Assessing the Risks and Opportunities of Cloud Computing

978-1-4244-9008-0/10/$26.00 ©2010 IEEE 138

Assessing the Risks and Opportunities of Cloud

Computing – Defining Identity Management Systems

and Maturity Models

R.PalsonKennedy

Research Scholar, A.P, RREC

Anna University, Chennai-95, India

[email protected]

T.V.Gopal

Dept of CSE

CEG,Anna University,

Chennai-25, India

Abstract— Despite the potential that Cloud Computing has for

revolutionizing every aspect of the software industry, there are

significant shortcomings in the area of security and risk

assessment and mitigation. The basic value proposition of

Cloud Computing is that by leasing applications online,

companies have the potential to significantly reduce their

operating costs. What is not often pointed out however is the

fact that identity management on Cloud Computing platforms

is still in its nascent or very embryonic stages. Often identity

management systems fail to fully protect all assets of a given

Cloud Computing platform as role-based access has yet to be

defined and implemented. Lacking is a protocol stack of Cloud

Computing Identity Management and a maturity model to

assist organizations in assessing their relative levels of risk. The

intent of this analysis is to provide the frameworks for both the

protocol stack and maturity model for Cloud Computing

platforms.

Keywords- Cloud computing,Risk,Security,IMS

I. INTRODUCTION

A. Assessing Cloud Computing

The collection of technologies that comprise the Cloud

Computing platforms being sold as services today have been

in existence for decades as the basis of enterprise systems

and platform deployments. Specifically including

integration platforms including Enterprise Application

Integration (EAI), networking platforms and products and

servers, and strong reliance on TCP/IP, with the inclusion of

data center virtualization algorithms to ensure their

scalability, Cloud Computing platforms are an outgrowth of

enterprise-wide networks that had been created in previous

decades.

Despite how time-tested these core components are, the

relatively recent developments in Web-based application

development have created security vulnerabilities at the

application and also at the service provider level. Given how

cloud providers must integrate disparate, often conflicting

database together to create a multi-tenancy platform the

tendency to cut corners and do AJAX-based scripting that

exposes an entire application online has been known to

occur. The underlying technologies are fundamentally sound

yet the cloud providers in many cases are not taking all

necessary

Precautions in creating multi-tenancy and secured client

locations on their servers. Often organizations contracting

with cloud providers may be attracted to the very low prices

offered for hosting yet have no idea of the risks and potential

security lapses that could result due to the providers’

unwillingness to invest in adequate Web-based security.

Studies indicate the plummeting prices of Cloud storage and

application hosting are partially driven by the cost reductions

made possible by cutting corners on security. To have an

appreciation of the trade-offs being made from a security

standpoint, it is imperative to understand the levels or

fundamental structure of Cloud Computing. Fig. 1 presents

the structure with Infrastructure-as-a-Service (IaaS) at the

bottom of the protocol stack, as this is the foundation on

which Cloud-based platforms are built. IaaS is comprised of

those technologies which have the greatest number of years

in use and as a result many of them have advanced security

and encryption algorithms associated with them. Servers,

networking, data centers and storage including storage area

networks (SANs) have advanced authentication and

verification technologies associated with them, many in

single-instance installation.

Figure 1: Fundamental Structure of Cloud Computing