5 Reasons Why The Cloud Is Still Not 100% Secure

5 Reasons Why The Cloud Is Still Not 100% Secure

5 Reasons Why The Cloud Is Still Not 100% Secure

In the last year, many big cloud companies have come under cyber attacks leading to outages and data losses

Cloud companies offer tremendous trade-offs to businesses in terms of flexibility of scale, better security, reduced manpower and maintenance cost. The majority of organizations and individuals are now convinced of the value of the cloud and are starting to migrate their data over their.  Now, it’s generally assumed that ones data is more secure within the cloud than it would if it were residing inside an unsecure desktop or server room. Unfortunately, this assumption is not true all the time.

If there is one area that is common between Google, Apple, Microsoft, Adobe, Spamhaus, American Express, Evernote, Facebook and Twitter it is the vulnerability of a cyber attack. All these organizations use cloud solutions for their business and have been victims of cyber attacks over the past year. Some of them have publicly acknowledged that data breaches have taken place during such attacks.

crime-cyber

Many cloud subscribers today wonder why these high profile tech companies are unable to keep their data safe & secure. Here are five such reasons why this may be the case:

1) Dynamic nature of business and inherent complexity

For an end user, the services offered by cloud companies are structured in very simple manner. But the structure inside the cloud is inherently complex. Multiple customers share physical databases, file servers, web servers and disk spaces. It is only logical and technical implementation and rarely the physical separation that keeps them apart.

Moreover, organizations’ business requirements and thus cloud needs keep changing. As a result, regular restructuring of security controls becomes essential. It’s a daunting task to maintain security controls for such a dynamic and complex environment at the cutting edge so that they cannot be exploited. Any slip-up there opens the door for hackers.

2) Cloud companies cannot own 100% of responsibility to make it secure

Organizations often overlook their own responsibilities when they offload a business domain to the cloud. While the service provider will do its best, it cannot ensure absolute safety at the subscriber’s end. Organizations themselves have to ensure that their own systems are patched; the access to the cloud is for authorized users, there are no stale users in the list and encryption keys are kept safe.

3) Increased sophistication of cyber attacks

In recent years, the hacker community is better organized, and they receive huge funding. In certain cases organizations and governments back them. The change is evident in the speed at which zero day vulnerabilities are ready for exploitation, the size of payload and comprehensive functionality available in malware. In the month of March DDoS attack on Spamhaus was able to generate 300 gigabits per second, something that was unheard of before. It is not easy to completely ward off such sophisticated and powerful attacks.

Notable cyber attacks in 2013

Courtesy (http://hackmageddon.com/2013-cyber-attacks-timeline-master-index)

MonthTargetDescription
Feb 2013TwitterTwitter announces in a blog post to have detected unusual access attempts to the accounts of 250,000 users. As a consequence the affected users’ accounts are reset.
Feb 2013FacebookHit by targeted attacks and admits to have been by a watering hole attack in January.
Feb 2013AppleApple admits to have been hit by the same sophisticated cyber attack that targeted Facebook. The culprit is iPhoneDevSDK, a forum compromised to serve a malware exploiting 0-day vulnerability.
Feb 2013MicrosoftWith a scant statement on its Security Response Center blog, Microsoft admits to have been targeted by the same cyber attack that hit Facebook and Apple.
Feb 2013American ExpressIn name of #OpBlackSummer. TunisianCyberArmy1 AKA @TN_cyberarmy claims to have hacked American Express and to have stolen 2 Gb of data.
Mar 2013SpamhausSpamhaus is the victim of massive DDoS attack made with DNS Amplification and reaching a peak of 300 Gbps.
Apr 2013WordPressSecurity analyst from at least three Web hosting services detect an ongoing attack using more than 90000 IP addresses to brute-force crack administrative credentials of vulnerable WordPress systems.
Apr 2013GoogleThe Bangladeshi hacker TiGER-M@TE defaces the Kenyan domain of Google (google.co.ke)
May 2013DrupalPasswords for almost one million accounts on the drupal.org website are reset after hackers gain unauthorized access to sensitive use data exploiting vulnerability in an undisclosed third party application
Jul 2013AppleExtended outage on its developer portal (developer.apple.com) due to an intruder. Apple does not rule out the possibility that some developers’ name, addresses may have been accessed.

4) Ascertaining jurisdiction is difficult in a virtual environment

Virtualization is amongst the founding principles of cloud computing. For a subscriber, it is not easy (at times impossible) to find out where exactly their data is stored. The location may be a different data centre in a different city, state or country altogether. Unless jurisdiction is ascertained it is difficult to take help of the law and precious time gets wasted. In case of a breach it becomes difficult to seek legal help and go after the culprits. This situation works to the advantage of the hacker community and many times they continue to remain at large.

5) Vulnerable users are everywhere

Any amount of security is not enough if there are vulnerable users in the system. Despite all those trainings and awareness programs, people make mistakes and thus expose the whole system to security risks. Use of easy or predictable passwords, sharing of accounts, falling prey to phishing / vishing attacks continues to happen. In the end, the hackers need just one small door to enter the fortified castle.

While cloud solutions are here to stay but so are the cyber attacks on them. Organizations and individuals must weigh pros and cons of cloud solutions before embracing it.

By Manoj Tiwari

(Image Source: Shutterstock)

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

Sorry, comments are closed for this post.

Comics

At CloudTweaks, we're plugged into the cloud, the internet of things and all that the web has to offer. From wearable technology, to mobile computing, cloud computing and big data, CloudTweaks is your source for updates and news on the most innovative technology.

Popular

Top Viral Impact

Technology Advice Report: 2014 Business Intelligence Buying Trends

Technology Advice Report: 2014 Business Intelligence Buying Trends

Technology Advice Report: 2014 Business Intelligence Buying Trends For nearly every business, the concept of business intelligence is nothing new. Ambitious organizations have been searching for any type of data-driven advantage for some time now – perhaps for as long as they’ve existed. However, the historical use of competitive intelligence pales in comparison to the…

The Education Revolution: Cloud In The Classroom

The Education Revolution: Cloud In The Classroom

The Education Revolution: Cloud In The Classroom With the back-to-school season now upon us, parents, students and teachers everywhere are once again struggling with the perpetual challenge of making kids job-ready in a high-speed and fast-changing environment. There is little doubt in anyone’s mind that information technology plays a central role in all areas of life…

Cloud Infographic – Cyber Security And The New Frontier

Cloud Infographic – Cyber Security And The New Frontier

Cyber Security: The New Frontier The security environment of the 21st century is constantly evolving, and it’s difficult to predict where the next threats and dangers will come from. But one thing is clear: the ever-expanding frontier of digital space will continue to present firms and governments with security challenges. From politically-motivated Denial-of-Service attacks to…

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

The Future of Work: What Cloud Technology Has Allowed Us to Do Better The cloud has made our working lives easier, with everything from virtually unlimited email storage to access-from-anywhere enterprise resource planning (ERP) systems. It’s no wonder the 2013 cloud computing research IDG survey revealed at least 84 percent of the companies surveyed run at…

Featured Sponsors

Salesforce Service Cloud: Air Traffic Control For Your Customer

Salesforce Service Cloud: Air Traffic Control For Your Customer

Salesforce Service Cloud One of the greatest benefits of the increasingly reliable and ubiquitous state of cloud technology is the removal of business silos and the consolidation of information flow, both in-house and on the road. This is of particular importance to the many different types of professionals whose work involves customer relationship management (CRM).…

Sponsors

Is SaaS For You? Three Questions To Ask

Is SaaS For You? Three Questions To Ask

The idea of providing software to customers for a fee without the need for investments in IT infrastructure or staff has been around for decades. In the 1970s it was called Timesharing. Back then, companies utilized Timesharing services as their primary source of IT applications or as an extension of in-house IT applications, thereby avoiding…

Placement Opportunities - Find Out!

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

You can help continue to support our community by social sharing, sponsoring, partnering or contributing to this great educational resource.

Contact

CloudTweaks Media
Phone: 1 (212) 763-0021

Join Our Newsletter