Nick Gauthier

Expository Writing 110

Brooke Johnson

3/13/2017

Cloud Computing: Insecure and Undependable

The cloud: ubiquitous, but mysterious. The cloud is used by everyone on a hourly basis,

even if we arent aware of it. It stores documents, contacts, message logs, even your web history.

Holding this amount of information has inherent security risks, which are commonly ignored by

the average user. These risks can create situations that ruin lives, allowing strangers to access a

persons bank account, private business information, or private health records. The cloud is too

insecure to be used for sensitive data because of its insecurities.

The cloud is always vulnerable to data breaches. These breaches happen constantly, and

data is commonly leaked online, but sometimes the data is extremely sensitive. According to data

collected by Gemalto, there were nine-hundred seventy four data breaches across the world

during the first half of 2016, with a total of over five hundred thousand records breached (2016:

Its all about Identity Theft 2). This data includes records that are known to include email

addresses, passwords, dates of birth, and IP addresses. The idea that these breaches were

avoidable with good practice is false. These breaches were caused by the inherent security risks

in using the cloud. Ten percent of these breaches were caused by either a malicious insider or

sponsored by the state. The other breaches were caused by development edge cases, or social

engineering. These cases show how unreliable and insecure the cloud is.
 Gauthier 2

Due to the anonymous nature of the cloud, social engineering tactics are the easiest and

most popular way to gain access to the secured parts of companies networks. One of the most

popular types of social engineering, known as phishing, involves the deception of victims into

giving attackers their credentials or personal information, which can be used to gain access into

other sectors of their life. Symantec reported that the rate of phishing emails has steadily

declined, but not vanished. Approximately one in two thousand emails sent in 2015 were

phishing attempts, designed to trick the recipient into revealing private information (Wood 33).

While this data can be attributed to user error, it does not make the cloud any safer. Companies

are most vulnerable to this kind of attack, and while it can be avoided with good practice, a slight

slip of common sense can put a company out of business. This too should be recognized when

discussing the security and reliability of the cloud.

This is assuming the victim made a mistake. The victim may not have made any mistakes

at all. Data breaches require access to a device with access to the data, which may have been

compromised by social engineering, or malware. According to a report published by Symantec in

2016, four hundred thirty one million malware variants were observed in 2015. This was up

thirty six percent from last year (Wood 8). These put victims at huge risk of identity theft. The

most common solution one will hear to protect yourself from malware is to use anti-virus

software. This is not a good solution, as anti-virus software can make a computer run less

efficiently than without it, which is not a sacrifice businesses are will to take. In addition,

anti-virus software wouldnt be required if the cloud wasnt a necessary part of our ecosystem.

The fact anti-virus software is required to use the cloud demonstrates how insecure it really is.
 Gauthier 3

Looking at all of the risks associated with the cloud, it is not worth the security pitfalls.

This is not even discussing the legal risk that go along with signing all of your rights and data

away to a business. Is it possible to determine who is responsible for data? Is it even owned

anymore? If these questions cannot be answered, and it is deemed impossible to secure data from

attackers, there is no reason to continue with these practices. As important as the cloud has

become in society, it has become too dependant on it.

 Gauthier 4

WORKS CITED

2016: Its all about Identity Theft. Gemalto. Gemalto NV, 4 Sep. 2016, Accessed 27 Feb.

2017.

Wood, Paul. Internet Security Threat Report. Symantec. Volume 21, Symantec Corporation,

Apr. 2016, Accessed 2 Mar. 2017.