Support site for do it your selfers and users looking for solutions to problems

  • Tag Archives security
  • The Cloud and Your Data Beware

    What are the disadvantages of the cloud?

                                  internet cloud

    The saying that you get what you pay for rings true here.  Let’s say, as an example, you’re using a cloud server to run a website selling widgets for ABC company.  One day ABC company’s cloud server gets hacked, the website defaced, and the original content destroyed.  Because the majority (if not all) of cloud providers have minimal if any accountability or audit trail, it may prove impossible to review logs and determine where the hack came from, what may have been stolen or if the security issue was a fault of the provider or the server administrator.  There is, in essence, a lack of transparency.

     This is compounded by a lack of security because when one is running their services in a shared hosting environment (which the cloud is, hence the lower prices) there is absolutely no guarantee of security in terms of your data being hidden from prying eyes, being manipulated or even erased.  Indeed, ABC company’s widget website could have been compromised by an insecurity in the virtualization software, rather than a fault of the server admin.  But ABC company will never know because their cloud host didn’t keep such records (a common practice to reduce storage costs and computing overhead).

     But the disadvantages unfortunately do not stop there.  Another large problem for cloud-based services is reliability.  Not only have there been numerous reports of crippling outages, but there have also been widely publicized reports about data getting lost and the providers either not willing or able to find it.  These issues have occurred within major cloud providers and have proved to undermine trust of those affected.

    Is there any recourse when your cloud service is hacked or data is lost?

     In a word, no.  There generally is not.  Most of the service level agreements stipulate limited liability when it comes to uptime (reliability), security and data continuity.  This means that even though you are a paying customer, you may not have any guarantees about the service you have subscribed to.  To analyze a hack a good forensic information security expert needs access to logs, direct access to the server and the ability to have granular control of the server’s functionality, e.g., single user boot, kernel debugging, hardware interface access, BIOS/firmware access.  Most of the time this functionality is not enabled for cloud servers, limiting both proactive and responsive measures regarding information security.

     Imagine if you are an attorney, accountant, doctor or another profession that needs to keep your client’s data private.  How can your firm claim to do that while hosting the data in an environment where there is absolutely no guarantee of privacy, security or accessibility?  What happens if one day your cloud service is down and you cannot access client records?  Worse yet, what happens if it is hacked and all your accounting records are made available to extortionist hackers?  None of these are farfetched situations.  In fact, they occur on a routine basis.

     Finally, another significant disadvantage is bottlenecks.  There’s a reason we have local area networks, and that is for efficiency, security and speed transferring data back and forth.  Once we move a local office to using the cloud to share files back and forth, all of a sudden what used to be a local, quick operation turns in to a journey.  The data that once traveled within the confines of the same office now has to go out to the (untrusted) Internet, potentially exposing the contents of whatever is being shared, and then get routed to your cloud provider, back through the Internet to your office.  This problem produces a number of potential bandwidth bottlenecks that can hinder performance and also expose sensitive data.