Cloud Computing Security: Response to FT.com Article

I agree that if the cloud vendors don’t get serious about securing critical business information, then the cases like Twitter’s will get worse and worse. The negligence on the part of players like these not only puts valuable information at risk, but also reflects badly on other service providers who have invested in security and provide business grade services.


5 August 2009

On Monday, Joseph Menn of the Financial Times posted an article titled: Security Experts Find Flaws in Cloud Computing.

I agree that if the cloud vendors don’t get serious about securing critical business information, then the cases like Twitter’s will get worse and worse. The negligence on the part of players like these not only puts valuable information at risk, but also reflects badly on other service providers who have invested in security and provide business grade services. But in the end, clouds are here to stay. The burden will be on both the companies who utilize clouds as well as the media to educate consumers and professionals on the applications that are appropriate – and secure enough – for their needs.

Peter Judge makes a similar point to my own comment in this recent article: The Lost Server That Makes A Case For The Cloud. Here, he debunks the myth that just because data is in-house it is more secure. The perception of security in-house is illusory: data and even hardware are known to have leaked from corporate and government data centers. Companies who prefer to sit on the sidelines waiting to see how cloud security will pan out are risking to lose the opportunity to influence the conversation. And whether they realize it or not, clouds are integral part of their business, be it the web client to the corporate e-mail server or an outsourced spam filtering solution.

The other interesting point Judge makes here is the need for two-factor authentication. He says it is inevitable, and for some class of data it is. For online banking, the government has stepped in to mandate two-factor authentication. Who is going to do that for the businesses waiting for secure solutions instead of pushing for them?

Maybe the perimeter-based protection of data does not work anymore when copies of sensitive files are all over the physical world on all kinds of portable devices. To quote Judge himself, “better to accept the data is mobile, and concentrate on keeping it in the cloud and securing the cloud.” I couldn’t have said that better myself.



Mushegh Hakhinian

Mushegh Hakhinian

Mushegh Hakhinian represents Intralinks at the Cloud Security Alliance SME Council, is a certified information systems security professional, and is a frequent contributor to industry publications. Prior to joining Intralinks, Mr. Hakhinian lead security functions at a multi-tenant online banking service provider and an international bank.