What to consider for cloud data transmitted globally?
This is the last blog of a series of blogs discussing the globalization nature of cloud computing and its impacts on global commerce. In the first three blogs, I discussed the following areas:
- Overview of the globalization of nature of cloud computing and its major impacts
- The control of cloud computing and its impacts on different countries
- The global cloud infrastructure and its impacts on cloud data
In this blog, I will mainly explore the impacts brought by the global data transmission of cloud computing. Around the end of the blog, I will summarize my key points in the whole blog series.
As cloud data centers are geographically dispersed, data in the cloud is usually transmitted globally, and that global data-transmission nature of cloud computing brings various impacts to both cloud users and cloud service providers, and even the countries in which they operate.
On the user side, statistics indicate that in terms of data security, 65% of users are worried about data leakage and 60% of them are worried about data segregation (Selvamani & Rao, 2015). On the service provider side, we can look at the example of Amazon. In 2010, Amazon urgently “closed a security vulnerability that made it possible for attackers to steal user login credentials for the highly trafficked e-commerce website” (Goodin, 2010). That defect was found and reported by an external researcher.
Both the Amazon incident and the user concerns are closely related to global cloud-data transmission, so let’s look into the major challenges that it poses.
Challenges posed by global data transmission
In my last blog, I discussed issues related to cloud data, in a sense of static storage. This time I want to firstly look at the cloud data again, but in a more dynamic way. When data is transmitted in the virtual world, it flows everywhere, as shown in the image at the beginning of this blog. The virtual world is like our human society, in which not everyone is a “good guy”. In the virtual internet world, you may encounter people like hackers or cyber criminals. Then a question that will naturally come to our mind is: Is our data secure during global transmission? The answer is NO, because our data is actually challenged by various cyber threats.
In 2013, service traffic hijacking, which Amazon experienced in 2010, was identified as the third-greatest cloud computing security risk (Allouche, 2013). In addition to service traffic hijacking, there are many other threats that are related to data transmission, and among these threats, malware injection is another big one. Malware injection means “that malicious code can be injected into cloud services and viewed as part of the software or service that is running within the cloud servers themselves” (Ma, 2015). Research indicated that malware injection attack has become a major security concern in cloud computing (Chou, 2013). When cloud data is transmitted from server to server in the virtual world, it faces all these security threats, behind which stand the cyber criminals, who stare at your business-critical data with greedy eyes.
Secondly, various threats are also related to the channels and paths that transmit cloud data. As to the channel, internet is the key channel that connects users and and their cloud service providers. Thus the stability of internet greatly impacts the stability of cloud data transmission. Take New Zealand as an example. For now there is only one undersea cable that connects New Zealand to the outside world. It won’t be difficult to imagine what will happen to New Zealand cloud users if that cable is broken for any reason. The bandwidth of the data-transmission channel is another important factor to consider, especially for businesses that require fast data transmission. In my current project, cloud data is required to arrive at mobile devices within 200 ms, which greatly raises the bandwidth bar of the internet connection. If data does not arrive in time, the performance of the corresponding business applications will be negatively impacted.
In addition to data-transmission channels, the paths along which the cloud data is transmitted also require careful consideration. Paths can usually be divided into several segments, and the security for each individual segment needs to be considered. For example, the wireless connection from a mobile device to the wired network or the connection from a client computer to the cloud infrastructure can be considered different segments of the path. Ignoring any of those segments may expose cloud data to security risks from malicious parties. Moreover, data usually travels along a cross-border path, and when the data enters another country, the corresponding governing laws and policies might be very different. For example, digital rights protected in one county may not be protected in another. Therefore, laws and policies also play a role and must be considered. To further complicate the issue, there could be politicians standing behind the polices and laws, thus bringing in political factors into the picture.
Thirdly, data transmission may also pose accessibility challenges to the users who need to access the data. For example, if customers in China need to use cloud data located in a data center outside of the country, they will have to go through the “great firewall” set up by the Chinese government (Taneja & Xu, 2014), and the transmission flow may be blocked by that firewall. Another accessibility factor is the accessing speed. If the data is located in Australia, the accessing speed for Australian and New Zealanders might be satisfying but it could be a nightmare for European people.
Considerations for tackling the challenges
Facing the challenges brought by global data transmission, both cloud users and cloud service providers need to take measures to mitigate possible risks.
Cloud users need to consider the following major measures:
- Encrypt their data during transmission. Data encryption cannot completely remove the risk of data loss or malicious use, but it can at least raise the bar of related cyber crimes.
- Use secure transmission protocol. This is a good measure to ensure data security during transmission, as evidenced by Google, which started to redirect HTTP requests to HTTPS since July 2016 (Novet, 2016).
- Perform data integrity check in their cloud applications. This can help prevent issues early because data that has been changed during transmission will be identified.
- Carefully consider the data transmission channels and paths before formally adopting cloud solutions. For example, if their internet connection is not very stable, they may want to consider other solutions.
- Take measures to improve the data accessibility for their users. For example, with Amazon AWS, they can choose to cache the data to another data center that is close to customers in a different region.
- Make appropriate policy and law considerations when their data travels into another country. That can help them better protect their data from the legal and political perspectives.
Cloud service providers need to consider the following major measures:
- Enhance their system robustness so as to mitigate threats such as service traffic hijacking or malware injection.
- Provide data crypto and data caching services, and educate their users the importance of these services.
- Take international relationship and political factors into consideration when setting up their cloud infrastructure. For example, the “great firewall” in China is a good factor to consider when they deploy their services into that region.
- Provide special services to users that have special data security concerns. For example, Amazon provides the GovCloud, which is “an isolated AWS region designed to host sensitive data and regulated workloads in the cloud”, to satisfy the security needs of the US government (Amazon, 2016).
In addition to the effort of the cloud users and service providers, governments should also take measures in terms of protecting cloud data. For example, many service providers provide free trial for their cloud services, and cyber attackers just need a credit card number to gain access to cloud services (Chou, 2013). Establishing appropriate policies for such situations can better protect cloud data from cyber crimes.
Summary of this blog series
In this series of four blogs, I discussed the globalization nature of cloud computing and analysed its impact in the following areas:
Various issues are identified in each of these areas and corresponding recommendations are made to tackle the issues. There is no doubt that the cloud computing industry is growing extremely fast and more and more organization will adopt cloud computing solutions in their business operation. However, cloud computing also poses various challenges to users, providers, and different countries. In addition to the impacts brought by the globalization nature of cloud computing, I believe there are many other areas that require our attention. I hope that through my exploration, users, providers, and their countries can be aware of the identified issues and take corresponding measures to mitigate possible risks.
Allouche, G. (2013). How Safe is Your Cloud Data from Service Traffic Hijacking? Retrieved from https://cmsreport.com/articles/how-safe-is-your-cloud-data-from-service-traffic-hijacking--5653
Amazon. (2016). AWS GovCloud (US). Retrieved from https://aws.amazon.com/govcloud-us/
Breeden, J. II. (2014). FASP transfer protocol speeds data transmission to the cloud. Retrieved from https://gcn.com/Articles/2014/05/15/FOSE-Data-transfer-protocol.aspx
Chou, T. (2013). Security threats on cloud computing vulnerabilities. Retrieved from http://airccse.org/journal/jcsit/5313ijcsit06.pdf
Goodin, D. (2010). Amazon purges account hijacking threat from site. Retrieved from http://www.theregister.co.uk/2010/04/20/amazon_website_treat/
Ma, J. (2015). Top 10 Security Concerns for Cloud-Based Services. Retrieved from https://www.incapsula.com/blog/top-10-cloud-security-concerns.html
Novet, J. (2016). Google.com starts redirecting HTTP requests to HTTPS. Retrieved from http://venturebeat.com/2016/07/29/google-com-starts-redirecting-http-requests-to-https/
Selvamani, K. & Rao, V. (2015). Data Security Challenges and Its Solutions in Cloud Computing. Procedia Computer Science, 48 (2015), 204–209
Taneja, H. & Xu, A. (2014). Does the Great Firewall Really Isolate the Chinese? Integrating Access Blockage With Cultural Factors to Explain Web User Behavior. The Information Society, 30(2014–5), 297–309