What, exactly, is the cloud? Where is the cloud? (No, not up there.)
In the most simplistic terms possible, cloud computing involves storing and accessing data and programs over the internet instead of a traditional hard drive. In many ways, the cloud is just a sexy metaphor for the internet. According to Eric Griffith, a writer for PCMag, “It goes back to the days of flowcharts and presentations that would represent the gigantic server-farm infrastructure of the internet as nothing but a puffy, white cumulus cloud, accepting connections and doling out information as it floats.”
Cloud computing offers a whole host of benefits, including almost unlimited storage for files, applications and other types of data. It also offers improved collaboration irrespective of team members’ geographical locations.
Although most reputable parties offer enhanced security to protect users’ data, however, the idea of a completely safe cloud system is an illusion. After all, someone else is looking after your cherished information. Take a data center, for example. It’s run by an in-house IT department. The cloud, on the other hand, is an off-premise system. Users “farm out” their data needs to a third-party provider.
By abrogating responsibility, users are trusting someone else to look after their private data.
As obvious as it sounds, the following needs to be said: Any time you store data on the internet, you open yourself up to a cyberattack. Cybersecurity issues are becoming a daily struggle for businesses around the globe. Recent research suggests that most companies have unprotected data and poor cybersecurity practices, making them vulnerable to data loss. This is particularly problematic in the cloud, where colossal amounts of data are stored by millions of users on the same system.
In May of this year, hackers accessed emails and file-sharing systems of some customers of cloud provider PCM, Inc.
Hackers stole administrative credentials that granted them access to customer accounts in Microsoft Office 365. According to a report by Krebs on Security, the hackers wanted to use the stolen information to perpetrate gift card fraud in a scheme that resembled a breach at Indian outsourcer Wipro (In April of this year, Indian IT Company Wipro received a cyber threat from hackers who demanded a sum of $50 million in Bitcoins to keep its database free from malware).
The more recent hacking of PCM is even more troubling because the attackers were able to get the administrative usernames and passwords used within Office365. The hackers not only misused administrative credentials that manage client accounts within Office 365, they also accessed a trove of personal data and sensitive business documents. They accessed the kind of information that you and I, everyday users, might upload: think personal photos, passport scans, birth certificate scans, important documents, etc. If hackers have access to your Office 365 account, not only can they reset your password, they can also lock you out — permanently. Even worse, they may use your email address as a username for other online accounts.
In a recent interview with SC, CipherCloud CEO Pravin Kothari said that it’s becoming much easier for criminals “to target the cloud to utilize stolen passwords, API vulnerabilities or user misconfiguration to take over accounts and access all information like an authorized user, thus bypassing all security controls.”
Cloud computing appears to be a double-edged sword. While the outsourcing of skills and resources to third party experts has helped fuel global economic growth, it has also increased the chances of cybersecurity breaches, many of them deadly.
Earlier this month, LabCorp, a laboratory testing giant based in the Burlington, North Carolina, was the victim of a third-party data breach.
Some 7.7 million patients had their personal and financial data stolen. The attack took place a mere 24 hours after Quest Diagnostics, an American clinical laboratory, released a report stating that some 11.9 million patients were also victims of a data breach.
According to a filing lodged with the Securities and Exchange Commission, the LabCorp breach involved the appropriation of patients’ names, dates of birth, addresses, phone numbers, dates of service, providers, and balance information.
Putting your data on a cloud-based storage system may seem like a no-brainer, but we should all exercise extreme caution. Storing mass amounts of data on off-site installations to “make life a little easier” is not without potential risks. Some of these risks could ruin a person’s life.
Information uploaded to the cloud is being monitored by third-party groups that simply do not care as much about your privacy as you do. In the words of Mike Rogers, former director of the U.S. National Security Agency, “For those that thought the cloud was a panacea, I would say you haven’t been paying attention.”