BLOG

Cloud computing is everywhere and continues to grow as more people continue to utilize mobile applications and more data is being stored for worldwide retrieval. The desire for mobility is the key force driving cloud technologies because many users want or need to access services and data from anywhere on the planet.

It is incredibly convenient to have entertainment, business proposals, schoolwork, and a plethora of other data at your fingertips, and it can easily be argued that the capabilities cloud-based technologies offer have brought the internet into a new age.

Cloud-based technology provides us with incredible capabilities, and it is not going anywhere. Organizations need this capability, and they typically turn to cloud providers for a solution. The problem is that there are security implications that tend to be overlooked.

Read on to learn about the benefits and drawbacks to cloud infrastructure so you can better teach your cybersecurity and IT students.

Cloud Infrastructure: What Do Consumers Know?

First, the customer does not know who has access to their data sitting on the remote server. Any employee of the cloud provider can feasibly access the information sitting in a user’s account.

Consider what is being stored on those remote servers. In some cases, the data includes employee records full of personal payroll details that could be used for identity theft. Business documents about potential mergers or acquisitions could tip off an insider on looking to make some extra money in the stock market. And even private information sitting on smaller personal services can be siphoned up. A single nefarious employee working for a cloud provider could generate a significant amount of income by using stolen data, and if done well, could do so for a long time.

Second, the customer does not know if good security practices are being followed. Anyone keeping track of hacking activity knows that several large hacking incidents occur every year which expose millions of records of user data. One of the most recent reported incidents gave havers access to 35 million Xfinity customer records over three days.

Public vs. Private Cloud Infrastructures: Strong Security Practices Protects Vulnerable Data

Any organization housing a database of personal data can be a target for these types of attacks. Big data is a big business, and the hackers know that the data is often paired with enough personal information to create a payday. These hacks can often be stopped in their tracks by having solid security practices, but recent history has shown that even the largest of organizations with incredibly large budgets fail to keep every digital door secured. So, organizations need to consider building their own private cloud infrastructure.

The alternative is to establish a private cloud infrastructure on a network the organization can completely control. This requires a larger upfront cost for equipment, software, and configuration, but in the long term, it is the most secure option.

The great news is that many software applications already exist that can enable an organization to provide employees or customers with remote access capabilities that mirror public cloud infrastructures while maintaining complete control over the data and the cybersecurity posture. Even home users can configure an inexpensive network file system with VPN software to access personal files without the need to store them on an external server or incur monthly subscription fees.

Should Corporations Outsource or Build Cloud Infrastructure From Within?

Is it easier to simply outsource? Yes, and in some cases, it makes perfect sense. However, the decision to outsource needs to be made with the understanding that data may be exposed at some point in the future.

If outsourcing to a cloud provider is the only option, users should put a few countermeasures of their own in place.

First, never store any sensitive data on a server you do not control. Keep that information on an internal server and limit access to only those that need it.

Second, encrypt as much data as feasible when it is stored on a cloud provider's network. This will ensure that, even if stolen, the criminals will not be able to use the data for nefarious purposes.

Third, look for providers who have a proven track record of keeping their systems secure.

These countermeasures will limit some capabilities, but security is often the inconvenient necessity that keeps hackers at bay. A few steps can eliminate the largest security threats in a less secure environment and give users the best of both worlds. Another consideration is that some business models work best in cloud-based environments.

What Industries Should Consider Cloud-Based Options?

Cloud-based technologies make perfect sense for the entertainment industry because, with the exception of user credentials and payment information, the majority of the data is comprised of videos or music designed to entertain users. As long as the provider stores user information in an encrypted format, the risk of damage to a user resulting from a hacking incident is incredibly low.

The travel industry is another great use for cloud-based services because they too have a massive amount of data that needs to be made available to users. The high volume of traffic for these types of industries requires a large amount of bandwidth which almost always requires dedicated high-speed data centers. So, sometimes, private cloud infrastructures are infeasible. The key here is to know when to use one over the other.

Why is this important for cybersecurity or traditional computer science students? Because these are the people decision-makers will look to shortly for advice when making these decisions. Students need to be aware that a cookie-cutter solution is not the best for any organization. They need to have a broad enough understanding of the field that enables them to offer leaders all the available options and suggest the most secure solution available. If we want the internet to move towards a more secure overall posture, we need to think outside the box of current popular trends and consider alternative methodologies. A good pedagogical methodology should provide students with more than just the current popular trend. Students need to be informed about all available capabilities. Anything less is a disservice to their education.

Cloud Computing, Second Edition

Cloud Computing, Second Edition accounts for the many changes to the then-emerging business model and technology paradigm. Readers will learn specifics about software as a service (SaaS), platform as a service (PaaS), infrastructure as a service (IaaS), server and desktop virtualization, and much more.

Request Your Digital Review Copy

Related Content:

• Arming Students for the Digital Age: Educators’ Role in Meeting Cybersecurity Demand
• The Value of Open-Source Cybersecurity Software and Why Tomorrow’s Experts Need to Learn How to Implement It Today
• The Importance of Teaching Microsoft Windows Security in an Ever-Evolving Cybersecurity Landscape

Dr. Gene Lloyd is an adjunct professor at Liberty University. He teaches computer science and cyber security programs for undergraduate and graduate students with a focus on applied cryptography, digital forensics, ethics, legal issues and policies, web security, ethical hacking, security operations, risk management, network security, access control systems, and advanced topics in computer security.