USD

Data Can be Stored Safely in the Cloud… Really

By Carolyn Mathas

Contributed By Digi-Key's North American Editors

Cloud data storage continues to gain traction. Companies are opting for cloud storage as it provides a cost-effective, available, scalable, and resilient platform that enables them to quickly provision resources across multiple environments. The three cloud options, public, private, and hybrid, each have their own benefits as well as security strengths and weaknesses.

While large third-party cloud providers have the bandwidth necessary to focus on security, that’s not necessarily true of all providers. No matter the type of cloud environment, security vulnerabilities span insider threats, hijacked accounts, distributed denial of service (DDoS), passwords acting as the only defense, and ever-present malware. The simplicity of the cloud makes it vulnerable to a variety of malicious attacks. Monitoring, authentication, registration processes, and network traffic evaluation methods add levels of security detection necessary to eliminate the majority of cyber abuse.

Headlines vs. safe data storage

Clouds have had their share of security risks. Microsoft, Dropbox, National Electoral Institute of Mexico, LinkedIn, Home Depot, Apple iCloud, and Yahoo have all been home to some of the worst cloud security breaches to date. In 2019 alone, vulnerabilities include unauthorized access to data, staff, technology, and processes used by vendors. Maintaining availability and ensuring that downtime risk is minimized are the responsibility of the cloud providers. However, the blame typically falls to all parties involved.

Tightening up security can be handled in many ways. While the cloud provider supplies some level of security, it should be supplemented with additional measures. Security solutions companies can also be hired to beef up corporate protection. Ensure the accuracy of data so that data anomalies are truly found, rather than having incorrect information showing up on a server. Integrate and bring together your cloud information. Make sure that your efforts are ongoing, upgraded, analyzed as to how strong the protection is, and make changes when necessary.

Look for opportunities to promote greater integration. At the end of the day, you’ll have better luck providing end-to-end protection if you can work from a single console that offers a unified view into any clouds that you employ. You need a good third-party security tool to bring together those different environments. Remember the adage: buy cheap, buy twice. If you choose a solution just because it’s the lowest cost option out there, don’t be surprised when the results are less than optimal.

A plethora of available development options

There are new and stronger methods of keeping data storage safe. Here are a few examples.

Microchip's PIC-IoT WG development board connects 16-bit PIC applications to the Google Cloud. The board, shown in Figure 1, comprises a PIC microcontroller (MCU), a secure element IC, and a certified Wi-Fi network controller. The solution removes security vulnerabilities inherent in large software frameworks and real-time operating systems (RTOSs).

Image of PIC-IoT WG development board from MicrochipFigure 1: The PIC-IoT WG development board from Microchip enables designers to securely add cloud connectivity to next-generation IoT products. (Image source: Microchip Technology)

The PIC-IoT WG board connects through an online portal. Simple directions to make that connection can be found at www.PIC-IoT.com. The development board enables designers to add cloud connectivity to next-generation products by using the online portal where developers use the company’s popular MPLAB Code Configurator (MCC) to develop, debug, and customize their applications. The board enables the connection of an eXtreme Low-Power (XLP) PIC MCU with integrated core-independent peripherals and a secure element to protect the root of trust in hardware. The PIC-IoT WG development board is supported by the MPLAB X Integrated Development Environment (IDE) and MCC rapid prototyping tool.

Providing secure authentication is critical in this Edge-to-Cloud environment. The Microchip ATECC608A CryptoAuthentication device hardware-based root of trust combined with a Google Cloud IoT Core from the Google Cloud Platform or AWS IoT, delivers that necessary secure authentication (Figure 2). That security is delivered thanks to a cryptographic co-processor with secure hardware-based key storage for up to 16 keys. The use of the CryptoAuthoLib library enables an agnostic MCU choice.

Image of Microchip’s ATECC608A security crypto deviceFigure 2: Microchip’s ATECC608A security crypto device provides secure authentication for Google Cloud and AWS IoT platforms. (Image source: Microchip Technology)

Device certificates are provisioned in secure Microchip factories using Hardware Secure Module (HSM) networks in the ATECC608A. The secure element uses the device certificate and a random number generator (RNG), generating the private key inside the device at the factory so that private keys are never exposed to the user, the manufacturing process, or the software.

The high-connectivity STM32L4 IoT Discovery kit from STMicroelectronics gives developers building IoT devices the ability to rapidly connect their systems to cloud service providers. Designers can take advantage of ST’s X-CUBE-AWS expansion software to rapidly connect to the Amazon Web Services (AWS) IoT platform, and access tools and services in the Cloud, including device monitoring and control, data analysis, and machine learning.

Image of STM32L4 IoT Discovery kit from STMicroelectronicsFigure 3: The STM32L4 IoT Discovery kit from STMicroelectronics provides developers with a relatively easy path to connect their systems to cloud services. (Image source: STMicroelectronics)

Where are the risks?

According to a Cisco cybersecurity report, 31% of organizations have encountered cyber attacks and IBM estimates that 37% of security risks reside at the application layer. When using a cloud service provider, you are one of many that use the same Application User Interface, which may or may not be sufficiently secure from authentication to encryption. Remember that data can also be altered or deleted, rather than just taken. Ensure that the security offered by your provider is tight. Use authentication and encryption and know exactly what security is being offered by the Cloud provider, and how effective it has been to date.

Summary

Surprisingly, according to RedLock, a vendor that provides visibility and threat detection across an organization’s entire public cloud environment, 49% of databases are not encrypted and an average of 51% of organizations have publicly exposed at least one cloud storage service. Gartner asserts that through 2022, at least 95% of cloud security failures are predicted to be the customer’s fault. Additionally, Forrester maintains that 80% of security breaches involve privileged credentials. Clearly, blame can be shared between many places: cloud service providers and cloud service users being the chief culprits.

Of course, data must be encrypted, and multi-factor authentication must be implemented. However, keeping data safe also involves limiting access, testing existing security, and providing security training at every level of an organization. Choose to implement a robust cloud security solution that minimizes opportunities for criminal behavior and maintain an equal focus on corporate practices and policies that complement the efforts of cloud service providers. Furthermore, continually revisit those efforts, as security measures tend to evolve rapidly.

While it’s true that clouds, as with all data storage environments, have inherent risks, methods do exist to mitigate those risks. From less-expensive public clouds and their cost-saving benefits, to hybrid clouds where data is segregated as to risk, companies must make decisions based on the value of what is to be protected and implement technologies that can provide a high level of security.

Disclaimer: The opinions, beliefs, and viewpoints expressed by the various authors and/or forum participants on this website do not necessarily reflect the opinions, beliefs, and viewpoints of Digi-Key Electronics or official policies of Digi-Key Electronics.

About this author

Carolyn Mathas

Carolyn Mathas has worn editor/writer hats at such publications as EDN, EE Times Designlines, Light Reading, Lightwave and Electronic Products for more than 20 years. She also delivers custom content and marketing services to a variety of companies.

About this publisher

Digi-Key's North American Editors