Cloud Computing Could Pose Serious Security Issues

cloud-computing-oracle

(Editor’s note: This is the second part of a two-part series on addressing security risk on cloud computing. Click here for the first part.)

A few years ago, Google Enterprise president Dave Girouard had his laptop stolen from the trunk of his car at a San Francisco Giants game.

But if the thief was looking for information, he would have been disappointed. “There was nothing on that laptop,” he says through a spokesman. “Everything was stored remotely — there was no loss of data, and no loss of productivity.”

Girouard’s story highlights the potential of cloud computing, which experts acknowledge is still in its infancy. And Google’s Eran Feigenbaum advises consumers to “carefully consider to whom they entrust their data, be it on-premise or in the cloud.” But he says that Google is taking steps to ensure the data in their cloud is secure.

“Google has a full-time security team, and we employ some of the top security experts in the world,” Feigenbaum says. “Our operations work at a large scale, allowing our security teams to detect, act upon and resolve a wider variety of security threats than one single company would ever face – sometimes even before the threat is discovered by the antivirus companies.”

“With a traditional software vulnerability, a patch is released and companies typically take 30-60 days to deploy it,” Feigenbaum adds. “During that time, they remain vulnerable. With cloud computing, companies don’t need to patch their own servers. We designed our servers with security in mind from the start, and we can patch them quickly to help ensure our customers are safe.”

Christofer Hoff, director of Cloud and Virtualization Solutions at Cisco Systems, says he understands security concerns from both the business and consumer angles. But he also says the security issues are complex and they will be ironed out, in time.

“For the cloud service provider, there are questions of hardware, facilities, infrastructure, ability to build applications and software. Each of these has trade-offs,” Hoff says. “The business side is still maturing in this market.”

“For the consumer, it comes down to two things: trust and control,” Hoff says. “Cloud computing is about gracefully giving up control while trusting that a provider will exercise the appropriate due diligence and care of your information. The issue of giving up control is an emotional response – in many cases it’s a response formed around the opinion that a provider cannot do as good a job protecting one’s assets. We have to balance between control issues and making sure we have adequate visibility and transparency so that people can trust that the information is safe with these service providers.”

Hoff says these are some of the issues that will be addressed:

  • Privacy standards. “The challenge comes in the way in which these services are delivered,” Hoff says. “Privacy concerns in cloud are not that different from non-cloud service offerings although they are exasperated – because in a single-tenant, non-cloud environment you generally know where information is and how it’s being kept. With lots of different customers, that isolation of that data is appropriately maintained.”
  • Massive amounts of multi-tenancy and massive amounts of scale. “Providers have to manage service and isolation of potentially millions of customers and this presents a challenge as we see infrastructure and applications scale to address consumption at this level,” Hoff says.
  • “You have to take a holistic view (on confidentiality and privacy) and what the policies and service levels are,” Hoff says. “The standards I was talking about were less about regulations and more about open API and interfaces between cloud providers so that you have a choice of providers.”
  • There are 18 different organizations and standard bodies that are coming up with cloud standards and APIs. “That should settle down over time as a normal function of market dynamics and customer demand, but it’s very confusing and difficult at times to determine where to place your bets,” Hoff says.


Cloud Computing as an Operations Model

Amazon Web Services (AWS), which is also working on perfecting its cloud, has a white paper on how it secures its network. Companies that use AWS include ESPN, the New York Times Company and Pfizer, says spokesman Kay Kinton.

When asked about public vs. private clouds, Kinton says, “What we’ve seen dubbed a ‘private cloud’ is really just another form of virtualization and lacks the key benefits of the AWS cloud and Amazon VPC [Virtual Private Cloud]. Virtualization of an existing IT environment still means that you have to deal with the hassles of owning, managing, and operating the hardware – contract negotiations, facilities management, staffing.

“In addition, you still incur all the capital expenditure of owning all of your assets, instead of simply paying as you go,” Kinton adds. “Most important, these types of virtualized environments lack the key benefit of elasticity. With AWS not only can an application scale on demand but when the resources are no longer needed, an enterprise can release them and stop paying for them. It would be very hard for most enterprises to duplicate the scale and heterogeneity of use cases of AWS, and thus to simultaneously maintain high server utilization and the ability to scale up and down instantly.”

“It’s less about ‘what is the cloud?’ then ‘how can I use the cloud?’” Cisco’s Hoff says. “It’s still really early days in cloud computing. The technology is evolving but people are beginning to understand that the cloud is not a technology, it’s an operations model.”

Hoff also adds that Cisco is not looking to compete with companies like Google with its own cloud. Rather, its is focusing on enabling service providers with the infrastructure and solutions needed to deliver secure public cloud services as well as customers to build their own private clouds.

James Zipadelli is a Connecticut-based freelance journalist. He has written for CTNewsJunkie.com, Helium.com and several publications in Boston. You can find him on the Web at www.jameszipadelli.com or on Twitter @redsoxlive.

Mobile

Looking Glass owners will soon be able to get more holograms on Vimeo

We're inching closer to recreating the iconic scene in Star Wars of Princess Leia calling out to Obi-Wan for help. A Brooklyn company has created the Looking Glass, a holographic display that lets you see 3D content without a headset.
Mobile

Instagram tool accidentally exposes user passwords. Were you affected?

Instagram's Download Your Data tool accidentally exposed the passwords of a small number of users. Here is the explanation on what happened, and how to find out which Instagram accounts were compromised.
Computing

An IP address vulnerability took down some Google services for 1 hour

It might have been for just a brief hour, but some of Google's services went down on November 12. Caused by an improper rerouting of IP addresses and traffic away from usual western sources, Spotify and Google Cloud were impacted.
Computing

Will Chrome remain our favorite web browser with the arrival of newest version?

Choosing a web browser for surfing the web can be tough with all the great options available. Here we pit the latest versions of Chrome, Opera, Firefox, Edge, and Vivaldi against one another to find the best browsers for most users.
Computing

Cloudflare’s privacy-enhancing 1.1.1.1 DNS service comes to iOS and Android

Cloudflare's 1.1.1.1 DNS resolver service has been ported to mobile devices, and now anyone with an Android or iOS device can download it for free to take advantage of its speed and privacy-boosting features.
Cars

Infiniti is using Formula One racing to hone its hybrid skills

Infiniti is partnering with the Renault Sport Formula One team, and not just to put sponsor stickers on the race cars. The luxury brand claims its engineers are working with their F1 counterparts to develop future hybrid tech.
Gaming

Blizzard Co-Founder Allen Adham says ‘we have not forgotten’ core Diablo fans

Blizzard fans are skeptical of 'Diablo Immortal,' but company co-founder Allen Adham is confident players will like it when they play it. He told us that multiple Diablo projects are underway and hinted at end-game content in 'Diablo…
Computing

Privacy is becoming obsolete, but not everyone thinks you should fear its demise

As technologies like Alexa and Siri that require more information about us continue to develop, is privacy going to fall at the wayside, or can we take back control of our data to retain our privacy?
Emerging Tech

To make more room for livestock, the Dutch will moove cows to a floating farm

A Dutch company is developing a floating dairy farm, which they hope to use as a proof-of-concept for future agricultural systems. The farm will use automated cleaning and milking robots, while recycling waste into fertilizer.
Emerging Tech

Driverless cars can only take you so far. This is how smarter cities are being built

Companies and municipalities came together at the annual Smart Mobility Summit, to share new technologies for building smarter cities. They also offered insight into the challenge cities face.
Opinion

As Amazon turns up the volume on streaming, Spotify should shudder

Multiple players are all looking to capitalize on the popularity of streaming, but it has thus far proved nearly impossible to make a profit. Could major tech companies like Amazon be primed for a streaming take-over?
Movies & TV

‘What We Do In The Shadows’ turns Jemaine Clement into a creature of the night

With a career as unique as the man himself, Jemaine Clement’s star is still rising. From his HBO show (and band) Flight of the Conchords to his TV spinoff of What We Do in the Shadows, we dig deep into the funnyman’s many roles.
Gaming

The history of Battle Royale: From mod to worldwide phenomenon

Battle royale games like PlayerUnknown's Battlegrounds’ and Fortnite have become the biggest trend in video games. The genre is also pushing the envelope in streaming and eSports in a way that might hint at the future of the industry.
Emerging Tech

Michigan’s former transportation chief has some advice for wannabe smart cities

After 31 years as Michigan’s transportation director, Kirk Steudle has seen it all, particularly with smart city projects. He spoke with Digital Trends recently about what makes smart cities work, and offers advice along the way.