Abstract – This paper discusses about the partition of data in the category of public,
protected and the private data in the cloud. As we know that the data security
n the cloud is a major concern always. Also the cloud service provider invests
a huge amount of fund in the cloud data security irrespective of the data
value. Thus in this paper a concept of data security with respect to its
category is discussed.
Cloud Computing has recently emerged as an
attractive model of providing Information
Technology (IT) infrastructure (i.e., computing, storage, and network) to large as well as small enterprises both in private and public
sectors. An enormous surge in the popularity of cloud
computing is partly driven by its promise of on demand
scalability and flexibility without making upfront investment
in setting up and running large scale computing infrastructures and data centres.1
computing takes the traditional position of IT as a product, and turns it into
a service. A move from buying things (servers, communications, operating
systems, applications) to buying capabilities (hosting, platforms, business
solutions). Shared services are used to present capabilities to users whilst
removing all of the complexity previously associated with providing these; CPU
time, or storage, or access to an application can be rented as and when needed
without having to worry about capacity, provisioning, or installing and
Because of the concern about the data security in
cloud the cloud service provider uses their lots of assets and fund in
providing the security to those data. Irrespective of the data value they focus
in full protection of all data. But their exits some data which may not be much
sensitive or the confidential data, like the details of some tourism places,
public details of some institute, data related to some public information etc.
Also their exits some data which are concern of little security where high
protection level is not required which we can term as the protected level data
like, administration data of a small school which is concern of the school
management and the school staff, data of transport union which is only the
concern of the union only etc. And some data may be private data which is of
high confidential and is high sensitive like, the data of a nuclear project,
data of business house coming up with
new projects etc.
Security in Cloud
and Access Management
should provide controls for assured
identities and access management. Identity and access management includes
people, processes and systems that are used to manage access to enterprise
resources by assuring the identity of an entity is verified and is granted the
correct level of access based on this assured identity. Audit logs of activity
such as successful and failed authentication and access attempts should be kept
by the application/solution.
is the monitoring, protecting and verifying
the security of data at rest, in motion and in use in the cloud and
on-premises. Data loss prevention
services offer protection of data usually by running as some sort of client on
desktops/servers and running rules around what can be done. Within the cloud,
data loss prevention services could be offered as something that is provided as
part of the build, such that all servers built for that client get the data
loss prevention software installed with an agreed set of rules deployed.
is real-time protection offered either
on-premise through software/appliance installation or via the cloud by proxying
or redirecting web traffic to the cloud provider. This provides an added layer
of protection on top of things like AV to prevent malware from entering the
enterprise via activities such as web browsing. Policy rules around the types
of web access and the times this is acceptable also can be enforced via these web security
should provide control over inbound and
outbound e-mail, thereby protecting the organization from phishing and
malicious attachments, enforcing corporate policies such as acceptable use and
spam and providing business continuity options. The solution should allow for
policy-based encryption of e-mails as well as integrating with various e-mail
server offerings. Digital signatures enabling identification and
non-repudiation are features of many cloud e-mail security solutions.
are third-party audits of cloud services or assessments
of on-premises systems based on industry standards. Traditional security
assessments for infrastructure and applications and compliance audits are well
defined and supported by multiple standards such as NIST, ISO and CIS. A
relatively mature toolset exists, and a number of tools have been implemented
using the SaaS delivery model. In the SaaS delivery model, subscribers get the
typical benefits of this cloud computing variant elasticity, negligible setup
time, low administration overhead and pay-per-use with low initial investments.
is the process of using pattern recognition to
detect and react to statistically unusual events. This may include
reconfiguring system components in real time to stop/prevent an intrusion. The
methods of intrusion detection, prevention and response in physical environments
are mature; however, the growth of virtualization and massive multi-tenancy is
creating new targets for intrusion and raises many questions about the
implementation of the same protection in cloud environments.
Information and Event Management systems
accept log and event information. This
information is then correlated and analyzed to provide real-time reporting and
alerting on incidents/events that may require intervention. The logs are likely
to be kept in a manner that prevents tampering to enable their use as evidence
in any investigations.
typically consist of algorithms that are
computationally difficult or infeasible to break, along with the processes and
procedures to manage encryption
and decryption, hashing, digital signatures, certificate generation and renewal
and key exchange.
Continuity and Disaster Recovery
are the measures designed and implemented to
ensure operational resiliency in the event of any service interruptions. Business continuity
and disaster recovery provides flexible
and reliable failover for required services in the event of any service
interruptions, including those caused by natural or man-made disasters or
disruptions. Cloud-centric business continuity and disaster recovery makes use
of the cloud’s flexibility to minimize cost and maximize benefits. 2
Looking into the present scenario the security of
data in the cloud is a major factor and almost all the service provider
provides at most security to the data they are caring of. Since the size of
data in the cloud is of very high so the investment cost for the security is
also very high. So if we can classify the entire data in some categories with
respect to its value, confidentiality and the sensitivity then the data which
requires no much security and the data with little security and the data with
the most security then the investment in the security can also be categorised
in the same manner where the cost will decrease as the size of the data will
decreased and the data with no security issue will be less focused in providing
the security then the data with most security concern.
Some of the classification to the data value is
proposed in the discussion where the data is classified in three levels with
respect to its value, confidentiality and the sensitivity. The first is the
public data where the security to the data must not be the most concerned
second is the protected data where the security concern is little but not to
the high and the third is the private where the most focus and investment is to
be done in the data security because private data are of high confidential,
sensitive and will lead to security issue or threat.
A. Proposed Data Classification
the above proposed scenario the data can be classified in three levels with
respect to its value, confidentiality and the sensitivity. The
classification of data is provided as follows.
Data with less security issues.
related data of a place.
related to a place
Data with little security
of a small taxi organisation
of a school staff
Data with at most security
related to nuclear test.
data of a country.
B. Segregation of Data
The question is who will segregate the
data as public, protected and private. Now if we see from the service provider
point of view it is difficult to differentiate between the different data. It
is data owner who knows about the security level or the security that his data
needs. So, it is the responsibility of the owner to identify its data and ask
for the security level.
of the security level
Whenever the data owner submits his data
to the cloud then at the time submission of the data owner will ask for the level
of security to be provided. Now it becomes easy for the service provided to
provide the level of security asked for since the segregation of the data is
already done by the user.
Let the cost effect be described by taking a small consideration.
Suppose if the cost of the data security for 1 GB of
data is $1000. Now if the data is of size 5 GB then the cost will be $5000. If
out of the 5GB data 2 GB data are of private security and the 2 GB are of
protected and the remaining 1 GB is of public type.
Now if we consider the security level and divide the
cost as follows, for the private data the cost is same i.e. $1000 and for the
protected data $500 and for the public $200 according to the level of security
then the cost will be $2000 for the private data $1000 for the protected data
and $200 for the public data. The overall cost comes to $3200 which saves the
total cost of $1800 thus makes a big difference in the cost of data security.
from the above discussion we can conclude
that if the data is divided according to the level of security by dividing the
data as public, protected and public then the cost in the data security can be
lowered to a large extend which will benefit not only to the service provider
but also to the data owner who needs to pay according to the level of security
he requires for his data.