International Journal of Computational Engineering Research||Vol, 04||Issue, 2||

Criteria for Choosing An Effective Cloud Storage Provider

Audu Jonathan Adoga1, Garba M. Rabiu2,Anyesha Amos Audu3
1,2,3,

Nasarawa State Polytechnic,Lafia, Nigeria

ABSTRACT:
Cloud storage, a revolutionary invention and a Cloud Computing model is changing the way computer users and organizations save their data. This review creates awareness on the benefits of cloud storage to the clients. The report also discusses Clouds top ten risks, as presented by a professional body (OWASP). These risks serve as eye opener to those who want to employ cloud storage. Advantages of cloud storage have also been elaborated, but one may be left in confusion because the paper sheds light on both the advantages and the risks of Cloud Storage. It is in line with these that this review tries to create a crystal clear explanation by going further to expatiate on the functions that are required from a cloud storage provider. Clients can now make decisions that are devoid of mistakes during choices of cloud storage providers. The report also advices users and organizations to always check latest reviews about cloud storage providers based on the fact that, good or bad cloud storage providers of a particular year could change for better or worst.

KEYWORDS: Cloud Storage, advantages, computing model, risks, vulnerabilities, security holes,
patched, Review, on-premises computing, Cloud Computing, identity federation, invisibility, resiliency.

OVERVIEW: This review is made up of seven sections. They are Introduction, Aims and
Objectives of the Paper, Literature Review, Advantages of Cloud Storage, Bad Models Offered by Some Cloud Storage Providers, Conclusion, Bibliography and Appendix

I.

INTRODUCTION

Conventional system of storing files is what almost everybody is aware of, but contemporary system of storage is cloud storage. What is this Cloud Storage and what does this system have that promises to be better than the conventional method? Who are the best storage providers and what are the criteria used in such rating? Imagine a situation where one has about eight devices that work on different or similar platforms such as iPod, Android Tablet, Android Phone, PC (Windows 7 windows 8), Mac (OSX)and a Blackberry. If this owner needs a storage system that data from all the devices could be saved in and also accessed using any of the devices, without compatibility problem, then Cloud Storage is the solution. This is because; the owner of these devices may not travel with all the devices everywhere he/she goes but the need to get any of the saved data through any of the available device(s) may arise. You may also want to schedule backups of your specified files at the background, while working on your system locally or in the cloud. If you want synchronization of the files which helps a user to have both offline and online copies of files accessible through multiple devices, then you need the services of a good cloud storage provider. Based on the few points presented above and many more that will be discussed later, cloud storage could be defined as a model in Cloud Computing in which remote servers are used to store and accessed data online using virtualization techniques . Cloud Storage is not just hardware , but network equipment, storage equipment, servers, applications, public access interface, the access network and the client program and other parts of the system [1] Cloud Storage is a type of storage, accessible online, that stores data across multiple drives with different sizes, located in different areas [2]. Cloud Storage is a model that will transcend many centuries, considering the versatility of its functionalities. However, before a user or an organization chooses a cloud storage provider, it is wise to consider the services offered by such provider, whether they meet the needs of such user/organization. This is the reason why, Cloud Storage security risks from Open Web Application Security Project (OWASP) and the review presented by TopTenReviews are the subjects of discussions in this report.

||Issn 2250-3005 ||

||February||2014||

Page 6

Criteria For Choosing An Effective... II.

2.1

AIMS AND OBJECTIVES OF THE REPORT

Source of information Information will be sourced from secondary sources about cloud storage such as the professional websites on the internet, textbooks and reputable journals 2.2 History This paper will give a brief history of the word cloud as used in computing. Though history is one aspect of life that is full of contradictions but this report will try as much as possible to do justice to that. 2.3 Advantages Explicit discussion on the advantages that cloud storage has to offer to the modern computing world will be a matter of top priority in this paper. 2.4 Bad models Despite the fact that there are many dividends of employing cloud storage, some of the most highly rated cloud storage providers still have some limitations and the limitations will be discussed in relation to those providers. 2.5 Awareness This review will try to create awareness about cloud storage providers so that client can take informed decisions about them especially in the aspect of choosing cloud providers that could solve their data storage needs.

III.

LITERATURE REVIEW

Cloud Computing has been defined by the National Institute of Standards and Technology (NIST) as a version of product, on-demand internet access to computer resources that can be deployed and also be released without much intervention by the provider of cloud storage[3].Cloud is a back to the future proposition which is as old as computing itself, but for the sake of history which is always subject to review, the term cloud was first coined by a communication industry in 1990s[4].Instead of the hardware from end to end type of network, companies started using virtual private networks for communications. It was not possible to predict accurately, what path data will follow between the user and the company hence, the phrase the cloud was used based on users point of view. Cloud Computing introduces to us a new world of computing where access to applications and storage of data that are executed locally are being transferred to the internet, but what are the implications in terms of transferring an organizations data which may be very confidential to some servers on the internet instead of storing them locally? How do we trust the services of a cloud storage provider? Despite these hurdles that the client may pass through, there is good news. a company or individual is probably more likely to lose data in an on-premises solution than they are through many cloud-based services [5].Moreover, On-premises Computing and Cloud Computing could be compared with car travel and air travel respectively. In car travel, both passengers and the car worker(s) contribute one way or the other to the success of the journey because, they may be familiar with so many things about car while in air travel, since most vital information about the plane is hidden such as no knowledge of airplane maintenance, but the convenience and more comfort travellers have when they change from travel by car to air travel can be compared with moving from conventional computing to cloud computing. Moving data from local systems to the internet may reduce ones control over the data but does not necessarily means that the security of the data has been compromised. The cloud makes life easy for users because, software and data that reside on individuals devices can now be accessed on any device, irrespective of the platform or the type of internet connectivity. Data can be accessed and applications could be loaded anytime and everywhere [6]. 3.1 Top ten security risks that are associated with cloud storage There are top ten security risks that are associated with Cloud Computing, especially Software as a Service (SaaS) model [7]. Despite the fact that, the top ten cloud providers have overcome many of their hurdles, So many others need improvement on their functionalities. The security risks, according to OWASP [7] are as follows: 3.1.0Data Ownership and Accountability. If an organization owns a traditional data centre, it is that organizations responsibility to keep the data secure, physically and logically. But once a decision has been taken to host data using public cloud, the organization loses power in terms of the control it has over such data. There should be guarantee of data recovery and backups by all cloud storage providers.

||Issn 2250-3005 ||

||February||2014||

Page 7

Criteria For Choosing An Effective...

3.1.1User Identity Federation. The issue of federated authentication should be made compulsory. This is to avoid problems that are associated with migration of applications and services from one service provider to another. Identities needed for backend development could be serious problem during such migrations. 3.1.2Business Continuity and Resiliency. Every IT compliant organization gives great priority to business continuity. But for an organization that employs the services of a storage provider, this responsibility is saddled on the cloud provider and it could be very risky because, there is no certainty on how the business can still be managed, if there is a disaster. 3.1.3Regulatory Compliance. Countries or continents may have legal differences when it comes to cloud storage and the regulatory body of an area must work in consonance with the laid down laws of the area it operates. This causes variance in security levels of cloud storage providers located in different parts of the world. 3.1.4User Privacy and Secondary Usage of Data. For users of services such as Google Docs, YouTube and Yahoo Mail, their personal data are stored in the cloud and most of the providers are silent about whatwill happen to personal data of users in terms of usage. Moreover, the problem of default share to all used by some services such as Facebook, Twitter and linkedln , could allow personal details to be reveal to others This issue triggers the need for creation of clear distinction data that can be used for security purposes and those that cannot. It is very common to see advertisements that are related to a users recent communication. This is because; users data are being used for secondary purposes. 3.1.5 Service and Data Integration. Cloud is susceptible to interception, based on this; clients cannot easily take this risk. Data ought to be transferred securely from a user to the cloud provider. 3.1.6 Multi Tenancy and Physical Security. Multi tenancy means the use of the same services and resources for so many clients such as the use of the same CPU, database and network. This is good but the challenge is this: the cloud provider must make sure that clients do not temper with the data security of one another. This can be achieved through tremendous increase in logical segregation by the cloud providers. 3.1.7 Incidence Analysis and Forensic Support. Sometimes, investigation during security incident could be very difficult in the cloud since logging may be a distributed type and data centres may be located in different parts of the world and this can bring difficulties when it comes to the legal handling of such cases because, laws have differences as one moves from one country or state to another. Moreover, through log files, different customers may be co-located on the same device, this bring about a concern to relevant agencies during forensic recovery. 3.1.8 Non Production Environment Exposure. If an IT company develops applications internally, then it uses non -production environments for its activities. But such environments are generally not as secure as production environments. If such organisation employs cloud as non-production environment, it could be riskier because of theft, illegal modification and fraudulent access. 3.1.9 Infrastructure Security. All infrastructures must work based on standard. All networks, systems and applications must be designed and developed with security zones. Access to administrative information should be based on role. The risk assessment of the storage facilities and their configurations should be done regularly by independent experts. A policy must come up that takes care of the problem of security holes and those vulnerabilities could be patched and updated. Customers should be informed appropriately. 3.2 Best Cloud Providers A recent research [8] on the top ten 2013 cloud storage companies shows that the top ten cloud providers (Check Appendix)are just Cloud.com, sugersync, Egnyte HybrideCloud, YouSendIt, Dropbox, OpenDrive, mozy, Online Storage, Carbonite and Box. These storage providers were rated based what their storage services could do. It was discovered that some of the storage providers amongst the top ten were deficient in some functionalities such as Drag-and-drop-upload, Space provision for storage/price per month, versioning of file, sharing of file, link sharing using custom method, backup based on schedule, incremental backup, unlimited file size for every file, restoration of deleted files, event log, mobile app/website, all file format support, web access, mobile syncing, multiple computer syncing, SSL/TSL encryption, at-rest encryption, password protected sharing, permission settings for folders, email support, knowledgebase, tutorial using video, manual/guide for users, online chat, support for telephone, windows 8, 7, vista, xp, and mac os support.
Page 8

||Issn 2250-3005 ||

||February||2014||

Criteria For Choosing An Effective... IV. ADVANTAGES OF CLOUD STORAGE

It is crystal clear that what attracts people to a technology or an invention is the advantages it has over other related or former ones. Based on an online presentation by Nielsen [9] showed that, there are ten advantages of using online storage. Though, these advantages may not be possible with some cloud storage providers, but generally, clients of cloud storage providers are supposed to benefit from the following. 4.1 Cost Backups of data are not always an easy thing to implement when it comes to practice. You have to consider the cost of the devices you want to use for the storage. Is it tapes or external drives? All these can cost an organisation a lot of money. Another thing one may also consider is the time it takes to perform the backups manually. Cloud storage providers now offer automatic backups of data. The storage space provided is of low monthly fee. 4.2 Invisibility It is possible to pile up thousands of storage drives or tapes in an office. This is a space problem to such environment but with cloud storage, storage devices are invisible to any organisation that uses the services of a cloud storage provider. This has removed the problem of covering valuable space in the office with storage devices. 4.3 Security The issue of confidentiality in any organisation is a serious matter that does not permit compromise. We have had situation where people embezzled money and burnt the office, just because they wanted the confidential document in the office to get burnt so that their secret will not be revealed. This cannot happen with cloud storage. Some storage providers make sure that, data is encrypted at the time of transmission as well as during storage. Illegal users are completely blocked from having access to the data. 4.4 Sharing Cloud storage providers also make provision for information sharing. This is a good service since it takes care of users needs of sharing some information. This does not mean that the security of users information is compromised. A good storage model makes sure that, no body has access to what a user did not permit. 4.5 Automation The idea about automation of cloud storage is this: tell the system what to do and also when to do it. The system does it automatically based on settings. Human attention could be taken away and a lot of damages could be done during such period but with automation, the system does not forget. 4.6 Accessibility The idea of moving a file or files from one device you own to another could be cumbersome, especially when it comes to the updated version of the document. Why not store your file in one central zone that is easily accessible with any of the devices you own? This is one of the most powerful functions of cloud storage. 4.7 Syncing This explanation is better done with example. Let us say you have three devices for developing your project. The moment a file is updated in any of the three devices, the technology and innovation of syncing helps you to get the updated version in all other devices automatically. This is great! 4.8 Collaboration The possibility of stress less collaborative work, irrespective of ones geographical location is one of the greatest achievements of the internet. With the coming of cloud storage, it becomes much easier for people to execute collaborative work. In this case, you dont need to disturb yourself about tracking the latest version or the person that made the modification. It is as if all the members are in one place doing the work. This is worth embracing. 4.9 Protection With some cloud storage providers, your files are well protected. There is additional layer of data protection given to precious files. This is achieved using series of security measures. Backups are kept by the cloud storage providers in a physical location that is different from where the originals are stored.
||Issn 2250-3005 || ||February||2014|| Page 9

Criteria For Choosing An Effective...

4.9.1 Recovery With this method in place, if there is problem with the originals, it could be recovered from the backups and if there is problem with backups, they could easily be recovered from the originals. It is very rare for both to have problem at the same time. This is also a good aspect of cloud storage. The downtime for recovery is extremely short.

V.

BAD MODELS OF CLOUD STORAGE OFFERED BY SOME ORGANISATIONS

There are so many definitions of a model in Oxford English Dictionary [10] but the one that is related to this report is a particular version of a product. From here, it is clear that bad cloud storage mo del simply means bad version of cloud storage. These bad versions of cloud storage have been implemented by some cloud storage providers and it is worth reporting. In a recent review [8], TopTenReviewwas able to review and release a 2013 version of top ten cloud storage providers. just Cloud.com was the gold award winner, followed by SugerSync, Egnyte hybridCloud, YouSendIt, Dropbox, OpenDrive, Mozy, Online Storage, Carbonite and Box in that order. There were certain criteria they used to know what model of storage was good or better than others. 5.1 Storage space/price per month In terms of storage, SugarSync, Egnyte HybridCloud,Dropbox, Mozy and Box though were among the top ten but offered bad models of storage because, they offered limited storage to their customers at flat rate per month. 5.2 Features Box offered a bad model in terms of drag-and-drop functionality. Carbonite was not good at file sharing. Online Storage and Carbonite fell short of file versioning. Mozy and Carbonite were not good at file sharing and custom link sharing. YouSenIT and Box could not perform incremental backups and schedule backups. Mozy, Box and YouSendIt were not able to meet up with the demand for unlimited file size. It was not possible for YouSendIt and Online Storage to restore files that were deleted. Event log was not possible for SugarSync Egnyte HybridCloud, Mozy, Online Storage, Carbonite and Box. Finally, the functionality of file sharing was not possible for SugerSync,Egnyte HybridCloud, YouSendIt, Mozy, Carbonite and Box 5.3 Access Cloud storage should allow one to store files of any format and have access to them as at when needed. Also, upload and access to files through different mobile devices and multiple systems should be possible. The cloud storage ought to be compatible with desktop applications and easy access to files from any browser. Some organisations have failed in this aspect. The review revealed that, Box could not implement desktop applications. Mobile and desktop application Syncing was not found in Carbonite. 5.4 Security The issue of intrusion when it comes to internet is very high. As a result of this, a multi-layer security approach must be applied to data when it is stored and during transmission. Some of the security types are transport layer security (TLS), Secure Socket Layer (SSL), Advanced Encryption standard (AES), Folder permission and password protection. Carbonite failed in terms of folder permission but generally speaking, the top ten cloud storage providers were very good in the aspect of system security. 5.5 Help and support Online Storage could not provide knowledgebase support. Support for customers on video tutorial was not provided by OpenDrive. YouSendIt failed in the aspect of user guide and manual. Egnyte HybridCloud, Dropbox, Online Storage and Box could not provide the functionality of charting with their customers. just Cloud.com, Mozy had no support for telephone though, SugarSync and OpenDrive provided telephone service to customers but not free. 5.6 Platforms Almost all the top ten cloud storage providers had support for windows 8, 7, vista, xp and mac os except OpenDrive which had no support for windows 8.

VI.

CONCLUSION

If the top ten cloud storage providers still had flaws in their functionalities. This report lacks what adjective that could be used to qualify the type of weaknesses in those that were not among the top ten. The regulatory bodies should take stringent actions against this and also alert the Government(s) on the inclusion of
||Issn 2250-3005 || ||February||2014|| Page 10

Criteria For Choosing An Effective...

such requirements in the constitution(s). Cloud storage is a back to future cloud computing model that cannot be ignored despite some of the current challenges. To the top ten cloud storage providers, keep it up, you are almost through but, this does not mean that you should relax. The attackers are there, mapping new strategies. So, you should consolidate on your areas of strength and improve on your weaknesses. We are almost there! Congratulations in advance. Individuals and organisations should not employ the services of a storage provider without checking latest reviews that exist on the internet. This indomitable computing model, signals success that could transcend centuries, but we must embrace it with precautions.

BIBLIOGRAPHY
[1] http://www.sciencedirect.com/ Procedia Engineering, An Efficient Cloud Storage Model for Heterogeneous Cloud Infrastructures 2011 vol. 23 issue 2011 Dejun Wang http://www.cloudconsulting.com/storage/ CloudConsulting , Cloud Storage Overview 2014 International Conference on Application of Information and Communication Technologies (AICT), Towards a Wider Cloud Service Applicability by Security, Privacy and Trust Measurement 2010pp.1-6 Savola, R. M., Juhola, A. and Uusitalo, I. http://cit.srce.unizg.hr/index.php/CIT/article/view/1864 CIT Journal of Computing and Information Technology, A Review on Cloud Computing: Design Challenges in Architecture and Security 2011 vol. 19, issue 1 Fei Hu, Meikang Qiu, Jiayin Li, Travis Grant, Drew Taylor, Seth McCaleb, Lee Butler, Richard Hammer http://Libweb.anglia.ac.uk Computer Law & Security Review, Trust in the Cloud 2012 vol. 28, issue 5Patrick Ryan, Sarah Falvey http://Libweb.anglia.ac.uk Future Generation Computer Systems, Creating Optimal Cloud Storage Systems 2013 vol. 29, issue 4 Josef Spillner, Johaness Muller, Alexander Schill https://www.owasp.org/index.php/Category:OWASP_Cloud_%E2%80%90_10_Project Open Web Application Security Project, Cloud Top Ten Security Risks 2014 http://online-storage-service-review.toptenreviews.com/ TopTenReviews, See Who is Number One in Online Storage Services 2013 http://online-storage-service-review.toptenreviews.com/top-ten-advantages-of-using-online-storageservices.html TopTenReviews , Top Ten Advantages of Using Online Storage Services 2013 Katie Nielsen Oxford(2012) Oxford English Dictionary. 7 th ed. Oxford: Oxford University Press.

[2] [3]

[4]

[5] [6] [7] [8] [9]

[10]

APPENDIX See who is Number one in the Online Storage Services

Source: http://online-storage-service-review.toptenreviews.com/ TopTenReviews, (2013). See who is Number one in the Online Storage Services
Page 11

||Issn 2250-3005 ||

||February||2014||

Criteria For Choosing An Effective...

Source: http://online-storage-service-review.toptenreviews.com/ TopTenReviews, (2013) See who is Number one in the Online Storage Services

Source: http://online-storage-service-review.toptenreviews.com/ TopTenReviews,( 2013) See who is Number one in the Online Storage Services

||Issn 2250-3005 ||

||February||2014||

Page 12

Criteria For Choosing An Effective...

Source: http://online-storage-service-review.toptenreviews.com/ TopTenReviews, (2013) See who is Number one in the Online Storage Services

||Issn 2250-3005 ||

||February||2014||

Page 13