Transparency

As discussed earlier, security issues due to third-party involvement give rise to another subsidiary issue of trust and transparency. The problem of transparency relates to the accountability of data usage, traceability of fi les and services on the cloud, maintenance of audit trail, etc. on both the cloud provider and the cloud con- sumer ends. According to Cloud Security Alliance (CSA), secrecy is not the only way to build effective security measure. Their emphasis is on adopting and adhering best practices and standards that create a more transparent and secure environment.

CSA is trying to get across to the purveyors of cloud services with STAR [ 11 ],

which is open to all cloud providers, and allows them to submit self-assessment reports that document compliance to CSA published best practices. The searchable registry will allow potential cloud customers to review the security practices of providers, accelerating their due diligence and leading to higher quality procure- ment experiences. CSA STAR represents a major leap forward in industry transpar- ency, encouraging providers to make security capabilities a market differentiator.

The software used to monitor the audit trail and to track the fi les on cloud must be capable of tracking all the activities irrespective of the type of architecture, that is, multi-tenant or single tenant . This software can be used by both the consumer and the provider and tally the same as a test for common audit trail. Transparency in case of multi-tenant SaaS provider becomes a challenging task as the application data is present in multiple machines along with other application (which may or may not contain vulnerability).

The transparency issue arises mainly due to the paradigm change in cloud. It is a shift from a focus on systems to a focus on data. Due to the inability of the current logging and other mechanism to cope with the tracing issues, researchers explored newer methods which worked accordingly on a cloud set up. The existing logging mechanisms were mainly system-centric and built for debugging or monitoring system health. They were not built for tracing data created within and across machines. Furthermore, current logging mechanisms only monitor the virtual machines layer, without paying attention to the physical machines hosting them. Additionally, whilst fi le-intrusion detection and prevention tools such as TripWire [ 12 , 13 ] existed, they merely compared key signature changes and did not record

and track the history and evolution of data in the cloud. Research personnel at HP are working on TrustCloud [ 14 ], a project launched to increase trust in cloud com- puting via detective, fi le-centric approaches that increase data traceability, account- ability and transparency in the cloud. With accurate audit trail and a transparent view of data fl ow and history on cloud, the cloud services are bound to become more reliable and the consumer has fairly more control over things which over- comes a lot of potential challenges that hinders growth and migration towards cloud.

3.2.4.1 Overcoming the Challenge

Trust and following the best practices are one way to overcome this challenge. Trust is developed over time by the provider by maintaining a clean track record in terms of the characteristics of a particular cloud service. An organisation must look for the following aspects before choosing a service provider:

• The history of the service provider

• The operational aspects apart from the ones mentioned in the service brochure, for example, ‘Where are the data centres located?’ ‘Is the hardware maintenance outsourced?’

• Additional tools, services and freedom offered to improve visibility and trace- ability in the cloud environment

For example, users of IBM’s cloud services can use Tivoli management system

to manage their cloud and data centre services. TrustCloud can be another example of a tool which can be used to increase transparency.

3.2.5

Latency

In a stand-alone system, it matters a lot where the data and other resources are situ- ated for computation. In conventional client server architecture, the application server is made to be located as close to the client as possible via the means of data centres and CDNs (content delivery network ). On a similar note it matters a lot where the cloud is situated and that a cloud provider may have plenty of Web band- width from a given data centre, but if that data centre is thousands of miles away, then developers will need to accommodate and program for signifi cant latency. Latency is generally measured as the round-trip time it takes for a packet to reach a given destination and come back, usually measured using the standard Linux pro- gram, “ping”. As an example, if the cloud application is an email server, it is better to have the cloud situated nearby. The multimedia content present in the application can be handled by the services provided by CDNs which invisibly brings this con- tent closer to the client.

Irrespective of the type of cloud service deployed, all cloud computing initiatives have one thing in common, that is, data is centralised, whilst users are distributed.

This means that if deployment is not planned carefully, there can be signifi cant issues due to the increased latency between the end users and their application servers. All cloud services inherently use shared WANs, making packet delivery – specifi - cally dropped or out of order IP packets during peak congestion – a constant prob- lem in these environments. This results in packet retransmissions which, particularly when compounded by increased latency, lower effective throughput and perceived application performance.

Fortunately, in parallel with the cloud trend, WAN optimisation technology has been evolving to overcome these challenges. WAN optimisation helps “clean up” the cloud in real time by rebuilding lost packets and ensuring they are delivered in the correct order, prioritising traffi c whilst guaranteeing the necessary bandwidth, using network acceleration to mitigate latency in long-distance environments and de-duplicating data to avoid repetition. So with WAN optimisation, it is possible to move the vast majority of applications into the cloud without having to worry about geographic considerations [ 15 ].

3.2.5.1 Overcoming the Challenge

Organisations moving their latency-sensitive applications should consider negotiat- ing with the service provider for possible support to reduce it and increase end-to-end performance. At times, few service providers provide such facilities but mostly are customised and confi gured for a specifi c consumer’s needs usually combining with custom network confi gurations and private cloud . Also, care should be taken in order to maintain the quality of normal services amidst all the tweaks to reduce latency.