Cloud computing allows organisations to store data and run systems on remote servers instead of local hardware. While this provides flexibility and scalability, it also introduces new security risks. In IB Computer Science, students are expected to understand what cloud security risks are, why they occur, and how they impact users and organisations.
IB examiners focus on risk awareness and responsibility, not cloud provider technical details.
What Is Cloud Computing?
Cloud computing involves:
- Storing data remotely
- Accessing systems over the internet
- Sharing infrastructure with other users
Users no longer control:
- Physical servers
- Storage locations
- Network infrastructure
This change in control creates specific security risks.
Loss of Direct Control
One of the biggest cloud security risks is loss of control.
In cloud systems:
- Data is stored on third-party servers
- Users rely on cloud providers for security
This means:
- Users must trust provider security practices
- Misconfigurations can affect many clients
IB students should explain that responsibility is shared, not removed.
Data Breaches
Cloud systems often store:
- Large volumes of sensitive data
If security fails:
- Many users may be affected at once
Data breaches may occur due to:
- Weak access control
- Misconfigured permissions
- Vulnerabilities in cloud services
Because cloud systems are accessible over the internet, they are attractive targets for attackers.
Unauthorised Access
Cloud services rely heavily on:
- User accounts
- Remote authentication
If credentials are compromised:
- Attackers may gain full access
- Data may be copied, modified, or deleted
Weak passwords and poor access management significantly increase risk.
Shared Infrastructure Risks
Cloud providers use shared infrastructure:
- Multiple clients use the same physical hardware
Although isolation mechanisms exist:
- Failures can expose data
- Misconfiguration can affect multiple users
IB students should recognise that shared environments increase potential impact.
Data Location and Legal Issues
In cloud computing:
- Data may be stored in different countries
This creates risks related to:
- Data protection laws
- Legal access by governments
- Compliance requirements
Users may not always know where their data is physically stored.
Availability and Service Outages
Cloud security also includes availability risks.
If cloud services fail:
- Systems may become inaccessible
- Organisations may lose critical services
Causes include:
- Cyberattacks
- Provider outages
- Network failures
Dependence on cloud services increases operational risk.
Insider Threats
Cloud providers employ:
- Administrators with high-level access
Although rare, insider threats can:
- Access sensitive data
- Misuse privileges
Trust in providers does not eliminate insider risk.
Mitigating Cloud Security Risks
Common mitigation strategies include:
- Strong authentication
- Access control
- Encryption
- Regular monitoring
- Backup strategies
IB students should explain that risk is reduced, not eliminated.
Common Student Mistakes
Students often:
- Assume cloud providers handle all security
- Ignore shared responsibility
- Focus only on hacking
- Forget legal and availability risks
Balanced explanations score higher.
How This Appears in IB Exams
IB questions may ask students to:
- Identify cloud security risks
- Explain why cloud systems are vulnerable
- Apply risks to a scenario
- Suggest mitigation strategies
Risk-awareness explanations earn marks.
Final Thoughts
Cloud computing offers flexibility and scalability, but it also introduces risks related to control, access, data breaches, legal issues, and availability. Because users rely on third-party providers, security becomes a shared responsibility.
Understanding cloud security risks allows IB Computer Science students to explain modern computing trade-offs clearly and critically — exactly what examiners expect.
