The Security Risks of Cloud Computing
Table of Contents
- By Alison OLeary
- Apr 14, 2022
Most people who use the internet have some of their data "in the cloud." But what is cloud storage? It sounds like a space-age concept, but it simply means the data is off-site, on servers elsewhere.
Data can be in the cloud if:
- You subscribe to a remote backup service to save your files.
- You use a specific service such as Flickr to save certain data types, like images.
- Your email is on a remote server that can be accessed from any internet-connected computer.
- Companies you do business with save your data that way.
If you've ever dropped a computer and damaged the hard drive so severely that you can't retrieve information from it, cloud storage sounds like a great idea, but cloud storage security is a significant consideration. Who can access your cloud data? Is it safe from hackers? Much depends on the companies that you do business with and the cloud services they use to host their products.
There's a lot more to cloud computing than having your photos and files stored in such a way that you can retrieve them remotely. The data you send to the cloud via your remote email server, your file backup system, and your data storage provider are just the tip of the iceberg when it comes to information in the cloud. Your insurance, banking, online shopping, streaming services, investments, medical files, and credit card transactions all likely pass through the cloud. And companies are competing to handle more data that way.
How Secure Is Cloud Data?
Cloud data security is in the hands of the companies that run cloud services. Those companies are usually three steps removed from ordinary people whose data is processed in the cloud. Individuals control only a small amount of their data sent through cloud computing and cloud storage systems. Unless you pay bills by writing paper checks, don't have credit cards, see a country doctor who doesn't use centralized medical records and billing software, and don't use a smartphone, your data is shared by many cloud services that make business systems work.
For instance, your medical data is likely uploaded to a cloud-based database by a doctor's office that uses a cloud-based software product. The security of the data is the responsibility of the cloud host, not so much the software company or the doctor's office.
Why is Cloud Computing so Popular?
Cloud computing services seem like the perfect solution to so many companies' needs, from the nearly unlimited capacity to universal access, to a more extensive customer base. The convenience makes it easy to overlook any potential flaws in this new opportunity. Yet, it could be costly financially and in data losses.
Cloud computing usually includes the following components (clients may not use all of them):
- Runtime cloud.
Companies are adopting cloud services (called migrating to the cloud) at high rates, according to a 2021 survey. Many are doing so incrementally, contributing to staggering statistics: 90 percent of enterprise businesses are cloud-based. The industry could hit $623 billion by 2023. For comparison, the U.S. government's defense department's $10 billion cloud computing contract, which attracted attention from the biggest names in computing, has been snarled in controversy for several years. Major bidders Microsoft and Amazon each filed lawsuits over alleged unfair practices in awarding the contract.
Cloud services allow companies to offer customers their software and services without needing on-site physical infrastructure, which is a considerable saving over traditional business methods.
Assessing Risks in Conversion
While it makes sense for many businesses to take advantage of cloud services' opportunities, there are risks. Experts are available to guide companies through the transition, which should focus on streamlining operations and maintaining the integrity of processes. Any errors or gaps introduced during conversion to cloud usage could open the systems involved to hacking or malware.
An expert from Carnegie Mellon University says that companies migrating to cloud computing must take risks more seriously because:
- Off-premises IT makes it more difficult for a client company to notice problems before they get out of control.
- Hacks can leak data from one storage account into others.
Assessing Risks in the Cloud Host
Individuals and businesses considering cloud computing should look closely at any cloud storage or cloud computing terms of agreement. Some may mine your data for information about you. At the same time, others retain the right to decrypt your data and review it when the company deems it necessary.
A comprehensive report written by the University of Texas points out that there are many potential pitfalls within the terms of contracts with cloud companies, including no guarantee that the company will continue to exist indefinitely. That's a scenario that could leave you scrambling for alternatives and for help transferring sensitive information to a new service.
Companies considering cloud conversion should look closely at:
- The host company's track record.
- The host company's business plan (how long will they be around?).
- The type of security they offer.
- Does the host company have a failsafe plan compatible with the client's needs?
In addition, companies interviewing cloud services hosts should ask about:
- The company's policy on sharing data with law enforcement or partner companies.
- How employee access to client data is handled.
- Actual vs. Claimed security measures. Many are now adding automatic and on-demand scans for vulnerabilities.
- How they prevent or address issues with intercepted decrypted data (man in the middle attacks).
Are Host Clouds Capable of High Capacity?
Amazon Web Services is a giant among cloud solution companies. When its network servers were overwhelmed in December 2021, it resulted in outages and service interruptions among clients like Netflix, Slack, Coinbase, Tinder, iRobot, InstaCart, and DisneyPlus. Despite the proliferation of business technology options, it was notable that so many large companies suffered outages on the same day due to their collective dependence on Amazon's services.
To avoid potential outages due to the cloud service host company's issues, one expert says to consider:
- Develop a hybrid business model that only relies on the cloud services host for peak usage.
- Create an on-site backup system.
- Pay a premium for higher-level services with less downtime.
Be aware of the host company's capacity to avoid an Amazon-type overload outage mentioned above.