When it comes to information security that either pertains to the average commercial consumer or a business/enterprise solution, it is extremely important to choose a solid cloud solution. No two cloud solutions are the same, because there is no ‘overall’ solution. Most cloud solutions are tailored for a specific or custom purpose, which we will get into, as well as looking at the different types of cloud services out there. Finally, we will understand why cloud services have a bad reputation when it comes to security, even if they are massively used and incorporated into how we interact with the internet today.
Today, there are thousands of terabytes, if not more, of data that is flowing like an unstoppable raging river around the internet. More than half of the entire population is online, which means that over 30 billion devices are connected. A lot of this data has to stop and rest, or sleep, somewhere, which means on a server capable of holding it. Hence, a cloud where data can be kept.
Several of the world’s largest organizations today have made the transition to cloud computing, which is essentially the next step in data storage and collaborative technologies. This step is just a small part of the enormous digital revolution or sometimes referred to as the digital transformation that is taking place.
A cloud service is self-explanatory, in a way. The internet consists of traffic and data packets going back and forth enforced by dozens of protocols. Basically, for us to be able to communicate with each other and interact with the services available on the internet, there has to be a data flow. Data has to be created, and data has to be stored for that to work at all. The devices that we use are binary devices where the innards (hardware and software) communicate with software code. This code is an electrical series of signals that are translated into 0s and 1s for the computer to be able to work.
Traditional data, back in the day before the cloud and before high-speed capable internet, was stored on physical media such as; USB sticks, CDs, DVDs, external and internal hard drives. Today, this is a completely different story thanks to high-speed uploading ability via technologies like high-speed DSL, 5G, and fiber-optic technology.
Data ‘on the cloud’ means that any data you or your organization may have is offloaded to a remote location where physical data centers take that information, process it, and store it. No data is stored on your ‘local’ device, which has enormous benefits e.g. saving you space, and allowing you to collaborate with others who can also access ‘data’ on the cloud.
Have you used email platforms such as Gmail, social networking platforms such as Facebook, or messaging platforms like WhatsApp? Do you have an Instagram profile? I am sure that most of us do nowadays. Without cloud service technology, we wouldn’t have any of these available to us. That is because large tech companies that offer these products store all of our data on these enormous cloud platforms that can hold the data of billions of users.
The sensitive issue here is that there is an endless amount of sensitive user data, personally identifiable information (PII), as well as confidential information on these clouds.
Some of the largest cloud platforms that come from market-leading companies include; Amazon AWS, Microsoft Azure, and Google Cloud. There are others too such as Alibaba Cloud, Oracle, IBM, and Tencent Cloud but they are way down the chain in terms of size and engagement.
Now that we understand what a cloud platform is, we can get into its cybersecurity element. As you can imagine, trying to secure a multi-billion user, petabyte-level cloud platform that consists of an entire building filled with huge whirring, blinking boxes and thousands of miles of cable is an extremely daunting task. Imagine what it’s like to have the responsibility of flying a large commercial airplane containing hundreds of souls on board. Securing a giant cloud platform service can be said to be just as stressful.
We come to the problem: cyberattacks and cybercrime. Remembering just how enormous and vulnerable these cloud platforms could be, let’s combine that with the fact that sophisticated cybercrime is out there. A recipe for disaster? Very much so indeed. Cybercriminals are after the quickest possible ROI or Return on Investment they can have. Attacking a cloud platform is one way to do this, as the rewards that can be reaped are endless. Several attacks resulting in vulnerabilities of the Amazon AWS platform as well as Microsoft Azure are perfect examples that illustrate this fact.
There are several models of cloud services; such as Software as a Service (Saas), Platform as a Service (Paas), and Infrastructure as a Service (Iaas). These services are offered on either public clouds, private clouds, or hybrid clouds. Cloud technologies are constantly being developed to accommodate emerging technologies like Machine Learning and Artificial Intelligence e.g. the multi-cloud scenario.
What does all of this mean for security? It means that these platforms are vulnerable to (either from direct threats or human error like misconfigurations);
- API vulnerabilities
- Data threats
- Malicious internal threats (insiders)
- Weak encryption
- An overall vulnerable platform
Now, what can be done in this case? The world’s largest cybersecurity firms have been hacked at some point, even the highest levels of government, let alone e.g a commercial cloud platform. What can be done is to ensure information security best practices, improve real-time threat detection, risk management plans, comply with cybersecurity frameworks, and make sure that vulnerabilities are taken care of as soon as possible. Enforcing Zero-Trust is also on the way, which is going to be a tough transition for everyone because of the obscene levels of security involved (although, this is necessary.) It is also critical that every employee from the bottom level to the highest level CEOs and CISOs is highly trained in cybersecurity.