• No results found

CHAPTER 1 INTRODUCTION

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "CHAPTER 1 INTRODUCTION"

Copied!
8
0
0

Loading.... (view fulltext now)

Download now ( 8 Page )

Full text

(1)

1

CHAPTER 1

INTRODUCTION

1.1 Background

Cloud computing is something which is not new in the world of Internet. Basically, it is a unique space in the Internet. It can be used for service, storage and many more. Several computers are joined together to create this cloud. Reese [1] stated that the cloud is where you go to use technology when you need it, for as long as you need it, and not a minute more. Therefore, it can be considered as a service on demand and it eliminates difficulties for some companies to set up their own network.

Cloud itself has become quite familiar in many countries. Schneider [2] from Rackspace Hosting has conducted a survey about the public awareness of cloud. The result shows that many people have known about cloud but also do not have any idea or future plan about the cloud. Even if they have a plan with the cloud, most people shift to cloud without knowing the real benefits of cloud computing. They should have realized that the cloud is more than just a service. It is also something that can create opportunities as well as challenges to the business.

In Indonesia itself, many new players have started their business as cloud computing providers. There are Biznet Networks, Microsoft, CBN and Astra Graphia IT. They are the companies who will support the development of cloud computing in Indonesia. Even

(2)

though the location of the data centers are hidden from the customers, at least the customers will be rest assured knowing that they are dealing with local companies. This will attract more Indonesian people to move their business to the cloud. Especially with the benefits that cloud computing has to offer.

Thomas [3] pointed out two major benefits of cloud computing. The first and most important benefit for business is the reduced total cost. By shifting to the cloud, the users will not be burdened with the purchasing, installation and maintenance, which result in more cost. They can just subscribe to the cloud providers with cheaper cost and the service is ready. The implementation of IT is usually linked with the high cost. But using the cloud, the cost will be much cheaper. With the reduced total cost, the profit will eventually increase and drive the business forward.

The other important benefit of cloud is improved scalability and reliability. This will allow the customers to expand or increase the capacity of their infrastructure with ease. The process of scaling the infrastructure will not affect the business process as well. It is very contrast compared to the conventional method where the server must be shut down while upgrading the infrastructure. Furthermore, it makes the system more reliable and dependable.

However cloud also comes with disadvantages. Cloud still faces common problems of the Internet, especially the security. It is also vulnerable to threats and attacks. This is caused by the immaturity of the cloud itself, Urquhart [4] mentioned. The process of

(3)

reducing risk must start with the threats and vulnerabilities. It is impossible to wait for the cloud to mature by itself in terms of risk and security. Business will lose opportunities and there is no guarantee that the cloud will mature without the involvement of the stakeholders. What the providers can do is to step ahead of the threats and build a secure cloud.

This security problem is something that all providers will face sooner or later. In the worldwide, there are Google, Amazon and Salesforce as the example of giant cloud computing providers that have been doing the business for years. In Indonesia, we have Biznet Networks as the leading player in the business. All of them still face the common problem, which is the security. Even these big players sometimes have difficult times dealing with this security problem. This is a sign that new cloud providers should pay attention to cloud security.

New providers entered the business with limited knowledge and experience about cloud security. Although there are some similarities between the threats in Internet and in cloud computing, there are some specific threats and risk that they should know as the cloud providers. Furthermore, they might be dealing with experienced customers or inexperienced customers. In order to gain their trust from the early stage, they should prepare a better strategy in minimizing the risk.

In addition to those, Farahmand [5] believed that distrust is the major issue in the cloud. It is not easy to gain the trust from the customers, especially for cloud computing where

(4)

all the information is hidden from the users. The providers also cannot deliberately leak their infrastructure to the customers without proper identification of the customers. What they can do is to focus on building their infrastructure and find ways to maintain the confidentiality, availability and integrity of their system. The absence of standards in cloud also makes it more difficult for providers and customers to build a good cloud environment. Without standards, new players in the cloud will face difficulties to align themselves with the new environment. If cloud has such standards, people can easily follow the standards and procedures when joining the cloud. This can possibly increase the trust level in the customers.

But still, convincing the customers is not an easy task for the new providers. Advertising and certification are not enough to gain the trust of the customers. Some customers tend to ignore the risk. They think that the moment they move their business in the cloud, everything about the security is the providers’ responsibilities. There are also experienced customers who like to know the providers ability to handle risk. Either way, better preparation and strategy is always a good thing to have. In case they face security problems in the future, they can handle it before their customers noticed about it.

To achieve better security, a thorough investigation and risk assessment should be done beforehand. The threats and vulnerabilities should be identified to uncover the weaknesses in the system. Then the risk should be identified based on the threats and vulnerabilities found. The impact of the risk must be analyzed as well. So the company can know which risk has a major impact for the business and which risk that only cause

(5)

minor impact for the business. Besides the impact rating, the probability of such risk to occur must be calculated. This way, the company will know better which risk that must be prioritized. Nevertheless, all risk must be taken care seriously. Even though such risk only cause minor impact, does not mean that the company can ignore it.

Implementation of security controls is very essential to handle the risk. The controls are meant to avoid further vulnerability exploits or reduce the impact of certain risk. But the most important is to ensure that the core of the business still run regardless of the conditions. Downtime in cloud computing can be fatal since everything is running on the cloud. And this is the reason why business continuity and the contingency plan are very important.

Obviously it will need some time for the providers to build their reputation. The risk management will not boost the company’s reputation all of a sudden. But it will help to support the business and improve the ability of the organization to handle vulnerabilities. In the end, it all comes to the readiness of the providers to face the security challenges that constantly changing.

1.2 Scope

This thesis will focus on the risk assessment and impact analysis for new cloud providers who have just entered the cloud computing business. This will include the prioritization of threats based on its probability rating and impact rating. Not to mention

(6)

the explanation about the impact analysis. After that the recommendations on the risk control strategy will be covered as well.

This thesis will not discuss the risk assessment for existing providers or cloud customers. Also, the testing and implementations of the proposed controls are not covered due to the limited time and resource. And the details and step-by-step implementation of each risk control strategy is not covered in depth.

1.3 Aims and Benefits

The purpose of this thesis is to identify the threats with the highest impact to the business as new cloud computing provider. Whitman [6] described threat as an object, person or entity that represents danger to certain asset. This can come from inside or outside of the system. And the types of threats can vary. It is closely related to vulnerabilities, which is also known as the weakness in a controlled system. Threats can endanger a system through the vulnerability exploits. The controls are identified to assess the effectiveness of the controls to secure the system. New providers will face this challenge of threats and vulnerabilities when they enter the business in cloud computing. With proper identification of threats and vulnerabilities, the risk assessment and management process can be carried out successfully.

After the threats and vulnerabilities are identified, the risk that can occur from those weaknesses can be recognized. The risk will be further classified based on the probability of the threats to occur and the impact of the threats. Then the author will

(7)

suggest the controls to minimize the risk. After the controls are proposed, the residual risk will be identified as well. This will give the new providers the idea of the whole risk management plan.

This risk assessment will help the preparation of cloud providers who have just or about to establish their business in the cloud. They can plan for better security as they enter the business. Even though there are numerous threats involved in cloud computing, they will have the baseline of a good security infrastructure to start the business in cloud. This will also add their knowledge of the attacks or incidents that might happen in the future.

Hopefully with all these solutions on how to manage the risk, more customers will be convinced that cloud computing is safe. Even though that there is no such thing as 100% security, that does not mean that the providers should give up in managing security. Instead, they should always try to get ahead of the threats to maintain a secured cloud environment.

1.4 Structure

Chapter 1 in this thesis will cover the introductory part of the project. A brief introduction to the current cloud problem is stated in this part along with the goals and objectives. The explanation about why the problem needs to be solved is also given. This chapter also states the scope of the research, which clearly defines the focus of the research. The aims and benefits of the research will be covered in this chapter as well. And the last part of this chapter is about the structure of the whole thesis writing.

(8)

Chapter 2 will explain the theoretical used as the foundations of this research. This chapter will explain the architecture of cloud computing in more details. The history, services, delivery and deployment models will be covered as well. Then the security infrastructure will be explained as the supporting foundation for the research. After that, the risk mitigation strategies will be covered as the foundation on how to manage the risk.

Chapter 3 will define the problems with the research methodology for the research. This also includes the framework used as the foundation of the research. Specific technique used for data gathering will be explained in this chapter.

Chapter 4 will explain about the result and analysis of the research. The findings throughout the research will be described in this chapter, along with the proposed solutions.

Chapter 5 will explain about the discussion about the result of the research. It will cover the explanation of the risk analysis and the residual risk the company should pay attention to. The study limitation is included in this chapter as well.

Chapter 6 will explain about the conclusion and recommendation. After taking a look at the result, certain solutions to help minimizing the problems are produced. This chapter also includes the future recommendations for similar research. It will explain about the suggestion to make this research better.

References

Download now ( PDF - 8 Page - 68.16 KB )

Related documents

Classic Themes

GEORGE FREDERIC HANDEL arranged by James Dosrien.. THE BLUE DANUBE from the Concert Waltz

MEMBER ADVANTAGE The Credit Union Advantage

The third tier is at the national level, consisting of a number of financial co-operatives and Credit Union Central of Canada, the national trade association for Canadian

Her Story: Accidental Library Instruction

This paper explores attempts to use game-based learning techniques in library instruction courses and sessions, specifically highlighting Project Velius (developed by the

OFFICE OF THE KANGRA CENTRAL COOPERATIVE BANK LTD.

4 Tender form must accompany earnest money in shape of Term Deposit Receipt only duly pledge in favour of the General Manager, The Kangra Central Cooperative Bank Limited Dharamshala

Hierarchical Neural Networks for Image Interpretation

In the case of binarization of Data Matrix codes, a Neural Abstraction Pyramid is trained to produce the output of the adaptive thresholding method not only for the original images,

SESSION INITIATION PROTOCOL FOR WIRELESS CHANNELS. A Thesis VIJAY SUNDAR RAJARAM

Based on the analysis in the previous section, we use numerical examples to investigate the performance of n (average number of UPDATE requests for a call), p (i.e., the probability

The Intuitive Heart - PDF

To gain a deeper understanding of the role of the heart in accessing intuitive intelligence and thereby lifting consciousness, it is first prudent to discuss how memories of

MEDICAL TECHNOLOGY IN IMPRESSIVE 3D

Position brackets virtually on your scan using special software and order either the model with the previously planned brackets or a transfer template made from bio- compatible