Addressing the Issues & Challenges of Cloud Computing

Addressing the Issues & Challenges of Cloud Computing

Krishan Kant Lavania*1 Ajay Maurya#2

Arya Institute of Engineering & Technology, Jaipur, India #1

Poornima Group of Institutions, Jaipur ,#2

Research Scholar, Singhania University ,#2

From – Poornima Group of Institution,sJaipur

Abstract Cloud computing is a kind of rising business computational model furnishing many opportunities for enterprises by extending a range of computing services. Since it share distributed resources via the network in open air environment, thus it is very important to address the security issues and challenges for proper development of cloud computing applications. In this paper, we give attention to address the security requirements, issues and challenges in adopting cloud computing environment. It will address all security issues & challenges like trust, control, ownership, certification, authentication, outsourcing etc. These issues and challenges create a breach between adoption and innovation that cloud computing consumers dont fully trust this rising way of computing. To bridge this breach, we need to understand the trust issues and challenges associated with cloud computing from both technology and business perspectives so that this rising computational model can be implemented in business world with minimum risk of type of loss.

Keywords: Cloud Computing, Trust, Challenges, Privacy, Compliance, RASP etc.

1. INTRODUCTION

   What is tangible meaning of Cloud computing? These days everyone who is engaged in this IT world is talking about this technology. The Cloud Computing is one kind of upcoming business accounting model. Cloud Computing is a location independent computing technology, in which shared servers provide resources, software, data to computers and other devices on demand. Cloud computing is a natural evolution of the widespread adoption of virtualization, service- oriented architecture and utility computing. The implementation details are abstracted from consumers, so that they no longer have need to memorize in, or control over, the technology infrastructure in the cloud that supports them. [1] IT organizations and companies are bending to cloud computing technology to minimize the time spent on lower- value activities and allow IT to centering on strategic activities with greater impact on the business world. In counterpoint to the fast growing use of cloud computing technology, people have remained concerned in the field of information

   security and authentication of the consumer in the cloud. Now days people search for a standard solution which is known for its efficient computing. The cloud computing has become a new star for this call of consumers. Cloud computing is concerned with the sharing and contemporized use of multiple resources in different environment in distributed virtual organizations (VO) [2]. The user does not need to purchase the software, rather according to its own actual demand, rents to the providers based on the usage i.e. it provides a facility that enable large scale controlled sharing and interoperation among resources that are separately owned and managed among different servers. So security is a major element of concern in any cloud computing infrastructure, because it is necessary to control that only authorized access is granted, secure and valid connection is accepted. So the cloud computing infrastructure should be trusted by each other and the actors that have communication should be trusted by each other i.e. the consumers and providers of service. On one hand the security mechanism used should ensure security enough to the consumer, but it contrast to this the security mechanism should not be too complex to put the consumers in a awkward situation. So there should be a balance between the security and convenience of the consumers. The security mechanism not only guarantees security but also ensure reliability, availability, trust, safety and integrity of information. This paper tries to summarize the issues and challenges which can occur in environment of general characteristics of cloud computing which will help as the safety measures during the development and implementation of this widely adopted rapid evolving technology.

2. WHAT IS CLOUD COMPUTING

   1. he essence of Cloud Computing

      To some stage it is difficult to exactly define the cloud computing. It is a virtual pool of shared computing resources for users through internet. Integrated cloud computing is a whole dynamic computing system. It provides a mandatory application program environment [3]. It can deploy, allocate or reallocate computing resources dynamically and supervise the usage of resources at all times. It collects all the computing resources and manages them automatically through software. The

      users need not care how to buy servers, softwares, solutions and so on.

      B.Cloud Computing Trend

      Though people have different perspectives on the cloud computing, they have already reached an agreement on the basic trend on it. Its basic trend is as follows:

      1. SAAS (Software as a Service): Its a main service of cloud computing. This service of cloud computing channelize programs to millions of consumers through a mandatory application program. In the users point of view, this can save some cost on servers and software and in the providers point of view they only need to exert one program, this can also save cost. Sales force is so far the most famous company that provides this kind of service. SAAS is usually used in Human Resource Management System and ERP (Enterprise Resource Planning).

      2. Utility Computing: Cloud Computing is used for creating virtual data center for IT industry. It can furnish the whole net through gathering memory, IO equipment, storage and computing ability to a virtual resource pool. Recently Amazon.com, Sun and other companies that furnish these storage services are in the market.

      3. Network Service: Network Service has a strong relation with SAAS. The service providers can help programmers for developing applications based on internet rather of providing single machine setup.

      4. PAAS (Platform as a Service): Under this Service user can utilize the middlemans services to develop its own program and transfer it to the users through internet and servers.

      5. MSP (Management Service Provider):This is one of the most former applications of the cloud computing. This application generally serves the IT industry instead of end users. It is often used in MVS (Mail Virus Scanning) and program supervising.

      6. Commercial Service Platform: This service is an assortment of SAAS and MSP (Mixed Signal Process), this kind of computing provides a platform for the communication between the users and the service providers. For example, the user individual expense management system can also manage other users expense according to their settings and organize all the services that user purchased[4].

      7. Integrating Internet: It can incorporate all the companies that furnish similar services, so that users can compare and take their service provider.

   C. Cloud Computing Features

   The fundamental feature of cloud computing is that the computing is "in the cloud" i.e. the processing (and the related data) is not in a defined, recognized or still place(s) i.e. it is a model in which the whole processing take on place in one or more specific servers that are strange. Some essential features of Cloud Computing are as follows:

   1. Dynmic Computing Infrastructure: Cloud computing demands a dynamic computing infrastructure. The basis for the dynamic infrastructure is a standardized, scalable, and secure physical infrastructure. There must be an appropriate degrees of redundancy to assure high levels of availability, but mostly it must be easy to cover as usage growth demands it, without doing any architecture rework and it must be virtualized. Now days virtual environments supports server virtualization which act as the basis for running services. These services need to be easily purveyed and de- purveyed with the help of software automation. These service workloads must be moved timely from one physical server to another as service demands increase or decrease in future. The infrastructure must deliver business value much more than the investment. A dynamic computing infrastructure must be able to effectively support the elastic nature of service purveying and de- purveying as requested by users with keeping high levels of reliability and security. The integration provided by virtualization, when grouped with purveying automation, creates a high degree of utilization and reuse, which finally results in yielding a very effective use of capital equipment.

   2. IT Service-Centric Approach: Cloud computing is basically an IT service-centric. In most of the cases, the consumers of the cloud services broadly wish to use some business service or application for a defined, timely purpose and they dont want to get stuck down in the system complexity and network complexity of the virtual pool. They always favor to quick and easy access of a dedicated instance of an application or service and the IT Service Centric approach enables user adoption and business lightness. The user can easily perform an administrative task and so more fast the business moves, reducing costs or driving revenue i.e. overall profit.

   3. Self-Service based usage model: In order to use the services of Cloud, Cloud requires some degree of user self-service. These self-service enables users to upload, build, deploy, schedule, manage, and report on their business services as per their need. Self-service cloud must offer easy-to-use, non rational user interfaces that enable consumers to effectively monitor the service delivery lifecycle. The gain of self service from the consumers point of

      view is a degree of authority and self-governing power that affords significant business ability. And one more gain neglected from the service providers or IT teams point of view is that the more self service can be assigned to users, the less administrative participation is required i.e. it saves time and money and allows administrative staff to centering on more strategic, high-valued responsibilities[5][6].

   4. Minimally or Self-Managed Platform: If an IT team or a service provider wishes to provide an efficient cloud and its constituents then it must enable a self- managed technology platform. Clouds can provide self management platform with the help of software automation, enabling the following potentialities:

      • A purveying engine for positioning services and tearing them down so that they can recover resources for high degree of reuse

      • Methods for scheduling and booking resource capacity

      • Capabilities of setting up, handling, and reporting to assure resources can be allocated and reallocated to maximum number of consumers.

      • Tools for checking usage of resources and policies to check how resources can be optimally used or operations can be easily performed.

      All of these potentialities enable business nimbleness while parallel enabling critical and necessary administrative rights. So this helps in maintaining security, also minimizes the degree of IT administrative efforts, keeps operating cost low and also focus on freeing up resources.

   5. Consumption-based billing: Cloud computing is usage-driven. The users pay only for what resources they used i.e. charged or billed only for what they used. There must be some mechanisms to monitor information that helps in chargeback reports and integration with billing systems. The benefit here from a user's view is that they have to pay only for the resources they use, which finally results in cost saving and from a providers view, it allows them to track usage for charge back and billing purposes[7].

   6. Elasticity and Scalability: The cloud must be elastic, which means that resource allocation or de- allocation can get smaller or bigger depending on users demand or resource consumption. Elasticity enables scalability i.e. the cloud can scale upward for more resources demand and downward for lighter demand. It also means that an application can scale when adding more users, when application requirements varies.

   In short, all of these cloud computing features are necessary in developing an enterprise private cloud capable of achieving obliging business value which includes more savings on capital equipment, less operating costs, less support costs, and importantly increase business agility. All of these features enable corporate to improve their profit margins and competitive in the markets they serve[8][9].

3. ISSUES & CHALLENGES OF CLOUD

   COMPUTING

   There are some significant issues and challenges that must be addressed properly before one sign contract with any of the cloud vendors for using their services. These crucial issues and challenges, discussed below, are more applicable for business owners who are in preparation to shift to the cloud and does't matter if you are a user who only uses the cloud different services and pay for using them.

   A.Privacy

   A privacy issue is a very difficult job and necessary to achieve in good cloud environment because of some legislative act for the protection of personal information of a consumer. Further the laws in one country may quite different from the laws of privacy in other countries so here the question is that the laws applied would be unmanageable in a cloud infrastructure because in cloud environment the data may be moved to data centres which are located in many different countries and locations. So an approach must be developed by customers and service providers by working together to ensure the data is collected, stored, accessed and managed in conformity of applicable privacy laws so that the issue of privacy of data can be solved with minimum efforts and risk of loss.

   B.Security/Data Security

   The security issue is a critical issue because a security failure could cause significant damage to customer's private data, information and among other things. Many service providers limit their security responsibilities to "standard industry practices" and further characterize them by limiting the range of responsibilities to the use of "reasonable commercial efforts" to meet that standard. As such standards in cloud computing infrastructure are not so much established, so this mechanism is very dangerous. The risk of this approach is that if improperly implemented then renters may have access to third- party data. So a customer must negotiate with service providers for their specific security responsibilities and monitoring for future problems. The provider should monitor security checks and audit of security procedures and ensure security of consumer information. On other leading edge cloud services provider will employ data storage and data encryption, consumer verification, and data access

   practices, many people worry about the exposure of remote data to such criminals as hackers, thieves, and so outside world. Service providers are very sensitive to this rising issue. So for customer it is difficult to understand what goes on below the covers, resulting in the consumer worrying for the security of their data. One solution is to think a hybrid deployment model, where you nourish the cloud for computation muscle and store the data in servers protected byfirewall. Each solution has its pros and cons, which is a discussion on its own, so we will not discuss that.

   1. RASP

      RASP stands for reliability, availability, scalability and performance. The first two might be fairly the duty of the vendor from an infrastructure view but the reality is that its your duty for all four from an architecture view. This issue should not be left completely to the vendor. To some extent, you can rely on them to provide some degree of RASP, but ultimately you need to give opinion to structured RASP and apply that in your application infrastructure in the case your cloud vendor goes down. There are numbers of structural decisions that need to be studied when designing an application infrastructure and these are important as the questions one should ask to vendor before taking to the service. Some users also worry about the financial stability of service provider and are their data storage system is trustable? Most service providers try to solve this issue by using redundant storage techniques but it is still possible that a service may crash or go out of trend, leaving consumers with limited or no access to their data. The variegation of providers can help to get relieve from this challenge even though at a higher cost [10].

   2. Ownership

   Once user data has been passed on to the cloud some people worry that they may lose some or all of their rights or may be unable to protect the rights of their customers. Many cloud providers are addressing this challenge with well-fashioned user-sided agreements. So never use a service whose provider lays any form of ownership claims over your data and you make seek advice from your legal representative.

   E.Data Recovery

   Cloud service providers use redundant servers and regular data backup processes, but some people worry about are they able to control their data backups on their own or not? Many providers are now days offer data dumps onto a media or allow users to backup their data by regular downloads, So that your data could be safe if case your data is not available or is completely removed due to a disaster.

   F. Data Portability and Conversion/ Cross-country Data Migration

   This issue has multiple implications. As user do not know where the data is stored, so this issue can have impact on performance of application if your processing engine is very far from the data on which it is working upon. It matters a lot, since your data could be stored anywhere and there are some privacy rules and acts that come in to play to prevent your data. So this issue needs to be discussed thoroughly with your cloud vendor while taking a service.

   Some users may wish to switch their providers but they may have difficulty in transferring the data. Porting and converting of data highly depends on the quality of provider's data retrieval format, especially where the data format is hard to discover. As the market competition grows and standards become established, the issue of portability will be eased and appropriate conversion mechanisms will be deployed by cloud providers.

   1. Multiplatform Support

      An important challenge for IT organizations is how to integrate cloud based service across different platforms and operating systems, e.g. Windows, Linux etc. Generally, some structured implementation of the service takes care of this issue. Multiplatform support requirements will ease as more user interfaces become web-based[11].

   2. Intellectual Property

      Here the question is that if a company invents something new by using cloud services as part of the inventions, then the invention remains patentable? Can vendors provide similar services to other competitors? But when it comes to cloud computing Intellectual Property is not always clear-cut. Once someone understands that cloud computing potentially suffers from much of property or patency as the same fate as proprietary systems, the question arises that do the advantages of using the cloud outweigh this issue? The user would realize that cloud-based services can be backed-up, verified, cross-checked, and made more secure by combining them with traditional non-cloud IT processes.

   3. Outsourcing

      Outsourcing is a very critical issue. SaaS (Software as a Service) allows enterprise customers to cut business costs by outsourcing the cost of infrastructure management and operations to the SaaS vendor. Still SaaS ISVs especially with small investment are not equipped to handle their own data centers and outsourced a financial resource who will employee

      people to handle that investment. So due to the flexibility of outsourcing that piece to the cloud vendor, many SaaS ISVs will adopt that idea. So this outsourcing may happen at different levels and what it means for you that as a consumer you do not really know who is handling your private data because it might not be the same ISV which is providing you the service.

   4. Compliance

      Another issue that is a major concern for companies when deciding whether or not to take advantage of the cloud is compliance. There are various laws and regulation that company needs to control and protect their data and it can outsource the management for their infrastructure. They need to be certified that they have complete control and monitoring over the accessing of private data, how and where it is stored. This causes complication in cloud environment whereas the concept says that companies are unaware of where their data is. A solution is to work to understand what happens to your data while it is in the cloud. Many cloud providers have SAS 70 certifications in which they describe exactly what is happening to user data in their environment, how and where the data is stored, what the service provider does with data, and what measures are used to check over the access to and processing of the data. The Certification in concurrence with your audit to ensure procedures followed by service provider meet your needs and also satisfies compliance regulations. So any vendor that does not provide this certificate is not suited for your needs.

   5. Data Availability

   What happens if the cloud services go down due to some mishap? How does user get access to the data? What if you do not have any Internet Facility at some place, but want to access your data immediately using the application? This is an architectural concern for providing data but the former one has to deal with SLAs. You need to understand what your vendor commits to give in the form of up time and availability and what is the effect to the vendor if those commitments are not met. At the end of the day, an agreed SLA still does not guarantee for downtime, it rather acts as insurance. So a user must consider this issue before sign-up for the services of the cloud[12].

4. CONCLUSION

Any new technology must gradually build its reputation for good performance and security, earning user's trust over time. No doubt, Cloud Computing has come out as a radical concept for managing and delivering business services over the Internet. Besides its ease of adoption, lower maintenance costs, workflow efficiency, there are many key issues and challenges in adoption of this technology including privacy, data security, portability, RASP, recovery, ownership, propriety rights, data availability, outsourcing, compliance etc. In this paper, we tried to focus on these issues and challenges so that if a Service Provider and User is adopting cloud computing than they must be aware of these cons and pros of this technology. Understanding a technical area as complex as cloud computing is not so easy and requires identifying its fundamental issues and many other things. We believe that these issues and challenges will explore the necessity while adopting cloud computing and the development of this technology will benefit from our work. As a part of future work, first we'd like to get the solutions to these issues especially the critial ones. And second how to integrate these solutions in hardware modules with cloud computing system.

REFERNCES

1. Danielson, Krissi (2008-03-26). "Distinguishing Cloud Computing from Utility Computing". Ebizq.net. Retrieved 2010-08-22.

2. Jason Reid Juan M. González Nieto Ed Dawson, "Privacy and Trusted Computing", Proceedings of the 14th International workshop on Database and Expert Systems Applications, IEEE, 2003.

3. http://www.boingboing.net/2009/09/02/cloud-computing- skep.html

4. Fu-yi group to talk about cloud computing pan development path, in November 2008 11

5. On the cloud computing environment, security policy,http://security.zdnet.com.cn/security_zone/2009/0502

   /1366089.shtml,May 2009 02

6. Wikipedia, Cloud computing, http://en.wikipedia.org/wiki/Cloud_computing.

7. On the future technology trends: the development of cloud computing security,

   http://stor.zol.com.cn/128/1288536.html, April 13, 2009 (reproduced)

8. Frank E. Gillett, Future View: The new technology ecosystems of cloud, cloud services and cloud computing Forrester Report, August 2008.

9. http://www.mikedipetrillo.com/mikedvirtualization/2009/04

   /the-five-defining-characteristics-of-cloud-computing.html.

10. http://www.insidecounsel.com/Exclusives/2010/9/Pages/Ke y-Issues-for-Cloud-Computing-Customers.aspx

11. http://iaap.activeboard.com/forum.spark?aBID=123605&p= 3&topicID=37864848&page=1&sort=newestFirst

12. http://sumanchaudhuri.wordpress.com/2008/07/24/the- challenges-of-cloud-computing.