Cloud Computing – Is It Safe?

There are essentially two kinds of computing environments:

On-premises computing is the traditional form in which you or your company own and manage your systems. All the applications you use, and your data files are on your computers on your premises, either on individual PCs or an in-house local area network.

In cloud computing, by contrast, your applications and files are held remotely on the Internet (cyberspace) in a network of servers that a third party operates. You access applications and work on your files from your PC simply by logging on to the network. Cloud-hosting providers provide cloud services, including Google, Amazon, Oracle Cloud, Rackspace, Microsoft Azure, etc.

Cloud Computing

There is nothing fundamentally new about the concept of cloud services. If you use Gmail, Hotmail, or Yahoo for your emails, you are using cloud services and probably have been for years.

The types of services being offered in a cloud environment are relatively new. These now go far beyond email to cover all the IT services that an on-premises computing environment would deliver, such as accounting, marketing, human resources, etc.

Advantages of cloud computing

READ MORE :

Cloud computing has several advantages over on-premises computing:

1) You can run an application or access your files from anywhere in the world using any computer.

2) Cloud computing is cheaper.

3) You need less technical knowledge.

4) Cloud computing delivers better performance.

5) Cloud computing is eminently scalable. Increasing the number of applications you use or the amount of data you store does not require a heavy investment; you only need to advise the cloud-hosting adviser.

Given these advantages, it is no surprise that there has been widespread rapid adoption of cloud computing over the last few years. Analysts estimate that the growth rate of all spending on the cloud. IT will soon be at least four times faster than the growth rate of all spending on on-premises computing.

Indeed, analysts expect the annual growth rate of spending on cloud computing to average 23.5% compound from now until 2017. In addition, by that year, spending on cloud services will probably account for one-sixth of all spending on IT products, such as applications, system infrastructure software, and basic storage.

Given the rapid growth in cloud computing, the big question is whether cloud computing is safe. Is it more or less safe than on-premises computing?

The short answer is that cloud computing is not less safe than on-premises computing. However, the threats are somewhat different, though they converge.

Threats

Generally speaking, there are six major threats to computer security. These are:

Malware – is malicious software such as viruses, trojans, worms, spyware, and zombies. Malware is installed on either a PC in your home office or a cloud-computing server. Where malware gives control of a network of computers to a malicious group (e.g., to send spam), it is called a botnet.

Web app attack – is an attack in which web-based applications are targeted. It is one of the most common forms of attack on the Internet.

Brute force attacks try all possible combinations of letters or numbers to discover a cipher or secret key. For example, you could crack a password by repeatedly trying to guess it. Modern computing power and speed make brute force a viable form of attack.

Recon is a reconnaissance activity that is used to choose victims who are both vulnerable and valuable. A vulnerability scan – is an exploit using a special program to access weaknesses in computers, systems, networks, or applications to generate information for planning an attack. App attack – is an attack against an application or service that is not running on the web, i.e., the program will be on a computer somewhere.

Honeypots

A honeypot is a decoy website, network, system, or application intentionally designed to be vulnerable to attack. Its purpose is to gather information about attackers and how they work.

Honeypots allow researchers to:

Collect data on new and emerging malware and determine trends in threats. Identify the sources of attacks, including details of their IP addresses; determine how attacks occur and how best to counteract them. Determine attack signatures (pieces of code unique to particular parts of malware) so that antivirus software can recognize them and develop defenses against certain threats. Honeypots have proved to be invaluable in erecting defenses against hackers. The Spring 2014 Cloud Security ReportAlert Logic provides security services for both on-premises and cloud computing systems. The company began issuing cloud security reports in 2012. Its Spring 2014 Cloud Security Report covers the year ending 30th September 2013.

This report is based on real-world security incidents experienced by Alert Logic’s customers and data gathered from a series of honeypots the company set up worldwide.

The report throws some interesting light on the security of on-premises and cloud computing relating to the company’s customers. Here are some of the highlights:

[1] Computing is shifting more and more from on-premises to cloud-based computing, and the kinds of attacks that target on-premises systems are now targeting cloud environments. This is probably due to the increasing value of potential victims in the cloud.

[2] Although attacks on cloud environments increase frequently, the cloud is not inherently less secure than traditional on-premises computing.

[3] The frequency of attacks in both on-premises and cloud computing has increased for most types of threats, though it has fallen for a few. Here are the main points of comparison between both computing environments:

The most prevalent attacks against on-premises customers were malware attacks (including botnets) at 56% during the six months ending 30th September. At only 11%, these attacks were much less frequent among cloud customers. However, the number of cloud customers experiencing these attacks rises quickly, doubling in one year.

Attacks using brute force increased from 30% to 44% of cloud customers but remained stable at 49% in on-premises environments. Vulnerability scans jumped dramatically in both environments. Brute force attacks and vulnerability scans are occurring at almost the same rates in on-premises and cloud environments.

Web app attacks are more likely among cloud customers. However, these attacks are down year-on-year in cloud and on-premises computing, as are recons. App attacks increased slightly in both categories of customers.

The most prevalent types of attacks vary between on-premises and cloud environments. In on-premises computing, the top three were malware (56% of customers), brute force (49%), and vulnerability scans (40%). At the same time, these common incidents were in the cloud brute force, vulnerability scans, and web app attacks, affecting 44% of customers.

[4] The incidents involving Alert Logic’s cloud-based honeypots varied in different parts of the world. Those hosted in Europe attracted twice as many attacks as honeypots in Asia and four times more than in the USA. This may be due to malware ‘factories’ operating in Eastern Europe and Russia testing their efforts locally before deploying them worldwide.

[5] Chillingly, 14% of the malware collected by honeypots was not detectable by 51% of the world’s top antivirus vendors. Even more frightening, this was not because these were brand-new malware; much of the missed malware was repackaged variations of older malware and thus should have been detected.

The report concluded by stating that security in the cloud is a shared responsibility. Individual entrepreneurs and small and medium-sized enterprises tend to forget this.

In cloud computing, the service provider is responsible for the basics and for protecting the computing environment. But the customer is 100% responsible for what happens within that environment, and to ensure security, they must have some technical knowledge.

Conclusion

Advertisements by cloud service providers seem to imply that cloud computing is safer than on-premises computing. This is not true. Both environments seem equally safe or unsafe, viz-a-viz hackers and their malicious programs.

Attacks in the cloud are increasing as potential targets become more theft-worthy. Thus, security in the cloud needs to be just as robust as security in on-premises environments. However, you cannot rely solely on antivirus software vendors to detect all attacks.

Therefore, your best bet is to enter an annual maintenance contract with an online computer maintenance firm that can periodically access your computer(s) from a remote location and ensure that it is protected as well as possible. This should not cost more than €120 to €150 a year, depending on the number of computers.

Share

Alcohol scholar. Bacon fan. Internetaholic. Beer geek. Thinker. Coffee advocate. Reader. Have a strong interest in consulting about teddy bears in Nigeria. Spent 2001-2004 promoting glue in Pensacola, FL. My current pet project is testing the market for salsa in Las Vegas, NV. In 2008 I was getting to know birdhouses worldwide. Spent 2002-2008 buying and selling easy-bake-ovens in Bethesda, MD. Spent 2002-2009 marketing country music in the financial sector.