ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Seven Cloud Computing Security Issues

Updated on November 23, 2020
Source

7 Cloud Security Issues

“Once you put it (Data) on a remote Cloud server which is accessible via the Internet, it’s not a matter of if you’ll have a breach; it is when (as evident by the countless breaches happening this year).” (Liticism, 2011)

What is Cloud Computing?

“Cloud computing is an emerging computing technology that uses the internet and central remote servers to maintain data and applications”. (WikiInvest, 2011)

Seven Cloud Computing Security Risks

Gartner states there are Seven Cloud computing Security risks and suggest as an organisation you should ask questions around the qualifications of the cloud provider including; (Brodkin, 2010)

  • Who are the policy makers?
  • Who are the architects?
  • Who has specialised access to data and have these administrators had their backgrounds checked and who manages them?
  • What are the service providers risk control processes?
  • What are their technical mechanisms and recovery plans?
  • What is their level of testing, security and compliance?
  • Where is the data located and how is this controlled?

Organisations should look at and identify any unanticipated vulnerabilities before considering using a cloud service provider.

Data Protection & Security Issues

As the Cloud Service provider has access to all your data and could potentially disclose it for unauthorized purposes this is a major concern that raises privacy and confidentiality issues.

Cloud technology is revolutionising how organizations are doing business. Organizations in every industry are embracing cloud computing as a means to lower and costs and the complexities associated with traditional IT approaches. “Organizations that approach cloud in a tactical fashion risk security exposure due to fragmentation, redundancy and operating silos.” (Managed with cloud technologies, no date)

We will look at the main data protection and security issues that organisations have to consider when using Cloud technology below;

Data Security and Accessibility Issues

Section 2(1)(d) of the Data Protection Act states that companies protect their data from unauthorised access, alteration, destruction or disclosure especially when it comes to that data being transmitted over the cloud. (Office of the Data Protection Commissioner, no date).

Section 2C(1) of the Data Protection Act states what an organisation should do to implement proper security procedures and be aware of the resulting consequences and effect of this data being destroyed or unlawfully breached. It is important therefore to ensure proper security and risk contingency plans such as encryption, personnel screening, access levels etc. (Office of the Data Protection Commissioner, no date).

Therefore it is the organisations responsibility to consider all these factors when giving up control of their data before using the cloud.

Security Threats

Attacks on the cloud are tempting for hackers who will want to implement cybercrime, the reason being that all data may be shared on one server using co-tendency. Basically having all your eggs in one basket!

Even leading providers such as Google had and have security risks where in one case people's private documents stored on Google Docs were shared with other users without their permission. (Preston, 2009)

Even the most encrypted secure passwords have the potential to be hacked using the combined server power of cloud computing.

Fraud & Cybercrime

Fraud and cybercrime are often perpetrated without your knowledge if via Cloud Services. Using the cloud and sharing servers can increase the risk of these servers harbouring spying agents, password stealers or other types of malware. Botnets were responsible for the theft of $100 million from bank accounts alone in 2009. (Babcock, C, 2010, Page 153)

When using virtual machines it is harder to detect SQL injections and other types of malicious code. The cloud is an attractive target for hackers who want to steal passwords, bank account information and personal identities as all the activity is in one concentrated area.

Data Security – What is it?

“Data security refers to a broad set of policies, technologies, and controls deployed to protect data, applications, and the associated infrastructure of cloud computing.” (‘Cloud Computing Security’, no date)

Cloud Computing Security Issues

  1. No security system is 100% secure. Saleforce.com suffered a phishing attack in December 2007 when a member of staff was fooled into giving out passwords. (Krebs, 2007)
  2. Understand the risks of Cloud computing service providers, their 3rd parties, potential attacks on data, downtime and exception monitoring to ensure your business is fully protected.
  3. There are no uniform standards to fully protect data controllers yet.
  4. Essential to know where your data is stored and the local law and juristriction of the countries where your data is stored as mentioned previously.

Security Challenges

Listed below are some of the security challenges that should be considered by organizations before moving to the cloud;

  • Once you assets are in the cloud you lose control over them.
  • Do you trust your data to your service provider? Check their service agreements thoroughly.
  • The loss of control over your onsite physical security.
  • When sharing servers with other companies government agencies may ‘reasonable cause’ to seize your assets because another company has violated the law.
  • Incompatibility between cloud vendors. (Microsoft Azure is not compatible with Amazon S3 for example.) How do you then retrieve and move your data?
  • If encrypted then who controls those encryption/decryption keys? You or the provider?
  • Is your data SSL secure over the internet and/or encrypted while in vendors storage pool?
  • Data integrity – is your data identically maintained during any operation? If you are using PCI DSS for ecommerce transaction you will need access to the cloud provider’s logs so you will need to negotiate access to these.
    • Data protection – how is your data protected?
    • Identity management
    • Physical and personnel security
    • Availability
    • Application security
    • Privacy Issues

The key question to ask as an organisation is; do you trust putting your mission critical apps or data on the cloud and what are the consequences of doing so? (Rittinghouse and Ransome, 2010, p.160)

Data Security Issues for Mobile Staff

As employees are working more from home, hotels or coffee shops, companies are investigating ways to keep their devices and data safe and secure. Some issues include unsecure access to internet using WiFi, theft of laptops and devices, unencrypted data, etc

“Desktop virtualisation may be the solution: 86 percent of the international companies surveyed by Citrix, a cloud provider, cited security as their primary motivation for getting into the area”. (Leach, 2011)

Key Challenges

As an organisation you are storing your data on someone else’s server and as such they have admin control over it and can view, delete, edit and access this data. Data level security businesses need to know data is protected and encrypted wherever it goes and to have their own auditing and data backup and recovery mechanisms in place.

Conclusion

Best practices are still being identified and defined and direct experience may be the best learning tool. There are many risks in the cloud but these can be evaluated and defined for certain workloads. Organisations will have to consider whether they only use the cloud for certain aspects of their business such as non mission critical information or data where laws governing data protection, security and confidentially are less stringent.



Comments

    0 of 8192 characters used
    Post Comment

    No comments yet.

    working

    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://maven.io/company/pages/privacy

    Show Details
    Necessary
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
    Features
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Marketing
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Statistics
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)
    ClickscoThis is a data management platform studying reader behavior (Privacy Policy)