As with any new business resource, cloud computing creates both opportunities and risks. Obtaining software and storage from a central hub allows companies to lower their equipment and maintenance costs, but it also makes them dependent on the provider’s security measures. The recent Cloudflare data breach underscores the risks of cloud storage, reminding firms to be wary of whom they trust for computing:
Surmising The Spill
From mid-2016 to early 2017, the online content and security provider Cloudflare suffered a massive data breach. Due to a bug in its programming, the company hemorrhaged sensitive information from its clients and their customers. This included private messages, dating site and hotel records, password management information, and records of adult video viewings. The spill was discovered only by accident when Google employee Tavis Ormandy reported the bug.
A spill that persisted for this long would be a problem in any circumstances, but it is especially severe given the sheer amount of information that Cloudflare has access to. The company’s clients included OK Cupid, Uber, and Fitbit, each of which gathers potentially compromising data on millions of people across the globe. A study of 30 million enterprise users determined that more than 99% of firms have an employee who used a platform vulnerable to this breach.
Risks & Rewards
As severe as this spill is, it is important to understand it within the broader context of cyber security in cloud computing. Using the cloud is not inherently riskier than relying on your own equipment, but it does present several security tradeoffs, including:
Ultimately, the safety of cloud computing depends on the company providing it. Responsible firms regularly review their programming for bugs, vet their employees, update their security software and passwords, and educate their clients on how to prevent attacks. The more committed your provider is to these measures, the safer it is to use the cloud.