Why the Cloud is a Security Nightmare

And why you will embrace it

Many large software companies are offering “Cloud” services now. Amazon, Google and Microsoft are just a few of the big name ones. The benefits are obvious, lower IT costs, access to more apps, improved availability and disaster recovery. But just how secure is cloud computing?

When you host your own network, you know the security policies and procedures you use to protect your data. But what about trusting someone else with your mission critical data? Is it a good idea?

A Harris Poll from last year showed that many Americans do not trust the Cloud:

“One of the main issues people have with cloud computing is security. Four in five online Americans (81 percent) agree that they are concerned about securing the service. Only one-quarter (25 percent) say they would trust this service for files with personal information, while three in five (62 percent) would not. Over half (58 perent) disagree with the concept that files stored online are safer than files stored locally on a hard drive and 57 percent of online Americans would not trust that their files are safe online.”

In a Poll of about 14,000 last month when asked “Would you trust an online hard drive?” over 88% said no.

And then there have been data breaches. The large software companies have been under constant barrage by hackers and the hackers have been successful. Google, Yahoo and many other companies were targeted in “Operation Aurora”.  

During the attack hackers stole a program from Google that controls access to most of their programs:

The stolen password system was called Gaia, a reference to the Greek goddess of earth, according to the Times. Besides e-mail, Gaia also governed access to the online services that Google sells to businesses, government agencies and schools.

It just makes sense that with companies moving to the cloud, that hackers will focus more of their attention to attacking it. And if they can compromise cloud based systems, chances are they will have access to the data of multiple corporations instead of just one.

And hackers will leverage the power of the cloud themselves to attack government and enterprise encrypted systems. Recently, it was shown that WPA encryption could be cracked using the computing power of the cloud.

Hackers have been successful in attacking the cloud. In May of last year, the Treasury Department shut down 4 cloud hosted sites, “The hosting company used by BEP had an intrusion and as a result of that intrusion, numerous websites (BEP and non-BEP) were affected.

And just recently a Chinese Trojan was detected that disables cloud based anti-virus.

With all of these concerns about the cloud, why would so many companies be moving to embrace it?

Speed and price is the answer.

According to the recent IT World article titled “The straight talk on IT’s new directions”, the times are changing:

The simple truth is that the focus on the back office — IT’s traditional domain — is over. Companies are tired of paying for what they view as plumbing. Any consideration in the executive suite about the back office and infrastructure is all about making do and cost-cutting. Virtualization and private clouds are investments meant to accomplish this reduction — they’re not new gold mines to enrich IT’s importance.

As a majority of manufacturing jobs have left American shores for cheaper labor costs in China, the same mentality is true with IT. We have seen continuous cut backs across the nation in IT staffing. IT workers once considered mission critical are now considered to be overhead. The draw to the cloud is clear for executives, why keep full time hardware and staff onsite when you can just outsource for a fraction of the cost?

Also, with the cloud, you can have access to powerful systems that many companies could not afford otherwise. Scientists and engineers will enjoy the added power at their disposal. Last year a record was set in Mathematics by using the cloud. Even NASA has its own Cloud Computing platform.

There are great security risks in the cloud. But the speed and cost savings are just too tempting. Soon, cloud computing will be the norm and not the exception. So to borrow a quote from Naval history, with cloud computing it seems to be “Damn the torpedoes, full speed ahead!”

Top Military News and Tech Review – October 17th, 2010

Russian Stealth Fighter PAK-FA. This video is of the 16th flight of the prototype Sukhoi T-50 Russian fighter.

Military Tech News from around the Web

WikiLeaks Set to Release 400,000 Secret Iraq War Docs
The release, which could come as early as Sunday, will be the whistleblower website’s largest publication of classified materials to date, far exceeding its release in July of 77,000 U.S. military documents on the war in Afghanistan.

New Iron Man suit is faster, stronger than predecessor
A new second-generation exoskeleton robotic suit developed for the military – and deemed the closest thing to a real-life Iron Man costume – was unveiled on Monday during a demonstration with Paramount Home Entertainment.

NKorea Jamming Device A New Security Threat
A North Korean jamming device capable of disrupting guided weapons poses a fresh threat to South Korea’s security, the South’s defence chief said on Tuesday.

Army Reveals Afghan Biometric ID Plan; Millions Scanned, Carded by May
Scanning prisoners’ irises is just Step 1. In Afghanistan, local and NATO forces are amassing biometric dossiers on hundreds of thousands of cops, crooks, soldiers, insurgents and ordinary citizens. And now, with NATO’s backing, the Kabul government is putting together a plan to issue biometrically backed identification cards to 1.65 million Afghans by next May.

DARPA plans tools to lighten load of battlefield data
The Defense Advanced Research Projects Agency’s Insight program plans to create an automated system that helps human analysts by blending together sensor feeds from a variety of platforms and sources.

Exoskeletons, Robo Rats and Synthetic Skin: The Pentagon’s Cyborg Army
Eyes that are alert and steady. Skin that’s sensitive to the touch. Arms that bend and grasp. To an unknowing observer, troops in the next-generation military might look much like today’s.

But those eyes are veiled by self-assembling contact lenses that transmit text messages and take blood pressure readings. That skin is made up of nanowires laid onto flexible rubber. And the arm underneath? A prosthetic — controlled by brain implant.

Marines harness the sun
Company I of the 3rd Battalion, 5th Marine Regiment, based at Camp Pendleton, Calif., will deploy with seven Ground Renewable Expeditionary Energy Systems (GREENS). Produced by the Naval Surface Warfare Center’s Carderock Division in Maryland, each GREENS can provide up to 300 watts of power, making it an alternative to a small conventional generator.

Self-Aiming Sniper Rifles Coming Next Year
Using the One-Shot system, under development by the Defense Advanced Research Projects Agency (DARPA), a new electro-optical system will calculate the ballistics for him, telling him where to aim and ensuring a perfect shot — no matter the weather conditions.

The Future Today: Robot Jetpacks in the Works
The Martin Aircraft Company, makers of the world’s only commercial jetpack, has built an unmanned version of the device that can be launched from the back of a pickup truck, ferry supplies to troops, monitor a battlefield, and even scan a war zone for improvised explosive devices.

Russia Vows to Help Venezuela Build Nuclear Power Plant
Venezuelan President Hugo Chavez reached a deal with Russia on Friday to build the South American country’s first nuclear plant, as questions arose why a nation rich in oil and gas would feel the need to venture into nuclear energy.

Microsoft wants to add Billions of Clients to your Network

That’s the news from Microsoft last week during the Embedded Systems Conference in San José, California. Windows 7 Embedded Standard 7 is now in the RTM stage. This means a whole lot more devices will be available for network connectivity. According to an article on The Register, IT professionals will be ‘blessed’ with the ‘opportunity’ to connect and mannage these devices.

“For an IT professional, it’s now becoming critical that you think through how to be able to manage, provision, monitor, and provide security to [embedded] devices just like you do today with a laptop or a PC,” says Kevin Dallas, GM of Microsft’s embedded unit. “That’s the radical change that is starting to happen, and that’s the future that we’re building to.”

Dallas’ suggestion that you add embedded devices to your worry list is due to the fact that Windows Embedded Standard 7 is in essence a “componentized” version of Windows 7 that can provide all the internet connectivity of that operating system. And when your share of billions of internet-capable embedded devices start to communicate with your company’s servers, you’ll be the one who’ll be told to manage them.

Estimates are that their will be around 15 billion embedded devices by 2015 and 40 billion by the year 2020. Windows 7 Embedded is actually Windows 7 broken down into a couple hundred components that vendors can pick and choose from to create custom solutions. This includes network and SQL connectivity.

“All the benefits of Windows 7 in the PC, laptop, netbook, and server arena can now be extended into the specialized devices space, into the embedded space.”

The good news, from Dallas’ point of view, is that since Windows Embedded Standard 7 is at heart Windows 7, all of the Microsoft back-end services that IT pros now use will be available to manage embedded devices.

“These devices need to connect seamlessly to back-end services. These services can range from management, to System Center, be able to participate in an Active Directory so you can set policies, you can push out software updates,” Dallas said.

I hope Microsoft really focuses on security with Windows Embedded 7. Some nefarious groups may be salivating at the chance of multiple new targets on your network running a componentized version of an operating system. Especially with the fact that Internet Explorer was recently hacked in two minutes at a security conference. I am curious too how the units will get Windows updates and security patches….

But if they do it right, Windows 7 Embedded clients will have a much smaller attack surface and be more secure than a standard pc. Time will tell. For more information see The Register.