0

Literature Review on Security Challenges in Cloud Computing

Security Challenges in Cloud Computing

Cloud computing, an Internet-based computing system and the next stage in the evolution of the Internet has grabbed the spotlight and elevated IT to newer limits by changing the way of obtaining computing resources like computers, infrastructures, data storage, and application services. Cloud computing leads an opportunity in offering testing as a service (TaaS) for SaaS and can be deployed as Public, Private, Hybrid or Community. Software applications or products have been marketed as ‘On Demand’ business model in cloud SaaS with more efficiency than ever before and shift from server to service based technology. However these developments have created new security vulnerabilities including security issues which hamper the growth of cloud. According to the recent IDC [International Data Corporation] Cloud Services survey, 87.5% of IT cloud computing concerns are for Security Issues.

cloud testingTo provide successful cloud services and sharing of resources, the cloud must be tested before being brought into service. While cost and ease of use are the two main strong benefits of the cloud computing, Security and privacy- the prime factors of any new computing technology are the key challenges in the cloud computing  which causes new issues, challenges and needs in software security testing.

Security Challenges in Cloud Computing Testing Environment 

Distributed risk is one of the major challenges in cloud security testing. The process of deploying applications into the cloud which implies an unlimited resource pool for sharing and utilization helps many to benefit by leveraging distributed computing capabilities. But at the same time it causes the risk of inheriting associated security risks.  As clients don’t have access to the internal operational details with such multi-tenancy service leasing, the risk likelihood increases.  These risks can include Data Segregation, Leakage of private information, Service Loss and Malware attacks

The major issue in public cloud is Data Security. The main challenge in this category is the security of the confidential data. Leakage of private information, internet suspending and sudden disruption of service due to a maintenance window, slow internet speed, virus attack are the common obstacles needs to be handled in cloud computing as information travels through the internet. Hence Security testing becomes an indispensable part of cloud testing to assure that business critical data is stored and transported safely. It is a great source for identifying and rectifying vulnerabilities or flaws in applications so that they are less susceptible to compromise in the event of cyber-attacks.

Cloud ComputingSometimes Customer Data itself challenges the security in case the testing methods depend upon the customer data. In order to provide effective testing services, some testing tasks depend highly on the actual customer or production data. But the customers are prohibited from supplying confidential or production data to third parties. In such situation, the test data should be doubly scrutinized for testing in cloud.

Meeting security requirements is another challenge in Cloud. Cloud vendors may not be familiar with security requirements which are unique to their specific services. As there is no universally-approved method of cloud security testing, it all depends on client needs and provider offerings which involve the impacts of quality of service and the pricing models.

Mobile Resting in Real Devices

Security Issues to be addressed

The growth of cloud computing has created a demand for benchmarks that can measure the performance characteristics of cloud applications. Testing teams should be equipped themselves with viable strategies to mitigate the risks and issues associated with cloud computing by covering additional capabilities available in the cloud computing environment. Only a few advantages and a few testing challenges of the cloud computing solutions have been identified so far. In the future, as it is getting more matured architecture for cloud computing and more and more testing on the cloud applications there is every possibility of more testing challenges which can be explored by researchers.

When Enterprise Opted Security testing in Cloud computing Environment, few important security issues should be taken into consideration and should be addressed in beforehand. They are as follows:

Regulatory Compliance: Clients are accountable for the assurance of security of their solutions. Clients have the freedom to choose between the providers that allow to be audited by 3rd party organizations for the levels of security they provide and the providers that don’t

Data Location: Sometime Clients might not aware of what country or what jurisdiction their data is located because of their contracts

Privileged User Access: Because of issues of data ownership, Internet poses a certain degree of risk in the information transmission as the information transmitted from the client through the internet. Hence

Data Segregation: An effective mechanism to separate data should be deployed by the provider since the encrypted information from multiple companies are stored on the same hard disk

Recovery: To protect user data, a well-defined disaster recovery protocol should be implemented

Solution for Security Issues in Cloud Computing

cloud securityTo effective perform cloud security testing it is very important to understand about security issues, challenges in security validation and quality assurance for SaaS and clouds. To better understand and to address the Issues, a well-defined security test strategies should be practised by answering the following questions:

  • How can we assure the security of clod-based application processes and business data inside a third-party cloud infrastructure
  • What are the QoS Standards for security-oriented quality assurance for end-to-end application process and related business data in/on/over clouds?
  • What are the test models, test adequacy, test techniques and tools for security testing for end-end application in/on/over clouds?
  • How can we assure and assess user privacy in a cloud infrastructure?

The following cloud security testing strategy changes may help organizations to assure security testing services on Cloud

  • Prior to performing any testing, a Careful review of the contract signed with the hosting company and a clear insight on outline scope, tools involved, anticipated network load if any, types of attacks expect to perform
  • Need to decide between blackbox testing or whitebox testing. Blackbox testing can discover and exploit vulnerabilities whereas whitebox testing is much faster and easier to prioritize test efforts.
  • Identifying the lack of application logging to aid in focusing and enhancing the test efforts. By performing security testing in an isolated development environment, we can be able to tail logs and can see evidence of our attacks’ outcomes.
  • Formalized with the data flow within the app and expect to have to poke all around the app to complete the testing

Having formalized process of identifying targets, maintaining testing tools, coordinating with cloud service providers security issues in cloud computing can be well managed.  Scrutinized Support, Recovery Facility, Back up facility, Encryption Algorithm, Better Enterprise Infrastructure are the best solutions for security Issues in cloud testing.

Conclusion

conclusionDue to the advancement of cloud technology and testing as services, software security testing techniques are being adapted for the cloud computing and is becoming a popular research fields in the near future.  Cloud computing can be seen as a new phenomenon but it must be watch careful to understand the security risks and challenges posed in utilizing the new technologies as well. Although Cloud computing has the potential to become a frontrunner in promoting a secure, virtual and economically viable IT solution in the future, the key security considerations and challenges which are currently faced in the Cloud computing should be addressed first with adequate Scalability test models, Test Processes, Scrutinized Support,  Innovative test methods and solutions.

Seminar Attended

Cloud Security Alliance – Chennai Summit – 2016 – https://www.cloudsecurityalliance.org

Karthisen

Karthisen

Sr.Test Lead having 11+ Years of experience in the IT Industry including 2+ Years Onsite experience (USA) in Banking Domain

Leave a Reply