Can The Cloud Survive More Security Breaches In 2012?

Cloud Security

Let’s be totally pragmatic. There is a four letter word associated with cloud computing and that word is risk. The cloud is still cutting its milk teeth and being in its infancy is discovering the hard way that fire is hot, glass is sharp, etc. The last two years or so have seen some pretty serious cock ups from organisations that we did not expect to drop the ball.

Security Failures

Health Net in the US reported that an unencrypted portable storage device was missing, containing seven years’ worth of financial and medical information on 1.5 million customers; Hackers stole the credit card details of its online gaming customer base; Amazon’s cloud servers curled up their little toes and severed services to the likes of Reddit and Foursquare; cloud data centres in Europe run by Amazon and Microsoft were taken off-line by lightning; Google Docs and Microsoft Office 365 suffered outages; Blackberry’s servers went belly up leaving millions of users not being able to get their Crackberry fix. All sad and sorry tales.

Worldwide the most commonly used TLA (three letter acronym) in 2011 was WTF! as people stared at blank screens. If 2011 was not a good year for technology, then while we are in pragmatic mode we might as well admit that there’s more than a good chance that malodorous solids will hit rotating blades in 2012.

Dramatic Rise In Security Breaches

Alistair Croll writes in Information Week: “There was a dramatic rise in the number of publicized security breaches in 2011. Whether this was simply a matter of better detection, increased reporting, or a rise in actual attacks is still a subject for discussion, but one thing that has changed is the attack surface.

Hackers are no longer satisfied to shoulder-surf and socially engineer their way into a single organization. Rather, they’re finding their way into public computing systems and using what they discover to launch more targeted, more precise, and harder-to-detect attacks.”

He goes on to say:” Something’s got to give. And in 2012, it will. We’ll see at least one spectacularly messy leak and, of course, we’ll blame the cloud. After all, that’s what made the attack possible. And that’s where the breach happened. Rather than focus on the problems behind the attack–zero-day exploits, poor password behavior, naive mobile users–we’ll once again debate whether clouds are secure.”

Human Frailty

And that is the nub of the problem. It’s not necessarily the technology that drives cloud computing that is at fault but rather the human frailty behind it. You only have to follow someone on Facebook and discover that they have a cat called Tiddles and odds on you have that person’s password!

Ultimately it is much more than being able to hack someone’s password and empty their bank account. It is about the fact that the next major global crap fight will probably take place without a shot being fired. Western networks are constantly being probed by security forces in China, Russia, North Korea and maybe even Tierra del Fuego to see if they can access the systems that control our vital infrastructure. Don’t get outraged, we are doing it to them, too!

Serious Message

For a lighthearted look at how the possible fire sale will affect nations watch Die Hard 4 (I love the bit when Willis takes out the airborne helicopter with a police car) and realise that beneath the Brucie Bravado there is a pretty serious message. Which is why if/when there is another cloud failure I won’t exactly be shouting “come on in, the effluent’s lovely” but I will see it as a lesson to be learnt for making our networks and systems more robust.

It may be corny, but take heart in the old saying what doesn’t kill you makes you stronger.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Kevin Tea is a journalist and marketing communications professional who has worked for some of the leading blue chip companies in the UK and Europe. In the 1990s he became interested in how emerging Internet-based technologies could change the way that people worked and became an administrator on the Telework Europa Forum on CompuServe. With other colleagues he took part in a four year European Commission sponsored project to look at the way that the Internet could benefit remote communities. His blog is a resource for SMEs who want to use cloud computing and Web 2.0 technologies.