Cloud computing experts were called to arms following the iCloud hack that spurred an outcry regarding cloud security....
Mainstream reporters sought out anyone with the ability to spell "cloud computing" for their hot take on the hack that publicized personal photos of mostly female celebrities.
Most major news outlets across the globe are covering the security breach and, of course, questioning the safety of cloud computing against hacker attacks.
Cloud perception versus reality
What's interesting is the cloud case of perception versus reality. This was an attack on Apple's iCloud, not through some major flaw in the security system. Many hackers likely researched publicly available personal information for these celebrities and figured out their user IDs and passwords. The cloud did not fail these victims -- people did.
The horrifying reality is that clouds, websites, internal enterprise systems and anything with a network connection are constantly under hacker attack. Today, security workers are constantly playing whack-a-mole around security attempts to access systems. Trust me, internal systems everywhere play the same game.
The recent non-cloud breaches of large retailers Target and Home Depot is where the real hacking damage was done. Many credit card numbers were compromised and security mayhem ensued. These breaches make the iCloud issue seem very minor, technically, because these systems were physically in the enterprise. That's supposed to stop all bad things from happening, right? Not a chance.
Praising the public cloud providers
For the most part, iCloud and other public cloud providers maintain top-notch security. Cloud providers' security mechanisms and best practices are typically up to date due to the ensuing paranoia when data assets are stored on third-party cloud-based systems.
Once a few patches are applied, iCloud and iPhone users won't experience similar breaches. Educating users on cloud security and frequently required password changes should do the trick. However, security measures won't be effective if cloud users continue to use birthdays, pet names and street addresses for passwords. All bets are off when that happens.
Cloud providers earn an A- for security practices and technologies. Public cloud providers understand what's at stake and take preventative measures to reduce the risk. However, completely eliminating risks is impossible.
Over the next few years, most major breaches won't be coming from cloud providers. Poorly designed security systems around internal enterprise data, as well as lost laptops, phones and tablets will continue to be the culprits. As long as those easy pickings are around, hackers won't bother with the cloud -- yet.
About the author:
David "Dave" S. Linthicum is senior vice president of Cloud Technology Partners and an internationally recognized cloud industry expert and thought leader. He is the author or co-author of 13 books on computing, including the best-selling Enterprise Application Integration. Linthicum keynotes at many leading technology conferences on cloud computing, SOA, enterprise application integration and enterprise architecture.
His latest book is Cloud Computing and SOA Convergence in Your Enterprise: A Step-by-Step Guide. His industry experience includes tenures as chief technology officer and CEO of several successful software companies and upper-level management positions in Fortune 100 companies. In addition, he was an associate professor of computer science for eight years and continues to lecture at major technical colleges and universities, including the University of Virginia, Arizona State University and the University of Wisconsin.
Keeping your cloud network safe from DDoS disasters
Lack of two-factor authentication the culprit for iCloud hack?
Cloud capabilities called into question following Azure outage