Popular articles

Aerial view of city for a cloud concept | Netsheria Legal Articles on Cyber Security

Nuts & Bolts of Cloud Computing & Cyber Security in Kenya

Introduction 

Cloud computing is the delivery of different services through the internet through resources including tools and applications such as data storage, servers, databases, networking and software. It is referred to as cloud computing as the information accessed is found remotely in the cloud or a virtual space. Users store files and applications on remote servers and then access all the data via the internet hence allowing the user to work remotely.  

Types of Cloud Services

Cloud computing services provide users with a series of functions including; email, storage, backup and data retrieval, creating and testing apps, analyzing data, audio and video streaming and delivering software on demand. This may be done through public, private or hybrid clouds each of which is different from the other. 

Public clouds provide their services on servers and storage over the internet where clients access services through accounts. Private clouds are reserved for specific clientele where the firm’s data service center may host the cloud computing service. Hybrid models are a combination of both public and private services which allow users more flexibility and helps optimize user’s infrastructure and security.  

Types of Cloud Computing

Unlike a single piece of technology, cloud computing comprises of three services: software-as-a-service (SaaS), infrastructure-as-a-service (IaaS) and platform-as-a-service (Paas). 

1. Software-as-a-service (Saas) 

It involves licensing of a software application to customers where the license is provided through a pay-as-you-go model or on-demand such as Microsoft Office 365. 

2. Infrastructure-as-a-service (Iaas) 

It involves a method of delivering everything from operating systems to servers and storage through IP-based connectivity as an on-demand service. Clients avoid the need to purchase software or servers and instead procure the resources in an outsourced, od-demand service such as IBM Clod and Microsoft Azure. 

3. Platform-as-a-service (Paas)  

It shares some similarities with SaaS where the primary difference is that instead of delivering software online, it is actually a platform for creating software delivered via the internet such as Salesforce.com and Heroku. 

Cloud and Cybersecurity 

Cloud security refers to the measures undertaken to protect digital assets and data stored on cloud-based services such as two-factor authorization (2FA), use of virtual private networks, security tokens, data encryption, penetration testing, obfuscation, firewall services and avoiding public internet connections.  

Major threats to cloud security include data breaches, data loss, account hijacking, service hijacking, insecure application program interfaces (APIs), poor choice of cloud storage providers and shared technology can compromise cloud security. Denial-of-service cyberattacks prevent legitimate users from accessing a computer or network. Distributed denial of service (DD0S) attack overwhelms a service with data so that users cannot access their accounts, such as banks or email accounts.  

Cyberattacks impeding cybersecurity fall into three main categories: criminal, personal or political. Criminal motivated attacks seek financial gain. Personal attacks may occur when disgruntled persons seek retribution, steal money or data or simply wants to disrupt a company’s systems. Sociopolitical attackers also known as hacktivists seek attention for their causes.  

Cybersecurity on the other hand refers to measures taken to protect internet-connected devices, networks and data from unauthorized access and criminal use. These measures include preventing, detecting and responding to cyberattacks. Encryption and use of antivirus software may be used to prevent and detect suspicious activity online and block most software attacks.  

Types of Cyberattacks

1. Phishing 

This is where and email or text appears to be sent from a reputable source to trick the recipient into sharing sensitive information such as login credentials or to install malware on the victim’s device.  

2. Malware 

Malware such as viruses, worms, spyware and ransomware are malicious software intended to cause damage to a device or network. It can find its way onto devices when a user clicks a link or attachment that installs the malicious software. Malware blocks access to key components of the network, covertly obtain information by transmitting data from the hard drive, disrupt components and render the system inoperable. 

3. Eavesdropping attacks 

This is where a hacker intercepts, deletes or modifies data as it is transmitted over a network by a connected device. It occurs when a user connects to a network that is not secured or encrypted and sends sensitive data to somewhere else. 

4. Denial of service attacks (DoS) 

These attacks target devices, information systems and other network resources to prevent legitimate users from accessing services and resources. The server and host are flooded with traffic from a single location to the point that it becomes inoperable and crashes.  

5. Distributed Denial-of-service attacks (DDoS) 

These attacks are similar to Dos, only that the attack comes from multiple remote machines which can be deployed much faster and with more traffic making them harder to detect than DoS attacks. 

Conclusions

Due to ongoing and increasing cybersecurity threats, the tech industry and players need to constantly adjust to new technologies and developments to stay one step ahead as hackers also adapt their methods to new forms of cybersecurity and render previous measures ineffective.  

Netsheria LLP International, a provider of strategic legal expertise and analytical capabilities for tech startups and SMEs remains your dedicated partner in your business growth journey while ensuring your technological intellectual property is safeguarded from infringement.  

Join us in our next part of this series where our lawyers discuss on Cloud Computing Agreements and Contracts, their use, terms and conditions and key clauses to look out for in such agreements. 

To learn more about how Netsheria can help you secure your digital assets, visit our website or contact us today via Email.

Looking for more?

We provide all the legal insights for your business.