Swipe to navigate through the chapters of this book
Clouds are everywhere today. Massive online retail sites like Amazon and Ebay rely on clouds for reliability and performance. Email and instant messaging are built on clouds. Services like Uber and Spotify would be hard to imagine without clouds. The great search engines like Google and Bing that comb the Internet are implemented on clouds. Social media like Facebook and Reddit are also cloud implementations. The term is everywhere, but exactly what is a cloud? And do clouds compromise our security and privacy? The answers to these questions are complex, but this chapter offers them.
Please log in to get access to this content
To get access to this content you need the following product:
Wireless connections offer their own security issues, but that is a discussion for another section.
For example, a maintenance mistake at Amazon Web Services caused a significant loss of service for Netflix in 2012. Steven Musil, “Amazon apologizes for Netflix’s Christmas Eve streaming outage,” CNET, December 31. www.cnet.com/news/amazon-apologizes-for-netflixs-christmas-eve-streaming-outage/ . Accessed April 2014.
See AWS GovCloud (US). https://aws.amazon.com/govcloud-us/ . Accessed November 2016.
The debate over hypervisor vulnerabilities is active. The following references represent contrasting views. A view that discounts the danger: Jason Perlow. “Hypervisors are the pillars of the Cloud, not the Achilles Heel,” ZDNet, April 1, 2014 . www.zdnet.com/article/hypervisors-are-the-pillars-of-the-cloud-not-the-achilles-heel/ . Accessed April 2016.
A view that warns of the danger: Neil MacDonald, “Hypervisor Attacks in the Real World,” Gartner Blog Network, February 20, 2009. Accessed April 2016.
Both views are credible.
Really. See YouTube. “Shark Bites Optic Cables Undersea 15.8.2014,” August 15, 2014. www.youtube.com/watch?v=XMxkRh7sx84 . Accessed April 2016.
Wilmer Hale, “Are ‘Click Through’ Agreements Enforceable?” Publications & News, March 22, 2000. www.wilmerhale.com/pages/publicationsandNewsDetail.aspx?NewsPubId=86850 . Accessed April 2016.
Be cautious. Using a cloud data repository will not always help in a ransomware attack. See Chapter 10 for more detail on combatting ransomware.
National Institute of Standards and Technology, “ Announcing the
Advanced Encryption Standard (AES),” Federal Information
Processing Standards Publication 197, November 26, 2001. http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf . Accessed May 2016.
Mohit Arora, “ How secure is AES against brute force attacks?” EETimes, May 7, 2012. www.eetimes.com/document.asp?doc_id=1279619 . Accessed May 2016.
From decades of experience in development, I can say that bonehead mistakes happen. Sound quality assurance testing eliminates many issues, but humans are always human. Cutting edge technology remains bleeding edge technology.
An example of a faulty implementation is documented here. In this case, the faulty implementation was in ransomware attack malware. Steven J. Vaughan-Nichols, “How to easily defeat Linux Encoder ransomware,” ZDnet, November 16, 2015. www.zdnet.com/article/how-to-fix-linux-encoder-ransomware/ . Accessed April 2016.
I cannot tell you how many times I have helped restore systems after a backup failed to restore a damaged system. Faulty backups prolong and magnify damage after a catastrophe.
- Cloud Threats
- Sequence number
- Chapter number
- Chapter 6