The previous article highlighted the threats that social networking websites are exposed to in this Web2.0 era. In fact, another such Web2.0 area is Cloud Computing. It is widely defined as a style of computing that uses Internet technology to offer scalable and elastic IT-enabled capabilities as a service to customers. This ranges from routine tasks of communicating over the internet (e.g. Gmail), to sophisticated work such as Customer Relationship Management (CRM) that are operated and maintained in the “cloud” by providers.
Cloud computing benefits companies and individuals by saving time, money and resources compared to traditional on-premises computing. However, with the burgeoning amount of benefits in cloud computing comes several critical issues that have been viewed as drawbacks to this emerging technology and growing popularity of virtualization among companies could lead them to being the next possible target of cyber criminals.
One of the utmost concerns with cloud computing has always been the issue of data privacy and security. When a client decides to employ the use of cloud computing, the data no longer belongs to the client alone. The vendor, or the service provider, stores the user’s data on its own virtualized server and as such, vendors gain full access to the information available, confidential or not. Further, the servers are moved outside the traditional security perimeter making it easy for the reach of cyber criminals. This is a growing concern particularly when cloud computing stores sensitive data about customers.
Also, Cloud computing is often referred to as virtual, dynamic and borderless. These features of the cloud build a new layer of risk on the uncertainty over where sensitive data resides. The risk includes the wide distribution of information across different jurisdictions, each having different legal frameworks regarding data security and privacy. This makes it even more difficult to govern and regulate the information.
According to sources, cyber criminals can either manipulate the connection to the cloud or attack the data centre and cloud itself. However, there are no global standards or laws that regulate cloud computing against cyber criminals, yet. Governments and regulatory organizations need to recognize the potentials in cloud computing and take initiatives to create cloud specific laws and standards in order to make the cloud a safe and secure place for transactions.