Skip to content

Cloud Data Security: Is “the Cloud” Secure?

Dr. Randall Magiera talks about cloud data security and answers the question, Is the cloud secure?

Cloud technology and cloud computing are on the rise. With so much essential work being done “in the cloud,” it’s time to ask, “Is the cloud secure?” Dr. Randall Magiera, IT professional and cybersecurity professor, is here to talk about cloud data security.


See How Secure is “In the Cloud?” with Randall Magiera for a complete transcript of the Easy Prey podcast episode.

Randall is an adjunct professor at the Tulane School of Professional Advancement, where he teaches both undergraduate and graduate cybersecurity courses. He’s been in the IT field about twenty years, starting with Windows NT and Windows Server 2000. He earned his doctorate in cybersecurity in 2017 from Capitol Technology University, and has a wide range of certifications.

He first became interested in cybersecurity while working in IT and doing desktop support. As he was helping people, patching systems, and imaging systems, he realized that a lot of the companies he was looking at weren’t very secure. He saw that there was a gap and that cybersecurity was something everyone needed serious help with.

When Randall started in IT, no one had even considered the idea of “the cloud.” But technology is always changing and advancing, and now cloud data security is something a lot of companies have to think about.

​The big question: Is the cloud secure?

The answer here is complex. The big cloud service providers – Amazon’s AWS, Microsoft Azure, Google Cloud – are essentially secure. Even smaller companies go to great lengths to make sure their services are secure.

However, the cloud provider isn’t the only party responsible for your cloud data security. If you’re setting up the cloud services but you don’t understand what you’re doing and set it up incorrectly, then the cloud won’t be secure – but that’s on you.

Here’s the thing with cloud computing: They provide the platform for you to use, and it’s up to you to use it. If you use it wrong, that’s on you.

Dr. Randall Magiera
If you don't know the requirements of your cloud system, you could leave a hole in your cloud data security.

The major cloud providers use the Shared Responsibility Model. They clarify what they’re responsible for in terms of your cloud data security, and also what you’re responsible for. Many providers have training to advise of best practices. They’re trying hard to make sure you know what to do on your end, because if there’s a breach, they get associated with it even if it’s not their fault.

​Human mistakes affect cloud data security

When you start getting into the cloud, you need to do more than pull out your credit card and sign up. You need to take the time to research what steps you need to take to be secure. For example, with AWS, new virtual servers are open to the public internet by default. Their basic protection operates like a firewall but is called a security group. You have to add IP address restrictions to limit who can access the server. If you’re not familiar with the idea of a security group, how it relates to a firewall, and the technical aspects, you might leave your cloud insecure.

When you have a production environment in the cloud, often that’s locked down and very secure. But the developers might have lower environments used for testing changes that have more lax security. This isn’t a significant risk regarding your production data, but if someone is able to compromise one of the lower, less-secure environments, they can insert their own code or add malware to your cloud.

Software developers should also double-check each package downloaded. This can be inconvenient, but malicious actors can inject source code into them. The NPM package, part of a JavaScript library, had malicious actors inserting crypto-mining malware. Everyone who downloaded that package had their servers mining cryptocurrency for someone else. This kind of thing will keep becoming more common.

​Future risks in cloud data security

More and more things are moving into the cloud, and the question of “Is the cloud secure?” is going to become more and more relevant. Randall thinks it’s going to be interesting to see the future of cloud security. Most malicious actors are just motivated by money. They’re going to find creative ways to use the cloud to get paid, whether that’s direct hacking or using it as a tool for other scams.

Malicious actors are going to use the cloud just like all other forms of technology: as a means to their end. It’s going to be interesting to see how creative they’ll get.

Dr. Randall Magiera

One thing that malicious actors do more often than we realize is crypto mining with the cloud. They’ll steal a credit card, use it to open a cloud account, create a bunch of virtual servers, and install that crypto mining software on them. Eventually the stolen card will be cancelled and the servers will get shut down. But the malicious actor still gets to keep all the crypto that they mined.

Randall recently read an article where malicious actors used AI to mimic the voice of a CEO, then called the CFO and used that AI voice to get a wire transfer. He doesn’t consider that a deep fake, but he thinks deep fakes will get more common. Cloud platforms provide a virtually unlimited amount of computer power to whoever will pay for it. Using cloud technology, they can create whatever they want and use it however they want. Once the technology allows real-time deep fakes, the old advice to get someone on a video call to make sure they’re not a scammer won’t work.

​Backups are essential for cloud data security

In the cloud, once it’s deleted, it’s gone. Part of having good cloud data security is making sure anything essential is backed up.

Part of having good cloud data security is having good backups.

There’s no guarantee that your cloud service is backed up by default. Some are, but it depends on the service. For AWS, S3 servers are backed up in multiple data centers in multiple locations. EC2 instances are just in one data center unless you paid extra to have it in multiple locations. It’s a risk to put everything into a single system because something could happen to that system. Cloud services make backing everything up easier.

If you have your own data center, you have to have your own physical backups of all your servers. In the cloud, it’s just an extra fee to get your data into multiple data centers in case something goes wrong.

That’s one of the things I do like about cloud computing: It builds in Disaster Recovery.

Dr. Randall Magiera

Cloud disaster recover options also make it easy for IT to have that conversation about backups and disaster recovery with management. When all you need to do is look at a chart of fees and what you get for each fee, it’s easy to determine what the company wants, needs, and is willing to pay for.

Once you have that backup, though, make sure you test it. If something goes wrong and you need those backups, that’s the worst time to find out the backups weren’t written properly or aren’t functional. If you’ve been paying for these backup servers and they don’t actually function, you didn’t need to be paying for them.

Test your backup, test your disaster recovery, and make sure you actually have something that functions.

Dr. Randall Magiera

Dr. Randall Magiera is a professor at Tulane School of Professional Advancement. You can find him on LinkedIn, and he’s always happy to answer questions and chat about IT and cybersecurity. He also encourages anyone interested in cybersecurity to check out the program at Tulane School of Professional Advancement.

Related Articles

All
  • All
  • Easy Prey Podcast
  • General Topics
  • Home Computing
  • IP Addresses
  • Networking
  • Online Privacy
  • Online Safety
Stuart Madnick has been in cybersecurity since 1974 and knows a lot about the costs of cyberattacks.

The Cost of Cyberattacks: Minimizing Risk, Minimizing Damage

Most of us view the internet as a useful and benign tool. But in many ways, it’s…

[Read More]

How to Keep Your YouTube from getting Demonetized

You finally did it–you hit all of the markers for acceptance in the YouTube Partner program, and…

[Read More]

How to Stay Out of Facebook Jail

Many of us have been there before–behind the proverbial bars of social media punishment. We’re left shocked…

[Read More]
Lisa Plaggemier's job is to promote cyber security awareness.

Cyber Security Awareness for Everyone

You can do anything on the internet – shop, bank, meet your future spouse, become famous, and…

[Read More]

Cyberbullying Prevention: What Parents Can Do

It’s very easy for anyone to create a fake online profile and say or do mean things…

[Read More]
Lost iPhone

Lost iPhone? If It’s Missing, Look Up to the Cloud for Help.

Here's an important piece of advice: You need to learn what Find My and iCloud.com can do...

[Read More]