Introduction
Cloud is a term used to reflect a virtual network of resources for computing by which user find out resources to their applications. Working of cloud is a typical concept to understand for a new user. Cloud computing (CC) has been widely recognized as the next generation computing infrastructure. Cloud computing offers some advantages by allowing users to use infrastructure for example-servers, networks, storage, platforms, and software’s provided by various cloud providers including Amazon, Google, Microsoft, Cisco, IBM and Sales force etc., at low cost. The cloud is actually used as much more than a storage system, as the world adopts downloadable software and online business platforms. A few popular cloud models to offer facilities to customers are ready now to provide customer space on servers worldwide in which to store, manage, and access data at their leisure. Companies like Yahoo flicker, Dropbox and Google, who offer these services, are called cloud storage providers, and help to minimize the costs associated with data storage and access. The benefits of cloud storage include lower storage costs and higher accessibility, but it comes with concerns as well. There are a lot of security risks to be aware in between the use of cloud services provided by service provider, so cloud security is another typical concept to understand to use better cloud services. This paper reviews cloud security to understand working of cloud, however it is directly depends on availability of network, availability of internet connectivity to send or retrieve data from/ to cloud from anywhere. Although, concepts enlighten in this paper, is an oversimplification of how the cloud works; it does explain working in simple terms of cloud storage, security threats and issues. Rest of the topic organizes as section 2 describes cloud deployment model including private cloud, public cloud, community cloud and hybrid cloud.Section II. Cloud: Types and Architecture
2.1 Types: As per requirement, in these days, various cloud deployment models are in use, out of which few important models including private, public, community and hybrid are elaborated here:2.1.1 Private cloud Private cloud is designed to provide facilities to their registered subscribers only. In this, the enterprise facilitates a subscriber who is only using their facilities. These kinds of facilities when provided by a party to both consumer and facilitators called third party. These clouds are generally hosted at an enterprise datacenter by the support of the company, by a cloud provider, or by a third party such as an outsourcing firm. The Public cloud is open types of network which is used to facilitate public without any control due to few special customer requirements. It is mostly use used resource sharing that makes it vulnerable to various attacks. A public cloud provides services to multiple customers, and is typically deployed at a colocation facility.2.1.3 Hybrid cloudThese are designed with the help of Public and Private Cloud, for example Public cloud is interacted/communicate of their customer with the use of Public network but all their data is secured through with the help of Private cloud network. Hybrid clouds combine both cloud models, and found particularly effective when both types of cloud are located for the same facility. The Community cloud used to facilitate resources to share by target audience under a common policy, or agreement. Its infrastructure is depending upon the user needs and requirement for particular application. The data management concern, which types of community belong to a single country, and it is responsible, can be located in public & private cloud. Community clouds are managed by the third party or any other organizations.2.2. Architectural framework of Cloud computing Architectural framework of cloud computing having various security measures to be applied on every phase. The Software as a Service (SaaS) is an independent service to provide the user for an application, but user or consumer are not authorized to control & manages it. The Service provider is not responsible for the customer application security.2.2.2 Infrastructure as a Service (IaaS) The Infrastructure as a Service (IaaS)is a virtual service offered by a cloud service provider in form of network, processor, memory, storage, communication and the including computation etc. Amazon Web Service (Amazon, 2015) is the best example of IaaS. It does not manage or control the running applications, but this is manages/controls for the operating system, storage and the deployed applications with the help of term and conditions.2.2.3 Platform as a Service (PaaS) The Platform as a Service (PaaS) application is a platform-oriented, which is based on a highly programmable platform for a cloud provider. It also does not manage or control the running applications, but this is manages/control for the application-hosting environment with the help of changes in configuration settings. Google App Engine is the best example of a Platform as a Service, which provides an extensible environment, in which developer develop and host web applications.2.2.4 Anything as a Service (AaaS) These are the fourth service models to provide storage, Database, Information, Process, Application, Integration, Security, and Management, testing as a Service.Section III. Security: requirements, and Issues
The cloud security term is a basic work for some categorized security issues and solutions. In this, we present threats involved in mishappening for the attacks, misconfiguration, fault, damage and weakness in security reasons. Security is required to be considered at different level of functions, including:3.1 Requirement: 3.1.1 At Cloud Storage The cloud storage is an important features in IT sectors, not only for a single requirement type of user but for different. Various users who are using smart techniques/gadgets in current environment may be a customer of a same kind of storage facilities. Companies are handling and watching use, percentage of amount in use by comparison with allotted space . The cloud storage is necessary for every device is in use due to variation in need. Few service providers provide cloud storage in free space with allocating login id to the user. This is a point to make a doubt on cloud provider about the privacy of user’s data stored in the cloud even when user having User id & Password.Some challenges to use a cloud:
- Network and latency;
- Data security, resolution and storage cost;
- The different types of user’s may use different type of IoT device which are already vulnerable with security issue.
- Network is just vulnerable due to heterogeneous nature of devices involved in process.
- The Facebook are sending a data-use/breaches notice to the Cambridge Analytica for the all affected Facebook user:
- Source:- Cambridge Analytica Source
- Due to security reason for Azure Cloud, McAfee is launched a security platform
- Source:- Azure Cloud, McAfee security plateform
- Due to misconfigurations, thousands more personal records are exposed
- Source:- Due to misconfigurations, thousands more personal records are exposed