“It’s everywhere and everyone’s using it.” That’s how one web-hosting resource describes cloud computing—and it is only a slight exaggeration. Upwards of 90 percent of business enterprises use cloud services for functions such as storing data, hosting email servers, integrating supply chains and managing workloads.
The bad news: Cybercriminals also are big fans of cloud computing. Their activities appear to have tripled during the coronavirus pandemic as companies cope with the complexities of having employees work remotely. There’s even greater risk for cybercrimes such as identity breaches, ransomware threats and the theft of company secrets. As the National Security Agency (NSA) has noted, companies may invest in cloud services that promise to enhance cybersecurity, only to find that the cloud poses hazards of its own.
With apologies to the Rolling Stones, telling hackers to “get off of my cloud” isn’t a workable strategy. But other tactics are worth considering to help safeguard functions and resources entrusted to the cloud—before cybercriminals succeed with strategies of their own.
Cloud Computing Basics
As metaphors go, the cloud has been a tremendous success. It conjures up an image of a beautiful place in the sky, where valuable information is kept safe from earthly perils. Nice picture, though the cloud really refers to a collection of servers and networks spread among various geographical locations, promising constant, reliable support for companies’ computing functions.
It’s not clear which entrepreneur or tech whiz came up with the term “cloud” to describe those functions. But it’s clear that since cloud computing emerged as a technology in the late 1990s, and became a buzzy term around 2006, it has largely lived up to its promise. According to one estimate:
- The cloud service market (worldwide) is estimated to exceed $623 billion by 2023.
- Half of businesses spend more than $1.2 million a year on cloud services.
- As of 2019, the manufacturing industry expected to spend more than $5 billion annually on cloud services.
How does cloud computing figure into manufacturing? Extensively, because so many industrial operations are computerized. This affects not only office tasks like payroll and email, but plant functions such as alarms, sign-in systems, data sharing between machines, and sensors that boost efficiency on product lines. Cloud computing is a scalable resource that enhances innovation and competitiveness, according to the Information Technology & Innovation Foundation.
In a 2017 report, the foundation underlined cloud computing’s role in operations, supply chain integration, product design and fabrication, and even influencing how consumers use their products. With cloud resources, even small manufacturers can access new production systems including 3D printing, the internet of things (IoT) and industrial robots.
Great Potential, Rich Targets
One reason managers welcomed the cloud is that they recalled what their data processing operations used to look like. For many industries, it was a gigantic room, cool and dimly lit, filled from floor to ceiling with shelves of humming servers. When something went wrong with the equipment in that room, people lost their internet, operations skidded to a halt and email went down. Then everyone had to wait until the I/S staff fixed the problem.
Cloud computing providers like Microsoft—a major player in the industry with its Azure business—sold the cloud as a dependable alternative to all that. Local problems like a hardware glitch or severe weather matter much less when operations are backed by multiple off-site servers. Azure proclaims selling points ranging from cost-efficient storage of massive amounts of data, to machine learning and artificial intelligence to aid decision-making.
Cloud computing providers also promise enhanced security. But it’s a mistake to regard the cloud as an unassailable citadel protecting all your data 24/7. Cybercriminals, including malicious nation-state actors, use the same types of tactics with cloud systems as with other data systems, and for the same reasons: to steal money and secrets, disrupt operations, and glean information they can use or sell. Cloud systems are just another rich target.
In one case, hackers were able to drill into the email of a CEO planning to make a major purchase of robotics equipment. Replicating the seller’s credentials, they sent a phony invoice to the CEO and received a payment of $50,000.
In two other cases, mentioned in an NSA report, publicly accessible cloud storage exposed sensitive data and authentication credentials from the National Geospatial-Intelligence Agency (NGA), and data meant for the United States Central Command (CENTCOM).
Hackers’ tools allow automated efforts to repeatedly probe cloud-based data for passwords and other credentials. Eventually, some of these efforts will pay off. Withholding or freezing data for use in ransomware threats is more difficult with the cloud—but not impossible.
Best practices can guide manufacturers in safeguarding their data. These strategies are prudent whether or not a company has vast resources in the cloud:
- Schedule updates and take them seriously. Old passwords and outdated usernames have put out the welcome mat for many a hacker who discovers them.
- Train employees to be aware of cybercrime threats. During the pandemic, they might even be encountering tactics such as phishing that are disguised as health information or offers of cool face masks.
- Limit the number of people who have access to data systems. That means fewer chances for breaches that could imperil company data or halt operations.
The NIST Cybersecurity Framework is a helpful source of recommendations on cybersecurity best practices, as is the Center for Internet Security. Manufacturers also need to assess their security protocols regularly and stay on top of current threats, whether they have an internal I/S team or are working with an cybersecurity consultant.
A Flexera survey found that companies planned to increase their spending on cloud computing services in 2020 because of significant pressures to support employees working remotely. It may be unavoidable, but that trend brings hazards including connection difficulties, missed system updates, viruses spread from interactions with home devices, and the distractions of working from home.
Numerous tools are available to help cloud service providers bolster security, but that doesn’t mean they’re all being used effectively. For example, third-party software, which may be sourced from anywhere in the world, could pose backdoor threats to a company’s supply chain, the NSA warns.
The NSA report cited above suggests strategies to mitigate possible vulnerabilities in the cloud, including:
- Monitoring the provider’s responses to threat incidents that have occurred.
- Checking that cloud services are configured to minimize threats—limiting shared access between cloud resources.
- Enforcing data encryption when necessary for extra protection of sensitive data.
“The cloud” has always been a lofty metaphor for a very down-to-earth set of challenges. Innumerable functions of business and industry have become computerized, and all that technology has to reside somewhere. Cloud computing offers an appealing alternative to maintaining a huge room full of banks of equipment that must be serviced by internal staff.
The cloud is here to stay, but it is not an impenetrable fortress. Companies should view cloud computing as a process—and a partnership. Taking extra steps for cybersecurity can help safeguard data and operations from criminals who can’t wait to use the cloud’s extensive resources for their own sinister purposes.