Cloud computing offers a whole host of possibilities for the future. Unfortunately, new possibilities often come with new risks. Cloud computing is no exception, as it has been shown to have several major security issues.
Although cloud computing is usually billed as being “more secure,” this is somewhat misleading. While cloud computing can be done in a secure manner, its primary purpose is convenience, not security. So, let’s look at the most common security problems that you might encounter.
Problem #1: Lost Or Stolen Devices
Most clouds are semi-closed, meaning that only certain types of people can access them. This might include employees of a particular company, members of a particular group, etc. Unfortunately, access is often attached to a specific device. This means that an unauthorized person can gain access to the cloud by using a lost or stolen device.
Statistics indicate that about 18% of all cloud data is sensitive or confidential. This low number suggests that people know better than to store their most sensitive data in this manner. Either way, that remaining 18% can still cause harm if someone knows how to do so.
Problem #2: Loss Of Intellectual Property
When you think about hackers and other cybercriminals, it is easy to concentrate on those who seek money. Indeed, most of them are primarily concerned with monetary gain. However, there are also those who seek to steal intellectual property and other valuable information.
As an example, we might cite this recent high-profile case. Two Chinese government hackers were apparently involved in many intrusions over a period of at least ten years. The important takeaway here is the fact that they weren’t after money. Nearly all of their efforts were intended to gather sensitive information with an emphasis on intellectual property.
Problem #3: Might Cause Compliance Issues
In many cases, there are laws and government regulations regarding the proper handling of personal data. For those companies who deal with this kind of information, it is easy to run afoul of these rules. For instance, health information is governed by a law called the Health Insurance Portability and Accountability Act (HIPAA).
There are some very complex rules associated with this law. As part of these rules, a cloud computing service cannot carry sensitive healthcare information unless it has been properly evaluated and certified by the government. They must also set up a business associate agreement (BAA) so that the rules and practices will be clearly explained to all involved.
Problem #4: Rogue Users
Obviously, you have to take precautions to prevent unauthorized access to your network. At the same time, you also have to worry about “insider threats,” meaning threats that come from authorized users. A disgruntled employee who has just been fired (or who is about to get fired) is probably the most likely example of an insider threat.
As an example of this, we might present the case of Jason Needham. He was employed by an engineering firm called Allen & Hoshall, but he was apparently unsatisfied with his treatment at the hands of the company. He left in 2013 to start a company of his own, but he retained access to Allen & Hoshall’s records. According to the FBI, he stole about $425,000 worth of documents. He was only caught because one of his customers was observant enough to see what he was doing.
Problem #5: Increased Transmission Of Viruses And Malware
Most of the cloud’s advantages come from the fact that everything is unified in one convenient place. However, this same quality also makes it vulnerable to malware and virus attacks. To understand what we mean, consider the opposite of a cloud system: A compartmentalized system where everything is subdivided into sections. With a system like this, a cyber-threat can only affect one part of the system at a time, limiting the damage. The cloud, on the other hand, is the opposite.
For instance, let’s consider the 2007 incident in which Salesforce was hacked with a spear-phishing attack. By tricking an employee into revealing his password, the attacker was able to gain a huge amount of personal data on Salesforce customers. Despite staying relatively quiet about the whole thing, the company suffered great damage to its reputation, from which it has never fully recovered.
These are just the five biggest problems, and they are by no means the only ones. No matter what precautions you take, enhanced connectivity can pose a serious risk of unauthorized access. The highly interdependent nature of the cloud makes it impossible to mitigate this risk fully. However, just by being aware of these risks, you have taken the first step toward dealing with them. If our efforts have been helpful, please show your appreciation by filling out the contact form.