The cloud is used as a term for a series of on demand, remote access, subscription services that exist on the internet. One commonly used cloud service is data storage. Instead of storing information directly on your own personal computer or phone, cloud-based data is stored elsewhere, not on clouds, but on servers* housed in massive data centres. Examples are: Google Drive, Dropbox, OneDrive, Apple iCloud, and IDrive.
*A server is a powerful computer that provides one specific job to other computers.
Where is the Cloud?
The cloud is a metaphor for the internet and for services that can seem quite abstract. The image of a cloud suggests ethereal, natural, and benign, it is everywhere but nowhere and belongs to no one or everyone. This metaphor is misleading, as in reality, the cloud exists as row upon row of powerful computers with cables that radiate all over the world. It is owned by a few of the worlds largest private organisations such as Amazon, Microsoft, Google or Apple and keeps millions of people’s data that is made accessible to them via the internet. The biggest data storage servers in the world are located in China, USA and India, some are even situated at the bottom of the ocean.
Cloud Computing ‘as a service model’
A widely used service available in cloud computing is office software and web-based applications, which is known as Software as a service or SaaS. An example of SaaS is Gmail and Yahoo email and Office 365 and Google Docs. If we take Office 365 as an example, you can sign into your Microsoft account on any machine and access Microsoft word where you will find your files. Neither the application Microsoft Word, nor those files are stored on your computer, but in the cloud, and this makes them accessible remotely from any computer as long as there is an internet connection. Cloud computing allows users the flexibility to collaborate with others from any location.
Examples of other services that run their operations from the cloud include Youtube, Facebook, Zoom, Netflix and Spotify. Most will be located with the biggest cloud service providers, Amazon Web Services, Google Cloud Platform and Microsoft Azure.
In addition to SaaS, businesses that need to create websites and applications, can rent cloud-based hardware and operating systems needed to run applications, this is known as Platform as a Service or PaaS. With PaaS, consumers do not have the responsibility of managing, updating and maintaining the platform that hosts the application and can therefore focus more on software development or providing other services to customers.
Infrastructure-as-a-Service or IaaS is the most comprehensive cloud platform and is mainly used by full time developers or large businesses. The cloud provider hosts the infrastructure components that were traditionally present in an on-premises data centre, including powerful servers, almost limitless storage, and networking.
Benefits of Cloud services
When a business has a subscription for any of these services with a Cloud Service Provider (CPS), once they have made the initial cost to deploy their business across to the cloud, it saves them costly outlay for technology that may become out of date in a few years. Another benefit of the ‘as a service’ model, is that because a professional company is managing your technology, their level of support and maintenance, means more of your budget and time can be spent on business strategy and less on IT and security.
Security Risks of the Cloud
The chances are, your data is more secure in the cloud than on your own device within your own premises. The logic behind this comment is that most big cloud service providers spend millions of pounds managing and maintaining the security of their services. There are some customer responsibilities, however, and its worth noting that failure to meet consumer responsibilities is a leading cause of security incidents in cloud-based systems.
Some basic procedures can be followed to minimise risks.
- Use Multifactor Authentication
If you can access your data remotely, so can cyber criminals. Multifactor Authentication (MFA) gives a crucial layer of added security when logging into your cloud accounts. Instead of just a password, MFA asks a user to provide another form of authentication, this might be a password plus a code received as an SMS or a fingerprint scan.
- Limit and monitor the access of your users.
Limiting access can limit the impact when account information like user-names and passwords are stolen or a disgruntled employee wants to cause harm.
- Provide anti-phishing and security training.
It is important that the individuals who use the system are educated about best practice behaviour and the tactics used by people who send ‘phishing’ emails. ‘Phishing’ is a term that describes the use of deception to manipulate people into revealing their security information. Phishing attacks are a common way that hackers access even the most secure cloud database.
- Organise data back up.
Most Cloud Service Providers give significant guarantees against loss of data, however, no system is perfect. Major cloud providers have accidentally lost customer data. Ensure that your chosen CSP has data backup and recovery processes that meet your organisation’s needs.
As more of our information and activities go online, cyber security has become a necessary part of life that keeps us safe from crime. Just like learning anything new, it can be broken down into small steps and implemented in bite sized chunks. Businesses of all sizes are at particular risk of cyber crime and would benefit from working towards Cyber Essentials which is a Government approved scheme. By implementing just five core controls that protect against most cyber attacks, businesses can ensure they are on the right track as well as demonstrating to their customers and suppliers that they are serious about cyber security. Click here to find out more about the Cyber Essentials scheme.