Cloud Computing & Security Risk2017-02-01T19:42:51+00:00
Bookmark and Share
Security in Cloud Cyber Security

The Cloud and Cloud Computing

“The cloud” and “cloud computing” are terms used to describe the concept of storing and accessing information on the Internet on third-party services. These providers serve both individuals and businesses and encompass everything from Google Drive to Amazon Cloud Drive, DropBox, Flickr, Windows Azure, Apple iCloud, Egnyte, OpenDrive, Rackspace Hosting, and more. Instead of storing information to a computer’s hard drive or other local storage device, it can be saved to any number of remote databases.

Recent research conducted by Gartner, Inc., (a leading information technology research and advisory company) shows that there are approximately 50 million enterprise users of cloud office systems, which represents 8 percent of overall office system users (excluding China and India). The research also suggests that a major shift toward cloud office systems has just begun and that it will reach 33 percent by 2017. This number is estimated to skyrocket to 60 percent, or 695 million users, by 2022.

Cloud-based services are ideal for businesses with growing or fluctuating bandwidth demands. According to the Aberdeen Group, small businesses are twice as likely as larger companies to have implemented cloud-based backup and recovery solutions to save time, avoid a large up-front investment and roll up third-party expertise as part of the deal. Other advantages of cloud computing include reduced hardware costs, scalability (billed on a per-user basis) and easy administrationRecent research conducted by Gartner, Inc., (a leading information technology research and advisory company) shows that there are approximately 50 million enterprise users of cloud office systems, which represents 8 percent of overall office system users (excluding China and India). The research also suggests that a major shift toward cloud office systems has just begun and that it will reach 33 percent by 2017. This number is estimated to skyrocket to 60 percent, or 695 million users, by 2022.

Security Risks of Cloud Space

At an unprecedented pace, cloud computing has simultaneously transformed business and government, and also created new security challenges.By moving to the cloud, people and businesses give up control of both their information and the way in which it is protected.

There are two major types of security threats involved in cloud computing: password vulnerability and en-route exposure. Because cloud services are internet-based, access to them (like e-mail and social media accounts) is typically protected by a password. The password is the key to your data, and a hacker who gets his hands on it also gets his hands on any data the password is protecting. According to the Cloud Security Alliance, an intruder with control over a user account can eavesdrop on transactions, manipulate data, provide false and business-damaging responses to customers, and redirect customers to a competitor’s site or inappropriate sites.

Security in Cloud Computing

Personal data is also susceptible to threats on the way to the cloud. While your data traverses a perilous path from device to cloud, cyber criminals are out there, excited at the prospect of intercepting the data along the way.It is important to note that in a world where sophisticated cyber thieves and hacking groups try to stay one step ahead of business and government security measures, there is always a possibility of a data breach. No matter where your data is stored, a good hacker can most likely access it.

According to Salesforce UK, lost laptops are a billion dollar business problem, and potentially greater than the loss of an expensive piece of equipment is the loss of the sensitive data inside it. Cloud computing actually gives you greater security when this happens because your data is stored in the cloud. You can access it no matter what happens to your machine, and you can even remotely wipe data from lost laptops so it doesn’t get into the wrong hands.

The object of all BEC scam is not necessarily money. What may turn out to be the largest and most wide-reaching cybersecurity breach in recent history occurred in 2015 when Chinese-based hackers infiltrated the U.S. Office of Personnel Management, accessing the sensitive information of over 21.5 million federal employees who had undergone background checks. Hackers accessed information including, social-security numbers and over 5 million fingerprints. These numbers may increase as the investigation into the multiple sustained breaches, which siphoned off delicate information over the course of weeks, continues. Investigators suggest hackers gained access to OPM’s local area network by stealing the credentials of an employee of KeyPoint Government Solutions, a contractor used to conduct background checks, then uploading malware allowing for the exfiltration of data. The OPM hack may have far reaching implications.As the personal data of millions of past, present and prospective government employees remains compromised, leaving them open to identity theft or coercion. The OPM hack has already lead to the resignations of OPM Director Katherine Archuleta and CIO Donna K. Seymour.

Protecting the Internal Service Infrastructure

Cloud service mega data centers should be architected with security in mind, and it must be considered a priority for every application, service and network infrastructure solution that is deployed. According to Lori MacVittie, a subject matter expert on emerging technology and cloud computing, the application delivery solution, as the “control node” in the mega data center, is necessarily one of the first entry points into the cloud data center and must be secure.

MacVittie also stresses that it should also provide full application security from layer two to layer seven in order to thwart potential attacks at the edge. Network security, protocol security, transport layer security, and application security should be prime candidates for implementation at the edge of the cloud, in the control node. While additional security measures should also be deployed within the data center, stopping as many potential threats as possible at the edge of the cloud will alleviate much of the risk to the internal service infrastructure.