Nowadays, more and more businesses are shifting to the cloud as it benefits them in their businesses by giving a computational power residing on the internet. This appealing idea has attracted many enterprises to opt for cloud computing.
According to IBM’s Cloud Security Adviser, Martin Borrett, the word “cloud” itself is to blame for sounding much more transient than it really is. He said that a common false impression about the clouds exists that they are fluffy; however, clouds need not have to be nebulous.
Researchers have proved that the clouds are anything but hazy and mysterious. Enterprising scientists of Germany and Finland have discovered that the computing servers offering on-tap processing power can be identified. They have programmed software tools able to distinguish individual servers making a cloud and inquire about the chip running on that computer.
These findings are of great value as chips with great processing power can do the job more quickly. Most of the cloud service providers charge per hour which accumulates to a considerable saving. As per researchers, the estimate is up to 30%.
However, clouds aren’t as insubstantial as the name suggests. Unlike their frail namesake, they can be found and targeted. This is terrible as hackers can identify a thin line amid cross-examining a computer and bullying it to reveal the details that can help control or assist a further attack.
From the University of North Carolina, the researcher Yingian Zhang and his mates from Wisconsin and security firm RSA have already displayed how this can offer a route Shack a cloud.
The technique implemented by the team is complex, but reveals how hard servers are being employed in a specific cloud.
Zhang informed the BBC that the resources that they used were shared and it’s more likely that some of the information gets leaked. This is important as the computational tasks from various clients are operated by many cloud service providers on a single hardware. A company is usually unaware with whom its data is getting shared, as it can be anything; a bank, a bookshop or a person with wrong intentions.
Zhang further said, “Using the same resources is key to the cost and business model of cloud firms.” He further added that after getting to know how servers run under various situations, clues are provided on the kinds of tasks performed by them. These clues may prove useful for attackers as it could drastically lessen the likely combinations they need to decrypt the data or scramble the key.
The realization that now clouds can be detected, cross-examined and possibly attacked has given rise to a range of initiatives aiming to make the processing on clouds less vulnerable and more secure against cyber threats.
Pravin Kothari, the head of CipherCloud offering software to organizations for scrambling the data that is being saved and processed in a cloud said, “Outsourcing your data cannot remove the obligation to protect that data”. He explained that the reservations about the security of important business data on cloud had the power to decrease the progress of employing the technology.
Stephen Schmidt, security head for Amazon Web Services said, the attack setup by Zhang and his mates can only operate in the lab, as for the bad guys the potential security worries suggested by nifty researchers are yet to be experienced. “Those kinds of attacks tend to be more theoretical than practical.”
Nonetheless, security of data processing in the cloud shouldn’t be taken lightly. “All day, every day, Amazon rescues its clients to overcome cyber attacks of all sorts”, said Schmidt.