CHAPTER - I

INTRODUCTION

1.1 Background of the Study

Traditionally, IT projects required investment in hardware, licenses and implementation costs
[ CITATION Gro15 \l 1033 ]. Company with high capital could only invest in IT projects and
Startups Company and other company with low capital would have to depend on these
companies [ CITATION Alj12 \l 1033 ]. In the era of digitalization, sales of digital devices like,
smartphone, tablets, laptops, have increased rapidly. Users can see or have access to their data
and applications anytime from any place through these digital devices [ CITATION Gro15 \l
1033 ]. These data and infrastructures are expensive and difficult to manage in traditional way
[ CITATION Alj12 \l 1033 ]. The cloud model have changed this completely, enabling
investment in shared infrastructure which supports quick deployment and faster business case
realization [ CITATION Alj12 \l 1033 ]. A new method which provides resources as a service
that is accessible through internet, is facilitated to users by cloud computing [ CITATION
Shu10 \l 1033 ].

Cloud computing allows the availability of computer system resources in demand that can be
delivered and released rapidly with minimal management effort or interactions between service
providers [ CITATION Kno08 \l 1033 ] [ CITATION Mel11 \l 1033 ]. In simple words, cloud
computing refers to storing and retrieving data and programs over the internet instead of
individuals own computer hard drive [ CITATION Ras19 \l 1033 ]. Cloud computing also allows
users to store their local data in remote data servers and also provides a way to access cloud data
from anywhere using internet [ CITATION Shu10 \l 1033 ].

In 22nd century the demand of cloud computing is still high and will even continue to increase
because of the benefits it provides to its users. Verification or authentication of data integrity at
untrusted servers is the biggest concerns with storage of data in cloud [ CITATION Jia16 \l 1033
] [ CITATION Ras19 \l 1033 ]. Data security in cloud computing is the major concerned to be
addressed nowadays. Data will be in high risk if data security is not provided during data
transmission and operation in cloud [ CITATION Jos19 \l 1033 ]. Security challenges should be
identified and best security measures should be implemented to keep data secure in cloud
[ CITATION Aro13 \l 1033 ].

1.1.1 Cloud Computing

As per the NIST (National Institute of Standard and Technology), a model for allowing
omnipresent, suitable, on-demand network access, storage systems, servers and services that can
be distributed and released quickly with minimum or less management effort or service provider
interaction, is called cloud computing [ CITATION Mel11 \l 1033 ].

In simple term, cloud computing refers to internet based computing, where there is on demand
availability of computer system resources, without direct active management by the users (NIST;
[ CITATION Ras19 \l 1033 ]). For an example Google's Gmail. Files and applications hosted by
Google can be accessed by user using Gmail via internet from any devices. GitHub is another
example of cloud-based source code management system. Similarly, DigitalOcean is a cloud-
based infrastructure provider, where developers can deploy and scale their applications. The
architecture of cloud computing is shown below.

Figure 1.1 Cloud Computing Architecture

 Source NIST

1.1.1.1 Characteristics of Cloud Computing

Followings are the essential characteristics of cloud computing [ CITATION Ras19 \l 1033 ].
i. On demand service
ii. Broad network access
iii. Resource pooling
iv. Higher scalability and elasticity
v. High performance and optimization
vi. High manageability and interoperability
1.1.1.2 Service Models of Cloud Computing
Cloud computing provides different type of services. These services are categorized into three
service models [ CITATION Ras19 \l 1033 ]; [ CITATION LiA16 \l 1033 ].
i. Software as a Service (SaaS)
In SaaS, consumers can use the applications hosted by the provider on internet or cloud
infrastructure. When a third party provider hosts applications and make them accessible
to customers over the internet than such cloud computing service model is known as SaaS
[ CITATION Mel11 \l 1033 ]; [ CITATION Ras19 \l 1033 ]. SaaS eliminates the need for
organizations to install and run application on their own devices or in their own data
centers. Oracle, SAP, Salesforce, Microsoft and Intuit are some of the leading SaaS
providers. Google apps, Slack, Dropbox, and Microsoft Office 365 are some example of
SaaS.
ii. Platform as a Service (PaaS)
PaaS is a cloud computing service model in which a third party service provider provides
hardware and software tools over internet, usually needed to users for application
development [ CITATION Mel11 \l 1033 ]; [ CITATION Ras19 \l 1033 ]. In PaaS,
service provider hosts the hardware and software on its infrastructure and frees users or
developers from installing in-house hardware and software to run or develop a new
application. PaaS does not change or replace a business's complete IT infrastructure,
rather it incorporates different cloud infrastructure components, like operating systems,
servers, databases, middleware, networking equipment and storage services. Google,
Microsoft, Amazon Web Services, IBM
are some of the leading PaaS providers. AWS Elastic Beanstalk, Windows Azure
Heroku are some example of PaaS.
iii. Infrastructure as a Service (IaaS)
IaaS is a cloud computing service model that provides computer infrastructure on an
outsourced basis to support enterprise operations. It provides storage, hardware, servers,
networks and other fundamental computing resources where the consumer is able to
deploy and run arbitrary software; it may include software [ CITATION Mel11 \l 1033 ];
[ CITATION Ras19 \l 1033 ]. IaaS is also known as Hardware as a Service (HaaS). IaaS
 is the most basic level of cloud based solution. Google Compute Engine, Windows
Azure, Amazon EC2 and S3, DigitalOcean are some of the example of IaaS

1.1.1.3 Deployment Models of Cloud Computing

There are four cloud deployment models [ CITATION Ras19 \l 1033 ]; [ CITATION Jua15 \l
1033 ].
i. Public Cloud
Public cloud is a deployment model of cloud computing which is owned by an
organization selling cloud service and the cloud infrastructure is made available to the
general public or a large industry group. It is also known as external cloud or multi-tenant
cloud [ CITATION Soo14 \l 1033 ] [ CITATION Jua15 \l 1033 ]. It represents the cloud
environment which is openly accessible.
Amazon Web Services, Microsoft Azure, IBM Cloud, Google Cloud Platform are some
of the biggest public cloud providers [ CITATION Jua15 \l 1033 ].
ii. Private Cloud
In private cloud, the cloud infrastructure is used solely or exclusively by one
organization. It may be owned, managed, and operated by the organization or a third
party or some combination of both of them and may exist on premise or off premise
[ CITATION Soo14 \l 1033 ]. It is also known as internal cloud or on-premise cloud
[ CITATION Soo14 \l 1033 ]. Private Cloud deployment model limits access of its
resources to service consumers that belongs to same organization which owns the cloud
[ CITATION Jua15 \l 1033 ].. Example; Dell, Hewlett Packard Enterprises, VMware, etc.
iii. Community Cloud
The cloud deployment model in which the cloud infrastructure is shared by various
organizations and supports a specific community that has shared concerns [ CITATION
Soo14 \l 1033 ]. It is newest deployment model of cloud computing [ CITATION
Soo14 \l 1033 ]. Organization can go for community cloud deployment model for the
optimize fit of private cloud and public cloud. Example AWS GovCloud, NYSE Capital
Market Community Platform, etc.
iv. Hybrid Cloud
Hybrid cloud deployment model is the combination of all three above discussed cloud
deployment models [ CITATION Soo14 \l 1033 ]. If the organization comprises both
 sensitive data as well as less critical or importance data, it can look for hybrid cloud
deployment model, where sensitive data stays in private section and other less critical
tasks are done in a public cloud [ CITATION Soo14 \l 1033 ]. It is the combination of
two or more than two clouds model that remain unique entities but are bound together by
standardized technology that enable data and application portability [ CITATION
Soo14 \l 1033 ]. Example Cloud bursting.

Figure 1.2 Cloud Computing Deployment Model

Source NIST
1.1.2 Data Security in Cloud
Cloud computing is mainly based on outsourcing of data and applications which was
traditionally stored in on users devices or datacenters they owned [ CITATION Soo14 \l 1033 ].
Today everything is in cloud. Moving to a cloud computing means migrating various levels of
sensitive data to public or hybrid cloud. It means the data of one company is in somewhere else
server to which that company has no control. There is chances of data theft and also threat to
privacy for consumers who uses cloud services. Protecting the company's data is very essential,
so, it is the responsibility of cloud service providers to secure the company's data and also
ensures privacy in cloud [ CITATION Ben15 \l 1033 ].

Data security in cloud refers to a broad set of policies, applications, technologies, and controls
used to protect data of cloud computing[ CITATION Raj09 \l 1033 ]. It is a sub-domain of cloud
computing security. Data can be at risk if an unauthorized person gain access to the resources
shared in cloud and deletes or modifies the data. So, data security has been compulsory on the
cloud service provider.

1.1.3 Data Integrity in Cloud

Data integrity refers to “completeness” and “wholeness” of the data. Data integrity is a central
need of the information technology [ CITATION Jos19 \l 1033 ]. Data storage integrity is
equally important in cloud as it is important in the database [ CITATION Shu14 \l 1033 ]. Data
integrity ensures the validity, consistency and regularity of the data. It is the perfect way of
writing of the data in a secure way. There are three aspects in data integrity, 1. Data Correctness,
2. Data Completeness, and 3. Data Freshness.

1.2 Statement of the Problem

Though cloud computing provides benefits and is also cost effective options for various
companies, the major concern is about the data security and privacy of the consumers. Data
security is common concern to all technologies. Especially when data security is applied to an
environment like cloud computing, i.e., uncontrollable environment, it becomes a major
challenge. Security, especially of data, has become one of the serious issues of cloud computing
because of its continuous growth and expansion. Data in cloud are at high risk because of, data in
cloud is stored on the CSP infrastructure; data of different users shares the same physical
infrastructure; and data is accessible via internet.

Cloud storage is becoming popular for the outsourcing of day-to-day management of data, so
integrity monitoring of the data in the cloud is important to escape all possibilities of data
corruption and data crash. The cloud service providers should ensure the user that integrity of
their data is maintained in the cloud. Therefore, it is necessary to find how data integrity in cloud
can be achieved. So this study is of great importance.

1.3. Objectives of the Study

The specific objectives of the study are as follows:
• To identify issues and challenges of data security in cloud;
• To find the data integrity approaches mostly used in cloud