Security Issues with Cloud Computing

The continuous development in technology and the modernization of the IT industry have given rise to cloud-based computing, which is actually delivering different internet-based services. These computing services include but are not limited to servers, data storage, networking, analytics and intelligence, databases, and software. Instead of dealing with a physical infrastructure of heavy devices, hard drives, and systems, just a continuous access to the internet and web is needed [1]. Different cloud service providers help large organizations manage their data, networking, and hardware requirements by providing cloud-based platforms. This computing service is gaining popularity around the IT industry due to its several advantages of easy access, seamless files and data sharing, and a cheap alternative to expensive in-house infrastructure development. As cloud computing is solely based on and accessed through the internet and web, so it also raises concerns about security issues. The major security issues with cloud computing include:

Unauthorized access risk:

Compared to on-premises infrastructure, cloud-based resources are easily accessible from any place, network, or public internet. This easy access is beneficial for employees, but it also increases the risk for unauthorized access by hackers and cybercriminals. Negligible loopholes and compromised credentials can easily allow unauthorized access to cloud-based resources of any company or organization, leading to security breaches, data theft, and other serious problems [2].

Lack of visibility:

Cloud-based resources are based on a third-party infrastructure/provided by the CSPs and are not bound to the organization network only. Without specialized cloud-focused security tools, it is challenging and ineffective to monitor the cloud-based resources and achieve network security and visibility. Lack of visibility makes the organizational resources vulnerable to different attacks.

Misconfiguration:

One of the leading causes of data breaches among many organizations opting for cloud computing is the misconfiguration of their security settings. Many companies also deal with multi-cloud deployments, each provided by a different vendor. The cloud-based infrastructure is usually designed to enable flexible access and data sharing to the users compromising over its security in some manner. The organization’s inability to take control, configure or identify the network risks in the cloud-based resources leads to misconfiguration, as they have to rely solely on CSP’s provided security protocol [3]. 

Malicious Insiders:

According to a report by Verizon on Data Breach Investigations, around 30% of the data and security breaches in 2020 were carried out with the help of an inside source. Malicious insiders are a severe threat to the organizations running on cloud computing. An insider already has easy access to all the resources, credentials, and sensitive data of the organization, posing a significant risk to the cloud infrastructure. Moreover, detecting or tracking an insider activity is relatively easy when a secure or private network is used, but in this case, the cloud infrastructure can be accessed from any network at any location, making it difficult to investigate and detect malicious staff members. 

Hijacking and external data sharing:

Most of the employees use a single, weak password without any proper authentications. This weak password can be easily hijacked by cybercriminals. The attacker can use employees’ credentials to access their accounts, leading to complete control of sensitive data, functionalities, and resources of the cloud infrastructure. Account hijacking is a severe security issue in cloud computing [5]. 

Moreover, external data sharing is also made easy in cloud computing through shareable links, URLs, and emails. Link-based sharing is, although a popular option in cloud environments but is not limited to a single recipient and poses a significant risk of unauthorized access to the shared data. 

Works Cited