digg

Facebook Connect Join Digg About
See the original image at technologyreview.com

How Secure Is Cloud Computing?

technologyreview.com Cloud computing services, such as Amazon's EC2 and Google Apps, are booming. But are they secure enough? Friday's ACM Cloud Computing Security Workshop in Chicago was the first such event devoted specifically to cloud security.

Who dugg this? Made popular 12 days ago

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

59 Comments

show profanity settings
expand all
  • cubicledrone, on 11/17/2009, -2/+18There's no such thing as "cloud computing." It's a buzzword invented by corporate fatasses so they have something to say in meetings when they've used "rich user experience" and "robust features" in their Powerpoint too much.

    The accurate and correct phrase is "client-server."
  • Denominator88, on 11/17/2009, -0/+13That guy in the thumbnail looks like some all-powerful wizard of the Internet.
  • Ghostalker, on 11/17/2009, -0/+13You're storing your data, on someone's machine/server, on the far reaches of the Internet. Once you lose physical control of your data, it's immediately insecure.
  • Dregganaut, on 11/17/2009, -0/+7Pretty much. As far as I can tell, "cloud computing" is just a concept that is related more to billing people for CPU time than a new software architecture.
  • Bloodwine, on 11/17/2009, -0/+3Cloud Computing = Welcome back to the mainframe, Mr. dumb client.
  • ohplease, on 11/17/2009, -0/+3Nope. P2P != Cloud Computing, which is just web based services hosted on a distributed infrastructure.

  • brucealmighty, on 11/17/2009, -0/+3To be fair, it's immediately LESS secure. But your point is still well taken.
  • dvsbastard, on 11/17/2009, -0/+3It's good to know that I am not the only one bothered by this new "cloud" buzzword...

    The concept is not exactly new - the only difference is now that bandwidth, storage and processing is much cheaper (as is natural technological progression), the server can be responsible for a lot more than it previously was... Why the hell does this warrant a new buzzword?
  • grnicon, on 11/17/2009, -0/+3Most of these services that call themselves cloud computing are actually networked in an ephemeral manner, across a variable number of machines that aren't always stored at the same location. Hence the term, "cloud."

    A mainframe you can walk up to, because it has a physical location. But you don't know exactly where your mail is stored when you use Gmail. It could be in any number of Google's data centers, and thousands of miles apart. And the code that executes behind the scenes is likely not stored at the same data center as your mail, or the Javascript code your browser runs.
  • Ghostalker, on 11/17/2009, -0/+3I stand by insecure. Less secure makes the statement sound like only "some data" is endanger of being compromised. Once you lose physical control over your data though, you don't know what's going on. It could sit in some dusty server farm in Jerkwater, USA for a while, or in a basement with some 12yr old kid with a decryption script could try chewing away at it.
    Given enough time, with physical access to your "secure" files, someone can break through the security and get everything.
  • lemur, on 11/17/2009, -0/+2I'm sure Gandalf there will help make it all successful
  • deviantsteve, on 11/17/2009, -0/+2Hooray mainframe!
  • geodebug, on 11/17/2009, -0/+2Amazon just received their SAS70 certification. Not only does that make me feel better about our choice of using Amazon services as the infrastructure of our product but it makes it an easier sell to corporations.

    Clouds/mainframe/services/next years keyword (who cares about the terminology); AWS is the ***** and beats the hell out of maintaining your own servers, database, message queuing, storage space.

  • fxu1989, on 11/17/2009, -0/+2So he's the one who puts on his robe and wizard hat...
  • Kronos6948, on 11/17/2009, -0/+2to make it more marketable as "new" technology to the technologically ignorant.
  • rompom7, on 11/17/2009, -0/+2A lot of people have their wires crossed about cloud computing. It definitely not something new.. However, it's not just as simple as "client-server" as cubicledrone suggests.

    Cloud computing is a set of technologies (hardware, infrastructure and software) that allow any generic computing (anything from databases, to virtual machines, to content delivery) in such a manner that is seemless from a single client-server interaction, even though any number of nodes/servers located in entirely different locations may have been used during that interaction. It's usally scaleable in any direction, eg. you might need 10 servers to handle something computationally intensive, or you might run 10 virtual machines on a single server if you just need to host a small exchange server on each.

    The point is, cloud computing isn't new. But it is extremely useful. Now that we are starting to think about computing in this way, and we also actually have the infrastructure to make it work, it opens endless doors of potential uses.
  • pw378, on 11/17/2009, -0/+2Its actually easier. The providers document their security and have their own audits that can be accepted.
  • nathanbutnet, on 11/17/2009, -0/+1P.s. the really ***** buzzword that drives me ***** batty these days is 'bifurcate'
  • scuba7183, on 11/17/2009, -0/+1not everyone can spare 30 machines to crunch numbers
  • geodebug, on 11/17/2009, -0/+1The article you linked simply stated what is clear to anybody who knows risk assessment: the weak spot isn't the technology but people. In this case the person used a weak 'dictionary word' password.

    User error can break even your so-called secure system. For instance one of your company's employees could send out a sensitive document via personal email or leave their computer available in a public place (assuming you allow laptops) after logging in.

    It is about risk assessment. Some companies have more security needs than others and there are drawbacks to being over-protective (cost, training, additional personal, equipment, productivity (less sharing), etc).
  • niselat, on 11/17/2009, -1/+2Cloud computing is very non-secure. The other day it rained and my neightbors got my credit card numbers.
  • pw378, on 11/17/2009, -0/+1He is Whitfield Diffie.... He actually IS an all powerful wizard of the Internet.
    http://en.wikipedia.org/wiki/Whitfield_Diffie
  • DeathfireD, on 11/17/2009, -1/+2The concept of "Cloud computing" actually takes a step back in the computer evolution. In a nutshell, in-staid of using a hard drive to hold your files and programs, you would in-staid be relying on a service such as Amazon's file servers or Google's web apps..etc. Essentially using less space and resources on your computer when processing things. Unfortunately the downsides of cloud computing out way the positives.
    1) You're relying on these company's to keep your data away from prying eyes, hackers, the goverment(s) and other such people.
    2) They have easy access to your files at any given time and could easily filter or delete things they deem inappropriate (ie. RIAA complains that people are using clouds to share illigal MP3 files so clouds are forced to DRM any MP3 that are uploaded to their server to keep track of them).
    3) If you're not online or your having trouble accessing their services you're *****.
    4) With growing demand comes growing prices. In-staid of spending a one time fee of $100 on a 1TB hard drive you would be now paying per month or year for storage. Although there may also be services like Google apps that will likely always stay free but that fact is most other services will not be free.

    In reality cloud computing is not the future but really just a buzzword just like web 2.0, as you've already mentioned. As much as people want to think it's the future of all computers...it really isn't.
  • candorny, on 11/17/2009, -1/+2you make me laugh. Thanks.

    But one thing...LOOK OUT BEHIND YOU! No really...there was somoene there a minutes ago!
  • wr332, on 11/17/2009, -2/+3just like apple mac with virus.
  • damnshoes, on 11/17/2009, -1/+2If I get old im gonna have a beard like that.
  • Hermmunster, on 11/17/2009, -0/+1That's not exactly true. I've set up mail systems for attorneys and asked why they don't use the free global mail services and that's precisely the reasoning they give. Do you work for the DHS?

    Use cloud computing at your own legal risk.
  • Dregganaut, on 11/17/2009, -2/+3Somehow though, you're a 9/11 truther.
  • rompom7, on 11/17/2009, -0/+1"physical control of your data"

    What does that mean? Are you manipulating your data with a magnetic needle and a steady hand?
  • geodebug, on 11/17/2009, -0/+1All computers need to back up their data somewhere. Even if you back up to a tape and personally transfer that tape off site it is out of your immediate control.

    Modern encryption is significantly tough to crack, even with brute force, and if you go with a trusted data center, you can be assured that ninja hackers are not breaking into the server rooms.

    When it comes down to it, outsourcing your data storage, servers, and other services makes a lot of sense. The quality data centers need to jump through a lot of hoops to get certain certifications and that takes time, money, and expertise that many corporations (or individuals) just do not have.
  • ohplease, on 11/17/2009, -0/+1Ok here's the problem with using Google Docs and cloud based services for your company:

    http://www.itpro.co.uk/blogs/asavinw/2009/07/17/tw ...

    Right there. This would never happen in my company, because in order to access our documents/emails etc you need to be either in the office or connected via VPN using 2 factor authentication, which can't be hacked unless you're physically holding my RSA pincode generator. Using GMail and Google Docs as your corporate backbone is IT suicide. I would be fired on the spot for even recommending it to any of my customers.

  • Sheethappens, on 11/17/2009, -1/+2Cloud computing - or more correctly termed "Clown Computing" for only clowns propose it as a good option - isnt safe.

    I have a bumper sticker that reads like this -

    "Cloud computing. All your files are belong to us" (for those who get the reference)

    ....simply because hackers LOVE cloud computing. Nothing better than to be sniffing packets from cash cow firms and just deciphering them I bet. They have the spare time and they DO get their rewards!

    Me - not a hacker. No, really. I am NOT a hacker. I just get paid to fix idiot ideas people have and this "cloud computing" is one HELL of an idiot idea! I expect a lot more income because of this and as more "Me, too!" twits jump on the bandwagon, I'll be so overrun with work I am going to have to employ people to help me or maybe just gather as much cash as I can from fixing idiots who went to "cloud computing" and have a really great holiday.....or buy a yacht.....or maybe a South Seas island nation.....

    Oh who cares? 2012 aint that far away! Go for it, clowns! Make my money!

  • darkspym7, on 11/17/2009, -1/+2You might as well ask the question: How secure is the internet? There really isn't anything special about Cloud Computing (vs the rest of the Internet) when it come to security.
  • geodebug, on 11/17/2009, -1/+2Know before speaking.
  • DeathfireD, on 11/17/2009, -0/+1Ya except like the article states they haven't perfected a cost effective way to encrypt files and also use them at the same time so your point is moot.

    Actually it's very much different from a company or your own network's node going offline. The difference being it's within your infrastructure and not on the open web run by a company that's not associated with your's which can cause problems later on down the road. Not to mention not everyone even uses a network file server. Cloud computing is supposed to be the future of computing in general and not just for company's. This I cant see happening.

    The reason the price has dropped is because Amazon's prices where to much to begin with. They need to hook people before they can start raising the prices...basic economics my dear geodebug. If or when cloud computing becomes more used the prices will obviously increase substantially. Paying per GB is also a drawback. A normal user could easily blow through 100GB a month just from reading and writing files. Assuming you agree that cloud computing is the future then you also must know programs are getting larger over time. Within time that 100GB a month could easily go to 300GB or even 1TB. Also what if you decide to stop paying? Do you lose control over those files until you decide to pay to download that 2TB+ you have stored on their servers?
  • Jaq524, on 11/17/2009, -0/+1I look at it kinda like the laundromat -- I put my clothes in the machine and leave, returning 30 minutes later. If someone took my clothes, it would be pretty bad for me. Then again, who wants my clothes? Similarly, who wants my dumbass chat transcripts from Gmail chat, or my school assignments from Google Docs, or my schedule on Google Calendar?

    Then again, I'd store really sensitive (financial) data elsewhere, locally. Kinda like how I get my best stuff cleaned at the drycleaner.
  • ell0bo, on 11/17/2009, -0/+1well... cloud is sexier then 'generic processing cluster' really. That's all it is, a cluster you can install anything on and add or remove processing power or memory easily.
  • charlietuna, on 11/17/2009, -0/+1Nope, it may be hype, but what we are seeing is more like client to [peer to peer collective acting like a single virtual] server.

    It's grid computing under a sexier name.
  • Expl0siv0, on 11/17/2009, -2/+2It's Digg. You have maybe 2 Windows fanboys here. They're digging you down because you're a moron.
  • Hermmunster, on 11/17/2009, -1/+1Depends on what you are trying to be safe from. Let's say you are a doctor or an attorney. If you store your data in the cloud then they can subpoena the cloud service for your records. If you keep this information safe at the office they have to subpoena you. You can defend against that with client privilege. Just because you think your data is safe up there doesn't mean it is safe from all things....and we know how our government has been about prying into our lives these days. To me this is the best reason not to use cloud.
  • scamper22, on 11/17/2009, -1/+1well outside your little world, lies the world of reality of getting products out there.

    Branding helps. It gets people thinking and pushing into the new thing.

  • HotLeper, on 11/17/2009, -1/+1I am afraid to say it won't be safe for much longer. Hugo Chavez is planning on 'bombing' the clouds to create rain. This may very well be the end of cloud computing as we know it.
  • grnicon, on 11/17/2009, -1/+1Depends on how you define "secure."

    Last night my neighbor's Porsche wasn't secure. Today, it is.
  • pw378, on 11/17/2009, -2/+2You banking data is all in the cloud. Your entrust your bank (a 3rd party company) with your most sensitive data, your money and financial data. You don't actually hold your money, its all digits in banking cloud. Your email is in the cloud, your stock trading is in the cloud, your banking info is in the cloud, your credit card transactions are in the cloud, your phone records are in the cloud... Once people understand this, they will realize that their fears are about 30 years too late.
  • pw378, on 11/17/2009, -1/+1Client privilege is protected regardless of how law enforcements gets the data.
  • Snap65, on 11/17/2009, -1/+1You dont' tell them and if they ask then suggest lunch.
  • geodebug, on 11/17/2009, -1/+1@Deathfire Actually everything you said is the opposite and implies that you really don't understand the topic very well.

    1 & 2) Encryption. The storage service doesn't necessarily know what you are storing. If it is worth keeping a secret then encryption works.
    3) No different than if your company's network or a node on that network (the database for example) goes down. Only difference is that a cloud provider like Amazon has the money, expertise, and certifications to back up their quality controls. These days, if the internet is down, then all business stops anyway.
    4) The opposite is true. The more you use cloud services the cheaper they become. Amazon has dropped its prices over time as its different services mature. You talk about your 1TB hard drive but not about the additional 1TB hard drive you'd need to back it up and of course the tape drive to make offsite backups.

  • Kronos6948, on 11/17/2009, -1/+1And you bought Sprite, Surge, 7-Up, Slice, Shasta, Sierra Mist, and Storm, simply because they were new...or were they?
  • Fetching more discussions...
    Show 51 - 61 of 61 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.