Today many individuals and businesses are using online data storage in the cloud, however many individuals and organizations have concerns regarding security. Much of the information that people wish to store in the cloud is of a highly sensitive nature, thus it is only correct to question how secure the cloud really is.
Today there are many free online file storage and file sharing services; to name just a few of them Box, Dropbox, SkyDrive, Google Drive, iCloud are typical. Generally these storage solutions provide a limited amount of free storage space, and charge a fee for any additional storage required.
Certainly there have been some security breaches to these kinds of services, and various studies have pointed out potential threats. One of these involves obtaining password information, and although this risk can be reduced by using secure passwords, there is always the potential danger of passwords being hacked. Certainly any sensitive data stored in the cloud should be encrypted in order to mitigate the threat of data leakage.
Another potential problem is data loss, and there have been occasions when users have seen their data disappear without trace. One example of this was when the US Government closed down Megaupload with the result that millions of users lost access to their encrypted data. There are also potential dangers from malicious acts, disasters, and even organizations going bankrupt.
The hijacking of service traffic is another potential threat. This involves a hacker eavesdropping in your activities and manipulating them for his own advantage, for instance redirecting you to illegitimate websites that masquerade as your cloud storage service. This requires that an attacker obtains your credentials, so it can be avoided if you don’t share them with the service provider. There are also potential dangers from internal threats, such as a disgruntled employee within the service providers organization. Again the best solution is to avoid sharing credentials with the provider.
Denial of service (DoS) attacks are a significant threat. It has been used as a weapon by hackers using botnets for many years, though when organizations are dependent on continuity they can become particularly damaging. Even the threat of a DoS attack can undermine an organization so much that they have been vulnerable to blackmail.
It is vital that any organization that intends to migrate a system to the cloud should carry out due diligence before they do so. It is important to fully understand the implications of the intended cloud environment as they relate to security risks.
Many cloud service providers, for instance Mimecast encourage this process and are able to demonstrate total cloud security. However not all cloud providers are equal, so it is important to ensure that you select the one that is right for your organization.