Cloud computing has emerged as the future of networking recently. It eliminates the need to stack up expensive hardware components to form a company’s private network or storage space. The advantages of using cloud computing are can be summed up into its 1. Elasticity 2. Provisions to pay as you go 3. Reduction of in-house infrastructure liabilities and costs . Cloud computing encompasses three major delivery models which are 1. Infrastructure as a Service (IaaS). 2. Platform as a Service (PaaS). 3. Software as a Service (SaaS).
Infrastructure as a Service (IaaS) enables users to rent special networking hardware such as virtual machines, servers, storage and any other hardware/OS over internet.
But the advantages provided by cloud computing services have always been overshadowed by numerous security threats that it exposes its clients to. An official NCSA report had this statement in it, “Anyone who uses the Internet is susceptible to offenses such as payment card fraud or identity theft scams” . Such an open statement from the NCSA is enough to point to the graveness of this rising cyber security issue. The following security threats include common threats attributed to cloud computing.
Malicious users or insiders: Many malicious clients or insiders from the service provider itself use cloud services with the wrong agenda. They are known to have used their accounts to host malware such as Zeus Botnet, Info Stealer Trojan horses, etc for stealing information from other users. These spyware or malware can cause serious security breaches and are capable of collecting data from other users. So if a company is planning to use cloud services, it should also plan encryption schemes for its data. These keys should be promptly kept and changed periodically.
Side Channel Attacks: An issue with resource sharing is that a virtual machine can use side channel timing information to steal data from another virtual machine sharing the same resource . This is called data breaching in cloud storage. The major issue with this security threat is that the attacker could also get a hold of the encryption keys of the victims. Even though this threat is at its infancy now as virtual machines are evolving, it is considered as a major security issue for the future.
Insecure Interfaces or APIs: APIs are the Application Program Interfaces that are provided to help the end users connect with any service. In cloud computing such APIs are required by the end users to authenticate their user ID and credentials as well as interact with the cloud services. Some service providers include value added services from third parties to these APIs. This increases the complexity of the API coding that can make them more vulnerable to severe attacks.
Service Traffic Hijacking is where passwords and credentials are duplicated or reused. Even Amazon once experienced a CrossSite Scripting bug that could steal user credentials . When an attacker gets hold of user credentials of other customers, they could use it to alter the contents as well as return falsified information to compromise the integrity of a company.
Shared technology vulnerabilities: Cloud computing services are provided by using techniques such as resource sharing extensively. This process is done with the help of techniques such as CPU caches and GPUs etc . The problem is that many service provides do not design these underlying technologies to provide secure client isolations such as a virtualization hypervisor. But even these can have flaws that could give an attacker access into the security protocols that help client isolation. Using this they could, in the future, formulate an elaborate attack scheme.
Proposed Remedies
There are numerous techniques available using which we could check the security breaches and avoid its occurrences . Some of them are 1. Organizing business data 2. Providing more secure and larger encryptions 3. Managing encryption keys promptly 3. Back up data periodically 3. Spotting phishing scams effectively 4. Using Multi-Factor authentication protocols 5. Evaluating dependency associated with APIs 6. Thorough analysis of the underlying security model of all interfaces 7. Understanding the security protocols of third party licensees before using their services 8. Prohibit sharing of account details between users.
It is always essential to monitor customer network traffic of any cloud service. This can be proved helpful in checking issues related to malicious users loading scrap data and Trojan programs into the cloud server. If a company is ready to stay vigilant and keep its data encrypted and secure, it can use cloud services without any concern. The fact is that cloud services provide more advantages than the security concerns that are inherent in them.
References
Gorelik, E. (2013, January). Cloud Computing Models. Retrieved February 3, 2016, from MIT: http://web.mit.edu/smadnick/www/wp/2013-01.pdf
M, R., & B, L. (2014). Survey About Cloud Computing Threats. International Journal of Computer Science and Information Technology , 384-389.
National Cyber Security Alliance. (2012). Internet Security Essentials for Business 2.0. Retrieved January 29, 2016, from United States Chamber of Commerce: https://www.uschamber.com/sites/default/files/legacy/issues/technology/files/ISEB-2.0-CyberSecurityGuide.pdf
Sen, J. (2010). Security and Privacy Issues in Cloud Computing. Kolkatta: Tata Consultancy Services.
