“12 Risks, Threats, & Vulnerabilities in Moving to the Cloud”

In “12 Risks, Threats, & Vulnerabilities in Moving to the Cloud,” Timothy Morrow makes an in-depth analysis of the risks associated with the recent shift to cloud computing, and the increased use of applications provided by cloud service providers. Morrow outlines the legal, financial, technical, and commercial implications of organizations failing to make fully informed decisions when deciding whether or not to shift their operations to the cloud. Such poorly informed decisions expose both their establishment and their users to a myriad of potential cyberattacks. While many of the vulnerabilities stated by Morrow can be applied to general information technology data centers, some are unique to the development and possibilities enabled by cloud computing alone. The rise of this unique type of cyberthreat, those specifically associated with the cloud, is evidence of the fact that new methods of cybercrime evolve alongside the development of computing practices/services that are intended to be more practical and secure than those that already exist.

A main factor behind the unique cyberthreats that arise from the use of cloud services is the transfer of responsibility for policy and infrastructure from the organizations requesting cloud services, to the cloud service provider. This transfer allows for reduced visibility on the organization’s end and less transparency on the end of the cloud service provider, which creates many new vulnerabilities in data transfer, the organization’s control over data and associated procedures, along with new opportunities for attackers to exploit these vulnerabilities. The mere implementation of cloud infrastructure places a bulk of the responsibility on the cloud service providers to manage tasks that would normally be managed by the organization, such as data deletion, protecting the internet-accessible management APIs, and ensuring the on-demand resources provided by the cloud service are being accessed by authorized users. These issues require a careful and foolproof implementation of the cloud infrastructure, which can never be guaranteed. As a result, cyberattacks such as mass data breaches are increasingly occurring today as a result of attackers exploiting these vulnerabilities in the cloud platform, where organizations evidently have a “blind spot” in their operations. Morrow’s informative piece calls attention to these specific areas of interest in which IT departments at large organizations and corporations should place extra emphasis on security, and partake in careful consideration when deciding whether to place the most essential parts of their operations in the hands of cloud service providers.