CLOUD (Common Location Independent Online Utility on Demand) is one of the most talked topic in today’s IT Industry. The technology provides users the facility to access IT resources from anywhere, anytime over Internet. That’s why Cloud Computing is also known as “IT on Demand”. There are lots of benefits in shifting to Cloud computing and some of them are as follows:
- Dynamic and Scalable: If your demand for the resource increases it is up to the cloud service provider to expand the infrastructure accordingly.
- Cost Effective: Cloud computing is cheaper than any other model due to Zero Maintenance Cost which is handled by service provider in most of the cases.
- Easy Access: Google Apps is one the most successful Cloud service that has enabled the users to access services via browser over the internet. Users can now easily access the resources over cloud from anywhere, anytime.
Before understanding Security Threats in Cloud Computing, first we need to learn about the service models in Cloud Architecture:
- SaaS: Software as a Service – In this various types of Software’s are hosted on Cloud Server that can be accessed by the consumers according to their specific requirement.
- PaaS: Platform as a Service – If the user needs to host customized software on Cloud server, then PaaS service is best suited for them. In this consumers are provided with platform access and user can use them to put their tools on them.
- IaaS: Infrastructure as a Service – Complete infrastructure is given to the user on rent. Consumers can manage the operating system, storage facility, connectivity of network and software according to their need.
6 Security Threats in Cloud Computing
There is lot of concern among the users in migrating to the Cloud Service. Privacy of the data is most concerned factor among the users. After the recent cloud hack revealing pics of celebrities across the world has raise the issue even more. One method to deal with the threats in cloud storage is to use Secure Connection. For this users can use ClickSSL to prevent their data integrity on cloud servers. In this article I am going to share 6 Security Threats in Cloud Computing:
1) Security Attacks on Cloud
Hackers always target vulnerable source to steal important and personal information. Cloud being shared architecture remains most vulnerable target for hackers to launch various attacks. Among many attacks, DOS and DDOS are the most used method to launch malicious attack on Cloud server. Effect of Denial of Service (DOS) and Distributed Denial of Service (DDOS) attack is more severe in Cloud Computing because the infrastructure is shared. Imagine a scenario where hacker manage to gain access of Cloud server and host a malicious file on it. Effect of such activity leads to destructive effect where Cloud storage is used to launch attack on itself through various client machines.
2) Data Leakage
Data Leakage threat deals with privacy of the data store on Cloud storage. Storing Sensitive and personal data on cloud means storing them on third party where the data can be leaked easily. However there are Data Leakage Prevention (DLP) applications but on public cloud there is no way to monitor it. It is possible to encrypt the file on your local machine and storing the encrypted file on cloud. That can somehow prevent the leakage issue but what if you are using Cloud as SaaS. For example if you are typing something confidential on Online Word, then that data can be easily leaked. DLP applications are best suited for Private Cloud as complete control over the cloud network is in our hand.
3) Insecure APIs
Cloud Computing requires user to access the service via some API service. User needs to establish a secure connection to the cloud storage to access the data. But what is the connection is not secure or some malicious user makes you access the cloud storage through Insecure API. This poses great threat to the sensitive data stored on cloud. To prevent from such a threat user can use ClickSSL – SSL Certificates. Using secure SSL certificate helps a user to establish secure connection with third party for data access, online payment or ecommerce transaction.
4) Data Segregation
Users don’t want to store their data on same location as used by other user. But in Cloud computing concept of multi-tenancy is common in which data of various users can reside on same location. This leads to very serious problem of compromising the integrity of user’s data. Imagine one user has stored a very sensitive file on cloud storage and other user creates the file with malicious script (Cross Site Scripting XSS) which gets stored on the same location. This can result in intrusion in each other’s data which is not desirable.
5) Authentication, Authorization and Confidentiality
Companies used LDAP (Light-weight directory access protocol) to store employee’s data which is used to get them access to the data. In Cloud, data is stored outside companies’ firewall leading to vulnerability of data theft. Moreover when the employee leave the company it is safe to remove the credentials but on cloud there is no way to ensure that it is remove forever. Confidentiality is another term associated with privacy of the user. If some health firm decide to store patient record on cloud storage, then it may be possible that their information is used by malicious user for bad purpose. It means there are certain loopholes that prevent user to trust the Cloud storage
After going through some of the security threats associated with Cloud computing, here comes the most important concern – Responsibility. In case any thing happens to the data stored on cloud storage, will the company take responsibility? Will they promise to recover 100% data with no loss? Is there any surety that the data is not in wrong hands? For me this is the greatest threat of moving to cloud storage. If nothing happens than no one cares about anything I have discussed above. But what if something bad happens with the data, then there should be some mechanism to manage the loss.