How badly will recent hacking damage trust in the cloud? - gHacks Tech News

How badly will recent hacking damage trust in the cloud?

It's not been a good few weeks for technology companies with all manner of high-profile hackings being reported, not just on technology websites such as gHacks, but worldwide on the early evening news bulletins. There's no sign things are going to calm down any time soon either with Sony still in the news for tentatively bringing their services back online.

Although the gaming giant has been the largest target of a hacking attack with 100 million people's details stolen, a great many more people have had personal data pilfered from other websites too.

At this point then there are several questions to be asked, primarily of which is will these attacks damage people's trust in cloud services?

It's funny that when you ask people what their perceptions are of the cloud you'll get very different answers. People in business will be most aware of it and thus will probably be most cautious at this stage, especially with companies like Microsoft launching high profile Office collaborations and security products that are entirely cloud-based. If you asked the average man or woman in the street what they thought a cloud service was they might stare back at you blankly.

For most people the Internet is the Internet and while just about everybody on the Internet uses cloud services in one way shape or form, from web-based email to online gaming or social networking, websites are still perceived as separate things to one another. There's no perception of a joined up cloud in people's minds.

This of course is perfectly understandable, up to a point. Facebook, Google, Microsoft, Yahoo, Sony, Amazon and their ilk are all completely separate companies with their own distinct product identities. They don't interact with one another, they don't share any login details and infrastructure... or do they?

This is the thing about cloud services, all we see is the interface in our homes and offices, after that they're vapourware, out in the ether somewhere. We've no idea where and how these services are hosted (with a very few notable exceptions such as Facebook's new server farm). For all we know some of these services are hosted by the same companies in massive server farms where, let's not forget, people can get physical access. How do we know how secure these establishments are? Are they in old nuclear bunkers or warehouses in the arctic circle? Could they be in buildings that are relatively open in the American countryside.

There's a lot of trust placed in users of cloud services about the actual physical location of our personal information. But there's even more trust placed in them about the technology they secure this information with.

Here is where it all becomes exceptionally tricky as there are a limited number of actual technologies these services can run upon and that our data can be secured by, if it's even properly secured at all as we saw with Sony.

Here was a company relying, apparently, on the security of its server platform. Whether this server platform was based on a Windows Server, OS X Server, Apache or other platform remains to be seen, but operating systems are vulnerable and nothing can ever be completely secure.

This is made worse by an unwillingness of these companies to disclose the actual technologies they're using. On the face of it this is perfectly understandable because then hackers and criminals could tailor specific attack methods for specific companies. The bigger problem it poses however is that it prevents users from being able to make informed choices about which companies they're entrusting their data to.

For instance, let's assume for sake of argument that company A is hosting its services in an Apache / PHP based system. We don't know how up to date each software component in this system is. If you are running a huge web service then a wholesale upgrade of a particular software component is much more complex than just running the Adobe Acrobat updater on your PC to plug a security hole. It can take months, or even years to be certain that you won't cause problems with the live service and, thus, your all important revenue stream.

This leaves us potentially with huge numbers of companies running web servers with older and unpatched software on them, just to maintain the status-quo. It's a scary thought and a question that almost never gets asked.

Will the recent hacking attacks damage the reputation, and therefore the uptake, of cloud services? The answer is an undoubted yes but not for the reasons you may originally have thought. Cloud service providers will now have to face the challenge of reassuring us that the server farms and software are up to the job. It's this software that's being attacked, after all.





  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. Anon said on May 15, 2011 at 4:13 pm
      Reply

      I personally hope the cloud never catches up. If it can die a horrible death I won’t complain either.
      My data is sacred, and I have invested for years on keeping it safe using the safest technology. No amount of money I can pay will warrant my data being treated with the same care out of my physical range.

      The convenience of accessing my data anywhere is not worth the possible defects of the cloud: Downtimes, deletions, hacking, etc etc etc.

    2. skywalk said on May 15, 2011 at 5:52 pm
      Reply

      I caring my cloud with me and this is only provider whom i trust,
      all lock an load on WD 500+TrueCrypt.

    3. wrb said on May 15, 2011 at 6:51 pm
      Reply

      The cloud is a tool that’s great for some things but not for everything. Its being pushed by companies so they can harvest the data for profit. The fundamental problem with the cloud is that someone else has control of the data and in most cases uses it for monetary gain. Even if the provider hosting your data does not data mine and is trusted, you still have the problem of security breaches, hardware failure , or someone simply installing a hardware key logger on a device (even a Chrome Laptop). On top of the fundamental problems you also have severe privacy issues that are starting to come up. Most users have no idea what they agree to when they click the ELUA and eventually I think a government is going to step in from anger. Dropbox lied about how it stores user data, Apple lied about its tracking, Google lied about cracking WEP all in a effort to target advertise. Last point: The Amazon cloud with full fail backup (Netflix) is so expensive that most companies can’t even do it which makes very risky. The “cloud” is a revolutionary tool that is great for somethings but not everything. This aspect of “Cloud” computing will never change.

    4. Transcontinental said on May 15, 2011 at 6:57 pm
      Reply

      If you do use the Cloud, at least encrypt and backup (I recall an interesting article from Martin on theses points); I’m afraid the Cloud is one of those modern ideas which as such will have most of its users not bothering for security (besides business, I hope), considering being cautious is an old-school attitude incompatible with the mighty strength of progress …
      No cloud here, not t this time, anyway, if ever.

    5. Rick said on May 16, 2011 at 6:26 am
      Reply

      The cloud is nothing more than online storage relabeled. At least from a marketing perspective, it has worked. Frankly, if I need remote access to my data, I will login to my own server where I can control access (and yes, take the risk that I could be hacked – having said that, one person’s server is less likely to be hit than a brand name one). Oh, and should I say that having a WD Passport 2T drive and a 128G Usb 3.0 drive takes care of most of my traveling needs. See there is thing called technology …..

      For the apps that run from the cloud, this is again nothing more than relabeled remote apps or those from old school, mainframe run applications.

      Once upon a time, all of our computers were really nothing more than terminals running applications off of the mainframe. Then, as our PC’s became more powerful, applications were run from the PC rather than the mainframe.

      Moving backwards doesn’t seem to have much of a future. I guess for those who are running netbooks etc cloud apps might have a market, but again this will be temporary as those small featureless devices become more powerful and don’t need help. Mind you, for almost everything an average user does on a PC, a netbook easily manages the job without cloud assistance.

      Cloud based apps I see as nothing more than an attempt to sell us software on a yearly subscription.

    6. kalmly said on May 16, 2011 at 3:33 pm
      Reply

      I never had any trust in the cloud to begin with.

    7. it said on September 1, 2011 at 5:10 pm
      Reply

      stop the cloud now it is so unsafe and deadly

    Leave a Reply