Fong 1

Christopher Fong

Campbell

UWRIT - 1013

7 November 2019

Don’t Reach For the Clouds, The Dangers of Cloud Computing

How safe do you think your information is? In a digital age where people can access

banking accounts, credit cards, and other sensitive data from the palm of their hands. Storage and

efficiency are becoming more sought out due to demand from consumers. That’s why when

cloud computing was first implemented it was considered to be the next big thing. In simple

terms, cloud computing is the use of the Internet to store, manage, and process data. This may

seem to be all sunshine and rainbows, but in reality, cloud computing has a number of issues,

primarily issues in security and privacy. There are many factors that contribute to the number of

security and privacy problems; however, it boils down to a lack of understanding of the subject

between the provider and the user.

To understand the issue there must be a basic understanding of what cloud computing is.

According to authors Judith Hurwitz, Marcia Kaufman, and Dr. Fern Halper of Cloud Services

For Dummies, IBM Limited Edition,

“cloud computing is a method of providing a set of shared computing resources that

includes applications, computing, storage, networking, development, and deployment

platforms as well as business processes. Cloud computing turns traditional siloed

computing assets into shared pools of resources that are based on an underlying Internet

foundation” (Hurwitz 6).

 Fong 2

Cloud computing can be separated into three main categories Infrastructure as a

Service(IaaS), Platform as a Service(PaaS), and Software as a Service(SaaS). While there may be

many other delivery methods for cloud computing, these three methods are the most popular and

are considered the foundation of many other delivery methods. IaaS is considered the most

flexible service and cost-effective (Hou). This delivery method is primarily used to replace

on-premise hardware. PaaS provides software and hardware tools over the internet and is

generally used by developers who are creating/building programs and/or applications (Hou).

SaaS is the most popular, they allow users to use software over the internet. A good example of

this service is Google Docs. This paper will mostly be talking about issues dealing with IaaSs;

however, most of the issues presented also apply to cloud computing in general.

Over the last two years, there has been an increase in cloud vulnerability of 240 percent

(Su). These vulnerabilities occur due to the increasing complexity of code. Along with this,

businesses are putting more focus on creating a better user interface(UI) and user

experience(UX) rather than focusing on creating a safer cloud. The problem with this is that

cloud computing is initially more prone to vulnerabilities when compared to traditional data

centers. This isn’t because cloud computing has different threats, they both share similar threats

but is because the responsibility of managing and reducing risk is split between multiple parties.

In Timothy Morrow’s 12 Risks, Threats, and Vulnerabilities in Moving to the Cloud, Marrow

states that one of the largest issues that lead to increased cybersecurity risk is the lack of due

diligence from the side of organizations and businesses (Morrow). If these businesses and

organizations actually focused more on the security aspect of cloud computing and not so much

the UI and UX risk of security breaches would become less likely. In fact, 20 percent of
 Fong 3

businesses do not have a backup plan for breaches (Mason), showing that some businesses don’t

even have security in the back of their minds.

Cloud service providers(CSP) market their servers as safe and as reliable as on-premise

servers. This fact is true in most cases; however, even if CSPs do constant maintenance of

servers, they cannot check data owned by the customer without violating the customer’s privacy.

Customers of CSPs also need to do routine checks in order to maintain a secure platform and

minimize security risks and threats. In some cases, CSPs aren’t as safe as they claim. For

example, in September of 2014 Apple’s iCloud service was breached because of an error that

didn’t limit the number of guesses one could have. This in turn allowed for attackers to have

numerous chances to guess password combinations(Lewis).

A security breach is the term given when sensitive data is leaked. Cloud computing has a

higher risk of security breaches when compared to on-premise, along with this, security breaches

on the cloud can have larger repercussions when compared to those of traditional on-premise

servers. This is because cloud platforms are interconnected with each other. In a hypothetical

situation, there are five different businesses and organizations that are all holding information on

the cloud through the same CSP. Somehow one of the five businesses/organizations gets hacked

because of this the hacker can now easily break into the other four platforms. While this situation

has yet to occur it is quite possible if the CSP fails to maintain separation between multiple

tenants. Along with this, failure to maintain separation leads to a higher risk of a security breach.

The number of cloud-related security breaches and information leaks has been increasing

in recent years (Rossow). One of the larger breaches this year (2019) was the Capital One

breach. The breach occurred within a month or two of moving to the cloud(McLean). The
 Fong 4

hacker, Paige Thompson, was a previous Amazon employee a couple of years back. She was

only able to get access to the information because Capital One had misconfigured their Amazon

server. This mistake should’ve been easy to spot and would’ve been an easy fix; however, due to

the incompetence of Capital One over 1 million social security numbers and credit card numbers

were stolen. Other than the customer rushing in without thoroughly setting up the platform

correctly, this event shows another issue with cloud computing, insider abuse.

While Thompson didn’t work for Amazon at the time, she did work there previously.

This would have given her an understanding of how the Amazon servers worked, which in turn

would’ve made it easier to get access to the data stored. Timothy Morrow, author of 12 Risks,

Threats, and Vulnerabilities in Moving to the Cloud, states, “insiders such as staff and

administrators for both organizations and CSPs, who abuse their authorized access to the

organization's or CSP's networks, systems, and data are uniquely positioned to cause damage or

exfiltrate information” (Morrow). Unlike on-premise servers, an insider wouldn’t be able to

access information on the servers unless they were in contact with them. An insider with admin

privileges could devastate a server and take so much information.

Cloud computing doesn’t only apply to businesses. For example, it can also affect

politics. In an effort to lower costs and raise response rates for the 2020 United States Census the

Census Bureau(CB) decided to move onto the cloud platform provided by Amazon (Hamby).

However, what the CB failed to realize was that, in the previous year’s audit, there was an

unsecured door to sensitive data, which allowed a hacker to view, alter and delete information

collected in field tests (Hamby). The CB has since patched up the breach, but are still struggling

to ensure the safety of information on the cloud, due to lack of resources (Hamby, 2019).
 Fong 5

According to former congressional staff member Terri Ann Lowenthal, if these issues are not

resolved in time, “we could be headed toward a failed census”(Hamby) which would be the first

since 1790. If the actual census information were to be leaked it could have devastating

consequences. This shows the scope that cloud computing has on society.

With all of these issues and consequences to cloud computing, such as insider abuse and

ignorance/lack of understanding from cloud computing customers, there has to be a solution for

the near future. The thing is much like on-premise storage, there is no way to make sure data is

100 percent safe, it’s just the nature of cybersecurity. However, while there aren’t any definite

solutions so far to fix the lack of safety on the cloud, there are some things that can be done to

reduce the risk of security breaches. These things include, but are not limited to, educating the

general public about safety issues in the cloud, so that customers and general people can

understand the magnitude of their decision to use the cloud. Along with this, using an Improved

Diffie Hellman Key Exchange Algorithm (IDHKE) will ensure secured data transmission with

accurate and reliable authentication. The IDHKE is an algorithm that encrypts data, which makes

the data stored much more secured(Pugazhenthi). More companies and organizations are starting

to move to the web, soon many companies will start to move to cloud computing because of its

cost-effectiveness (Morrow,). And if nothing is done to increase the safety of the cloud in the

next few years there can be large devastating consequences.

 Fong 6

Works Cited

Hamby, Chris. "Census at Risk From Glitches And Attackers." New York Times, 5 July 2019, p.

A1(L). Gale In Context: Science,

https://link.gale.com/apps/doc/A592222058/SCIC?u=char69915&sid=SCIC&xid=10548

a02. Accessed 16 Oct. 2019.

Hou, Tony. “IaaS vs PaaS vs SaaS: What You Need to Know + Examples (2018).” Ecommerce

Technology, The BigCommerce Blog, 26 May 2019,

www.bigcommerce.com/blog/saas-vs-paas-vs-iaas/#the-three-types-of-cloud-computing-

service-models-explained. Accessed 9 Oct. 2019.

Hurwitz, Judith, Marcia Kaufman, and Dr. Fern Halper. Cloud Services For Dummies, IBM

Limited Edition. John Wiley & Sons, Inc, 2012.

Lewis, Dave. “ICloud Data Breach: Hacking And Celebrity Photos.” Forbes, Forbes Magazine,

22 Sept. 2014,

www.forbes.com/sites/davelewis/2014/09/02/icloud-data-breach-hacking-and-nude-celeb

rity-photos/#589056e72de7. Accessed 9 Nov. 2019.

Mason, John. ”5 Cybersecurity Challenges and Trends: What to Expect in 2018.” GlobalSign, 10

Jan. 2018,

https://www.globalsign.com/en/blog/cybersecurity-trends-and-challenges-2018/.

Accessed 8 Oct. 2019.

 Fong 7

Morrow, Timothy. “12 Risks, Threats, & Vulnerabilities in Moving to the Cloud.” Software

Engineering Institute, Carnegie Mellon University, 5 Mar. 2018,

https://insights.sei.cmu.edu/sei_blog/2018/03/12-risks-threats-vulnerabilities-in-moving-t

o-the-cloud.html. Accessed 16 Oct. 2019.

Pugazhenthi, A, and Chitra, D. “Data Access Control and Secured Data Sharing Approach for

Health Care Data in Cloud Environment.” Journal of Medical Systems., vol. 43, no. 8,

Kluwer Academic-Plenum-Human Sciences Press, DOI:10.1007/s10916-019-1381-7.

Accessed 16 Oct. 2019.

Rossow, Andrew. “Why Data Breaches Are Becoming More Frequent And What You Need To

Do.” Forbes, Forbes Magazine, 24 May 2018,

www.forbes.com/sites/andrewrossow/2018/05/23/why-data-breaches-are-becoming-more

-frequent-and-what-you-need-to-do/#98ad69bd97f7. Accessed 9 Nov. 2019.

Su, Jean Baptiste. “Why Cloud Computing Cyber Security Risks Are On The Rise: Report.”

Forbes, Forbes Magazine, 25 July 2019,

www.forbes.com/sites/jeanbaptiste/2019/07/25/why-cloud-computing-cyber-security-risk

s-are-on-the-rise-report/#131d2ea75621. Accessed 9 Nov. 2019.