Seven Cloud Computing Security Issues

"Once you put it (Data) on a remote Cloud server which is accessible via the Internet, it's not a
matter of if you'll have a breach; it is when (as evident by the countless breaches happening this
year)." (Liticism, 2011)
What is Cloud Computing?
"Cloud computing is an emerging computing technology that uses the internet and central remote
servers to maintain data and applications". (WikiInvest, 2011)
Seven Cloud Computing Security Risks
Gartner states there are Seven Cloud computing Security risks and suggest as an organisation you
should ask questions around the qualifications of the cloud provider including; (Brodkin, 2010)
Who are the policy makers?
Who are the architects?
Who has specialised access to data and have these administrators had their backgrounds checked
and who manages them?
What are the service providers risk control processes?
What are their technical mechanisms and recovery plans?
What is their level of testing, security and compliance?
Where is the data located and how is this controlled?
Organisations should look at and identify any unanticipated vulnerabilities before considering using
a cloud service provider.
Data Protection & Security Issues
As the Cloud Service provider has access to all your data and could potentially disclose it for
unauthorized purposes this is a major concern that raises privacy and confidentiality issues.
Cloud technology is revolutionising how organizations are doing business. Organizations in every
industry are embracing cloud computing as a means to lower and costs and the complexities
associated with traditional IT approaches. "Organizations that approach cloud in a tactical fashion
risk security exposure due to fragmentation, redundancy and operating silos." (Managed with cloud
technologies, no date)
We will look at the main data protection and security issues that organisations have to consider
when using Cloud technology below;
Data Security and Accessibility Issues

Section 2(1)(d) of the Data Protection Act states that companies protect their data from
unauthorised access, alteration, destruction or disclosure especially when it comes to that data
being transmitted over the cloud. (Office of the Data Protection Commissioner, no date).
Section 2C(1) of the Data Protection Act states what an organisation should do to implement proper
security procedures and be aware of the resulting consequences and effect of this data being
destroyed or unlawfully breached. It is important therefore to ensure proper security and risk
contingency plans such as encryption, personnel screening, access levels etc. (Office of the Data
Protection Commissioner, no date).
Therefore it is the organisations responsibility to consider all these factors when giving up control of
their data before using the cloud.
Security Threats
Attacks on the cloud are tempting for hackers who will want to implement cybercrime, the reason
being that all data may be shared on one server using co-tendency. Basically having all your eggs in
one basket!
Even leading providers such as Google had and have security risks where in one case people's
private documents stored on Google Docs were shared with other users without their permission.
(Preston, 2009)
Even the most encrypted secure passwords have the potential to be hacked using the combined
server power of cloud computing.
Fraud & Cybercrime
Fraud and cybercrime are often perpetrated without your knowledge if via Cloud Services. Using the
cloud and sharing servers can increase the risk of these servers harbouring spying agents, password
stealers or other types of malware. Botnets http://www.clickbooth.com/ were responsible for the
theft of $100 million from bank accounts alone in 2009. (Babcock, C, 2010, Page 153)
When using virtual machines it is harder to detect SQL injections and other types of malicious code.
The cloud is an attractive target for hackers who want to steal passwords, bank account information
and personal identities as all the activity is in one concentrated area.
Data Security - What is it?
"Data security refers to a broad set of policies, technologies, and controls deployed to protect data,
applications, and the associated infrastructure of cloud computing." ('Cloud Computing Security', no
date)
Cloud Computing Security Issues
No security system is 100% secure. Saleforce.com suffered a phishing attack in December 2007
when a member of staff was fooled into giving out passwords. (Krebs, 2007)
Understand the risks of Cloud computing service providers, their 3rd parties, potential attacks on
data, downtime and exception monitoring to ensure your business is fully protected.

There are no uniform standards to fully protect data controllers yet.

Essential to know where your data is stored and the local law and juristriction of the countries
where your data is stored as mentioned previously.
Security Challenges
Listed below are some of the security challenges that should be considered by organizations before
moving to the cloud;
Once you assets are in the cloud you lose control over them.
Do you trust your data to your service provider? Check their service agreements thoroughly.
The loss of control over your onsite physical security.
When sharing servers with other companies government agencies may 'reasonable cause' to seize
your assets because another company has cms violated the law.
Incompatibility between cloud vendors. (Microsoft Azure is not compatible with Amazon S3 for
example.) How do you then retrieve and move your data?
If encrypted then who controls those encryption/decryption keys? You or the provider?
Is your data SSL secure over the internet and/or encrypted while in vendors storage pool?
Data integrity - is your data identically maintained during any operation? If you are using PCI DSS
for ecommerce transaction you will need access to the cloud provider's logs so you will need to
negotiate access to these.
Data protection - how is your data protected?
Identity management
Physical and personnel security
Availability
Application security
Privacy Issues
The key question to ask as an organisation is; do you trust putting your mission critical apps or data
on the cloud and what are the consequences of doing so? (Rittinghouse and Ransome, 2010, p.160)
Data Security Issues for Mobile Staff
As employees are working more from home, hotels or coffee shops, companies are investigating
ways to keep their devices and data safe and secure. Some issues include unsecure access to
internet using WiFi, theft of laptops and devices, unencrypted data, etc

"Desktop virtualisation may be the solution: 86 percent of the international companies surveyed by
Citrix, a cloud provider, cited security as their primary motivation for getting into the area". (Leach,
2011)
Key Challenges
As an organisation you are storing your data on someone else's server and as such they have admin
control over it and can view, delete, edit and access this data. Data level security businesses need to
know data is protected and encrypted wherever it goes and to have their own auditing and data
backup and recovery mechanisms in place.
Conclusion
Best practices are still being identified and defined and direct experience may be the best learning
tool. There are many risks in the cloud but these can be evaluated and defined for certain workloads.
Organisations will have to consider whether they only use the cloud for certain aspects of their
business such as non mission critical information or data where laws governing data protection,
security and confidentially are less stringent.