Hacking attacks reminder for data caution in cloud computing

Back to TopCommentsE-mailPrintBookmark and Share

Hacking attacks against Sony and other companies in recent months have a cloud hanging over cloud computing—the hot trend of storing data on remote servers and accessing it through the Internet.

“It sets everybody back,” Pat O’Day, chief technology officer for infrastructure-as-a-service company Bluelock, said of the spate of high-profile data breaches. O’Day was among panelists in a TechPoint discussion session June 3, hosted at Barnes & Thornburg’s offices in downtown Indianapolis.

Many of central Indiana’s rising stars in information technology develop software and provide it through “the cloud,” in what’s known as software-as-a-service. The still relatively young business model is growing popular in part because it frees businesses from the cost and trouble of hosting and updating software on their own servers.

Panelists said businesses can plan now to take steps to minimize effects of a potential breach in their data.

Roy Hadley Jr., a partner in Barnes & Thornburg’s Atlanta office, told of receiving a phone call from a client who said an employee retrieving data via the cloud instead received a competitor’s data. “He asked me, ’What do we do?’”

Hadley replied: “Are you sure competitors aren’t able to access your data?
“There was silence on the other end of the phone.”

The cloud is here to stay and businesses should embrace the efficiencies it can bring, Hadley said. On the other hand, he challenged them to consider whether it might not be appropriate to place their “mission-critical” applications on public servers.

With data storage costs falling, companies are lulled into letting years of data or e-mails pile up, which could worsen a breach.  In other words, a company likely would be better off if just three months of e-mails or data were lost versus three years' worth.

“The time to think about what you’d do is beforehand,” Hadley added.

Companies need to have data policies clearly defined upfront, said Rod Rudd, practice director of cloud computing at MMY Consulting Inc. in Indianapolis. Rudd is a Google-certified deployment specialist for Internet-delivered Google Apps for business.

Even if a company’s data hosted on the cloud are secure, the threat remains that a company’s own employees who access it could be a weak link, a problem that predates the rise of the cloud, noted Rudd.

For example, he noted how data became vulnerable when companies increasingly placed information on laptop computers that could be lost by employees. These days, thumb drives can hold massive amounts of data and they’re even easier to lose.

“We’ve had this whole evolution of losing corporate data,” Rudd said.

Even as companies worry about the security of the cloud, “always think about the human element” as well, Hadley concurred. “Be proactive. You’d be surprised how people out there are trying to access your data.”

Bluelock’s O’Day urged companies to look carefully at the degree to which cloud vendors offer guarantees in their service-level agreements with clients.

Not only did Sony’s PlayStation Network this spring lose personal customer information to hackers, but a hacker group last week claims to have accessed personal information of more than 1 million users of SonyPictures.com.


  • Clouds no panacea
    We've seen cloud computing promoted before: it was call ASP (Application Service Providers) in the 80s.

    I just participated on a panel on virtual law practice issues at last week's Indiana State Bar Solo and Small Firm Conference. You'll find my presentation note here: https://sites.google.com/a/kimbrand.com/inbarvirtualpractice

    The delivery of web services is a highly scalable business model - and it's easy to see why vendors race to attract customers: it is very profitable.

    My company makes an on-premise server priced like a cloud service - I like our chances.

    What cloud services have really economized is the delivery of service. Not exactly a new idea as a plan to make more money.

    Kim Brand
    Server Partners, LLC

Post a comment to this story

We reserve the right to remove any post that we feel is obscene, profane, vulgar, racist, sexually explicit, abusive, or hateful.
You are legally responsible for what you post and your anonymity is not guaranteed.
Posts that insult, defame, threaten, harass or abuse other readers or people mentioned in IBJ editorial content are also subject to removal. Please respect the privacy of individuals and refrain from posting personal information.
No solicitations, spamming or advertisements are allowed. Readers may post links to other informational websites that are relevant to the topic at hand, but please do not link to objectionable material.
We may remove messages that are unrelated to the topic, encourage illegal activity, use all capital letters or are unreadable.

Messages that are flagged by readers as objectionable will be reviewed and may or may not be removed. Please do not flag a post simply because you disagree with it.

Sponsored by

facebook - twitter on Facebook & Twitter

Follow on TwitterFollow IBJ on Facebook:
Follow on TwitterFollow IBJ's Tweets on these topics:
Subscribe to IBJ