A Review Paper on Cloud Computing and its Security Concerns

Cloud computing in the present scenario is a developing and fast growing technology that is being widely used around the globe. It utilizes the power of Internet based computing and here the data, information and other resources are provided to the user via computer or device on-demand. It’s a new conception that uses virtual resources for sharing data has evolved. Yahoo or Gmail are some suitable examples of cloud computing. Various industries that include health care, banking and education are drifting towards this technology, all because of the efficiency provided by the system which is powered by pay as you use model and hence it takes care of the bandwidth, data movement, transactions and storage information.


I. INTRODUCTION
Cloud is a common representation uor an Internetaccessible organization which is hidden urom users.Cloud Computing can be described in simple words as a combination ou technology that provides hosting and storage services over the internet.Cloud can be classiuied into public, private or hybrid.
With the increasing popularity ou Cloud based system, the cloud operators have been targeting at its consistency, sauety, privacy-preserving and cost-euuicient cloud design.Requirements ou Cloud applications vary based on the resources which are demanded as services.Thus, the resources may rise to heavy computation resources, large storage resources, high volume network resources and so on.Cloud computing in other words is a standard term uor conveying hosted work over the Net.It ouuers abundant beneuits uor the initiative, though; there are also a number ou issues, as with any new technology.And one ou the major concern relates to the sauety and privacy ou client inuormation in terms ou its placement, accessibility and security.Cloud computing may also be reuerred as permitting a network ou remote server hosted over the internet to store, manage and process data.

Cloud computing allows customers and industries to utilize applications via internet on any computer
directly without any established connection and access to their private files.The user uses the information and resources and in turn they just need to pay for the service in order to save time and money without including any third party.In the process of Cloud computing the services are provided by the enterprises and accessed by the users over the internet.

III. DEPLOYMENT OF CLOUD SERVICES Deployment of cloud services
There are four assorted types of cloud preparation models viz.: "Private cloud", "Public cloud", "Hybrid cloud" and "Community cloud".Information about theses are given below: This cloud computing is very similar in nature to public cloud and includes "scalability" and "reliability".But the main difference in private clouds is that, it is designed only for a single organization.

Public cloud:
In public cloud, the cloud seller at the vendor's places hosts the computing model.The consumer has no perceptibility and power over where the computing model is hosted.

Hybrid cloud:
This is basically the joint venture of the public and private cloud system working together.

Community cloud:
Community cloud: a cloud that is mutually used by various organizations and is commonly framed-up for their special requirements.The framework may be closely-held and operated by the organizations or by the cloud company provider.
The nature and mode of services offered by the cloud computing providers to the cloud clients is defined into three fundamental models: 1) Software as a Service(SaaS): Also called as 'On-demand software', SaaS is a layer of cloud computing that allows the users to have access to information and application required, not locally, but, from a remote server or facility via Internet.The client can access such services on their laptops, desktops, mobiles, browser etc. on a pay-per-use basis.
Security of data is a major concern when it comes to the user's data being stored on the cloud.2) Platform as a Service(PaaS): Even if we have a software available ondemand on the cloud sometimes the local machine is not efficient enough to deliver a high processing power required for certain applications.This problem is solved by the cloud providers who provide platforms, basically compilers, interpreters, webservers, assemblers, virtual environments, Processing engines , development environments operating systems, programming language specific program specific execution environments.So this allows application developers to develop applications without caring about the software and hardware layers, and the amount and complexity associated with them.This layer makes scaling the business an easy piece of job as the cloud providers scale the processing power and the requisite resources automatically, to meet the application development requirements.

3) Infrastructure as a Service
The services that support a software and platform service, are the infrastructural services.These basically include the services pertaining to the hardware resources that support and the software and platform services of the cloud providers.The cloud providers facilitate a cloud infrastructure for installing the software and the platform.
Cloud Services: SECURITY IN CLOUDS Gartner an American information technology research and advisory firm recently suggested that cloud computing as used for service-enabled applications still had seven years until it reached market maturity.Some of the problems it faces till now includes scalability, interoperability, shared environment and security, not to mention more business-focused topics.There is no denying the fact that Cloud resources are virtualized, different cloud service users share the same infrastructure and platform for building application and to store data.One key interest is affiliated to architecture set, asset alienation, and data segregation.Any disapproved and ferocious access to cloud service user's delicate data may accord its wholeness, secrecy and privacy.

A. Cloud Threats:
Several of the threats that were analyzed over a period of time, and it was found that a large amount of data was compromised by Thefts and Unauthorized Access.Other small percentage of security threat was due to Loss, Combination, IT incident, Improper Disposal etc.

 Security
Security can be defined as "how information can be locked safely".The fact that the priceless enterprise information will dwell outside the firm firewall raises grave concerns.Many high sensitive data can be exposed publicly if necessary measures are not taken.Hacking and different attacks to cloud structure would impact multiple clients even if merely one site is broken into.These risks can be impaired by using safety applications, encrypted data file scheme, data loss software, and purchasing security hardware to track out-of-the-way conduct across servers.

 Distributed Responsibilities
The main security issue is that the user must check before uploading the delicate data into the cloud storage.They must also take decent security measures such as using 32-bit encryption.This is a vital part because data can be secured if it is encrypted before saving it in the cloud store.Thus, STEVEN MATHEW ET AL.: A REVIEW PAPER ON CLOUD COMPUTING even if intrusion happens, there is a very minimum chance of the data getting stolen.Encryption in the cloud is given in the diagram below.

C. Challenges Faced In Cloud Computing
These are some of the challenges that are needed for security and their knowledge is necessary for mitigation purposes.

Privileged User Access:
Any client that accesses data outside the enterprise then the user has to take permission or buy membership for prevention of data leak.

Data Location:
The client shouldn't know where the data is stored or the place form where the data is being propagated (hosted).

Availability:
Data should be available everywhere even when the range of company is not available at that moment.This is called anywhere-anytime availability of software.

Regulatory Compliance:
The hosting providers should never allow external audits or allow installation of external new security certificates.

Recovery:
If under any condition the data is ruined by any disaster, man-made or natural, the providers should be able to deliver the backup data to the users on time.

C. Security Risks in Cloud Computing
Cloud Computing helps us to access data and information for particular organization.Hackers and Attackers have found out loopholes to gain access to these information.IP Spoofing is known as analysis of the data that is being sent over the network.When data is sent over the network the attacker manipulates the data.The manipulation is done in a way that the IP address of the trusted system and then modifies the packet information and then sends it to the receiving system.

DDOS attack:
In this attack, DDOS the attacker spoofs the information and sends many requests of the data.The server gets confused and doesn't understand what to do with all these request and finally ends up giving up authenticated data.The basic diagram of a DDOS attack is below:

Malicious Insider:
The insiders such as the employees or any user can manipulate the data, such that they can even sell the information to other organizations.Any this causes severe data leaks in cloud computing.

Data Loss or Leakage:
There are two process taking place when data is being transmitted from host to client.First of all, data is being stored in a far of place and secondly, data transmission happens from one mode of execution to modes that are multiple in nature.Thus, if any modification happen in between, the loss or leakage of data occurs

Malware attack on VM:
Cloud Security can be compromised by the unwanted Vm-based virus or tool-kits that are used to cloak the information sent to the server by the user.Same process can happen when the data is being sent form the server to the client.These viruses or malwares are also used to store the data such as registry information, system logs, and security program details.This flow charts shows us how these risks are interrelated: But security & privacy issues caused by hackers and crackers and many security researchers have concluded that due to loss of control, invalid storage, access control and data boundary.The cloud computing is insecure and many preventive measures have been implemented over the time to reduce such risks.
V. CONCLUSION Cloud computing is the newest technology that is becoming very popular now-a-days.This is a developing technology due to its applications in various fields like testing & development, big data analytics, file storage etc. Cloud Computing and their services are new but many new organizations are implementing the cloud services but there is always a risk of data breaching.There are more chances for data breaching for the organizations that implements the cloud services rather than the other that don't.Malware injection is also a big problem in cloud services due to this the attacker can easily steal the sensitive data ou organization.Cloud companies ouuer real beneuits to the companies seeking a competitive edge in today's economy.
The biggest and scariest concern about cloud computing is that privacy and security doesn't come in the package, because while companies are sharing data with each other, critical data is being exchanged, the chances ou data leakage and data theut is an undeniable uact.
So every company should have a reliable security measures to implement the technology to protect the data ou the client.While many clouds have uirewalls and intrusion prevention, but they are not tailored to meet the clients' speciuic system.

Fig 1 .
Fig 1. Deployment Methods in Cloud Private cloud:

Fig 2 .
Fig 2. Showing the three types of Cloud Services

Fig 3 .
Fig 3.The Statistics of Various Cloud Threats B. Technical Issues:

Fig 4 .
Fig 4. Encryption in the cloud . . Fault tolerance and failure recovery The data centers are merely responsible to process tremendous amount of data each day.Cloud services can face the problem of loss of data due to the failure of the system of the cloud.The shortage of power supply, low space or break down of the main system could lead to failure.

Fig 5
Fig 5 Showing IP Spoofing attack by modifying packets

Fig 6 .
Fig 6.Showing the multi-requests sent by the attacker Insecure Interface: Interface is the model that helps the client to adhere to the cloud internal software.Management of data, identity management, monitor service and other functions that happen on the cloud are done through these interfaces.If interface is not secure, then data theft is very easy.

Fig 7 .
Fig 7. Showing the risks that cloud computing faces.