As a data operator of a Cloud service you will have many security concerns. Any new technology comes with a host of new threats to your business model, in particular the business of maintaining privacy in the digital world has become difficult. According to the CSA publication The treacherous 12, there are over 12 security threats to consider. Their article focuses on the 12 most pressing issues they have chosen, of which several of them are of particular concern. According to wikipedia the CSA puts Insecure interfaces and API’s at almost a third of the ‘cloud security outages’, and data loss and leakage make up to a quarter, with hardware failure being the third most troublesome issue.
Without going into great technical detail there are a variety of ways that an insecure API can result in loss or release of sensitive data. To simplify the situation it is about access, a multitude of individuals who now have controlled access. Every door though provides a weakness that walls do not have. Your API is a door into the server room, and a host of people all have their own doors. While most people only have access to their own portion of the server, the server can have bugs not known that give access to other parts of the room. Not to mention the fact that often a Cloud customer may give access to third parties to use the data on the Cloud.
Data loss can occur in a number of significant ways outside of malicious intentions. It is important to maintain backups in case of disaster. Any kind of disaster that destroys the actual hardware of the Cloud service is a possibility to keep in mind; though a client encrypting their information and forgetting the encryption code is a far more likely concern. It does not rest solely on the Cloud provider to prevent loss of information. While malicious intent does compromise most of the loss of data that could have been prevented, it is much more difficult to maintain good practices of protection against an intelligent intruder, over lets say the Customer forgetting their encryption key.
The Mitigation of data leakages involves many types of habits that a good Cloud provider must follow. There are a few types of applications that the Cloud provider can set up to mitigate data leaks from shared networks. It is important to keep in mind that the hardware a client is using could be used by a number of other customers. And this creates security vulnerabilities in the system itself that, even without malicious intent, can lead to outsiders having access to the clients data. Any program is going to have bugs, bugs are essentially problems in the code that wasn’t vetted for. This is going to happen with any program. The amount of code it takes to write a sophisticated program means that there are vulnerabilities that haven’t been thought through, or even discovered yet.
Vulnerabilities lie in loose links, and with so many links in the encryption process it becomes difficult to cover all your bases. It isn’t impossible, the important thing is to stay ahead of the curve. You want to be more secure than your neighbour to prevent vulnerabilities. But the facts are that the code itself is often hundreds of lines long, and to know every vulnerability in a chain that large becomes difficult, luckily finding cracks in the chain is also difficult for the hacker. But above and beyond the programming errors, which can be solved with frequent patches, is the human vulnerabilities and hardware failure.