If you had asked anyone before the turn of the century to describe “the Cloud”, chances are they would have used words such as “droplets of water” and “ice particles”, but today, 23 years later, that same question often elicits a very different answer.
Type “cloud” in a search engine and what first pops up isn’t a definition of the common element of weather. Instead, you are told it is a distributed collection of servers that host software and infrastructure accessed over the internet. Users upload data to these servers via an internet connection, where it is saved on a virtual machine on a physical server.
Having first gone commercial in 1999 (the technology dates to 1963), the world has witnessed an impressive rise in cloud storage, which enabled much of the rapid digital transformation experienced since the Covid-19 pandemic. Forecasts project that today’s $83.41 billion global market will explode to $376.37bn by 2029.
Despite its popularity and widespread use, few users know much more about the cloud than the common definition shared above.
Justin Westcott, the chief technology officer of DataGr8, says that although cloud storage providers have robust security measures, users may mistakenly allow unauthorised access to strategic information if they don’t understand the platform well.
The South African-based company provides data-focused technology and services to customers across Africa. More recently, it partnered with Terranova Security, a cybersecurity company that provides a comprehensive security awareness training programme to individuals and organisations.
Moonstone Business School of Excellence (MBSE) is in the process of rolling out a series of cyber-security courses, with content created by DataGR8, on its online CPD (Continuous Professional Development) course platform.
“Understanding the Cloud”, the first of three courses, went live last week.
The course, which retails at R396, is accredited for 3.5 CPD points.
Click here to for more information.
The series will also include six newsletters and two webinars, aimed at equipping you with the knowledge and tools to protect your personal and business information from cyber threats.
“Understanding the Cloud” comprehensively introduces cloud computing, covering its key concepts, technologies, and deployment models. In addition, the course will enable you to assess the advantages and potential drawbacks of adopting cloud computing for an organisation, and the factors to consider when selecting a cloud service provider.
One such potential drawback, Westcott says, is that as the number of services that integrate with these cloud drives increases, so does the potential for security breaches. He says while cloud data storage is usually a safe option, it’s important not to become complacent.
“With the growth of remote work and people interacting with multiple cloud services over unsecured networks, some of the most significant risks to cloud computing come from user behaviour.”
Security risks of cloud storage
Westcott says, as with many modern cyber-security risks, the real danger lies in the interconnectivity of the technology world, and a significant potential vulnerability for cloud services comes through APIs (Application Programming Interfaces).
APIs allow different applications to interface and communicate with each other across a network. In many ways, the security of a user’s cloud is only as good as the security of the APIs he or she approved for access.
“Third-party APIs are ubiquitous and present a vast attack surface. One compromised API could give a hacker a backdoor into your system through that ‘trusted’ interface and overtake your entire tech ecosystem.”
Phishing – a type of social engineering attack often used to steal user data, including log-in credentials and credit card numbers – is another way cyber attackers manage to circumvent storage providers’ security measures.
“In addition to traditional credential phishing, hackers now leverage the cloud to deploy fake third-party cloud apps, tricking users into granting access to their actual corporate cloud data and resources.”
File-based malware also presents a significant risk for cloud computing. Westcott explains that the file-syncing functions of cloud storage make it easy for teams to collaborate on projects across different devices and make systems vulnerable to infected files.
“Cloud storage providers usually sync files from local folders on your computer with files stored in the cloud. Downloading a malicious file to your local device can unwittingly provide access to your company cloud, where the file can infect the whole network.”
Using an attack technique called “ransomcloud”, cyber criminals can lock up data and cloud-based applications and demand a ransom from an organisation to restore access.
Managing these risks, he says, starts with having robust guidelines for cloud security.
“Now more than ever, cyber-security relies on effective education more than technology,” he says.
CPD points
“Understanding the Cloud” is one of the 80-plus CPD courses available from MBSE.
Click here to choose an online CPD course that suits your needs.
MBSE is a recognised CPD provider and offers programmes, including online courses, events, and publications to assist FSPs, key individuals and representatives in gaining their required CPD hours.
Logging all your required CPD hours by 31 May next year may not seem a priority right now. But time passes quickly and before you know it, you can be left scrambling to get your CPD points by the deadline. Avoid the mad rush by signing up for one of MBSE’s CPD subscription packages.