User concerns in Cloud Computing Environment

Faraz Khakwani1, Ufaque Shaikh1, Azhar Ali Shah1

A H S Bukhari Post Graduate Centre of ICT,
Faculty of Engineering and Technology,
University of Sindh, Jamshoro, Pakistan

[email protected]
[email protected]
[email protected]

Abstract
The acceptance and migration to Cloud computing as an inexpensive utility service has taken
over the industry and market by storm. Especially during recent pandemic, once the online e-
commerce and industry has been capitalized by giants like Amazon, Ali Baba and other online
grocers, the utility of the cloud has become exponential. With multiple delivery and service
model, users are conveniently attracting to the cloud-based businesses and thus a vast growth of
data has also been seen. Despite acquired benefits, there are reservations, challenges and risks
especially security and privacy related to cloud paradigm. Furthermore, there are expert
management, governance, interoperability, migration and performance issues affecting the cloud
services. In this paper, shortcomings and user concerns related to the cloud-based applications
have been discussed in detail.
Section I.
Introduction
Rapid growing IT industry has been seen with advent of emerging and cutting-edge technologies
like advance processors, storage, encryption, hyper automation, distributed cloud and AI
governance, distributed network and connectivity. The interest of users increased manifold
during recent pandemic where online learning and working have become a mandatory option.
The on-demand services increase has strained supply of unlimited storage and services alike for
users and entrepreneur. The volume of data generated is around 2.5 quintillion bytes per day
reaching 40 zettabytes of data in cloud-based applications and expected to reach 181 zettabytes
by year 2025 [1]. Although percentage of unique data is not ascertained yet this growth [2] of
data has attracted vendors for provision of storage and backup facilities estimated $76 billion of
investment in storage by 2021 [3].
Despite acquired benefits, there are reservation, challenges and risks involved in cloud
environment specially security and privacy related to cloud paradigm. Furthermore, there are
expert management, governance, interoperability, migration and performance issues. In this
paper, shortcomings and user concerns related to cloud-based applications have been discussed
in detail.
Section II
Cloud Computing Risks & Shortcomings
Cloud computing challenges have been broadly classified into six main categories: Resource
Management & Utilization, Privacy & Security, Load Balancing & Distribution, Availability and
useability, Inter-cloud operability & Migrations and Contractual & Legal issues. Each of these
issues are affecting the efficacy of cloud environment and their impact on users.
A. Resource Management & Utilization
The most significant challenge for CSPs and users is resource management and utilization.
The cloud data centers have large resources and equally large demands. This enhances the
need for establishment of data centers with significant power, infrastructure, cooling,
network resources for optimal provision and cost. Every clock cycle and bit count and
therefore, optimization of resources for cost reduction and optimal provision is the hallmark
of today’s cloud environment. Areas need focus and user concerns are: -
 Geographical selection of area for maximum coverage
 Availability of space for building large infrastructure
 Power arrangements for round the clock energy needs
 Cooling units for sustenance of hardware heating issues
 Energy efficient systems
 Cost effective utilization of resources
B. Privacy & Security
Often taken as same entity yet the terms privacy and security may be treated as separate.
Privacy deals with the amount and extend to which an owner is willing to share that
information with other users. Security on the other hand deals with value of information,
threats and risks to the availability, confidentiality and integrity of information system and
information itself. It is one of the major concerns that users have specially business and
banking related organization due to business secrets and associated monetary transactions.
The security issues to each cloud deployment model are different. SaaS model issues are
related to confidentiality of data and access mechanisms because SaaS customer is
responsible for the safety of it. Customer has to understand what data is being published or
shared on cloud, who will share it and what level of safety is required to safeguard this
information.
Another aspect is the role of SaaS service provider. Hackers assess the value of the SaaS
providers and the value of services they provide. Additionally, they also recognize the
development procedures and processes thus this vulnerability is largely exploited by the
potentials hackers to attack large assets. This is evident by the development of ransomwares
like XcodeGhost [4] and GoldenEye [5] which are targeting users using SaaS security
vulnerabilities. Customers usually don’t scrutinize security policies of CSPs and similarly
third-party auditing is not be done hence security risks and breach of confidentiality are
evident.

In SaaS, common security susceptibilities to data and access are [6]: -

 Stealing of data by malicious actor over a cloud application
 Poor accessibility control of sensitive data
 Inadequate ability to monitor data transfers within cloud applications
 Shadow IT applications provisioning
 Lacking expert cloud security managers
 Failure to prevent theft or misappropriation by malicious insider
  Specialized threats and attacks against CSP
 Lack of user assessment about security mechanism of CSP
 Lack of knowledge and will related to regulatory compliances
Protecting IaaS data is even critical as the customer responsibility extends to network traffic,
operating systems, and application development leading to additional threats. Threats to IaaS
extends beyond access to data and IaaS hostile takeover may be exploited as an attack vector
to other enterprise infrastructure or third party. Malicious insiders also tend to exploit shadow
IT applications, misconfigurations and vulnerabilities in virtual environment to gain access to
hardware for breaking encryption, authentication, phishing or flooding attacks.
Building IaaS is challenging and it is vital to assess own ability to control access and prevent
thefts. Standard measures must include data entry over cloud, resource allocation and
modification mechanism, tracking abnormal transaction and behaviors, network analysis,
traffic monitoring, and signal processing to protect IaaS deployment at large. Some of the
threats to IaaS [6] are enlisted as under: -
 Shadow IT [7]
 Access control over sensitive data
 Data theft by malicious insider
 Lack of skilled staff to secure cloud infrastructure
 Lack of visibility about cloud data
 Inability to avert malevolent insider
 Incapacity to prevent data loss
 Lack of reliable security controls over multi-cloud and on-premises environments
 Advanced threats and attacks
 Inability to cloud monitoring for application and network vulnerabilities
 Lateral spread of an attack between inter-clouds
Additional threats that need emphasis in multi-cloud infrastructure are: -
 Lack of reliable security controls in a mix of traditional server and virtualized private
cloud infrastructures
 Complex infrastructure results in more time and effort for security policy
implementation and maintenance
 Lack of skilled staff to manage security for a software-defined data center (i.e.,
virtualized computing, storage and network)
 Partial visibility over security and usage in cloud infrastructure
 Data breaches
 Misconfigurations
 Inadequate control over change monitoring
 Inadequate security strategy
 Insufficient credential and access management
 Account hijacking and man-in-the-middle
 Insider threats
 Insecure interfaces
 Frail control plane
 Metastructure and Applistructure failures [8]
 Exploitation and reprehensive use of cloud services
C. Load Balancing & Distribution
Once we talk about storage utilization and high performance, load balancing and distribution
is imperative. Main aim to develop or establish an algorithm that can assign tasks to nodes in
a cloud to predefined criterion, limitations and performance requirements. The incoming
requests are routed to nearby and easily accessed resource. Load balancing can be of
network, memory, CPU or storage [9]. Another important facet of load sharing is that the
load on virtual or physical resources be distributed optimally. Single machine running with
90% CPU cycles is better than two machines running with 45% load each. Because the cost
increases with the amount of resources committed although remain unutilized. The
committed resources will invariably use electricity, require cooling arrangements and
wastage of valuable resource lying dormant. Challenges in load balancing and distributions
faced by cloud users are appended below: -
 Configuration and security issues in software-based cloud load balancers
 Network and bandwidth requirements for spatially distributed cloud nodes
 Non-availability of resources (scalability issues)
 Single point of failure where master node is controlling load balancing algorithms
 Complex load balancing algorithm
 Heavy CPU utilization of by complex algorithm for large cloud resource
 Replication of data i.e., Partial or Full
 Additional storage requirements / issues in case of full replication of data

D. Availability, Useability & Scalability

Availability & Usability
Availability is the idea of making cloud services, tools, products and infrastructure available
to the customers and the employees all the time using any of the technology with an internet
connection. It is measured by the time services are available to the users. Clustering and
redundancy are implemented with shared data to achieve high availability in a cloud. A fault
tolerant is system is also called as high availability as multiple instances are available in
clusters and whenever a system goes down the services are shifted to other system in a
cluster thus users get a feeling of high availability or no downtime. Useability on the other
hand deals with the degree of ease by which the cloud services are availed and used by the
users. Cloud biggest advantage are the utilities pay-as-you-go and on-demand service which
increase usability of the cloud infrastructure. Usability in cloud storage is the allowance of
users to drag and drop file and folder between local storage and cloud storage. If bandwidth
is high then users can simply share the web link to the file rather sending complete data and
the visitors can access that resource without downloading it. Some of threats to the
availability & usability of cloud service are: -
 Hardware failures
 Network bandwidth issues
 Unforeseen software downtime
 DoS attacks [10]
  DDoD attacks [11]
 Disgruntle employee / malicious insider
 Resource exhaustion
 Unplanned upgrades and changes
 Technical debt. [12] The accumulation of changes, bugs and fixes required the
software to undergo
 Outside dependencies
 Is cloud service error tolerant?
 Effectiveness of cloud services depending on bandwidth issues
 Ease of learning and use in case of multi-cloud environment
Scalability
To meet the user changing demand the cloud must be saleable i.e., it has the ability to
decrease or increase the resources according to the demand. Sometimes scalability is
confused with elasticity. Elasticity on the other hand is the response that a user gets from the
cloud services model in reaction with his demands in terms of ease in sending request,
provision of resource in response to the request received and release of that resource once it
is no longer required. In a scalable cloud, it is important to augment resources whenever the
demand escalates, in order to keep applications execution at the desired level. An application
is said to scalable when its efficiency remains at par with the problem size. Scalability
increases efficiency, throughput and it’s the hallmark of cloud popularity. Issues concerning
scalability are: -
 Application-level scalability is complex
 Loose coupling has undesirable effects on dependency and scalability
 Resource sharing between users is hard specially information sharing under
dependency constraints
 Scalability need infinite money, bandwidth, skilled manpower and performance
overheads therefore difficult to manage
 Limitation of hardware / software viz a viz scalability
E. Inter-Cloud Operability & Migration
Users are more concern with the use and availability of cloud services. It gives them great
uncomforting that the services cannot shift or work on some other geographical location due
to non-availability of particular vendor or cloud services are not compatible with among
CSPs. This give rise to the concept of portability which is the ability of one service to be
easily transferred to other cloud service and collaborate effectively across multiple cloud
platforms. Data portability is the ability to easily move data from one cloud service /
application to other. Similarly cloud application portability is ability of migrating application
within federating cloud or from one cloud to a new cloud. Scenarios where interoperability
and portability are used are: -
 Customer wants to switch from one cloud to another due to enhance serviceability or
monetary reasons
 Customer is using similar services from two different CSPs and now want to
converge to one.
 Customer want to link one cloud services to other cloud service for expansion of
business or availability of particular service with that CSP.
  Transition with legacy systems or private cloud to advance new or public cloud
 Transition with different service models i.e., from SaaS to IaaS or vice versa
It is needless to ponder that interoperability and portability is the need of the day and
thousands of businesses are requiring to use cloud services and want an easy shift. Similarly,
interoperability reduces complexities of conversions, interfaces and gateways to pave way for
easy migration. Ultimately, more the flexibility to the customer from moving or adopting
cloud services. Migration is another concern that users have in cloud operating environment.
Figure 1 explains different migration model required by the customers [13].

Figure 1: Cloud Migration Models

To overcome ensuing issues, ISO has recently published ISO/IEC19941:2017 (Information

technology — Cloud computing — Interoperability and portability) [14], emphasizing
consensus between cloud terminologies and conceptual framework. The National Institute of
Standards and Technology (NIST) and the Institute of Electrical and Electronic Engineers
(IEEE) proclaimed a collaborative effort to meet the growing demand for standards that
address “intercloud” interoperability. This initiative brings together efforts from the NIST
Public Working Group on Federated Cloud with those of the IEEE Intercloud Working
Group, which is developing IEEE P2302TM—Standard for Intercloud Interoperability and
Federation. Finally, the Cloud Standards Customer Council (CSCC), who published his first
“Interoperability and Portability for Cloud Computing: A Guide”, is now formulating an
update constructed on the ISO standard [15]. Beside these efforts there are some concerns
users have for the interoperability and portability of cloud services.
 Rebuilding of applications or stack in target cloud
 Downtime; the migration of services require downtime specially in the case of inter-
cloud migration
 Data loss
 Skillset requirement for migration and multiple cloud infrastructure usage / knowhow
 Interoperability issues after migration to new cloud service / infrastructure. Service
degradation, legal issues, data issues etc.
 Lack of interoperability standards
 Contractual and legal issues between multiple vendors
 Dynamic workload balancing in multi-cloud environment [16]
F. Contractual & Legal Issues
 Another important facet of cloud concerns is the legal and contractual issues which usually
don’t get much attention as security and availability gets as mostly legal issues are dealt by
the management of an organization rather an application or framework user. A bulk of issues
are related to the business needs and decisions binding an organization in to a contract legally
favoring the vendor in most of the time. Legal teams and firms are hired by the vendors who
draft and cover all legal issues pertaining to provision of services but on the other hand user
are usually novice and their aim is to get the framework available to kick start their business.
Moreover, they have a little legal understanding of legal terms and the dimensions what all is
required to be covered in the contract. A good contract should cover at least following
aspects
 Privacy and confidentiality of data and business rules
 Data security as to how the data is kept on storage and how it will be transmitted
 Availability of data for analysis / discovery
 Storage location of the data
 Responsibilities of end user pertaining to hardware, software, services and data
 Who will be responsible for the security of data and application?
 What actions will be taken in case of unauthorized access is made?
 Condition where suspension of accounts be made
 Emergency measure for hardware/software and security procedures
 Condition for termination of contract
 Boundaries of data ownership and usage
 Publicity and advertisement
 Service level agreements
 Warranties and disclaimers
 Vendor support for hardware/ software
 Indemnification issues between user and vendor
 Renewal of contract
 Governing law and jurisdiction
 Cost and charges limit and scales
Despite signing contracts users seems to have genuine concerns related to cloud usage
 Vendor lock-in. Users once contracted to a particular vendor and somehow wants
to shift to other vendor but the cost of switching is so high thus it stuck with the
previous vendor [17]
 Multitenancy. application of different set of legal terms and laws over multiple
users [18]
 Binding of contract outside the geographical boundaries of the country
 Ethical issues (Privacy, confidentiality, security etc.)
 Lengthy legal and contractual details and user unawareness
Conclusion
The ubiquitous cloud has been accepted by users at an enormous speed specially after the recent
pandemic where online businesses and ecommerce has helped shaped daily routine of the
masses. With multiple delivery and service model it has target various level of society and thus
people find it easy to shift over the cloud. The speed with which users are shifting put a strain
over the demand and supply of unlimited processing and storage. Despite acquired benefits, there
are reservation, challenges and risks specially security and privacy related to cloud paradigm. To
 increase its utility, usability and gain confidence of users there is a need to address these
concerns.

References
[1] “Total data volume worldwide 2010-2025 | Statista.”
https://www.statista.com/statistics/871513/worldwide-data-created/ (accessed May 25, 2022).
[2] “Percent of corporate data stored in the cloud 2022 | Statista.”
https://www.statista.com/statistics/1062879/worldwide-cloud-storage-of-corporate-data/
#statisticContainer (accessed May 25, 2022).
[3] “26 Cloud Computing Statistics, Facts & Trends for 2022.” https://www.cloudwards.net/cloud-
computing-statistics/#Sources (accessed May 25, 2022).
[4] X. Gui, J. Liu, M. Chi, C. Li, and Z. Lei, “Analysis of malware application based on massive network
traffic,” China Communications, vol. 13, no. 8, pp. 209–221, Aug. 2016, doi: 10.1109/CC.2016.7563724.
[5] Z. Xu, J. Zhang, G. Gu, and Z. Lin, “GoldenEye: Efficiently and Effectively Unveiling Malware’s
Targeted Environment,” 2014, pp. 22–45. doi: 10.1007/978-3-319-11379-1_2.
[6] “Top 25 Security Issues in Cloud Computing | Skyhigh Security.” https://www.skyhighsecurity.com/en-
us/cybersecurity-defined/cloud-computing-security-issues.html (accessed May 25, 2022).
[7] M. Walterbusch, A. Fietz, and F. Teuteberg, “Missing cloud security awareness: investigating risk
exposure in shadow IT,” Journal of Enterprise Information Management, vol. 30, no. 4, pp. 644–665, Jul.
2017, doi: 10.1108/JEIM-07-2015-0066.
[8] J. D. K. Waguia and A. Menshchikov, “Threats and Security Issues in Cloud Storage and Content
Delivery Networks: Analysis,” in 2021 28th Conference of Open Innovations Association (FRUCT), Jan.
2021, pp. 194–199. doi: 10.23919/FRUCT50888.2021.9347609.
[9] S. K. Mishra, B. Sahoo, and P. P. Parida, “Load balancing in cloud computing: A big picture,” Journal of
King Saud University - Computer and Information Sciences, vol. 32, no. 2, pp. 149–158, Feb. 2020, doi:
10.1016/j.jksuci.2018.01.003.
[10] M. Masdari and M. Jalali, “A survey and taxonomy of DoS attacks in cloud computing,” Security and
Communication Networks, vol. 9, no. 16, pp. 3724–3751, Nov. 2016, doi: 10.1002/sec.1539.
[11] G. Somani, M. S. Gaur, D. Sanghi, M. Conti, and R. Buyya, “DDoS attacks in cloud computing: Issues,
taxonomy, and future directions,” Computer Communications, vol. 107, pp. 30–48, Jul. 2017, doi:
10.1016/j.comcom.2017.03.010.
[12] G. Digkas, A. Ampatzoglou, A. Chatzigeorgiou, P. Avgeriou, O. Matei, and R. Heb, “The Risk of
Generating Technical Debt Interest: A Case Study,” SN Computer Science, vol. 2, no. 1, p. 12, Feb. 2021,
doi: 10.1007/s42979-020-00406-6.
[13] “Cloud Migration Strategy - The Ultimate Guide to the 6 R’s.” https://www.simform.com/blog/cloud-
migration-strategy/ (accessed Jun. 04, 2022).
[14] “ISO - ISO/IEC 19941:2017 - Information technology — Cloud computing — Interoperability and
portability.” https://www.iso.org/standard/66639.html (accessed Jun. 04, 2022).
[15] “Interoperability and Portability for Cloud Computing: A Guide | Object Management Group.”
https://www.omg.org/cloud/deliverables/interoperability-and-portability-for-cloud-computing-a-
guide.htm (accessed Jun. 04, 2022).
[16] B. S. Rajeshwari, M. Dakshayini, and H. S. Guruprasad, “Workload Balancing in a Multi-Cloud
Environment: Challenges and Research Directions,” 2022, pp. 129–144. doi: 10.1007/978-3-030-74402-
1_7.
[17] R. Ramos De Oliveira, R. M. Martins, and A. da Silva Simao, “Impact of the Vendor Lock-in Problem on
Testing as a Service (TaaS),” in 2017 IEEE International Conference on Cloud Engineering (IC2E), Apr.
2017, pp. 190–196. doi: 10.1109/IC2E.2017.30.
[18] H. AlJahdali, A. Albatli, P. Garraghan, P. Townend, L. Lau, and J. Xu, “Multi-tenancy in Cloud
Computing,” in 2014 IEEE 8th International Symposium on Service Oriented System Engineering, Apr.
2014, pp. 344–351. doi: 10.1109/SOSE.2014.50.