Cloud services that aren’t properly managed can ‘leak’ data into the wrong hands.  This is something all businesses must avoid……

The big idea
Organizations’ failure to properly manage the servers they lease from cloud service providers can allow attackers to receive private data, research my colleagues and I conducted has shown.

Cloud computing allows businesses to lease servers the same way they lease office space. It’s easier for companies to build and maintain mobile apps and websites when they don’t have to worry about owning and managing servers. But this way of hosting services raises security concerns.

Each cloud server has a unique IP address that allows users to connect and send data. After an organization no longer needs this address, it is given to another customer of the service provider, perhaps one with malicious intent. IP addresses change hands as often as every 30 minutes as organizations change the services they use.

When organizations stop using a cloud server but fail to remove references to the IP address from their systems, users can continue to send data to this address, thinking they are talking to the original service. Because they trust the service that previously used the address, user devices automatically send sensitive information such as GPS location, financial data and browsing history.

Why it matters

Smartphone users share personal data with businesses through the apps they install. In a recent survey, researchers found that half of smartphone users were comfortable sharing their locations through smartphone apps. But the personal information users share through these apps could be used to steal their identity or hurt their reputation.

Personal data has seen increasing regulation in recent years, and users may be content to trust the businesses they interact with to follow those regulations and respect their privacy. But these regulations may not sufficiently protect users. Our research shows that even when companies intend to use data responsibly, poor security practices can leave that data up for grabs.

Users should know that when they share their private or personal data with companies, they are also exposed to the security practices of those companies. They can take steps to reduce this exposure by reducing how much data they share and with how many organizations they share it.


Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore Ullamcorper eget nulla facilisi etiam

Malesuada bibendum arcu vitae elementum curabitur. At tempor commodo ullamcorper a lacus vestibulum sed. Nullam ac tortor vitae purus faucibus ornare. A condimentum vitae sapien pellentesque habitant morbi tristique. Iaculis at erat pellentesque adipiscing commodo elit at imperdiet dui

Et malesuada fames ac turpis egestas integer eget aliquet nibh. Ut enim blandit volutpat maecenas volutpat blandit. Elementum sagittis vitae et leo duis ut diam. Tellus mauris a diam maecenas sed enim ut sem. Neque ornare aenean euismod elementum. Maecenas accumsan lacus vel facilisis. Adipiscing commodo elit at imperdiet dui accumsan sit amet Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Malesuada fames ac turpis egestas maecenas pharetra convallis posuere morbi. Iaculis eu non diam phasellus vestibulum lorem sed risus ultricies. Vel eros donec ac odio. In ante metus dictum at tempor commodo. Id aliquet risus feugiat in ante metus dictum at tempor

What other research is being done in this field

Academics and industry are focusing on responsible collection of user data. A recent push by Google aims to reduce collection of users’ personal data by mobile advertisements, ensuring that their security and privacy is protected.

At the same time, researchers are working to better explain what applications do with the data they collect. This work aims to ensure that the data users share with applications is used how they expect by matching permission prompts with how the apps actually behave.