The cloud is used as a term for a series of on demand, remote access, subscription services that exist on the internet. One commonly used cloud service is data storage. Instead of storing information directly on your own personal computer or phone, cloud-based data is stored elsewhere, not on clouds, but on servers* housed in massive data centres. Examples are: Google Drive, Dropbox, OneDrive, Apple iCloud, and IDrive.
The cloud is a metaphor for the internet and for services that can seem quite abstract. The image of a cloud suggests ethereal, natural, and benign, it is everywhere but nowhere and belongs to no one or everyone. This metaphor is misleading, as in reality, the cloud exists as row upon row of powerful computers with cables that radiate all over the world. It is owned by a few of the world’s largest private organisations such as Amazon, Microsoft, Google or Apple and keeps millions of people’s data that is made accessible to them via the internet. The biggest data storage servers in the world are located in China, USA and India, some are even situated at the bottom of the ocean.
A widely used service available in cloud computing is office software and web-based applications, which is known as Software as a service or SaaS. An example of SaaS is Gmail and Yahoo email and Office 365 and Google Docs. If we take Office 365 as an example, you can sign into your Microsoft account on any machine and access Microsoft word where you will find your files. Neither the application Microsoft Word, nor those files are stored on your computer, but in the cloud, and this makes them accessible remotely from any computer as long as there is an internet connection. Cloud computing allows users the flexibility to collaborate with others from any location.
Examples of other services that run their operations from the cloud include Youtube, Facebook, Zoom, Netflix and Spotify. Most will be located with the biggest cloud service providers, Amazon Web Services, Google Cloud Platform and Microsoft Azure.
In addition to SaaS, businesses that need to create websites and applications, can rent cloud-based hardware and operating systems needed to run applications, this is known as Platform as a Service or PaaS. With PaaS, consumers do not have the responsibility of managing, updating and maintaining the platform that hosts the application and can therefore focus more on software development or providing other services to customers.
Infrastructure-as-a-Service or IaaS is the most comprehensive cloud platform and is mainly used by full time developers or large businesses. The cloud provider hosts the infrastructure components that were traditionally present in an on-premises data centre, including powerful servers, almost limitless storage, and networking.
When a business has a subscription for any of these services with a Cloud Service Provider (CPS), once they have made the initial cost to deploy their business across to the cloud, it saves them costly outlay for technology that may become out of date in a few years. Another benefit of the ‘as a service’ model, is that because a professional company is managing your technology, their level of support and maintenance, means more of your budget and time can be spent on business strategy and less on IT and security.
The chances are, your data is more secure in the cloud than on your own device within your own premises. The logic behind this comment is that most big cloud service providers spend millions of pounds managing and maintaining the security of their services. There are some customer responsibilities, however, and it’s worth noting that failure to meet consumer responsibilities is a leading cause of security incidents in cloud-based systems.
If you can access your data remotely, so can cyber criminals. Multifactor Authentication (MFA) gives a crucial layer of added security when logging into your cloud accounts. Instead of just a password, MFA asks a user to provide another form of authentication, this might be a password plus a code received as an SMS or a fingerprint scan.
Limiting access can limit the impact when account information like user-names and passwords are stolen or a disgruntled employee wants to cause harm.
It is important that the individuals who use the system are educated about best practice behaviour and the tactics used by people who send ‘phishing’ emails. ‘Phishing’ is a term that describes the use of deception to manipulate people into revealing their security information. Phishing attacks are a common way that hacker’s access even the most secure cloud database.
Most Cloud Service Providers give significant guarantees against loss of data; however, no system is perfect. Major cloud providers have accidentally lost customer data. Ensure that your chosen CSP has data backup and recovery processes that meet your organisation’s needs.
* A server is a bit like a powerful computer that provides one specific job to other computers
Got an enquiry? Please don't hesitate to contact us.
Delve into how you can avoid common cybersecurity attacks and threats. From spotting phishing emails to user awareness training at Aristi, we can help.