Whenever it comes to risk, you should always be wary of its consequences. You don’t want to take on too much of it.
IT firms over the past couple of years have been adopting cloud services as if they were a new fad. In the past five years, we’ve witnessed over 100% growth in this sector. While there are many benefits that the end user receives from cloud storage, there are also many risks that come with it also.
Below I have created a list of 5 of the biggest risks associated with cloud storage, though these risks are things that you should be aware of when attempting to switch to cloud storage, not all of the risks below may apply to you.
Additionally, most of the better cloud storage companies have put in place measures to counter some of the concerns that I’ve raised in this article. So you’re only requirement may be to browse around for the best possible service.
- Compliance and Legal Risks
Do you work in an industry that regulates all data security? There are many sectors that would say yes to this, such as banking, government and healthcare, to name a few.
Most of these data security regulations are put in place to protect data of a specific kind. For example, with healthcare providers, patient data is what is typically protected. With PCI DSS, the cardholder data of a credit card is what is protected.
These companies that are covered by these regulations, are not only required to protect said data, but are also required to know several things, such as:
- The location of the data
- Who has access to it
- Methods being used to protect it
The problem arises when said company attempts to outsource the storage of this data, if the company was to use a cloud storage service for example, then that service would be the ones required to maintain their compliance.
If the legal protections are inadequate, then it could make the company liable in the event of a data breach at the cloud storage service, leading to the exposure of protected data.
In short, unless you have in writing, that the cloud storage service is liable for the protection of your data in the event of a data breach, the storage service may not be held responsible. So the responsibility of protecting your data is transferred to a third party storage service, but that service is not liable in the event that unauthorised persons gains access to it.
- Account Hijacking
Because of the growth and implementation of cloud storage in so many companies today, it has opened up new issues in account hijacking.
Computer hackers are now able to access your sensitive information remotely, simply by acquiring your company login details. These hackers can also manipulate and falsify information using the credentials that have been hijacked.
Other symptoms of hijacking include reused passwords, and scripting hacks, which allows the computer hacker to steal confidential data; even Amazon, sometime in the past fell victim to a scripting hack, which was targeted at the credentials of its customers. Key logging, phishing and buffer overflow, also present similar problems. The Man in Cloud Attack is amongst the most recent threats. This attack involves the theft of user tokens, which these cloud storage platforms use to verify the legitimacy of a device during updates and synchronisations – a verification that typically does not require login data.
- Power Outages
Another issue with cloud storage services is the possibility, though small, of the service going down, due to an outage. Although it doesn’t happen very often, there have been cases where a server has gone down, due to a bug at the cloud center.
Though this would be a major disaster, if it were to happen, due to the untold number of people that would require access to their data at the time, many of these cloud storage services have built-in safety mechanisms, as counter measures, and many others simply do not have a history of power outages.
- Malware Injection
A malware injection is basically a script that has been embedded into a cloud storage service and runs as a SaaS to cloud server. This means, malicious code is capable of being injected into the cloud storage service while being viewed as a legitimate part of the infrastructure that is hosting and maintaining your data.
Once the malware injection has been successfully completed, computer hackers will then be able to eavesdrop, and compromise the integrity of the services stored data.
Reports show that malware injections have become a major problem for many storage companies today.
- Cloud Service Abuse
The improvements and expansions in these cloud storage services, has made it possible for both small and large scale companies to store large amounts of data with little difficulty. However, this growth in storage capacity has also made it possible for computer hackers to easily spread malicious files on these services.
This practice in truth affects both the customer and the cloud storage provider. This is because privileged users can now, whether directly or indirectly increase the security risk and as a result of that infringe upon the terms of services provided by the storage service.
Such risks include sharing of pirated videos, software, books and music, and can lead to legal consequences in the form of settlements and fines (of up to $250,000) with U.S. Copyright Law.
These fines can also be more cost prohibitive, depending on the damages. Risk can be minimised by monitoring usage and setting guidelines for what employees can host on the cloud storage service.
–AUTHOR INFO—
Uchenna Ani-Okoye is a former IT Manager who now runs his own computer support website https://www.compuchenna.co.uk