I just ran across this Wall Street Journal article: https://www.wsj.com/articles/ghosts-in-the-clouds-inside-chi…
The article is from December and talks to the success the Chinese intelligence service has had/is having breaking into cloud servers and stealing data from companies on those servers. Does Crowdstrike or ZScaler do anything to mitigate these issues? It seems to me that if this kind of thing can not be stopped that the entire cloud concept is in danger.
I appreciate any insights our board members have. I have tried googling for the answer but either the answers are beyond my comprehension, or only talk around the problem.
Thanks in advance,
Gordon
5 Likes
Can’t read the article, so don’t know the details. This limits my reply to conjecture and additional questions unfortunately. A big question on my mind is, does the Chinese attack allow them to get to any data from any customer on the cloud host? Or do they still have to hack customers one by one on that cloud? In other words, say the following three companies have data stored on AWS: Bob’s Accounting Services, Tax Services by Katy, and Medical Tests 4 U. Do the Chinese have a way to hack into AWS itself and get to all three company’s data? Or are they hacking into Bob’s company only on AWS, and can only get to Bob’s data?
To me the distinction is important. It reveals how large the possible breach can be.
Computer security is always going to be an issue. Sure, firms like Okta and Zscaler and others are helping those matters. But it cannot guarantee nothing bad will happen. It would not be good, however, if a breach at the source Cloud provider allowed access to any and all customer data hosted by the cloud provider.
This is the one thing that concerns me about the cloud, the possibility of a single point of incursion. One hopes that while individual customers might not be savy enough about their own individual security needs, at least Amazon, Microsoft and Google are.
Serious? Possible. But I don’t think it endangers the entire cloud concept however. What is Home Depot going to do, remove all their web hosting from AWS (or where ever) and host it on their own machines, that still, by necessity, need to be internet-connected in order to share data from store to store, and store to customer? No. Because that doesn’t actually solve any threat, just creates an inconvenience.
3 Likes
Found the article on my twitter mobil app and was able to read. Looks like this has been an issue for about 5 or 6 years and most of the cloud companies were deigning any breach or activity but the US government says otherwise since they have an interest to investigate for criminal activity and are concerned about there own move to the cloud. Not sure if the cloud security companies have made headway against the hackers linked to China, if so this could bode well for business.
It is also concerning on the flip side that this is an ongoing problem with the cloud. Once they are in the cloud the hackers can run around undetected and even store the stolen info in the cloud hidden for later retrieval. Could this possibly be a big negative event brewing and a big downer for cloud stocks in the future? Dont know but it has been going on for a bit and according to the article they haven’t seen much on what the stolen info has been used for. It hasn’t been found for sale on the dark web by the investigators. Would love to hear from others with more knowledge of the situation.
Chris
2 Likes
Bjurasz,
Try googling ghost in the clouds. You should find a readable link. Yes, once on the cloud they can ransack other companies’ data.
Gordon