As cloud platforms are becoming more popular by the minute, we are more and more exposed to the fact that these systems have plenty of security concerns. As computer scientists and systems architects, it’s our job to confront these problems and create safer products for consumers.
Here are the four biggest security concerns when it comes to cloud storage.
Security Issue: Data Breaches
In 2020, data is becoming less and less private worldwide. While Facebook reading your messages and Google browsing through Google Docs is bad enough, these are not the types of data breaches people should be worried about.
Big Tech is monitoring consumer’s private data for security purposes, but there are plenty of malicious actors that are willing to dig in your data to sell it. There’s a huge market for private data on the Dark Web, and poorly implemented security and encryption measures help fuel it.
The extent to which this is going on is hard to believe. In 2017, Verizon reportedly lost data on over 6 million customers in a data breach. The company tried to downplay the problem by stating that there were no Social Security numbers lost, but the fact remains that over 6 million numbers, names, and possibly PINs were out in the open.
Even the most powerful people in the US are not exempt from this. In 2017, the Republican National Committee may have lost all records on registered GOP voters. It’s not clear how many records were stolen, and whether any damage was done, though.
Why is that unclear? Both the RNC and the Verizon case are similar because there was no hacking involved. Both databases were stored publicly, with no password needed to access them. The Verizon database was mistakenly made public by a contractor that stored it on AWS S3, and people who ran RNC at the time simply forgot to make the data on over 190 million Americans private.
Big institutions like hospitals or municipal governments are the top targets for data breaches, and ransomware is the biggest source of monetization for criminals. However, people suffer from data breach implications all across the board. In 2018, US citizens were defrauded out of 1.4 billion USD, Federal Trade Commission reports.
Educating consumers who use cloud storage services and managers of data records is not exactly the job of a systems architect. However, there are things you can do as a computer scientist to make your cloud systems safer.
You should implement the latest encryption standards for your cloud solutions and make data back-ups and password security a part of your system. Jacob Brown, head of cybersecurity at Ivory Research agency says that during the latest security screening, they’ve found three passwords “1234567” on the platform. The company decided to ban a range of simple passwords all together to make it harder for malicious software to make an entry.
Security Issue: Insufficient Identity, Credential, Access, and Key Management
One of the biggest things that leads to unauthorized usage of data is the human factor. Humans make all sorts of mistakes that can result in very sensitive data being made public or in malicious outsiders being let into the system.
But educating employees and people who are using cloud solutions is not the only way to prevent these problems. A system has to be designed with the human factor in mind. This is why insufficient identity and key management are a problem for your cloud system.
The easiest way to fix this problem starts with implementing 2-factor authentication. This way, a malicious outsider will not get access to the system if they know only one credential. On top of that, the best-case scenario for cloud security includes key management practices like the rotation of cryptographic keys. Even if your encryption efforts fail and keys needed to access data get compromised, the risks are mitigated because, in a day, these keys will be useless.
Another way to reduce risk from compromised accounts in the system is restricting access. It’s a solution focused more on corporate cloud solutions, not on services for consumers like Google Disk.
If a company you’re creating cloud solutions for has a sizable number of employees and a bring-your-own-device policy, managing access can be crucial. Combine restricting access to sensitive data with boosting endpoint security to achieve the highest level of security.
Security Issue: Limited Cloud Usage Visibility
One of the major reasons why data breaches happen is the lack of visibility of cloud usage in the system. When people who are using the system do not know all the details about governance and are unaware of what’s happening with the data, it can cause problems.
Remember that many data breaches that took part in the past were not due to hacking into the system, but due to employees unaware of system’s governance. This is why the RNC database of over 190 million voters was exposed for everyone to exploit for the whole 14 days.
This problem can be solved by educating employees, but there’s another way. One timely alarm would probably have mitigated that risk. This is why while project managers should ensure corporate employees know all the latest risk mitigation practices for cloud services, it’s the job of the systems engineers to make cloud usage visible.
Incorporate easy access to key information about the cloud connections and alerts about suspicious activity in the system you’re creating. Also, consider adding a web application firewall to screen all connections and cloud access security brokers for managing high-risk events.
Security Issue: Abuse and Nefarious Use of Cloud Services.
Extracting sensitive data is not the only way malicious outsiders can profit from a cloud service. The other way is using the computing power of the cloud service to achieve some goal. It can be a DDoS attack, sending spam, running an auto clicking botnet, or mining for cryptocurrency.
The last one actually happened to Tesla’s cloud. Hackers were able to get login credentials for Tesla’s AWS S3 and used it to mine cryptocurrency. The exact losses were never released, but Tesla had to upgrade its security protocols as a result.
The approach to this problem is multifaceted. The first step is doubling down on the identification and authentication process to make sure there’s no unauthorized access to the network. Monitoring network traffic and checking with publicly available blacklists is also a great solution.
Then, there are common-sense solutions. Make sure every bit of sensitive information is secured under a password and no login credentials are openly available. The reason Tesla got its cloud compromised was an employee forgot to make one of the servers private and this server stored login credentials that allowed hackers to dig deeper.
You may be one openly available GitHub commission away from disaster and you won’t find out until it’s too late.
There are many more security concerns tied to cloud storage and cloud computing, but these four are the biggest threats computer scientists face. Creating a system that is compliant with the latest cybersecurity standards and is protected against these threats ensures your company doesn’t lose millions of dollars because of ransomware and your customers don’t get defrauded by identity thieves.