Computing faces a cloudy future

A day after being hit with a security breach, Twitter CEO Evan Williams wondered in his tweet, ??how vulnerable most of us on the Web are.? His concerns, just like his Twitter account, seem to have a big number of ?followers?.

Written by Pragati Verma

July 23, 2009 22:57 IST

Hacking of Twitter employees? Google Apps? accounts has kickstarted another round of public scrutiny of cloud computing, especially enterprise cloud computing resources. Security

of personal information of over 37 million Twitter accounts (projected to increase to 100 million according to leaked Twitter documents) is under the scanner. Eyebrows are being raised on the social media?s latest growth engine?s dependence on cloud services like Google Docs to store confidential financial documents.

Many seem to be suggesting that if you want to keep something private, it?s better not to host it on the Web. Albert Wenger, a partner at venture capital firm Union Square Ventures, an investor in Twitter says in his blog: ?The threat of access by a third party increases exponentially with the move to the cloud, because the machines that now contain the documents and the links to those documents (as sent by email) are accessible to the Internet at large.?

For starters, Google Apps accounts of Twitter employees were hacked and hundreds of confidential documents were stolen and then offered out to various Web sites by hacker, Hacker Croll, who bypassed Twitter?s security systems by guessing an IT administrator?s Gmail password that was also used to access more than 300 sensitive financial documents stored on Google Docs.

At the corporate level, Twitter has worked hard on clarifying that this is ?not a hack on the Twitter service, it was a personal attack followed by the theft of private company documents? and has ?nothing to do with any vulnerability in Google Apps?. To be fair to Google and Twitter, this can?t be called an overt security breach but unauthorised access enabled by pilfering of passwords.

As tech circles buzz with questions over security in cloud computing, we ask security experts if security issues could

arrest its momentum. Are these consumer grade applications ready for enterprise usage? Will cloud computing continue to be the next big thing?

Not many consider it to be ready for primetime. Security vendors as well as telcos seem to think that the cloud is no more or less vulnerable than any other computing system. ?IT security is about trust. You have to trust your CPU manufacturer, your hardware, operating system, software vendors and your ISP. Any one of these can undermine your security: crash your systems, corrupt data, allow an attacker to get access to systems. We?ve spent decades dealing with worms and rootkits that target software vulnerabilities. We?ve worried about infected chips. But in the end,

we have no choice but to blindly trust the security of the IT providers we use,? says BT chief security technology officer, Bruce Schneier. The question become even more relevant

as Indian CIOs seem excited about the prospects of cloud computing, estimated to be the fastest growing slice

of information technology spending. Globally, cloud computing infrastructure is forecasted to grow to $48 billion by 2012 from the current $16 billion, according to the latest reports from IDC.

The biggest IT buzzword of the year?cloud?is easily the most misunderstood IT concept of our times. Misunderstanding of the issues may prejudice some in ways that could prevent them from adopting advantageous cloud solutions. ?People are wary of losing control as security moves to a service provider. Otherwise, cloud is as safe or unsafe as porting data or application on a CD drive or a USB drive,? says Trend Micro India & Saarc country manager, Amit Nath. The important aspect, according to him, is to find out details about the service provider and study the service level agreement well. Trend Micro offers a cloud-based security solution that still places the customer in control. Its Worry-Free Business Security Advanced 6.0 with InterScan Messaging Hosted Security Standard is a cloud client/server security solution that offers Web, e-mail and malware protection for laptops, desktops, servers and SMTP/Exchange servers.

Security experts like Nath suggest a complete cost-benefit-risk analysis on an application-by-application basis for a move to a hosted computing model versus traditional client/server models. Password policies are also coming under scrutiny. Weak passwords have been known to enable several security attacks. Hackers also make use of the people?s habit of putting online information that they wouldn?t otherwise share with anyone publicly.

Already, security breach at Twitter is pushing CIOs to ask more questions about the cloud?s preparedness to handle the new 2,000 threats that come every hour. Many are mulling over asking for a two-factor security system utilising text messaging or other form of random password generators, in which a user receives a text with a secret code after inputting a username and password.

In the end, it boils down to the same equation of information availability and security. While extra passwords or other means of authentication will inflict some pain on the user, they will safeguard the data. In short, the onus

is on the outsourcer and service providers to ensure security in the cloud. Cloud computing, itself, is as safe or as vulnerable as any conventional computing architecture.

Get Live Share Market updates, Stock Market Quotes, and the latest India News and business news on Financial Express. Download the Financial Express App for the latest finance news. .

This article was first uploaded on July twenty-three, twenty nine, at fifty-seven minutes past ten in the night.