Cloud Storage: What Is It & Who Runs It?

Uploaded on 2019-11-27 in TECHNOLOGY--Developments, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The Cloud is a major talking point  in computing currenty, but its meaning is rather, poorly understood. Even so, its highlt likely high that you have already used the cloud, even if you were probabaly unaware of it it at the time. 
 
Cloud computing involves using the power of the Internet to outsource tasks you might traditionally perform on a personal computer, anything from handling simple storage to complex development and processing, to a vast and powerful remote network of inter-connected machines. Information and data is stored on physical or virtual servers, which are maintained and controlled by a cloud computing provider, such as Amazon and their AWS product. 
 
As a personal or business cloud computing user, you access your stored information on the 'cloud', via an Internet connection.
The cloud is simply a collection of servers housed in massive, acre-filling complexes and owned by some of the world's largest corporations. 
 
This essentially means that our data sits on computers we don't have access to and Microsoft, Amazon and Apple have all invested huge sums in creating homes for our personal data.
 
Most of Virginia's major cloud campuses are focused on the data center cluster around Ashburn in Loudoun County. Microsoft has plenty of servers in Ashburn, but even more in a hyper scale cloud campus in Boydton, a tiny town of about 400 residents near the North Carolina border.
 
Cloud History
Cloud computing is believed to have been invented by Joseph Carl Robnett in the 1960s with his work on ARPANET to connect people and data from anywhere at any time. 
  • In 1983, CompuServe offered its consumer users a small amount of disk space that could be used to store any files they chose to upload.[2]
  • In 1994, AT&T launched PersonaLink Services, an online platform for personal and business communication and entrepreneurship. The storage was one of the first to be all web-based, and referenced in their commercials as, "you can think of our electronic meeting place as the cloud." 
  • Amazon Web Services introduced their cloud storage service AWS S3 in 2006, and has gained widespread recognition and adoption as the storage supplier to popular services such as SmugMug, Dropbox and Pinterest. In 2005, Box announced an online file sharing and personal cloud content management service for businesses. 
Cloud Today
This summer’s infamous Capital One breach the most prominent recent example. The breach resulted from a misconfigured open-source web application firewall (WAF), which the financial services company used in its operations that are hosted on Amazon Web Services (AWS). 
 
Software engineer Paige Thompson was arrested in late July for an unprecedented hack into a cloud server containing the personal data of over 100 million people who had filed credit card applications with leading financial institution Capital One.
Thompson’s ultimate theft of the 100 million customer records, 140,000 Social Security numbers and 80,000 linked bank details of Capital One customers is apparently only one of her many hacks. In a legal filing related to keeping her remanded into custody, federal prosecutors say she hit more than 30 other targets, including companies and educational institutions.
 
By 2022, at least 95% of cloud security failures will be the customer’s fault, Gartner estimates, citing misconfigurations and mismanagement.
 
There are a number of factors are at play in creating, and exacerbating, the mis-configuration problem. These include:-
  • In most cases, the customer is in charge of protecting its virtual machines and applications. It’s too often assumed that the cloud service provider is in charge of securing the cloud environment. That’s only part of the story. Infrastructure as a service (IaaS) providers such as Amazon, Microsoft and Google take care of security for their physical data centers and the server hardware the virtual machines run on.
  • It doesn’t matter what kind of security defenses the cloud provider offers if customers don’t protect their own networks, users and applications. Cloud providers offer security services and tools to secure customer workloads, but the administrator has to actually implement the necessary defenses. 
  • A disconnection between perception and reality. As reported by McAfee, many breaches have occurred in IaaS environments that don’t fit the familiar “infiltrate with malware”  In most cases, the breach “is an opportunistic attack on data left open by errors in how the cloud environment was configured.”  The data shows a worrisome disconnect between the misconfigurations that companies using IaaS environments are aware of and those that escape their attention. Survey respondents say they are aware of 37 misconfiguration incidents on average per month, but McAfee’s customer data shows that those enterprises actually experienced about 3,500 misconfiguration incidents per month, a year-over-year increase of 54%. 
In other words, 99% of misconfigurations in enterprise IaaS environments go unnoticed, according to McAfee.
 
  • There are numerous tools widely available which allow potential attackers to identify misconfigured cloud resources on the internet. According to Symantec’s 2019 Internet Threat Report, in 2018 Amazon Web Services S3 buckets emerged as an Achilles heel for organizations, with more than 70 million records stolen or leaked as a result of poor configuration. . Unless organisations take action to properly secure their cloud resources, such as following the advice provided by Amazon for securing S3 buckets, they are leaving themselves open to attack, according to Symantec. 
  • Increasingly complex enterprise IT environments. The growing adoption of multi-cloud environments among enterprises, coupled with a lack of complete awareness of all the cloud services in use at an enterprise, is exacerbating the misconfiguration problem, according to McAfee. In its recent study, 76% of enterprises reported having a multi-cloud environment, but an examination of customer data found that actually 92% of those environments are multi-cloud, an increase of 18% year over year.
  • While multi-cloud environments have advantages, they can also become complicated to administer, manage and control. “Security practitioners responsible for securing data in IaaS platforms are constantly playing catch up, and they don’t have an automated way to monitor and automatically correct misconfigurations across all the cloud services,” says Dan Flaherty, McAfee director of product marketing.
Understand your Infrastructure 
Rather than always looking for known threats, as many cybersecurity professionals have been trained to do, you should also strive to understand your enterprise’s complete infrastructure and what’s running on it.  That can be challenging in today’s increasingly complex multi-cloud environments. But if you have a completer picture of your environment and you know what to expect, you can more effectively detect threats. 
 
CSO Online 1:        CSO Online2:       HowItWorks:      Wikipedia:
 
You Might Also Read: 
 
Business Migration To The Cloud:
 
 
« WEBINAR: How to Leverage a CASB for Your AWS Environment
Tracking 5G Protocol Flaws »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Tendo Solutions

Tendo Solutions

Tendo Solutions provides intelligence, security, forensics and risk solutions to clients across different sectors and jurisdictions.

Quotium

Quotium

Quotium provides automated testing technologies to make business software applications secure and robust.

Rambus Security Division

Rambus Security Division

Rambus Security Division solutions span areas including tamper resistance, content protection, network security, mobile payment, smart ticketing, and trusted provisioning services.

VivoSecurity

VivoSecurity

VivoSecurity is a pioneer in cyber risk quantification based on data science. Our products and services help organizations achieve optimal information security and GRC programs.

Applied Security (APSEC)

Applied Security (APSEC)

APSEC provides products and services in the areas of encryption, digital signature, authentication and data loss prevention.

OGiTiX

OGiTiX

OGiTiX Software AG is a German software manufacturer specializing in Identity and Access Management.

Veriff

Veriff

Veriff provides highly-automated identity-verification services that prevent fraud like nothing else on the market.

Cloudsine

Cloudsine

Cloudsine (formerly Banff Cyber Technologies) is a cloud technology company specializing in cloud adoption, security and innovation.

Cygenta

Cygenta

Cygenta brings a new approach to cybersecurity. We understand that true security means having digital, human and physical security working in harmony.

Wickr

Wickr

Wickr's mission is to secure the world's most critical communications. Wickr provides the highest standard of encryption trusted by millions worldwide.

Digistor

Digistor

Digistor is a leading manufacturer of industrial-grade flash storage products, secure storage products, and Removable Secure Data Storage.

Paubox

Paubox

Paubox offers secure, HIPAA compliant email and marketing solutions to fit the needs of modern healthcare organizations of every size.

MetaWeb Ventures

MetaWeb Ventures

MetaWeb Ventures is a global venture capital firm focused on pre-seed and seed investments in crypto start-ups.

Avrem Technologies

Avrem Technologies

Avrem Technologies is a business IT and cybersecurity consulting firm. We design, implement, manage and monitor the networks, servers, computers and software that our clients rely on each day.

Blockfence

Blockfence

Blockfence are a seasoned crew versed in enterprise-grade cybersecurity and crypto, on a mission to collaboratively shape the future of Web3 security.

SolidityScan

SolidityScan

SolidityScan is an advanced smart contract scanning tool designed to uncover vulnerabilities and proactively address risks within your code.