Cloud Computing: Future for E-commerce - Literature review Example

Cloud Computing: Future for E-commerce McCombs School of Business, of Texas-Austin Cloud computing is one of the mostessential concepts that will continue to play a dramatic role in the modern century. Cloud computing is undoubtedly a vital components for organization as it upholds security, embeds flexibility and allows corporations to implement a modern IT system. The problem that majority companies faced with the traditional IT infrastructure consists of several problems. Cloud computing is a solution that can provide many benefits to any organization. The second element that this paper will discuss is about cloud computing, benefits, deploying and the security measures that engineers must adhere to. These are specific elements that are designated for cloud computing and will provide a comprehensive approach of the technology and vulnerabilities itself. The last part of the paper will depict the flaws that cloud computing possesses. It will also discuss the drawbacks and reluctance of organizations to adapt these solutions. Finally, the paper will provide the overall consensus on cloud computing. Cloud computing is one of the most essential concepts that will continue to play a dramatic role in the modern century. Cloud computing is undoubtedly a vital components for organization as it upholds security, embeds flexibility and allows corporations to implement a modern IT system. The problem that majority companies faced with the traditional IT infrastructure consists of several problems. One of the critical problems is the fact that it takes high energy costs. In addition, the traditional mainframe networks take too much space. Furthermore, the heat that is generated through these servers must be cooled. In fact, recent studies have found that organizations achieved on average an 18% reduction in their budget from cloud computing and a 16% reduction in data costs. It is clear that cloud computing is a technology that has been around for many years, but lately has been the pivotal point for organizations. By optimizing technical support, optimization, and trouble shooting, the cloud provider can achieve significant economies of scale, leading to low prices for cloud resources. As a matter of fact, huge organization such as Amazon has already deployed cloud services in the cloud. It is clear that organizations are moving to this direction as data storage for the future. Hence, this paper will discuss the infrastructure, data synchronization, provisioning, security, vulnerabilities, and an overall consensus of the technology itself. In order to truly understand cloud computing, it is crucial to understand the infrastructure. Cloud computing is simply many computers or servers in a cluster that host applications and services. The whole envision of cloud computing is to provide robust solutions for organizations and to provide access at the touch of fingertips. Cloud computing allows ease of access to file and video sharing within minutes. It has dramatically allocated the idea of storing data into a server that can allow all stakeholders to obtain it with proper access. This has been a focal point for many organizations in the 21st century, who have remote locations for employees. Another hot feature of cloud computing is clearly data synchronization. With the advent of data integration, data synchronization must be conducted in such a manner in which a uniformed manner of data is depicted. For instance, one standard template or file can be integrated into many file formats. Data integration is a crucial component of cloud computing because it allows organizations to opt out for open-access infrastructure rather than buying a custom solutions from a vendor. Although the challenge of open-source is more challenging, it does dramatically cut costs for organizations. Moreover in cloud computing, small businesses can access these resources and expand based on allocation needs. Cloud computing is not a new technology, but an innovation that is a method of delivering information using the current technologies. The internet infrastructure historically has allowed communication between client side and the server. Peterson R (2011) states that since cloud computing allows users to obtain multi-latency, which means users, are sharing resources. Since the cloud provides a layer of abstraction between the computing resources and the architecture involved, the customers do not own the environment but are obligated to pay a subscription fee and the cloud service provider grants them access to the clouds. Moreover, Peterson R (2011) insists that securing the cloud consists of many facets that may require users to understand OSI layers in which the data layer plays a pivotal role. From the physical layer standpoint, nothing is dramatically modified. However, cloud computing can change in layer 3 as the networking layer may have its protocols. One of the hottest trends that is occurring in cloud computing is the fact that SaaS(Software as service). Salesforce is a dominant player in the cloud computing environment that has been a pioneer for SaaS. SaaS is a prevalent driving force and has been embraced by organizations because it allows IT to push new applications without managing them. However, this is just from the application standpoint. Many companies such as Microsoft, Citrix and Cisco have developed solutions to offer to their clients that are end-to-end solutions. Deploying a cloud for any organization is much easier thanks to vendor management and data integration. In order to deploy a cloud, an organization must execute a strategy, in which it has to decide typically first involves which services will be deployed in private or public. The deployment of a public cloud computing system is attributed to public availability of the cloud service offering. Moreover, the cloud services and cloud resources are allowed to share these resources form large pool of resources. These resources are then shared by all end users. Furthermore, public cloud portfolios deploy crucial techniques for resource optimization. Optimization and load balancing is keyto ensure that business operations do not suffer. If a cloud provider runs several datacenters, for instance, allocation of resources can be handled in such a way that ensures that load balancing uniformly distributed between all centers. Although provisioning is one aspect of cloud computing, security is a major concern for all organizations. Securing a cloud computing environment requires a dynamic, collaborative effort that is also associated with the efforts of all the stakeholders. Alzain (2012) states that traditionally, many organizations have been inclined to utilize the mainframe which is not cost effective, requires patience, and is not as feasible as cloud computing. As the concept IT systems continue to evolve, security becomes a crucial element that must be carefully analyzed. Most organizations feared cloud computing because of its ability to be flexible within user domains. According to Alzain (2012), this posed a problem for organizations that did not have scalable solutions, but needed the concept of security embedded within their data. Hence, the scope of this document will aim to find new solutions that can cater towards securing the cloud environment. A huge advent of cloud computing is an organization’s ability to utilize .(Virtual Private networks). A standard . might have a main LAN at the head headquarters of an organization while the others LANs can be located at remote offices (“What is a .?”). A . uses a public network, which is internet in most cases, and is necessary in order to connect to distant sites instead of using “leased lines”(“Virtual Private Networking”). The . router also plays a fundamental role of adding an authentication header when it receives a packet from a client. That data in turns gets encrypted and then is sent to a . router (Hancock 11). In many cases, using network-to-network connections increases the level of security, and makes the decryption process difficult for an intruder to exploit even in a cloud environment (Day 36). Moreover, several .s rely on tunneling, a technique in which entire packets are placed with another packets. Tunneling requires three different protocols which consist of carrier protocols, encapsulating protocols, and passenger protocols (Day 250). Most of these protocols run on layer two, and are often supported either by 40-bit and 128-bit encryption (Hancock 12). All of these protocols play a vital role in establishing a virtual connection in a cloud environment. Security in cloud cannot be completed without understanding the components that are associated within the environment. Furhut(2010) states that cloud computing is dictated by private and public clouds. Corporations prefer private clouds because administrators control access through policies which designate capabilities. Here, the concept of access list becomes pivotal because only certain IPs and users can obtain access. In addition, Furhut(2010) discusses the functionality of private clouds, who have a great capability to maintain a secured environment and be integrated with a public cloud. Moreover, the delegated administrators can manage a scoped environment. In addition, a self-service user has many features to utilize in their network. For instance, Microsoft Cloud computing software allows individuals to have a fully integrated a web user interface. Although encryption is essential in any network; one cannot underestimate the role of intrusion detecting systems in a cloud environment. Sommer(2012) discusses the importance of an intrusion detecting system. An IDS as mentioned above is vital as it can play a dramatic role to monitor activity and eliminate them before a problem occurs. Another security measure that can be taken is known as “para virtualization” in cloud computing. Sommer (2012) insists that since “para virtualized” guests rely on the hypervisor to obtain support from operations which would require privileged access traditionally, the guest can only have “read access rights.” Moreover, he suggests utilizing scripts that can be beneficial as the administrator can overview the activities that occur within a cloud network.  Any changes should be approved, documented, and tested that are conducted by the administrator. The central network console can dictate this as logs are monitored which in turn measures can can drastically facilitate the attempt to secure a cloud based environment. Larkin (2009) emphasizes that consequently in the traditional model of IT infrastructure, these dedicated resources are given to one user. Clearly, that user has the privilege and the power to move these cloud networks anywhere. Thus, this poses a huge risk to corporation who must understand the idea of segregation of duties. One of the most critical elements that mitigate this risk is segregation of duties. Hence, Larkin (2009) insists that segregation of duties is also associated with IT Internal control in which one user does not have all the power to direct these cloud networks. Additionally, the benefit of the cloud environment is the security they provide. Larkin (2009) states that unlike traditional firewalls, which only create protection only outside the framework of network, cloud computing firewalls monitor activity within users. The problem is the fact that one user can move networks in the cloud environment without impacting the front end. In the Cloud environment, the networks work in a passive-active interaction. Since the front end latency is noticed in the front end, it is impossible to detect if in fact the network is moved to another domain. This plays a huge role because the user never understands if a server is down. The amazing handover of latency is a special element of cloud computing itself. However, this poses a problem if no IDS(Intrusion Detection Systems) is embedded in the host environment. Creating segregation of duties is one way to remedy the situation. Another solution that can be offered is via notifications and access control. If a user moves a network, the user would need an approval for a higher up along with a notification that would be sent to central console. A simple approach to remedy this situation is to embed the firewall. However in a cloud and a virtual environment, a firewall only blocks malware from an outside source. The functionality of a firewall is very limited as it cannot protect within the realms of connected users. In essence, if one machine is to be attacked within the framework of the network, the firewalls would detect this intrusion at once. Hence, segregation of duties is a better solution than a firewall itself. A security exploit that is popular with the advent of cloud computing is port configuration settings. In a typical environment, a port is used as a channel to access the machine’s network, application and systems. In this case, many black hat hackers continue to utilize many methods to exploit these types of environment. One type attack is known as network sniffing which utilizes a packet sniffer or an open source program known as Wireshark. Han (2010) discusses a possible exploit that can be conducted utilizing a packet sniffer, an attacker can capture sensitive data if unencrypted such as passwords and other essential configurations. Another threat that is used by majority of the hackers is known as port scanning. In order to protect these intrusions, a user can easily encrypt date. Han (2010) concludes that limiting vulnerability to port is an excellent solution to mitigate against this risk. Nmap is a free vendor solution that offers port scanning at a low cost and allows users to conduct port scanning. Hence, this is one solution to mitigate this risk that is cost-effective and a secured solution. For the basis of securing a cloud environment, a use case will be applied to understand this issue in more detail. Since the bounties and benefits of cloud computing are endless, Blue Cross Blue Shield has taken a solid approach to secure their cloud at a higher-level. For instance, at Blue Cross and Blue Shield, the leader in providing health care services, has embraced the idea of cloud computing and adapted in their current IT infrastructure. Golia(2011) One of the main concerns of the organization was to reduce cost of their servers and address the issue of a growing customer base that was vital for their organizational needs. Enacting the methods of cloud computing has allowed Blue Cross and Blue Shield to attain a higher state of efficiency. Golia (2011) discusses the cost savings by stating that first and foremost, it saved the company money as they did not have to invest in cumbersome servers that were taking up space. However, the key benefit that the Blue Cross achieved was the fact that it allowed its customers to accessibility of information without much delay. In order to secure their cloud environment, Blue Cross Blue Shield embedded VMWare technology. Although this is not an open source technology, VMWare was an excellent choice as a vendor solution that created IDS within the networks of the cloud organizations. In an industry where information is vital, this organization was able to accommodate the needs of their growing customers as well as provide information that were compliant with HIPAA and ACA. Blue Cross had a huge dilemma of expanding their IT infrastructure boundaries by maintaining old records and creating space for new customers. Furthermore, the company’s auditing team was able to ensure the legitimacy of network passwords within their own IT infrastructure. In case of an emergency situation, host lockdowns were provided to individuals based on their role. In essence, securing the cloud computing environment has allowed the company to achieve a higher level of security and efficiency as it can dictate its settings based on government regulations and its own protocols. It is crucial to understand that although cloud computing can benefit an organization in many ways, it also poses a security issues for organizations. As mentioned above, cloud computing is a wireless technology, which makes organizations reluctant to adopt this technology. Since public clouds can be shared, access is another issue that needs to be addressed. It is clear that public and private clouds can be affected by both malicious attacks and infrastructure failures such as power outages. Hence, these events can affect Internet domain name servers, which can lead to DDoS and other malicious attacks. Another issue with cloud computing can be load balancing. Load balancing occurs when the cloud component has to ensure that all virtual machines are being optimized. However, an issue of over-heating in the load balancer of an application provider could interact with the power optimizer of the machine itself. Overheating can be an issue and conducing a hard reset can lead to a disastrous power failure. A last issue that can be a critical towards securing a cloud environment is encryption and decrypting data. It is clear that cloud can store data. However, data encryption may protect data in storage, but eventually data must be decrypted for processing. This creates a huge vulnerability for organizations that want to move into cloud. Hence, these decisions must be discussed, analyzed, and audited before an organization can make a sensible decision to deploy their own cloud. Undoubtedly, securing the cloud environment requires time, effort and truly understanding the IT infrastructure. Many stakeholders must work together and collaborate in order to facilitate this process. Without a doubt, cloud computing will continue to be a major driving force for data storage and allocation in the 21st century. It will be a huge investment for organizations to invest in the cloud because of the scalable solutions it offers. Works Cited Alzain, M. A., Soh, B., & Pardede, E. (2012). A new model to ensure security in cloud computing services. Journal of Service Science Research, 4(1), 49-70. doi:http://dx.doi.org/10.1007/s12927-012-0002-5 Furht, B., & Escalante, A. (2010).Handbook of cloud computing. New York: Springer. Miller, M. (20082009). Cloud computing: Web-based applications that change the way you work and collaborate online. Indianapolis: Que Rittinghouse, J. W., & Ransome, J. F. (2010). Cloud computing: implementation, management, and security. Boca Raton, FL: CRC Press. Golia, N. (2011). CIO joseph smith provides arkansas blue cross and blue shield with IT blueprint. Insurance & Technology - Online, Retrieved from http://search.proquest.com/docview/898829303?accountid=44759 Han, Y. (2010). On the clouds: A new way of computing. Information Technology and Libraries, 29(2), 87-87-92. Retrieved from http://search.proquest.com/docview/325033464?accountid=10477 Sommer, T., Nobile, T., & Rozanski, P. (2012). The conundrum of security in modern cloud computing. Communications of the IIMA, 12(4), 15-40. Retrieved from http://search.proquest.com/docview/1346907323?accountid=44759 Skiba, D. J. (2011). Are you computing in the clouds? understanding cloud computing. Nursing Education Perspectives, 32(4), 266-266-268. Retrieved from http://search.proquest.com/docview/894330516?accountid=10477 Sturgeon, J. (2010), Testing the waters of cloud computing. Scholastic Administr@tor, 9(4), 27-27-28. Retrieved from http://search.proquest.com/docview/199589279?accountid=10477 Larkin, E. (2009), Top internet security suites. PC World, 27(3), 73-73-76,78,80,82. Retrieved from http://search.proquest.com/docview/231455061?accountid=10477 post, b. a. (n.d.). Cloud Computing Security. Cloud Computing Security. Retrieved October 24, 2011, from http://cloudsecurity.org/ Cloud Computing Security: 10 Ways to Enforce It - Cloud Computing - News & Reviews - eWeek.com. (n.d.).Technology News, Tech Product Reviews, Research and Enterprise Analysis - News & Reviews - eWeek.com. Retrieved October 24, 2011, from http://www.eweek.com/c/a/Cloud-Computing/Cloud-Computing-Security-10-Ways-to-Enforce-It-292589/ Brandon, J. (2008, Living in the cloud. PC Magazine, 27(8), n/a-n/a. Retrieved fromhttp://search.proquest.com/docview/203842854?accountid=10477 Petersen, R. (2011). Alternative IT sourcing: A discussion of privacy, security, and risk. EDUCAUSE Review, 46(4), 44. Retrieved from http://search.proquest.com/docview/884896763?accountid=10477 Read More