Cloud Computing and Internet Security

Cloud computing service providers (CSPs) differ in the capabilities, security and prices they offer. CSPs usually offer software as a service, platform as a service or infrastructure as a service. Most commonly, consumer use of CSPs is as a storage platform where they push digital pictures, music, and documents into “the cloud” and retrieve those digital files when they are needed at a smartphone or personal computer.

Cloud storage reduces the need for local storage, but that becomes relevant only for consumers who keep a lot of pictures, videos and music. The more salient advantage of cloud storage comes from versions that support file syncing, a service that keeps files aligned with the changes you make while using any of your devices. Well-regarded CSPs offering consumer services include — iDrive, Sugar Sync, Spider Oak ONE, Microsoft OneDrive, CertainSafe Digital Safety Deposit Box, Google Drive, Apple iCloud Drive, Box (personal) and Dropbox. Their prices run from free to a few hundred dollars per year.

Businesses have similar cloud needs. They welcome the remote storage functions, but they also use CSP’s webhosting, computing and software capabilities. CSPs provide remote operating and development environments where CSPs have provided sophisticated preparation and maintenance that keeps software updated to the latest versions. CSPs focus on exemplary high levels of service and security such as 99.99% uptime and full, round-trip encryption for your data.

An IT manager can give employees instant access to rock-steady business applications they may need in the cloud, simply by signing them up. CSPs maintain their customer workspaces and tools at highly secure levels. That background effort saves customer IT managers from the cost of staffing up with expensive technical skills. CSP’s technical specialists can work their magic and the benefit is shared among all the CSP’s customers. The largest CSPs focused on the business market include Microsoft, IBM, Amazon, Century Link, Oracle, Google, Rackspace, SAP, Salesforce and Verizon.

Large CSPs comply with the privacy and residency standards for multiple countries (USA, EU’s GDPR and Canadian residency). Most CSPs offer routine file backup and offsite storage. Many offer tools that protect personally identifiable information and transaction details. Some offer data replication across multiple datacenters. Some offer two-factor authentication, granular user permissions, remote wipe, custom passwords, expiry dates and notifications. Some CSPs aggressively monitor for evolving cyberthreats. They analyze attack data for billions of bot requests, scan for evolving distributed denial of service attacks and they identify potential new intrusion threats.

Most offer training courses for customer employees, helping them to avoid being tricked into revealing authentication tools, loaning credentials or downloading malicious data.

While CSPs outshine most of their customers in privacy and security, they can be a serious security exposure when they cave in to nation-state bullying.

The Telegram app offers optional end-to-end encryption, allowing all messages to be encrypted on the sender’s phone and decrypted on the receiver’s phone, which means that no part of the network can eavesdrop on the messages. Telegram has become a good example of censorship. Russia ordered Telegram to reveal messages it was carrying for political dissidents and journalists. Telegram refused to cooperate. Russia began blocking the IP addresses that Telegram used, but Telegram had acquired thousands of IP addresses and was able to hop from one to the next, leaving Russia scrambling to find the next end-point. The IP-hopping tactic did not disrupt service for Telegram customers.

Russia’s next step was to demand cooperation from the CSPs that Telegram uses. There are a limited number of CSPs of enough scale and geographic coverage to handle Telegram. Earlier, Russia demonstrated it was willing to endure the collateral damage to Russian businesses that a shutdown of CSPs would cause. That willingness to play hardball against CSPs creates a huge financial threat for the targeted CSPs. If they cave in, Telegram becomes nonviable, but if they resist, Russia can shut down datacenters or major network paths. That will decimate the CSPs’  businesses and disrupt their customers.

WhatsApp and Signal offer services similar to Telegram, but they are less tolerant of the shaky networks that Telegram can tolerate, so they are not a full substitute, even if their owners resist Russian orders. Earlier this year, Google and Amazon banned and blocked the practice of domain fronting,” a trick that anti-censorship tools (such as Tor) use to get around Internet censors by pretending to be other kinds of traffic.

Some large CSPs are compliant with the demands of heavy-handed censors such as China and Russia. When they concede to censorship, we lose privacy and freedom of speech. When they resist censorship, they make a big financial sacrifice and jeopardize the stability of services offered to consumers. There is no immediate remedy for aggressive censors.

FacebooktwitterredditlinkedinFacebooktwitterredditlinkedin