Ever Since the business enterprises are tempted to migrate data on cloud the threat of cloud vulnerability have become as ubiquitous as the cloud services and data. And these vulnerabilities are becoming more threatening with passing each day. It is highly complicated process to create software that are resistant to all the never ending data theft and attacks.To keep pace with the cloud software vulnerabilities they must be quickly identified and fixed before they become irresolvable issues of cloud security. We have already discussed that the software fraternity have to come together and identify these vulnerabilities, defines standards for reporting and resolving them. There are many aspects to understand these vulnerabilities that need careful attention by the cloud service providers.
The cloud infrastructure is a complex mixture of hardware and software services. The whole implementation is focused on achieving better throughput and availability, efficient utilization of resources while earning higher yields for the service providers. It must also minimize cost and response time for cloud clients.
The optimization of infrastructure is the best for making it cost effective and efficient but this will end up in increasing the complexity of whole setup. If the complexity is handled properly it is a good outcome. But if that is not the case a poorly executed complex design will leave patches that make the cloud infrastructure to compromise to external threats.
Cloud computing is dependent upon challenging parallel and distributing computing models. This kind of computing is impossible without resource sharing and virtualization. Resource sharing and virtualization is based on the trust based computing rather than providing user-centric model of computing. Ever since the network and communication evolved every standard of communication was user centric and never gave a space to a trust based model of data sharing and transmission.
The trust based model becomes a necessity with cloud computing since the users need to have complete reliability in the services and security while using cloud for their data storage. Depending upon the cloud service model the security can vary from low to extremely high moving between public, hybrid or private clouds.
When compared with PaaS and SaaS, IaaS model in cloud computing is complex in resource management, implementation and handling the security attacks. It is quite flexible for the end users that make it more vulnerable to network, communication and computing attacks.
Cloud Service Interface
Usually the cloud service provider offers interactive interfaces to the clients for setting up the personal cloud environment and other preferences. This user interaction is through a well-defined interface which may have some overlooked channels by the services which remain open. The services with these loopholes in their implementation become potential intrusion paths for the attackers.
These kinds of attacks are the most harmful for the data stored in the cloud. It is important for the service provider to protect the data servers and keep the data replicated along with data encryption mechanisms in place..
Virtualization is an essential aspect of cloud computing. A virtual environment defines a trusted computing base is defined by hypervisor made from hardware and OS. The user has the advantage of retaining a virtual machine to preserve the state in a file that is used to migrate and recover with a different virtual machine. This is a characteristic of using virtualization in cloud computing that makes servers of an organization to stabilize. But a latent infection in a virtual machine may infect the whole cloud data center when it gets active at a later stage.
Cloud environment involves very complex resource management. The complexity of resource management occurs due to involvement of various controllers that implement various protocols and policies for a variety of processes of resource management like load balancing, allocation, process control, energy optimization and quality of services.
The controlling of resources can be done by the controllers by using the feedback from the global state of servers that make the whole cloud system. The servers are distributed across countries and continents and the implementation is guided under the policies according to the locations. Getting the accurate data in real-time from the rapidly changing individual resources makes it more difficult. So the controllers must adapt to partial, incomplete, approximate or complete knowledge about the state of widespread servers.