Cloud computing enables us to be able to work on computer systems and networks on the go.  You are able to get the data you need, when you need it on-demand through various cloud technologies and platforms, and cloud providers like Natural Networks host these platforms and make them available to users when they’re needed.

On-demand cloud data comes in a variety of flavors, from data storage, to raw computing power, without direct active management by the user.  Cloud computing enables businesses to lease server the same way they lease office space.  It’s easier and more cost effective to lease computing power or servers for the time that it’s needed rather than purchasing these devices directly.  This way businesses don’t have to worry about owning, managing, and maintaining the servers.

Recent research has revealed potential security vulnerabilities however in this model, and if cloud data is not properly managed it can lead to serious security vulnerabilities and data exfiltration.

Risks Found in Cloud Data Management

Each cloud server has a unique IP address that allows users to connect and send data.  After a cloud customer no longer needs the server hosting their data, the cloud management company provides that storage and hence that unique IP address to another customer.  The new customer the cloud provider gives this space to may in-fact be a malicious actor.

When organizations stop using cloud servers but then fail to remove references to the IP address from their systems, users can continue to send data to the old address, thinking they are still communicating with the original service.

An attacker can take advantage of this through a method called “squatting” on the cloud; claiming an IP address to try to receive traffic intended for other organizations.  Due to the rapid turnover of IP addresses, there is little time to identify and correct the issue before attackers start receiving this data.  Once the attacker controls the address, they can continue to receive data until the organization discovers and correct the security hole.

A study of just a small fraction of cloud IP addresses found thousands of businesses that were potentially leaking data, including data from mobile apps and data that could be traced back to personal information.  The study found that information traversing through IP’s that were being squatted on leaked to whoever controlled the IP address.  Anyone with a cloud account could then collect the same data from vulnerable organizations.

Key Take Aways

Recent pushes by major cloud providers such as Google and Amazon Web Services are pushing to reduce the amount of data applications collect on their platforms.  Although it is ultimately up to the end user to ensure that the IP addresses and cloud providers are responsible and sanitized of any potential malicious actors.

More research is being conducted by security analysts on squatting attacks and other types malicious attacks that can exploit cloud services.  Natural Networks is a managed IT services and internet security provider expert.  We are always seeking ways to defend new threats and vulnerabilities, and work to ensure our clients data is always maintained with security best practices.  If you would like to learn more about how Natural Networks keeps your cloud data safe, give us a call today!