With the present attention the cloud is getting, it is but normal to be concerned about security. The cloud is popular because it is able to all music and personal emails which can be accessed through mobile devices or computers. Government agencies also use the cloud for its data storage so that its people can access such data anytime and anywhere. Organizations save money when they shift to the internet cloud. Thus, its security must be enhanced.
Major cloud computing services providers such as Amazon, Google, Microsoft, Salesforce.com, SAP, and Oracle offer services and data storage not only to businesses but to individuals as well. For data storages, these suppliers offer sophisticated datacenters to house their customers’ data securely and safely.
According to Strategy Analytics, US spending on cloud products and services will be at $82 billion on 2016 from $31 billion in 2011. However, some experts believe that there are still security issues which haven’t been fully analyzed and that the cloud may still have a lot of problems and expose the user’s data to vulnerabilities. According to Stelios Sidiroglou-Douskos, MIT’s Computer Science and Artificial Intelligence Laboratory research scientist, there is really no system which is totally secure. Just as there is no guarantee that no one will break into our homes when we put locks on our doors, there is also no guarantee that cybercriminals won’t be able to attack our data in the cloud. However, amateur cyber hackers will find it difficult to break into the cloud.
Compared to a single computer, there is much damage when the cloud system is breached. More information is put at risk and may be lost when cybercriminals attack a cloud system. However, a cloud system has better defenses. Therefore, if an attack does occur, the effects can be very damaging. Funded by the Defense Advanced Research Projects Agency, the MIT project hopes to create systems which fix data breaches automatically. According to Nir Kshetri, an economics professor at the University of North Carolina and studies cybercrime, criminals target those huge company networks because they offer value. Therefore, it is but expected that cyber hackers will attack any cloud system.
According to Marcus Sachs, a past director of the Sans Technology Institute’s Internet Storm Center, the cloud can provide more security than simple and small company networks but it doesn’t mean that it is not vulnerable to cyber attacks. The problem with any cloud system is that nobody knows where his data is located. The cloud has raised some questions regarding audit and responsibility. According to Sachs, some analysts have discovered the presence of “fake clouds” which offer cheap solutions. Users don’t know that these fake clouds are being operated by criminal elements which steal their data. These cases have been rampant in China and the Soviet Union, according to Sachs.
The cloud computing providers must assure its clients that their systems are secure and safe in order for them to entice non-cloud computing believers to trust the cloud. The cloud does have its benefits but if these suppliers can’t solve the security issues being raised then it is very possible that the expected worldwide shift to the cloud won’t ever happen.
It appears that
many organizations are still struggling with what method is best suited to add
additional layers of authentication for access and transaction verification
without unreasonable complexity. I understand that the cloud is going to take
time to get to where everyone understands the cloud and feels secure, and a
step in the right direction is to implement some form of 2FA. I’ve noticed many
of the global cloud providers are moving to the use of what is commonly known
as 2FA (two-factor authentication) where the user is asked to telesign into
their account by entering a one-time PIN code which is delivered to your phone
via SMS or voice. Or if you don’t want to do this every single time, some offer
the option to designate your smartphone, PC, or tablet as a trusted device and
they will allow you to enter without the text code. Should an attempt to login
from an unrecognized device happen, it would not be allowed.