Top

The bad side of cloud

September 2, 2015

Cloud computing and cloud storage provide network access to a shared virtual space, in order to use computing resources or to store data.

Although seen as a continuation of the 70’s RJE (Remote Job Entry) and of the 80’s VPN (Virtual Private Network), cloud computing in its current sense dates from the 2000s, more precisely from 2008. That was the year of NASA’s OpenNebula and of Microsoft’s Azure.

The physical structures that make cloud operations possible usually belong to hosting companies. Companies, organizations and private users pay such cloud services providers for the utilized cloud services. Some of them afford on-premises cloud storage options, for example, but using SaaS providers is common for mid-sized and small enterprises, or for those that simply choose to externalize all the procedures of hosting and maintaining a cloud.

One of the most important concerns when outsourcing data would be its security – and sharing or storing important business data via the cloud system makes no exception. Cloud providers may change their status, or simply they might have internal security issues. How can the cloud services customer – a company – make sure to minimize the risks triggered by taking its data off-premises?

Concerns over cloud computing

Access mechanisms weaknesses – even if the cloud itself is security proof, the network used to access it and transfer the data might not be.

Insurance issues – when cloud data suffers a breach, the risk is jointly supported by the data owning company and the SaaS provider; the compensations might take longer to clear than when a single company is handling the responsibility.

Legal issues – both ownership over abstract property and over physical logistics regarding the data are to take into consideration. The raw message would be that actually nobody owns this combined form of property. It is important to study how this is approached in the service-providing contract.

Different needs for the company than the Saas provider can fulfill would be another possible point of concern. Cloud computing is cheaper, but it comes with an array of predefined options. If these options do not fit your activity profile, adopting the new system is risky. Many different considerations apply here:
– the degree of offered,
– the guarantees in view of that,
– the relation between the type of data handled and the degree of control needed to protect it (as is the case with sensitive data, where it is better to use a private, on-premises cloud system),
– the legal situation when the customer and the provider are not under the same laws,
– the type of encryption utilized, or any other sub-considerations related to how cyber security is handled.

Data accessibility is another concern reason – this time pertaining to a more practical side and not so much to the field. While data can remain safe, the cloud might not be accessible for a certain amount of time – an unpleasant hypothesis for the . When we imagine public services or manufacturers in such a situation, it seems even more unpleasant.

Finally, the security concern. Being a shared system, any breach, vulnerability or infection would have the capability spread into the entire virtual system, affecting all the data stored in, or transferred via the cloud.

Cloud security under the magnifying glass

At this year’s Black Hat USA, researchers from Imperva presented a type of cyber-attack called the “Man-in-the-Cloud” attack. Via the user’s endpoint machine, the attackers can compromise cloud file sync services like GoogleDrive, DropBox or OneDrive. Undetectable and facilitated by a synchronization tool that the user gets tricked into running on his machine, the attack can be taken further, leading to cyber espionage.
Imperva CTO Amichai Shulman showcased this exploit to motivate the organizations to readjust their security approach when it comes to cloud computing.

Solutions in cloud cyber-security

As in all digitized enterprise activities, a security checklist should be implemented and followed. There are ways of minimizing the existing risks, and the first step is taking the said risks into consideration.

Choosing the right SaaS provider or cloud builder and meticulously going through all the contractual provisions would be the first recommended step.
Network security safeguards against the access mechanisms weaknesses.
Cloud security guarantees exist and are provided in different ways and degrees – always pair your data sensitivity with the right degree of protection and choose the best there is.Update for security and do not forget to protect the cloud file syncing services.

The extremes in cloud storage

The pessimists’ views see cloud storage and computing in direct relationship with AI taking control. The main concern here is not so much the usual security risks (data loss, hacking, cyber espionage and so on) as the greater threat of not being able to control all the data transferred to the cloud.
Another extreme concern about the cloud would be its energy consumption, for, as a Greenpeace report states, the value will increase from “632 billion kilowatt hours in 2007 to 1,963 billion kWh by 2020 and the associated CO2 equivalent emissions would reach 1,034 megatons”, mainly because of the amount of digital waste populating this virtual space.

The optimists on the other side are hyped about any new cloud-related development, since the much talked about IoT depends on the capacity and safety of this type of network storage. Improving security and functionality is but a matter of time and expertise, and any new weakness a challenge to surpass.

In what concerns the enterprises, their approach is somewhere in the middle, cautiously transferring their needs to the cloud while following the new developments and determining which are the best service providers.
The bad side of cloud infrastructure might remain for many just a risk looming at the horizon, while their everyday activities benefit from cloud opportunities.