Article Preview
TopIntroduction
Cloud computing is a promising paradigm and gaining wide support from the research institutions and industry leaders. Cloud paradigm is widely appreciated due to its capability to serve the increasing computing demand (Yong, 2015). To serve the wide variety of users it offers thre prominent services model that includes Infrastructure as a service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) (Mell, Grance et al., 2011). Aforementioned models can be accessed with the help of private, public, community or the hybrid cloud model. Scalability, on demand resource provisioning, ubiquitous access, etc., are some of the significant advantages of cloud paradigm (Singh, 2014; Buyya, Yeo, Venugopal, Broberg, & Brandic, 2009).
Other than the proprietary cloud providers such as Amazon, Microsoft, IBM, etc., a number of open source cloud platforms including Eucalyptus, open stack, Open nebula, Nimbus, etc. also exist (singh j., 2014). Open source cloud platforms are serving the subscribers by offering them higher flexibility that is needed to manage and customize the cloud platform. Trend of open cloud and cloud standards is growing regularly in order to widen their reach. Open standards for storage, security and infrastructure has already been developed (CDMI; SNIA).
Cloud computing is one of the highly sought environments in present business landscape, as evident in growing share of cloud usage. SaaS services are widely subscribed services in the cloud environment and enjoys around 40% share among all types of deployment model (Singh, 2016). However, cloud computing is unable to gain the exponential growth due to the security challenges (Gartner, 2008). Security remained the major concern in the legacy-based system and is equally applicable in the cloud computing (Ali, Khan, & Vasilakos, 2015). In cloud computing, security has further gained the momentum due to the fact that the resources are managed and maintained by the cloud provider. Whereas, subscribers do not hold any control. Several studies outline that security is the major threat in the cloud computing (Phaphooma, Wanga, Samuel, Helmer, & Abrahamsson, 2015; Schrutt, 2013).
Although, cloud environment is considered to be increasingly secure relative to the legacy-based system, however, cloud environment is also not completely secure despite of the deployment of skilled manpower, powerful and large secure arrangement. Security threats also lie due to inherent technologies in cloud environment. Security vulnerabilities have been revealed by the several attacks occurred in cloud environments (Singh, 2014b; Singh, 2014c).
In order to strengthened cloud security, new standards and regulatory compliances have emerged (CSA, 2013). Majority of these clouds regulatory acts are limited to the country’s specific boundaries. Subscribers, particularly (SME based) and sole proprietorship are not aware of the standards and regulatory acts applicable to them (Singh & Kumar, 2013). Accordingly, this work is an attempt to assess the security offered by the major cloud providers, identifying the gaps and highlighting the risk owing to the absence of the security and finally a centrally driven approach has been proposed in order to empower the subscribers and to mitigate the security and privacy risk.