Many commentators (including me) have called Cloud Computing the way of the future. Indeed, I still believe that is true; however, a new wrinkle has come up with regard to the cloud’s security.
The general security issues involved with cloud computing have been widely discussed. The cloud makes enormously lucrative targets for hackers, thieves and enemies. Cyber malefactors can easily see the potential in getting access to large centralized concentrations of data, often from multiple entities all in “one place.” Getting inside such a target has phenomenal incentives, and when they have sufficient incentives, the bad guys seem able to do almost anything.
Despite that, the huge benefits of cloud computing outweigh the dangers. It saves money; it simplifies each company or agency IT structure and personnel; heck, it’s even Green. It does this by taking large individual data centers out of population areas and puts them in places where energy is cheap and water for cooling is plentiful, which reduces the need for multiple centers. Then look at how the cloud can improve efficiency – keeping security upgrades current, giving access to the best apps, and making sure every customer has the computing power they need when they need it and not only when it is unused.
In these last few benefits are where the problem comes up. It seems hackers are using the computing power of the cloud to do bad things. Instead of laboriously working through passwords trying to crack them, hackers have used cloud providers’ linked virtual networks to apply enormous computing power to break the codes. The have also used cloud providers to form botnets for Distributed Denial of Service (DDoS) attacks and spam distribution.
The problem with freedom is that everyone gets to use the good stuff, both the good guys and the bad. There are some who have called for shutting down clouds (such as Google’s) until we sort this out. That is absurd, and it will never happen. The key lies in securing the cloud.
I have said before that cloud provider companies are the main center of gravity. If they are strong, capable and vigilant, cloud computing will greatly enhance the cyber world. If they are weak, incompetent and lazy, the results will be disastrous. Some of my previous postings have called for cloud customers to be extra careful and ensure they check their provider’s capabilities, strengths and weaknesses. Today, I am calling for a preemptive effort by big provider companies to set standards so their clouds are not misused by bad guys. It will be a tough job policing customers, and it might even cost money. If they don’t do it independently, however, we’ll have legislation that will undoubtedly by more onerous and less effective.
Cloud customers, you still need to watch to whose cloud you entrust your data and application, but providers, you need to be sure of who you allow to join your cloud community. This is not a time to be greedy or competitive; early on, we must be cognizant of the cost we will pay if we allow the benefits of cloud computing to be hijacked by the bad guys.