The perils of the cloud
20 March 2009
Google recently confirmed that a bug in their Docs service had exposed documents to unauthorized users. There is no official word on how long the problem continued before it was fixed.
This lapse is surely a sign of things to come. The momentum behind migration into the cloud can only increase in the next few years - hosted services are now in the rare position where their offering is often both cheaper and better than their competition. However, this compelling business case is counter-balanced by a complex set of security considerations. A scenario like the Google Docs problem, where confidential information hosted in a service cloud is exposed, is the most obvious concern. Ultimately, the risk involved in pushing data into the cloud hinges on one difficult question: what is the likelihood that a problem like this will affect your data? Direct assessment is usually out of the question - the infrastructure involved is deliberately opaque to users, and can usually not be subjected to inspection and testing. Also, online services are continually updated, so an assessment made today could be out of date tomorrow. The unsatisfactory result of all this is that organisations will usually have to fall back on a simple analysis of publically released vulnerabilities to come to a conclusion on the security of a cloud service.
As the large-scale migration to the cloud continues, we can expect many more high-profile mis-steps in the next few years.