Cloud Computing in Business
Essay by A Bugz • May 28, 2016 • Research Paper • 3,458 Words (14 Pages) • 1,366 Views
Cloud Computing in Business
Table of Contents
Introduction
Problem Statement
Literature Review
Challenges to Cloud Computing
Cloud Computing Data Governance
Recommendation Sections
Conclusion
References
Cloud Computing in Business
Introduction
Cloud computing is a form of computing concept whereby a several computers are linked and interconnected through a communication network, which is always the internet. Cloud computing is another description for distributed computing through a network, which gives it the ability to work on several computers at the same time. This technology is popularly for marketing services (Blumenthal, 2011). In this technology, there is a provision for running client server software on a remote location. A system vulnerability to an attack is due to the way identities can be produced, the level at which the repute system recognizes inputs from units that lack a chain of trust are connected to trusted entity. This is also determined by whether all the entities are identically treated by the reputation system.
Problem Statement
In the business world today, companies continue to embrace the advantages of efficiency, scalability, management and flexibility presented by the technology of cloud computing services and platforms. Security in cloud computing is considered as top priority. Despite the amazing state of this technology, it is vulnerable to attacks, which is a prominent factor. The main problems of IBM are two-fold. Primarily we have invested more than we are making by way of returns in the cloud market (Carroll, Kotzé & Van Der Merwe, 2012). IBM has faced stiff competition in the cloud market with the main competitor Amazon actually enjoying much more competitive leadership. The second major problem is the Security and Exchange Commission’s audit investigation. It is believed that the second issue is being handled adequately by our department and the department of governance and regulation. However with respect to the primary issue of existing competition I believe it is necessary to take proactive action. The solution for this problem of competition in the cloud market will not be easy.
However since IBM is new to the market, IBM must play low and learn strategies in use by market leaders like Amazon (Carroll, Kotzé & Van Der Merwe, 2012). In addition, IBM requires a change management with respect to some of the departmental procedures and people resources that have been allocated to IBM cloud management division. This solution definitely has the con of not being easy to implement. It might also not be budget efficient. However, this solution would be a long term solution, and hence worth the investment. The vulnerability of this technology has caused a major concern to the customers or clients who use cloud computing in their daily services (Masiyev, Qasymov, Bakhishova & Bahri, 2012). One of the most serious challenging problem, not only in cloud computing, but to data security in totality is an attack known as the insider threat. There are several categories of this kind of attack such as a rogue administrator, the employee that takes advantage of an unauthorised access to organization data, and a malicious insider.
Literature Review
The attack from a malicious insider is a phenomenon that is well-known by many companies and organizations. This attack eminent for clients or companies that use cloud computing because of the link between IT services and its applicability in the business arena, caused by the lack of openness in the procedures and process of a service provider (Masiyev, Qasymov, Bakhishova & Bahri, 2012). For instance, the provider may not reveal or explain how it grants a company’s staff members access to virtual and physical assets, how the staff are monitored, or how it will ensure that staff members comply with company policies.
There is software on a peer-to-peer network known as an entity that has access to local resources and it advertises itself on the network forming an identity, and several of these can conform to one entity (Seruga & Hwang, 2012). This proves that the mapping of identities to entities can happen several times on a single one. In a peer-to-peer network entities use multiple identities for the purposes of resource sharing amongst the computers, integrity, redundancy and reliability of the network system. In this form of network the identity is employed as a generalization so that a remote entity can recognize identities with ease without knowledge of communication between the same local entities Chambers 61.
The prevention of such attacks takes a lot of technology in order to control. There is a technique called validation technique that could be used to prevent Sybil attack and destroy all the multiplying hostile entities with the systems (Seruga & Hwang, 2012). An entity may work with a remote identity as a result of a central authority that makes sure a one-to-one correspondence between an entity and an identity may be realized and even provide a reverse lookup.
Validation based on the identity technique gives accountability at the expense of anonymity that can be an adverse option especially for in online forums that allow censorship-free exchange of data and information and provide for open discussions (Velte, Velte & Elsenpeter, 2009). Validation sometimes preserve the anonymity of a user by not performing reverse lookup, but the only problem that comes in is that the prime target for attack become validation in this case. Sybil prevention techniques such as SybilGuard and the Advogato Trust Metric are based on the connectivity characteristics of social graphs which work on a distributed P2P based reputation system.
To make the problem worse, there is little or no visibility on the standards for hiring cloud employees. This kind of state the organization is put into attracts or creates an opportunity for an attack into the system. This ranges from organized crime, to hobbyist hacker, to nation-state sponsored intrusion or even corporate espionage (Velte, Velte & Elsenpeter, 2009). The level of access granted to employees could enable malicious insider to plan and get access to a company’s most valuable data or gain total control of the system. This will happen with little or no detection from the company.
...
...