Security issues at Cloud Data Center-Review

(1)

Volume 3, Special Issue 1, ICSTSD 2016

30

Security issues at Cloud Data Center-Review

Mr. Pravin R. Nerkar*

Mr. Rahul R. Papalkar Mr. Nikhil S. Band

Information Technology,

Information Technology, Information Technology,

PRMIT&R,Badnera

India

In this paper we focus on the challenge in security in cloud data center, we know that when we move from traditional datacenter to cloud data center, risk is increases, risk about privacy & security. Mostly we focus on security at server level in cloud data center. In Cloud Data Center due to increasing trust boundaries risk is increases. Datacenter security requirements focus on protection (data and applications access), reliability, availability, and scalability. As datacenter architectures have changed with the growth of public and private clouds, security requirements for new deployment models have evolved as well. cloud datacenter means is pool of runtime services those provided by the cloud service provider. In this paper we focus security issue of cloud datacenter.

Keywords : Data center security, Public clouds Private clouds, Cloud issues.

I. I

NTRODUCTIO

N

Cloud computing is a computing paradigm, where a large pool of systems are connected in private or public networks, to provide dynamically scalable infrastructure for application, data and file storage. With the advent of this technology, the cost of computation, application hosting, content storage and delivery is reduced significantly. Cloud computing is a practical approach to experience direct cost benefits and it has the potential to transform a data center from a capital- intensive set up to a variable priced environment. The idea of cloud computing is based on a very fundamental principal of „reusability of IT capabilities'. The difference that cloud computing brings compared to traditional concepts of “grid computing”, “distributed computing”, “utility computing”, or “autonomic computing” is to broaden horizons across organizational boundaries.[1] In simple words, Cloud Computing is the combination of a technology, platform that provides hosting and storage service on the Internet.[6]

Fig 1. Cloud Architecture

Datacenter security requirements focus on protection (data and applications access), reliability, availability, and scalability. As datacenter architectures have changed with the growth of public and private clouds, security requirements for new deployment models have evolved as well. Security solutions must easily scale alongside the platforms they are protecting so that organizations benefit from virtualization and consolidation in a secure fashion. While virtualization has increased dramatically, most environments are still a blend of physical and virtual. Consequently, consistent policy management across both types of environments is a key requirement for security solutions in the datacenter[1].

(2)

31

II. C

LOUD

C

OMPUTING

C

HALLENGES

The current adoption of cloud computing is associated with numerous challenges because users are still skeptical about its authenticity. Based on a survey conducted by IDC in 2008, the major challenges that prevent Cloud Computing from being adopted are recognized by organizations are as follows:

 Security: It is clear that the security issue has played the most important role in hindering Cloud computing acceptance. Without doubt, putting your data, running your software on someone else's hard disk using someone else's CPU appears daunting to many. Well-known security issues such as data loss, phishing, botnet (running remotely on a collection of machines) pose serious threats to organization's data and software. Moreover, the multi-tenancy model and the pooled computing resources in cloud computing has introduced new security challenges that require novel techniques to tackle with. For example, hackers can use Cloud to organize botnet as Cloud often provides more reliable infrastructure services at a relatively cheaper price for them to start an attack[3].

 Costing Model: Cloud consumers must consider the tradeoffs amongst computation, communication, and integration. While migrating to the Cloud can significantly reduce the infrastructure cost, it does raise the cost of data communication, i.e. the cost of transferring an organization's data to and from the public and community Cloud and the cost per unit of computing resource used is likely to be higher. This problem is particularly prominent if the consumer uses the hybrid cloud deployment model where the organization's data is distributed amongst a

number of public/private (in-house IT

infrastructure)/community clouds. Intuitively, on demand computing makes sense only for CPU intensive jobs.[3]

 Charging Model: The elastic resource pool has made the cost analysis a lot more complicated than regular data centers, which often calculates their cost based on consumptions of static computing. Moreover, an instantiated virtual machine has become the unit of cost analysis rather than the underlying physical server. For

SaaS cloud providers, the cost of developing multitenancy within their offering can be very substantial. These include: re-design and redevelopment of the software that was originally used for single-tenancy, cost of providing new features that allow for intensive customization, performance and security enhancement for concurrent user access, and dealing with complexities induced by the above changes. Consequently, SaaS providers need to weigh up the trade-off between the provision of multitenancy and the cost-savings yielded by multi-tenancy such as reduced overhead through amortization, reduced number of on-site software licenses, etc. Therefore, a strategic and viable charging model for SaaS provider is crucial for the profitability and sustainability of SaaS cloud providers.[3]

 Service Level Agreement (SLA): Although cloud consumers do not have control over the underlying computing resources, they do need to ensure the quality, availability, reliability, and performance of these resources when consumers have migrated their core business functions onto their entrusted cloud. In other words, it is vital for consumers to obtain guarantees from providers on service delivery. Typically, these are provided through Service Level Agreements (SLAs) negotiated between the providers and consumers. The very first issue is the definition of SLA specifications in such a way that has an appropriate level of granularity, namely the tradeoffs between expressiveness and complicatedness, so that they can cover most of the consumer expectations and is relatively simple to be weighted, verified, evaluated, and enforced by the Kuyoro S. O., Ibikunle F. & Awodele O. International Journal of Computer Networks (IJCN), Volume (3) : Issue (5) : 2011 253 resource allocation mechanism on the cloud. In addition, different cloud offerings (IaaS, PaaS, and SaaS) will need to define different SLA metaspecifications. This also raises a number of implementation problems for the cloud providers. Furthermore, advanced SLA mechanisms need to constantly incorporate user feedback and customization features into the SLA evaluation framework.[4]

(3)

32

systems/applications being migrated to the cloud are: IT Management Applications (26.2%), Collaborative Applications (25.4%), Personal Applications (25%), Business Applications (23.4%), Applications Development and Deployment (16.8%), Server Capacity (15.6%), and Storage Capacity (15.5%). This result reveals that organizations still have security/privacy concerns in moving their data on to the Cloud. Currently, peripheral functions such as IT management and personal applications are the easiest IT systems to move. Organizations are conservative in employing IaaS compared to SaaS. This is partly because marginal functions are often outsourced to the Cloud, and core activities are kept in-house. The survey also shows that in three years time, 31.5% of the organization will move their Storage Capacity to the cloud However this number is still relatively low compared to Collaborative Applications (46.3%) at that time.[5]

 Cloud Interoperability Issue: Currently, each cloud offering has its own way on how cloud clients/applications/users interact with the cloud, leading to the "Hazy Cloud" phenomenon. This severely hinders the development of cloud ecosystems by forcing vendor locking, which prohibits the ability of users to choose from alternative vendors/offering simultaneously in order to optimize resources at different levels within an organization. More importantly, proprietary cloud APIs makes it very difficult to integrate cloud services with an organization's own existing legacy systems (e.g. an on-premise data centre for highly interactive modeling applications in a pharmaceutical company).The primary goal of interoperability is to realize the seamless fluid data across clouds and between cloud and local applications. There are a number of levels that interoperability is essential for cloud computing. First, to optimize the IT asset and computing resources, an organization often needs to keep in-house IT assets and capabilities associated with their core competencies while outsourcing marginal functions and activities (e.g. the human resource system) on to the cloud. Second, more often than not, for the purpose of optimization, an organization may need to outsource a number of marginal functions to cloud services offered by different vendors. Standardization appears to be a good

solution to address the interoperability issue. However, as cloud computing just starts to take off, the interoperability problem has not appeared on the pressing agenda of major industry cloud vendors. [3]

III. C

LOUD

D

ATA

C

ENTER

C

HALLENGES

We have find out following major challenges regarding cloud data center

 Cloud Data Management & Security

 Data Encryption

 Migration of virtual Machines

 Interoperability

 Access Controls

 Energy Management

 Multi-tenancy

 Server Consolidation

 Reliability & Availability of Service

 Common Cloud Standards

 Platform Management

(4)

33

Software frameworks such as MapReduce and its various implementations such as Hadoop are designed for distributed processing of data-intensive tasks; these frameworks typically operate on Internet-scale file systems such as GFS and HDFS. These file systems are different from traditional distributed file systems in their storage structure, access pattern and application programming interface. In particular, they do not implement the standard POSIX interface, and therefore introduce compatibility issues with legacy file systems and applications. Several research efforts have studied this problem [7].

Data Encryption: Encryption is a key technology for data security. Understand data in motion and data at rest encryption. Remember, security can range from simple (easy to manage, low cost and quite frankly, not very secure) all the way to highly secure (very complex, expensive to manage, and quite limiting in terms of access). You and the provider of your Cloud computing solution have many decisions and options to consider. For example, do the Web services APIs that you use to access the cloud, either programmatically, or with clients written to those APIs, provide SSL encryption for access, this is generally considered to be a standard. Once the object arrives at the cloud, it is decrypted, and stored. Is there an option to encrypt it prior to storing? Do you want to worry about encryption before you upload the file for cloud computing or do you prefer that the cloud computing service automatically do it for you? These are options, understand your cloud computing solution and make your decisions based on desired levels of security.

Migration of Virtual Machines: Applications are not hardware specific; various programs may run on one machine using virtualization or many machines may run one program. Virtualization can provide significant benefits in cloud computing by enabling virtual machine migration to balance load across the data center. In addition, virtual machine migration enables robust and highly responsive provisioning in data centers. Virtual machine migration has evolved from process migration techniques. More recently, Xen and VMWare have implemented ―live‖ migration of VMs that involves extremely short downtimes ranging from tens of milliseconds to a second. The major benefit of VM migration is to avoid hotspots; however, this is not straightforward.

Currently, detecting workload hotspots and initiating a migration lacks the agility to respond to sudden workload changes. Moreover, the in memory state should be transferred consistently and efficiently, with integrated consideration of resources for applications and physical servers [8].

Interoperability: This is the ability of two or more systems work together in order to exchange information and use that exchanged information. Many public cloud networks are configured as closed systems and are not designed to interact with each other. The lack of integration between these networks makes it difficult for organizations to combine their IT systems in the cloud and realize productivity gains and cost savings. To overcome this challenge, industry standards must be developed to help cloud service providers design interoperable platforms and enable data portability. Organizations need to automatically provision services, manage VM instances, and work with both cloud-based and enterprise-based applications using a single tool set that can function across existing programs and multiple cloud providers. In this case, there is a need to have cloud interoperability. Efforts are under way to solve this problem. For example, the Open Grid Forum, an industry group, is working on the Open Cloud Computing Interface, which would provide an API for managing different cloud platforms. Until now it has remained a challenging task in cloud computing.

Access Controls: Authentication and identity management is more important than ever. And, it is not really all that different. What level of enforcement of password strength and change frequency does the service provider invoke? What is the recovery methodology for password and account name? How are passwords delivered to users upon a change? What about logs and the ability to audit access? This is not all that different from how you secure your internal systems and data, and it works the same way, if you use strong passwords, changed frequently, with typical IT security processes, you will protect that element of access.

(5)

34

environmental sustainability. It has been estimated that the cost of powering and cooling accounts for 53% of the total operational expenditure of data centers. The goal is not only to cut down energy cost in data centers, but also to meet government regulations and environmental standards. Designing energy-efficient data centers has recently received considerable attention. This problem can be approached from several directions. For example, energy efficient hardware architecture that enables slowing down CPU speeds and turning off partial hardware components has become commonplace. Energy-aware job scheduling and server consolidation are two other ways to reduce power consumption by turning off unused machines. Recent research has also begun to study energy-efficient network protocols and infrastructures. A key challenge in all the above methods is to achieve a good trade-off between energy savings and application performance. In this respect, few researchers have recently started to investigate coordinated solutions for performance and power management in a dynamic cloud environment. The Global Energy Management Center(GEMC) can help companies monitor energy consumption patterns from multiple sources. These patterns can be further analyzed for usage, cost, and carbon footprint in a number of ways that help in optimizing energy. The center is uniquely positioned to service the clients across the globe by deploying a Remote Control Unit that has the capabilities to communicate to a cloud-based architecture [9].

Multi-tenancy: There are multiple types of cloud applications that users can access through the Internet, from small Internet-based widgets to large enterprise software applications that have increased security requirements based on the type of data being stored on the software vendor’s infrastructure. These application requests require multi-tenancy for many reasons, the most important is cost. Multiple customers accessing the same hardware, application servers, and databases may affect response times and performance for other customers. For application-layer multi-tenancy specifically, resources are shared at each infrastructure layer and have valid security and performance concerns. For example, multiple service requests accessing resources at the same time increase wait times but not necessarily CPU time, or the number of connections to an HTTP server has been exhausted, and the service must wait until it can use an

available connection or—in a worst-case scenario—drops the service request.

Server Consolidation: The increased resource utilization and reduction in power and cooling requirements achieved by server consolidation are now being expanded into the cloud. Server consolidation is an effective approach to maximize resource utilization while minimizing energy consumption in a cloud computing environment. Live VM migration technology is often used to consolidate VMs residing on multiple under-utilized servers onto a single server, so that the remaining servers can be set to an energy-saving state. The problem of optimally consolidating servers in a data center is often formulated as a variant of the vector bin-packing problem, which is an NP-hard optimization problem. Various heuristics have been proposed for this problem. Additionally, dependencies among VMs, such as communication requirements, have also been considered recently. However, server consolidation activities should not hurt application performance. It is known that the resource usage (also known as the footprint) of individual VMs may vary over time. For server resources that are shared among VMs, such as bandwidth, memory cache and disk I/O, maximally consolidating a server may result in resource congestion when a VM changes its footprint on the server. Hence, it is sometimes important to observe the fluctuations of VM footprints and use this information for effective server consolidation. Finally, the system must quickly react to resource congestions when they occur.

(6)

35

applications access to the storage and processing capabilities of the desktop, forming a bridge between the cloud and the user’s own computer. Considering the use of software such as 3D gaming applications and video conferencing systems, reliability is still a challenge to achieve for an IT solution that is based on cloud computing.

Common Cloud Standards: Security based accreditation for Cloud Computing would cover three main areas which are technology, personnel and operations. Technical standards are likely to be driven by organizations, such as, Jericho Forum1 before being ratified by established bodies, e.g., ISO2 (International Standard Organization). On the personnel side, the Institute for Information Security Professionals3 (IISP) is already offering formal accreditation for the security professionals. For the operational elements, there are some workable solutions such as tweaking the ISO 27001 and using it as the default measurement standard within the framework of the SAS 704. Currently, one of the main problems is that there are many fragmented activities going in the direction of Cloud accreditation, but a common body for the coordination of those activities is missing. The creation of a unified accreditation body to certify the Cloud services would also be a big challenge.

Platform Management: Challenges in delivering middleware capabilities for building, deploying, integrating and managing applications in a multi-tenant, elastic and scalable environments. One of the most important parts of cloud platforms provide various kind of platform for developers to write applications that run in the cloud, or use services provided from the cloud, or both. Different names are used for this kind of platform today, including on-demand platform and platform as a service (PaaS). This new way of supporting applications has great potential. When a development team creates an on-premises application (i.e., one that will run within an organization), much of what that application needs already exists. An operating system provides basic support for executing the application, interacting with storage, and more, while other computers in the environment offer services such as remote storage.

IV. C

ONCLUSION

Cloud computing is not one thing is a combination of multiple technology, we mention some issue regarding to cloud data center, we conclude that it is a typical but possible to handle big data with cloud computing.

V. F

UTURE WORK

In Future we will work on API, i.e. researcher can work to find unique application programming interface. Which is now a big challenge of cloud service provider for developing cloud services, mostly in software as service provider have a problem to make multiple component in one API environment.

References

[1] “ Datacenter Security: Ensuring Protect ion at the Server Level” Adapted from Worldwide Security 2013

Top 10 Predictions, by Christian A. Christiansen,

John Grady, et. al., IDC #239424 September 2014 [2] “Data Security and Privacy Protection Issues in Cloud

Computing” 2012 International Conference on Computer Science and Electronics Engineering Deyan Chen, Hong Zhao Academy Neusoft Corporation2 Shenyang, China

[3] S. Ramgovind, M. M. Eloff, E. Smith. “The Management of Security in Cloud Computing” In PROC 2010 IEEE International Conference on Cloud Computing 2010.

[4] C. Weinhardt, A. Anandasivam, B. Blau, and J. Stosser. “Business Models in the Service World.” IT

Professional, vol. 11, pp. 28-33, 2009.

[5] F. Gens. (2009, Feb.). “New IDC IT Cloud Services Survey: Top Benefits and Challenges”, IDC eXchange, Available: <http://blogs.idc.com/ie/?p=730> [Feb. 18, 2010].

[6] Harjit Singh Lamba and Gurdev Singh, ―Cloud Computing-Future Framework for e-management of NGO's‖, IJoAT, ISSN 0976-4860, Vol 2, No 3, Department Of Computer Science, Eternal University, Baru Sahib, HP, India, July 2011.

(7)

36

for the Cloud Computing Environments‖, In Proceedings of 10th IEEE International Conference on Computer and Information Technology, pp. 1328- 1334, 2010.

[8] Cong Wang, Qian Wang, KuiRen, and Wenjing Lou, ―Ensuring Data Storage Security in Cloud Computing,‖ 17th International workshop on Quality of Service, USA, pp.1-9, July 13-15, 2009, ISBN: 978-1-4244-3875-4

Security issues at Cloud Data Center-Review

30