Security and Risk in the Cloud

By: Dean Henry | Director, Information Security

What can racy celebrity photos teach us about cloud security?

At the end of August, private photos of Oscar-winning actress Jennifer Lawrence, and potentially 100 other celebrities, were posted on the Internet. While scandals involving photos of celebrities are nothing new, these photos were actually taken by the celebrities themselves. The individual who posted the photos allegedly gained access to them by hacking Apple’s iCloud interface. Apple denies that a hacker accessed its internal systems, and maintains that the hacker gained access to the celebrities’ accounts through targeted attacks that revealed the celebrities’ user names, passwords, and security questions.

The incident has made sheepish selfie takers consider the security of cloud-based networks for the first time. While embarrassing for Apple and the celebrities, security breaches for businesses that use cloud-based services can have serious financial implications. Despite the vulnerabilities illustrated by the celebrity hacking scandal, there are many precautions that cloud-based businesses and their customers can take to protect their information from online security threats.

Understanding the threats to cloud-based businesses requires a general understanding of how cloud computing works. Cloud computing refers to hosting software applications and processing and storing data remotely. There are three main benefits of cloud computing. First, users can access their data from any computer with an Internet connection. This feature allows users on the same network to collaborate, communicate, and execute more effectively because they are not restricted by having to work at a specific physical location or computer. Second, users can access programs that execute complex tasks beyond the capabilities of any typical computer. Third, since the processing and storage of information happens at a remote server, the user does not have to sacrifice space on their machine to store data. These features have redefined how businesses operate by providing access to significant computing power in a cost-effective manner.

Businesses that provide cloud computing services use one of three models. Infrastructure as a Service (IaaS), allows customers to setup networks, process data, and store information using the cloud. The other two models use the infrastructure maintained by IaaS businesses. Platform as a service companies (PaaS) use the cloud’s capabilities to develop platforms from which their customers can access specific tools, software, and services. The third model, Software as a Service (SaaS), provides customers access to specific software applications housed in the cloud.

Each cloud-based service model has specific security concerns. Vertex Cloud offers a SaaS solution and employs a number of security measures to protect client data from physical and web-based threats. Leveraging cloud computing, the Vertex Cloud solution produces tax calculations and returns with unprecedented speed and accuracy. The system encrypts incoming customer data using Secure Sockets Layer (SSL), a cryptographic protocol designed to provide secure communication over the Internet. Customers can instantly access their taxation information through the TaxCentral web portal, and a complex password is required to ensure only approved parties can access customer data. Vertex Cloud uses external vulnerability scanning to remain vigilant of system vulnerabilities that attackers could exploit to access customer information.

The Vertex Cloud solution is hosted by a managed cloud service provider IaaS environment that is PCI compliant. Vertex Cloud has additional safety features to ensure its application is protected from external security threats that might affect our hosting service. For example, Vertex Cloud maintains separate software testing and production environments, limiting internal access to sensitive information. The Vertex Cloud solution is protected by network firewalls and leverages a software development framework with strong security patterns to provide another level of security.  Also, Vertex Cloud monitors reports of security vulnerabilities and strives to add features that increase security capability.

There are steps everyone can take to minimize potential threats and Vertex Cloud asks its customers to follow a few simple steps to protect personal information while using the TaxCentral solution. First, change passwords frequently and never share passwords with anyone. Second, control who has access to sensitive business information by promptly removing access of departing employees, or employees that no longer require it. Third, never reveal passwords or credit card data to anyone over the phone or via email. Lastly, keep computers or tablets protected with current updates and anti-virus software.

By partnering to maintain cloud security, Vertex Cloud and its customers work together to minimize threats inherent in working in the cloud.

Please remember that Vertex Cloud provides information for educational purposes, not specific tax or legal advice. Always consult a qualified tax or legal advisor before taking any action based on this information.