University of West
School of Computing and
Technology
Undergraduate Computing
Privacy Issues and Internal
Threats In Cloud Computing For
Small and Medium Business
Final Project Report
Student Name: Adam Student No: 21128785
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
Supervisor: Colin Tutor: ColinMarch 2015
FINAL PROJECT REPORT – MARCH 2015
Supervisor: Colin
Tutor: Colin
Student name Adam
Student Number 21128785
Submitted in support of BSc Computing and Information
Systems
March 2015
3
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
DECLARATION
“
”.
4
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
CONTENTSAbstract.......................................................61. Introduction................................................7
2. Literature review...........................................8
2.1. Cloud Networking.........................................9
2.2 Cloud Computing Service Models...........................9
2.2.1 Software as a Service (SaaS)..........................9
2.2.2 Platform as a Service (PaaS).........................10
2.2.3 Infrastructure as a Service (IaaS)...................10
2.3 Cloud deployment models.................................11
2.3.1 Public Cloud.........................................11
2.3.2 Private Cloud........................................11
2.3.3 Community Cloud......................................11
2.3.4 Hybrid Cloud.........................................11
2.4 Impact on SME...........................................11
3. Research Methodology.......................................13
4. Overall Discussion.........................................14
4.1 About Cloud Computing...................................15
4.2 Cloud Computing and SME Business........................15
4.3 Security of Cloud Network...............................16
5
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
4.4 Factors of Vulnerabilities..............................17
4.5 Maintenance of Security.................................18
5. Recommendations............................................20
6. Conclusion.................................................22
7. Critique and scope of future work..........................23
References....................................................24
Appendices....................................................27
6
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
ABSTRACTService Provisions have been one of the major enablers of success
in management and business functioning. It has always been given
a great weightage when organizing a particular business function.
With the introduction of computers in businesses during the
latter part of last century, this sphere has witnessed an
exponential growth. Ever since, a parallel field associated with
this function, such as information technology has developed and
there have been major strides in this direction. Computing power
of machines is getting increase in a very high speed. Almost
every 3 years, CPU’s computing power increase twice. However size
of the files keeps increasing also in an amazing rate. In recent
decade the size of file significantly has changed. Cloud
computing services have emerged as a major function with
substantive potential to provide greater opportunities, high
growth and superior competitive edge for small and medium
enterprises (SMEs). A collective feature believed to be true
about cloud computing focusses on the aspects of on-demand
accessibility of vastly obtainable and consistent computing
means; secure and convenient access to measurable services from
across locations, as well as data displacement from within the
organisation to the outside. While most of these aspects have
been categorically realized to a certain extent, cloud computing
7
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
is still a vast field to explore and deal with the challenges
that come in the way.
This paper aims to provide key insights into the privacy issues
and internal threats that come to hamper SMEs by adopting cloud
computing for their business functions. The results obtained
through detailed study of reasons behind SMEs shift towards
migrating to cloud computing services are both encouraging and
alarming. Undoubtedly, most SMEs have gained immensely by
reducing costs and being technologically at par with larger
organisations. But at the same time, the level of risk associated
with shifting to computing paradigms is undermined by most
companies. The paper identifies the types of risks and privacy
issues, while recommending greater education, awareness and
sensitization on cloud computing. The need for effective
corporate governance, stringent regulatory framework and
empathetic technological adoption by SMEs are stressed upon to
fight the darker side of an otherwise boon-to-business function
of Cloud Computing.
8
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
1.INTRODUCTIONInformation network is an essential foundation upon which all
businesses – big, medium or small, functions and carry out their
day-to-day operations. Taking this function ahead and making
further development possible, there is an introduction of better
means of transferring, sharing and storing data, which is more
effective and efficient in terms of cost (CIF, 2011). The
function is cloud computing, where cloud refers to the wireless
aspect of information sharing and storage. Although it is a very
new phenomenon, yet it has been very famous among major
businesses and firms which have unending information needs.
Cloud computing or cloud based networking is a means of
information sharing and storage, which includes a network
designed on similar pattern as that of normal network (Mell and
Grance, 2009). Major difference in cloud computing and normal
network is that the later involves a lot of infrastructure from
the organisation itself. This infrastructure is in the form of
computers which are connected through a network, and further
connected to servers and storage units (Pearson, 2012). The
servers are high capacity storage and interface devices, which
have to be maintained at all times.
9
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
According to (IDC, 2015), December 18, 2014 more than 65 percent of
enterprise IT organizations will commit to hybrid cloud
technologies before 2016, this speed regarding to most of change
in IT business for medium and enterprise business.
Digitization is accelerating the ongoing evolution of business.
Clouds - public, private, and hybrid - enable companies to extend
their existing infrastructure and integrate across systems. New
futures Cloud provides
Much better security camper to traditional that mirrors existing
controls. Through the Soft Layer infrastructure combined with the
new services available, business now have the right tools and
environment to combine all of their data no matter where it
resides to respond to changing market dynamics.
Apart from acquisition and maintenance, there is a dedicated
staff which is required by the firm, to maintain its functioning
and fulfil the needs to vigil. Such high costs are often a hamper
to small and medium business enterprises, who struggle hard to
maintain the security and safety concerns of the server, in which
information is stored. Critical information can be compromised
due to cyber-attack which is generally on the rise these days
10
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
(Susanto, Almunawar and Kang, 2012). In order to overcome all
these challenges, cloud computing was introduced in the
information technology segment, which has taken business related
communication to an all new level and have come as a boon to
SMEs. Cloud Computing’s major functional benefit is to help in
saving a lot on cost and also promotes efficiency at the same
time. On the flip side, cloud computing in its current form
impersonates an integral challenge. Since data is typically
available in unencrypted form to the outsourced owners, there is
a big question mark on privacy. The qualms about leakage of
sensitive and classified data or compromise with privacy have
been stringent roadblock in cloud computing (Pearson, 2012).
11
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
2.LITERATURE REVIEWOne of the significant preferences to SME is that of capacity, on
the grounds that the function is extremely multifaceted and is
secured by the administration supplier. Working and exchanging
information through cloud is exceptionally straightforward and is
similar to working the normal framework. Information move in
itself is simple and happens pretty much immediately without
influencing responsiveness (Madhavi, Tamilkodi, and Sudha, 2012).
Avoiding security threat is extremely helpful for the SME
functioning, on the grounds that proficiency is straightforwardly
connected with SME process responsiveness and operation.
Additionally, it is the peculiarity of cloud network, that it
gives inconceivable decision as far as administration and
alternatives (Jamil and Zaki, 2011).
Bayrak (2013) states that SME’s are always on the look-out for
cheaper alternatives that can provide competitiveness edge, and
cloud computing decreases spend on electricity, bandwidth and
hardware (Armbrust et al. 2010), thereby lending substantial help
by ensuring economies of scale. Based on the findings of
literature on similar work, it is observed that many SME’s
install and use various software applications including in-house
email services, CRM, operations and vendor management, ERP, HR
12
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
and accounting packages and more (Ismail, Jeffrey and Belle,
2011). A study by Sahandi et al. (2013) reaffirmed this fact
wherein over 51% respondents in the UK agreed to having working
knowledge of cloud computing.
There is no arrangement thusly as far as sort of records which
can be put away or kind of data which can be gotten to. There is
no such limitation on the sort of data which is utilized and got
to, and the administration supplier does not practice any control
over data. Privacy is one aspect of information function in an
association, and this secrecy is not ruptured at any level. Truth
be told one of the premise of cloud networking is the offering of
secrecy by the administration supplier which guarantee data is
not traded off anytime (Patidar, Gupta, et al 2012).
There are not very many security or related attentiveness toward
a SME who choses cloud computing alternative. It is not the last
level, as there is still awesome measure of improvement occurring
in this heading and the administration suppliers have their own
specialists and engineers, who are utilized to complete further
research (Rani, and Gangal, 2012). New and better ways are in
effect frequently acquainted and proposed with further practice
and improve the capacities of cloud network (Neela and Saravanan,
2013). These incorporate the amalgamation of more current
methods, which give more alternatives and control data in a
13
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
superior manner. Effectiveness and exactness is one function
which needs to be kept up by the engineers and cross breed
methods of putting away data are extremely helpful for the SME.
These methods have given the tremendously required responsiveness
in the function (Subashini and Kavitha, 2011).
2.1. CLOUD NETWORKING
Businesses are no more required to acquire their own
infrastructure, apart from saving maintenance and staff related
costs (Neela and Saravanan, 2013). Maintaining a server in an
orthodox information framework is very intricate function because
it involves high expertise by staff (Rani, and Gangal, 2012).
Tackling the security threats is one aspect of it. In cloud
network, a third party is involved in provision of the service
and this undertakes most of the infrastructure needs, which saves
the SMEs from a lot of hassle while storing information. Cloud
network has major needs, which are maintained by the service
provider and this facility is away from the organisation setup
(Essandoh and Boateng, 2013). Moreover, the service provider has
dedicated facility, which also includes a completely dedicated
14
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
team of specialized and dedicated personnel, who undertake the
whole plan and function (Subashini and Kavitha, 2011). The
service provider acquires and maintains high capacity
infrastructure and storage units, which undertake the information
transfer channel. Cloud is linked to SME premises through
internet network and several access points are created within a
company’s premises. Personnel involved at each node are given
access codes and this is the reason every aspect of information
is transferred through one node to another, simply by accessing
cloud network which is situated outside the facility (Madhavi,
Tamilkodi, and Sudha, 2012). Information transfer among various
departments happens on similar pattern and information is shared
regarding SME functions. Cloud is a service and it is a business
term rather than technical term. It separates the concern between
the user and provider. The cloud is very powerful as it uses
virtualization and has a giant resource pool. Using cloud can
reduce the cost on IT management.
15
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
Cloud is powerful IT resource pool (public cloud), or management
tool (private cloud). Its elastic property allows application
resizing itself to any scale. The almost important benefit of
using cloud is paying and using the IT resource as you go. How
much has you used, how much you should pay. These features of
cloud enable small company or organization like school running
large scale application or experiment with a reasonable cost.
Even though the cloud provide users with elastic resource, not
all application can directly run on the cloud, it re-development
of application and put it into cloud layer (e.g. Azure), or
distribute the workload on its own (e.g. AWS). In order to fully
shows up the performance of cloud. Second approach requires some
powerful framework on top of all virtual machines and fully used
up all resource form each virtual machine. Cloud computing
technologies and applications running on a physical machine
cannot run faster than the host in most case (Exception found in
testing procedure, and discuss in the part of KVM). To make
instance more powerful than it, the only way it using distributed
system or similar framework like Hadoop. We will introducing the
16
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
computation power of virtual machine later and also introduce
Hadoop which is important part of our project.
2.2 CLOUD DEPLOYMENT MODELS
There are various ways of deploying cloud on any business
function. The four basic deployment models are discussed herein.
2.2.1 Public Cloud
All information is hosted through clouds of businesses and
organisations and is freely available for all internet users
(Furht, 2010). Cost efficiency, tractability, and pliability are
all advantages of public clouds, while ease to access resulting
in security breach and malicious attacks are common limitations
(Susanto, Almunawar and Kang, 2012).Public cloud usually charge
user per user hour with a reasonable price. Apart from the
resource allocated can be adjust, platforms the instance running
can be difference also like Windows, Linux. Actually, cloud is an
IT resource hiring service; there are many usage of the cloud.
The aim target of using cloud is reducing the cost. General
public cloud allows user pay as you go and gets the only service
17
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
they wanted. Using public cloud can reduce or eliminate the cost
of manage an IT system. Since company must put many resource on
maintenances other than buying the facilities. Cloud providers
usually provide many manage tool and some of them are free. These
tools can manage the resource using according from usage and
adjust number of instance automatically. Also some detailed
report will be sent to user and alert the any issue their
instances encountered
2.2.2 Private Cloud
Private clouds or internal clouds mostly work on intranet, and
caters to the employees and stakeholders of a large organisation
having multiple business entities (Mell and Grance, 2011). These
are mostly managed by an in-house IT team or external providers
and do not have restrictions on bandwidth or high security
constraints. The privacy or internal threat is hardly an issue.
Private cloud gives users surprise with its easiness of managing
resource and better use of resource. Private cloud users can send
request similar to the public cloud users. Apart from that, they
18
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
can almost get what they want immediately. All these actions are
handled by cloud system and administrators need not to set up any
new machines. Private cloud usually provides different types of
the user interfaces to the cloud user similar to the public
cloud. For the administrators, there is another interface to
manage the whole system. A single machine play different role,
Cloud server generally provides the instance in form of virtual
machine. Since require a very powerful machine. Cloud server can
run many small instances on a machine and greatly reduce the cost
on buying server. Apart from reduce the number of machines, the
IT resource of instance can be dynamically adjust or move to
another machines even public cloud.
2.2.3 Community Cloud
A cloud shared by multiple organisations or communities having
common interest and needs form a community cloud. It can be
hosted either externally or internally in one of the stake-
holding organisations, and share a common infrastructure (Mell
and Grance, 2011). Hospitals, educational institutes and
government agencies are most relevant examples.
19
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
2.2.4 Hybrid Cloud
Two or more clouds come together to form a hybrid cloud version,
where data and applications can be mutually shared. A hybrid
cloud has the capacity to underrate the limitations of individual
clouds deployment techniques (Zhang, Cheng and Boutaba, 2010). A
relevant example is of an organisation that wishes to keep
confidential data for access to board members only, whilst the
rest of the information is publicly available.
2.3 CLOUD COMPUTING SERVICE MODELS
As discussed above, just like an organization’s cloud
computational environment shapes up the scope and controlling
aspects, the service models braced through cloud, also effect a
small and medium business enterprises in similar ways. The main
three service models (Leavitt, 2009; Vaquero et al. 2011)
associated with cloud computing is represented in figure2.2 and
discussed herein.
2.3.1 Software as a Service (SaaS)
Delivery of applications and software are done on-demand by means
of internet or private networks. A subscription fee is charged
for premium software while other are provided for free (Bhat et
al. 2010). SaaS is thereby an effective way to minimize
20
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
maintenance and upgrading costs for the subscribers (Chen and
Wang, 2010). Most common examples are Google apps, Facebook,
Twitter, and Skype.
2.3.2 Platform as a Service (PaaS)
Software development tools through which cloud applications and
services can be built and run is done using PaaS (Vaquero et al.
2011). The resources are handled through API, and enables user to
develop, test, install and host complex, yet personalized
applications. Common examples include IBM Bluemix, Google App
Engine, and Microsoft Azure.
21
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
FIGURE 2.1: CLOUD SERVICE MODEL
2.3.3 Infrastructure as a Service (IaaS)
High performance virtual machines, operating systems,
infrastructural resources and abstracted hardware are all by
virtue of IaaS (Mell and Grance, 2011). While the infrastructure
and ownership rights belong to the service provider, the
organisations can gain control by either buying out the services
or renting them. Common examples are IBM Cloud, SAP HANA, Amazon
Web Services, Eucalyptus, and Flexi Scale.
22
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
23
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
2.4 IMPACT ON SME
One of the major advantages to business is: storage, since this
function is very intricate and covered by the service provider.
Operating and transferring information through cloud is very
simple and is like operating the regular system. Information
transfer in itself is very easy and happens almost
instantaneously without affecting responsiveness. Networking is
very beneficial for the SME functioning, because efficiency is
directly associated with SME process responsiveness and
operation. Also, it is the feature of cloud network, that it
provides vast choice in terms of service and options. There is no
classification as such in terms of type of files which can be
stored or type of data which can be accessed (Rani, and Gangal,
2012). There is no such restriction on the type of data which is
used and accessed, and the service provider does not exercise any
control over data. Confidentiality is one aspect of information
function in an organisation, and this confidentiality is not
breached at any level (Patidar et al. 2012). In fact one of the
basis of cloud networking is the offering of confidentiality by
the service provider which ensure data is not compromised at any
point (Neela and Saravanan, 2013). There are very few security or
related concerns for a SME who choses cloud computing option. In
is not the final level, as there is still great amount of
24
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
development taking place in this direction and the service
providers have their own experts and developers, who are employed
to carry out further research (Jamil and Zaki, 2011). New and
better ways are being regularly introduced and proposed to
further specialize and enhance the abilities of cloud network
(Subashini and Kavitha, 2011). These include the amalgamation of
newer techniques, which provide more options and control data in
a better way (Madhavi, Tamilkodi, and Sudha, 2012). Efficiency
and accuracy is one function which needs to be maintained by the
developers and hybrid techniques of storing data are very
beneficial for the SME. These techniques have provided the much
needed responsiveness in this function.
25
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
3.RESEARCH METHODOLOGYThis is a very intricate as well as interesting topic, and
research in this direction has to be focused. Cloud computing is
one topic, which involves lot of features which need to be
highlighted and brought forward. Several previous studies have
pointed out facts, which have formed the basis for further
development of the function (Subashini and Kavitha, 2011).
3.1 DATA COLLECTION METHODS
McNiff (2011) asserts that countless types and styles of data is
usually available on any given topic, yet, the aim is to use a
data collection method that is most appropriate in context of the
subject chosen for research study. Credibility and variety can be
added to the research only when multiple sources of are used for
data collection (Patton, 2001; Yin, 2003). Hence, the researcher
has employed various data collection methods in order to provide
credibility and consistency in the flow of thoughts, apart from
presenting different views up for discussion. A lot of past
research works; published journals and corporate examples,
restricted to past five years of study have been incorporated in
presenting this paper.
26
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
3.2 META-ANALYSIS METHOD
In order to understand all aspects of the proposed hypothesis,
meta-analysis method of research has been chosen (Madhavi,
Tamilkodi, and Sudha, 2012). Comparison is done in order to
conduct detailed and argumentative study, which focuses on
several key elements. Previous studies have formed the basis for
this topic and a lot of suggestions have been studied from them
(Jamil and Zaki, 2011). Security is an extremely perplexing and
in addition fascinating theme, and research in this bearing must
be centered. Cloud computing is one point, which includes lot of
gimmicks which need to be highlighted and presented. A few past
studies have called attention to truths, which have shaped the
premise for further improvement of the function (Rani, and
Gangal, 2012). The system for research has been picked so as to
see all aspects of the proposed theory. Analysis is carried out
to direct itemized and factious study, which concentrates on a
few key components. Past studies have structured the premise for
this point and a lot of proposals have been considered from them
(Patidar, Gupta, et al 2012).
27
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
4.OVERALL DISCUSSIONBusiness related investigation have developed complex in limit
and most recent log procedures are being presented. Security
threat is making the investigation a complicated function, which
is gone for gathering and social affair information with respect
to SME and keeping up the database. These examination works in
course of all fields and aspects which are associated with the
part in which SME predominates (Subashini and Kavitha, 2011).
Likewise, it meets expectations in related and complimentary
parts and every last component which influences the working of
SME is investigated (Neela and Saravanan, 2013). Cloud
vulnerability is making security a significant concern, on the
grounds that there is an extraordinary animosity among SME firms
to gain more data to be put away. To assemble this profitable
information, certain out of line practices are likewise taken
after, which is an awesome risk to the entire SME function (Jamil
and Zaki, 2011).
In the modern perspective, every single association whether vast
or small, includes the standards of information innovation (Neela
and Saravanan, 2013). One of the basic parts of a current SME is
that of information, on the grounds that it is the most well-
known functions in a SME. Taking this function ahead and making
28
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
further advancement conceivable, there is a presentation of
better method for exchanging, offering and putting away data,
which is more viable and productive as far as expense (Rani, and
Gangal, 2012). This function is that of cloud computing, in which
cloud alludes to the remote aspect of information imparting and
stockpiling. Despite the fact that it is another marvel, yet at
the same time it is exceptionally renowned among significant
organisations and firms which have real information needs.
Real contrast in cloud computing and typical network is that
ordinary network includes a lot of framework from the association
itself (Patidar, Gupta, et al 2012). This framework is as PCs
which are joined through a network, and further associated with
servers and capacity units (Jamil and Zaki, 2011). These servers
are high limit stockpiling and interface gadgets, which must be
kept up at all times. Aside from procurement and upkeep, there is
a devoted staff which is needed by the firm, to keep up its
functioning and satisfy the needs to vigil. Security is included
expense, aside from the security and wellbeing concern of the
server, in which information is put away (Madhavi, Tamilkodi, and
Sudha, 2012).
Threat to information can be traded off whenever and this can
happen due to a cyber-assault, which are by and large on the
ascent nowadays. So as to conquer all these difficulties, cloud
29
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
computing was presented in the information innovation section,
which has taken SME related correspondence to an all new level.
In this function, the major functional profit to SME is that this
aide in sparing a lot on expense furthermore advances
productivity in the meantime (Subashini and Kavitha, 2011).
4.1 ABOUT CLOUD COMPUTING
Security is one of the prime concerns in an organisation which
deals with information on an allied platform. In this era of
multiple expansions in SME, there is great commercialization and
advancement in every segment. Orthodox businesses are being ruled
out and new and latest techniques are being introduced to replace
these functions (Rani, and Gangal, 2012). This practice has given
rise to great changes and has made the SME process and
functioning all the more challenging. Competition has forms the
basis for every SME and this is growing with each passing day
(Patidar, Gupta, et al 2012). Earlier, where financial worth was
considered as the benchmark for ascertaining actual standing of
an organisation, now these graphs have shifted. An organisation
is now acknowledged and understood from the type and amount of
data which is involved in it. Information is the basis of every
SME in today’s world and the more information a company
possesses, the more effective it is considered in terms of
capabilities (Madhavi, Tamilkodi, and Sudha, 2012).
30
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
4.2 CLOUD COMPUTING AND SME BUSINESS
SMEs as we know are small set ups with meagre budgets, always
looking for cheaper alternatives and cost effective measures
(Saini, Khanna and Kumar, 2012). There have been numerous
instances, especially in the developing economies, where SME’s
have not been able to take adequate advantage of cloud computing
technology and hence remained competitively unviable (Addo, 2015;
Tan, 2010). Nevertheless, databases and information portals are
still given maximum weightage while analysing the capabilities of
an SME function. Business related analytics have grown manifold
in capacity and latest log techniques are being introduced. This
is making the analytics an intricate function, which is aimed at
collecting and gathering information regarding SME and
maintaining the database. These analytics work in direction of
all fields and aspects which are connected to the sector in which
SME prevails (Patidar, Gupta, et al 2012). Also, it works in
related and complimentary sectors and each and every factor which
affects the working of SME is scrutinized.
All such factors contribute to make security a major concern,
because there is a great aggression among SME firms to acquire
more and more data to be stored (Jamil and Zaki, 2011). To gather
this valuable information, certain unfair practices are also
followed, which is a great threat to the whole SME function. One
of the most common forms of unfair trade practice is related to
31
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
the cybercrime function, which includes number of activities such
as hacking, phishing, data theft and spyware (Subashini and
Kavitha, 2011). On a highly commercial level, many major
corporations have even deployed specialized hackers and IT
professionals, in order to gain access to servers of rival
companies (Rani, and Gangal, 2012). Threat to information is a
major cause of concern for each and every organisation and
companies are spending huge costs in order to curtail these
cybercrimes.
4.3 SECURITY OF CLOUD NETWORK
Although there is a proper framework which is deployed by the
firms to secure their information, still these firms are
vulnerable at hands of cyber criminals. Cloud based computing and
networking is no different in this regard, and similar threats
prevail for service providers of cloud computing. It is a great
point in concern, where hackers and anti-social elements can
focus their concern towards such companies which provide cloud
solutions (Rani, and Gangal, 2012). Information security is of
prime concern for these service providers and they have to ensure
this security to the secured data in order to safeguard the
interests of their clients. One of the basic conditions on which
the contract between cloud providers and SME clients is based, is
that of security (Neela and Saravanan, 2013).
32
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
Business firms rely on service providers with their invaluable
and highly confidential data and other SME related elements. If
there is a threat which prevails with this stored data, then the
whole function is considered a failure (Jamil and Zaki, 2011).
For understanding the whole concept of security, it is very
important to understand the reasons of security failure. In every
organisation there are certain loopholes in the overall
information and cloud framework, which makes it vulnerable to
attacks. Security can be compromised at many levels and in many
forms, which can threaten the whole cloud system (Subashini and
Kavitha, 2011).
To ensure security to the whole system and servers in which
information is stored, there is a need to ensure overall and
effective control. One of the basic elements of an information
system and cloud framework is the design of the system. When a
system is design in accordance with the requirements of security
protocols and includes all crucial elements, it is considered
effective. So it is to be kept in mind by the organisation and
development team to propose and maintain an effective information
system, and understand the elements of security. All aspects, of
hardware, software and networking have to be aligned in such a
way that it ensures installation of sophisticated security
techniques (Patidar, Gupta, et al 2012). Software function
contains a crucial function of firewall, which has to work in
33
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
conjunction with cloud network and hardware to control access.
This has to be chosen on basis of security level and latest
versions are to be chosen for each firewall. Furthermore there
is a need for stricter protocol and effective control of the
personnel function.
4.4 FACTORS OF VULNERABILITIES
As it is understood that each and every firm employs some
personnel across the network, in order to keep the function
going. Security is maintained with training and the whole
function is made available to these personnel, who can operate
various nodes of a network. However, in most cases vulnerability
is associated with this element, as security can be compromised
at various levels across the facility through human factor. Human
factor has to be strengthened through extensive training and
security deployment at all nodes and providing stricter access
codes (Neela and Saravanan, 2013).
A code of regulation has to be implemented and followed
thoroughly which can work in conjunction with biometric
authentication systems (Rani, and Gangal, 2012). Also, the
service provider has to ensure security at the premise of SME
firm, which can be done by sharing knowledge and experience in
this regard. All personnel having access to the cloud network
have to maintain high level of confidentiality while accessing
34
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
information, because this can be vulnerable. If hackers get
access to these codes, they can easily send virus and other
spyware to the main servers of cloud network (Subashini and
Kavitha, 2011). Reporting is another very important function of a
cloud network’s security and this has to be followed accordingly
(Patidar, Gupta, et al 2012).
There are many functions and incidents which have to be included
in the reporting function and this has to be timely at regular
intervals. Data packets which are transferred through these
channels have to be passed through high security firewalls and
validated for accuracy, as any discrepancy in coding can lead to
bugs. Bug reporting has to be a part of the overall reporting
function, and a special dedicated team has to be focused in this
direction in order to overcome the vulnerability (Jamil and Zaki,
2011).
Another major factor in this direction is the calibration
function, which involves each and every aspect, whether hardware,
network or software, which have to be knitted together. Viruses
are one the most lethal and most severe vulnerabilities which
threaten the cloud network and overall security framework (Rani,
and Gangal, 2012). The sphere which is proposed to check for
virus and bugs also includes checking the transferred data from
the SME firm’s end. No data packet can be left out from this
35
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
check and this has to be validated through effective anti-virus
software. After installation, the regular up gradation is also
very important in order to safeguard data, because when software
is not updated, it leaves the whole system vulnerable.
This is a very intricate function and involves extensive
knowledge and expertise to be made effective and validated. Cloud
computing corporations are now spending loads of time and
resources in this direction in order to maintain high level
security. Security requires highly skilled team of experts and
technical knowhow, which can ensure safety of data and stored
content (Patidar, Gupta, et al 2012). Avoiding threats is making
cloud computing possible and one of the most important functions
in a SME corporation. There are certain benefits associated with
this function; however security of these networks has to be
maintained at highest level (Subashini and Kavitha, 2011).
4.5 MAINTENANCE OF SECURITY
Cloud computing organisations are currently investing heaps of
time and assets in bearing with a specific end goal to keep up
abnormal state security. Security function obliges very gifted
group of specialists and specialized skill, which can guarantee
wellbeing of data and put away substance. Threat to information
is making cloud computing conceivable and a standout amongst the
most imperative functions in a SME organisation. There are sure
36
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
profits connected with this function; however security of these
networks must be kept up at largest amount (Kamara and Lauter,
2010). Programming function contains an urgent function of
firewall, which needs to work in conjunction with cloud network
and equipment to control access. Besides, there is a requirement
for stricter convention and powerful control of the faculty
function. As it is comprehended that every last firm utilizes
some staff over the network, to keep the function going. Security
is finished with preparing and the entire function is made
accessible to this work force, who can work different hubs of a
network (Patidar, Gupta, et al 2012).
Cloud based computing and networking is the same in this respect,
and comparable dangers win for administration suppliers of cloud
computing. It is an extraordinary point in concern, where hackers
and against social components can center their worry towards such
organisations which give cloud arrangements. Information security
is of prime sympathy toward these administration suppliers and
they need to guarantee this security to the secured data to
defend the diversions of their customers (Jamil and Zaki, 2011).
Albeit there is a legitimate structure which is sent by the
organisations to secure their information, still these
organisations are helpless at hands of cyber hoodlums. One of the
fundamental conditions on which the agreement between cloud
37
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
suppliers and SME customers is based, is that of security (Neela
and Saravanan, 2013).
Business firms depend on administration suppliers with their
significant and very private data and different SME related
components. In the event that there is a danger which
predominates with this put away data, then the entire function is
viewed as a disappointment. For comprehension the entire idea of
security, it is critical to comprehend the reasons of security
disappointment (Pearson, 2012). In every association there are
sure escape clauses in the general information and cloud system,
which makes it defenceless against attacks. Security can be
bargained at numerous levels and in numerous structures, which
can undermine the entire cloud framework. To guarantee security
to the entire framework and servers in which information is put
away, there is a need to guarantee general and viable control
(Patidar, Gupta, et al 2012). One of the essential components of
an information framework and cloud structure is the configuration
of the framework. At the point when a framework is plan as per
the prerequisites of security conventions and incorporates all
vital components, it is viewed as powerful. So it is to be
remembered by the association and improvement group to propose
and keep up a successful information framework, and comprehend
the components of security (Subashini and Kavitha, 2011).
38
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
5.RECOMMENDATIONSAll important aspects need to be listed out to check privacy
invasion and internal threat as posed by cloud computing. All
aspects, of equipment, programming and networking must be
adjusted in such a route, to the point that it guarantees
establishment of advanced security systems. On the other hand,
much of the time defencelessness is connected with such
component, as security can be traded off at different levels over
the office through human variable. Human variable must be
fortified through far reaching preparing and security arrangement
at all hubs and giving stricter access codes (Rani, and Gangal,
2012). Security protocol must be actualized and took after
altogether which can work in conjunction with biometric
validation frameworks. Likewise, the administration supplier
needs to guarantee security at the reason of SME firm, which
could be possible by imparting information and involvement in
this respect (Patidar, Gupta, et al 2012).
All faculties having admittance to the cloud network need to keep
up abnormal state of privacy while getting to information, on the
grounds that this can be defenceless. In the event that hackers
get access to these codes, they can undoubtedly send virus and
other spyware to the primary servers of cloud network (Subashini
and Kavitha, 2011). Reporting is an alternate vital function of a
39
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
cloud network's security and this must be taken after as needs be
(Madhavi, Tamilkodi, and Sudha, 2012). There are numerous
functions and episodes which must be incorporated in the
reporting function and this must be convenient at standard
interims (Jamil and Zaki, 2011).
Data packets which are exchanged through these channels must be
gone through high security firewalls and accepted for exactness,
as any inconsistency in coding can prompt bugs. Bug reporting
must be a piece of the general reporting function, and a unique
committed group must be concentrated in this bearing with a
specific end goal to conquer the helplessness. An alternate main
consideration in this heading is the alignment function, which
includes every last aspect, whether equipment, network or
programming, which must be sewn together.
Viruses are one the most deadly and most extreme vulnerabilities
which undermine the cloud network and general security structure
(Neela and Saravanan, 2013). The circle which is proposed to
check for virus and bugs additionally incorporates checking the
exchanged data from the SME association's end. No data parcel can
be forgotten from this check and this must be accepted through
powerful hostile to virus programming. After establishment, the
consistent up degree is likewise imperative so as to defend data,
in light of the fact that when programming is not upgraded, it
40
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
leaves the entire framework powerless. This is an exceptionally
mind boggling function and includes broad learning and ability to
be made powerful and approved (Madhavi, Tamilkodi, and Sudha,
2012).
Service providers should specifically take responsibility that
data is neither shared with third party vendors, nor lost during
transition. It is also important the service providers work in
direction of enhancing capacity and reducing costs, so as to
support and encourage the SME industry world over. Adequate
changes in legislation and regulations by concerned governments
can go a long way in tightening up the screws on cloud providers.
41
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
6.CONCLUSIONThrough this paper we discussed the definition, deployment and
development of cloud computing and how SMEs have immensely
benefitted through a cost-effective medium. The focus on internal
threat and security or privacy issues helped in gaining insight
into the fact that cloud providers are responsible for adequately
addressing such issues. A standout amongst the most widely
recognized manifestations of unreasonable exchange practice is
identified with the cybercrime function, which incorporates
number of exercises, for example, hacking, phishing, data robbery
and spyware. On an exceedingly SME level, numerous real
enterprises have even sent specific hackers and IT experts, so as
to get access to servers of opponent organisations.
As the dependence on cloud services has increased with greater
level of acceptance, the issues pertaining to privacy, security,
trust, data transfer capacity and lock-in demand much more
vigilance. Foremost is obviously inking smart user agreements
with the service providers. Such trust agreements will go a long
way in covering additional futuristic elements and cover sanctity
of critical communication. While most privacy legislation seem
irrelevant due to their outdated approach, it is important review
42
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
is done on basis on post-cloud scenario and industrial
challenges.
Information threat is a real reason for sympathy toward every
single association and organisations are spending enormous
expenses so as to reduce these cybercrimes. Current trends of
Cloud computing towards in a better flexibility, fusibility and
also greater security. The current level of knowledge about cloud
computing is acting as an hindrance to internal security, and
hence in order to gain complete benefit of cloud computing, it is
imperative all organisations start knowledge enhancement programs
and reap desired benefits.
43
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
1.CRITIQUE AND SCOPE OF FUTURE WORKIt is said that a man is the best critic of his own work. For
someone who clearly knows his/her shortcomings has the reason and
scope for further improvement, and enhancing one’s own knowledge
in the process. While setting out on writing this paper, the idea
was to grasp to understand the concept in details and find
loopholes with respect to security and privacy issues pertaining
to cloud computing use in SMEs. During the course of study,
numerous research papers and journals were referred, which
actually led to abundance of information. Something which was not
achieved during the course of this study imperatively becomes the
scope of future work. A detailed research in form of
questionnaire and personal interviews with people involved in
development, deployment and use of cloud computing is a desirable
task to undertake. This will certainly enable to fill in the gaps
that this paper has left.
For SME’s based in developing economies, the research has
considerable proof of limited awareness, inconsistent usage and
lack of knowledge about cloud computing. When basic concepts are
unclear, the loss arising out of breach of security and privacy
invasion becomes manifold, but is not noticeable by the employees
or management. Any study will become insignificant unless policy
44
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
makers, cloud service providers and other stakeholders take the
onus upon themselves to create an informed and educated working
class in SMEs. Trial packages of cloud computing services can be
an exciting initiative in this regard, where service providers
like Google, Microsoft and others provide a 30-day free trial of
their applications and services.
45
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
REFERENCES
Addo, A. (2015) “The Adoption, Usage and Functions of the
Internet and E-Commerce among SMEs in Ghana,” International
Journal of Business and Management Tomorrow , vol. 2, no.
9, pp. 1–10,
Bhat, M. A., Ahmad, B., Shah, R.M. and Bhat, R.I. (2010) “Cloud
Computing: A Solution to Information Support Systems
(ISS),” International Journal of Computer Applications,
vol. 11, no. 5, pp. 5-9, 2010.
IDC (2014) IDC Reveals Cloud Prediction for 2015 Available from
http://www.idc.com/getdoc.jsp?containerId=prUS25350114
[Accessed 28/02/2015]
Ismail, R., Jeffery, R., Belle, J.V. (2011) “Using ICT as a value
adding tool in south african SMEs,” Journal of African
Research in Business & Technology, vol. 2011, pp. 1-11
46
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
Chen, S., Wang, C. (2010) Accountability as a Service for the
Cloud: From Concept to Implementation with BPEL. Proc. 6th
IEEE World Congress on Services, IEEE, 91-98.
Cloud Industry Forum. (2011) Cloud UK: Adoption and Trends 2011.
Essandoh, K.A., and Boateng, E.O.Y. (2013) Cloud Computing: The
Level of Awareness amongst Small & Medium-sized Enterprises
(SMEs) in Developing Economies. Journal of Emerging Trends
in Computing and Information Sciences.
Furht, B. (2010) “Cloud Computing Fundamentals,” in Handbook of
Cloud Computing, New York, Springer, pp. 3–19.
Jamil, D., and Zaki, H. (2011). Security issues in cloud
computing and countermeasures. International Journal of
Engineering Science and Technology (IJEST), 3(4), pp. 2672-
2676.
Kamara, S., Lauter, K. (2010) Cryptographic Cloud Storage. In:
Financial Cloud and Data Security, LNCS, 6054:136-149.
Springer
47
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
Leavitt, N. (2009). Is Cloud Computing Really Ready for Prime
Time?, IEEE Computer
McNiff, J. (2011). Action research for professional development.
Mell, P. and Grance, T. (2009) A NIST definition of cloud
computing. National Institute of Standards and Technology.
NIST SP 800-145.
Neela, T. J., and Saravanan, N. (2013). Privacy Preserving
Approaches in Cloud: a Survey. Indian Journal of Science
and Technology, Vol. 6(5), pp. 4531-4535.
Patidar, K., Gupta, M. R., Singh, G., Jain, M. M., and
Shrivastava, M. P. (2012) Integrating the Trusted Computing
Platform into the Security of Cloud Computing System.
International Journal of Advanced Research in Computer
Science and Software Engineering, Vol. 2(2), pp. 1-5.
Patton, M. (2001) Qualitative Evaluation and Research Methods,
3rd ed. Thousand Oaks, CA: Sage Publications, Inc.
48
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
Pearson, S. (2012) Privacy, Security and Trust in Cloud
Computing. HP Laboratories HPL-2012-80R1.
Rani, S., and Gangal, A. (2012). Security issues of banking
adopting the application of cloud computing. International
Journal of Information Technology, Vol. 5(2), pp. 243-246.
Rani, A. M. G., and Marimuthu, A. (2012). A Study on Cloud
Security Issues and challenges. International Journal of
Computer Technology and Applications, Vol. 3(1), pp. 344-
347.
Sahandi, R., Alkhalil, A., Martins, J.O. (2013) “Cloud Computing
from SMEs Perspective: A Survey-Based Investigation,”
Journal of Information Technology Management, vol. XXIV,
no. 1, pp. 1–12
Saini, I., Khanna, A. and Kumar, V. (2012) “ERP Systems: Problems
and Solution with Special Reference to Small & Medium
Enterprises,” International Journal of Research in IT &
Management , vol. 2, no. 2, pp. 715–725.
49
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
Subashini, S., and Kavitha, V. (2011) A survey on security issues
in service delivery models of cloud computing. Journal of
Network and Computer Applications, Vol. 34(1), pp. 1-11.
Susanto, H., Almunawar, M.N. and Kang, C.C. (2012) “A Review of
Cloud Computing Evolution Individual and Business
Perspective,” Social Science Research Network and
University of Brunei
Tan, T.C. (2010) “A perception-based model for technological
innovation in small and medium enterprises,” in Proceedings
of the 18th European Conference on Information Systems,
Pretoria, South Africa.
Vaquero, L., Rodero-Merino L., Caceres, J. and Lindner, M.
(2011) Locking the sky: a survey on IaaS cloud security.
Computing, 91:93–118.
Yin, R.K. (2003) Case study research method, 3rd ed. Thousand
Oaks, CA: Sage, 2003.
50
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
Zhang, Q., Cheng L. and Boutaba, R. (2010) “Cloud computing:
state-of-the-art and research challenges,” Journal of
Internet Services and Applications, vol. 1, pp. 7–18
51
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
APPENDICES
[1] The cloud computing architecture as proposed by NIST is
illustrated below.
Figure 1: Cloud Computing Models
[2] According to findings published in Journal of Emerging
Trends in Computing and Information Sciences, a paper authored
by Ezer Osei Yeboah-Boateng and Kofi Asare Essandoh (2013)
provides an insight on percentage usage for cloud service
52
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
models, deployment models and the popular applications in use.
The figures below illustrate the same.
Figure 2: Cloud services models
53
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
Figure 3: Cloud deployment models
54
PRIVACY ISSUES AND INTERNAL THREATS IN CLOUD COMPUTING Student
no.21128785
FOR SMALL AND MEDIUM BUSINESS
Figure 4: Popular cloud services and applications in use
[3] Barriers to cloud computing as per a McKinsey Global Survey
are given in the table below:
55
Top Related