Académique Documents
Professionnel Documents
Culture Documents
Christopher Fong
Campbell
UWRIT - 1013
7 November 2019
How safe do you think your information is? In a digital age where people can access
banking accounts, credit cards, and other sensitive data from the palm of their hands. Storage and
efficiency are becoming more sought out due to demand from consumers. That’s why when
cloud computing was first implemented it was considered to be the next big thing. In simple
terms, cloud computing is the use of the Internet to store, manage, and process data. This may
seem to be all sunshine and rainbows, but in reality, cloud computing has a number of issues,
primarily issues in security and privacy. There are many factors that contribute to the number of
security and privacy problems; however, it boils down to a lack of understanding of the subject
To understand the issue there must be a basic understanding of what cloud computing is.
According to authors Judith Hurwitz, Marcia Kaufman, and Dr. Fern Halper of Cloud Services
computing assets into shared pools of resources that are based on an underlying Internet
many other delivery methods for cloud computing, these three methods are the most popular and
are considered the foundation of many other delivery methods. IaaS is considered the most
flexible service and cost-effective (Hou). This delivery method is primarily used to replace
on-premise hardware. PaaS provides software and hardware tools over the internet and is
generally used by developers who are creating/building programs and/or applications (Hou).
SaaS is the most popular, they allow users to use software over the internet. A good example of
this service is Google Docs. This paper will mostly be talking about issues dealing with IaaSs;
however, most of the issues presented also apply to cloud computing in general.
Over the last two years, there has been an increase in cloud vulnerability of 240 percent
(Su). These vulnerabilities occur due to the increasing complexity of code. Along with this,
businesses are putting more focus on creating a better user interface(UI) and user
experience(UX) rather than focusing on creating a safer cloud. The problem with this is that
cloud computing is initially more prone to vulnerabilities when compared to traditional data
centers. This isn’t because cloud computing has different threats, they both share similar threats
but is because the responsibility of managing and reducing risk is split between multiple parties.
In Timothy Morrow’s 12 Risks, Threats, and Vulnerabilities in Moving to the Cloud, Marrow
states that one of the largest issues that lead to increased cybersecurity risk is the lack of due
diligence from the side of organizations and businesses (Morrow). If these businesses and
organizations actually focused more on the security aspect of cloud computing and not so much
the UI and UX risk of security breaches would become less likely. In fact, 20 percent of
Fong 3
businesses do not have a backup plan for breaches (Mason), showing that some businesses don’t
Cloud service providers(CSP) market their servers as safe and as reliable as on-premise
servers. This fact is true in most cases; however, even if CSPs do constant maintenance of
servers, they cannot check data owned by the customer without violating the customer’s privacy.
Customers of CSPs also need to do routine checks in order to maintain a secure platform and
minimize security risks and threats. In some cases, CSPs aren’t as safe as they claim. For
example, in September of 2014 Apple’s iCloud service was breached because of an error that
didn’t limit the number of guesses one could have. This in turn allowed for attackers to have
A security breach is the term given when sensitive data is leaked. Cloud computing has a
higher risk of security breaches when compared to on-premise, along with this, security breaches
on the cloud can have larger repercussions when compared to those of traditional on-premise
servers. This is because cloud platforms are interconnected with each other. In a hypothetical
situation, there are five different businesses and organizations that are all holding information on
the cloud through the same CSP. Somehow one of the five businesses/organizations gets hacked
because of this the hacker can now easily break into the other four platforms. While this situation
has yet to occur it is quite possible if the CSP fails to maintain separation between multiple
tenants. Along with this, failure to maintain separation leads to a higher risk of a security breach.
The number of cloud-related security breaches and information leaks has been increasing
in recent years (Rossow). One of the larger breaches this year (2019) was the Capital One
breach. The breach occurred within a month or two of moving to the cloud(McLean). The
Fong 4
hacker, Paige Thompson, was a previous Amazon employee a couple of years back. She was
only able to get access to the information because Capital One had misconfigured their Amazon
server. This mistake should’ve been easy to spot and would’ve been an easy fix; however, due to
the incompetence of Capital One over 1 million social security numbers and credit card numbers
were stolen. Other than the customer rushing in without thoroughly setting up the platform
correctly, this event shows another issue with cloud computing, insider abuse.
While Thompson didn’t work for Amazon at the time, she did work there previously.
This would have given her an understanding of how the Amazon servers worked, which in turn
would’ve made it easier to get access to the data stored. Timothy Morrow, author of 12 Risks,
Threats, and Vulnerabilities in Moving to the Cloud, states, “insiders such as staff and
administrators for both organizations and CSPs, who abuse their authorized access to the
organization's or CSP's networks, systems, and data are uniquely positioned to cause damage or
access information on the servers unless they were in contact with them. An insider with admin
Cloud computing doesn’t only apply to businesses. For example, it can also affect
politics. In an effort to lower costs and raise response rates for the 2020 United States Census the
Census Bureau(CB) decided to move onto the cloud platform provided by Amazon (Hamby).
However, what the CB failed to realize was that, in the previous year’s audit, there was an
unsecured door to sensitive data, which allowed a hacker to view, alter and delete information
collected in field tests (Hamby). The CB has since patched up the breach, but are still struggling
to ensure the safety of information on the cloud, due to lack of resources (Hamby, 2019).
Fong 5
According to former congressional staff member Terri Ann Lowenthal, if these issues are not
resolved in time, “we could be headed toward a failed census”(Hamby) which would be the first
since 1790. If the actual census information were to be leaked it could have devastating
consequences. This shows the scope that cloud computing has on society.
With all of these issues and consequences to cloud computing, such as insider abuse and
ignorance/lack of understanding from cloud computing customers, there has to be a solution for
the near future. The thing is much like on-premise storage, there is no way to make sure data is
100 percent safe, it’s just the nature of cybersecurity. However, while there aren’t any definite
solutions so far to fix the lack of safety on the cloud, there are some things that can be done to
reduce the risk of security breaches. These things include, but are not limited to, educating the
general public about safety issues in the cloud, so that customers and general people can
understand the magnitude of their decision to use the cloud. Along with this, using an Improved
Diffie Hellman Key Exchange Algorithm (IDHKE) will ensure secured data transmission with
accurate and reliable authentication. The IDHKE is an algorithm that encrypts data, which makes
the data stored much more secured(Pugazhenthi). More companies and organizations are starting
to move to the web, soon many companies will start to move to cloud computing because of its
cost-effectiveness (Morrow,). And if nothing is done to increase the safety of the cloud in the
Works Cited
Hamby, Chris. "Census at Risk From Glitches And Attackers." New York Times, 5 July 2019, p.
https://link.gale.com/apps/doc/A592222058/SCIC?u=char69915&sid=SCIC&xid=10548
Hou, Tony. “IaaS vs PaaS vs SaaS: What You Need to Know + Examples (2018).” Ecommerce
www.bigcommerce.com/blog/saas-vs-paas-vs-iaas/#the-three-types-of-cloud-computing-
Hurwitz, Judith, Marcia Kaufman, and Dr. Fern Halper. Cloud Services For Dummies, IBM
Lewis, Dave. “ICloud Data Breach: Hacking And Celebrity Photos.” Forbes, Forbes Magazine,
22 Sept. 2014,
www.forbes.com/sites/davelewis/2014/09/02/icloud-data-breach-hacking-and-nude-celeb
Mason, John. ”5 Cybersecurity Challenges and Trends: What to Expect in 2018.” GlobalSign, 10
Jan. 2018,
https://www.globalsign.com/en/blog/cybersecurity-trends-and-challenges-2018/.
Morrow, Timothy. “12 Risks, Threats, & Vulnerabilities in Moving to the Cloud.” Software
https://insights.sei.cmu.edu/sei_blog/2018/03/12-risks-threats-vulnerabilities-in-moving-t
Pugazhenthi, A, and Chitra, D. “Data Access Control and Secured Data Sharing Approach for
Health Care Data in Cloud Environment.” Journal of Medical Systems., vol. 43, no. 8,
Rossow, Andrew. “Why Data Breaches Are Becoming More Frequent And What You Need To
www.forbes.com/sites/andrewrossow/2018/05/23/why-data-breaches-are-becoming-more
Su, Jean Baptiste. “Why Cloud Computing Cyber Security Risks Are On The Rise: Report.”
www.forbes.com/sites/jeanbaptiste/2019/07/25/why-cloud-computing-cyber-security-risk