As cloud usage expands, so do security risks

March 6, 2013 by Steve Johnson

Holding everything from highly personal medical and social media material to confidential financial and corporate documents, Internet-based cloud services are gathering an enormous trove of information - already a quarter of the world's business data - that is proving a powerful lure for hackers.

One notable example was the February 2011 breach at Nasdaq's Directors Desk, which maintains records for thousands of corporations. Nasdaq has said little about what happened. But the case reportedly has prompted several federal investigations and sparked speculation that the culprits could have spied on secret communications of company board members.

Coupled with more recent breaches at Web Marketer Epsilon, LinkedIn and - along with surveys showing such attacks alarmingly common among businesses - many experts say too little is being done to prevent cyber crooks from pilfering , trade secrets and other on the cloud.

"It's scary," said Eric Chiu, co-founder and president of Mountain View, Calif., company HyTrust. If a hacker gets access to that information, he said, "they've got the keys to your kingdom. They can make copies of everything you have, and they can potentially destroy your data center."

Although definitions of cloud computing vary, it usually involves a shared service that lets customers access their data using Internet-based software or servers. Cloud storage can cut a company's costs, and make it easy to retrieve information from nearly anywhere via the Internet.

The cloud is used to send email, print from mobile devices, exchange medical information, share on social networks and much more. Just among cloud document-storage services, such as Dropbox and Google Drive, the number of subscribers will double from 625 million this year to 1.3 billion in 2017, according to market researcher IHS.

Corporations have been among the biggest adopters. Research firm Gartner has predicted that the worldwide revenue from public clouds, a popular kind shared by multiple customers, will soar from $91.4 billion in 2011 to $206.6 billion in 2016.

Yet the trend poses risks. Symantec in January reported that 43 percent of the 3,236 businesses it queried had "lost data in the cloud," although it didn't ask how much was due to cyber attacks.

Those companies weren't alone. Of nearly 500 information-technology professionals Intel recently surveyed, 46 percent said their firms had suffered a security breach - meaning their data was lost or accessed by unauthorized means - on two popular types of clouds. And most of the victims said they were experiencing more breaches than when they had kept the data on their own networks.

Some information placed in the cloud can get into the wrong hands because of equipment mishaps or employee foul-ups. There also are growing fears it could happen it as a result of lawsuits or government subpoenas. Of 100-plus IT professionals polled last year by security firm Lieberman Software, 48 percent said "the thought of government or legal action deters them from keeping data in the cloud."

But hackers are among the biggest concerns, and many businesses mistakenly assume their cloud providers will keep the crooks at bay, said JD Sherry of the Japanese security firm Trend Micro. While offering some protections, he said, the providers often leave security largely to their customers.

"That burden of responsibility typically falls upon the customer and that often can be a huge challenge for a lot of folks," he said.

Amazon provides a wide array of security measures for its cloud services, according to a company statement. But it said a customer of those services "assumes responsibility and management of the guest operating system (including updates and security patches), other associated application software, as well as the configuration of the (Amazon)-provided security group firewall."

It's not clear how much monetary or other damage has been caused by cloud data breaches. Officials at Epsilon and Twitter have issued only terse comments about their breaches, while has argued in response to a lawsuit over its hacking that no one was seriously harmed.

But Eve Maler, a Forrester Research principal analyst, said even a social media site break-in can cause havoc.

"The bad guys might see direct messages containing personal information meant for the company, or could send out messages that harm the company's brand or business," she said.

Breaches of corporate financial data and trade secrets could be far more serious, and cloud-based companies will have to become quicker at responding to cyber attacks, said Art Gilliland, general manger of enterprise security products at Hewlett-Packard. Even so, he predicted more companies will be victimized as they shift their data into the ether.

"It's going to happen," he said. "It's inevitable."



Almost a quarter of all business information globally is now in the cloud, according to Symantec.

Among cloud document-storage services, such as and Drive, the number of subscribers will double from 625 million this year to 1.3 billion in 2017, according to IHS.

Gartner predicts worldwide revenue from public clouds, a kind shared by customers, will soar from $91.4 billion in 2011 to $206.6 billion in 2016. But the security of cloud data is a big concern.

Of nearly 500 information-technology professionals Intel recently surveyed, 46 percent said their firms had suffered a security breach on public and related "hybrid" clouds.

Symantec in January reported that 43 percent of the 3,236 businesses it queried had "lost data in the cloud."

In a survey last year of 2,007 American adults by CouponCodes4u, an online site that provides coupons and other discounts by retailers, only 31 percent said they felt safe storing personal documents through a cloud provider.

Explore further: IT security problems shift as data moves to 'cloud'


Related Stories

The trustworthy cloud

March 7, 2012

Not a week goes by without reports on security gaps, data theft or hacker attacks. Both businesses and private users are becoming increasingly uneasy. However, when it comes to technologies like cloud computing, trust and ...

Google might launch Drive for cloud storage soon

February 12, 2012

( -- Google's next big move, according to the Wall Street Journal, is a cloud storage service called Drive. Hardly first to the plate, Google is simply catching up to introducing its cloud repository idea for ...

Oracle buys 'cloud' service firm RightNow

October 24, 2011

Enterprise software giant Oracle said Monday it had struck a deal to buy RightNow Technologies, which helps companies manage their cloud computing activities, for $1.5 billion.

Head for the clouds, feet firmly on the ground

March 5, 2012

Computer engineers in the US writing in the International Journal of Communication Networks and Distributed Systems have reviewed the research literature to get a clear picture of cloud computing, its adoption, use and the ...

Cloud computing: Gaps in the 'cloud'

October 24, 2011

Researchers from Ruhr-University Bochum have found a massive security gap at Amazon Cloud Services. Using different methods of attack (signature wrapping and cross site scripting) they tested the system which was deemed "safe". ...

Recommended for you

Cryptocurrency rivals snap at Bitcoin's heels

January 14, 2018

Bitcoin may be the most famous cryptocurrency but, despite a dizzying rise, it's not the most lucrative one and far from alone in a universe that counts 1,400 rivals, and counting.

Top takeaways from Consumers Electronics Show

January 13, 2018

The 2018 Consumer Electronics Show, which concluded Friday in Las Vegas, drew some 4,000 exhibitors from dozens of countries and more than 170,000 attendees, showcased some of the latest from the technology world.

Finnish firm detects new Intel security flaw

January 12, 2018

A new security flaw has been found in Intel hardware which could enable hackers to access corporate laptops remotely, Finnish cybersecurity specialist F-Secure said on Friday.

1 comment

Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet Mar 06, 2013
A secret shared is a secret bared.

Share nothing with the cloud, particularly if you don't even know what it is. Don't trust AmaXon? Some of the cloud is AWS.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.