Let’s write about my work since I am not able to write much about my daily life sitiuations and stuff related to being an Egyptian who used to live in a 16 million city “Cairo” and now finds himself in a semi-disney land with 3000 people around….
As an emerging technology, cloud computing attracted researches for market development. Cloud computing markets at $36 billion in 2008 are expected to reach $160.2
billion by 2015. The importance of cloud computing lies in the scalability of its resources and the ability to provide companies with specialized IT services in accordance
with quality standards that can serve a company’s vision. However, sharing information on the cloud introduces lots of risks that arise between the client (e.g. company) and the cloud computing service provider. Depending on the sensitivity of information, these threats are coupled with legal issues regarding the accessibility and manageability
of information among the stakeholders involved in cloud computing based IT solutions.
In its simplest form, cloud computing is an internet-based collection of tools, APIs, networking and computing means of utilizing a provided IT service which is legally described in a service-level agreement. Cloud computing enables the client to acquire virtual computing resources and development capabilities to build or support applications, or perform specific IT functions on a pay-as-you-go basis.
The services that a cloud provider can deliver are: Software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS).
Currently most of the threat analysis methods lie on the cloud side. Most of the companies that provide cloud services want to secure their side to provide a ground base for successful marketing for their products to customers by claiming secure services. Recently the Cloud Security Alliance group provided guides for companies to decide on migrating their services to the cloud or not. Research for threats arising from the client presepective is an issue that is not given much importance. Cloud services can be misused by clients registered by crossing a trust boundary that claims secure user authentication and identification. For example, Microsoft Azure provides a service by which developers can code their software, configure instances and put it for installation on the cloud. This opens a door for malicious code, spamming bots, denial of service attacks on the cloud to be implemented. The question is: Can threats arising from the client side be addressed before they actually explode on the cloud?
Another question: What if we consider internal services that a client can use without migrating to the cloud, how can a proper risk-cost evaluation on the client side taking into account fixed and variable costs of deploying internal solutions or migrating to the cloud be done?