From your personal banking records to your company’s intellectual property and confidential information, data security was easier to oversee before so much of our world moved online and into The Cloud. But the convenience of cloud computing is intoxicating, and we’re all living in the cloud more and more every day, both at work and at play.
Unfortunately, with convenience comes exposure. The headlines are rife with cautionary tales of personal identity theft and corporate data breaches, and hackers show no signs of slowing their efforts to get their hands on sensitive information. So, just how dangerous is the cloud? Is cloud computing enabling cybercrooks, making it easier for them to practice their nefarious trade? At focus.com, folks tackled the topic of cybercrime in the cloud when answering the question “Does the accessibility of cloud computing make hacking easier?”
Industry analyst James McGovern goes “out on a limb” (albeit a strong limb on an old-growth trunk), and says yes. He is of a mind that the cloud makes hacking easier “on several fronts”—not the least of which saves ne’er-do-wells a good deal of time and trouble. Cybercrooks, it seems, enjoy the convenience of one-stop online shopping when laying the groundwork for an assault. McGovern asserts: “The ability for a hacker to spin up a couple of thousand instances using a stolen credit card to do a brute force attack is certainly easier than finding a thousand PCs to turn into zombies via writing custom viruses.”
Glen Marshall, principal at Grok-A-Lot, sees the situation differently. He believes cloud computing doesn’t make hacking easier, it “just introduces new risks that proper risk management would identify.” Phil Wainewright, CEO of Procullux Ventures, seconds Marshall’s no vote, but for a different reason. Wainewright proffers that the sheer accessibility of cloud computing increases the likelihood of hacking attempts, yet also notes that “the operators of cloud computing assets [are] more wary and alert against hacking attempts.” The net effect, then, is that it’s “harder to hack cloud computing—unless you’re hacking a cloud computing operator that doesn’t have a clue what it’s doing.”
Not quite fitting into the straightforward ‘yes/no’ camps, BrainWave Consulting’s Andrew S. Baker steered the conversation in another direction. As he sees it, cloud computing doesn’t make hacking easier per se, but it does make for a more desirable target. “Internet-accessible systems can be attacked remotely,” he explains. “What they contain, or the purpose they serve, won’t necessarily make them easier to hack, but might make it more desirable to attack them, due to the greater potential payoff.”
Baker notes that we’re seeing more attacks on cloud computing because attacks in general are on the rise: “Even if we never moved beyond basic web hosting and collocation services, we’d be seeing a lot more cyberattacks, because there is still money to be made by doing it, and it’s still relatively difficult to catch the attackers.”
OK, so the jury’s out—but one message is clear: When it comes to keeping data safe, as Baker says, “Ongoing vigilance is required, whether or not one embraces the cloud.” Marshall agrees, and puts the onus of responsibility squarely at the cloud provider’s doorstep: “It is still up to a cloud-based service provider to protect itself based on identified risks, just as the same service provider would need to do in a non-cloud environment. The tooling may be different, but the business risk management obligations remain the same.”
Finally, FiveCubits’ Jeff Gullang reminds us that, as is the case with most technology, end-users are often the weakest link. “Everyone knows someone who keeps their password on a sticky note in the third drawer, or wherever else, and half have ‘password12345’ as their log-on,” he says. “The system is strong except for its weakest part: users.”