Target: Cloud Storage Databases

Security Binary DataCloud storage databases are large server (computer) farms, accessible over the Internet, and owned by a service company for storing customer data for a fee. See The Cloud: A Definition. Companies rent storage space in the cloud to lower their local storage requirements, or as a backup of their data, thus saving them money. Cyber criminal organizations target these very large databases to steal information much the same as that stored…and stolen, from government and private databases. See Target: Government & Private Databases. Their appeal as targets is their enormous size and the fact that many different client databases are stored in the same network of storage devices in the server farm. Once hacked, the cyber thief or his malware would search each customer database, sampling the data looking for personally identifiable information (PII), banking credentials and account numbers, or credit card numbers. This scenario is very similar to the one described for government & private databases. However, the one big difference is that this cloud “storage for hire” operation may or may not have the wherewithal or concern to protect the stored data like a data owner would. Cloud storage is a relatively new business and very competitive. In order to make a reasonable profit, these operations may have to cut corners to remain profitable. In other words, my opinion is that no one knows more about your data and cares most about its security than you…the data owner. The bottom line is that, in my opinion, cloud storage services might be easy and lucrative targets for the cyber crooks.

Those familiar with cloud storage will counter that the data is stored encrypted, and that’s true in many cases. However, global cybercrime organizations have the very best and fastest encryption code breaking software and will not be deterred by encrypted data. Those same people will argue that the cloud company has implemented the best security practices. They may start out that way, but to my earlier thought on profitable operations, those security practices may not be funded at a level that is needed to make them effective against cyber criminal organizations with lots of funds and resources.

This is the place in the articles that I usually offer a tip to help avoid the threat I’ve written about…however, I have no helpful tip to avoid this threat. Short of finding out if cloud storage is used by each company or organization that stores data on you…virtually an impossible task; and then querying them about their storage security practices…which they won’t divulge for security reasons; I’m afraid your data might be stolen if hacked. Cross you fingers on this one. I don’t mean to be flip about this serious subject, but it illuminates the potential danger of cloud storage…in my opinion.

Be very careful…it’s dangerous out there.

Please comment on this article; we all learn from each other when our views and opinions are shared.

I hope you enjoyed this article. If you enter your email address in the Email Subscriptions box on the right column of this page, I’ll send you an email when a new article is posted. I don’t share your email address with anyone…no one; I hate spam too. Please share my site with your friends and family. Thanks.

Remember, personal computing is a blast…keep it productive and enjoyable.

Best regards,

Paul

paulsinternetsecurity(at)yahoo.com

@PaulsInternet on Twitter

Images courtesy of FreeDigitalPhotos.net and FreeByte.com

Advertisements

4 Comments

Filed under Cybercrime, Internet, Internet Security, malware, security, Warning

4 responses to “Target: Cloud Storage Databases

  1. Pingback: Paul Lubic Jr. – A Man on a Cybersecurity Mission | Bill Mullins' Weblog – Tech Thoughts

    • Bill,
      Thanks for the kind words, and for publishing my articles. You may not know this, but your friendship and expert blogging experience have been instrumental in the success of my blog. You and RamblinRick have been the encouragement I needed to stay with my “mission” since 2009. Thanks, friend.
      Best,
      Paul

  2. Paul: Your comments on Cloud security is spot on. However, I think the reader needs to discriminate between third parties that quietly use cloud resources to store one’s data. These would be companies that provide some service be it financial or other service that the end-user would reasonably assume that the data is contained within the company’s data centers. In this case, the third party is responsible for safeguarding the data regardless where its stored. Your point that there nothing the end-user can do is true.

    The other case is either a cloud service that the user engages or a company that discloses where they store the data. For example, Dropbox is a cloud service that is clear about their corporate security safeguards and the fact that they use Amazon S3 for data storage. In this case, the user does have options for safeguarding their data from opting in or out of the service to privately encrypting very sensitive data to be stored on the services. Back to the Dropbox example, though Dropbox encrypts data at rest, they manage the encryption keys, which is a weakness. Very sensitive data that must be in the Cloud should be privately encrypted. For example, SSNs, Bank account numbers and routing information, passwords should never be uploaded to the Cloud without private encryption (personally, I wouldn’t do it at all).

    When using any on-line solution, take the time to read the privacy notice as well as the security notice (if available). It will indicate the limits of their accountability as well as to offer clues as to how they handle your data.

    One final comment: The IT industry manages a huge amount of very sensitive data. Yet to your point about cost controls, the datacenter operation staff, the very folks who have the most access to your data, are typically paid on the low end of the industry’s pay scale. Something to consider …

    Greg
    http://thefamilyhelpdesk.com

What do you think?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s