Skip to main content
  1. Home
  2. Computing

Cloud Computing Could Pose Serious Security Issues

Ian Bell
By
cloud-computing-oracle
Image used with permission by copyright holder

(Editor’s note: This is the second part of a two-part series on addressing security risk on cloud computing. Click here for the first part.)

A few years ago, Google Enterprise president Dave Girouard had his laptop stolen from the trunk of his car at a San Francisco Giants game.

Recommended Videos

But if the thief was looking for information, he would have been disappointed. “There was nothing on that laptop,” he says through a spokesman. “Everything was stored remotely — there was no loss of data, and no loss of productivity.”

Related

Girouard’s story highlights the potential of cloud computing, which experts acknowledge is still in its infancy. And Google’s Eran Feigenbaum advises consumers to “carefully consider to whom they entrust their data, be it on-premise or in the cloud.” But he says that Google is taking steps to ensure the data in their cloud is secure.

“Google has a full-time security team, and we employ some of the top security experts in the world,” Feigenbaum says. “Our operations work at a large scale, allowing our security teams to detect, act upon and resolve a wider variety of security threats than one single company would ever face – sometimes even before the threat is discovered by the antivirus companies.”

“With a traditional software vulnerability, a patch is released and companies typically take 30-60 days to deploy it,” Feigenbaum adds. “During that time, they remain vulnerable. With cloud computing, companies don’t need to patch their own servers. We designed our servers with security in mind from the start, and we can patch them quickly to help ensure our customers are safe.”

Christofer Hoff, director of Cloud and Virtualization Solutions at Cisco Systems, says he understands security concerns from both the business and consumer angles. But he also says the security issues are complex and they will be ironed out, in time.

“For the cloud service provider, there are questions of hardware, facilities, infrastructure, ability to build applications and software. Each of these has trade-offs,” Hoff says. “The business side is still maturing in this market.”

“For the consumer, it comes down to two things: trust and control,” Hoff says. “Cloud computing is about gracefully giving up control while trusting that a provider will exercise the appropriate due diligence and care of your information. The issue of giving up control is an emotional response – in many cases it’s a response formed around the opinion that a provider cannot do as good a job protecting one’s assets. We have to balance between control issues and making sure we have adequate visibility and transparency so that people can trust that the information is safe with these service providers.”

Hoff says these are some of the issues that will be addressed:

  • Privacy standards. “The challenge comes in the way in which these services are delivered,” Hoff says. “Privacy concerns in cloud are not that different from non-cloud service offerings although they are exasperated – because in a single-tenant, non-cloud environment you generally know where information is and how it’s being kept. With lots of different customers, that isolation of that data is appropriately maintained.”
  • Massive amounts of multi-tenancy and massive amounts of scale. “Providers have to manage service and isolation of potentially millions of customers and this presents a challenge as we see infrastructure and applications scale to address consumption at this level,” Hoff says.
  • “You have to take a holistic view (on confidentiality and privacy) and what the policies and service levels are,” Hoff says. “The standards I was talking about were less about regulations and more about open API and interfaces between cloud providers so that you have a choice of providers.”
  • There are 18 different organizations and standard bodies that are coming up with cloud standards and APIs. “That should settle down over time as a normal function of market dynamics and customer demand, but it’s very confusing and difficult at times to determine where to place your bets,” Hoff says.


Cloud Computing as an Operations Model

Amazon Web Services (AWS), which is also working on perfecting its cloud, has a white paper on how it secures its network. Companies that use AWS include ESPN, the New York Times Company and Pfizer, says spokesman Kay Kinton.

When asked about public vs. private clouds, Kinton says, “What we’ve seen dubbed a ‘private cloud’ is really just another form of virtualization and lacks the key benefits of the AWS cloud and Amazon VPC [Virtual Private Cloud]. Virtualization of an existing IT environment still means that you have to deal with the hassles of owning, managing, and operating the hardware – contract negotiations, facilities management, staffing.

“In addition, you still incur all the capital expenditure of owning all of your assets, instead of simply paying as you go,” Kinton adds. “Most important, these types of virtualized environments lack the key benefit of elasticity. With AWS not only can an application scale on demand but when the resources are no longer needed, an enterprise can release them and stop paying for them. It would be very hard for most enterprises to duplicate the scale and heterogeneity of use cases of AWS, and thus to simultaneously maintain high server utilization and the ability to scale up and down instantly.”

“It’s less about ‘what is the cloud?’ then ‘how can I use the cloud?’” Cisco’s Hoff says. “It’s still really early days in cloud computing. The technology is evolving but people are beginning to understand that the cloud is not a technology, it’s an operations model.”

Hoff also adds that Cisco is not looking to compete with companies like Google with its own cloud. Rather, its is focusing on enabling service providers with the infrastructure and solutions needed to deliver secure public cloud services as well as customers to build their own private clouds.

James Zipadelli is a Connecticut-based freelance journalist. He has written for CTNewsJunkie.com, Helium.com and several publications in Boston. You can find him on the Web at www.jameszipadelli.com or on Twitter @redsoxlive.

Editors' Recommendations

Ian Bell
Ian Bell
Publisher
I work with the best people in the world and get paid to play with gadgets. What's not to like?
How to find your computer specs on Windows 11
Windows 11 Woman on Laptop Lifestyle

With more and more people upgrading from Windows 10 to Windows 11, many users are having to adjust to the new layout and style of Windows 11. One feature that's important to be able to locate is the specs of your PC, as being able to see what components you have can help to figure out if you need to upgrade a particular component.

There are a few easy ways to see your PC specs in Windows 11, so here we'll show you how so that you'll be prepared for next time you need to look up some information about your computer.

Read more
How to shut down a computer with keyboard shortcuts
A man using a PC to view an Excel spreadsheet.

There's more than one way to shut down a Windows PC. You don't always have to use a mouse. You can use your keyboard instead. Plus, keyboard shortcuts are faster, easy to learn, and can even help you bypass certain problems if your mouse isn’t working.

Read more
OneDrive is ruining my PC gaming setup
The OneDrive app on a Windows PC.

I don't use OneDrive, but Microsoft is hellbent on making sure I do. When you set up a new PC, OneDrive automatically starts syncing files based on the Microsoft account you sign in with. This isn't normally a problem, but if you're a PC gamer who switches devices often, it can cause quite a headache.

It's not an impossible problem to overcome, and you can always turn OneDrive off. But as someone who bounces around PCs often, I wish that Microsoft's cloud storage service was opt-in instead of opt-out.
Creating conflict

Read more