Why the Cloud is a Security Nightmare

And why you will embrace it

Many large software companies are offering “Cloud” services now. Amazon, Google and Microsoft are just a few of the big name ones. The benefits are obvious, lower IT costs, access to more apps, improved availability and disaster recovery. But just how secure is cloud computing?

When you host your own network, you know the security policies and procedures you use to protect your data. But what about trusting someone else with your mission critical data? Is it a good idea?

A Harris Poll from last year showed that many Americans do not trust the Cloud:

“One of the main issues people have with cloud computing is security. Four in five online Americans (81 percent) agree that they are concerned about securing the service. Only one-quarter (25 percent) say they would trust this service for files with personal information, while three in five (62 percent) would not. Over half (58 perent) disagree with the concept that files stored online are safer than files stored locally on a hard drive and 57 percent of online Americans would not trust that their files are safe online.”

In a Poll of about 14,000 last month when asked “Would you trust an online hard drive?” over 88% said no.

And then there have been data breaches. The large software companies have been under constant barrage by hackers and the hackers have been successful. Google, Yahoo and many other companies were targeted in “Operation Aurora”.  

During the attack hackers stole a program from Google that controls access to most of their programs:

The stolen password system was called Gaia, a reference to the Greek goddess of earth, according to the Times. Besides e-mail, Gaia also governed access to the online services that Google sells to businesses, government agencies and schools.

It just makes sense that with companies moving to the cloud, that hackers will focus more of their attention to attacking it. And if they can compromise cloud based systems, chances are they will have access to the data of multiple corporations instead of just one.

And hackers will leverage the power of the cloud themselves to attack government and enterprise encrypted systems. Recently, it was shown that WPA encryption could be cracked using the computing power of the cloud.

Hackers have been successful in attacking the cloud. In May of last year, the Treasury Department shut down 4 cloud hosted sites, “The hosting company used by BEP had an intrusion and as a result of that intrusion, numerous websites (BEP and non-BEP) were affected.

And just recently a Chinese Trojan was detected that disables cloud based anti-virus.

With all of these concerns about the cloud, why would so many companies be moving to embrace it?

Speed and price is the answer.

According to the recent IT World article titled “The straight talk on IT’s new directions”, the times are changing:

The simple truth is that the focus on the back office — IT’s traditional domain — is over. Companies are tired of paying for what they view as plumbing. Any consideration in the executive suite about the back office and infrastructure is all about making do and cost-cutting. Virtualization and private clouds are investments meant to accomplish this reduction — they’re not new gold mines to enrich IT’s importance.

As a majority of manufacturing jobs have left American shores for cheaper labor costs in China, the same mentality is true with IT. We have seen continuous cut backs across the nation in IT staffing. IT workers once considered mission critical are now considered to be overhead. The draw to the cloud is clear for executives, why keep full time hardware and staff onsite when you can just outsource for a fraction of the cost?

Also, with the cloud, you can have access to powerful systems that many companies could not afford otherwise. Scientists and engineers will enjoy the added power at their disposal. Last year a record was set in Mathematics by using the cloud. Even NASA has its own Cloud Computing platform.

There are great security risks in the cloud. But the speed and cost savings are just too tempting. Soon, cloud computing will be the norm and not the exception. So to borrow a quote from Naval history, with cloud computing it seems to be “Damn the torpedoes, full speed ahead!”

~ by D. Dieterle on January 21, 2011.

One Response to “Why the Cloud is a Security Nightmare”

  1. […] This post was mentioned on Twitter by Chad Choron, Cyber Arms. Cyber Arms said: Why the Cloud is a Security Nightmare, and Why you will Embrace It – http://bit.ly/hQs1CL […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: