New Security Concerns Floating Around in Cloud Computing
Think of the cloud as a central supercomputer that stores both data and applications. Instead of having to spend thousands on state-of-the-art hardware and graphics cards, you can hook into this machine via the Internet, both accessing programs and storing your files with no space limitations. It's not without risks, though.
"It feels like we're starting security all over again with the cloud," says Chris Drake, CEO and founder of FireHost, Inc., a secure Web hosting company. "The cloud has knocked us back to the stone age of security." Don't misunderstand, though; no one is saying that other forms of Web hosting are flawless. But, when your personal data is being held in the same location as thousands of other people's, it's an inviting target for hackers, and a security breach can have much more profound implications. The ultimate security of the cloud really depends on who's the watchdog. Bigger services, such as Google and Amazon.com, have many layers of security and are considered more reputable. But that's not always the case with smaller providers.
The technology has a lot of advantages for business owners. It's a simple solution that is often cost-effective, and that can be upgraded quickly and easily as the business grows – especially during big spikes in sales. Too many of those business owners, though, fail to do their homework when registering with a cloud provider, and neglect to ask whether or not sensitive data can be isolated, or what layers of security are in place.
Symantec and the Ponemon Institute conducted a survey on cloud security in early April, finding that most organizations lack the procedures, policies and tools to ensure that the sensitive information they put in the cloud remains secure. Nearly three-quarters of the 637 companies surveyed did not employ procedures to approve cloud applications that use sensitive or confidential information. Over half of them simply take a provider at its word when it comes to security procedures, never asking for proof or assessing the service themselves. "Cloud computing holds a great deal of promise... but our study reveals a disturbing lack of concern for the security of sensitive corporate and personal information as companies rush to join in on the trend," said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute.
Perhaps the biggest misstep business owners make, though, is failing to inquire about a cloud provider's process of screening its own employees. Admins at cloud companies have significantly more power and access than those at typical hosting companies, so it's critical that they're thoroughly screened. "At the end of the day, it comes down to the human factor," says Drake. "The human factor is still the biggest security threat."
Cloud clients that fail to ask questions are putting their data at risk. And, because there are no logs for individual accounts in a cloud, if there is a breach, the business may find itself unable to answer exactly how it happened. The problem for consumers is that there's no way to tell whether or not that Web site you're using is in turn using one of those smaller cloud providers. Experts say the best way to protect yourself – as luddite as it might sound – is to trust your gut.
"I think generally people have a healthy skepticism and awareness that there are risks, and they need to be aware of those risks. And they need to know who they're dealing with," says John Magee, vice president of product marketing and cloud strategy for Symantec.
Some security programs, like Symantec's Norton 360, monitor Web sites for potential risks, and warn users of red flags. But that's not universal. A burgeoning security method, called Information Dispersal Algorithm (IDA) is adding some additional layers of security, as well. Much like the SSL security on individually hosted sites, IDA dispenses information around the cloud to various drives and servers, making it harder for cyber-thieves to access it. While small business proponents might cringe to hear it, a good way to be safe in the cloud is to avoid buying from smaller sites.
"Consumers can protect themselves by shopping with the big sites that have big security measures," says Drake. "Smaller merchants [using the cloud] have a real trust problem. That's why Amazon is cleaning up."