Intuition
Published in

Intuition

Computer Science

Issues and challenges in Cloud Storage

Cloud computing provides storage services as a vitalized environment where a user has no control over the data. In such a situation, a user may ask questions like “where exactly is my data located?”, “what happens if I delete my data?” and “is the deleted data really deleted?”.

Photo by Christina Morillo: https://www.pexels.com/photo/software-engineer-standing-beside-server-racks-1181354/

From home appliances to industrial enterprises, the Information and Communication Technology (ICT) industry is revolutionizing the world. We are witnessing the emergence of new technologies (e.g, Cloud computing, Fog computing, Internet of Things (IoT), Artificial Intelligence (AI) and Block-chain) which proves the growing use of ICT (e,g. business, education, health and home appliances), resulting in massive data generation. It is expected that more than 175 ZB data will be processed annually by 75 billion devices by 2025.

The 5G technology (i.e. mobile communication technology) dramatically increases network speed, enabling users to upload ultra high definition videos in real-time and generate a massive stream of big data. Furthermore, smart devices, having artificial intelligence, will act like human beings (e.g, a self-driving vehicle etc) on the network, and will also generate big data. This sudden shift and massive data generation created serious challenges in storing and managing heterogeneous data at such a large scale. This story presents a state-of-the-art review of the issues and challenges involved in storing heterogeneous big data, their countermeasures (i.e, from security and management perspectives), and future opportunities of cloud storage.

Cloud storage architecture [by the author]

Storage in a cloud is a crucial part of the Infrastructure as a Service (IaaS). The lack of proper storage management in a cloud environment may lead to severe consequences. Cloud storage-related issues have been categorized as data security and data management issues. This article focuses on issues related to these two categories. Some of the points may overlap both categories, however, this distinction may help in understanding the challenges faced by cloud storage providers and tenants.

Data Security Issues

Data security is an important requirement for tenants as a right. Secure services attract users to store their data in the cloud. Companies providing the cloud storage services are searching for techniques that can control access to cloud data and improve security. With increase in the size of the data, there is also an increase in data attacks and interceptions. Cloud computing provides storage services as a vitalized environment where a user has no control over the data. In such a situation, a user may ask questions like “where exactly is my data located?”, “what happens if I delete my data?” and “is the deleted data really deleted?”.

Confidentiality Issues

Cloud storage is a collection of storage servers on which mul­tiple customers’ data is stored, which makes privacy a major concern. Furthermore, the customers dont know how and where their data is stored. The fundamental requirement for confidentiality of the information stored or processed in the cloud is the guar­anteed protection of confidential or sensitive information. Based on the requirements of a specific scenario, this may relate to all or part of the externally stored data, the identity of the users who have access to the data or the actions that the users take on the data. Encryption techniques are used to achieve confidentiality in such systems.

Integrity Issues

Data integrity is one of the most crucial elements of any sys­tem. Integrity requires that the authenticity of the parties (i.e. users and vendors) communicating in the cloud. In a standalone system, data integrity may be achieved with a single database using constraints and transactions. To insure the integrity of the data, transactions must adhere to the mostly used property in databases known as the ACID (atomicity, con­sistency, isolation and durability) property. But distributed systems are entirely different in complexity where multiple databases and multiple applications execution is a normal trait. In a distributed environment, data may be maintained at different sites. Therefore, any transaction involving data shared by multiple sites must be handled carefully in a way to avoid transaction failure and allow various distributed applications through a resource manager to be a part of the global transaction.

Photo by Brett Sayles: https://www.pexels.com/photo/close-up-photo-of-cables-plugged-into-the-server-2881233/

Data Access Issues

Issues in access to data in cloud storage are mostly due to security policies. For example, a small-level business organi­zation may use the services of a cloud provider for executing its business processes. Such organizations allow their employees to access specific organizational data according to their own organizational security policies. These policies may prevent some employees from accessing a specific set of data and allow them to access certain data. To stop intruders from gaining unauthorized access to cloud resources, a cloud must adhere to these security policies. The cloud must have the ability to allow organizations to integrate their security policies as well as keep organizational data within its boundary in the case when multiple organizations use the same cloud environment. The requirement of availability is; there must be a mechanism for verification of Service Level Agreements (SLA) between a user and providers which verifies that the user’s requirements are fulfilled.

Authentication and Authorization Issues

Authentication, in any system that needs foolproof security, plays a crucial role like an entrance door that allows only trusted individuals, to the premises of a cloud. Access to important information depends on authentication, therefore, due to its sensitive nature, the authentication process must be robust to ensure availability to authentic users. In combina­tion with cryptography, not only data confidentiality but also its integrity can be ensured by granting access only to au­thenticated individuals. Most of the security concerns can be mitigated through a sophisticated authentication mechanis.

Data Breaches

A cloud environment is usually shared among many cus­tomers to store their data. Therefore, a compromise of the cloud environment means a potential threat to the data of all users making the cloud an attractive target for attackers. R. Cooper in his report rated external criminals as the high­st threat contributing 73%. Similarly, insider threats received the minimum rating of (18%) but with the greatest impact compromising 375,000 records with a PRS of 67,500. The middle rating has been re­ceived by partners with 73.39% compromising 187,500 with a PRS of 73,125. The security provided by SaaS is argued to be better in comparison to conventional means, however, insiders may not have direct database access but it still raises a risk with a huge impact on data security. Employees of cloud providers can cause exposed to customers' private information since they have access to a lot of information. In order to avoid such complications, standards like PCI-DSS (Payment Card Industry-Data Security Standards) must be followed by SaaS providers.

Photo by Brett Sayles: https://www.pexels.com/photo/cable-plugged-on-a-patch-panel-2425567/

Data Management Issues

The data management issues have been categorized and briefly explained as follows.

Data Dynamics Issues

Data management in the cloud is considered to be untrustworthy due to the fact that it shifts databases as well as application software to large centralized data centres. This new paradigm introduces various security issues yet to be understood. Data dynamics support through operations in the cloud for example insertion, block modification, and deletion is a huge step in the direction of practicality as cloud services are not re­stricted only to backup and archiving.

Data Segregation Issues

Cloud computing architecture became popular because of its multitenancy nature. Multitenancy in the cloud through SaaS applications allows storage of data from multi­ple users simultaneously. This may create an opportunity for a user’s data to intrude into another user’s data since data of different users reside at a single location. This intrusion may exploit the application’s loopholes or by injecting the SaaS system with malicious client code. If an application injected with a masked code executes it without verification shows that there are high possibilities of intrusion into others' data. Therefore, cloud providers must ensure that the data of each user is bounded both at physical and application levels.

Virtualization Issues and Vulnerability

One of the major components of a cloud environment which en­sures that various instances running over a single machine be ghettoising from each other is known as virtualization. It is the source of major security challenges in a cloud environment which are not fully investigated today. The second issue is the administrative control of the operating systems, operating as guest and host systems and their imperfect provi­sioning of isolation and scalability issues. Many of the current Virtual Machine Monitors (VMMs) suffer from bugs allowing escape from VM. Therefore, “root security” is mandatory in such cases to prevent the host operating systems from being interfered with by any virtualized guest systems. Some virtualization software has been reported to have vul­nerabilities which could allow a local user or an attacker to skip certain security checks and gain illegitimate access. One such example is that of the Microsoft Virtual Server and Virtual PC vulnerability where a user of a guest operating system could be allowed to execute code on another guest op­erating system or even the host operating system itself. This could allow a raise in privileges which can lead to unautho­rized access to sensitive information.

Photo by Skitterphoto: https://www.pexels.com/photo/turned-on-laptop-with-flash-drive-plug-in-591647/

Backup Issues

The sensitive data belonging to various business enterprises must be backed up by the cloud providers to be used for fast recovery in disaster cases. Also, to protect against security threats like accidental leakage of data, various encryption schemes be used to protect the backup data. These encryp­tion schemes must be strong enough to resist modern attacks. Amazon as a cloud vendor does not encrypt the data by default at rest in S3. This control is given to the user to secure their backup data separately in order to protect against unauthorized access or tempering. Various tests can be per­formed to validate that a backup data is securely provided by the cloud providers. These tests include; i) Storage insecurity and ii) Configuration insecurity. Any flaws identified by these tests may be potential threats which can lead unauthorized users to access information which is sensitive and stored in cloud backups belonging to different enterprises.

Availability

The cloud applications guarantee around-the-clock services to a client. This involves architectural level changes in infrastructure and applications to attain availability and scala­bility. Multitier cloud architecture needs to be adopted, cloud architecture must also support load balancing of application instances, running on different servers. Cloud storage must be resilient to software and hardware failures. Further, it must be protected from both distributed denial of service attacks (DDOS) as well as denial of service DOS attacks. For any unforeseen disaster, an appropriate disaster recovery and operational sustainability action plans should be con­sidered.

Data Locality

In cloud computing, a client uses the application provided by the provider and their own business data, but the client is unaware of the storage location of the data in the cloud. This may lead to several issues and many cases. For example, due to data privacy laws in different counties, data locality is of utmost importance in enterprise business architecture. For instance in the many Southern American States and several countries in European Union, certain types of data may not be allowed to leave the country's premises because of the sensitivity of the information. Similarly, local Government’s laws and jurisdiction issues may arise in case of any type of investigation. A secure cloud model may be capable to provide reliability to its clients at the consumer data locality.

Despite the ease of use and economic benefits, cloud storage technology still suffers from numerous problems. The cloud storage architecture is mostly clouded by security (e.g, confidentiality, integrity, access, authentication, authorization and data breaches) and data management issues (e.g, dynamics, data segregation, backup, and virtualization).

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Afzal Badshah, PhD

Afzal Badshah, PhD

Dr Afzal Badshah focuses on academic skills, pedagogy (teaching skills) and life skills.