5 Reasons Why The Cloud Is Still Not 100% Secure

5 Reasons Why The Cloud Is Still Not 100% Secure

5 Reasons Why The Cloud Is Still Not 100% Secure

In the last year, many big cloud companies have come under cyber attacks leading to outages and data losses

Cloud companies offer tremendous trade-offs to businesses in terms of flexibility of scale, better security, reduced manpower and maintenance cost. The majority of organizations and individuals are now convinced of the value of the cloud and are starting to migrate their data over their.  Now, it’s generally assumed that ones data is more secure within the cloud than it would if it were residing inside an unsecure desktop or server room. Unfortunately, this assumption is not true all the time.

If there is one area that is common between Google, Apple, Microsoft, Adobe, Spamhaus, American Express, Evernote, Facebook and Twitter it is the vulnerability of a cyber attack. All these organizations use cloud solutions for their business and have been victims of cyber attacks over the past year. Some of them have publicly acknowledged that data breaches have taken place during such attacks.

crime-cyber

Many cloud subscribers today wonder why these high profile tech companies are unable to keep their data safe & secure. Here are five such reasons why this may be the case:

1) Dynamic nature of business and inherent complexity

For an end user, the services offered by cloud companies are structured in very simple manner. But the structure inside the cloud is inherently complex. Multiple customers share physical databases, file servers, web servers and disk spaces. It is only logical and technical implementation and rarely the physical separation that keeps them apart.

Moreover, organizations’ business requirements and thus cloud needs keep changing. As a result, regular restructuring of security controls becomes essential. It’s a daunting task to maintain security controls for such a dynamic and complex environment at the cutting edge so that they cannot be exploited. Any slip-up there opens the door for hackers.

2) Cloud companies cannot own 100% of responsibility to make it secure

Organizations often overlook their own responsibilities when they offload a business domain to the cloud. While the service provider will do its best, it cannot ensure absolute safety at the subscriber’s end. Organizations themselves have to ensure that their own systems are patched; the access to the cloud is for authorized users, there are no stale users in the list and encryption keys are kept safe.

3) Increased sophistication of cyber attacks

In recent years, the hacker community is better organized, and they receive huge funding. In certain cases organizations and governments back them. The change is evident in the speed at which zero day vulnerabilities are ready for exploitation, the size of payload and comprehensive functionality available in malware. In the month of March DDoS attack on Spamhaus was able to generate 300 gigabits per second, something that was unheard of before. It is not easy to completely ward off such sophisticated and powerful attacks.

Notable cyber attacks in 2013

Courtesy (http://hackmageddon.com/2013-cyber-attacks-timeline-master-index)

Month Target Description
Feb 2013 Twitter Twitter announces in a blog post to have detected unusual access attempts to the accounts of 250,000 users. As a consequence the affected users’ accounts are reset.
Feb 2013 Facebook Hit by targeted attacks and admits to have been by a watering hole attack in January.
Feb 2013 Apple Apple admits to have been hit by the same sophisticated cyber attack that targeted Facebook. The culprit is iPhoneDevSDK, a forum compromised to serve a malware exploiting 0-day vulnerability.
Feb 2013 Microsoft With a scant statement on its Security Response Center blog, Microsoft admits to have been targeted by the same cyber attack that hit Facebook and Apple.
Feb 2013 American Express In name of #OpBlackSummer. TunisianCyberArmy1 AKA @TN_cyberarmy claims to have hacked American Express and to have stolen 2 Gb of data.
Mar 2013 Spamhaus Spamhaus is the victim of massive DDoS attack made with DNS Amplification and reaching a peak of 300 Gbps.
Apr 2013 WordPress Security analyst from at least three Web hosting services detect an ongoing attack using more than 90000 IP addresses to brute-force crack administrative credentials of vulnerable WordPress systems.
Apr 2013 Google The Bangladeshi hacker TiGER-M@TE defaces the Kenyan domain of Google (google.co.ke)
May 2013 Drupal Passwords for almost one million accounts on the drupal.org website are reset after hackers gain unauthorized access to sensitive use data exploiting vulnerability in an undisclosed third party application
Jul 2013 Apple Extended outage on its developer portal (developer.apple.com) due to an intruder. Apple does not rule out the possibility that some developers’ name, addresses may have been accessed.

4) Ascertaining jurisdiction is difficult in a virtual environment

Virtualization is amongst the founding principles of cloud computing. For a subscriber, it is not easy (at times impossible) to find out where exactly their data is stored. The location may be a different data centre in a different city, state or country altogether. Unless jurisdiction is ascertained it is difficult to take help of the law and precious time gets wasted. In case of a breach it becomes difficult to seek legal help and go after the culprits. This situation works to the advantage of the hacker community and many times they continue to remain at large.

5) Vulnerable users are everywhere

Any amount of security is not enough if there are vulnerable users in the system. Despite all those trainings and awareness programs, people make mistakes and thus expose the whole system to security risks. Use of easy or predictable passwords, sharing of accounts, falling prey to phishing / vishing attacks continues to happen. In the end, the hackers need just one small door to enter the fortified castle.

While cloud solutions are here to stay but so are the cyber attacks on them. Organizations and individuals must weigh pros and cons of cloud solutions before embracing it.

By Manoj Tiwari

(Image Source: Shutterstock)

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Comic
Martech In A Content Crazed World

Martech In A Content Crazed World

Content Crazed World Everywhere you look there are pop-up ads and offers, at times it can feel like overload. What used to be a few online ads on websites has now grown into a wild world of offers that consume your every device. These advancements in marketing technology can not only be overwhelming to the…

Hubgets – Advanced Collaboration, Enriched Communication

Hubgets – Advanced Collaboration, Enriched Communication

Advanced Collaboration Tool Sponsored series provided in collaboration with Hubgets Collaboration tools have advanced leaps and bounds with the advent of cloud technology, and the services available are only getting better. Promising features such as sophisticated group communication, productive management of tasks and meetings, and the ultimate dream, working remotely from some gorgeous island destination, innovative collaboration…

Verizon To Acquire Yahoo For $4.83 Billion

Verizon To Acquire Yahoo For $4.83 Billion

Verizon Communications Inc (VZ.N) said it had agreed to buy Yahoo Inc’s (YHOO.O) core internet business for $4.83 billion in cash, ending a lengthy sale process for the fading Web pioneer. Buying Yahoo’s operations will boost Verizon’s AOL internet business, which it bought last year for $4.4 billion, by giving it access to Yahoo’s advertising…

When Sci-Fi Predictions Come To Fruition

When Sci-Fi Predictions Come To Fruition

Evolution of Technologies To paraphrase science fiction author Arthur C. Clark, those who make predictions about the future are either “considered conservative now and mocked later, or mocked now and proved right when they are no longer around to enjoy the acclaim.” The one thing we can be sure about, Clark ventured, is that “[the…

Facebook Hopes To Extend Internet Connectivity With Solar-Powered Drones

Facebook Hopes To Extend Internet Connectivity With Solar-Powered Drones

Facebook Inc (FB.O) said on Thursday it had completed a successful test flight of a solar-powered drone that it hopes will help it extend internet connectivity to every corner of the planet. Aquila, Facebook’s lightweight, high-altitude aircraft, flew at a few thousand feet for 96 minutes in Yuma, Arizona, Chief Executive Mark Zuckerberg wrote in…

5 Ways To Ensure Your Cloud Solution Is Always Operational

5 Ways To Ensure Your Cloud Solution Is Always Operational

Ensure Your Cloud Is Always Operational We have become so accustomed to being online that we take for granted the technological advances that enable us to have instant access to everything and anything on the internet, wherever we are. In fact, it would likely be a little disconcerting if we really mapped out all that…

Are CEO’s Missing Out On Big Data’s Big Picture?

Are CEO’s Missing Out On Big Data’s Big Picture?

Big Data’s Big Picture Big data allows marketing and production strategists to see where their efforts are succeeding and where they need some work. With big data analytics, every move you make for your company can be backed by data and analytics. While every business venture involves some level of risk, with big data, that risk…

How You Can Improve Customer Experience With Fast Data Analytics

How You Can Improve Customer Experience With Fast Data Analytics

Fast Data Analytics In today’s constantly connected world, customers expect more than ever before from the companies they do business with. With the emergence of big data, businesses have been able to better meet and exceed customer expectations thanks to analytics and data science. However, the role of data in your business’ success doesn’t end…

Four Recurring Revenue Imperatives

Four Recurring Revenue Imperatives

Revenue Imperatives “Follow the money” is always a good piece of advice, but in today’s recurring revenue-driven market, “follow the customer” may be more powerful. Two recurring revenue imperatives highlight the importance of responding to, and cherishing customer interactions. Technology and competitive advantage influence the final two. If you’re part of the movement towards recurring…

Your Biggest Data Security Threat Could Be….

Your Biggest Data Security Threat Could Be….

Paying Attention To Data Security Your biggest data security threat could be sitting next to you… Data security is a big concern for businesses. The repercussions of a data security breach ranges from embarrassment, to costly lawsuits and clean-up jobs – particularly when confidential client information is involved. But although more and more businesses are…

How Data Science And Machine Learning Is Enabling Cloud Threat Protection

How Data Science And Machine Learning Is Enabling Cloud Threat Protection

Data Science and Machine Learning Security breaches have been consistently rising in the past few years. Just In 2015, companies detected 38 percent more security breaches than in the previous year, according to PwC’s Global State of Information Security Survey 2016. Those breaches are a major expense — an average of $3.79 million per company,…

Cloud Infographic – Monetizing Internet Of Things

Cloud Infographic – Monetizing Internet Of Things

Monetizing Internet Of Things There are many interesting ways in which companies are looking to connect devices to the cloud. From the vehicles to kitchen appliances the internet of things is already a $1.9 trillion dollar market based on research estimates from IDC. Included is a fascinating infographic provided by AriaSystems which shows us some of the exciting…

The Big Data Movement Gets Bigger

The Big Data Movement Gets Bigger

The Big Data Movement In recent years, Big Data and Cloud relations have been growing steadily. And while there have been many questions raised around how best to use the information being gathered, there is no question that there is a real future between the two. The growing importance of Big Data Scientists and the…

Do Small Businesses Need Cloud Storage Service?

Do Small Businesses Need Cloud Storage Service?

Cloud Storage Services Not using cloud storage for your business yet? Cloud storage provides small businesses like yours with several advantages. Start using one now and look forward to the following benefits: Easy back-up of files According to Practicalecommerce, it provides small businesses with a way to back up their documents and files. No need…

Big Data and Financial Services – Security Threat or Massive Opportunity?

Big Data and Financial Services – Security Threat or Massive Opportunity?

Big Data and Financial Services Cloud Banking Insights Series focuses on big data in the financial services industry and whether it is a security threat or actually a massive opportunity. How does big data fit into an overall cloud strategy? Most FI’s have a positive mind-set towards cloud IT consumption as it not only enables…

Disaster Recovery – A Thing Of The Past!

Disaster Recovery – A Thing Of The Past!

Disaster Recovery  Ok, ok – I understand most of you are saying disaster recovery (DR) is still a critical aspect of running any type of operations. After all – we need to secure our future operations in case of disaster. Sure – that is still the case but things are changing – fast. There are…