- What is Cloud Computing?
- Cloud Computing Risks
- The Capital One Data Breach
- Cloud Computing Hack affects PCM
- Is Cloud Computing Worth it?
What is Cloud Computing?
Cloud computing is the practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer. Through cloud computing, individuals can access and store data online rather than just using your hard drive. The cloud is a virtualized information technology (IT)computing environment where data and applications are stored in shared machines through a web-based setting. You must access your programs or your data online, or at the minimum have your data synced with information over the internet for it to be considered cloud computing.
Cloud Computing Risks
There are many computing risks associated with cloud services that concern IT professionals. The cloud has many benefits, but cloud environments experience a wide variety of threats similar to any data center environment. There are many adversaries which can exploit the software vulnerabilities associated with cloud computing. Consumers need to be aware of the risks that come along with using any cloud software. Cloud service provider's (CSP), are very aware of the financial, technical, legal, and compliance risks of all cloud technologies. CSP’s are expected to meet the responsibilities of their consumers by safely moving applications and data to the cloud, but consumers also should be aware of all the threats and vulnerabilities associated with cloud computing.
Lack of Control and Availability
When a consumer uses any cloud service provider the vendor is always in control. Organizations have reduced control and visibility when they transition there asset/operations into external cloud services. Consumers need to trust in their Cloud Service Providers because they gain the responsibility of many policies and the infrastructure of your organization. The amount of control CSP’s has depended on the cloud service models your organization is adapting. When a company hosts its service on a local network you have fun control of your data. The level of service and data is controlled by the organization. For example, If you are not paying the cloud service provider your data can be held up by the vendor. You will not have access to the service because the data is not in your hands anymore. This isn’t always a problem if the trust that your CSP will assure that your systems and data are all safe. The demand for stronger and easier security in the online world. It’s also important to know that all service providers are not guaranteeing 100% uptime. Ask your cloud provider what controls are in place to ensure internet connectivity. If your internet goes down then the vendor's cloud service will also go down. You will don’t have any access to information or data until that is fixed. Vendors also frequently can go down due to DDoS attacks, system failures, or bad weather. If a vulnerability is identified, you may have to limit all access to the cloud provider until this is fixed. If you have clients you have to ensure that they will be fine if they lose access to this service for multiple business days.
Your cloud service provider must understand your organization's data privacy and security needs. If a hacker gains access to a user's cloud credentials, the attacker can have access to the CSP's services, and target your organization's assets. cloud environments are often targeted by virtual machines and bot malware, and a variety of attacks which aren’t always predictable. Vulnerability assessment practices and patch and configuration management controls need to be closely monitored to protect your data. If an adversary gains access to a CSP administrator's cloud credentials may be able to use those credentials to access the agency's systems and data. It’s also important to just ask your vendors general questions about data security and privacy rules and regulations/laws which affect your company.
Stored data is often time lost or deletes for a reason none related to malicious attacks. The consumer can be lost due to catastrophic events such as a fire, earthquake, or tornadoes. These events can lead to permanent data loss. This responsibility is placed on the consumer and the provider's shoulders. If a customer encrypts its data before uploading it to the cloud but loses the encryption key, the data will be lost. The consumers need to be fully aware of their CSP security storage model. Agencies need to be prepared for the possibility of having their CSP acquired by an unknown entity, and they must consider data recovery in the event of a breach of data. Your data is never 100% protected, so always try to backup all of your important documents.
The Capital One Data Breach
The Capital One Data breach that occured on July 30, 2019 is the most recent example of a cloud computing vulnerability that lead to multiple bank accounts being hacked online. Millions of records of consumer-banking data were exposed at one of the largest proponents of cloud computing. Over 106 million credit card customers were exposed in one of the largest breaches of data in the history of banking. Capital One Financial Corp stores their clients data using the Amazon.com Inc Cloud platform. The companies and investigators said,” there was a poorly configured firewall—a mechanism designed to wall off privately operated digital systems—that a hacker breached”. It should be noted that the accused hacker’s had a tenure as a former employee of Amazon’s cloud, which shows that all companies using cloud computing data need to be wary of insider threats. Many IT Professionals still feel that Capital One did not have sufficient safeguards in place to secure customer records when they adopted cloud technology. This breach of data could definitely be related to software engineers having clunky security restrictions and a sluggish development processes which may have lead to cloud misconfiguration problems that can leave sensitive data exposed to unauthorized access within the Amazon Web Services.
Over 140,000 Social Security numbers and 80,000 bank account details were exposed during this hack. Capital One said it expected to spend up to $150 million to cover breach-related costs, largely for issues such as notifying customers and paying for credit monitoring. “Any company that has or is looking to move into the cloud must ensure that their security strategy is developed alongside of that transformation,” said Vincent Liu, a partner with the security-consulting firm Bishop Fox. The Amazon team is now working to develop a more secure security model. Their goal is to operate more securely in the public cloud than we can even in our own data centers because the financial industry is known to contract the worst criminals. An insider threat shouldn't have been able to use knowledge acquired while working at the cloud-computing giant to commit her alleged crime.
Cloud Computing Hack affects PCM
On July 2, 2019 a large cloud service provider, PCM faced a series of hacking attacks. PCM which is a major provider of hardware and cloud services had their internal infrastructure completely compromised by an unknown hacking group. This unknown hacking group was able to infect PCM’s cloud services with a custom-made malware strain which researchers have taken to calling ‘Mimikatz.’ This particular malware would then access the memory of the infected system, and collect login credentials, including usernames and passwords. Hackers managed to abuse payment processing services, money transfer services, and clearinghouses. This allowed them to immediately monetize the stolen information. No personal information was gathered luckily during this incident. PCM was able to resolve this matter, and inform all those they believe were affected by this issue. The easiest way to prevent hacking attacks and threats is to learn how to recognize phishing emails, but also to ensure that none of the devices are vulnerable. Having anti-virus and anti-malware software, as well making sure all of the apps and programs are up to date is essential if you want to avoid facing cyber threats in any organization.
Is Cloud Computing Worth it?
Overall the benefits of cloud computing far outweigh the risks involved. Cloud computing is widely used and the opportunities presented by the cloud need to be taken advantage of by any company looking to succeed in today's marketplace.