Tech News

Can we ever secure the cloud?

Can we ever secure the cloud?

can we secure the cloud 2015 images

Cloud computing and big data are both taking the world by storm and are hot topics on all technology related conversations.

It is no great secret though that the biggest barrier to these technologies really taking off is security. Whilst everyone in the tech industry will argue that the cloud is in fact far more secure than traditional on site IT systems there is still a real fear – and a just fear – that technology in general is nowhere near as secure as it needs to be and this fear is really debilitating the progress of these new and somewhat experimental technologies.

The current security landscape

Regardless of the security that is in place for any particular cloud based service there is no denying the fact that many IT systems and cloud services are getting hacked in to one way or another.

There have been several high profile cases recently that confirm these security issues including the Sony Pictures Entertainment hack in 2014 and the Dropbox hack to name just a few.

As well as these high profile cases there are also dozens of hacking attempts accruing across all sectors of the market with the education sector being one of the most targeted but least policed.

It is important to note that as was the case in the Dropbox incident many of these breaches do not come as a result of the service provider’s infrastructure being compromised but are more often the result of individual user accounts being compromised or through third party providers who have API access to these systems and services. However, whilst this might abscond the providers from their legal culpability it is hardly an excuse from and ethical of technical point of view.

cloud security a problem for government 2015

Taking responsibility for data security

Before getting into any of the technicalities of data securities or any of thing things that need to change in order to improve security I think the most important step is understanding the importance of data security, the effect that we can all have on its effectiveness and ultimately realising that we all need to take responsibility for this security.

If companies like Dropbox provide API access to their systems then they must take some responsibility for all parties that have access via these means and equally as users we should all take responsibility for the security of these services because even if we don’t personally have any important information stored in Dropbox a breach of our account could indirectly provide a hacker with access to other more sensitive data.

How can security be improved?

We all need to take more responsibility for the security of our data but at the same time the technical measures need to be available to realise the security of our data. Whilst there are measures already in place I think that if these measures were coupled with a new understanding and sense of responsibility then they could be far more effective.

Two step authentication is a case in point and is a fantastic security measure that can go a long way to preventing user accounts from being compromised. Whilst many companies are offering two step authentication very few of those are making it mandatory and equally the end user is often reluctant to implement this security measure because they feel that it is not necessary for them – once again though we should be looking at the bigger picture here and appreciate that overall two step authentication would be working towards a greater good in terms of data security.

For those of you who aren’t familiar with the technology it involves authenticating not only with a password but also using an external device to provide further authentication normally in the form of a random and regularly changing pass code. Google provide a two-step authentication service known as Google Authenticator which consists of a smartphone app that can be linked with a supported online service such as the payment processor Stripe, after which it will constantly generate random codes every minute or so and when you log in to a connected service account you have to enter the current code along with your password.

This type of service takes away the possibility of a password being compromised or brute forced and whilst not bullet proof is exactly the type of security measure that being compulsory would cut down a huge amount of hacking attempts.

Server, network and resource security

As well as the responsibility that users should have in terms of security service providers also have a great responsibility in terms of network and server security – this should include not only the perimeter defences that are in place for the servers that these systems run on but also the data that is stored on those servers as well as all forms of access – including third party connections made available by API access.

It is perhaps time for a reform of all of these components with security being at the forefront – encryption of all data at rest similar to the policies that are in place within the financial sector would be a good start as well as new protocols and security measures for API access – perhaps an enterprise version of two step authentication.

In addition service providers also have the responsibility of ensuring password security for all of their users which could be improved by implementing stronger password requirements as well as mandatory password expiry. This point can be highlighting when you look at password complexity indicators across different service providers and see how much these indicators can vary with the same password being deemed very weak by one provider and extremely strong by another. Perhaps we also need standards in place across the board that dictate the requirements of a password for it to be considered strong.

These are just my thoughts on the subject and I would love to hear the opinion of our readers as to other measures that could be put in place to temper the issue of data security. In my opinion I don’t think we will really see the full potential of technologies such as the cloud, big data or the internet of things until we can overcome these issues with security – only then will the consumer really begin to trust these new technologies.

Tech News

David is a practicing systems administrator by day at, but by night he lets loose all his tech expertise on our site.

More in Tech News

animal boxing game dx

What I’m Playing Now: Table Top Racing, Animal Boxing and Far Cry 4 still

Max SmithApril 22, 2017
samsung galaxy s8 gives you more of everything 2017 images

Samsung Galaxy S8 gives you more of everything

Jeffrey LangApril 20, 2017
snes classic mini coming for holiday season 2017

SNES Classic Mini: Nintendo’s Second Cash Cow or Frustrating Bull to Gore Fans?

Marius MaronillaApril 20, 2017
what im paying now far cry 4 zelda wind waker and sports champions 2017 images

What I’m Playing Now: Far Cry 4, Zelda Wind Waker and Sports Champions

Max SmithApril 19, 2017
Microsoft to Take on Chromebooks 2017 images

Microsoft to Take on Chromebooks

Marius MaronillaApril 19, 2017
cortana pi and minty pi 2017 images

Cortana Pi and Minty Pi

Marius MaronillaApril 18, 2017
nintendo feeds eight bit nostalgia with two bit decision on nes classic edition 2017 images

Nintendo feeds eight-bit nostalgia then kills it with two-bit decision

Marius MaronillaApril 17, 2017
austin russell luminar bringing safety to self driving cars 2017 images

Austin Russell’s Luminar bringing safety to self-driving cars

Jackie WarnerApril 13, 2017
hottest 50   60 televisions on any budget

Hottest 50″ – 60″ Televisions On Any Budget

Jeffrey LangApril 13, 2017

Subscribe to our Daily Newsletter

You will only receive one per day. You'll also get a free THE WALKING DEAD graphic novel with your subscription