Vulnerabilities and Enterprise risk management of Cloud Storage Services

Enterprise risks management framework

Business News Daily reports that by 2016, cloud computing is set to grow into a promising $150 billion industry. That’s a lot of data and a whole lot of empowered users syncing, sharing, and collaborating on various Web-based files. There’s a price, however, that comes with the convenience of having real-time access to your files through a variety of internet-enabled mobile devices. The security of your data can be compromised by the inherent vulnerabilities of cloud storage services. So, it helps to know more about the enterprise risks management, so you can better protect your important data on the cloud.

Two User Activities that Can Weaken the Security of Your Cloud Storage Account

 

Three of the most popular cloud storage vendors–Google Drive, Microsoft SkyDrive, and Dropbox–were studied by a team of researchers from the A*STAR Institute for Infocomm Research based in Singapore. Their findings were detailed in a paper that appeared in a 2013 issue of the journal, IEEE Pervasive Computing. The researchers discovered that all three cloud storage services possess potential security loopholes that can be worsened by two specific user activities–file-sharing through private URLs and using shortened URLs.

good Enterprise risks management framework

There are many advantages to sharing files compared to working with email attachments. When you share files through your cloud storage account, you are not often bounded by file size restrictions. You can also set a file’s access level to public, private, etc. The researchers from the A*STAR Institute for Infocomm Research, however, found out that sharing secret URLs can undermine the security of cloud storage accounts. This is because URLs end up being saved in browsing histories, bookmarks, and network-based servers, thereby giving numerous third parties access to what should have been private data.

 

In addition, the use of URL-shortening services poses a risks management framework. According to the researchers, when a URL is shortened–even if the URL leads to a file that is privately shared through a cloud storage account–the address is rendered into a plain text format that is stripped of encryption. URLs of this kind are then made vulnerable to brute-force attacks. Thus, it is best to retain the original URL each time you share files with your friends and colleagues.

 

A Zero-Knowledge Cloud Environment Cannot Be Completely Guaranteed

 

Business and individual users who upload and backup sensitive data to their cloud accounts are comforted by service provider claims declaring complete confidentiality–meaning, the cloud storage vendor’s own employees have no ability to access or view client data. This confidentiality is typically asserted by providing encryption to users’ files before they are uploaded to the cloud servers.

functional Enterprise risks management framework

According to the findings of two researchers from the Johns Hopkins University’s Information Security Institute, complete confidentiality cannot be guaranteed by cloud storage vendors. Computer scientists Duane Wilson and Giuseppe Ateniese uncovered that complete confidentiality is only possible for users who don’t share data with other users through the cloud storage service. The moment a client shares data, the service provider is granted a loophole for which to access and view the said client’s information. The complicated mechanism of how file-sharing creates a breach in what is supposed to be a zero-knowledge cloud environment is detailed in this archived 2016.

One Response to Vulnerabilities and Enterprise risk management of Cloud Storage Services

  1. Kate Mail says:

    We cannot trust cloud too much. Binfer does not store files anywhere. It is a better “cloudless” way to share data securely. Obtain from here: binfer.com/download

Leave a Reply

Your email address will not be published. Required fields are marked *