Cloud computing, an Internet-based computing system and the next stage in the evolution of the Internet has grabbed the spotlight and elevated IT to newer limits by changing the way of obtaining computing resources like computers, infrastructures, data storage, and application services. Cloud computing leads an opportunity in offering testing as a service (TaaS) for SaaS and can be deployed as Public, Private, Hybrid or Community. Software applications or products have been marketed as ‘On Demand’ business model in cloud SaaS with more efficiency than ever before and shift from server to service-based technology. However, these developments have created new security vulnerabilities including security issues which hamper the growth of cloud. According to the recent IDC [International Data Corporation] Cloud Services survey, 87.5% of IT cloud computing concerns are for Security Issues.
To provide successful cloud services and sharing of resources, the cloud must be tested before being brought into service. While cost and ease of use are the two main strong benefits of the cloud computing, Security and privacy- the prime factors of any new computing technology are the key challenges in the cloud-based application which causes new issues, challenges and needs in software security testing.
Security Challenges in Cloud-Based Apps Testing
Distributed risk is one of the major challenges in cloud-based apps security testing. The process of deploying applications into the cloud which implies an unlimited resource pool for sharing and utilization helps many to benefit by leveraging distributed computing capabilities. But at the same time, it causes the risk of inheriting associated security risks. As clients don’t have access to the internal operational details with such multi-tenancy service leasing, the risk likelihood increases. These risks can include Data Segregation, Leakage of private information, Service Loss and Malware attacks
The major issue in public cloud is Data Security. The main challenge in this category is the security of the confidential data. Leakage of private information, internet suspending and sudden disruption of service due to a maintenance window, slow internet speed, virus attack are the common obstacles needs to be handled in cloud computing as the information travels through the internet. Hence Security testing becomes an indispensable part of cloud testing to assure that business-critical data is stored and transported safely. It is a great source for identifying and rectifying vulnerabilities or flaws in applications so that they are less susceptible to compromise in the event of cyber-attacks.
Sometimes Customer Data itself challenges the security in case the testing methods depend upon the customer data. In order to provide effective testing services, some testing tasks depend highly on the actual customer or production data. But the customers are prohibited from supplying confidential or production data to third parties. In such situation, the test data should be doubly scrutinized for testing in the cloud.
Meeting security requirements is another challenge in Cloud. Cloud vendors may not be familiar with security requirements which are unique to their specific services. As there is no universally-approved method of cloud security testing, it all depends on client needs and provider offerings which involve the impacts of quality of service and the pricing models.
Security Issues to be addressed
Solution for Security Issues in Cloud Computing
To effective perform cloud security testing it is very important to understand about security issues, challenges in security validation and quality assurance for SaaS and clouds. To better understand and to address the Issues, a well-defined security test strategies should be practiced by answering the following questions:
- How can we assure the security of cloud-based application processes and business data inside a third-party cloud infrastructure
- What are the QoS Standards for security-oriented quality assurance for end-to-end application process and related business data in/on/over clouds?
- What are the test models, test adequacy, test techniques and tools for security testing for end-end application in/on/over clouds?
- How can we assure and assess user privacy in a cloud infrastructure?
The following cloud security testing strategy changes may help organizations to assure security testing services on Cloud
- Prior to performing any testing, a Careful review of the contract signed with the hosting company and a clear insight on outline scope, tools involved, anticipated network load if any, types of attacks expect to perform
- Need to decide between blackbox testing or whitebox testing. Blackbox testing can discover and exploit vulnerabilities whereas whitebox testing is much faster and easier to prioritize test efforts.
- Identifying the lack of application logging to aid in focusing and enhancing the test efforts. By performing security testing in an isolated development environment, we can be able to tail logs and can see evidence of our attacks’ outcomes.
- Formalized with the data flow within the app and expect to have to poke all around the app to complete the testing
Having formalized process of identifying targets, maintaining testing tools, coordinating with cloud service providers security issues in cloud computing can be well managed. Scrutinized Support, Recovery Facility, Back up facility, Encryption Algorithm, Better Enterprise Infrastructure are the best solutions for security Issues in cloud testing.
Due to the advancement of cloud technology and testing as services, software security testing techniques are being adapted for the cloud computing and is becoming a popular research field in the near future. Cloud computing can be seen as a new phenomenon but it must be watched carefully to understand the security risks and challenges posed in utilizing the new technologies as well. Although Cloud computing has the potential to become a frontrunner in promoting a secure, virtual and economically viable IT solution in the future, the key security considerations and challenges which are currently faced in the Cloud computing should be addressed first with adequate Scalability test models, Test Processes, Scrutinized Support, Innovative test methods and solutions.
Cloud Security Alliance – Chennai Summit – 2016 – https://www.cloudsecurityalliance.org