The surge to cloud technology is rapidly gathering pace. In the space of just a few years it has moved from a technology that many people were unsure about, though they recognised its potential, to a technology that is being adopted by the largest of blue chip global organisations and the smallest of small businesses.
The cloud has been around a long time. Web-based email services such as Gmail and Hotmail are cloud services. If you use one of these services every time you access your email you’re plugging into a server housed in a data centre that is sitting somewhere on the internet.
Internet-based services, or the cloud, solve a pressing problem; a means to store the explosive growth in digital data. And it’s certainly explosive. A few years back a number of technology companies reckoned that the amount of digital data zipping around the internet was set to exceed a zettabyte.
What’s a yottabyte?
A zettabyte represents a staggeringly mountainous amount of data. To make sense of what a zettabyte is, it roughly equates to the storage capacity of 75 billion 16GB iPads. Or to put it another way, it would take every single person on the planet, all 7 billion of them, tweeting non-stop for 100 years to generate a zettabyte. Who knows how long it will be before a zettabyte becomes a yottabyte the next unit of digital data measurement? Probably not that long.
The point is that the cloud is rapidly becoming the default platform for storing data and launching services. For small companies it’s far more cost effective to rent a web server and launch their services from it rather than spend a lot of ‘overhead’ money on hardware and professional services for an in-house platform.
Novice hacker scoops the prize
But the question on everyone’s lips, even those monster-sized companies with in-house technology expertise, is how secure is the cloud? Interestingly, in 2013 a competition was held to see how secure cloud servers are. The prize was $5,000. Six servers were set up, two running Microsoft software and four running open source Linux.
The hack was completed within four hours. Alarmingly, the winner wasn’t even an expert. He reportedly said: “I just thought I’d spend two or three hours poking around and see what I could learn, and it would make for an interesting evening.”
The security settings for the servers mimicked the set up often seen in servers used to launch cloud servers. The problem is that the appeal of cloud services is that they can be set up cheaply and quickly. Imagine Company X is set to launch a new range of low cost sportswear that it’s sourcing from China. Why should it spend money on its own servers along with the cost of professional services to keep everything running when it can get the same set up by renting out a server much more cheaply? Unfortunately, beyond the default security settings, no one gives much thought to security. There’s an assumption that the default settings are enough.
The scent of money
This is redolent of the early days of ecommerce, when a raft of electronic adventurers lured by the scent of money rushed towards the internet with recklessness. There was a fever in the air, some great ecommerce sites went up offering all manner of goods, analysts were predicting the death of street shopping and financial analysts were trying to value these new online operations – and often failed hopelessly. The lack of security on many of these sites was soon exposed. There’s a similar, if not quite the same intensity, atmosphere around cloud services. And similarly, security is taking a back seat.
Most of the growth in cloud services is happening in small businesses, precisely because it’s cost effective. And it has been proven that hackers can dig into the internet and identify servers which are running on cloud servers. Cloud is cheap because the services are shared. So for example, a server will be shared by a number of users, whether it’s a book seller, a shoe shop or a fashion retailer. But because these services are shared data could leak. There’s also the fact that the concentration of users and data on just a few locations is also attractive for hackers.
The largest hack in history?
Perhaps the most infamous cloud hack was the Sony data breach that compromised the personal data of more than 70 million customers a few years ago. Until recently this was the largest hack in history to date, with users of the company’s PlayStation streamed games affected. Users could still play their games offline but couldn’t get online for near to three weeks, though how many wanted to after having their data was compromised is a moot point. The alarming thing about this breach is if a mega corporation like Sony couldn’t protect its cloud service by running up-to-date, patched software and an appropriate firewall how many others are in the same position.
The fallout from this hack is not so great today given that it happened in 2011 but at the time it certainly had an impact on the cloud industry with many companies in the area taking a hit on their share prices. If there are any positives, it’s the hope that others would have learnt and as a result put good security practice in place.
How to protect yourself
Thankfully, there have been few cloud hacks on a similar scale since then but that’s not to say there won’t be anymore. That said, there are some simple steps you can take to protect yourself. Cloud storage services for example, often offer the ability to control who can access your files. You’ve got ‘private’ where only you can view the files, ‘public’ where everyone can view the files or ‘shared’ where only selected people can view the files. Select the one that is most appropriate for you.
Another obvious point is to choose a strong password. Most cloud services will be controlled by your username and password, so make sure you use a strong password that combines upper and lower case letters and numbers.
Good cloud storage providers will have clear and transparent information on their website about how they will secure your personal information and what they will or will not do with it. If you can’t find this information or feel the terms are unfair or laced with confusing jargon it might be a good idea to give the service a swerve and look elsewhere.
A summary – ask questions
A cloud storage provider might also store your data in an encrypted form and keep the key in a safe and secure location. When you use your username and password to log into the service they will decrypt your files so that you can access them. This is good practise.
So in summary, if you’re about to use a cloud service and you want to know how secure your data is follow these simple steps: check the company’s security provisions and find out whether your data is encrypted, use a strong password and control who can access your data. These tips will keep you safe but remember nothing is foolproof and if a hacker gains access to your data via a company server, the onus is on the provider to protect you. So it’s worth investigating what provisions they have in place should this happen.
About the author
Steve Bell is a technology and business journalist writing for the UK national and trade press as well as many of the world's leading tech companies including BullGuard.