Computers have increasingly become the central tool for information management for governments, corporations, non-profit organizations and individuals around the globe. The emergence of the internet has only solidified this fact even more. As computers have acquired this significant and dominant role in the affairs of mankind, a plethora and wide-array of advancements in computer technology has naturally occurred. Relatively recent hardware innovations have brought the world tablet PCs, transformer pads, smartphones with extraordinary computing capabilities, and desktop PCs with unprecedented storage and processing speeds. The realm of software development has produced countless pieces of software which cover an exceedingly wide range of functions. Even so, neither software, nor hardware alone stands as the most cutting edge computing tool. Interestingly enough, it is a marriage between the two that has become the single most ground-breaking revolution in current computing. It is known as cloud computing. Although cloud computing has various security-based disadvantages which must be addressed by cloud providers as well as consumers, the solution to these disadvantages, as well as the benefits of employing cloud computing in general, greatly outweigh the disadvantages. While the notion of cloud computing has arguably been around as long as the idea of the internet itself, cloud computing as it is understood today got its kick start with companies such as Salesforce.com and Amazon Web Service which both offered online applications (Hempel, 2009; Tonellato, 2001). Witnessing the success of these two endeavors and seeing an opportunity for expansion in this realm, Google launched its own cloud computing service, Google Docs, in 2006 (Langley, 2008). Since then, countless other companies have entered the marketplace, each offering different kinds of cloud computing services. The benefits harvested from cloud computing has kept customers flocking and promises to keep them running towards the technology. Cloud computing presents a host of benefits to its users. These benefits include reduced cost for software applications, reduced cost for electricity consumption, increased IT automation, increased storage capacity, and increased user mobility (Shacklett, 2011). In addition to these significant primary benefits, secondary benefits from employing cloud computing services are enjoyed by organizations around the world. Such secondary benefits include a greater focus on product or service development (by redirecting the funds saved in using cloud computing to products or services), a more flexible IT team (being that many updates and repairs are dealt with by the cloud computing service provider), a better public relations image (as the companies reduce their carbon footprint because of its large reduction in energy consumption), and a less stressful workplace environment (due to the mobility permitted by cloud computing which allows employs and organization members to access material from locations outside of the traditional place of business). With all of these amazing primary and secondary benefits, most would see cloud computing as a panacea for information management at an organization. However, not everyone so readily jumps on the cloud computing bandwagon. In fact, numerous IT experts suggest that not only is cloud computing unsecure, its risks may in fact outweigh its benefits (Juels & Opera, 2013). While there are a few other factors which critics attack when it comes to cloud computing, the force of the attacks essentially boil down to security. In fact, it has almost become common knowledge that CIOs and IT personnel around the globe who are reluctant to employ cloud computing in their organizations cite security as the number one reason for avoiding cloud computing. Indeed, being based on the internet does suggest cloud computing services are naturally susceptible to security issues which could be utterly devastating to large companies in the event that they slipped from potentiality into reality. Moreover, the security issues are far more complex and qualitatively different from normal outsourcing issues (Owens, 2010). Understanding how cloud computing security best functions intrinsically involves first understanding the main security threats of cloud computing. The primary security risks associated with cloud computing include the chance of engaging in unsecure data transfer, the risk of employing unsecure software interfaces, and the risk of storing data in an unsecured online environment. These primary security risks branch out into more specific areas each having specific concerns associated with them.
Security Risks in Data Transfer in Cloud Computing
At its very core, cloud computing involves transferring information from provincial devices or a network to a host via the internet. On the surface, this move seems simple and relatively innocent. Nevertheless, it has the potential to unwittingly expose users’ information to third parties. The weakness in data transfer from a local system to the cloud is not so much a weakness which stems from cloud computing services in general; rather it is a weakness which exists because of the medium in which communication is destined to take place between a user and a cloud computing service provider. This medium, of course, is the internet. Any information to be communicated over the internet is automatically at risk of being intercepted by unconnected, malicious third parties. Unlike local devices or intranets around which physical security systems can be installed or which otherwise are relatively easy to monitor, the internet is a vast ocean of information occupied by countless entities that in its immenseness provides no such parallel security as is enjoyed in an organization’s isolated network.
Solution to Security Risks in Data Transfer in Cloud Computing
The solution to counter the inherent security risks involved in transferring data to the cloud is employing cyber certification and encryption which can be offered by various platforms. Platforms allowing secure transfer of information include secure file transfer protocol (SFTP), file transfer protocol secure (FTPS), and Applicability Statement 2 (AS2). When information is encrypted before it is sent to the cloud, the chance that usable sensitive information can be intercepted and used is greatly mitigated. It is both the customer’s and cloud provider’s responsibility to ensure that data is securely transferred.
Security Risks in Software Interfaces in Cloud Computing
Most cloud services are interacted with through software interfaces. Additionally, for most users of the cloud who employ such a service for more than storage, this would be a frequent activity. Activities ranging from management to monitoring are performed through such application programming interfaces. This point of interaction presents another area of vulnerability as far as security is concerned. Here, attempts to sidestep conventional data management policy may emerge, accidentally or intentionally. Needless to say, the results of having an insecure interface can be devastating. It may be as detrimental as a breach of an organization’s stored data and could also easily be as costly in the long-run.
Solutions to Security Risks in Software Interfaces in Cloud Computing
A customer must be vigilant in their hunt for a cloud computing service provider to avoid using one which has insecure interfaces. Interfaces must be planned to prevent against policy circumvention. To eschew running into issues regarding interfaces, cloud users should adamantly avoid cloud services which employ interfaces that use reusable passwords, reusable tokens, inflexible controls, unspecified access, improper monitoring, poor transmissions and improper authorizations. Moreover, users should themselves avoid contributing to any one of these precarious tools and practices. An organization interested in taking advantage of the benefits of cloud computing but uncertain if the interfaces of cloud services are secure may find it helpful to form a nexus with a third-party investigator to find the IT processes of said organization a safe home. Research indicates that many small business, eager to get on the cloud but wary of the security factors, tentatively approach the cloud with the assistance of a third party whose job is to provide as much information about the functionality and security of the features different cloud computing services offer.