Investigation of IT Security and Compliance Challenges in Security-as-a-Service for Cloud Computing

Abstract

The key security challenges and solutions on the cloud have been investigated in this paper with the help of literature reviews and an experimental model created on OPNET that is simulated to produce useful statistics to establish the approach that the cloud computing service providers should take to provide optimal security and compliance. The literatures recommend the concept of Security-as-a-Service using unified threat management (UTM) for ensuring secured services on the cloud. Through the simulation results, this paper has demonstrated that UTM may not be a feasible approach to security implementation as it may become a bottleneck for the application clouds. The fundamental benefits of cloud computing (resources on demand and high elasticity) may be diluted if UTMs do not scale up effectively as per the traffic loads on the application clouds. Moreover, it is not feasible for application clouds to absorb the performance degradation for security and compliance because UTM will not be a total solution for security and compliance. Applications also share the vulnerabilities just like the systems, which will be out of UTM cloud's control.