November 27, 2012
The attack on Wired senior writer Matt Honan’s virtual world, pointed out there are certainly holes in the system. These security issues not only affect businesses but individuals as well. Unfortunately, after a recent poll, 39 percent of the businesses surveyed responded their move to the cloud has had a negative affect on their business.
Where are the Holes in the Cloud?
The skeptics of the cloud were given even more reason to worry after Matt Honan’s story came out. Using social sites and other clever maneuvering, a hacker managed to wreak havoc on a number of the “Wired” journalist’s accounts. After talking to an Amazon technical support representative, the hacker managed to get the last four digits of the journalist’s social security number. After accomplishing this feat, he then went onto use this information to fool an Apple representative into thinking he was Honan. He was then given a replacement password to get temporary custody over Honan’s e-mail account. Once the hacker had this information, he deleted Honan’s Gmail account and then permanently reset his Twitter and his Apple IDs. He then went onto wipe out his iPhone, MacBook and iPad – all from a remote distance.
The good thing that came from all this is that Amazon and Apple have found and closed the holes in their security that allowed the hacker to get to this information. But it still leaves skeptics wondering just how secure the cloud is.
Who is Getting into the Cloud?
Out of 4,000 businesses that were polled, 80 percent said they were planning to entrust their confidential and sensitive information to the cloud. About half of these businesses and IT managers have already begun to make the move. Most of the others will be doing so over the next two years. The United States government is one of those making the move. This is expected to cut costs and make the system more responsive. The Federal CIO, Vivek Kundra, is aiming to save the government money by moving $20 billion of the $80 billion the federal government budgets for IT expenditures to the cloud.
You Always Need to Take Responsibility for Your Own Data
With 39 percent of businesses expressing the move to the cloud has had a direct, negative affect on their businesses’ security, it seems obvious there is a crack in the system somewhere. One of the problems may be that around two-thirds of the organizations that move sensitive data to the cloud are under the impression their service providers are responsible for the protection of their data. Also, a good portion of the organizations moving to the cloud have no idea what precautions have been put in place to actually protect their data.
It is estimated only about half of the organizations that move to the cloud put some type of encryption on their information before they move it. The rest just relies on the encryption security the cloud has to offer. What needs to be understood is that no matter where your information is stored, it is still your information. Whether it is on your servers or on the cloud, you still need to be responsible for ensuring its security.
When moving to the cloud, you need to take a look at default passwords, misconfigured systems, shared accounts plus the other problems that have constantly plagued IT. You cannot assume your service provider secures your data. You have to take responsibility for securing the information yourself.
Containing the Backlash
It is already a concern that, as the federal government moves more of its information to the cloud, there may be more of social engineering attacks. The bigger your company is, the greater the probability you will fall victim to an attack. On the positive side, larger organizations have more opportunities to be prepared for these attacks and take better precautions by having safeguards in place. This will make an attack more difficult, even though two of the largest organizations, Apple and Amazon, were vulnerable enough to let a hacker get to Honan’s private information.
With the U.S. government’s move to the cloud, there is certainly a need to tighten security. Cybersecurity among U.S. federal government agencies has, unfortunately, been found to be under-secured and not up to par. The Government Accountability Office, along with other internal inspectors, has audited the security and found some vulnerabilities in the system.
There is No Such Thing as Absolute Safety
There are companies that offer data security in the cloud, but the cloud and its security are still in their infancy and you cannot really be sure of exactly what is going to work. There is still quite a ways to go before you can adopt methodologies and technology that are absolutes in the cloud security arena.
Charles Dearing is a cloud-hosting specialist. He enjoys writing on web hosting websites and blogs about his experiences with using the cloud.