Chapter 8: Cloud Computing and Associated Threats
What is Cloud Computing?
Technology is progressing by leaps and bounds. It is now possible to access your data anytime, anywhere, using a smartphone, tablet, laptop or desktop computer. To do this, all that you need is an Internet connection. This has been made possible due to advancements in the field of cloud computing.
Cloud Computing Architecture
A number of components and sub-components are needed to implement cloud computing. When these components work in sync, users are able to benefit from multitude of services provided by cloud companies.
Private Cloud: This type of cloud supports private storage (hosting or computer space) which can be both remote and local depending upon the database storage of the company. Companies that have sensitive or fragile data opt for this service.
Public Cloud: A public cloud is the most common type of storage that is used. Most of us as individual customers have used this type of cloud service. It is operated remotely, owned by a cloud service provider and shared by multiple resource tenants.
Community Cloud: A community cloud is a collaborative effort in which storage is shared between several companies having common concerns, such as security, compliance and jurisdiction. This cloud is also known as a semi-public or semiprivate cloud.
Hybrid Class Cloud: A hybrid cloud is a combination of two or more different types of cloud architectures, which retain their originality but are linked through a shared standard or technology.
Cloud Computing Services
Infrastructure-as-a-Service (laaS): This is the most commonly used cloud service. It includes virtual servers, storage disks and networks and provides a basic remote IT) structure to an organization which is manageable and flexible. Customers can access and use the storage space that is provided using their handheld devices, such as smartphones to store data, including pictures, videos and music on the cloud. Some of the companies that offer Infrastructure as a Service (laaS) include Amazon, Flexible and Rackspace.
Platform-as-a-Service (PaaS): This is a cloud-based development platform designed for developers to build, run and manage applications over the Internet. The PaaS infrastructure is built and managed by the cloud service provider who provides the software and hardware tools required for application development as a service. Some of the popular Paas service providers are 1BM BlueMix, Microsoft Azure and Cloud bees. Developers can run an operating system, database, or write code and execute that using a programming language.
Software-as-a-Service (SaaS): Software as a Service means that the users can access different software present on cloud on a pay- per-use-basis. This is a very useful service as software licenses are prohibitively expensive and it is not possible to license all such software. This is where Saas comes in. It provides access to a multitude of software which provide more or less the same functionality similar to their licensed counterparts. For example, Google Docs provides almost the same functionality compared to Microsoft Word which is expensive to license.
Working of Cloud Computing
Universal access: Cloud computing supports mobility, therefore, files can be accessed from anywhere. For employees, this facilitates work from home and business trips without having to carry the files with them all the time.
Increased storage capacity: In the past, the amount of data allowed to save was dependent on the device capacity. If we ran out of memory, we would need USB support to continue working.
Can be easily set up: Setting up a cloud service is a matter of minutes. Customizing settings options, such as password creation and selecting the devices you want to be connected to is equally easy.
Cost effective: As we discussed, if cloud was not there, users would have had to invest heavily in storage media, such as flash drives and external hard disk drives
Flexibility: Cloud offers scalability in terms of storage size that allows you to change the storage size depending on the requirement in a short span of time. For example, it you are planning to go on a vacation, you can increase your cloud storage size so that you have enough space to store your vacation pictures and videos.
A cloud network Is accessible to users and multiple other networks. This makes it Vulnerable to threats originating from computers following the same or different architecture.
Data breach: Data breach can happen when data is stored locally or on cloud, but if cloud data is compromised it is far more severe. In order to prevent this, cloud providers ensure that their network is highly secure and the security protocol that is implemented is regularly updated. That is why, hackers prefer to attack a cloud system rather than a standalone machine. The recent Ashley Madison.com breach compromised valuable data of their users.
Data ownership and control: The chances of a data breach are significantly higher if the management of your organization's data stored on cloud is outsourced to a third-party provider. Many issues such as geographical location, backup processes and the steps taken to ensure that data is protected are now outside the control exercised by your organization. When users place their data on cloud, the cloud service provider gets access to their confidential data. Consequently, ownership is compromised and it may impact compliance control and requirements.
Data loss: No matter where your data is stored the impact of permanent data loss is huge. It has the potential to affect an organization financially, legally and operationally. Data loss would also lead to failure in satisfying compliance policies and protection requirements. Additionally, natural disasters, technical failures and data purge also affect cloud computing the same way as they affect a standalone stem.
Malicious attacks: Hackers or authorized users with malicious intentions can attack and abuse cloud storage for conducting illegal activities or monetary gains. This includes storing and spreading copyrighted documents, pirated software and viruses. Cloud resources have become prone to malicious injections. Such as running a malicious code on the cloud after gaining access through illegal means.
Insider threat: The possibility of an attack originating from within your organization is less compared to external threats, but these threats are real and have become prominent over the years. They have resulted in the misuse of confidential information belonging to many Customer and/or organizations. Assigning incorrect access levels to users and delay/neglect in revoking access to attracted employees can result in organizational data getting exposed to people who should not have it
Loopholes in technology: Every technology has some deficiency which is exploited by the hackers whenever it is exposed. A loophole in the technology that forms the backbone of a cloud network has the potential to exposes the entire cloud and its users to hackers. For example, there was a massive ransomware cyber-attack (originating in US) that took place and affected almost 99 countries including India. Almost 45,000 attacks were registered which compromised the data and finances of many organizations
Shared space: Since cloud is a shared space, multiple users share and store data on a single server. One user getting access to the data of another user using the same technology cannot be totally ruled out.
Safety Measures Against Threats to Cloud Computing
Backing up data: It is important that we create a bad dual backup, one that is stored locally and other one store on the cloud. I his Will help to create a hem is lost due to any reason, we can still have another copy to rely on. If the users don't prefer local backups, then they can also create a backup on another cloud. Losing data from both cloud systems simultaneously is an extremely rare scenario.
Understanding the cloud provider's user agreement: In order to safeguard your data, before selecting a cloud provider, it is better to go through the user agreement. Though this step of setting up your cloud account suffers from insufficient attention, it can contain Something which makes you change your mind and go to another provider.
Updating the Backups Created: We might suffer data loss even after taking a backup. This is because the backup is not taken on a regular basis and any changes made after the last backup are not recovered. Therefore, it Is necessary to keep taking backups on a regular basis.
Password protection: Cloud users need to understand the importance of strong password protection tor their files. Creating long9 passwords containing a combination of alphabets, numerals and special characters is the best way to keep your account sate from hackers.
Two Step Authentication: Some cloud service providers like Google provide an optional two step authentication feature. If it is enabled, each time you log in to your account, the system sends a one-time password on your registered mobile number. You need to authenticate your credentials by entering the password on the screen.
Encryption and Decryption: Some cloud service providers encrypt the data stored on cloud. Encryption provides total protection for your data. Unless you lose your encryption key or a hacker manages to decrypt the encrypted data (which is extremely difficult), your data is absolutely safe.
Disciplined online behavior:Whenever you access cloud from public terminal, never save your password on the web browser and always remember to logout. No amount of data security or protection features will be effective if users lose their passwords to an attacker due to carelessness.
Avoid cloud networks for storing sensitive information: The easiest and guaranteed way to keep your data sate is by not uploading to a cloud. Personal details, such as social security number, passport details, credit card information, intimate and private pictures etc., It is strongly recommended to store this kind of information on an external hard disk in a secure physical space
Issues Related to Cloud Privacy
Data ownership issues: Irrespective of what is claimed by the service provider, a layman is always unsure of the ownership of data once It Is uploaded on the cloud. For example, Ir a user takes a picture and uploads It on the cloud, the copyright may become invalid in certain cases. A cloud provider can access this picture which may be valuable to the user, and might use it for its own benefit.
Location of The Data:Data centers are located all around the world. It is impossible to guess in which location your personal data is stored. Every country has different cyber laws and laws governing data privacy. Therefore, your data can be stored in a place where the laws are contradictory to your rights and could conflict with the laws prevalent in your country.
Data migration: Data can be transferred from one data center to another for security reasons or routine maintenance. This can also happen due to excessive information storage at any one center. Data migration can crosses geographical boundaries of nations and hence be subject to the laws of more than one country. Post migration, the current data center may or may not subscribe to the privacy agreement that was signed with the customer at the time of setting up the cloud account.
Permanency of data: Users keep on creating new data every day, because of this a lot of data is uploaded and stored on the cloud. There is no way to decipher if data that is deleted from cloud has been permanently deleted or can be restored. A lot of cases of revenge porn have arisen due to this feature of cloud.
Handling Cloud Privacy Issues
Encryption: Users need to encrypt their private and personal data if they are uploading it to a cloud. The encryption technique used for data security can be applied for data privacy as well. This is because encrypted data will be useful only to those users who have the key to decrypt it.
Understanding the Terms and Conditions: Going through the terms and conditions might be a tiresome task for many users, but it is one of the most important steps that should be followed before setting up your cloud account.
Avoiding sharing information on cloud: Some clouds allow users to share their information with other users of that cloud. People share pictures, videos, music etc. with their friends by giving restricted cloud access.
Avoid using cloud for storing sensitive data: Personal information, sensitive images, videos and audios should not be uploaded to a cloud.
Selecting a Cloud Service Provider
Space:Users need to perform an evaluation of their needs and amount of cloud storage needed to store their data. If they end up buying extra space it might cause a strain on their finances, whereas, buying less space would mean adding chunks of space later, which can cost more. Heretofore, it is important to calculate the optimum amount of space that is required.
Finances: Users need to work out their finances and decide how much they are willing to invest for a cloud service. It is advisable to check the offers from multiple service providers and compare the cost and benefits of each of them.
Access to the cloud's customer service: Generally, users don't have any control on the cloud. When faced with a problem there is nothing much that they can do on their own. Therefore, it is important that that the service provider that is selected has a responsive Customer service.
Review of previous and existing users: Getting a neutral opinion is always helpful and reliable. There are a lot of sites which review various cloud platforms. By going through these websites, users can get a fair idea about the feedback received regarding different cloud providers.
Security features: The service providers must have standard security features to protect the data being stored with them.
Data loss management: Data loss management is integral as it raises many questions about what will happen if such a situation takes place. It is always helpful to know the history of data loss tackling of any service provider to get an idea about their past course of action and how they are likely to proceed in such a scenario.
Location of the data center: A country with privacy laws that conflict with the laws prevalent in your country can adversely affect the security and privacy of your data. This can happen if the data center holding your data happens to be located in one such country. Therefore, it is important to know in which country the data center of your service provider is located.
Number of failures in the past: If a cloud company is prone to failure, then that company should be avoided in order to safeguard your data. The understanding of this issue at last might take you to the correct service provider who can offer all your requirements.
