DEV Community

Cover image for Let's talk about cloud PC security and privacy
Amulya TG for Neverinstall

Posted on • Edited on • Originally published at blog.neverinstall.com

Let's talk about cloud PC security and privacy

According to Foundry's 2022 Cloud Computing study, 69% of companies accelerated their cloud migration over the past 12 months (in 2022), and the % of companies with most or all of their IT infrastructure in the cloud was expected to rise from 41% today to 63%.

While the exact numbers for 2023 aren’t in yet (it’s just March), the fact that cloud computing has become a priority for most tech-first (and even some with auxiliary tech assets) is undeniable. Back in 2022, Gartner, Inc. forecasted that worldwide public cloud spending in 2023 would grow 20.7% to $591.8 billion, up from $490.3 billion. Gartner also stated that by 2025, enterprises will spend more on public cloud services than traditional IT solutions.

Given these facts, it’s entirely natural for CTOs, cybersecurity experts, and even engineering managers to raise concerns about data security, privacy, and integrity in any cloud-based tech ecosystem – especially when access to the cloud is being provided by a third-party vendor like AWS, Citrix or Neverinstall.

🗣️
Note: In this article, I’m talking about cloud security in the context of cloud PCs i.e., virtual desktops accessed and operated on remote, cloud-based servers. Most of these principles apply across the board, but nonetheless, this article is meant to address data security and privacy in virtual workspaces on the cloud.

Cloud Security: What & Why

Thanks to the emerging trend of remote and hybrid work, workplaces are literally shifting to the cloud.

The cloud provides resilience, easy scalability, and a global employee pool; it is quickly becoming the foundational technology for “the future of work”.

However, the advantages of the cloud can be offset by certain vendors/cloud configurations without adequate in-built security fortifications. Enough breaches into confidential cloud repositories have also made cloud security a major talking point in all conversations around cloud computing and remote work.

The term “cloud data security” or “cloud security” refers to a combination of tools, policies, and protocols implemented to protect your cloud infra – files, applications, backend systems, entire desktops, as well as data and user access (often based on position).

Generally, IT security and data governance revolve around three principles, which also apply to cloud security:

  • Confidentiality: protect all data from unauthorized access and disclosure.

  • Integrity: safeguard all data from unauthorized modification so it can always be trusted at first glance.

  • Availability: ensure that all data is fully available and accessible when it’s needed, to the right people. Access must be based on an individual’s role within an organization.

All security protocols applicable to the cloud must protect multiple data types, the main categories being:

  • Data in use: Refers to data being used by any application/physical endpoint/user who has accessed it via legitimate authentication and access control gateways.

  • Data in motion: Refers to data being safe transmission and transport of sensitive, confidential and proprietary data via encrypted channels with adequate protections.

  • Data at rest: Refers to data being protected when it is stored in any network location, including (and in the context of this piece, especially) on the cloud. This requires appropriate access restrictions and user identity authentication implementations.

In its full scope, cloud security protects the following:

  • Physical networks: routers, electrical power, cabling, climate controls, etc.

  • Computer virtualization frameworks: virtual machine software, host machines, and guest machines

  • Operating systems (OS): self-explanatory

  • Middleware: application programming interface (API) management

  • End-user hardware: computers, mobile devices, Internet of Things (IoT) devices, etc.

  • Data: all the information stored, modified, and accessed

  • Data servers: core network computing hardware and software

  • Applications: traditional software services (email, tax software, productivity suites, etc.)

  • Runtime environments: operation and maintenance of a running program

    Common causes of cloud security breaches/inadequacies

  • Lack of regulatory compliance: Since organizations are legally required to comply with regulations like General Protection Data Regulation (GDPR) or the Healthcare Insurance Portability and Accountability Act (HIPAA), cloud computing must be equipped with additional features and safeguards that do what these laws require them to do.

  • Misconfigurations: Often the most common cause of vulnerability in the cloud, misconfigurations generally result in people getting needlessly permissive access to confidential data. If more people in a company have access to confidential data, that translates to more opportunities for human error or manipulation, putting the data at greater risk.

  • Unsecured APIs: APIs are needed to connect services and transfer data, but that also makes them gateways into secure data banks. If the APIs are unsecured themselves (which could happen to shoddy configuration, changes in data policy, or access privileges), they can reveal more data than intended, or give hackers a direct pathway to cloud repos with proprietary data.

  • Insufficient access control: Unless you have a deep, unwavering faith in your cloud provider (which I cannot imagine), you shouldn’t rely on the default access controls provided by the vendor. At the very least, your security team/expert should pour over every aspect of these controls to ensure that they meet your company’s hierarchical structure and data protection requirements.

Often, this due diligence is skipped, and you end up with insider threats who get data right off the cloud with their access. If they’re good enough, they can hide their tracks. And, you’re left with a massive breach that hurts your revenue lines and market credibility without knowing how to stop it from happening again.

Don’t forget that, as a company scales, they have to protect and secure data across multiple environments, cloud or on-premise. This comes with various security threats, such as:

  • No single team knows where all applications and data exist across the IT ecosystem.

  • If most applications and data are housed on third-party infrastructure, companies don’t have direct visibility into who is accessing, using and sharing said applications and data. They also cannot track which devices are being used for access, and from what location.

  • They have no insight into the specifics of how cloud providers are storing and securing their data.

Now obviously the answer is not to build your own on-premise cloud infra, mainly because it is not a feasible option, especially for small/mid-sized businesses. Additionally, just because you have more control over security with your own cloud servers doesn’t mean your data is safer. You still have to painstakingly implement (and update) guidelines against data loss, breach or theft.

So, what about a cloud PC vendor that actually does pay obsessive attention to cloud security and privacy?

Enter Neverinstall.

How Neverinstall secures your data on its cloud PCs

Neverinstall provides access to fully-functional, online, Linux-based desktops with pre-installed, pre-configured tools without requiring any installation or setup. All you need is a browser and an active internet connection. Using these cloud desktops has significant advantages, especially when it comes to cost-cutting, hiring employees globally, saving on purchasing high-end devices, and having greater control over the virtual ecosystem.

I’ve written plenty on the specific advantages of using cloud PCs. I won’t repeat them here (so as to stay on point), but if you’re curious, have a look at How businesses can leverage Cloud-native desktops to accelerate growth.

To dig into Neverinstall’s security mechanisms, I find it best to quote Neverinstall founder Ram Pasala’s answer on this Reddit thread:

Data privacy is the most asked question we get every day. To build trust at an early stage we have to cross many hurdles.

So let me tell you what measures we have taken so far.

All (cloud PC)sessions are ephemeral in nature. You are the sole owner of your data, delete or save the session.

We built security layers on top of cloud providers like Azure, and AWS so that even we cannot access your data.

We built abuse detection systems to detect mining and abuse of servers. Our scripts are evolving day by day.

We are partnering with cloud providers to conduct regular audits for any security breaches.

A Redditor asked for deeper dives into each point, which we were happy to provide. Once again, I’ll be quoting Ram (since his POV is the Neverinstall POV, isn’t it?).

(Related to ephemeral sessions) We do not collect any other P.I.I data.

(Related to security layers) Security layers are the systems and infrastructure we built on top of cloud providers’ infra to avoid any potential risks. The instances are isolated from each other in containers which do not share any data. Hence, these are ephemeral.
We’ve also built these instances as cloud agnostic which makes them not entirely depend on one single provider. The infra could be migrated automatically in minutes to another cloud provider if one fails.

(Relating to abuse detection systems) Aah, the pain the crypto miners gave us in the initial days forced us to build these systems. Basically, these are scripts that run on the instances, detecting any mining scripts used by miners which consume a lot of resources. These scripts immediately ban all such users.

We are exclusive partners with Microsoft Azure and talking to GCP as well. They will help us conduct security audits in all instances apart from their regular audits. They will also help us to build a secure infra and apply for data security compliances.

We have already started the process of applying to ISO 9000, SOC-1, SOC-2, and GDPR policies.

We also get a lot of feedback from developers that self-hosting would be ideal. This is what we are focusing on. We will soon be rolling out self-hosted versions of the streaming tech. In other words… BYOC – Bring your own cloud.

At Neverinstall, we are consistently interacting with our users for feedback, and seeking to implement measures that would make their experience more seamless and secure. If you have further questions about our security mechanisms, feel free to contact us. We’re happy to answer.

Summing Up

Gaps in cloud security doesn’t just lead to data loss, but also loss of customer trust, brand reputation, and business productivity. You cannot focus on optimizing your products or managing customer support when you’re trying to figure out who is leaking business data or why your users’ information is suddenly public knowledge.

In a world glued to screens, cloud security is non-negotiable. All the functionality and UX in the world cannot save you from customer withdrawal and revenue loss if you cannot protect your customers from unauthorized access to their cloud workspace.

At Neverinstall, every decision we make is done in light of its security implications. We provide cloud PCs that don’t just make your day-to-day work life easier. They also guard user data like their (virtual) life depends on it. And, we are very aware that it does.

If you’re convinced, or even curious, If you’re convinced, or even curious, why not give Neverinstall a try? Sign up today or write to us at sales@neverinstall.com to know more.

Top comments (0)