Cloud Computing: The Juice That Remained Un-named

Cloud Computing: The Juice That Remained Un-named

by May 8, 2021

The growth of the phenomenon commonly known as Cloud Computing represents a fundamental change in how information technology (IT) solutions are developed, maintained, updated, scaled, deployed, expanded, along with settled for.

As most organisations require efficient ways to store and analyse the vast amount of information that they collect and produce, Cloud Computing as an enabler provides scalable resources and substantial financial advantages in the form of reduced operational expenditure. Nonetheless, if Cloud Computing is to achieve its potential, there needs to be a clear understanding of the various issues and challenges associated, both from the perspectives of the consumers and the providers of the technology.

Additionally, Cloud Computing has unveiled key enabling technologies such as hypervisors and virtual machines to develop an extraordinarily agile and dynamic computing ecosystem. These technologies, however, also result in a host of challenges and risks.

Furthermore, the substantial sharing of infrastructure and computing resources in a multitenant environment, particularly with users spanning different organisations and security needs, creates a ÔÇ£shared virtual environmentÔÇØ where users/organisations are no longer clearly divided by physical server racks and separate networks. Within a cloud, it is difficult to physically locate where the data is stored and how it is segregated. Thus, this paradigm raises a diverse range of privacy and security issues that must be considered. In this brief article, we recognise the critical challenges in Cloud Computing environments such as multi-tenancy, loss of controls and trust as the subject of our discussion.

PRIVACY STRATEGY FOR PERSONAL DATA

Any architectural considerations regarding data-privacy protections begin the moment the data is collected. Privacy issues must be addressed at all stages of the data lifecycle ÔÇö from collection to storage to analysis to action (not to mention the periods when data is no longer being used: archival, purging, and destruction). Meanwhile, all of the privacy controls in the world (and any information security built to protect them) are useless if administered to irresponsibly collected data. Protecting privacy means data must be handled responsibly at every step of the process that moves it from the initial point of collection to its ultimate home in a privacy-protected data store.

Corporate policymaking regarding information privacy has been primarily reactive in nature, in that, executives focus on information privacy issues only in response to a perceived external threat as (HJ Smith, 1994) brilliantly puts it in his book titled Managing Privacy: Information technology and corporate America. Meanwhiles, calls for voluntary adherence to industry privacy principles are common, as call for additional regulation of many industry practices. However, voluntary adherence in many industries has been at best sporadic (Culnan, 1993), which given rising concerns, may result in broad regulation of information privacy issues in the private sector.

I have no intention whatsoever to bore my beloved readers. If youÔÇÖve come thus far, please spare an extra minute. Alright, letÔÇÖs go.

The charity requires individuals to provide a range of personal information about themselves to conduct its business functions. The charity needs to ensure that clients are aware that their personal information has been/needs to be collected, why it has been/needs to be raised, where the data is stored and who has access to it.

The charity should take steps to ensure that personal information is protected from misuse, loss and inappropriate access and disclosure. Additional consideration should be given to the protection of sensitive personal information. Storage and security practices should apply to personal information stored in both ICT systems and paper files.

Should we have a Privacy Strategy statement for The Charity? This would be an encompassing statement that identifies the requirement for privacy given the data and the overall strategy. However, if it was left unchecked, that could reflect a lion blow. You know folks, privacy canÔÇÖt be bought for certain.

Cloud computing has touched every one of us recently. I wouldnÔÇÖt assume that all my readers host their own email servers in some spare room within their dwellings. If Gmail, iCloud, Hotmail, Yahoo, etc., happened to maintain your email account, consider buying them coffee. Because it is what constitutes Cloud.

If I were to describe t Computing, I would lazily dumb words such as it is on-demand nuggets, that only requires a quick microwave warming to make it eatable. But, as a Computer Scientist, IÔÇÖm at least obliged to serve more than nuggets. LetÔÇÖs go.

Rather than owning your own data centre, why donÔÇÖt you just rent one? ItÔÇÖs a sound great option to me. Oh, you might be questioning security. I sense that, and I appreciate it. But letÔÇÖs cover Cloud Security next time. Just stick with me on Cloud Privacy for now.

As I promised, my intentions werenÔÇÖt to bore you. But letÔÇÖs briefly dig in a bit further on what Cloud Computing is.

The definition of cloud computing according to the Nation Institute of Standard and Technology (NIST), (Mell & Grance, 2011): ÔÇ£Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.ÔÇØ. This definition describes cloud computing as having five characteristics, i.e., on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. Although it is not disgustedly nuggets, letÔÇÖs explore it a bit further.

Cloud computing has emerged as a significant shift in how computing resources are deployed and consumed, both by individuals and enterprises. However, despite benefits such as reduced up-front investment, lower costs and more eco-friendly operation, a significant proportion of potential cloud customers are voicing misgivings concerning how security and privacy are handled in the cloud. This distrust has been further fuelled by media events, such as the PRISM scandal, which shows how difficult it can be to know to what extent our data is being monitored for legitimate or illegitimate purposes.

What Is Your Concern? Multitenancy or Data Breach? LetÔÇÖs take on the latter first.

An organisationÔÇÖs cloud-based data may have value to different parties for different reasons. For example, organised crime often seeks financial, health and personal information to carry out a range of fraudulent activities. Competitors and foreign nationals may be keenly interested in proprietary information, intellectual property, and trade secrets. Activists may want to expose information that can cause damage or embarrassment. Unauthorised insiders obtaining data within the cloud are a significant concern for organisations.

The risk of a data breach is not unique to cloud computing, but it consistently ranks as a top concern for cloud customers. A cloud environment is subject to the same threats as a traditional corporate network as well as new avenues of attack by way of shared resources, cloud provider personnel and their devices and third-party partners of the cloud provider.

Cloud providers are highly accessible, and the vast amount of data they host makes them an attractive target As Murugesan & Bojanova describe it.

LetÔÇÖs flip the coin to exposing some of the multi-tenancy and take a short drive, shall we?

Multi-tenancy is an architectural feature whereby a single instance of software runs on a SaaS vendorÔÇÖs servers, serving multiple client organisations. The software is designed to virtually partition its data and configuration so that each client organisation works with a customised virtual application instance. The cloud service model affects the security in the SaaS model, customers are users of multi-tenant applications developed by CSPs, it is likely that CSP stores personal data and even financial data in the cloud, and it is the responsibility of the CSP to secure the data. Ultimately, usage of the cloud is a question of trade-offs between security, privacy, compliance, costs and benefits. Trust is key to the adoption of SaaS, and transparency is an important mechanism. Furthermore, trust mechanisms need to be propagated right along the chain of service provision (Pearson & Benameur, 2010).

Software-as-a-Service (SaaS) Security Issues

Forgive me for being alarming. Now it is what we all hold in our pockets. If you guessed phone, you probably know what I mean or where IÔÇÖm coming from.

With SaaS, the burden of security lies with the cloud provider. In part, this is because of the degree of abstraction; the SaaS model is based on a high degree of integrated functionality with minimal customer control or extensibility. By contrast, the PaaS model offers greater extensibility and greater customer control. Primarily because of the relatively lower degree of abstraction, IaaS provides greater tenant or customer control over security than do PaaS or SaaS. (Hashizume, Rosado, Fernández-Medina & Fernandez, 2013).

Read More
Read more in:Success Stories
Cyber Is The New Fear: Cover Your Back

Cyber Is The New Fear: Cover Your Back

by May 2, 2021

The world wide web (www) was preliminary designed to connect people electronically from different parts of the world. However, over the last couple of decades or so, grave concerns have been raised about the safety of the internet. keep in mind; before I elaborate further, there are three layers of the Internet that function completely differently from each other. consider it as Olympic, but only limited to three categories of sports. Allow me to add it here instead of starting a new paragraph; (I) Surface Web (which I personally classify as a Community Club), thatÔÇÖs the Internet where you can read my blog or navigate to Facebook, Twitter, Google search, Gmail, Hotmail, Yahoo, Uber Eats or maybe majdiology.com. (II) Deep Web (basically designed for P2P (Peer to peer) collectively right-minded groups who prefer to have their contents hidden and unindexed by any search engine spiders. It is mainly meant to share illegal content such as pirated downloads, live penetration of an illegal act, child pornographies, protected wildlife trades which ÔÇ£I personally witnessed on many occasions while I was a delivery driverÔÇØ, underground activities such as brothels, etc., (I trust you got my point since IÔÇÖm trying to make this piece as short as I can by invoking your thoughts). Anyhow, I still wouldnÔÇÖt start a new paragraph when it arrives at the last layer. (III) Dark Web (IÔÇÖll publish a detailed separate piece dedicated to it in the near future), at any rate, let’s keep dancing along! Simply, the Dark Web can only be accessed through ÔÇ£ Overlay NetworksÔÇØ. Whether you are using Chrome, Firefox, Safari (God forbids), Opera, etc., your hands are tied. The Dark Web is preliminarily designed and intended to run and to only function on top of your internet. That is, your browsers or favourite search engines wonÔÇÖt ever discover the Dark Web which is responsible for over 80% of the entire Internet.

Undoubtedly, the internet is one of the best resources available to us today, whether we are talking about performing our day-to-day duties or simply bonding with our families and/or friends. However, the internet has now become extremely dangerous and many industries have been created through the misuse of the platform.

For instance, letÔÇÖs take the case of applications we use for our mobile phones devices. There are thousands of these apps available on the internet. Everyone is entitled to download any application they wish for whatever reason. However, one would expect that their right to privacy is not lost whenever they decide to download and use an app on their mobile device. But the sad reality is that many people have poor knowledge and little understanding of the terms and conditions that are assigned to the use of such an app, and often this ignorance comes back to bite them. We are all victims of this.

Sooner or later, our online privacy will be a thing of the past as the authorities may not be able to effectively police the consumers’ privacy when it comes to using apps. Because of the highly complex nature of and confusion surrounding the terms and conditions, which are deliberately created by the attorneys of the developers of these applications. Surely, none of us would willingly forfeit our rights to the government to act as ÔÇ£Big BrotherÔÇØ in our behaviour. But it is fair to expect the developers & their Attorneys to disclose all relevant information in simple, succinct ways and clarify where customersÔÇÖ information is stored when using the applications. Hosting companies such as the Store Play of Google & App Store of Apple must be held accountable for hosting unverified hidden codes that would potentially compromise usersÔÇÖ privacy & security.

I found it extremely prominent to disclose that the two largest app hosting providers listed above are the beneficiaries of each & every sold or subscribed, used, tried, or even downloaded through their platforms.

Many developers and service providers often seek to hide their malign intentions through the presentation of several dozens of pages of terms and conditions. They count on consumerÔÇÖs ignorance and unwillingness to read the terms and conditions. These providers need to be reminded that we cannot hire a lawyer every time we purchase or freely install an app to ensure they explain the liabilities and entitlements related to such products.

Additionally, the use of third-Party entities (in the form of plugins, etc.,) in the provision of services to consumers should be demolished by the big corporations and service providers. If these companies use third-party companies to provide services or products, they should take full responsibility when it comes to any liability suffered by consumers.

The same should also apply to the use of Credit Cards or rewards cards. These days rewards points are being used quite frequently. These companies also use the so-called surveys as instruments to collect our personal information. Companies like Google even go further as they know our private affairs in detail and they are using it against us for marketing purposes.

Most of us have no idea where our details are stored and what is done with them. Therefore, do not be surprised when you receive a phone call from Switzerland or Bangladesh.

IÔÇÖm afraid that one day a stranger will knock on my door and call me by my name, even if I did not invite them.

These things should be of concern to us all. As an IT guy, I urge everyone to take privacy seriously when using the internet on any device.

To protect yourself and minimise any liability or inconvenience, consider taking the following steps:

  • Pay attention to warranties and Disclaimers,
  • Be very careful with online surveys;
  • Never use one email address only, create multiple email addresses (the free ones) and use them for different types of communication;
  • Never use your real date of Birth (unless you have to);
  • Never use your real full name (unless you have to);
  • Never give your physical address (unless you have to);
  • Changes your password regularly;
Read More
Read more in:Success Stories