The Cloud MiniSeries Part 3
What are the Risks of Cloud Computing?
Welcome to Part 3 of The Cloud MiniSeries. Here we will explore the risks of Cloud Computing, including data security and data ownership. Where does cloud data reside? Who can access it? How is it protected?
Let’s start with data security. Where does data “on the cloud” actually reside? It turns out the cloud is a collection of giant computers located in warehouses around the world. All data must be physically be stored somewhere. Cloud service providers own mega-warehouses all over the world that are full of hard drives attached to computing systems.The hard drives store data. These warehouses are called “Server Farms”. As cloud service providers have server farms around the world, it is nearly impossible to track where your data is actually being stored at any given time.
“Server-farm” by: laboratio linux, CC BY-NC-SA 2.0.
“Facebook server-farm” by:Jonathan Nimrodi, https://www.cloudyn.com/blog/10-facts-didnt-know-server-farms/
(Interesting fact: Facebook built it’s server farm along the Arctic Circle in Northern Sweden to save costs on air conditioning. As data storage computing uses so much electricity, it generates a lot of heat! Greenpeace has been pressuring more “progressive” cloud service providers to power their facilities with renewable energy and to repurpose the heat generated by their facilities, but few companies have taken the challenge yet).
Once you agree to the Terms and Conditions of using cloud computing, you no longer have physical access to your data. In making this decision, you are trusting that the service provider will safeguard your data from hackers, system failures and physical harm. In 2016 the Cloud Security Alliance (CSA, a highly respected international non-profit concerned with cloud security) reported the top twelve threats to data stored in the cloud:
- Data Breaches
- Weak Identity, Credential and Access Management
- Insecure APIs
- System and Application Vulnerabilities
- Account Hijacking
- Malicious Insiders
- Advanced Persistent Threats (APTs)
- Data Loss
- Insufficient Due Diligence
- Abuse and Nefarious Use of Cloud Services
- Denial of Service
- Shared Technology Issues
According to the CSA, cloud computing is relatively safe is not foolproof. There have been multiple cases of hackers virtually burglarizing server farms and stealing personal information including username and password information for hundreds of thousands of users. The CSA recommends all cloud users encrypt their data while storing it in the cloud to safeguard against hackers. Another potential threat is physical harm to a server farm, via natural disaster or intentional destruction. To avoid data loss due to physical destruction, most service providers replicate user’s data and store it in two or three different locations around the world.
Let’s talk about data ownership in cloud computing. Once you release your data into the cloud, do you still own it? To date there are no international laws regarding data ownership in the Public Cloud. The EU is moving quickly to introduce laws that would ensure data ownership is retained by users, but it is unclear how this law will affect service provider practices. Currently, most providers do not address data ownership in their Terms and Conditions Agreements, which is suspicious. Therefore, the issue is a nebulous one. Undoubtedly, this will become a prominent issue in the near future.
In sum: Data security and data ownership are complex issues and can be challenging to navigate. If you do plan to use cloud computing to store and process your data, there are a few simple steps you can take to help ensure the security of your data:
- Carefully read the Terms and Conditions of any cloud service provider you are considering using and make sure you are comfortable with the agreement before accepting
- Do not store very important personal information on the cloud (i.e. Social Insurance Number, copies of ID, banking info etc)
- Encrypt your data before saving it onto the cloud
- Back up your important data on a physical hard drive that you own
- Stay informed about cloud computing practices
Thank you for reading our Three Part MiniSeries The Cloud! We have learned what cloud computing is, how it works, and things to be aware of when using the cloud. Until next time!