Abstract
Cloud computing is a special form of technology that enables users to run all forms of applications without acquiring a physical infrastructure. In cloud technology, the user does not need to know the location of the data storage server, but instead he or she should simply be focused on storing and running the data when the need arises (Mowbray 2009, p. 46). This raises security issues given the fact the source of the server is not trusted as other users might have access to confidential information. Cloud computing allows the running of many computing processes on a single computer simultaneously while making effective use of virtualisation. The new technology allows partitioning and configuration of various physical servers into several independent virtual servers. Surprisingly, all applications function autonomously, but the user views them as a single device. Since virtual servers are non-existent, they can easily be moved around or scaled up without affecting the user.
Introduction
According to Pearson and Benameur, a cloud is defined as a large pool of resources joined together through virtualisation or work arrangement systems. The collected resources are managed dynamically to match the load using a pay-per-resource model. This form of technology allows a combination of hardware and systems software on isolated data centres including the services accessed through the internet. In many cases, publicly advertised features include suppleness, multi-tenacity, maximal source exploitation, and pay-per-use. Even though cloud computing offers a solution to many problems that organisations face regarding connectivity and data storage, it is accused of infringing on people’s security mainly because it might result in data loss, which causes mistrust among users (Osterwalder 2001, p. 36).
In this article, ethical issues surrounding the usage of cloud computing will be discussed. In particular, the paper will dwell on security issues, the claims of data loss, and trust issues that arise given the fact any user would not trust an application once it is known to impeach on their right for privacy. Cloud technology meets and surpasses the expectations of clients because it offers various options including IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service). Unfortunately, the various applications suffer from reliability tests because they fail to protect consumers. In some cases, services offered are unavailable and the client is likely to lose data, which amounts to great losses in organisations. Other issues facing the technology include convolution, high costs, legal tussles, and government regulation.
Privacy Issue
The issue of privacy is fundamental to many users in various parts of the world, especially in developed economies. In this regard, no individual would be comfortable with an application that does not keep his or her information safe (Goldberg & Wildon-Byrne 2009, p. 90). In such cases, an application might leak out important information that gives opponents an opportunity to attack and injure the user. In the business context, an organisation is always focused on keeping customer’s information secure not sharing it with another entity, but chances are high that other unauthorised users might access important data through cloud computing. An organisation is likely to lose trust among customers in case they realise that other people have their personal details (Cavoukian 2008, p. 56). Organisations are also prone to privacy issues, since they operate under tight laws, polices, and standards that must be maintained always through personally identifiable information (PII).
Pearson and Benameur noted that contextualising the issue of privacy in the application of cloud computing is critical, since the threats are different depending on the cloud scenario (Pearson & Benameur 2010, p. 69). Some cloud applications might have few threats, but it depends on the areas as well. If the service were commanded to process public information, privacy issues would not be an issue of concern, but the case would be different if personal information were involved. Processing information under cloud technology is a tiresome process that entails collection, transferring, processing, sharing, and storing and this would call on the individual to be extra careful, since some data might leak out to the authorised persons. If, for instance, an individual were using cloud technology to process people’s physical locations, penchants, calendar dates, and social networks, consideration of their privacy would be paramount (Mowbray 2009, p. 43).
Data proliferation and cross-border flow of information is another issue of concern that tends to invalidate cloud technology (Crompton, Cowper & Jefferis 2009, p. 118). Data owners might not be in a position to control the flow of information, since the technology makes use of CSPs, which ensures information is made available in various data centres before being processed. Through this, chances are high that information might circulate freely in other unauthorised jurisdictions. Alternatively, the data might be lost in the process of transfer.
Since information might be accessed elsewhere without owner’s knowledge, the issue of governance and accountability comes in where authorities are unable to manage circulation of information in the country (Goldberg & Wildon-Byrne 2009, p. 89). The government would face an uphill task of controlling information that is readily accessible to users elsewhere. For instance, if the company trades with an organisation in another country, and a disagreement occurs, the readily available information on cloud might be used maliciously to bring down its performance.
Security Issues
Security is very important, because it creates trust among users given the fact people’s data are sensitive, and they would not be comfortable sharing them freely. The first security threat entails access to sensitive information (Pearson & Benameur 2010, p. 67). In the global society, foreign governments, especially those in developed regions, monitor activities of individuals and organisations. The best place to access data is cloud, because storage is free and access is never denied. Home countries might have the right to access any type of information, but personal data are always confidential and no entity is allowed to view them. Unfortunately, consumers are not notified on whether their data is accessed by other entities (Crompton, Cowper & Jefferis 2009, p. 120). Data thieves easily access private information that is supposed to be viewed by CSP operators only. Cloud computing does not allow a separation of customer data in machines, which makes it easier for fraudsters to access them.
The second issue that arises out of cloud computing is the inability to control the lifecycle of data. In many cases, customers do not have the power to manage their data, since they are unable to delete information (Mowbray 2009, p. 44).
A customer might delete data, but he or she is never sure whether the deletion was successful, as the cloud administrators are the only ones permitted to do so. Once the data is lost through human error, it cannot be recovered, which is something that brings about security issues. Again, cloud technology does not pave way for backup, since the service is unavailable. Hosting data remotely should be recovered owing to the fact that a business unit might lose data by a mistake. The business cannot continue operating without the data, hence recovery is critical for its survival (Mowbray 2009, p. 46).
The third major issue is multi-tenancy, which is an architectural feature that permits running of software on servers of the SaaS vendors. This allows many clients to use the service without sorting out files (Hall & Liedtka 2007, p. 96). The role of software is to partition data and configure it to the main service to facilitate client organisation while applying a customised virtual cloud. Studies confirm that the model poses some security challenges. Under the SaaS model, clients are considered as tenants of various cloud applications that CSPs develop. Many organisations prefer storing individual and sensitive financial data in the cloud. The role of CSP is to ensure access to this form of data is restricted to owners only, but the case is always different because the technology does not have specified applications. To enhance the efficiency of cloud computing, many providers prefer to use job scheduling and resource management (Hall & Liedtka 2007, p. 98).
Data Loss
In cloud computing, data is lost in various ways, one of them being data breaches, which results in the loss of personal and credit card information (Tian & Chuang 2010, p. 569). Reports suggest that over one million people lost personal data through data processing and storage in the cloud computing system. In the United States, security agencies concluded their studies on cybercrime by arguing that cloud computing introduces significant avenues of attack. In another study conducted in Wisconsin University, it was proved that one user is able to listen to news meant for another user on the VM, since the information is posted on the host service freely (Ryan 2010, p. 36).
Specialists refer to this kind of behaviour as side-channel timing exposure. Many organisations are concerned with this behaviour, since critical information might fall in the hands of the competitors; yet recovering it is problematic, since it might be deleted once it is received.
Data breach is an outcome of malevolent and perhaps invasive action. On the other hand, data loss is said to take place when the disk drive is destroyed without a backup, and this might happen when the owner loses the unlocking keys. Recently, Amazon.com lost huge amounts of data when the EC2 device suffered from a re-mirroring storm, and analysts identified that it was because of human error (Tian & Chuang 2010, p. 576).
If an individual’s information is attacked maliciously, chances are high that data might be lost in the process. In the current society, many people have suffered from the activities of fraudsters who hack into their Google and Twitter accounts with the aim of destroying data. In 2012, one of the cloud computing users complained of a case when his Gmail account was hacked and baby pictures had been deleted without his knowledge (Goldberg & Wildon-Byrne 2009, p. 90).
Account hijacking is an issue of concern for many persons even though it is considered a minor problem. In fact, many organisations have lost important data as a result, but the issue is yet to be addressed with the seriousness it deserves (Friedman & West 2010, p. 13). Phishing, abuse of software vulnerabilities, such as buffer runoff assault, and loss of passwords and important information are some of the issues facing clients, and they all have the potential of causing data loss (Khaled & Qutaibah 2010, p. 26). If an individual is under control of company’s data, he or she could manipulate it, offer false or damaging responses to clients, conduct transactions, and redirect clients to other sites, especially to competitors. Hijackers might try to gain credentials through the account of a prominent member of a society, and this would be done by deleting some information.
Trust Issue
The service providers of cloud computing are always focused on offering flexible services to clients, and this serves as the motivating factor to customers. However, data privacy and security are issues of concern leading to mistrust, as some clients prefer using other services with the hope that they might be secure (Friedman & West 2010, p. 12). Financial institutions and healthcare organisations value the security and privacy of their client’s data, since they are likely to lose business to their competitors in case they fail to protect their clients. Such organisations are able to thrive well if they are in a position to offer quality services.
If their clients suspect that their data might be available to other unauthorised persons, they are likely to cut links and look for other providers that will protect their interests (Ryan 2010, p. 36). When using the internet services, customers are not guaranteed of controlling cloud resources and this makes them keep off from utilising technical mechanisms.
Trust is a complex aspect that few organisations would develop among their clients. It entails a psychological state that involves an intention to accept susceptibility based on optimistic expectations (Pearson & Benameur 2010, p. 697). One of the ways of facilitating trust is offering high security services to clients. This does not mean that clients would trust an organisation if it offers them a safer service. Recent studies argue that security alone does not enhance trust in cloud computing technology implying that something extra has to be provided (Crompton, Cowper & Jefferis 2009, p. 115). If customers are to engage in e-business, they should be assured that any other unauthorised person would not access their credit card information. Reputation is the second aspect of trust, since clients would be willing to engage in business with any company that is highly regarded.
When analysing the issue of trust in cloud computing, various factors should be considered, some of them being social aspects while the others are technological features. If the organisation is able to maintain trust of its clients for a long time, popularly referred to as persistent trust, it has to develop social and technological mechanisms. Some scholars refer to this type of trust as static, since it is not expected to be altered soon (Cavoukian 2008, p. 25). Another form of trust is dynamic, which is specific to certain contexts whether shot-term or long-term. In case the organisation is to provide consistent trust to its clients, it has to do everything to improve its hardware, as well as software. Implementation of policy is enabled through trust, but cloud computing suffers from this aspect (Gaurangkumar & Minubhai 2012, p. 540).
Conclusions
Cloud providers are charged with the role of ensuring the privacy and security of their customers are enhanced, because this would determine their future. Customers are reluctant to utilise a service that does not allow them to preserve their data. If the customer realises that another person would access his or her information, he or she would tend to keep off from the service. The business environment is very competitive and any mismanagement of data might lead to losses. Recently, many individuals, as well as organisations, have reported loss of data, which affects the public trust towards cloud technology (Ryan 2010, p. 37).
Financial and health organisations deal with sensitive clients, and their security and privacy are paramount. Therefore, cloud computing faces a great challenge of ensuring that clients’ data are safeguarded to facilitate the development. Currently, the technology suffers from credibility, and concerned individuals should work hard to redeem the image of the technology. For instance, individuals whose data were lost because of malice would be reluctant to utilise the services offered under cloud technology. Handling information on cloud should be made a top secret, since it would encourage many people to store their information on the servers without fearing to lose it.
Recommendations
- Adoption of safe public cloud systems would be the first step towards redeeming the image of the technology. Currently, the technology is faced with the challenge of public trust, because it does not facilitate security of data and privacy of clients’ files. Many individuals have lost important information due to human error.
- The second step towards improvement of the service is responsible management whereby employees are not allowed to temper with the customers’ data. It is unfortunate to note that employees can access customer information and circulate it to others.
- Third, all cloud service providers should be subjected to tight laws, since compliance would be the first step towards resolving the issues facing the technology. Sanity would be restored in the sector in case governments intervene (Goldberg & Wildon-Byrne 2009, p. 100).
- Finally, service providers should be in control of data flow to prevent hijacking and hacking of important data.
List of References
Cavoukian, A 2008, “Privacy in the Clouds,” Identity Journal Ltd, Vol. 1, no. 2, pp 22-45. Web.
Crompton, M, Cowper, C & Jefferis, C 2009, “The Australian Dodo Case: an insight for data protection regulation”, World Data Protection Report, Vol. 9, no. 1, 114-143. Web.
Friedman, A & West, D 2010, “Privacy and security in cloud computing,” Issues in technology innovation, Vol. 10, no. 3, pp 1-13. Web.
Gaurangkumar, K & Minubhai, C 2012, “Customer Trust as A Service’ for the Cloud,” CUBE, Vol. 12, no. 1, pp. 537-543. Web.
Goldberg, NM & Wildon-Byrne, M 2009, “Securing Communications on the Cloud,” Bloomberg Law Reports-Technology Law, Vol. 1, no. 10, pp 89-102. Web.
Hall, JA & Liedtka, SL 2007, “The Sarbanes-Oxley Act: implications for large-scale IT outsourcing”, Communications of the ACM, Vol. 50, no. 3, pp 95-100. Web.
Khaled, M & Qutaibah, M 2010, “Establishing trust in cloud computing,” Computer Society, Vo. 9, no. 1, pp 20-26. Web.
Mowbray, M 2009, “The Fog over the Grimpen Mire: Cloud Computing and the Law”. Scripted Journal of Law, Technology, and Society, Vol. 6, no.1, pp 1-47. Web.
Osterwalder, D 2001, “Trust through evaluation and certification?” Social Science Computer Review, Vol. 19, no. 1, pp. 32-46. Web.
Pearson, S & Benameur, A 2010, “Privacy, Security and Trust Issues Arising from Cloud Computing,” Computer Society, Vol. 1, no. 2, pp 693-701. Web.
Ryan, M 2010, “Cloud Computing Privacy Concerns on Our Doorstep,” Computer Society, Vol. 54, no. 1, pp 36-38. Web.
Tian, L & Chuang, L 2010, “Evaluation of User Behavior Trust in Cloud Computing,” Computer Society, Vol. 1, no. 3, pp 567-571. Web.