Cloud services refer to computing services being made available on-demand to users sourced from the web or through a cloud computing provider’s server. It thereby eliminates the requirement of companies to set up their own on-premises servers in order to share resources and facilitates technological flexibility along with cost-optimization. The wastage of resources also tends to get minimized as the users access the required resources only and pay for the same.
Public clouds refer to computing platforms, owned and managed by third-party intermediaries, wherein accumulated pools of virtual resources are made accessible to the public i.e. potential clients. The resources tend to vary by providers and can range from including virtual machines to applications, databases, intelligence, and storage capabilities.
However, the public cloud services are attached with certain critical risks that cannot be overlooked. These include:
Risk of an incorrect evaluation of a Public cloud provider
Several considerations on all possible security concerns have to be borne in mind and taken into account while selecting a public cloud provider. These security concerns include obtaining answers to a plethora of questions such as:
- How are viruses and malware prevented in the cloud equipment and its resources which are provisioned to access by multiple users?
- How often does the cloud equipment undergo vulnerability scans to detect possible vulnerabilities and what is the average time frame required for any remediation to be carried out?
- Do the cloud servers and equipment possess a proper intrusion prevention system and do these systems undergo periodical auditing?
- Is there a provision of implementing firewalls between the users of the resources?
- Are the access requests to resources provided logged and monitored thoroughly?
- For the client systems, what are the data recovery procedures in place, and what is the average data recovery time frame?
- Do the cloud providers facilitate with hard drive encryption or not?
- What methodology is followed for the client management of servers?
All the above parameters are of paramount importance and finding relevant verifiable answers is a must but is certainly extremely challenging. Any error at the end of the client company in verifying details could lead to a faulty evaluation of public cloud providers, the consequences of which are to be borne by the client users.
Risk of consequences of errors on part of one client being borne by multiple clients
Another risk of public cloud service is that while sharing the cloud space, the fellow users may be indirectly impacted by the action of one or a few. To quote an example, if a server that is engaged in holding multiple clients is blacklisted due to an erroneous action of one or a few, the server and the pool of resources become unavailable to all the clients who share the server without any faulty action on their part.
Risk of a data breach
Another risk of public cloud services is highlighted via intra-server vulnerabilities wherein there exists a possible threat of data breach. This could happen if the client virtual machines are housed upon server systems that run on outdated software that become vulnerable to be attacked and do not adequately secure the storage of database and other resources that are offered to clients on the network. The data on other clients’ storage (their virtual disc drives) hence tends to become accessible to other clients too via shared discs and networks. This could lead to leakage of a client’s sensitive data without them even realizing the same.
- Risk of loss of data
There exists a risk of loss of cloud data in multiple ways. This could take place when the client user of the cloud service provider might accidentally modify or delete the data or an attacker/cybercriminal gets the access of the same and deletes it due to malicious intentions. Loss of data can also occur if the cloud datacentre is destroyed due to an unforeseen disaster.