Research Paper on "Information Security in Cloud Computing Platforms"

Quoted Instructions for "Information Security in Cloud Computing Platforms" Assignment:

Please follow the instructions below to completion:

The below paper needs further research and should follow the below five steps to completion.

ONLY Acceptable References:

Acceptable references include peer-reviewed journals and conference proceedings as well

as published theses and dissertations. Genuine textbooks are acceptable as scientific

sources. ACM/IEEE publications with the word transactions in their title are normally

acceptable.

RFCs, ISO standards, ACM and IEEE standards, and ECM standards may be cited for the areas they discuss.

Overall, the research MUST detail the following:

Research Paper:

I. Problem Statement:

Document that details the problem you wish to address. MUST include acceptable references (see above) that justify your assertion that this is indeed a problem that is recognized in the field.

II. Project Proposal:

Draft the project proposal that clearly describes the research project that you will be conducting. The proposal should include a brief:

i. description of the problem being investigated

ii. the solution/approach that will be applied to addressing the problem

iii. and the expected results of their project.

III. Final Report:

1. Introduction

*****¢ Provide the necessary background and discuss the relevant literature to

motivate the research problem that your paper addresses.

2. The Problem

*****¢ Discuss the problem in detail and formulate it a manner that makes it

tractable.

3. The Method

*****¢ Describe the method used to address the problem. Justify the approach that

you have adopted.

4. Results

*****¢ Present the significant results of your study and relate it to the existing literature.

5. Conclusion

*****¢ Summarize and highlight the significant contributions of your work. Identify

potential limitations of the study and suggest areas of research that can

address these limitations.

A. An additional 18 pages is required to be added to the existing document below

B. An additional 25 references is required.

C. Therefore, there should be 25 pages and 40 references in total when completed

PROJECT PROPOSAL: INFORMATION SECURITY IN CLOUD COMPUTING PLATFORMS

Problem Statement

Cloud computing manipulates and alters our way of understanding of how current computing systems are aligned. The economics of cloud computing are re-ordering the enterprise software industry globally, bringing greater value at a lower price to companies needing to stay in step with customers (Ambust, et al., 2009). The continued growth of cloud computing is also driving more digital content and information into data centers and the cloud than has ever been the case in the past, completely redefining the development methodologies of applications as well (Rajkumar, Yeo, Venugopal, 2008). Information and data are banished to a hypothetical land of bits and bytes that really exist nowhere but the cloud. All digital information in cloud computing relinquishes its presence on specific sets of computer, hard drives, and other storage components (Durkee, 2010). Cloud computing changes the locality of digital information which can be universally distributed to any geographic location. As a result, the command and control of this data is significantly diffused. This technological diffusement gives rise to new problems as well, including the need for managing security more effectively than has been the case in the past with enterprise applications (Kaufman, 2009). The most impactful concern dealing with cloud computing services is the customers' concerns dealing with the potential limitations that this trend leans towards including confidentiality of data and the need for greater fidelity of data platforms and their underlying technologies (Lin, Fu, Zhu, Dasmalchi, 2009).

In order to understand these limitations it is important to investigate the finer points and details that give cloud computing its definition. Many differing expectations and opinions must be explored to fully grasp the relative perspectives that arise from this idea. The thesis of this exploration deals with the legal, technical and economic viewpoints of cloud computing (RN Calheiros, et al., 2010). Specifically, this problem requires an identification process that potential customers should propose to cloud computing service providers before agreeing to their specific terms of contracts. This area specifically is focused on the area of Service Level Agreements (SLA) and their relative value for enterprise customers including their potential to re-order the economics of enterprise cloud computing in the enterprise (Balachandra, et al., 2010). The continual evolution of cloud computing from a technology standpoint continues to show significant potential for reduction of Total Cost of Ownership (TCO) while also reducing the incremental costs of aligning a specific application to the needs of a segment or larger audience of enterprise computing users (Ambust, et al., 2009). The lowered costs that cloud computing platforms are enabling and accelerating today are being further strengthened by how quickly applications on these platforms can be aligned to the specific, very precise needs of customers. Also what unified all of these strategies together is the continual reliance on Service Level Agreements (SLAs) and their role in stabilizing the nascent yet very fast moving aspects of cloud computing in the enterprise. The goal of this pursuit addresses the problems that might arise related to the capabilities and performance of software applications that are executed in cloud computing scenarios. The argument focuses upon previous research and personal experimentation in designated cloud computing scenarios. Ultimately, the goal is to distinguish the specific contributions affecting performance and, simultaneously provide some possible recommendations or solutions or to potential cloud users that might affect performance problems that are all initially defined through SLA benchmarks and continually monitored through real-time analytics of service performance including reliability and security metrics of performance (McQueen, M. (2008).

Problem Description

As was defined in the problem description, the legal, technical and economic viewpoints of cloud computing form the foundation of this thesis, with specific focus on the issues that enterprise customers are facing in the context of extended service agreements including Service Level Agreements (SLAs). The cloud computing industry has however found that SLAs are often not enforceable with cloud computing services providers, as many of them do not allow for their contracts to be binding from a legal standpoint (Rajkumar, Yeo, Venugopal, 2008). This is because the performance of their back-end systems defy a purely scientific level of management; there is no clear cause-and-effect of how to manage a highly integrated and complex cloud computing architecture with the same level of precision as a desktop operating system for example (Balachandra, et al., 2010). Even the most well-known enterprise software companies who have cloud computing applications running on the Software as a Service (SaaS) platform are not offering legally binding SLA contracts, and this includes Salesforce.com (Stolfo, et al, 2012). For these very large, rapidly growing cloud computing and SaaS-based enterprise software companies, SLAs are more for marketing and less for actually managing the overall performance levels of the applications they deliver (Stolfo, et al, 2012). In many instances the SLA commitments made are not enforceable legally and are meant to be offered as miles per gallon (MPG) ratings for new cars; as in each buyer*****s and company*****s mileage may vary (Durkee, 2010).

In addition to the lack of enforceability of SLAs often cloud computing and SaaS-based enterprise software companies rely extensively on maintenance fees and annual maintenance contracts to generate the case they need to operate on a daily basis. The reliance on maintenance fees within enterprise software is commonplace and often doesn*****t lead to greater innovation in new product development, instead making the enterprise software companies even more complacent over time due to the lack of urgency of generating revenue (Leavitt, 2009). For the typical enterprise software customer, this is often the case. They pay often up to 22% of the purchase price of their applications on a yearly basis, only to be given periodic, small updates that only incrementally deliver value (Rajkumar, Yeo, Venugopal, 2008). Cloud computing vendors including Salesforce.com, and others have created a strong business model by concentrating their efforts on selling against the maintenance fee model of on-premise software vendors, promising to deliver a continual stream of new product updates in exchange for the maintenance fees they charge, which ironically are in the same range as their on-premise counterparts (Balachandra, et al., 2010). The cloud computing enterprise software vendors also claim that their maintenance fees are also delivering more value because they refresh their entire application suite online every 30 days or less; which is significantly faster than any on-premise application can (Kaufman, 2009). Even with all these commitments to deliver a continual stream of new product and feature updates seamlessly over the Web via their cloud platforms, many cloud computing software companies still are not keeping the majority of commitments to their customers. Also, the SLAs they promise are not legally binding given the complexity of wording and lack of accountability and traceability of results (Pronto, JP (2008).

These factors taken together leave the enterprise software buyer with little protection from cloud computing-based software vendors from delivering on their commitments to increased levels of application performance and greater availability of enterprise-grade applications over the Internet. Today the economics of cloud computing are compensating for the lack of accountability of long-term performance (Stoddard, M. (2005). Yet from a legal, technical, and economic standpoint, the broader implications of cloud computing growth are at stake with how these enterprise software vendors choose to manage the distance and dichotomy of their promises and what they deliver. The SLA as a legal instrument needs to continually improve and gain a strong legal precedent to ensure it will be able to protect customers over time and ensure they get the value they are promised. This extends to their reliance on security, scalability of the cloud computing platforms as well, in addition to the development of more effective accounting and performance monitoring systems as well. Salesforce.com has been a leader in this area, as the value proposition of moving CRM systems off of on-premise; highly expensive to maintain systems to cloud computing has been a very profitable selling strategy. The creation of trust of salesforce.com is an example of how cloud computing vendors are working to create a more effective approach to quantifying and verifying their performance over time.

Solution or Approach to Solving the Problem

What is needed to alleviate the obfuscation and confusion that enterprise software vendors are propagating on this issue is an independent entity such as a standards organization to benchmark the SLAs of enterprise cloud computing vendors and report the results publically. This index needs to also take into account customer satisfaction levels and show how cloud computing, when properly implemented, can lead to significant gains in enterprise performance from a profitability and workflow perspective as well (O*****Bryan, 2006). The indexing of corporate performance also needs to include a TCO (total cost of ownership) component to evaluate the real value of cloud computing in the enterprise.

Expected Results of the Project

By creating an index of cloud computing performance and defining its attributes from a TCO standpoint, the industry will have a truer measure of the real value of cloud-based applications. This approach to defining a performance-based taxonomy will also allow for a more effective comparison within industries as well. All of these factors taken together will provide enterprise computing buyers with more effective foundations of arguing for more thorough measures of application performance. The net result will be much greater visibility into how cloud computing is actually changing the global economics of the enterprise computing industry.

References

Ambust, M. et al. (2009). Above the Clouds: A Berkeley View of Cloud Computing. UC Berkeley Reliable Adaptive Distributed Labratory, 10 Feb 2009. Retrieved from http://x- integrate.de/x-in- cms.nsf/id/DE_Von_Regenmachern_und_Wolkenbruechen_-_Impact_2009_Nachlese/$file/abovetheclouds.pdf

Balachandra, R. et al. (2010). Cloud Security Issues. 2009 IEEE International Conference on Services Computing. Retrieved from http://xml.csie.ntnu.edu.tw/JSPWiki/attach/Supergud/Cloud%20Security%20Issues.pdf

Durkee, D. (2010). Why Cloud Computing Will Never Be Free. Communications of the ACM, May,2010,53, 5. Retrieved from http://www.san.uri.br/~ober/arquivos/orientacoes/artigos_referencia/communications201 005.pdf

Kaufman, L. (2009). Data Security in the World of Cloud Computing. IEEE Security & Privacy, July/Aug 2009. Retrieved from http://xml.csie.ntnu.edu.tw/JSPWiki/attach/supergud/Data%20Security%20in%20the%20 World%20of%20Cloud%20Computing.pdf

King, R. (2009). Cloud computing: Small companies take flight. Business Week. http://

www.businessweek.com/technology/content/aug2008/tc2008083 619516.htm

Leavitt, N. (2009). Is Cloud Computing Really Ready for Prime Time? Computer, 42(1), 15-20. Retrieved from https://www.hh.se/download/18.70cf2e49129168da0158000123279/8+Is+Cloud+Compu ting+Ready.pdf

Lin, G., Fu, D., Zhu, J., & Dasmalchi, G. (2009). Cloud computing: IT as a service. IT Professional, 11(2), 10,13.

McQueen, M. (2008) System Security Through Ideal Driven Technical Metrics. Idaho national laboratory. Jan. 2008. Retrieved from: http://www.inl.gov/technicalpublications/Documents/3881671.pdf

(O*****Bryan, 2006). Critical elements of information security program success. Retrieved from http://www.isaca.org/Journal/Past-Issues/2006/Volume-3/Pages/Critical-Elements-of-Information-Security-Program-Success1.aspx

Pronto, JP (2008) Developing Metrics for Effective Information Security Governance. Getronics. Retrieved from: http://www.interop.com/newyork/2008/presentations/conference/rc10-pironti.pdf

Rajkumar, B. Yeo, C., Venugopal, S. (2008). High Perfomance Computing and Commuications. HPCC 08, 10th International Conference on Computing. Retrieved from http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=4637675&url=http%3A%***** F%2Fi eeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D4637675

RN Calheiros, R. Ranjan, A. Beloglazov, C. Rose, and R. Buyya. Cloudsim (2010) a toolkit for modeling and simulation of cloud computing environments and evaluation of resource provisioning algorithms. Software: Practice and Experience, Wiley Press, New York, USA, 2010

Stoddard, M. (2005) Process Control System Security Metrics ***** State of Practice. I3P. Retrieved from: http://stuweb.ee.mtu.edu/~ssmoily/section_4.pdf

Stolfo, S. et al. (2012). Fog Computing: Mitigating Insider Data Theft Attacks in the Cloud. Security and Privacy, 2012 IEEE Symposiom, p 125-128, 2012. Retrieved from http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6227695&url=http%3A%2F%2Fi eeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D6227695