Over the past several years, numerous cloud companies have publicly announced flaws in their security or outright exposure to third parties. From the recent NSA spying scandal via PRISM to the Dropbox hack that occurred roughly a year and a half ago, many people are left wondering about the true nature of cloud security. This could have serious negative implications on a key technology industry that is supposed to grow exponentially in 2014. Cloud security is such a broad topic that you could argue it needs its own book. In this article, we will focus on a few specific details and what many industry experts overlooked before it was too late.
What is cloud security?
If you were to ask any person with minimal knowledge about cloud computing and the security that comes along with it, the first thing you are likely to hear about is the level of encryption. People are most likely to cite 128-bit SSL (Secure Sockets Layer) or even 256-bit AES (Advanced Encryption Standard) encryption levels that are used by major organizations including but not limited to large financial institutions. These encryptions are virtually impossible to hack. There is a report that the U.S. government is currently constructing a super ‘quantum’ computer that may be able to penetrate these encryptions however they are years away from completing the project. Aside from the U.S. government, which has endless resources to build something like that, there is no known single hacker (or even a group of hackers like Anonymous) who can override these encryption levels.
The focal point
People would not be wrong in assuming that encryption is a significant part of cloud security. While there are other key focal points, many cloud professionals have stated that cloud security starts and ends with encryption. However, people all across the globe, including these professionals, ignored the all-encompassing process of encryption. This widespread negligence led to a significant amount of data theft and infiltration.
Under the surface
As stated previously, cloud security is multi-faceted, specifically in regard to cloud encryption. As the news broke, rumors spread that highly experienced groups of hackers were able to sabotage large cloud infrastructure such as Dropbox. While the rumors were unverifiable and as the investigation continued, the conclusion was that someone with a basic level of programming could have accessed almost all cloud data.
Houdini-like act or extremely visible?
How was something that was supposed to be so secure so easily accessible? Let’s take a look at an online backup company like MyPCBackup. This company specializes in data storage for both individuals and businesses. Once you sign up to a plan, you are entitled to store your files in their data centers which are heavily secured, even for the American government. No entity is getting past MyPCBackup’s security measures, even Uncle Sam. However, everyone looked past the transfer process. While your data is secure once it reaches the data centers, it is extremely susceptible to theft during the transfer process. So, your data is secured via 128-bit SSL encryption once it reaches its destination (data centers) but during the transfer process there is no encryption provided. And while it would be difficult for a single person to know your exact time of transfer making theft unlikely (but still possible), you are no match for the U.S. government which can freely monitor your cloud behavior 24/7.
Solution in sight?
Since this has been exposed, countless security experts have teamed up to beef up cloud security on a whole. In fact, this encryption mini disaster has been exploited by companies such as IBM, who have recently released a new patent that encrypts your data prior to transfer. The entire process, including encryption, will become more secure over the coming months. This is a clear necessity considering positive analyst expectations for the cloud computing industry in 2014.