While the cloud has become one of the hottest new tech trends, many professionals are still hesitant to place their faith in the cloud–and rightly so. There are a plethora of unknowns surrounding this newest form of digital data storage and everyone from IT professionals to business owners should be aware of the weaknesses of cloud storage before they blindly place their faith in it.
The skepticism about the cloud does not simply stem from a fear of the unknown, either. Rather, a multitude of research has suggested that cloud storage can pose substantial security risks that are not found in traditional physical storage devices.
In a recent study of cloud data storage, they found that the cloud may not deserve its status as a hot new trend. Rather, their findings suggest that the cloud poses substantial security risks while offering few rewards. Their key findings were as follows:
While these numbers do seem to condemn the cloud as insecure, it is important not to jump to conclusions. Rather, we should examine what it is about the cloud, if anything, that makes it so susceptible to cybersecurity threats.
Where Do the Findings Come From?
Data without context is meaningless, thus it is essential to examine precisely why the cloud may be a dangerous form of data storage. There are a handful of dangers associated with the cloud, and each will be thoroughly explored in the following sections.
When using the cloud, you are participating in something known as multitenancy. Here, multitenancy refers to unrelated cloud users sharing key computer features such as CPU, storage, memory, and similar computing resources. While there is nothing inherently wrong with multitenancy, it is largely unexplored territory and, for several reasons, makes IT professionals nervous.
First and foremost, there is an inherent danger that, because all of the storage space is being shared between tenants, private information could bleed into another tenant’s account either accidentally or due to a malicious attack. Furthermore, multitenancy can prove dangerous to all users because, if one tenant suffers a cyber-attack, it is only a small step to gain access to the information of all the tenants. Unfortunately, these fears are not simply hypothetical, but have been confirmed by technological investigations.
Researchers have found ways to access a tenant’s private information on the cloud through “new storage space” on another tenant’s account. Moreover, researchers have found ways to view another tenant’s IP address and memory due to the multitenancy arrangement. Because of these findings, the worst fears of the cloud have been confirmed, which means it must be frequently monitored to ensure compliance with regulatory standards and security.
Not only does the cloud run the typical security risks of physical data storage, but, due to its virtual nature, it is susceptible to entirely new vectors of cyber-attacks. How does this work? Cloud providers are massive users of virtualization–it’s the entire premise of the cloud. The additional security concerns lie in these virtual exploit risks, namely in four different varieties: server host only, guest to host, host to guest and guest to guest. While there has been little research performed concerning these cyber-attack vectors, the information that does exist is far from comforting.
For more well-established users of virtualization software, there is still much that is not known. The entire system remains insecure and uncertain, which can be seen in the patch notes of any virtualization software vendor, which prominently feature crashes and security bugs. If you decide to use cloud data storage, it is imperative that you protect yourself from cyber-attacks that can be facilitated via virtualization. Ask your cloud provider the following questions to verify that your data is as secure as you need it to be: What virtualization software do you use? What version is that software currently on? Who patches the virtualization and how often are patches released? Who can log on as virtualization hosts and guests? The importance of these questions cannot be overstated, but even with answers, the looming uncertainty of cloud storage remains apparent.
One of the most understated and shocking features of the cloud is that, once data is stored, it no longer belongs to the user who stored it. In the fine print of many cloud contracts, including those of the largest and most well-known, it is explicitly stated that information stored on the cloud no longer belongs to the user, but rather to the cloud provider.
Why do providers add in this underhanded clause? They do it because, in the event of a security breach, it offers them additional legal protections. Not only does it protect them in worst-case scenarios, but it also allows them to peruse user data at their leisure for ways to increase their revenue. This can include things like selling user to advertisers and, in the case of the cloud being sold, passing information along to the next buyer. Given these findings which suggest an inherent unreliability of cloud storage, it is little surprise that many businesses and individuals are opting to stick with physical data storage.
The Advantages of Physical Data Storage
Perhaps the most appealing factor of storing data on hardware, especially given the chilling reality of the cloud, is that the information is entirely your own. Not only is there no hardware provider to claim ownership of your data, but you are significantly less likely to suffer a hacking cyber-attack. Because your data is physically at a location of your choosing, you choose who has access to it and thus can limit who has the opportunity to attack it.
Moreover, for those interested in efficiency, physical storage offers significant advantages over the cloud. Uploading anything from a document to an HD video to a physical device will take a fraction of the time that it takes for your PC to communicate with the cloud. In this way, physical devices are often more time-efficient than waiting for data to transfer to and from the cloud.
Of course, the world of physical data storage is not an idyllic paradise. It comes with its own shortcomings just like anything else. The difference, however, is that the weaknesses of physical hardware are much easier to manage than the glaring flaws found in the cloud.
Weaknesses of Hardware
The one major weakness of physical data storage, and thus the reason that many people go to the cloud, is the concern that discarded hardware with sensitive information may end up in the hands of thieves. It’s a fair concern, but it’s also one that is entirely avoidable.
With proper data destruction practices, namely using a data wipe before decommissioning hardware, there is no risk of residual data being left on any unwanted device. Then why is it an issue at all? Simply put, many business owners invest in poor-quality data wipes which leave information on their hardware. Thankfully, there are other, more reliable options available.
If you require a data wipe which meets international regulatory standards, as well as those of most business industries, then consider using Clarawipe. It will ensure that when you are finished with your old hardware, you can dispose of it without worrying about potential data security breaches. Of course, you should never rush into decisions about data security, so schedule a demo and see how well Clarabyte’s wipe can perform for you.
However you decide to destroy data from your hardware, it’s hard to imagine that this one small step could compare to the hefty security risks that come along with cloud storage.
The Final Verdict
The decision of what data storage method to utilize for your business is, of course, up to you. While the cloud poses unknown risks, perhaps these are risks that you are comfortable taking. If you do decide to pursue this despite its uncertain security, then do your best to stay informed. Know who owns your data, know what dangers there are and, above all, know your alternatives.
“Changelog for VirtualBox 5.1.” Changelog – Oracle VM VirtualBox. 2016. Web. 21 Jan. 2017.
“Security in the Cloud.” AT&T, 2016. Web.