Sunteți pe pagina 1din 8

Christopher Fong

Campbell

UWRIT - 1013

7 November 2019

Don’t Reach For the Clouds, the Dangers of Cloud Computing

How safe do you think your information is? In a digital age where people can access

banking accounts, credit cards, and other sensitive data from the palm of their hands,. Sstorage

and efficiency are is becoming more sought out due to consumers increased demand of

comfortability that increased storage and efficiency givesfrom consumers. That’s why when

cloud computing was first implemented in 2006 it was considered to be the next big thing. In

simple terms, cloud computing is the use of the Internet to store, manage, and process data. This

may seem to be all sunshine and rainbows, but in reality, cloud computing has a number of

issues, primarily issues in security and privacy. There are many factors that contribute to the

number of security and privacy problems; however, it boils down to a lack of understanding of

the subject between the provider and the user. Cloud computing is the next big thing in the field

of computer science; however, it still has a number of security and privacy issues that need to be

solved.

To understand the issue there must be a basic understanding of what cloud computing is.

According to authors Judith Hurwitz, Marcia Kaufman, and Dr. Fern Halper of Cloud Services

For Dummies, IBM Limited Edition:,

“cloud Cloud computing is a method of providing a set of shared computing resources

that includes applications, computing, storage, networking, development, and deployment

platforms as well as business processes. Cloud computing turns traditional siloed


computing assets into shared pools of resources that are based on an underlying Internet

foundation.” (Hurwitz 6).

In other words, cloud computing is the process of using the internet to store and access

traditional assets like applications and storage. A good example of cloud computing is iCloud

because it stores data like photos into Apple’s cloud. Cloud computing can be separated into Formatted: Font: Italic

three main categories Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and

Software as a Service (SaaS). These categories are often referred to as delivery models. While

there may be many other delivery methods models for cloud computing, these three methods

models are the most popular and are considered the foundation of many other delivery

methodsmodels.

IaaS is considered the most flexible service and cost-effective (Hou). This delivery

method model is primarily used to replace on-premise hardware. For example, Amazon Elastic

Compute Cloud (Amazon EC2) is based on this model. Amazon EC2 allows customers to

purchase a set amount of storage for set cost. PaaS provides software and hardware tools over

the internet and is generally used by developers who are creating/building programs and/or

applications (Hou). Magneto Commerce Cloud uses this model. Customers on this site are able

to edit the source code of their Magneto store and can fully customize it to their liking. SaaS is

the most popular model., they It allows users to use software over the internet. A good example

of this service is Google Docs. This paper will mostly be talking about issues dealing with IaaSs;

however, most of the issues presented also apply to cloud computing in general.

Over the last two years, there has been an increase in cloud vulnerability of 240 percent

(Su). These vulnerabilities occur due to the increasing complexity of code. Along with this,

businesses are putting more focus on creating a better user interface (UI) and user experience
(UX) rather than focusing on creating a safer cloud. The problem with this is that cloud

computing is initially more prone to vulnerabilities when compared to traditional data centers.

This isn’t because cloud computing has different threats,. t They both share similar threats but is

because the responsibility of managing and reducing risk is split between multiple parties the risk

is increased. In Timothy Morrow’s 12 “Risks, Threats, and Vulnerabilities in Moving to the Formatted: Font: Not Italic

Cloud”, Moarrow states that one of the largest issues that lead to increased cybersecurity risk is

the lack of due diligence from the side of organizations and businesses (Morrow). If these

businesses and organizations actually focused more on the security aspect of cloud computing

and not so much the UI and UX. rRisk of security breaches would become less likely. In fact, 20

percent of businesses do not have a backup plan for breaches (Mason), showing that some

businesses don’t even have security in the back of their minds.

Cloud service providers (CSP) market their servers as safe and as reliable as on-premise

serversto be just as safe as on-premise servers. This fact is true in most cases; however, even if

CSPs do constant maintenance of servers, they cannot check data owned by the customer without

violating the customer’s privacy. Customers of CSPs also need to do routine checks in order to

maintain a secure platform and minimize security risks and threats. In some cases, CSPs aren’t as

safe as they claim. For example, in September of 2014 Apple’s iCloud service was breached

because of an error that didn’t limit the number of guesses one could have. This in turn allowed

for attackers to have numerous chances to guess password combinations (Lewis).

A security breach is the term given when sensitive data is leakedstolen. Cloud computing

has a higher risk of security breaches when compared to on-premise., aAlong with this, security

breaches on the cloud can have larger repercussions when compared to those of traditional on-

premise servers. This is because cloud platforms are interconnected with each other. In a
hypothetical situation, there are five different businesses and organizations that are all holding

information on the cloud through the same CSP. Somehow one of the five

businesses/organizations gets hacked and because of this the hacker can now easily break into

the other four platforms. While this situation has yet to occur, it is quite possible if the CSP fails

to maintain separation between multiple tenants. Along with this, fFailure to maintain separation

by correctly configuring virtual local area networks (VLANs) leads to a higher increased risk of

a security breach.

The number of cloud-related security breaches and information leaks has been increasing

in recent years (Rossow). One of the larger breaches this year (2019) was the Capital One

breach. The breach occurred within a month or two of moving to the cloud (McLean). The

hacker, Paige Thompson, was a previous Amazon employee a couple of years back. She was

only able to get access to the information because Capital One had misconfigured/failed to

correctly set up their Amazon server. This mistake should’ve been easy to spot and would’ve

been an easy fix; however, due to the incompetence of Capital One over 1 million social security

numbers and credit card numbers were stolen. Other than the customer rushing in without

thoroughly setting up the platform correctly, this event shows another issue with cloud

computing, insider abuse.

While Thompson didn’t work for Amazon at the time, she did work there previously.

This would have given gave her an understanding of how the Amazon servers worked, which in

turn would’ve made it easier to get access to the data stored. Timothy Morrow, author of 12

Risks, Threats, and Vulnerabilities in Moving to the Cloud, states, “insiders such as staff and

administrators for both organizations and CSPs, who abuse their authorized access to the

organization's or CSP's networks, systems, and data are uniquely positioned to cause damage or
exfiltrate information” (Morrow). Unlike on premise servers, an insider wouldn’t be able to

access information on the servers unless they were in contact with them. An insider with admin

privileges could devastate a server and take so much information.

Cloud computing doesn’t only apply to businesses. For example, it can also affect

politics. In an effort to lower costs and raise response rates for the 2020 United States Census the

Census Bureau (CB) decided to move onto the cloud platform provided by Amazon (Hamby).

However, what the CB failed to realize was that, in the previous year’s audit, there was an

unsecured door to sensitive data., which This opening would’ve allowed a hacker to view, alter,

and delete information collected in field tests (Hamby). The CB has since patched up the breach,

but are still struggling to ensure the safety of information on the cloud, due to lack of resources

(Hamby, 2019). According to former congressional staff member Terri Ann Lowenthal, if these

issues are not resolved in time, “we could be headed toward a failed census”(Hamby) which

would be the first since 1790. If the actual census information were to be leaked it could have

devastating consequences. This shows the scope that cloud computing has on society.

With all of these issues and consequences to cloud computing, such as insider abuse and

ignorance/lack of understanding from cloud computing customers, there has to be a solution for

the near future. The thing is much like on-premise storage, there is no way to make sure data is

100 percent safe, it’s just the nature of cybersecurity. However, while there aren’t any definite

solutions so far to fix the lack of safety on the cloud, there are some things that can be done to

reduce the risk of security breaches. These things include, but are not limited to, educating the

general public about safety issues in the cloud, so that customers and general people can

understand the magnitude of their decision to use the cloud. Along with this, using an Improved

Diffie Hellman Key Exchange Algorithm (IDHKE) will ensure secured data transmission with
accurate and reliable authentication. The IDHKE is an algorithm that encrypts data, which makes

the data stored much more secured (Pugazhenthi). More companies and organizations are Formatted: Font color: Auto

starting to move to the web, soon many companies will start to move to cloud computing

because of its cost-effectiveness (Morrow,). And if nothing is done to increase the safety of the

cloud in the next few years there can be large devastating consequences.
Works Cited

Hamby, Chris. "Census at Risk From Glitches And Attackers." New York Times, 5 July 2019, p.

A1(L). Gale In Context: Science,

https://link.gale.com/apps/doc/A592222058/SCIC?u=char69915&sid=SCIC&xid=10548

a02. Accessed 16 Oct. 2019.

Hou, Tony. “IaaS vs PaaS vs SaaS: What You Need to Know + Examples (2018).” Ecommerce

Technology, The BigCommerce Blog, 26 May 2019, www.bigcommerce.com/blog/saas-

vs-paas-vs-iaas/#the-three-types-of-cloud-computing-service-models-explained.

Accessed 9 Oct. 2019.

Hurwitz, Judith, Marcia Kaufman, and Dr. Fern Halper. Cloud Services For Dummies, IBM

Limited Edition. John Wiley & Sons, Inc, 2012.

Lewis, Dave. “ICloud Data Breach: Hacking And Celebrity Photos.” Forbes, Forbes Magazine,

22 Sept. 2014, www.forbes.com/sites/davelewis/2014/09/02/icloud-data-breach-hacking-

and-nude-celebrity-photos/#589056e72de7. Accessed 9 Nov. 2019.

Mason, John. ”5 Cybersecurity Challenges and Trends: What to Expect in 2018.” GlobalSign, 10

Jan. 2018, https://www.globalsign.com/en/blog/cybersecurity-trends-and-challenges-

2018/. Accessed 8 Oct. 2019.

Morrow, Timothy. “12 Risks, Threats, & Vulnerabilities in Moving to the Cloud.” Software

Engineering Institute, Carnegie Mellon University, 5 Mar. 2018,

https://insights.sei.cmu.edu/sei_blog/2018/03/12-risks-threats-vulnerabilities-in-moving-

to-the-cloud.html. Accessed 16 Oct. 2019.


Pugazhenthi, A, and Chitra, D. “Data Access Control and Secured Data Sharing Approach for

Health Care Data in Cloud Environment.” Journal of Medical Systems., vol. 43, no. 8,

Kluwer Academic-Plenum-Human Sciences Press, DOI:10.1007/s10916-019-1381-7.

Accessed 16 Oct. 2019.

Rossow, Andrew. “Why Data Breaches Are Becoming More Frequent And What You Need To

Do.” Forbes, Forbes Magazine, 24 May 2018,

www.forbes.com/sites/andrewrossow/2018/05/23/why-data-breaches-are-becoming-

more-frequent-and-what-you-need-to-do/#98ad69bd97f7. Accessed 9 Nov. 2019.

Su, Jean Baptiste. “Why Cloud Computing Cyber Security Risks Are On The Rise: Report.”

Forbes, Forbes Magazine, 25 July 2019,

www.forbes.com/sites/jeanbaptiste/2019/07/25/why-cloud-computing-cyber-security-

risks-are-on-the-rise-report/#131d2ea75621. Accessed 9 Nov. 2019.