How badly will recent hacking damage trust in the cloud?
It's not been a good few weeks for technology companies with all manner of high-profile hackings being reported, not just on technology websites such as gHacks, but worldwide on the early evening news bulletins. There's no sign things are going to calm down any time soon either with Sony still in the news for tentatively bringing their services back online.
Although the gaming giant has been the largest target of a hacking attack with 100 million people's details stolen, a great many more people have had personal data pilfered from other websites too.
At this point then there are several questions to be asked, primarily of which is will these attacks damage people's trust in cloud services?
It's funny that when you ask people what their perceptions are of the cloud you'll get very different answers. People in business will be most aware of it and thus will probably be most cautious at this stage, especially with companies like Microsoft launching high profile Office collaborations and security products that are entirely cloud-based. If you asked the average man or woman in the street what they thought a cloud service was they might stare back at you blankly.
For most people the Internet is the Internet and while just about everybody on the Internet uses cloud services in one way shape or form, from web-based email to online gaming or social networking, websites are still perceived as separate things to one another. There's no perception of a joined up cloud in people's minds.
This of course is perfectly understandable, up to a point. Facebook, Google, Microsoft, Yahoo, Sony, Amazon and their ilk are all completely separate companies with their own distinct product identities. They don't interact with one another, they don't share any login details and infrastructure... or do they?
This is the thing about cloud services, all we see is the interface in our homes and offices, after that they're vapourware, out in the ether somewhere. We've no idea where and how these services are hosted (with a very few notable exceptions such as Facebook's new server farm). For all we know some of these services are hosted by the same companies in massive server farms where, let's not forget, people can get physical access. How do we know how secure these establishments are? Are they in old nuclear bunkers or warehouses in the arctic circle? Could they be in buildings that are relatively open in the American countryside.
There's a lot of trust placed in users of cloud services about the actual physical location of our personal information. But there's even more trust placed in them about the technology they secure this information with.
Here is where it all becomes exceptionally tricky as there are a limited number of actual technologies these services can run upon and that our data can be secured by, if it's even properly secured at all as we saw with Sony.
Here was a company relying, apparently, on the security of its server platform. Whether this server platform was based on a Windows Server, OS X Server, Apache or other platform remains to be seen, but operating systems are vulnerable and nothing can ever be completely secure.
This is made worse by an unwillingness of these companies to disclose the actual technologies they're using. On the face of it this is perfectly understandable because then hackers and criminals could tailor specific attack methods for specific companies. The bigger problem it poses however is that it prevents users from being able to make informed choices about which companies they're entrusting their data to.
For instance, let's assume for sake of argument that company A is hosting its services in an Apache / PHP based system. We don't know how up to date each software component in this system is. If you are running a huge web service then a wholesale upgrade of a particular software component is much more complex than just running the Adobe Acrobat updater on your PC to plug a security hole. It can take months, or even years to be certain that you won't cause problems with the live service and, thus, your all important revenue stream.
This leaves us potentially with huge numbers of companies running web servers with older and unpatched software on them, just to maintain the status-quo. It's a scary thought and a question that almost never gets asked.
Will the recent hacking attacks damage the reputation, and therefore the uptake, of cloud services? The answer is an undoubted yes but not for the reasons you may originally have thought. Cloud service providers will now have to face the challenge of reassuring us that the server farms and software are up to the job. It's this software that's being attacked, after all.Advertisement