Forensics Journal - Stevenson University 2015 | Page 27
FORENSICS JOURNAL
Security in the Cloud
Jonathan May
(Griffith, 2013).) There are three types of cloud services that an
organization may choose to implement: Software-as-a-Service
(SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service
(IaaS). SaaS is a subscription-based service that allows business to
subscribe to an application and access it over the Internet (Griffith,
2013). A popular SaaS on the market is Sales Force. Sales Force
allows businesses to manage their sales from remote destinations and
interconnect sales trends in real-time. PaaS is similar to SaaS, but
instead of subscribing to an application, the business creates its own
custom application. All users within the company can then access the
custom application from any location. The final type of cloud service
is IaaS. Businesses are consumers of IaaS when they use a third party’s
equipment to support business operations, such as data storage,
servers, hardware, and networking components (Rouse, 2010).
INTRODUCTION
In 2009, a major incident occurred with Internet powerhouses
Twitter and Google. An unauthorized intruder accessed a significant
amount of Twitter’s corporate and personal records which were
stored remotely through the cloud-based application Google Apps.
The intruder gained control of this information by accessing a
Twitter employee’s email account, and thereby the remotely stored
information on Google Apps. Fortunately, no major financial
catastrophe occurred. However, the incident raised questions
regarding the security environment of cloud computing operations.
Cloud computing is a technology that allows users to store
information on virtual servers over the Internet. Users of cloud
computing technologies often hire third party cloud providers
to manage the data storage. Many businesses are becoming more
interested in outsourcing their data processing to cloud providers
because of the benefits the cloud offers; however, this fairly new
technology comes with potential fraud risks. The attack on Twitter’s
storage information servers identified weaknesses in the cloud
provider’s security measures and highlighted the importance of
implementing a dual security system to protect both the provider
and the customer. Fraud prevention and detection techniques used
by cloud providers and their customers can reduce potential attacks
aimed at cloud-based servers.
In a recent study, the International Data Corporation (IDC)
predicts cloud related services, such as SaaS, PaaS, and IaaS, will
become a $100 billion dollar industry by the year 2017 (Columbus,
2013). Many businesses have either considered using cloud services
or already done so. In most cases, there are two main parties involved
in the cloud: the cloud provider and the organization using the
service. A factor that makes the cloud so appealing to the consumer
is its cost efficiency. The cloud provider maintains the software and
hardware and offers it as a service, which ultimately saves businesses
from spending additional capital on purchase, installation, and
maintenance costs (Unal & Yates, 2010). Other beneficial factors
of the cloud include ease of accessibility and real-time access. Users
connected on a network over the Internet are able to access cloud
functionalities. The emergence of wireless Internet and Wi-Fi hotspots
has enabled cloud users to access and share company’s files from any
location at any time. As businesses learn more about what the cloud
computing industry has to offer, there will be a significant increase in
the amount of businesses offering cloud services, as well as businesses
utilizing the cloud service.
THE CLOUD COMPUTING INDUSTRY
Although the computer era began in the early 1940s, this advanced
technology was limited to government uses, such as the military.
The challenge emerged: how to shrink room-sized supercomputers?
And how to create a network of computers? The end results were
the desk-size computer and the Internet. The Internet offers massive
amounts of information while communicating and exchanging that
information on a global basis in real time.
DATA STORAGE IN THE CLOUD
Allowing users to access and share information over the Internet
has evolved into the virtual world of cloud computing. Cloud
computing allows users to store information on virtual servers
over the Internet. Users of cloud computing technologies often
hire third party cloud providers to manage data storage over the
Internet. On a more technical level, Nancy King, Oregon State
College of Business, describes cloud computing as a convenient
means of accessing information in real time from a “shared pool
of configurable computing resources,” such as networks, servers,
storage applications, and services, without significantly relying on
service provider interaction (King & Raja, 2012).
As the cloud computing industry matures, an increasing number
of individuals and businesses store data on cloud servers. Cloud
computing is open to any individual or business willing to pay a
third party for services rendered and/or to an internal server for
cloud-related functionalities. Not all data stored on the cloud is
the same as it reflects the business or purpose for using the cloud.
Entertainment businesses, such as Netflix or Pandora, use cloud
servers as infrastructures for their movie and music files. As a
service provider for movies and television shows, Netflix offers their
customers the ability to stream movies and shows over the Internet
and view them remotely from their homes through the use of cloudbased network services. Commercial businesses, government agencies,
and accounting firms use the servers to store sensitive information
The cloud industry appeals to businesses due to its cost efficiency,
faster response times, and flexible support. (Cloud users have the
ability to access data over the Internet, but the cloud of data is
essentially different w