Ever since the dawn of the modern computing age, there have always been security risks. From the early days of BBS and the Morris Worm to the recent rise of Stuxnet, networks and security threats have gone hand in hand. Cloud-computing technology has been a boon for both Enterprise and casual users alike as of late. Cloud-based platforms allow businesses of all sizes to save on both hardware and software costs while scaling the delivery of services to meet any demand. Though the general public now has a basic understanding of the cloud, its sheer complexity and its inherent risks are often taken for granted.
While we’re all well-aware of the many benefits of cloud-computing at this point, we tend to ignore the possibilities for disaster. The latest Gartner study concerning cloud-computing risks is a call to arms for both consumers and producers to pay closer attention to security online. As security firm Gartner, Inc. explained in the aforementioned white paper, threats to the safety and integrity of data stored online in “the cloud” are very real and shouldn’t be ignored. Gartner’s “Seven Cloud-Computing Risks” can be condensed into four basic areas of concern. Here’s a quick breakdown of these risks in layman’s terms that should give you a better understanding of the dangers that every cloud user faces.
Data Loss and Downtime
The main idea behind cloud-computing is that data and services are abstracted away from the underlying hardware and can be accessed from any location. That’s all well and good, but it can lead to adverse consequences. Amazon’s high-profile EC2 outages are a prime example of what can happen when a cloud service experiences a low-level disaster. While data is rarely lost for good, it is a distinct possibility. The greater danger is downtime, beautifully illustrated by the Gmail outages of February 2011. Millions of users lost access to archived messages, wasting time and money in the process.
For the average hacker, no target is more appealing than cloud-based data. Every year, millions of dollars and thousands of gigabytes of data are stolen due to sloppy security. The security breach of Sony’s PlayStation Network in 2011 underscored the vulnerability of user credentials and confidential information on the web. The recent brouhaha over lax security at social networking giant LinkedIn is yet another example of the dangers posed by cybercriminals. Files containing passwords and important financial data can be quickly snatched in the blink of an eye if a dedicated hacker is determined enough.
User Access Control: Privacy and Permissions
Lost files and compromised data are certainly serious cloud issues, but they’re hardly the only ones. Managing data access is an equally important concern in the cloud. Even a seemingly uncomplicated collaboration tool like Dropbox for Teams or Google Docs can be incredibly confusing when it comes to keeping user permissions straight and ensuring that only the appropriate people have the ability to see certain files. In addition, it can be possible for IaaS, PaaS and SaaS platform admins to potentially access sensitive information if you opt for a less than reputable provider.
Regulatory Compliance & Compatibility
We live in a world of standards, protocols, regulations and bureaucratic red tape that can frustrate even the most knowledgeable of cloud veterans. Compatibility issues between various public and private clouds can wreak havoc for end users and be a major security risk at the same time. On top of that, legal restrictions for data storage and security vary greatly across jurisdictions. For example, banking in the cloud is fraught with difficulties due to government regulations that dictate where data can be stored and how it can be transmitted. While the pace of cloud innovation charges ahead unabated, companies still have to abide by sometimes confusing and contradictory laws in the areas where they operate.
The Main Takeaway
At this point, you’re probably asking yourself, “How can I take advantage of the many wonders of the cloud without exposing myself to unnecessary risk?” The security risks outlined above can be mitigated to a large degree by thoroughly vetting any cloud-computing service before signing up. Non-profit organizations like the Cloud Security Alliance have done an excellent job when it comes to raising awareness of cloud security risks. If you plan on making the move to a cloud-computing platform for any service, just remember not to put all of your eggs in one basket. With great risk comes great rewards. To avoid being burned by the cloud, it’s important to be aware of said risk before moving forward.