1What are the Security Risks of Cloud Computing?
As more businesses large, medium and small-scale take to the cloud, security issues remain a constant challenge. Most major Cloud computing vendors have managed to codify a shared responsibility for security; some are still dithering.
The United States, in 2018, did make Cloud-adoption a tent-pole of its ‘Trusted Internet Connection’ (TIC 3.0) IT modernization drive. The world’s largest economy was migrating to the Cloud. It emboldened numerous organisations to do likewise.
However, any business embracing the Cloud without fully realizing its financial, legal, technical and compliance risks will find soon itself in a security quagmire.
IT industry experts warn that the Cloud is not invulnerable. There are specific lacunae which are yet to be patched.
Common Security Risks of Cloud Computing
The following are some of the most crucial threats to cloud security.
Loss/theft of Intellectual Property
Intellectual Property (IP) is one of the first targets of mala fide elements. Some peer-reviewed studies have indicated that as much as 21% of all data that companies upload to their clouds (regardless of whether they are public, private or hybrid ones) contains sensitive, ‘Eyes-Only’ material.
In 2019, one in five CFOs of major North-American companies who attended the CNBC Global CFO Council had mentioned Chinese firms’ blatant disregard for IPR was evident. This has everything to do with the cloud; one only has to ponder the US shift towards an inclusive cloud-based network.
Risks posed to end-users
As malware and ransomware become smarter and multiply, the end-users of the data stored in the Cloud have a lot to lose. It has happened before; ‘Spectre’ and ‘Meltdown’ were two instances. The effect was so severe that Intel had to add firmware mitigations in its latest processors.
A major city like Atlanta lost all access to its municipal services and had to pay millions to respond to a ransomware attack in 2018.
Loss of customer trust
In the last decade, there have been several cases of breaches in cloud security and the theft of hundreds of millions of credit and debit card details. Let us examine a relevant & recent incident. In January 2020, the popular American convenience store WaWa reported that around 850 of their stores had been targeted online and a staggering 30 million financial records were breached.
High-street fashion retail giant Target were ironically targeted too. Some 41 million people, whose records were stored on Target’s cloud, were stolen. Target even had to pay a record $18.5 million as compensation to multi-state investigations.
Later, it was determined that low-quality PoS machines, lack of proper network segregation and detection strategies, rather the lack of the same, were to blame.
Most government agencies and private businesses have their own regulatory control regimes. 2 good examples are HIPAA (which ensures confidential health records are maintained) and FERPA (which safeguards student details.) Both these statues are strictly imposed in the USA. Any organisation dealing with below-par cloud computing vendors may not have details on who accesses such data. This puts them in non-compliance mode.
Given such precarious situations, it is imperative that any forward-thinking organisation must craft a crisis management strategy and a governance model that can be implemented at the drop of a hat. A battery of performance management tests vis-a-vis the Cloud, coupled with constant barrier testing, is also recommended.