Newbie2Security: Is the Cloud Safe, Part III

0

Noun Monitor Cloud 66781
A reader asked a particularly complex question recently: “Is the cloud safe to use?”

In my continuing answer to that complicated question, let’s look at the cloud desktop experiences.

Cloud desktops are becoming more and more common as we move toward doing more within the cloud, as opposed to on our own networks and hardware. A cloud desktop is exactly what it sounds like; namely, a virtual desktop computer that runs within a cloud vendor and not on your own desktop, laptop, or tablet itself. They’re currently very popular for PC gaming when you want to play a very resource-heavy game and don’t own a powerful gaming desktop – or a PC at all. I myself use one to play PC games on my Mac (there’s a post on Paperspace and Parsec from a while back still posted here on the blog). While cloud desktops are incredibly useful, they’re still quite expensive to run and therefore not something everyone would use. That’s changing though, as prices come down just like all technology. This means you might be interested in using one in the near future if you’re not using one already.

If you do use or end up using a cloud desktop, its security is a lot different than using the cloud to sync data, or manage your Internet of Things (IoT) devices. Since a cloud desktop is an entire Operating System (Windows, Linux, etc.), it has to be secured in very much the same way as a desktop or laptop – but without the physical security you can put around a physical device you own and control.

So, how do you secure cloud desktops? Let’s take a look:

1 – Remember it’s a desktop. You should always keep your cloud desktop up to date with patches and fixes, and install and maintain an anti-malware tool on it as well. In much the same way as you would do these things on your own desktops and laptops, you must do them on cloud desktops too. Some service providers take care of some or all of these things for you; so check to see what they do in terms of updates and anti-malware and what you are responsible for yourself.

2 – The trust factor exists here too. Much like with IoT devices in the previous article, you have to know your cloud desktop vendor and put your trust in them. Most cloud desktop platforms are very new, so you won’t find a well-established company to go with; but you can research the company and find out if you should be trusting them. Where are they located? Is it in your country or off-shore? What back-end do they use to host their services – is it an established platform like AWS or RackSpace, or some cloud company no one has ever heard of? Who handles their billing – is it a reputable vendor like PayPal or directly with credit card companies (including all the Visa/MasterCard/Amex security methods) or with some payment provider no one has heard of? All of these questions can help you create a good profile of the company and their practices to base you trust decision on.

3 – Be careful what you put there. A cloud desktop can hold a lot of information on you. For example, if you use it for gaming, then the cloud desktop has your Steam and EA account info on there in all likelihood. It also might have billing information stored in memory when you buy things while you’re on the cloud desktop (like new games and software). That’s a bit of a problem, since you don’t have physical possession of the desktop itself, and won’t know if – for example – it’s stolen.

You can limit this liability by only logging into sites and applications you absolutely have to. Your Steam account is pretty much required, but you can turn on SteamGuard (two-factor login) to make sure no one can log in just by stealing the cloud desktop. You can also only update Steam and other payment information on your own desktop, rather than doing it via the interface on the cloud desktop. You can purchase games and other software on your own computer, get the access/registration keys via your own desktop email, then download the software and put in the key without having to put your credit card info into forms on the cloud desktop. For game apps like Steam and EA Origin, you can even make your purchases at their websites on your own desktop, then let the apps in the cloud desktop download the games next time you open the app there.

It’s also not necessary to even install or set up email apps/accounts on the cloud desktop at all – you can do that on your desktop or laptop and just cut and paste as required. Browsers don’t need to be synced to your Google/Apple/Firefox account, and therefore you don’t need to log into those services on the cloud desktop. Small steps like these don’t have a large impact on your cloud desktop experience and limiting what data is actually typed into or uploaded to the cloud desktop also limits what an attacker can get if they break in.

Cloud desktops can make life easier and open up the ability to do things you can’t do on your own desktop. As prices come down, they’ll become an option for more and more people – and a target for more and more attackers. Using them safely is very much possible, with a little strategy and forethought you can compute in the cloud with no problems at all.