- Open Access
- Total Downloads : 370
- Authors : Balinder Singh
- Paper ID : IJERTV2IS2414
- Volume & Issue : Volume 02, Issue 02 (February 2013)
- Published (First Online): 28-02-2013
- ISSN (Online) : 2278-0181
- Publisher Name : IJERT
- License: This work is licensed under a Creative Commons Attribution 4.0 International License
A Systematic Review on Cloud Computing
Balinder Singh
Abstract
Probably in the 21st century, cloud computing is the most considerable new technique and hot researching area in IT world. It is now conveying huge impact to the society, mainly the business world. It provides services on demand basis over internet, which allows the clients to focus on their major chores without worrying about purchasing infrastructure and installing it to data processing. Many reputed IT companies, such as Amazon, Google, Microsoft, IBM,
Desktop
Public Cloud
Hybrid Cloud
Private Cloud
Laptop
Yahoo and so on, developed cloud computing system and provide services for a huge amount of users. However, it produces too facilities which can make peoples live easy, but we cannot decline the truth that it is near to public domain, resulting prone to security leakage. Due to security issues and challenges, costumers are slow in adopting it. In this paper, we performed a systematic review including the following terms: Evolution, definitions and characteristics of cloud computing, and then introduced its models (i.e. deployment model, service model), cloud vendors with their products, finally security issues and challenges
PDA
Software as a Service
Platform as a Service Infrastructure as a Service
Tablet
Figure1. Cloud Computing Environment
Phone
related to cloud computing. In cloud computing environment it is an important issue to provide secure and reliable services. This paper can be very useful to anyone who have heard the word cloud computing for the first time and interested to know what it is.
1. Introduction
Over the past few years, progress in the field of computing and applications on demand over internet have led to an unstable growth of application models such as cloud computing, community network, software as a service, storage on web, and so on. In the era of the Internet, major application such as, Cloud Computing has become a considerable research topic of the industrial communities and scientific since 2007. Cloud computing represents a new era for delivery and utilization of the services over the Internet. Clouds are a large pool of easily usable and accessible virtualized resources (such as server, hard disk, database or development platform, and so on). For best resource utilization, these resources can be dynamically reconfigured to adjust to an unpredictable load.
Cloud Computing provides computer infrastructure and services "on-need" basis. The computing infrastructure could include server, hard disk, CPU cycles, database, development platform or complete software applications, and so on. Users (organizations and individuals) do not need to pay any large scale capital expenditures to access these resources from the cloud vendors. These users need to "pay-per-use" i.e. they need to pay only as much as they use the computing infrastructure. The billing model of cloud computing is pay-per-use such as the electricity or water payment that we do on the basis of usage. Thus it reduces hardware and software investment cost. In between 2008 and 2009, according to a survey undertaken by the International Data Corporation (IDC) group, the majority of results point to utilize Cloud computing as a low-cost feasible option to users [5]. Vender of cloud computing provides the services over the web, so these services are available from any location. The consumer does not need to know anything about the software, interface services, and platform. All the information can be abstracted from
consumers, and who has no control over these. In spite of the fact that cloud computing offers large opportunities to the IT industry, the improvement of cloud computing technology is currently at its infancy, there are many issues still to be addressed.
The rest of the paper is organized as follows. Section II introduces evaluation of Cloud. In section III we will introduce Cloud Computing overview; in section IV commercial product of cloud computing and security challenges will be discussed in final section V.
2. Evolution of the cloud
The evolution of Cloud computing shown in figure 2, passed through the following: networking, network sharing, information sharing, resources sharing, and services sharing [8]. The first stage of the Cloud was something like networking, having multiple regional networks with linked computers; initially it is adopted by national labs and universities. Then Connectivity among these regional networks with TCP/IP, led to Internet and its worldwide adoption. Using of HTML format and HTTP protocol, let to World Wide Web for exchange of information by using Mosaic browser. Then resource sharing came into picture with the emerging of grid computing. It provided standards and software for sharing of remote resources and collaboration; it was accepted for highly scalable High Performance Computing (HPC) jobs. The latest stage of the cloud, known as Cloud Computing, provides facilities of sharing the services over web by abstracting the infrastructure complexities of servers, heterogeneous platforms, computing power or complete software applications, and so on.
accepted by industries and academic world. Many researchers and research institutes have provided their own definitions. According to IDC [12]: An emerging IT development, deployment and delivery model, enabling real-time delivery of products, services and solutions over the Internet (i.e., enabling cloud services). There exist several definitions of cloud computing, among these a widespread definition is defined by the US National Institute of Standards and Technology (NIST) [13] as follows: "Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models."
3.2. Cloud computing characteristics
Cloud computing has many characteristics by that it is going to be so popular. These are:
On-demand self-service: A consumer need not a human interaction with resources (such as CPU time, storage or software application and so on) providers to obtain these computing resources.
Shared resource pooling: In cloud computing, by the infrastructure provider, a pool of computing resources can be dynamically allocated to different consumers. In this sense, the consumers do not have knowledge or control over the exact location of these resources.
Virtualization: Needs and use of cloud computing services are not related to specific physical resources or exact location of those. Using virtualization, customer can access servers or storage without knowing details
Services Sharing
Resources Sharing
Information Network Sharing Networking
Cloud Computing Grid Computing World Wide Web
Internet
Networks
of specific server or storage. The virtualization layer in computing model executes consumer request for computing resources by accessing appropriate resources. Virtualization can help to improve server utilization.
High availability: Cloud computing platform deploys multiple copies of the data, computing nodes use exchangeable technology to protect the service availability. If during execution any computing nodes failure happens, the application running on that node will mov to other computing node to continue running, without the user's knowledge of the situation. Cloud computing provides higher availability than
Figure2. Evolution of cloud computing
3. Cloud computing overview
3.1. Definition
Cloud computing is still an evolving paradigm, definition and nuance of this have no universally
other computing models.
Rapid elasticity: For a consumer, there is no restriction on the usage of computing resources. These resources can be increased or decreased on need basis. It provides a platform of dynamically increase or
decrease IT resources according to application needs by customers every time and anywhere.
Utility-based pricing: It provides pay-per-use billing model that allows calculating the usage of clouds services by per client on regular bases. Users buy on demand, and pay like the electricity, water, gas supply.
Broad network access: Computing resources are available over network and also accessed by different heterogeneous platforms (such as laptop, desktop, mobile phone, PDA or tablet).
Multi-tenancy: In the environment of cloud, services possessed by multiple providers are co-located in a single data center. The management and performance issues related to these services are shared by these service providers and the infrastructure provider. Cloud computing layered architecture describes the responsibilities; only specific objectives related to each layer are focused by the owner of particular layer.
Geo-distribution and universal network access: A customer of Clouds can access the services of cloud every time and anywhere over the Internet through internet connectivity devices such as desktop, laptop, mobile phone, PDA or tablet.
Cost-effective: The main aim of cloud computing is to provide such an environment to the consumers of cloud to fulfill all their requirement without purchasing or upgrading the software and hardware (such as server, hard disk and so on) according to their needs. But they have to pay as per they use the cloud services and for the Maintenance of hardware at their own side. Thus this may lead to cost saving.
-
Cloud computing deployment model
Cloud computing is classified in four deployment models, but in figure 1, only three basic cloud computing deployment models have been depicted. These four are as follow:
-
Public Cloud: Cloud infrastructure is made available for public use or for a large industry group and is managed and operated by the public cloud service provider. This is a model which allows users to access the cloud through interfaces using web browsers. The user has no control and visibility over where the computing infrastructure is situated. The computing infrastructure is shared among any no. of Organizations. It is usually based on a pay-per-use billing model. Public cloud helps the cloud clients to reduce the operation costs on IT expenditure [3]. However, public clouds owns less security as compared to other cloud models because all the information on
the public cloud are more prone to malicious attacks due to its open structure.
-
Private Cloud: The cloud infrastructure is operated exclusively within a single organization. Similar to Intranet functionality, in private cloud all the cloud resources and applications are managed by the organization itself. Only the organization and its designated stakeholders may have authority to operate on a particular Private Cloud [10]. Thus it can achieve the most effective control over data, security, compliance and service quality under the control of the enterprises [17]. Private clouds are more secure and more costly compared to public clouds.
-
Hybrid Cloud: A typical combination of private cloud and public cloud together forms a new model called Hybrid Cloud. In this model a private cloud is combined with one or more external (public) cloud services, centrally managed, as a single entity and bounded by a secure network [6]. That means the hybrid cloud can supply services for both the creator and their users. It enables the organizations to use private cloud for state-steady workload, and requesting the public cloud when peak workload occurs, then return if public cloud services no longer needed [19]. When consumers use hybrid cloud computing model for security purpose, they should use private cloud to run core applications and store internal sensitive data, but non-core applications can be executed on public cloud. In hybrid cloud, the service providers need to pay higher cost for deployment and have to face more complex security problems.
-
Community Cloud: The cloud infrastructure is shared by many organizations of the same community, having similar interest and requirement, which may reduce utilization cost. The cloud infrastructure could be organized by one of the organizations in the community or by a third-party provider.
-
3.4. Cloud computing service model
There are three best known cloud computing service model (depicted in figure 1) described individually as follow:
Software as a Service (SaaS) consists of a complete software which is offered by cloud vendor on the cloud infrastructure. By using SaaS model, users can access these software applications on pay-per-use basis. Users do not need to purchase software products and install them on their own computer or server and run these applications on the users system [24]. In some cases these software products are free to use, but with limited right. These applications can be accessed remotely by
different devices (i.e. desktop, laptop, mobile phone, PDA or tablet) through a thin client interface such as a web browser. The consumer does not need to control or manage the underlying cloud infrastructure. Presently, the SaaS applications are online services such as e-mail services, Google Docs, Microsoft Office Live, online antivirus, web conference, online entertainment applications such as game and video and so on. Examples of the cloud service providers are SalesForce.com (SFDC), Google, Microsoft, Oracles, NetSuite and IBM [15].
Platform as a Service (PaaS) model provides a complete development platform on the cloud as a service to customer. This platform provides everything to users that are used for designing, development, testing, and deployment applications to the cloud. This model is used to construct a higher level of service i.e. SaaS applications/services and so on. By using this, the clients can create web applications without organizing the hardware and software services on their own computer. They have full control over these applications to run and deploy. Services providers may use integrated OS, middleware, application software to construct a platform; for consumer side, API (application programming interface) brings package service to users for user side and users use the Platform through API. Key examples are GAE (Google App Engine), force.com (from salesforce.com), Microsoft's Azure [15]. The cost of PaaS is very low as compare to software development platform based on the data center.
Infrastructure as a Service (SaaS) consists of a hardware related services offered by cloud vendor. These services include some kind of storage services (database or disk storage), networks, virtual servers and other basic computing resources where user can deploy and run arbitrary software (i.e. operating system and applications). The user does not need to purchase the required infrastructure such as servers, network resources or data center. Consumers need to pay only for the time period in which they use the service. As a result, users can achieve very fast service delivery with low cost. The most known vendors that provide Infrastructure as a service are Amazon EC2 and S3, Rackspace Cloud Servers, Sun Microsystems Cloud Services, Flexiscale ,Terremark and Dropbox.
The above classification of service models is well accepted in the industry. But there are more granular clasification on the basis of service provided [21]. In
[21] everything is a service (XaaS), where X could be Software, Platform, Infrastructure, Hardware, Framework, Business or Organization and so on.4. Commercial product of cloud computing
These days, cloud computing is in an era of quick development, so it is clear that the new features and contents continue to discover. The companies which offer Cloud computing services come in all shapes and sizes. There are some companies such as Amazon, Google, Microsoft, Salesforce, IBM and Yahoo which are pioneers in cloud computing market. There are many companies which are attempting to grip in the market of cloud computing. We will give a brief introduction of some leading Vendors of services.
In the area of Infrastructure as a Service Amazon is pioneer and market leader among the cloud vendors. Amazon has a set of cloud services called Amazon Web Services [16]. These services are: Amazon Elastic Compute Cloud (EC2), Amazon S3(simple storage service), Amazon SimpleDB. EC2 provides computing servers on rent basis [1]; S3 provides data storage using a simple web interface on rent basis [27]; SimpleDB is non-relational database and provides web based service for running queries on structured data in real time [4]. Google is obviously a leader in the cloud computing space. Google provides the following cloud computing services: Software as a Service (SaaS) Google offers GMail, Google Docs, Picasa, Google Calendar and Google Group; Platform as a Service (PaaS) Google offers Googles AppEngine (GAE) which is a developer platform based upon Java and Python [29]. By using GAE a user can build a basic web application very quickly. Like other key cloud computing providers, IBM is also a leading Vendor in the Cloud computing area. SaaS IBM offers LotusLive iNotes, an email service based on web that provides messaging and calendaring facilities to users. Infrastructure as a Service cloud computing IBM offers Smart Business Storage Cloud for data storage and Computing on Demand (CoD) for data computing.
Salesforce.com is pioneer in Software as a Service. It was the first company which built a very successful product Customer Relationship Management on the cloud. CRM contains the information related to Marketing and Management. PaaS, Salesforce.com officers a development platform called force.com [9]. As discussed earlier Microsoft is also a pioneer company in the field of Cloud Computing. Microsoft offers BPOS (Business Productivity Online Suite) in SaaS space. In the Platform as a Service Microsoft provides a platform called Microsoft Azure [28]. Microsoft Azure offers a development platform which is based upon .Net.
5. Security challenges
Currently, Cloud Computing can be used almost everywhere and provides many benefits to companies, individual users and government organizations. It provides efficient, elastic and cost effective services environment to concerned customers. However, Cloud Computing also makes the interest of attackers and increases many security concerns. Security researchers, hackers and attackers have exposed that this model can be compromised and is not fully secure [33]. Gartner
[7] has conducted an investigation about the information security issues related to cloud computing. There are lots of security threats which emerge within or outside of cloud consumers/providers environment and these can be broadly classified as In-Door Threats, External Malicious Attacks, Virtualization tech-nology Related Security, Data recovery, Long-term Viability, Loss of Control, Data locality. The following are:In-Door threats: Even having the most advanced computer security and firewalls to your computer system is still vulnerable to inside threats [32]. It is a recognized fact that most of the security threats occur from inside an organization. In public cloud computing model, external customers store and process sensitive data on the cloud. If the vendor side, staff cannot be trusted that means the data of user side is unsafe. Thus there is possibility to violate two main security properties of data: Integrity and confidentiality. If any staff member misuses this data then reputation of Vendor will degrade also. One of the worlds major technology companies, Google recognizes the value of reputation for security matter as a key of success [23].
External Malicious Attacks: All the services in cloud computing environment are available on web; exchange of information between consumer and vendor is based on internet and for sometime is outside the domain of consumer and vendor. In this duration, due to the open structure of public cloud, it attracts the intruder; the data can also be under the jurisdiction of intruder. There are some external threats which include: man-in-the-middle, IP spoofing, denial of service attacks, Trojan Horses and Malware TCP Hijacking, Dumpster Diving, Password Guessing, Replay, etc [2]. These types of threats may violate the Integrity and confidentiality of data.
Virtualization technology Related Security: Virtualization is a core technique in cloud environment, which offers important cloud characteristics in Infrastructure as a Service which are: quick elasticity, resource pooling and location independence. It allows abstraction of computing resources, and creates several logical virtual machines (VMs) over a single physical machine function. VM refers to a software computer which behaves like a physical computer, also runs an
operating system and applications. It is always difficult to efficiently control several virtual machines running on a same physical machine. Each client operates on his own VM with operating system and all the software, which lead to security vulnerability that can be exploited by an attacker. The risk of virtual machine-to-virtual machine attacks or cooperation of VM is becoming a center for future attacks [11].
Data recovery: Incidentally, clients data may cause damage or loss due to server breakdown or fault in storage device. If this happens, would cloud vendor provides complete restoration, and, if does, how long that process will take [7]?
Long-term Viability: Users of cloud should ensure that the information located on cloud will never become invalid even the service provider (vendor) goes out of business, mixed up or swallow up by a superior company. If this type situation happen, then Is clients information returned and in which format [7]?
Loss of control: When clients locate their data or consume services on cloud, they dont know the exact location of stored data and offered services [25, 31]. Vendor can host their data or service at anyplace inside the cloud. This creates a serious concern as from a client point of view; clients lose control over their very important data and are not alert from any security mechanisms provided by cloud vendors side. How clients data is in unknown place and without any control over it described in [14].
Data locality: In the cloud computing environment, clients dont know where their vital data is stored, and client has no control over it, which may be an issue when an investigation occurs then who has the jurisdiction over that data. Another question picked up by Gartner [7]: Does the cloud vendor allow providing any control over the location of data?
There is no doubt that could computing can make live of its costumers easy by providing the services anywhere and every time on web. But in spite of providing many advantages to the costumers, its customers have to face a biggest challenge, which is security in cloud environment [30]. According to IDC survey [18], 74% managers and CIOs of IT industry believed that the security issues in cloud computing is major challenge that hinders customers from using services of cloud computing. According to the survey conducted by Garter [7], greater than 70% CTOs of IT believe that data security and privacy in cloud computing environment are the primary reason not to use the cloud computing services. There are may security challenges mentioned in [20, 22, 26]. Even though cloud vendors publicize the reliability and security of their services, but in reality, according to many survey related to cloud security, cloud services
are not as reliable and safe as vendors claim; but opposite this, described in [34], during system upgrade, Amazon Elastic Compute Cloud (EC2) crashed in April 2011. In the same month, Sony PlayStation Network was broke by hackers, resulting that personal information of 77 million people around the world was exposed. There is much information related to the security leakage of cloud vendors in [34, 35]. Due to the open structure and multi-tenant characteristic of cloud computing, the models of cloud computing as compared with the traditional IT environment may face different risks and challenges. So cloud computing environments have to face these traditional security issues. One more thing, so far cloud computing paradigm has no standard architecture and no standard world-wide accepted protocol to enhance the confidence of customers toward cloud computing world.
6. Conclusions and Future work
We discussed a novel technology: Cloud Computing, which can definitely make the business world more efficient and convenient by offering services on demand over internet. In spite of major benefits provided by cloud computing, it is not fully matured. More and more companies want to join into Cloud environment to provide services for a huge amount of users. Instead of various services provided by leading companies, we know that era of cloud computing is coming now. It will be good for user, because they would have lots of alternatives to choose services. However, security and privacy issues in cloud computing are major challenges that hinder customers to adopt the services of cloud computing. But there is no doubt that cloud computing is going toward a bright future and likely to be very useful to public user. Future work can be performed in the following areas of cloud computing: 1) to construct standardizing security protocols, 2) to construct standardizing architectural method, 3) To develop standardizing world-wide accepted protocol.
7. References
-
Amazon, Ec2, http://aws.amazon.com/ec2/, 2008.
-
Huiming Yu, N. Powell, D. Stembridge, X. Yuan, Cloud computing and security challenges, Proc. of the Annual Southeast Conference, 2012, pp. 298-302.
-
A Platform Computing Whitepaper, Enterprise Cloud Computing:Transforming IT, Platform Computing, pp6, viewed 13 March 2010.
-
Amazon, Simpledb, http://aws.amazon.com/simpledb/, 2008.
-
Gens F, 2009, New IDC IT Cloud Services Survey: Top Benefits and Challenges,IDC eXchange, viewed 18 February 2010, from <http://blogs.idc.com/ie/?p=730>.
-
Global Netoptex Incorporated, 2009, Demystifying the cloud. Important opportunities, crucial choices, http://www.gni.com, pp 4-14, viewed 13 December 2009.
-
Brodkin J, 2008, Gartner: Seven cloud-computing security risks, Infoworld, viewed 13 March 2009, from http://www.infoworld.com/ d/security-central/gartner-seven- cloudcomputing-security-risks-853?page=0,1
-
J. Rymarczyk, Virtualization for Data Centers of Today &Tomorrow,http://www07.ibm.com/systems/includes/ cont- ent/migratetoibm/pdf/Virtualization_for_Data_Centers_of_To day_Tomorro-w .pdf
-
SaleForce, Saleforce crm, http://www.salesforce.com/, 2008.
-
Dooley B, 2010, Architectural Requirements Of The Hybrid Cloud, Information Management Online, viewed 10 February 2010, from <http://www.information- management.com/news/hybrid-cloudarchitectural- requirements-10017152-1.html>.
-
Research paper Private Virtual Infrastructure (PVI) Model for Cloud Computing International Journal of Software Engineering Research & Practices Vol.1, Issue 1, Jan, 2011.
-
Gens F (2008) Defining Cloud Services and Cloud Computing. IDC eXchange, 23 September 2008
-
P. Mell and T. Grance, The NIST definition of Cloud Computing, National Institute of Standards and Technology (NIST), http://csrc.nist.gov/publications/nistpubs/800-145/ SP800-145.pdf, 2011.
-
Trusted client to cloud access article http://soaexpressway. wordpress.com /2011/03/01/trusted- client-tocloud-access/
-
Bhaskar Prasad Rimal, Eunmi Choi, "A taxonomy and survey of cloud computing systems", 2009 Fifth International Joint Conference on INC, IMS and IDC, published by IEEE Computer Society.
-
Li B et al (2009) EnaCloud: an energy-saving application live placement approach for cloud computing environments. In: Proc of international conf on cloud computing.
-
Tharam Dillon, Chen Wu, Elizabeth Chang, Cloud computing: issues and challenges, 24th IEEE International Conference on Advanced Information Networking and Applications, 2010, pp. 27-33.
-
IDC, IT Cloud Services User Survey, 2008.
-
June 13,2009, http://server.zol.com.cn/183/1830464.html.
-
H.Mei, J. Dawei, L. Guoliang and Z. Yuan, "Supporting Database Applications as a Service", ICDE'09:Proc. 25thIntl.Conf. on Data Engineering, 2009, pp. 832-843.
-
Gathering clouds of XaaS! http://www.ibm.com/ develo- per
-
S. Subashini and V. Kavitha, "A survey on security issues in service delivery models of cloud computing", Journal of Network and Computer Applications, 34(1), 2011, pp 1-11.
-
ComputerWeekly.com: Top Five Cloud Computing Security. http://www.computerweekly.com/Articles/2009/04/ 24/235782/ top-five-cloud-computing-security-issues.htm#6,
April 2009
-
Peeyush Mathur, Nikhil Nishchal, "Cloud Computing: New challenge to the entire computer industry", 1st
International Conference on Parallel, Distributed and Grid Computing, 2010, pp. 223 – 228
-
ISACA (auditors perspective journal) http:// www.isa- ca.org/Journal/Past-Issues/2009/Volume-6/Pages/Cloud-
Computing-An-Auditor-s-Perspective1.aspx
-
C. Wang, Q. Wang, K. Ren and W. Lou, "Ensuring data storage security in cloud computing", ARTCOM'10: Proc. Intl. Conf. on Advances in Recent Technologies in Communication and Computing, 2010, pp. 1-9.
-
A. AWS, S3, http://aws.amazon.com/s3/, 2008.
-
Windows Azure, www.microsoft.com/azure
-
Google App Engine, URL http://code.google.com/ appengine
-
J. Viega, "Cloud computing and the common man", Computer, 42, 2009, pp. 106-108.
-
Research paper Security Issues and Solutions in Cloud Computing http://wolfhalton.info/2010/06/25/security
-issues-and-solutions-incloud-computing/
-
Cloud and Telecom security article http://sbin.cn/ blog/2009/11/10/true-or-false-70-of-security-incidentsare- due-to-insider-threats/
-
Wesam Dawoud, Ibrahim Takouna and Christoph Meinel, "Infrastructure as a service security: Challenges and solutions," 7th International Conference on Informatics and Systems, 2010, pp. 1-8.
-
Ch. Cachin and M. Schunter, A Cloud Your Can Trust, IEEE Spectrum 48(12), Dec.-2011, pp. 28-51.
-
D. Chen and H. Zhao, Data Security and Privacy Protection Issues in Cloud Computing, ICCSEE, 2012, pp. 647-651.
International Journal of Engineering Research & Technology (IJERT)
ISSN: 2278-0181
Vol. 2 Issue 2, February- 2013