Jiangyue Wang IEPA-060NC-001 JUNE 8
JUNE 8, 2018
Nowadays, more and more people like to use cloud computing to store their data. At the same time, the development of cloud computing is becoming faster, many items derived from cloud computing is becoming closer to the People’s Daily lives (for example, the hospital’s information platform, the education platform of cloud, the cloud game, etc.), but is cloud computing really safe? As cloud computing becomes more and more popular, more and more people begin to use cloud computing, and the problems that come with it become more and more numerous. Cloud computing can be defined in two ways: narrow and broad. Cloud computing, in its narrow sense, refers to the delivery and usage patterns of IT infrastructure, which refers to obtaining the required resources through the network in an on-demand and scalable manner. Cloud computing, in its broadest sense, refers to the delivery and usage patterns of services, which refers to obtaining the required services on demand and in an easily extensible manner through the network. As people become increasingly understanding of cloud computing, opportunities are increasing of cloud computing has brought the development of each enterprise, to realize information resources sharing, but the problems of information security are also obvious. There are many serious problems in cloud computing. First, there are many loopholes in cloud computing which can be invaded by virus trojans and hackers. Second, the cloud computing employees’ negligence leads to customers’ data loss. Third, there is not one law that regulates how information can be accessed in the world by any countries.
First, there are many loopholes in cloud computing which can be invaded by virus trojans and hackers. There are many vulnerabilities in cloud computing, such as password attacks, phishing websites, and eavesdropping. Cloud computing can integrate all the data of user information and it took all the information concentrate in a large box which makes it attractive to the hacker, finally these data becomes a target for hackers. Hackers and other criminals will use viruses to break into computers, steal users’ rights to use, arbitrarily change, steal, and leak users’ information, thus causing serious losses. In “Security threats on cloud computing vulnerabilities.” (Te-shun Chou,2013) writes that hackers use various technologies to access cloud services illegally or to interrupt them for specific purposes. Hackers can trick the cloud to treating their illegal activities as authorized uses, so they gain unauthorized access to data stored in the cloud. (Te-shun Chou, 2013, pp.79). Cloud computing has its unique advantages, and there are many programs and spaces in cloud computing to hold data. Users’ data is private in cloud computing; however, this confidential information is also a major source of interest for hackers. So, in data transmission, to achieve the ulterior purpose, many hackers break into the cloud to steal data leading to the change of information data or missing, users suffer severe losses. Cloud computing in some degree is more likely to become the target of hackers because it is like a big box makes all the data together, the hackers need only to steal their invasion system, they do not need from various parts of distributed attacks. According to “Intrusion detection for grid and cloud computing.” by Vieira, Schulter, Westphall, Carlos, ; Westphall, Carla (2009) write that Due to their dispersed character, the mesh and cloud computing area are easy goals for invaders search loopholes. By simulate a lawful user, the invaders can use the rich resources of the service crustily. (Vieira, Schulter, Westphall, Carlos, ; Westphall, Carla, 2009, pp.38). Hackers can find all the information in the cloud computing they want to gain an advantage. For example, the data that hackers can use in cloud computing, others’ personal information for identity theft, or to steal some companies conceal information to get high-paid and reveal that celebrity privacy to make themselves more famous, and so on. So, cloud computing is not safe to store, and it is vulnerable. It is easier to be targeted by hackers than traditional storage methods.
Second, the cloud computing companies’ employees’ negligence leads to customers’ data loss. Third parties may be the most vulnerable part of the security system, and this is unlikely to be due to technology, but more to human factors. In “Employee negligence: the most overlooked vulnerability.” Bimal Parmar (2013) writes that many people do not realize that employees can be the biggest problem in system security policy. (Bimal Parmar,2013, pp.18). Employee negligence is a genuine problem, including failure to perform routine safety procedures, daily errors, and misconduct due to lack of safety awareness. It is not just ordinary employees that can pose risks to companies. Many executives do not know where their sensitive data is, and they are less likely to know how to protect them. Today’s workplace is more flexible, and workers are more likely to work remotely in public places. Wireless networks come in many forms: some are easy to find and classify in terms of security risks, while others are unfamiliar with gray areas. Users do not always pay enough attention to the networks they connect to. Sometimes users really do not understand the danger, and sometimes they just focus on finding the quickest way to connect to the network, so they can continue to work. Staff often connect directly to the enterprise’s cloud platform through the public network of coffee shops, hotel rooms, and airports. Unfamiliar network connections make it difficult for users to guard against hackers, which brings risks to the enterprise’s cloud platform and the entire cloud security chain. The network is the weakest part of the security link. As a result, cloud computing is unsafe because of employee negligence at cloud computing companies.
Third, there is not one law that regulates how information can be accessed in the world by any countries. Cloud computing is different from the traditional storage service, the main difference is that with the aid of cloud computing data is transmitted through the Internet cloud storage and delivery, the owner of the data cannot control the data, and they do not even know the data storage location. Information sharing of data carry around the world, regardless of the country. The legal problem is particularly serious because it is not easy to know where the data is being transmitted, when it is being transmitted and when it is being used. Every country has its own legal and regulatory requirements, cloud computing service provider clearly cannot do and shall be governed by the laws of all countries, thus to authority under the legal obligation of a challenge. In “Privacy, security and trust issues arising from cloud computing.” by Siani Perarson (2010) writes that because the cloud has walk in front of the law, in cloud computing privacy right there are a lot of uncertainty in the eyes of the law, and it is difficult to predict what will happens in a cloud environment application existing law. However, there are legal limits to how cloud providers can handle users’ personal data. ?Saini Perarson, 2010, pp.698?. Cloud computing applications are fragile, and their information moves fast. This information may be distributed across different cloud systems in different countries around the world. They have different legal rules for cloud computing under different national laws, and it is hard to have a law governing cloud computing in all countries of the world. At the same time, because the blurred physical boundaries between users caused by virtualization and other technologies, the legal evidence problem can be caused. Therefore, cloud computing is not secure because the laws of every country are different from each other in cloud computing.
However, some people think that there are some software engineers to design some data to protect their privacy, so they think cloud computing is safe. These people think that software engineers can protect customer information by building large and complex security systems. They can constantly be patching and adding new features to perfect the system, such as secret keys, add validation issues, etc. With multiple and multifaceted protections, some customers feel that their information is safe. Nevertheless, even these software engineers can design some data to protect people’s privacy, but the technology is imperfect, there are also exist many loopholes in the could computing. In “Taking account of privacy when designing cloud computing services.” Siani Pearson (2009) writes that cloud computing needs a traditional change in basic assumptions in user requirements, in a sense that early designs are not always proper, and user requirements need more frequent testing (Siani Pearson, 2009, pp.50). Even there is some technology can protect privacy, the cloud computing system is not safe. Here is an incredibly famous example, Apple iCloud, a derivative of cloud computing. Apple says iCloud protects its customers’ privacy in several ways, including encrypting them during transmission and authenticating them with security tokens. In addition, Apple’s claim that they will increase the protection measures for some important privacy, after multiple password superposition, the data will be more difficult to steal and use, and expect to the users themselves, no one else can view the data. However, in recent years, increasingly personal information about celebrities has been stolen from the Apple iCloud. For example, Jennifer Lawrence, Kirsten Dunst, Kate Upton, and Kirsten Dunst etc. Their personal information was stolen in the iCloud, and hackers expose their information in website, which will cause them a lot of trouble. Therefore, cloud computing is not safe, there still exist many problems that need software engineers overcome.
In conclusion, cloud computing is not secure in general. The cloud computing exists many serious problems. First, there are many vulnerabilities in cloud computing that can be compromised by Trojan horses and hackers. Second, the negligence of the cloud computing staff leads to the loss of customer data. Third, there is no law on how any country can obtain information worldwide. Based on these three points, we can make the judgment that cloud computing is not reliable even though it is extremely popular now.
Chou, T.S. (2013). Security threats on cloud computing vulnerabilities. International Journal of Computer Science & Information Technology (IJCSIT), 5(3), 79-88.
Parmar, B. (2013). Employee negligence: the most overlooked vulnerability. Journal of computer fraud & security, 2013, (3), 18-20.
Pearson, S. & Benameur, A. (2010) Privacy, security and trust issues arising from cloud computing. Journal of IEEE international conference on cloud computing technology and science, 693-702.
Pearson, S. (2009) Taking account of privacy when designing cloud computing services. Journal of IEEE software engineering challenges of cloud computing, 44-52.
Vieira, K., Schulter, A., Westphall, Carlos, & Westphall, Carla. (2009) Intrusion detection for grid and cloud computing. Journal of IT Professional, 12, (4), 38-43.