The ‘cloud’—a mysterious place where people and businesses with Internet access may store and retrieve information from anywhere. Although this definition is an oversimplification of how the cloud works, it does explain in simple terms what ‘cloud storage’ does. The cloud is actually used as much more than a storage system, as the world adopts downloadable software and online business platforms. The cloud is to CDs what CDs were to tape cassettes; the future.
According to a 2016 survey of cloud usage conducted by RightScale, a cloud management group, 95% of respondents said they were utilizing the cloud. Most businesses and people use the cloud today because of its simplicity and accessibility. For instance, a popular cloud service model is to offer customers space on servers worldwide in which to store, manage, and access data at their leisure. Companies like Dropbox and Google Drive, who offer these services, are called ‘cloud storage providers,’ and help lower the costs associated with data storage and access.
The benefits of cloud storage include lower storage costs and higher accessibility, but it comes with concerns as well. Security is paramount when it comes to protecting digital property, and there are security risks to be aware of when using a cloud storage provider.
One of the larger security risks, data breaches are devastating to cloud storage providers and users alike. Not only is the users’ data compromised, but it reflects poorly on the provider to be victimized by cybercrime. Providers house huge amounts of data from people and businesses worldwide, making them prime targets of hackers.
Data placed in cloud storage can be anything from pictures and documents, to financial information and intellectual property. Because of the amount of sensitive data being stored, providers warn users to include their own security as well. Providers will provide basic security, but users are responsible for the protection of their data. For example, cloud storage may require a password for access, but sensitive personal documents need further encryption and authentication only available to the owner for complete protection.
Another major security risk associated with the cloud is the issue of compromised credentials. These are login options that are no longer secure. For example, passwords and usernames that are no longer in use may be identified by cybercriminals and used to gain access to personal information. Many people have concerns about criminals who can obtain their login information. Although this crime is digital in nature, it feels like a personal theft, similar to stealing a house key. Compromised credentials and stolen passwords are legitimate worries, but more measures can be taken for added security.
Multifactor identification is the equivalent of using two house keys; one standard and one deadbolt. Security measures work even better when they work in tandem, requiring criminals to have multiple pieces of information. An example of multifactor identification is phone call/text identification, where a unique password or number is obtained through the user’s personal phone via call or text. This measure guarantees every login requires a personal phone through which only the rightful owner can access the information.
Permanent Data Loss
Users of cloud storage must consider backing up their information or fall victim to permanent data loss. Although rare, it is typically caused by malicious cybercriminals or natural disasters. Because data is stored on physical servers, they face the same dangers as any other building. Furthermore, hackers don’t need a reason or purpose to unlawfully access cloud storage. They may gain entry simply to delete as much data as possible, just to prove their expertise.
Another element of permanent data loss can involve users themselves. If they protect their data through encryption, they in turn must protect the encryption key. It is the only way to decrypt their personal information on the cloud. Failure to do so may result in loss of cloud assess and their data.Real Cloud Storage Breaches
In 2015 the website, Ashley Madison, was attacked by cybercriminals. The account details of 32 million members were stolen and later posted publicly. Ashley Madison is a site where married men and women can meet. The hacker group, Impact Team, attacked them because they perceived their service to be unscrupulous. The hackers released the stolen information for public perusal, and disappeared.
There have been theories, but officials are still uncertain about how the hackers accessed the data stores of Ashley Madison. This type of breach is a reminder that cybercriminals can very cleverly conceal themselves and remain a dangerous threat until they are caught.
Another cloud attack involved a major health insurance company in 2015. Anthem had the personal health information of 80 million customers compromised, including their own employees. In this case, the cybercriminal had obtained the necessary credentials, which allowed easy access to Anthem’s cloud storage.
The cloud certainly isn’t something that hangs overhead, dangling everyone’s information to be perused by the curious. It is a complex system of sharing, storing, and accessing information from servers located throughout the world, which are guarded physically and technically. Like anything involving the key information of people and businesses however, there are risks to be considered and to be overcome in the ongoing effort to protect against intrusion.
New Jersey Institute of Technology offers an online master in computer science program so students can learn the latest concepts and techniques in Computer Science, and develop the skills to take the world in imaginative new directions.