Cloud computing is increasingly important to businesses and individuals alike. Cloud computing was first developed by the United States military during the cold war when information sharing and integrated networks were identified as important features of a national defense computer system. Requirements set out in a report by the Pentagon led to the creation of ARPANET, one of the world’s first computer networks. ARPANET allowed computer terminals to share data with each other, laying the groundwork for what would become the cloud.
The term “cloud computing” did not appear in publications, however, until the 1990s. Practical use of the term did not emerge until 2006 when Google CEO Eric Schmidt introduced it during an industry conference. Schmidt laid out a vision for the future of computing, influentially declaring that most computing and storage solutions would exist on remote servers, with data being transferred constantly to endpoint devices.
Both storage and computing solutions are increasingly remote from the end-user. This remote computing is immensely convenient for companies and users that cannot afford to constantly update computing hardware. It does, however, come with a unique set of security risks. Primary among these risks is the amount of time data spends in transit. Cloud users also need to be aware of the risks of upscaling and introducing third-party code into secure systems. Luckily, a cloud security industry is already well established. Here is a very brief layperson’s guide to cloud computing security.
Cloud computing and storage are inherently remote. Data needs to be transferred between servers and end-user computer terminals in order to be used. This means that a great deal of potentially sensitive data is being transferred online at any given moment when a cloud service is being used. This poses a security risk. Malicious actors can ‘intercept’ vulnerable data as is it transferred. Encryption is the only way to definitively prevent this from happening. All data must be end-to-end encrypted if it is to be safely transferred.
Cloud encryption is the process of transforming readable data into unreadable data that cannot be made sense of by malicious actors. Encryption is by no means a new phenomenon. Encryption has been used for thousands of years to transmit messages in secret. In the modern era, however, encryption usually refers to the process of making digital files unreadable to the wrong people. Unreadable formats such as ciphertext are transferred to and from remote servers, where decryption protocols are then used to make sense of them. In cloud computing, encryption has found a new significance. There are two main forms of encryption that are used in cloud computing security. Both types of encryption need to be employed in order to create a completely secure network:
As discussed earlier, one of the greatest vulnerabilities related to cloud computing is the amount of time data needs to spend in transit. Cloud computing relies upon the constant transfer of data in order to work correctly. The most prevalent kind of encryption used for data in transfer is the HTTPS protocol. Standing for HyperText Transfer Protocol Secure, this protocol ensures that an SSL wrapper defends the communication channel used to transfer data. SSL – which stands for Secure Sockets Layer – isn’t just a way of encrypting data. SSL helps to ensure that the server and endpoint device are who they claim to be – an important feature of any security system.
Data isn’t just vulnerable when it is in transit. A good cloud security plan will involve the encryption of data when it is sitting dormant on a server or endpoint device. This removes some of the danger associated with unauthorized access or data leaks caused by phishing. Data leaks, whether malicious or accidental, cannot always be stopped by encrypting data in transit. A great many data leaks are caused by authorized members of a company’s staff or by inadvertent lack of care over data security. Encrypting data while it is at rest is a tactic used to dissuade this kind of disaster.
Effective cloud computing relies upon containers. Containers are essentially like remote software packages. They allow computing functions to be completed by remote users. Containerized software is far more efficient than completely virtualized software. Virtualized software was initially thought to be the key to offering computing functions to organizations remotely, but virtualized software has many of the same drawbacks as conventional software. It relies too heavily on the computing power of an endpoint device. One of the greatest benefits of cloud computing is that it does not – in theory – require state-of-the-art endpoint devices to complete complex tasks. Containerized software is much more efficient and saleable. Containers allow developers to create repeatable and reliable virtual environments that can be exported remotely. A completely new area of cloud network management known as ‘container orchestration’ has sprung up in the wake of containerization to assist with migration to a containerized cloud system.
Container security is immensely important, as any compromise of a container can compromise a whole system. Systems like Kubernetes security are vital to cloud computing providers and users. Kubernetes security and similar solutions are designed to protect the integrity of the containers used to deliver cloud computing services. Container security is made complex by the quick turnover of containers themselves. Unlike traditional virtual environments, containers are constantly scrapped and remade automatically. A container security expert is never going to be able to keep up with this without the help of a great deal of automation. Part of the issue with securing containers is that third-party code (like image metadata) may be vulnerable to attack. Container security plans usually involve the scanning of third-party files for anything that could make the container as a whole vulnerable.
One of the main benefits of cloud computing and storage is the ability for resources to be accessed by any authorized person with an internet connection. As you can imagine, this feature of cloud computing also implies some pretty serious security risks. If resources can be accessed remotely, then the chance of unauthorized access increases dramatically unless the correct measures are taken. There have been several high-profile cloud computing security breaches that have been the result of unauthorized access.
The solution to these cloud security breaches is for companies to implement very strict and secure multi-factor authentication policies. Multi-factor authentication is exactly what it sounds like: users of a service need to be able to use multiple factors to authenticate their identities. This can involve biometric data, password confirmation, email verification, or any combination of these elements. Multi-factor authentication should be a standard feature of any cloud computing security plan. Passwords are extremely vulnerable in most cases. Hackers can use brute force attacks to gain access to password-protected areas. They are most effective when combined with biometric authentication.
Biometric data has been accepted as one of the most fool-proof methods of securing genuine authentication. Biometric authentication can be achieved using several means:
Fingerprint recognition is one of the oldest forms of biometric identification. Each human being has a unique set of patterns on their fingers. In the mid 19th century, police forces – which were then newly formed – began utilizing this unique feature of the human form when it was recognized that other methods used at the time were insufficient to positively identify a suspect. In the United States, the drive towards the use of fingerprints was accelerated after the ‘William West – Will West case’. This was a case involving two prisoners who looked very similar and who shared the same name.
Fingerprint scanners are useful authentication tools. Many mobile telephones include fingerprint scanners, which can be used to authenticate people wishing to enter a cloud network.
Facial recognition software has a high degree of accuracy, making it perfect for cloud security purposes. The ubiquity of cameras on endpoint devices such as laptops and mobile phones makes the effective distribution of this software very easy. Endpoint devices are far more likely to include digital cameras than fingerprint scanners, making this a very popular method of biometric authentication. Facial recognition software is, in some contexts, very controversial. In some parts of the People’s Republic of China, the government has been accused of using facial recognition cameras to exclude practicing Muslims from society. Likewise, the police in the United Kingdom recently started using facial recognition technology to identify members of protest groups.
Each human being has a unique voice. There are many variables that change the way a voice sounds. Mouth shape, vocal cord health, diaphragm size, and lifestyle all make a voice individual. If samples of an authorized person’s voice are provided, authentication can be achieved through audio analysis.
Retinal biometric authentication is achieved using a scan of the back of the eye. Each eye has a unique pattern of tiny veins clustered in it. If you have ever had a retinal scan at the opticians, you’ll know just how bizarre these look.
Hopefully, this quick guide to cloud computing security has solved some of your initial thoughts and questions.
By James Daniels
Bio: James Daniels is a freelance writer, business enthusiast, a bit of a tech buff, and an overall geek. He is also an avid reader, who can while away hours reading and knowing about the latest gadgets and tech, whilst offering views and opinions on these topics.