Fong 1

Christopher Fong

Campbell

UWRIT - 1013

7 November 2019

Don’t Reach For the Clouds, the Dangers of Cloud Computing

How safe do you think your information is? In a digital age where people can access

banking accounts, credit cards, and other sensitive data from the palm of their hands, storage and

efficiency are becoming more sought out due to consumers increased demand for comfortability

that increased storage and efficiency gives. That’s why when cloud computing was first

implemented in 2006 it was considered to be the next big thing. In simple terms, cloud

computing is the use of the Internet to store, manage, and process data. This may seem to be all

sunshine and rainbows, but in reality, cloud computing has a number of issues, primarily issues

in security and privacy. Cloud computing is the next big thing in the field of computer science;

however, it still has a number of security and privacy issues that need to be solved.

To understand the issue there must be a basic understanding of what cloud computing is.

According to authors Judith Hurwitz, Marcia Kaufman, and Dr. Fern Halper of Cloud Services

For Dummies, IBM Limited Edition:

Cloud computing is a method of providing a set of shared computing resources that

includes applications, computing, storage, networking, development, and deployment

platforms as well as business processes. Cloud computing turns traditional siloed

computing assets into shared pools of resources that are based on an underlying Internet

foundation. (Hurwitz 6)
 Fong 2

In other words, cloud computing is the process of using the internet to store and access

traditional assets like applications and storage. A good example of cloud computing is iCloud

because it stores data like photos into Apple’s cloud. Cloud computing can be separated into

three main categories Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and

Software as a Service (SaaS). These categories are often referred to as delivery models. While

there may be many other delivery models for cloud computing, these three models are the most

popular and are considered the foundation of many other delivery models.

IaaS is considered the most flexible service and cost-effective (Hou). This delivery model

is primarily used to replace on-premise hardware. For example, Amazon Elastic Compute Cloud

(Amazon EC2) is based on this model. Amazon EC2 allows customers to purchase a set amount

of storage for a set cost. PaaS provides software and hardware tools over the internet and is

generally used by developers who are creating/building programs and/or applications (Hou).

Magneto Commerce Cloud uses this model. Customers on this site can edit the source code of

their Magneto store and can fully customize it to their liking. SaaS is the most popular model. It

allows users to use software over the internet. A good example of this service is Google

Docs. This paper will mostly be talking about issues dealing with IaaSs; however, most of the

issues presented also apply to cloud computing in general.

Over the last two years, there has been an increase in cloud vulnerability of 240 percent

(Su). These vulnerabilities occur due to the increasing complexity of code. Along with this,

businesses are putting more focus on creating a better user interface (UI) and user experience

(UX) rather than focusing on creating a safer cloud. The problem with this is that cloud

computing is initially more prone to vulnerabilities when compared to traditional data centers.

This isn’t because cloud computing has different threats. They both share similar threats but
 Fong 3

because the responsibility of managing and reducing risk is split between multiple parties the risk

is increased. In Timothy Morrow’s 12 “Risks, Threats, and Vulnerabilities in Moving to the

Cloud”, Morrow states that one of the largest issues that lead to increased cybersecurity risk is

the lack of due diligence from the side of organizations and businesses. If these businesses and

organizations focused more on the security aspect of cloud computing and not so much the UI

and UX. The risk of security breaches would become less likely. 20 percent of businesses do not

have a backup plan for breaches (Mason), showing that some businesses don’t even have

security in the back of their minds.

Cloud service providers (CSP) market their servers to be just as safe as on-premise

servers. This fact is true in most cases; however, even if CSPs do constant maintenance of

servers, they cannot check data owned by the customer without violating the customer’s privacy.

Customers of CSPs also need to do routine checks to maintain a secure platform and minimize

security risks and threats. In some cases, CSPs aren’t as safe as they claim. For example, in

September of 2014 Apple’s iCloud service was breached because of an error that didn’t limit the

number of guesses one could have. This in turn allowed for attackers to have numerous chances

to guess password combinations (Lewis).

A security breach is the term given when sensitive data is stolen. Cloud computing has a

higher risk of security breaches when compared to on-premise. Along with this, security

breaches on the cloud can have larger repercussions when compared to those of traditional on-

premise servers. This is because cloud platforms are interconnected with each other. In a

hypothetical situation, there are five different businesses and organizations that are all holding

information on the cloud through the same CSP. Somehow one of the five

businesses/organizations gets hacked and because of this, the hacker can now easily break into
 Fong 4

the other four platforms. While this situation has yet to occur, it is quite possible if the CSP fails

to maintain separation between multiple tenants. Failure to maintain separation by correctly

configuring virtual local area networks (VLANs) leads to an increased risk of a security breach.

The number of cloud-related security breaches and information leaks has been increasing

in recent years (Rossow). One of the larger breaches this year (2019) was the Capital One

breach. The breach occurred within a month or two of moving to the cloud (McLean). The

hacker, Paige Thompson, was a previous Amazon employee a couple of years back. She was

only able to get access to the information because Capital One had misconfigured/failed to

correctly set up their Amazon server. This mistake should’ve been easy to spot and would’ve

been an easy fix; however, due to the incompetence of Capital One over 1 million social security

numbers and credit card numbers were stolen. Other than the customer rushing in without

thoroughly setting up the platform correctly, this event shows another issue with cloud

computing, insider abuse.

While Thompson didn’t work for Amazon at the time, she did work there previously.

This would have gave her an understanding of how the Amazon servers worked, which in turn

would make it easier to get access to the data stored. Timothy Morrow, “insiders such as staff

and administrators for both organizations and CSPs, who abuse their authorized access to the

organization's or CSP's networks, systems, and data are uniquely positioned to cause damage or

exfiltrate information” (Morrow). Unlike on-premise servers, an insider wouldn’t be able to

access information on the servers unless they were in contact with them. An insider with admin

privileges could devastate a server and take so much information.

Cloud computing doesn’t only apply to businesses. For example, it can also affect politics.

To lower costs and raise response rates for the 2020 United States Census the Census Bureau
 Fong 5

(CB) decided to move onto the cloud platform provided by Amazon (Hamby). However, the CB

failed to realize was that there was an unsecured door to sensitive data. This opening would’ve

allowed a hacker to view, alter, and delete information collected in field tests (Hamby). The CB

has since patched up the breach, but are still struggling to ensure the safety of information on the

cloud, due to lack of resources (Hamby, 2019). According to former congressional staff member

Terri Ann Lowenthal, if these issues are not resolved in time, “we could be headed toward a

failed census.” Which would be the first since 1790. If the actual census information were to be

leaked it could have devastating consequences. This shows the effect that cloud computing can

have on society.

With all of these issues and consequences to cloud computing, such as insider abuse and

ignorance/lack of understanding from cloud computing customers, there has to be a solution for

the near future. The thing is much like on-premise storage, there is no way to make sure data is

100 percent safe, it’s just the nature of cybersecurity. However, while there aren’t any definite

solutions so far to fix the lack of safety on the cloud, there are some things that can be done to

reduce the risk of security breaches. These things include, but are not limited to, educating the

general public about safety issues in the cloud, so that customers and general people can

understand the magnitude of their decision to use the cloud. Along with this, using an Improved

Diffie Hellman Key Exchange Algorithm (IDHKE) will ensure secured data transmission with

accurate and reliable authentication. The IDHKE is an algorithm that encrypts data, which makes

the data stored much more secured (Pugazhenthi). More companies and organizations are

starting to move to the web, soon many companies will start to move to cloud computing

because of its cost-effectiveness (Morrow). And if nothing is done to increase the safety of the

cloud in the next few years there can be large devastating consequences.
 Fong 6

Works Cited

Hamby, Chris. "Census at Risk From Glitches And Attackers." New York Times, 5 July 2019, p.

A1(L). Gale In Context: Science,

https://link.gale.com/apps/doc/A592222058/SCIC?u=char69915&sid=SCIC&xid=10548

a02. Accessed 16 Oct. 2019.

Hou, Tony. “IaaS vs PaaS vs SaaS: What You Need to Know + Examples (2018).” Ecommerce

Technology, The BigCommerce Blog, 26 May 2019, www.bigcommerce.com/blog/saas-

vs-paas-vs-iaas/#the-three-types-of-cloud-computing-service-models-explained.

Accessed 9 Oct. 2019.

Hurwitz, Judith, Marcia Kaufman, and Dr. Fern Halper. Cloud Services For Dummies, IBM

Limited Edition. John Wiley & Sons, Inc, 2012.

Lewis, Dave. “ICloud Data Breach: Hacking And Celebrity Photos.” Forbes, Forbes Magazine,

22 Sept. 2014, www.forbes.com/sites/davelewis/2014/09/02/icloud-data-breach-hacking-

and-nude-celebrity-photos/#589056e72de7. Accessed 9 Nov. 2019.

Mason, John. ”5 Cybersecurity Challenges and Trends: What to Expect in 2018.” GlobalSign, 10

Jan. 2018, https://www.globalsign.com/en/blog/cybersecurity-trends-and-challenges-

2018/. Accessed 8 Oct. 2019.

Morrow, Timothy. “12 Risks, Threats, & Vulnerabilities in Moving to the Cloud.” Software

Engineering Institute, Carnegie Mellon University, 5 Mar. 2018,

https://insights.sei.cmu.edu/sei_blog/2018/03/12-risks-threats-vulnerabilities-in-moving-

to-the-cloud.html. Accessed 16 Oct. 2019.

 Fong 7

Pugazhenthi, A, and Chitra, D. “Data Access Control and Secured Data Sharing Approach for

Health Care Data in Cloud Environment.” Journal of Medical Systems., vol. 43, no. 8,

Kluwer Academic-Plenum-Human Sciences Press, DOI:10.1007/s10916-019-1381-7.

Accessed 16 Oct. 2019.

Rossow, Andrew. “Why Data Breaches Are Becoming More Frequent And What You Need To

Do.” Forbes, Forbes Magazine, 24 May 2018,

www.forbes.com/sites/andrewrossow/2018/05/23/why-data-breaches-are-becoming-

more-frequent-and-what-you-need-to-do/#98ad69bd97f7. Accessed 9 Nov. 2019.

Su, Jean Baptiste. “Why Cloud Computing Cyber Security Risks Are On The Rise: Report.”

Forbes, Forbes Magazine, 25 July 2019,

www.forbes.com/sites/jeanbaptiste/2019/07/25/why-cloud-computing-cyber-security-

risks-are-on-the-rise-report/#131d2ea75621. Accessed 9 Nov. 2019.