Dark cloud or a cloud with a silver-lining?
Limited Time Offer!
For Less Than the Cost of a Starbucks Coffee, Access All DevOpsSchool Videos on YouTube Unlimitedly.
Master DevOps, SRE, DevSecOps Skills!
Source:-deccanchronicle.com
I awakened this morning to cloudy north-east monsoon skies and intermittent drizzle. My daughter was flying down from Mumbai after nearly three months. I knew the aircraft she was in would graze the dense clouds and pierce through them before touching down in the next 20 minutes. As I looked up at the sky, with anticipation and excitement of seeing her, I eavesdropped on a thought which proposed that Cloud computing might be a good idea to contemplate on during such cloudy days. And I also knew, Mat Honan would be a good place to start.
Mat Honan, worked as a senior writer for the Wired magazine, he had an awesome and a cool digital life. His browser displayed beautiful pictures of his 18-month-old daughter, and his tab buzzed with thousands of his followers on Twitter. One fine August afternoon in 2012, Mat was playing with his daughter when his mobile phone suddenly went lifeless. Trying to restore it, he connected his mobile phone to the power source, expecting to see his custom screen saver and the apps. He instead saw the mobile display a multilingual invitation to set up his mobile phone. He was baffled.
As Mat had religiously backed up his iPhone every night, he believed his data would be safe on his iCloud account. He logged in there to reclaim his data and account. Upon doing so, he was horrified to learn that his password, which he knew to be correct, was being divulged as incorrect by iCloud. Startled, he connected his mobile phone to the laptop, hoping to restore the data from the hard drive of his MacBook. The MacBook too informed him that his password was incorrect and abruptly turned blank. He soon realised that someone had also hacked his Gmail and Twitter accounts.
The entire data Mat had accumulated over his lifetime, including his daughter’s pictures, had been erased. All his Gmail messages, work conversations, family photographs, notes, and reminders were gone too. Having just undergone a massive unsuspecting digital onslaught, Mat decided that he should investigate what had happened.
How the hacker downed Mat
When he called Apple tech support, they told him that 30 minutes prior to his call, a caller had contacted them. The only information Apple needed back then to give the password details was the mailing address and the last four digits of his credit card number. Mat’s mailing address was available on his website, and the hacker armed with Mat’s email ID and his address exploited a naive customer service employee at Amazon to get the last four digits of Mat’s credit card. As in Mat’s case, authorising personal information such as family photographs and precious personal information to Cloud service providers could come with huge risks.
We may not be aware that our various accounts get linked to one another as in Mat’s case, we may have the same credit card number on an Apple and
a Flipkart profile, our iCloud email address may point to our Gmail address and our login credentials may be available online waiting to be creatively or deviously exploited by those wanting to destroy our digital lives.
What is Cloud? In computing parlance, Cloud refers to the practice of storing data on remote servers, sometimes in numerous locations, which is owned and managed by a hosting company. Cloud computing is believed to have been an invention of Joseph Carl Robnett Licklider in the 1960s to connect people and data from anywhere at any time. Cloud service providers store, manage, protect and allow access to our data. Subscribers and organisations buy or lease storage capacity from the hosts to store data.
At an individual level, it would mean, our mobiles are uploading and storing pictures on Instagram, our emails on Google and our documents on mDropbox. The changing paradigm in computing means that less information gets stored locally on our computers and is instead being hosted elsewhere on earth. We may access cloud storage services through a collocated cloud computing service, a web service application programming interface (API) or by applications that use the API, such as cloud desktop storage, a cloud storage gateway or Web-based content management systems.
Software as a Service
We mostly do not buy software anymore; we just rent it or receive it for free using a new business model known as Software as a Service (SaaS). The accumulation of all these data means our most personal of information is no longer likely stored solely on our local hard drives but are now assembled on computer servers around the world. By aggregating everybody’s essential data, financial and otherwise, on cloud-based computer servers, we’ve prevented the need for criminals to target everybody’s hard drive individually and instead put all valuables in a single basket for criminals and hackers to target.
Cloud computing functions by using the Internet with the help of software and hardware virtualisation. The most significant advantage is the flexible ease of storage and release of data as per the needs of the user. The other advantages of Cloud computing are lowered prices because of the curtailment of cost of hardware/software and better efficiency.
In 2017, Amazon generated $3.2 million from their public cloud computing infrastructure division known as Amazon Web Services. Microsoft knowing full well that more and more people would use the cloud in the days to come had earmarked 90 percent of its R&D budget in 2011 on cloud computing products and applications. Forbes had reported that by 2018 over 50% of IT spending will be cloud-based.
Banks are the most enthusiastic users of the cloud for mobile banking and virtual transaction services. Companies use cloud more for storage than application development. Over 90 percent of all businesses witnessed at least one area of improvement in their IT department after they moved to the cloud. Small to medium business that adopted the cloud experienced a 40 percent growth in revenues after a year compared to those that did not use the cloud.
Cloud handles gargantuan data
But on the downside Cloud has several issues. The provider of the cloud computing services has access to gargantuan data and there is a great risk of it being leaked intentionally or accidentally. The data is also in danger of being deleted or modified. This is mainly because most service providers use administrators who could be lured or coaxed to disclose data for personal or political gain.
There are instances where cloud service providers have compromised the privacy of several companies. Most service providers have a privacy policy that subscribers have to agree, which lets them share data with third parties for law and order.
For instance, Dropbox has a privacy policy which states that for law and order purposes, they may reveal information to third parties if they determine that
such disclosure is reasonably necessary to (a) comply with the law; (b) protect any person from death or serious bodily injury; (c) Prevent fraud or abuse of Dropbox or our users; or (d) Protect Dropbox’s property rights.
Then there are technical issues. If the servers are down or if there is a denial of service attack, it may not be possible to access data. Cloud computing services require a secure internet connection and consume a great deal of power of the devices such as the smartphone.
Major cloud service providers breached
Data breach is a huge issue in cloud computing. Hackers could rip off various types of information from a compromised cloud such as email addresses, credit card information, mailing addresses and personal messages. There must be a law to notify customers of the breaches. The U.S. has one such law. The nonlocal storage of our data raises important questions about our deep reliance on cloud-based information systems. When these services go down or become unavailable via DDoS attack, or when we lose our Internet connection, or if our data becomes unavailable, we could go out of business.
All major cloud service providers, such as Dropbox, Google and Microsoft, have gotten breached, and we can foresee more to happen in the future. Several thousand businesses that have valuable data stored in the cloud continue to get breached and stolen. On August 31, 2014, hackers posted a collection of nude photos of various celebrities such as Jennifer Lawrence and Kate Upton on the anonymous image-sharing website 4chan. Apple initially believed that the hackers had got the images via a breach of Apple’s cloud services suite iCloud, or a security issue in the iCloud API. However, Apple came to know later that the access route was via spear phishing attacks.
Aadhar breach exposed billion Indians
The breach of Aadhar data which exposed literally over a billion Indian citizens has been one of the most significant breaches to date. The information breached included data such as a member’s names, their identity numbers which are unique 12-digit numbers assigned, biometric data, and information about the services being subscribed to such as bank details, utility services etc.
Another breach that made major headlines was that of Cambridge Analytica; a British political consulting company started in 2013. Cambridge Analytica had collected Facebook information of 87 million users inappropriately to build political profiles of each Facebook user and target-specific political advertisements to manipulate them in a particular way prompting an investigation by the U.S. Congress into the allegations which led to Mark Zuckerberg testifying.
On November 30, 2018, Marriott Starwood Hotels revealed they had recognised a data security breach of their guest database, which it believed compromised up to approximately 327 million guests who made a reservation at a Starwood property. The records that got jeopardised contained information such as name, mailing address, phone number, email address, passport number, Starwood Preferred Guest accounting information, date of birth etc.
Code Spaces is an example of a company that was entirely put out of business by a single cloud security incident. The hacker compromised Code Spaces’ Amazon Web Services account and demanded a ransom. When the company declined, the hacker started erasing their data until nothing was left.
Users become victims
In all such cases, it may be the cloud service provider who gets targeted, but we become the victims as the data that is stolen is ours. The terms of service conditions of such companies to which subscribers agree to hold the providers of cloud services unaccountable when such breaches occur. These attacks threaten intellectual property, customer data, and even sensitive government information.
Mat Honan, with whose story we began, eventually created a new twitter account and established contact with his hacker who had annihilated him online. Mat implored his hacker to explain why he had snuffed out his digital life. The teenager replied that he had done so because he had liked his twitter name and wanted it for himself. Not much has changed since then; we are today as much vulnerable as Mat was back in 2012 as we ratchet our reliance on mobile and cloud-based applications.
Whether Cloud computing turns into dark clouds or a Cloud with a silver lining depends on our ability to protect data from being breached or leaked inadvertently. Following best practices can help organisations ensure that their data is kept safe and secure. Using a monitoring and security solution that utilises machine learning to monitor the public cloud environment can be extremely powerful.
Spiritually too, we may be living in a cloud computing universe. If we think of our memories as a document on Google drive. Everything is already in the cloud. So our consciousness is out there in the cosmic cloud as well, which is getting auto-updated in real-time.