Barney's Blog

Blog archive

Am I Wrong About Cloud Security?

If you're like me you are frustrated that after years -- in fact, decades -- of fighting hackers and building all manner of security software, we are still way to vulnerable. In fact I don't feel one bit safer.

It's kind of like the arms race -- there are more and more hackers with more and more tools. And it's far too easy for script kiddies to get a hold of malware, make a little tweak and set off on a new attack. And criminal and political (countries and movements) hackers are more organized and better backed. All the security companies can do is to keep up.

I wrote about this recently and made the observation that moving apps and data to the cloud may be safer. A lot of the OS-based vectors such as Windows DLL would presumably be entirely closed.

Wow, did I get slapped upside the head by you, the loyal reader. Despite the ringing in my ears, I still think the theory has merit. I've never had any of my data in the cloud or Web apps compromised. Maybe I'm just lucky.

Still, I always think reader reaction to what I say is far more important that one I say. If you agree, you can follow the original point and the pounding that followed here.

Is the cloud more stable? Wow, did I get nailed.

Posted by Doug Barney on 12/05/2012 at 1:19 PM

comments powered by Disqus

Reader Comments:

Tue, Dec 11, 2012 Andre Vermont

I am disturbed when I read about some of the breaches because it seems like their security pros should have been able to do better. That does concern me and it does make me want to limit my exposure to the cloud in some areas because I am not sure just how much I can trust them. I use online backup but not the consumer grade stuff and I believe that the encrypted files I put out there will not be easily accessible. I am less sanguine about other services and at present that is our only exposure to the cloud. I have also evaluated some of the offerings such as hosted email and found that, for a small business, the cost savings may not be there and wonder if the security really is either. There is the other issue of the outages that occur often enough to make me glad that our email is in house.

So, safer, more secure? I am not sure about that. Waiting for more evidence one way of the other.

Thu, Dec 6, 2012 Tom Ohio

What's the saying? "Don't put all of your eggs in one basket." That basket is the Cloud

Wed, Dec 5, 2012

I'd never been hacked at work until recently either. We thought we were in pretty good shape until what appears to be a "sponsored organization" walked in. Although we got off easy, it could have been disastrous. I don't see the "cloud" being any different. You're still running some OS underneath it all which will have vulnerabilities and people running those systems who, being human, make mistakes. Just because it hasn't happened yet, doesn't mean it won't. I have to take a page from the motorcyclists' book. There's two kinds of bikers: Them that have been down and them that are going down.

Wed, Dec 5, 2012 Chris F Redmond, WA

Guess you didn't hear about Wired Magazine's Mat Honan's epic adventure this past summer. All of his hacked accounts were in the cloud. His data was not safe... Sure, utilizing cloud will in theory prevent some exposure and potentially will deploy best practices adoption, but it can introduce even more avenues of concern. The rags are full of incidents of data loss and theft in high profile companies. Putting your company's data in a high-profile target does indeed add some risk.

Wed, Dec 5, 2012 Matthew Borcherding San Jose, CA

Cloud service providers may be better at security than an in-house solution, but maybe not. Cloud setups should have economies of scale, and should encourage cloud providers to utilize security experts to harden their systems. But that doesn't mean they actually do that. Better security costs time and money. It requires discipline at all IT levels. And they're trying to keep their systems at least somewhat friendly to use. Cloud providers are out to keep their costs low, just as with any company. So security may not be as good as they claim. It may be far worse than they claim. And as a client/end user, you have little ability to determine if a cloud provider is actually taking security serious or not. I'm not saying don't use cloud providers -- just know what you're buying.

Wed, Dec 5, 2012 Dan Iowa

I think hackers are evolving. Why spend so much effort trying to guess people's passwords when you can just bring up a cloud service that does the same thing? Apparently all you have to do is offer a service that has a page that asks for your data. The Doug Barney's of the world will just enter the data. Ok... I admit that's a bit silly! We all know that if you put your data in the cloud and it's compromised the cloud provider will just tell you that, right? Right! Doug, What data have you put in the cloud that can be compromised? With so many announcements of compromises, it seems odd that you would suggest it isn't a problem.

Wed, Dec 5, 2012 Bruce

The problem with the cloud is that a cloud services provider is a much more attractive target for hackers. Swiping the user ids and passwords of a cloud service gets a hacker a bigger payload than spending the effort to get through the firewall of a 600 employee business. Combine that with the impossibility of getting a services contract that appropriately transfers risk to the cloud services provider (in the case of protected health information, for example) and there is no way that I wouldn't be losing sleep over it. It is unlikely that we could get a reasonably priced cloud services provider to even sign our HIPAA compliant BAA with potentially billions of dollars of penalties in the case of a breach.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.