cancel
Showing results for 
Search instead for 
Did you mean: 

Storing Your Data in the Cloud: Lessons learned from the recent Dropbox Phishing Scam

Level 9

Cloud technology has transformed the way we conduct business. Since its inception, Cloud technology has systematically dismantled the traditional methods of storing data (tape, hard disks, RAM, USB devices, zip drives, etc.) and replaced it with a more boundless storage environment. Now, the thought of storing proprietary data on a hard drive or local storage device seems “so last year.” The Cloud might be the latest trend in file transfer and storage, but in terms of security, it’s not exactly a vault-like storage receptacle.

For example, a phishing scam that targeted Dropbox resulted in a 350K ransomware infection and illegal earnings of nearly $70,000. In a similar incident involving note-taking and archiving software company, Evernote, hackers gained access to confidential information, email addresses, and encrypted passwords of millions of users at the California-based company. Evernote also offers file transfer and storage services.

A recent survey, conducted by F- Secure, indicated that 6 out of 10 consumers were concerned about storing their confidential data with Cloud storage services. This survey also found that out of the varying levels of technology users, the younger, tech-savvy generation was the most wary of Cloud storage. The survey revealed that 59% of consumers were concerned that a 3rd-party could access their data from the Cloud and 60% felt that the cloud storage providers might even be selling their data to 3rd parties for some quick bucks. In addition, other apprehensions were raised about the quality of technology used by these Cloud providers. Some recent security-breach incidents leads me to conclude that these concerns might have some merit.

Automated file transfer software not only simplifies and speeds up file transfers, it enhances the security of all file-transfer operations. This is important as data security is a high priority for all users. Unlike SaaS-based FTP services, Self-hosted FTP server solutions do not compromise data security and integrity by exposing your transferred and stored data to the Cloud.

A Self-hosted FTP solution is a safer option for transferring, storing, and accessing your confidential files and data. The following are some of the benefits of a self-hosted FTP solution:

  • Hosted on your premises and enables you to maintain the integrity of shared data.
  • Offers security for data that’s both at rest and in motion.
  • Offers internal resource protection (DMZ resident) enabling it to conceal internal IP addresses.
  • Provides granular access control.
  • Secures data transmissions with encryption and authentication features.

For an organization, Cloud-based storage services may be convenient, but the question is should you compromise on the integrity of your data. Data is precious. You need to ensure that your data is under the care of someone who is serious about its security and safety.

4 Comments
clubjuggle
Level 13

Anecdotes aside, I'd be curious to see empirical data supporting your claims. Self-hosted FTP solutions would be equally subject to brute-force attacks, unpatched vulerabilities, zero-day attacks, targeted phishing, social engineering, and as whatever attacks may be able to be leveraged against the OS of the server that hosts it.

A self-hosted solution is only as good as the security built into and surrounding it. The same is equally true of any cloud-service provider. The bigger issue here may be the use of consumer-grade cloud products in an enterprise environment.

amenon
Level 7

Hi Terry,

Thank you for your inputs on this subject. I work with the Product Marketing Team and we have a few numbers that may help us get a better insight into this subject.

Here’s a survey report published by Intel in May 2012. http://www.intel.com/content/dam/www/public/us/en/documents/reports/whats-holding-back-the-cloud-pee...

The report captures key findings from a blind survey of 800 IT professionals in four countries—China, Germany, the United Kingdom, and the United States—that provide insight into cloud computing  security concerns.

Refer Page 4: IT Security Issues: Traditional Infrastructure Compared to Cloud Infrastructure

Page 6: Executive Summary : which states : Regardless of the number of breaches they’ve experienced, 65 percent of IT pros who have had a security breach in the public cloud report that this number is higher than what they experience with their traditional IT infrastructure.

Page 10 : Gives you some stats: Number of Breaches: Public Cloud Compared to Traditional IT Infrastructure (in percentages as per the survey conducted)

Here’s also a Link to a very recent technical research conducted by the Scientists from John Hopkins University identifying the security flaw specifically with Cloud storage.

http://hub.jhu.edu/2014/04/16/cloud-storage-security-flaw#


Also including numbers from a few representative surveys.

Survey conducted by

Conducted/released in

Major findings

IDC

October 2008

Security concern was the most serious barrier to cloud adoption for organizations.

InformationWeek

2009 and 2010

31% of companies in 2010 viewed SaaS Apps as less secure than the internal systems compared to 35% in 2009

IDC (conducted in Asia Pacific)

April 2010

Less than 10% of respondents were confident about cloud security measures

Harris Interactive survey for Novell

October 2010

90% were concerned about cloud security.

50% viewed security concerns as the primary barrier to cloud adoption.

76% thought private data more secure when stored on the premises.

81% were worried about regulatory compliance.

Cisco's CloudWatch 2011 report for the U.K.(research by Loudhouse)

September 2011

76% of respondents cited security and privacy a top barrier to cloud adoption.

64% of respondents concerned about location of data

byrona
Level 21

A hybrid solution is to have a Cloud Service Provider build a dedicated environment with a secure FTP or file transfer solution for the client's specific needs.  This helps you avoid an on-prem solution if you are a company that doesn't have dedicated staff to manage the environment and avoids the problems associated with a cloud storage provider.

jkump
Level 15

This reaffirms my thoughts regarding securing the foundation operating system before adding applications.  Just securing the apps doesn't prohibit unexpected side effects bubbling up through the operating system.  I have been working a fair amount of my spare time in the microcontroller world on wired and wireless ethernet connectivity.  The interesting thing is that the TCP/IP stack is quite robust in these tiny devices and I have tried all kinds of penetration testing against them and I am glad that I have not been successful in defeating them.  I think maybe some of our critical systems that are both local and cloud based could learn from this.