing.

8


no.21128785


1.INTRODUCTIONInformation network is an essential foundation upon which all

businesses – big, medium or small, functions and carry out their

day-to-day operations. Taking this function ahead and making

further development possible, there is an introduction of better

means of transferring, sharing and storing data, which is more

effective and efficient in terms of cost (CIF, 2011). The

function is cloud computing, where cloud refers to the wireless

aspect of information sharing and storage. Although it is a very

new phenomenon, yet it has been very famous among major

businesses and firms which have unending information needs.

Cloud computing or cloud based networking is a means of

information sharing and storage, which includes a network

designed on similar pattern as that of normal network (Mell and

Grance, 2009). Major difference in cloud computing and normal

network is that the later involves a lot of infrastructure from

the organisation itself. This infrastructure is in the form of

computers which are connected through a network, and further

connected to servers and storage units (Pearson, 2012). The

servers are high capacity storage and interface devices, which

have to be maintained at all times.

9


no.21128785


According to (IDC, 2015), December 18, 2014 more than 65 percent of

enterprise IT organizations will commit to hybrid cloud

technologies before 2016, this speed regarding to most of change

in IT business for medium and enterprise business.

Digitization is accelerating the ongoing evolution of business.

Clouds - public, private, and hybrid - enable companies to extend

their existing infrastructure and integrate across systems. New

futures Cloud provides

Much better security camper to traditional that mirrors existing

controls. Through the Soft Layer infrastructure combined with the

new services available, business now have the right tools and

environment to combine all of their data no matter where it

resides to respond to changing market dynamics.

Apart from acquisition and maintenance, there is a dedicated

staff which is required by the firm, to maintain its functioning

and fulfil the needs to vigil. Such high costs are often a hamper

to small and medium business enterprises, who struggle hard to

maintain the security and safety concerns of the server, in which

information is stored. Critical information can be compromised

due to cyber-attack which is generally on the rise these days

10


no.21128785


(Susanto, Almunawar and Kang, 2012). In order to overcome all

these challenges, cloud computing was introduced in the

information technology segment, which has taken business related

communication to an all new level and have come as a boon to

SMEs. Cloud Computing’s major functional benefit is to help in

saving a lot on cost and also promotes efficiency at the same

time. On the flip side, cloud computing in its current form

impersonates an integral challenge. Since data is typically

available in unencrypted form to the outsourced owners, there is

a big question mark on privacy. The qualms about leakage of

sensitive and classified data or compromise with privacy have

been stringent roadblock in cloud computing (Pearson, 2012).

11


no.21128785


2.LITERATURE REVIEWOne of the significant preferences to SME is that of capacity, on

the grounds that the function is extremely multifaceted and is

secured by the administration supplier. Working and exchanging

information through cloud is exceptionally straightforward and is

similar to working the normal framework. Information move in

itself is simple and happens pretty much immediately without

influencing responsiveness (Madhavi, Tamilkodi, and Sudha, 2012).

Avoiding security threat is extremely helpful for the SME

functioning, on the grounds that proficiency is straightforwardly

connected with SME process responsiveness and operation.

Additionally, it is the peculiarity of cloud network, that it

gives inconceivable decision as far as administration and

alternatives (Jamil and Zaki, 2011).

Bayrak (2013) states that SME’s are always on the look-out for

cheaper alternatives that can provide competitiveness edge, and

cloud computing decreases spend on electricity, bandwidth and

hardware (Armbrust et al. 2010), thereby lending substantial help

by ensuring economies of scale. Based on the findings of

literature on similar work, it is observed that many SME’s

install and use various software applications including in-house

email services, CRM, operations and vendor management, ERP, HR

12


no.21128785


and accounting packages and more (Ismail, Jeffrey and Belle,

2011). A study by Sahandi et al. (2013) reaffirmed this fact

wherein over 51% respondents in the UK agreed to having working

knowledge of cloud computing.

There is no arrangement thusly as far as sort of records which

can be put away or kind of data which can be gotten to. There is

no such limitation on the sort of data which is utilized and got

to, and the administration supplier does not practice any control

over data. Privacy is one aspect of information function in an

association, and this secrecy is not ruptured at any level. Truth

be told one of the premise of cloud networking is the offering of

secrecy by the administration supplier which guarantee data is

not traded off anytime (Patidar, Gupta, et al 2012).

There are not very many security or related attentiveness toward

a SME who choses cloud computing alternative. It is not the last

level, as there is still awesome measure of improvement occurring

in this heading and the administration suppliers have their own

specialists and engineers, who are utilized to complete further

research (Rani, and Gangal, 2012). New and better ways are in

effect frequently acquainted and proposed with further practice

and improve the capacities of cloud network (Neela and Saravanan,

2013). These incorporate the amalgamation of more current

methods, which give more alternatives and control data in a

13


no.21128785


superior manner. Effectiveness and exactness is one function

which needs to be kept up by the engineers and cross breed

methods of putting away data are extremely helpful for the SME.

These methods have given the tremendously required responsiveness

in the function (Subashini and Kavitha, 2011).

2.1. CLOUD NETWORKING

Businesses are no more required to acquire their own

infrastructure, apart from saving maintenance and staff related

costs (Neela and Saravanan, 2013). Maintaining a server in an

orthodox information framework is very intricate function because

it involves high expertise by staff (Rani, and Gangal, 2012).

Tackling the security threats is one aspect of it. In cloud

network, a third party is involved in provision of the service

and this undertakes most of the infrastructure needs, which saves

the SMEs from a lot of hassle while storing information. Cloud

network has major needs, which are maintained by the service

provider and this facility is away from the organisation setup

(Essandoh and Boateng, 2013). Moreover, the service provider has

dedicated facility, which also includes a completely dedicated

14


no.21128785


team of specialized and dedicated personnel, who undertake the

whole plan and function (Subashini and Kavitha, 2011). The

service provider acquires and maintains high capacity

infrastructure and storage units, which undertake the information

transfer channel. Cloud is linked to SME premises through

internet network and several access points are created within a

company’s premises. Personnel involved at each node are given

access codes and this is the reason every aspect of information

is transferred through one node to another, simply by accessing

cloud network which is situated outside the facility (Madhavi,

Tamilkodi, and Sudha, 2012). Information transfer among various

departments happens on similar pattern and information is shared

regarding SME functions. Cloud is a service and it is a business

term rather than technical term. It separates the concern between

the user and provider. The cloud is very powerful as it uses

virtualization and has a giant resource pool. Using cloud can

reduce the cost on IT management.

15


no.21128785


Cloud is powerful IT resource pool (public cloud), or management

tool (private cloud). Its elastic property allows application

resizing itself to any scale. The almost important benefit of

using cloud is paying and using the IT resource as you go. How

much has you used, how much you should pay. These features of

cloud enable small company or organization like school running

large scale application or experiment with a reasonable cost.

Even though the cloud provide users with elastic resource, not

all application can directly run on the cloud, it re-development

of application and put it into cloud layer (e.g. Azure), or

distribute the workload on its own (e.g. AWS). In order to fully

shows up the performance of cloud. Second approach requires some

powerful framework on top of all virtual machines and fully used

up all resource form each virtual machine. Cloud computing

technologies and applications running on a physical machine

cannot run faster than the host in most case (Exception found in

testing procedure, and discuss in the part of KVM). To make

instance more powerful than it, the only way it using distributed

system or similar framework like Hadoop. We will introducing the

16


no.21128785


computation power of virtual machine later and also introduce

Hadoop which is important part of our project.

2.2 CLOUD DEPLOYMENT MODELS

There are various ways of deploying cloud on any business

function. The four basic deployment models are discussed herein.

2.2.1 Public Cloud

All information is hosted through clouds of businesses and

organisations and is freely available for all internet users

(Furht, 2010). Cost efficiency, tractability, and pliability are

all advantages of public clouds, while ease to access resulting

in security breach and malicious attacks are common limitations

(Susanto, Almunawar and Kang, 2012).Public cloud usually charge

user per user hour with a reasonable price. Apart from the

resource allocated can be adjust, platforms the instance running

can be difference also like Windows, Linux. Actually, cloud is an

IT resource hiring service; there are many usage of the cloud.

The aim target of using cloud is reducing the cost. General

public cloud allows user pay as you go and gets the only service

17


no.21128785


they wanted. Using public cloud can reduce or eliminate the cost

of manage an IT system. Since company must put many resource on

maintenances other than buying the facilities. Cloud providers

usually provide many manage tool and some of them are free. These

tools can manage the resource using according from usage and

adjust number of instance automatically. Also some detailed

report will be sent to user and alert the any issue their

instances encountered

2.2.2 Private Cloud

Private clouds or internal clouds mostly work on intranet, and

caters to the employees and stakeholders of a large organisation

having multiple business entities (Mell and Grance, 2011). These

are mostly managed by an in-house IT team or external providers

and do not have restrictions on bandwidth or high security

constraints. The privacy or internal threat is hardly an issue.

Private cloud gives users surprise with its easiness of managing

resource and better use of resource. Private cloud users can send

request similar to the public cloud users. Apart from that, they

18


no.21128785


can almost get what they want immediately. All these actions are

handled by cloud system and administrators need not to set up any

new machines. Private cloud usually provides different types of

the user interfaces to the cloud user similar to the public

cloud. For the administrators, there is another interface to

manage the whole system. A single machine play different role,

Cloud server generally provides the instance in form of virtual

machine. Since require a very powerful machine. Cloud server can

run many small instances on a machine and greatly reduce the cost

on buying server. Apart from reduce the number of machines, the

IT resource of instance can be dynamically adjust or move to

another machines even public cloud.

2.2.3 Community Cloud

A cloud shared by multiple organisations or communities having

common interest and needs form a community cloud. It can be

hosted either externally or internally in one of the stake-

holding organisations, and share a common infrastructure (Mell

and Grance, 2011). Hospitals, educational institutes and

government agencies are most relevant examples.

19


no.21128785


2.2.4 Hybrid Cloud

Two or more clouds come together to form a hybrid cloud version,

where data and applications can be mutually shared. A hybrid

cloud has the capacity to underrate the limitations of individual

clouds deployment techniques (Zhang, Cheng and Boutaba, 2010). A

relevant example is of an organisation that wishes to keep

confidential data for access to board members only, whilst the

rest of the information is publicly available.

2.3 CLOUD COMPUTING SERVICE MODELS

As discussed above, just like an organization’s cloud

computational environment shapes up the scope and controlling

aspects, the service models braced through cloud, also effect a

small and medium business enterprises in similar ways. The main

three service models (Leavitt, 2009; Vaquero et al. 2011)

associated with cloud computing is represented in figure2.2 and

discussed herein.

2.3.1 Software as a Service (SaaS)

Delivery of applications and software are done on-demand by means

of internet or private networks. A subscription fee is charged

for premium software while other are provided for free (Bhat et

al. 2010). SaaS is thereby an effective way to minimize

20


no.21128785


maintenance and upgrading costs for the subscribers (Chen and

Wang, 2010). Most common examples are Google apps, Facebook,

Twitter, and Skype.

2.3.2 Platform as a Service (PaaS)

Software development tools through which cloud applications and

services can be built and run is done using PaaS (Vaquero et al.

2011). The resources are handled through API, and enables user to

develop, test, install and host complex, yet personalized

applications. Common examples include IBM Bluemix, Google App

Engine, and Microsoft Azure.

21


no.21128785


FIGURE 2.1: CLOUD SERVICE MODEL

2.3.3 Infrastructure as a Service (IaaS)

High performance virtual machines, operating systems,

infrastructural resources and abstracted hardware are all by

virtue of IaaS (Mell and Grance, 2011). While the infrastructure

and ownership rights belong to the service provider, the

organisations can gain control by either buying out the services

or renting them. Common examples are IBM Cloud, SAP HANA, Amazon

Web Services, Eucalyptus, and Flexi Scale.

22


no.21128785


23


no.21128785


2.4 IMPACT ON SME

One of the major advantages to business is: storage, since this

function is very intricate and covered by the service provider.

Operating and transferring information through cloud is very

simple and is like operating the regular system. Information

transfer in itself is very easy and happens almost

instantaneously without affecting responsiveness. Networking is

very beneficial for the SME functioning, because efficiency is

directly associated with SME process responsiveness and

operation. Also, it is the feature of cloud network, that it

provides vast choice in terms of service and options. There is no

classification as such in terms of type of files which can be

stored or type of data which can be accessed (Rani, and Gangal,

2012). There is no such restriction on the type of data which is

used and accessed, and the service provider does not exercise any

control over data. Confidentiality is one aspect of information

function in an organisation, and this confidentiality is not

breached at any level (Patidar et al. 2012). In fact one of the

basis of cloud networking is the offering of confidentiality by

the service provider which ensure data is not compromised at any

point (Neela and Saravanan, 2013). There are very few security or

related concerns for a SME who choses cloud computing option. In

is not the final level, as there is still great amount of

24


no.21128785


development taking place in this direction and the service

providers have their own experts and developers, who are employed

to carry out further research (Jamil and Zaki, 2011). New and

better ways are being regularly introduced and proposed to

further specialize and enhance the abilities of cloud network

(Subashini and Kavitha, 2011). These include the amalgamation of

newer techniques, which provide more options and control data in

a better way (Madhavi, Tamilkodi, and Sudha, 2012). Efficiency

and accuracy is one function which needs to be maintained by the

developers and hybrid techniques of storing data are very

beneficial for the SME. These techniques have provided the much

needed responsiveness in this function.

25


no.21128785


3.RESEARCH METHODOLOGYThis is a very intricate as well as interesting topic, and

research in this direction has to be focused. Cloud computing is

one topic, which involves lot of features which need to be

highlighted and brought forward. Several previous studies have

pointed out facts, which have formed the basis for further

development of the function (Subashini and Kavitha, 2011).

3.1 DATA COLLECTION METHODS

McNiff (2011) asserts that countless types and styles of data is

usually available on any given topic, yet, the aim is to use a

data collection method that is most appropriate in context of the

subject chosen for research study. Credibility and variety can be

added to the research only when multiple sources of are used for

data collection (Patton, 2001; Yin, 2003). Hence, the researcher

has employed various data collection methods in order to provide

credibility and consistency in the flow of thoughts, apart from

presenting different views up for discussion. A lot of past

research works; published journals and corporate examples,

restricted to past five years of study have been incorporated in

presenting this paper.

26


no.21128785


3.2 META-ANALYSIS METHOD

In order to understand all aspects of the proposed hypothesis,

meta-analysis method of research has been chosen (Madhavi,

Tamilkodi, and Sudha, 2012). Comparison is done in order to

conduct detailed and argumentative study, which focuses on

several key elements. Previous studies have formed the basis for

this topic and a lot of suggestions have been studied from them

(Jamil and Zaki, 2011). Security is an extremely perplexing and

in addition fascinating theme, and research in this bearing must

be centered. Cloud computing is one point, which includes lot of

gimmicks which need to be highlighted and presented. A few past

studies have called attention to truths, which have shaped the

premise for further improvement of the function (Rani, and

Gangal, 2012). The system for research has been picked so as to

see all aspects of the proposed theory. Analysis is carried out

to direct itemized and factious study, which concentrates on a

few key components. Past studies have structured the premise for

this point and a lot of proposals have been considered from them

(Patidar, Gupta, et al 2012).

27


no.21128785


4.OVERALL DISCUSSIONBusiness related investigation have developed complex in limit

and most recent log procedures are being presented. Security

threat is making the investigation a complicated function, which

is gone for gathering and social affair information with respect

to SME and keeping up the database. These examination works in

course of all fields and aspects which are associated with the

part in which SME predominates (Subashini and Kavitha, 2011).

Likewise, it meets expectations in related and complimentary

parts and every last component which influences the working of

SME is investigated (Neela and Saravanan, 2013). Cloud

vulnerability is making security a significant concern, on the

grounds that there is an extraordinary animosity among SME firms

to gain more data to be put away. To assemble this profitable

information, certain out of line practices are likewise taken

after, which is an awesome risk to the entire SME function (Jamil

and Zaki, 2011).

In the modern perspective, every single association whether vast

or small, includes the standards of information innovation (Neela

and Saravanan, 2013). One of the basic parts of a current SME is

that of information, on the grounds that it is the most well-

known functions in a SME. Taking this function ahead and making

28


no.21128785


further advancement conceivable, there is a presentation of

better method for exchanging, offering and putting away data,

which is more viable and productive as far as expense (Rani, and

Gangal, 2012). This function is that of cloud computing, in which

cloud alludes to the remote aspect of information imparting and

stockpiling. Despite the fact that it is another marvel, yet at

the same time it is exceptionally renowned among significant

organisations and firms which have real information needs.

Real contrast in cloud computing and typical network is that

ordinary network includes a lot of framework from the association

itself (Patidar, Gupta, et al 2012). This framework is as PCs

which are joined through a network, and further associated with

servers and capacity units (Jamil and Zaki, 2011). These servers

are high limit stockpiling and interface gadgets, which must be

kept up at all times. Aside from procurement and upkeep, there is

a devoted staff which is needed by the firm, to keep up its

functioning and satisfy the needs to vigil. Security is included

expense, aside from the security and wellbeing concern of the

server, in which information is put away (Madhavi, Tamilkodi, and

Sudha, 2012).

Threat to information can be traded off whenever and this can

happen due to a cyber-assault, which are by and large on the

ascent nowadays. So as to conquer all these difficulties, cloud

29


no.21128785


computing was presented in the information innovation section,

which has taken SME related correspondence to an all new level.

In this function, the major functional profit to SME is that this

aide in sparing a lot on expense furthermore advances

productivity in the meantime (Subashini and Kavitha, 2011).

4.1 ABOUT CLOUD COMPUTING

Security is one of the prime concerns in an organisation which

deals with information on an allied platform. In this era of

multiple expansions in SME, there is great commercialization and

advancement in every segment. Orthodox businesses are being ruled

out and new and latest techniques are being introduced to replace

these functions (Rani, and Gangal, 2012). This practice has given

rise to great changes and has made the SME process and

functioning all the more challenging. Competition has forms the

basis for every SME and this is growing with each passing day

(Patidar, Gupta, et al 2012). Earlier, where financial worth was

considered as the benchmark for ascertaining actual standing of

an organisation, now these graphs have shifted. An organisation

is now acknowledged and understood from the type and amount of

data which is involved in it. Information is the basis of every

SME in today’s world and the more information a company

possesses, the more effective it is considered in terms of

capabilities (Madhavi, Tamilkodi, and Sudha, 2012).

30


no.21128785


4.2 CLOUD COMPUTING AND SME BUSINESS

SMEs as we know are small set ups with meagre budgets, always

looking for cheaper alternatives and cost effective measures

(Saini, Khanna and Kumar, 2012). There have been numerous

instances, especially in the developing economies, where SME’s

have not been able to take adequate advantage of cloud computing

technology and hence remained competitively unviable (Addo, 2015;

Tan, 2010). Nevertheless, databases and information portals are

still given maximum weightage while analysing the capabilities of

an SME function. Business related analytics have grown manifold

in capacity and latest log techniques are being introduced. This

is making the analytics an intricate function, which is aimed at

collecting and gathering information regarding SME and

maintaining the database. These analytics work in direction of

all fields and aspects which are connected to the sector in which

SME prevails (Patidar, Gupta, et al 2012). Also, it works in

related and complimentary sectors and each and every factor which

affects the working of SME is scrutinized.

All such factors contribute to make security a major concern,

because there is a great aggression among SME firms to acquire

more and more data to be stored (Jamil and Zaki, 2011). To gather

this valuable information, certain unfair practices are also

followed, which is a great threat to the whole SME function. One

of the most common forms of unfair trade practice is related to

31


no.21128785


the cybercrime function, which includes number of activities such

as hacking, phishing, data theft and spyware (Subashini and

Kavitha, 2011). On a highly commercial level, many major

corporations have even deployed specialized hackers and IT

professionals, in order to gain access to servers of rival

companies (Rani, and Gangal, 2012). Threat to information is a

major cause of concern for each and every organisation and

companies are spending huge costs in order to curtail these

cybercrimes.

4.3 SECURITY OF CLOUD NETWORK

Although there is a proper framework which is deployed by the

firms to secure their information, still these firms are

vulnerable at hands of cyber criminals. Cloud based computing and

networking is no different in this regard, and similar threats

prevail for service providers of cloud computing. It is a great

point in concern, where hackers and anti-social elements can

focus their concern towards such companies which provide cloud

solutions (Rani, and Gangal, 2012). Information security is of

prime concern for these service providers and they have to ensure

this security to the secured data in order to safeguard the

interests of their clients. One of the basic conditions on which

the contract between cloud providers and SME clients is based, is

that of security (Neela and Saravanan, 2013).

32


no.21128785


Business firms rely on service providers with their invaluable

and highly confidential data and other SME related elements. If

there is a threat which prevails with this stored data, then the

whole function is considered a failure (Jamil and Zaki, 2011).

For understanding the whole concept of security, it is very

important to understand the reasons of security failure. In every

organisation there are certain loopholes in the overall

information and cloud framework, which makes it vulnerable to

attacks. Security can be compromised at many levels and in many

forms, which can threaten the whole cloud system (Subashini and

Kavitha, 2011).

To ensure security to the whole system and servers in which

information is stored, there is a need to ensure overall and

effective control. One of the basic elements of an information

system and cloud framework is the design of the system. When a

system is design in accordance with the requirements of security

protocols and includes all crucial elements, it is considered

effective. So it is to be kept in mind by the organisation and

development team to propose and maintain an effective information

system, and understand the elements of security. All aspects, of

hardware, software and networking have to be aligned in such a

way that it ensures installation of sophisticated security

techniques (Patidar, Gupta, et al 2012). Software function

contains a crucial function of firewall, which has to work in

33


no.21128785


conjunction with cloud network and hardware to control access.

This has to be chosen on basis of security level and latest

versions are to be chosen for each firewall. Furthermore there

is a need for stricter protocol and effective control of the

personnel function.

4.4 FACTORS OF VULNERABILITIES

As it is understood that each and every firm employs some

personnel across the network, in order to keep the function

going. Security is maintained with training and the whole

function is made available to these personnel, who can operate

various nodes of a network. However, in most cases vulnerability

is associated with this element, as security can be compromised

at various levels across the facility through human factor. Human

factor has to be strengthened through extensive training and

security deployment at all nodes and providing stricter access

codes (Neela and Saravanan, 2013).

A code of regulation has to be implemented and followed

thoroughly which can work in conjunction with biometric

authentication systems (Rani, and Gangal, 2012). Also, the

service provider has to ensure security at the premise of SME

firm, which can be done by sharing knowledge and experience in

this regard. All personnel having access to the cloud network

have to maintain high level of confidentiality while accessing

34


no.21128785


information, because this can be vulnerable. If hackers get

access to these codes, they can easily send virus and other

spyware to the main servers of cloud network (Subashini and

Kavitha, 2011). Reporting is another very important function of a

cloud network’s security and this has to be followed accordingly

(Patidar, Gupta, et al 2012).

There are many functions and incidents which have to be included

in the reporting function and this has to be timely at regular

intervals. Data packets which are transferred through these

channels have to be passed through high security firewalls and

validated for accuracy, as any discrepancy in coding can lead to

bugs. Bug reporting has to be a part of the overall reporting

function, and a special dedicated team has to be focused in this

direction in order to overcome the vulnerability (Jamil and Zaki,

2011).

Another major factor in this direction is the calibration

function, which involves each and every aspect, whether hardware,

network or software, which have to be knitted together. Viruses

are one the most lethal and most severe vulnerabilities which

threaten the cloud network and overall security framework (Rani,

and Gangal, 2012). The sphere which is proposed to check for

virus and bugs also includes checking the transferred data from

the SME firm’s end. No data packet can be left out from this

35


no.21128785


check and this has to be validated through effective anti-virus

software. After installation, the regular up gradation is also

very important in order to safeguard data, because when software

is not updated, it leaves the whole system vulnerable.

This is a very intricate function and involves extensive

knowledge and expertise to be made effective and validated. Cloud

computing corporations are now spending loads of time and

resources in this direction in order to maintain high level

security. Security requires highly skilled team of experts and

technical knowhow, which can ensure safety of data and stored

content (Patidar, Gupta, et al 2012). Avoiding threats is making

cloud computing possible and one of the most important functions

in a SME corporation. There are certain benefits associated with

this function; however security of these networks has to be

maintained at highest level (Subashini and Kavitha, 2011).

4.5 MAINTENANCE OF SECURITY

Cloud computing organisations are currently investing heaps of

time and assets in bearing with a specific end goal to keep up

abnormal state security. Security function obliges very gifted

group of specialists and specialized skill, which can guarantee

wellbeing of data and put away substance. Threat to information

is making cloud computing conceivable and a standout amongst the

most imperative functions in a SME organisation. There are sure

36


no.21128785


profits connected with this function; however security of these

networks must be kept up at largest amount (Kamara and Lauter,

2010). Programming function contains an urgent function of

firewall, which needs to work in conjunction with cloud network

and equipment to control access. Besides, there is a requirement

for stricter convention and powerful control of the faculty

function. As it is comprehended that every last firm utilizes

some staff over the network, to keep the function going. Security

is finished with preparing and the entire function is made

accessible to this work force, who can work different hubs of a

network (Patidar, Gupta, et al 2012).

Cloud based computing and networking is the same in this respect,

and comparable dangers win for administration suppliers of cloud

computing. It is an extraordinary point in concern, where hackers

and against social components can center their worry towards such

organisations which give cloud arrangements. Information security

is of prime sympathy toward these administration suppliers and

they need to guarantee this security to the secured data to

defend the diversions of their customers (Jamil and Zaki, 2011).

Albeit there is a legitimate structure which is sent by the

organisations to secure their information, still these

organisations are helpless at hands of cyber hoodlums. One of the

fundamental conditions on which the agreement between cloud

37


no.21128785


suppliers and SME customers is based, is that of security (Neela

and Saravanan, 2013).

Business firms depend on administration suppliers with their

significant and very private data and different SME related

components. In the event that there is a danger which

predominates with this put away data, then the entire function is

viewed as a disappointment. For comprehension the entire idea of

security, it is critical to comprehend the reasons of security

disappointment (Pearson, 2012). In every association there are

sure escape clauses in the general information and cloud system,

which makes it defenceless against attacks. Security can be

bargained at numerous levels and in numerous structures, which

can undermine the entire cloud framework. To guarantee security

to the entire framework and servers in which information is put

away, there is a need to guarantee general and viable control

(Patidar, Gupta, et al 2012). One of the essential components of

an information framework and cloud structure is the configuration

of the framework. At the point when a framework is plan as per

the prerequisites of security conventions and incorporates all

vital components, it is viewed as powerful. So it is to be

remembered by the association and improvement group to propose

and keep up a successful information framework, and comprehend

the components of security (Subashini and Kavitha, 2011).

38


no.21128785


5.RECOMMENDATIONSAll important aspects need to be listed out to check privacy

invasion and internal threat as posed by cloud computing. All

aspects, of equipment, programming and networking must be

adjusted in such a route, to the point that it guarantees

establishment of advanced security systems. On the other hand,

much of the time defencelessness is connected with such

component, as security can be traded off at different levels over

the office through human variable. Human variable must be

fortified through far reaching preparing and security arrangement

at all hubs and giving stricter access codes (Rani, and Gangal,

2012). Security protocol must be actualized and took after

altogether which can work in conjunction with biometric

validation frameworks. Likewise, the administration supplier

needs to guarantee security at the reason of SME firm, which

could be possible by imparting information and involvement in

this respect (Patidar, Gupta, et al 2012).

All faculties having admittance to the cloud network need to keep

up abnormal state of privacy while getting to information, on the

grounds that this can be defenceless. In the event that hackers

get access to these codes, they can undoubtedly send virus and

other spyware to the primary servers of cloud network (Subashini

and Kavitha, 2011). Reporting is an alternate vital function of a

39


no.21128785


cloud network's security and this must be taken after as needs be

(Madhavi, Tamilkodi, and Sudha, 2012). There are numerous

functions and episodes which must be incorporated in the

reporting function and this must be convenient at standard

interims (Jamil and Zaki, 2011).

Data packets which are exchanged through these channels must be

gone through high security firewalls and accepted for exactness,

as any inconsistency in coding can prompt bugs. Bug reporting

must be a piece of the general reporting function, and a unique

committed group must be concentrated in this bearing with a

specific end goal to conquer the helplessness. An alternate main

consideration in this heading is the alignment function, which

includes every last aspect, whether equipment, network or

programming, which must be sewn together.

Viruses are one the most deadly and most extreme vulnerabilities

which undermine the cloud network and general security structure

(Neela and Saravanan, 2013). The circle which is proposed to

check for virus and bugs additionally incorporates checking the

exchanged data from the SME association's end. No data parcel can

be forgotten from this check and this must be accepted through

powerful hostile to virus programming. After establishment, the

consistent up degree is likewise imperative so as to defend data,

in light of the fact that when programming is not upgraded, it

40


no.21128785


leaves the entire framework powerless. This is an exceptionally

mind boggling function and includes broad learning and ability to

be made powerful and approved (Madhavi, Tamilkodi, and Sudha,

2012).

Service providers should specifically take responsibility that

data is neither shared with third party vendors, nor lost during

transition. It is also important the service providers work in

direction of enhancing capacity and reducing costs, so as to

support and encourage the SME industry world over. Adequate

changes in legislation and regulations by concerned governments

can go a long way in tightening up the screws on cloud providers.

41


no.21128785


6.CONCLUSIONThrough this paper we discussed the definition, deployment and

development of cloud computing and how SMEs have immensely

benefitted through a cost-effective medium. The focus on internal

threat and security or privacy issues helped in gaining insight

into the fact that cloud providers are responsible for adequately

addressing such issues. A standout amongst the most widely

recognized manifestations of unreasonable exchange practice is

identified with the cybercrime function, which incorporates

number of exercises, for example, hacking, phishing, data robbery

and spyware. On an exceedingly SME level, numerous real

enterprises have even sent specific hackers and IT experts, so as

to get access to servers of opponent organisations.

As the dependence on cloud services has increased with greater

level of acceptance, the issues pertaining to privacy, security,

trust, data transfer capacity and lock-in demand much more

vigilance. Foremost is obviously inking smart user agreements

with the service providers. Such trust agreements will go a long

way in covering additional futuristic elements and cover sanctity

of critical communication. While most privacy legislation seem

irrelevant due to their outdated approach, it is important review

42


no.21128785


is done on basis on post-cloud scenario and industrial

challenges.

Information threat is a real reason for sympathy toward every

single association and organisations are spending enormous

expenses so as to reduce these cybercrimes. Current trends of

Cloud computing towards in a better flexibility, fusibility and

also greater security. The current level of knowledge about cloud

computing is acting as an hindrance to internal security, and

hence in order to gain complete benefit of cloud computing, it is

imperative all organisations start knowledge enhancement programs

and reap desired benefits.

43


no.21128785


1.CRITIQUE AND SCOPE OF FUTURE WORKIt is said that a man is the best critic of his own work. For

someone who clearly knows his/her shortcomings has the reason and

scope for further improvement, and enhancing one’s own knowledge

in the process. While setting out on writing this paper, the idea

was to grasp to understand the concept in details and find

loopholes with respect to security and privacy issues pertaining

to cloud computing use in SMEs. During the course of study,

numerous research papers and journals were referred, which

actually led to abundance of information. Something which was not

achieved during the course of this study imperatively becomes the

scope of future work. A detailed research in form of

questionnaire and personal interviews with people involved in

development, deployment and use of cloud computing is a desirable

task to undertake. This will certainly enable to fill in the gaps

that this paper has left.

For SME’s based in developing economies, the research has

considerable proof of limited awareness, inconsistent usage and

lack of knowledge about cloud computing. When basic concepts are

unclear, the loss arising out of breach of security and privacy

invasion becomes manifold, but is not noticeable by the employees

or management. Any study will become insignificant unless policy

44


no.21128785


makers, cloud service providers and other stakeholders take the

onus upon themselves to create an informed and educated working

class in SMEs. Trial packages of cloud computing services can be

an exciting initiative in this regard, where service providers

like Google, Microsoft and others provide a 30-day free trial of

their applications and services.

45


no.21128785


REFERENCES

Addo, A. (2015) “The Adoption, Usage and Functions of the

Internet and E-Commerce among SMEs in Ghana,” International

Journal of Business and Management Tomorrow , vol. 2, no.

9, pp. 1–10,

Bhat, M. A., Ahmad, B., Shah, R.M. and Bhat, R.I. (2010) “Cloud

Computing: A Solution to Information Support Systems

(ISS),” International Journal of Computer Applications,

vol. 11, no. 5, pp. 5-9, 2010.

IDC (2014) IDC Reveals Cloud Prediction for 2015 Available from

http://www.idc.com/getdoc.jsp?containerId=prUS25350114

[Accessed 28/02/2015]

Ismail, R., Jeffery, R., Belle, J.V. (2011) “Using ICT as a value

adding tool in south african SMEs,” Journal of African

Research in Business & Technology, vol. 2011, pp. 1-11

46

http://www.idc.com/getdoc.jsp?containerId=prUS25350114


no.21128785


Chen, S., Wang, C. (2010) Accountability as a Service for the

Cloud: From Concept to Implementation with BPEL. Proc. 6th

IEEE World Congress on Services, IEEE, 91-98.

Cloud Industry Forum. (2011) Cloud UK: Adoption and Trends 2011.

Essandoh, K.A., and Boateng, E.O.Y. (2013) Cloud Computing: The

Level of Awareness amongst Small & Medium-sized Enterprises

(SMEs) in Developing Economies. Journal of Emerging Trends

in Computing and Information Sciences.

Furht, B. (2010) “Cloud Computing Fundamentals,” in Handbook of

Cloud Computing, New York, Springer, pp. 3–19.

Jamil, D., and Zaki, H. (2011). Security issues in cloud

computing and countermeasures. International Journal of

Engineering Science and Technology (IJEST), 3(4), pp. 2672-

2676.

Kamara, S., Lauter, K. (2010) Cryptographic Cloud Storage. In:

Financial Cloud and Data Security, LNCS, 6054:136-149.

Springer

47


no.21128785


Leavitt, N. (2009). Is Cloud Computing Really Ready for Prime

Time?, IEEE Computer

McNiff, J. (2011). Action research for professional development.

Mell, P. and Grance, T. (2009) A NIST definition of cloud

computing. National Institute of Standards and Technology.

NIST SP 800-145.

Neela, T. J., and Saravanan, N. (2013). Privacy Preserving

Approaches in Cloud: a Survey. Indian Journal of Science

and Technology, Vol. 6(5), pp. 4531-4535.

Patidar, K., Gupta, M. R., Singh, G., Jain, M. M., and

Shrivastava, M. P. (2012) Integrating the Trusted Computing

Platform into the Security of Cloud Computing System.

International Journal of Advanced Research in Computer

Science and Software Engineering, Vol. 2(2), pp. 1-5.

Patton, M. (2001) Qualitative Evaluation and Research Methods,

3rd ed. Thousand Oaks, CA: Sage Publications, Inc.

48


no.21128785


Pearson, S. (2012) Privacy, Security and Trust in Cloud

Computing. HP Laboratories HPL-2012-80R1.

Rani, S., and Gangal, A. (2012). Security issues of banking

adopting the application of cloud computing. International

Journal of Information Technology, Vol. 5(2), pp. 243-246.

Rani, A. M. G., and Marimuthu, A. (2012). A Study on Cloud

Security Issues and challenges. International Journal of

Computer Technology and Applications, Vol. 3(1), pp. 344-

347.

Sahandi, R., Alkhalil, A., Martins, J.O. (2013) “Cloud Computing

from SMEs Perspective: A Survey-Based Investigation,”

Journal of Information Technology Management, vol. XXIV,

no. 1, pp. 1–12

Saini, I., Khanna, A. and Kumar, V. (2012) “ERP Systems: Problems

and Solution with Special Reference to Small & Medium

Enterprises,” International Journal of Research in IT &

Management , vol. 2, no. 2, pp. 715–725.

49


no.21128785


Subashini, S., and Kavitha, V. (2011) A survey on security issues

in service delivery models of cloud computing. Journal of

Network and Computer Applications, Vol. 34(1), pp. 1-11.

Susanto, H., Almunawar, M.N. and Kang, C.C. (2012) “A Review of

Cloud Computing Evolution Individual and Business

Perspective,” Social Science Research Network and

University of Brunei

Tan, T.C. (2010) “A perception-based model for technological

innovation in small and medium enterprises,” in Proceedings

of the 18th European Conference on Information Systems,

Pretoria, South Africa.

Vaquero, L., Rodero-Merino L., Caceres, J. and Lindner, M.

(2011) Locking the sky: a survey on IaaS cloud security.

Computing, 91:93–118.

Yin, R.K. (2003) Case study research method, 3rd ed. Thousand

Oaks, CA: Sage, 2003.

50


no.21128785


Zhang, Q., Cheng L. and Boutaba, R. (2010) “Cloud computing:

state-of-the-art and research challenges,” Journal of

Internet Services and Applications, vol. 1, pp. 7–18

51


no.21128785


APPENDICES

[1] The cloud computing architecture as proposed by NIST is

illustrated below.

Figure 1: Cloud Computing Models

[2] According to findings published in Journal of Emerging

Trends in Computing and Information Sciences, a paper authored

by Ezer Osei Yeboah-Boateng and Kofi Asare Essandoh (2013)

provides an insight on percentage usage for cloud service

52


no.21128785


models, deployment models and the popular applications in use.

The figures below illustrate the same.

Figure 2: Cloud services models

53


no.21128785


Figure 3: Cloud deployment models

54


no.21128785


Figure 4: Popular cloud services and applications in use

[3] Barriers to cloud computing as per a McKinsey Global Survey

are given in the table below:

55


no.21128785


Figure 5: Barriers to cloud computing.

56

Privacy Issues and Internal Threats In Cloud Computing For SMEs

Documents

Transcript of Privacy Issues and Internal Threats In Cloud Computing For SMEs