Prevention

The Top 5 Cloud Vulnerabilities

By Kim Boatman

Earlier this year, thousands of Gmail account users suddenly found that all their information was wiped out. A Gmail crash had taken their emails and their contact information.

Fortunately, Google stored their data on backup tapes, and their information was restored. But even a temporary loss of access is a reminder that it’s smart to understand how much you’re relying on cloud computing -- and how you should safeguard your information from vulnerabilities.

Understanding the Cloud
The first step is to define cloud computing, says Ashley Podhradsky, an assistant professor of computing and security technology at Drexel University. “Consumers have been using cloud services for years without realizing it,” she explains. “Until recently, the cloud services were marketed as Web-based services as opposed to cloud services. An example of this is Web-based email.”

So, basically, anytime you’re storing data with a remote service rather than on your personal computer, you’re utilizing the cloud. Data you can access anytime, anywhere, from multiple devices -- such as your laptop, your smartphone and your tablet -- is stored in the cloud. Shared data that you access online, such as social networks or Google Docs, is another example of cloud computing.

But increasingly, we depend on the convenience of these cloud services without thinking about what happens when the cloud fails.

Top Cloud Vulnerabilities
You can be a smarter cloud consumer if you understand these risks and protect yourself, say the experts. Here are the top cloud vulnerabilities -- and what you can do to protect yourself:

• Securely transferring data. Your data can be vulnerable to prying eyes as you transmit it to and from the cloud. “Do not transfer critical or confidential data in an open wireless network, in a random public Wi-Fi network,” cautions Podhradsky. “Use your home network, and ensure you are encrypting your data.” Make sure your wireless router is password-protected. Check to see if the Web addresses of sites you’re visiting say HTTPS rather than simply HTTP, says Christopher Budd, an independent consultant with expertise in online security and privacy. HTTPS sites are encrypted to transfer information safely.
• Accessing your data. There’s nothing worse than trying to retrieve your information and finding it’s not available. “Consumers want to know that their data is available when they need it,” says Podhradsky. Before you entrust a cloud provider with your data, evaluate what sort of guarantee they have about uptime -- when your data is accessible -- and consider their track record. You’re generally better off sticking with reputable, big-name providers.
• Data backup. Your data isn’t actually floating around in the clouds; it’s stored on a physical server somewhere. So what happens when there’s a hurricane or a flood or a power failure? Take the time to evaluate your cloud provider’s disaster recovery plan when you use the cloud to store critical data -- then have your own backup as well. “In the privacy world, they talk about organizations being ‘custodians of data,’ and that’s a good way to look at it,” says Budd. “You’re handing critical information over to someone else. Do you trust them to care for it responsibly?” Ensuring that your data exists elsewhere -- whether on an external hard drive, on your laptop’s hard drive or on a USB drive -- will give you peace of mind.
• Password use. Recently, multiple instances of hacks and data breaches have exposed the passwords of users of well-known websites and companies. These attacks also shed light on what a lousy job most of us do in using strong, unique passwords. Try not to use the same password for all your activities in the cloud. If you use the same password for a gaming site as you do for your bank account, you place your finances at risk if that gaming password is compromised. Consider using a password manager such as LastPass.
• Privacy. Budd is cautious about the information he shares. For example, why give a phone number to sign up for an email newsletter? he asks. Take the time to occasionally review which mobile applications and third-party services have access to key accounts such as Facebook and Twitter, advises Nishant Kaushik, chief architect of Identropy, which provides identity and access management services to businesses. “Did you grant some Twitter-ranking site access to your Twitter account months ago but have never gone back and used it?” he asks. “Reviewing the access grants will remind you to sever that relationship, removing any possibility of abuse or exploit.”

Using the cloud is now a part of everyday life. But if you’re going to harvest the power of the cloud, as Podhradsky puts it, make sure you mitigate the risks.