Documente Academic
Documente Profesional
Documente Cultură
Christopher Fong
Campbell
UWRIT - 1013
7 November 2019
How safe do you think your information is? In a digital age where people can access
banking accounts, credit cards, and other sensitive data from the palm of their hands, storage and
efficiency are becoming more sought out due to consumers increased demand for comfortability
that increased storage and efficiency gives. That’s why when cloud computing was first
implemented in 2006 it was considered to be the next big thing. In simple terms, cloud
computing is the use of the Internet to store, manage, and process data. This may seem to be all
sunshine and rainbows, but in reality, cloud computing has a number of issues, primarily issues
in security and privacy. Cloud computing is the next big thing in the field of computer science;
however, it still has a number of security and privacy issues that need to be solved.
To understand the issue there must be a basic understanding of what cloud computing is.
According to authors Judith Hurwitz, Marcia Kaufman, and Dr. Fern Halper of Cloud Services
computing assets into shared pools of resources that are based on an underlying Internet
foundation. (Hurwitz 6)
Fong 2
In other words, cloud computing is the process of using the internet to store and access
traditional assets like applications and storage. A good example of cloud computing is iCloud
because it stores data like photos into Apple’s cloud. Cloud computing can be separated into
three main categories Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and
Software as a Service (SaaS). These categories are often referred to as delivery models. While
there may be many other delivery models for cloud computing, these three models are the most
popular and are considered the foundation of many other delivery models.
IaaS is considered the most flexible service and cost-effective (Hou). This delivery model
is primarily used to replace on-premise hardware. For example, Amazon Elastic Compute Cloud
(Amazon EC2) is based on this model. Amazon EC2 allows customers to purchase a set amount
of storage for a set cost. PaaS provides software and hardware tools over the internet and is
generally used by developers who are creating/building programs and/or applications (Hou).
Magneto Commerce Cloud uses this model. Customers on this site can edit the source code of
their Magneto store and can fully customize it to their liking. SaaS is the most popular model. It
allows users to use software over the internet. A good example of this service is Google
Docs. This paper will mostly be talking about issues dealing with IaaSs; however, most of the
Over the last two years, there has been an increase in cloud vulnerability of 240 percent
(Su). These vulnerabilities occur due to the increasing complexity of code. Along with this,
businesses are putting more focus on creating a better user interface (UI) and user experience
(UX) rather than focusing on creating a safer cloud. The problem with this is that cloud
computing is initially more prone to vulnerabilities when compared to traditional data centers.
This isn’t because cloud computing has different threats. They both share similar threats but
Fong 3
because the responsibility of managing and reducing risk is split between multiple parties the risk
Cloud”, Morrow states that one of the largest issues that lead to increased cybersecurity risk is
the lack of due diligence from the side of organizations and businesses. If these businesses and
organizations focused more on the security aspect of cloud computing and not so much the UI
and UX. The risk of security breaches would become less likely. 20 percent of businesses do not
have a backup plan for breaches (Mason), showing that some businesses don’t even have
Cloud service providers (CSP) market their servers to be just as safe as on-premise
servers. This fact is true in most cases; however, even if CSPs do constant maintenance of
servers, they cannot check data owned by the customer without violating the customer’s privacy.
Customers of CSPs also need to do routine checks to maintain a secure platform and minimize
security risks and threats. In some cases, CSPs aren’t as safe as they claim. For example, in
September of 2014 Apple’s iCloud service was breached because of an error that didn’t limit the
number of guesses one could have. This in turn allowed for attackers to have numerous chances
A security breach is the term given when sensitive data is stolen. Cloud computing has a
higher risk of security breaches when compared to on-premise. Along with this, security
breaches on the cloud can have larger repercussions when compared to those of traditional on-
premise servers. This is because cloud platforms are interconnected with each other. In a
hypothetical situation, there are five different businesses and organizations that are all holding
information on the cloud through the same CSP. Somehow one of the five
businesses/organizations gets hacked and because of this, the hacker can now easily break into
Fong 4
the other four platforms. While this situation has yet to occur, it is quite possible if the CSP fails
configuring virtual local area networks (VLANs) leads to an increased risk of a security breach.
The number of cloud-related security breaches and information leaks has been increasing
in recent years (Rossow). One of the larger breaches this year (2019) was the Capital One
breach. The breach occurred within a month or two of moving to the cloud (McLean). The
hacker, Paige Thompson, was a previous Amazon employee a couple of years back. She was
only able to get access to the information because Capital One had misconfigured/failed to
correctly set up their Amazon server. This mistake should’ve been easy to spot and would’ve
been an easy fix; however, due to the incompetence of Capital One over 1 million social security
numbers and credit card numbers were stolen. Other than the customer rushing in without
thoroughly setting up the platform correctly, this event shows another issue with cloud
While Thompson didn’t work for Amazon at the time, she did work there previously.
This would have gave her an understanding of how the Amazon servers worked, which in turn
would make it easier to get access to the data stored. Timothy Morrow, “insiders such as staff
and administrators for both organizations and CSPs, who abuse their authorized access to the
organization's or CSP's networks, systems, and data are uniquely positioned to cause damage or
access information on the servers unless they were in contact with them. An insider with admin
Cloud computing doesn’t only apply to businesses. For example, it can also affect politics.
To lower costs and raise response rates for the 2020 United States Census the Census Bureau
Fong 5
(CB) decided to move onto the cloud platform provided by Amazon (Hamby). However, the CB
failed to realize was that there was an unsecured door to sensitive data. This opening would’ve
allowed a hacker to view, alter, and delete information collected in field tests (Hamby). The CB
has since patched up the breach, but are still struggling to ensure the safety of information on the
cloud, due to lack of resources (Hamby, 2019). According to former congressional staff member
Terri Ann Lowenthal, if these issues are not resolved in time, “we could be headed toward a
failed census.” Which would be the first since 1790. If the actual census information were to be
leaked it could have devastating consequences. This shows the effect that cloud computing can
have on society.
With all of these issues and consequences to cloud computing, such as insider abuse and
ignorance/lack of understanding from cloud computing customers, there has to be a solution for
the near future. The thing is much like on-premise storage, there is no way to make sure data is
100 percent safe, it’s just the nature of cybersecurity. However, while there aren’t any definite
solutions so far to fix the lack of safety on the cloud, there are some things that can be done to
reduce the risk of security breaches. These things include, but are not limited to, educating the
general public about safety issues in the cloud, so that customers and general people can
understand the magnitude of their decision to use the cloud. Along with this, using an Improved
Diffie Hellman Key Exchange Algorithm (IDHKE) will ensure secured data transmission with
accurate and reliable authentication. The IDHKE is an algorithm that encrypts data, which makes
the data stored much more secured (Pugazhenthi). More companies and organizations are
starting to move to the web, soon many companies will start to move to cloud computing
because of its cost-effectiveness (Morrow). And if nothing is done to increase the safety of the
cloud in the next few years there can be large devastating consequences.
Fong 6
Works Cited
Hamby, Chris. "Census at Risk From Glitches And Attackers." New York Times, 5 July 2019, p.
https://link.gale.com/apps/doc/A592222058/SCIC?u=char69915&sid=SCIC&xid=10548
Hou, Tony. “IaaS vs PaaS vs SaaS: What You Need to Know + Examples (2018).” Ecommerce
vs-paas-vs-iaas/#the-three-types-of-cloud-computing-service-models-explained.
Hurwitz, Judith, Marcia Kaufman, and Dr. Fern Halper. Cloud Services For Dummies, IBM
Lewis, Dave. “ICloud Data Breach: Hacking And Celebrity Photos.” Forbes, Forbes Magazine,
Mason, John. ”5 Cybersecurity Challenges and Trends: What to Expect in 2018.” GlobalSign, 10
Morrow, Timothy. “12 Risks, Threats, & Vulnerabilities in Moving to the Cloud.” Software
https://insights.sei.cmu.edu/sei_blog/2018/03/12-risks-threats-vulnerabilities-in-moving-
Pugazhenthi, A, and Chitra, D. “Data Access Control and Secured Data Sharing Approach for
Health Care Data in Cloud Environment.” Journal of Medical Systems., vol. 43, no. 8,
Rossow, Andrew. “Why Data Breaches Are Becoming More Frequent And What You Need To
www.forbes.com/sites/andrewrossow/2018/05/23/why-data-breaches-are-becoming-
Su, Jean Baptiste. “Why Cloud Computing Cyber Security Risks Are On The Rise: Report.”
www.forbes.com/sites/jeanbaptiste/2019/07/25/why-cloud-computing-cyber-security-