The Cloudflare breach demonstrates the risks of cloud computing but must be understood in the broader context of cyber security
As with any new business resource, cloud computing creates both opportunities and risks. Obtaining software and storage from a central hub allows companies to lower their equipment and maintenance costs, but it also makes them dependent on the provider’s security measures. The recent Cloudflare data breach underscores the risks of cloud storage, reminding firms to be wary of whom they trust for computing:
Surmising The Spill
From mid-2016 to early 2017, the online content and security provider Cloudflare suffered a massive data breach. Due to a bug in its programming, the company hemorrhaged sensitive information from its clients and their customers. This included private messages, dating site and hotel records, password management information, and records of adult video viewings. The spill was discovered only by accident when Google employee Tavis Ormandy reported the bug.
A spill that persisted for this long would be a problem in any circumstances, but it is especially severe given the sheer amount of information that Cloudflare has access to. The company’s clients included OK Cupid, Uber, and Fitbit, each of which gathers potentially compromising data on millions of people across the globe. A study of 30 million enterprise users determined that more than 99% of firms have an employee who used a platform vulnerable to this breach.
Risks & Rewards
As severe as this spill is, it is important to understand it within the broader context of cyber security in cloud computing. Using the cloud is not inherently riskier than relying on your own equipment, but it does present several security tradeoffs, including:
- Centralization– Cloud companies store all of their customers’ data in a single location, allowing them to coordinate a more consistent, effective defense. Having so much data in one place, however, presents a more attractive target for hackers, increasing the number of attempted attacks. It also makes an attack more devastating if it does succeed.
- Expertise– Because they focus specifically on data storage, cloud computing companies can hire staff trained specifically in cyber security. They can also focus a greater portion of their efforts on security, making them more likely to succeed. Such experts, however, can themselves try to steal data and know how to cover their tracks if they do.
- Transfers– With cloud computing, whenever you want to upload or access data, you must transfer it over the Internet. This provides greater opportunities for hackers to steal or interfere with data outside of its traditional storage spaces, though cloud providers can keep this risk to a minimum through encryption.
Ultimately, the safety of cloud computing depends on the company providing it. Responsible firms regularly review their programming for bugs, vet their employees, update their security software and passwords, and educate their clients on how to prevent attacks. The more committed your provider is to these measures, the safer it is to use the cloud.