These days, it’s awfully hard for anyone who follows technology trends to avoid the cloud. Just as fluffy white clouds hover overhead, news about cloud computing follows the tech and IT sectors everywhere. Cloud based solutions have the potential to increase efficiency while also lowering costs for some organizations.
However, the cloud also presents security concerns. With gigabytes of data stored remotely, it is imperative for that information to remain as well guarded as possible. A layered security approach can help protect against many of the risks associated with cloud technology. Decision makers should ensure that their providers follow best practices and stay aware of the most recent threats.
Using the cloud to nab encryption keys: Many cybersecurity experts agree that one of the fail-safe ways people and organizations can keep their data secure while it is stored remotely is through encryption. This way, even if the information is stolen or exposed, cybercriminals would have no way of deciphering the information.
However, even encryption may not be enough. New Scientist reported that Yinqian Zhang of the University of North Carolina, Chapel Hill recently exposed the possibility of using virtual machine (VM) to steal encryption codes that decrypt data and make it usable. By targeting cached memory within a VM, a hacker could use one VM to target another so long as both ran using the same hardware.
“The attack exploits the fact that both VMs share the same hardware cache, a memory component that stores data for use by the computer’s processor,” Jacob Aron wrote in the article. “The attacking VM fills the cache in such a way that the target VM, which is processing a cryptographic key, is likely to overwrite some of the attacker’s data. By looking at which parts of the cache are changed, the attacking VM can learn something about the key in use.”
Such a scenario could only occur under specific conditions, as both VMs would need to be on the same machine and the hardware could have multiple VMs. However, New Scientist reported it took only a few hours for Zhang’s team to reconstruct a 4096-bit encryption key off a server similar to what Amazon.com uses.
Major gap in cloud security measures: While an overwhelming majority of businesses are using cloud computing services, most companies lack clear security policies. Channelnomics reported on a survey from cloud storage vendor Symform, which found that 61 percent of firms use cloud based services even though 20 percent of organizations have no usage policies in place.
“This research validates how cloud applications and services are being purchased and managed increasingly by non-IT departments, and illustrates the need for IT to reclaim control from a policy and governance standpoint while still enabling the business to benefit from the cloud’s agility and cost-effectiveness,” said Margaret Dawson, vice president of product management at Symform, according to Channelnomics. “Cloud usage is inevitable but loss of control is not.”
BYOD’s effect on cloud security: An increasing number of employees are incorporating their personal wireless devices into the workplace. Technology like smartphones and tablets heavily rely on cloud based solutions in order to be fully integrated into a firm, TechTarget reported. As a result, companies looking to enact a guideline for cloud usage and security also need to take into account the proliferation of personal mobile devices entering the workplace.
When it comes to cloud security, what are the biggest threats faced by organizations? What steps should a business take to ensure that sensitive data is securely stored in the cloud? Leave your comments below to let us know what you think about these topics and about the current state of cloud security!