Hacking attacks reminder for data caution in cloud computing

June 6, 2011

Hacking attacks against Sony and other companies in recent months have a cloud hanging over cloud computing—the hot trend of storing data on remote servers and accessing it through the Internet.

“It sets everybody back,” Pat O’Day, chief technology officer for infrastructure-as-a-service company Bluelock, said of the spate of high-profile data breaches. O’Day was among panelists in a TechPoint discussion session June 3, hosted at Barnes & Thornburg’s offices in downtown Indianapolis.

Many of central Indiana’s rising stars in information technology develop software and provide it through “the cloud,” in what’s known as software-as-a-service. The still relatively young business model is growing popular in part because it frees businesses from the cost and trouble of hosting and updating software on their own servers.

Panelists said businesses can plan now to take steps to minimize effects of a potential breach in their data.

Roy Hadley Jr., a partner in Barnes & Thornburg’s Atlanta office, told of receiving a phone call from a client who said an employee retrieving data via the cloud instead received a competitor’s data. “He asked me, ’What do we do?’”

Hadley replied: “Are you sure competitors aren’t able to access your data?
“There was silence on the other end of the phone.”

The cloud is here to stay and businesses should embrace the efficiencies it can bring, Hadley said. On the other hand, he challenged them to consider whether it might not be appropriate to place their “mission-critical” applications on public servers.

With data storage costs falling, companies are lulled into letting years of data or e-mails pile up, which could worsen a breach.  In other words, a company likely would be better off if just three months of e-mails or data were lost versus three years' worth.

“The time to think about what you’d do is beforehand,” Hadley added.

Companies need to have data policies clearly defined upfront, said Rod Rudd, practice director of cloud computing at MMY Consulting Inc. in Indianapolis. Rudd is a Google-certified deployment specialist for Internet-delivered Google Apps for business.

Even if a company’s data hosted on the cloud are secure, the threat remains that a company’s own employees who access it could be a weak link, a problem that predates the rise of the cloud, noted Rudd.

For example, he noted how data became vulnerable when companies increasingly placed information on laptop computers that could be lost by employees. These days, thumb drives can hold massive amounts of data and they’re even easier to lose.

“We’ve had this whole evolution of losing corporate data,” Rudd said.

Even as companies worry about the security of the cloud, “always think about the human element” as well, Hadley concurred. “Be proactive. You’d be surprised how people out there are trying to access your data.”

Bluelock’s O’Day urged companies to look carefully at the degree to which cloud vendors offer guarantees in their service-level agreements with clients.

Not only did Sony’s PlayStation Network this spring lose personal customer information to hackers, but a hacker group last week claims to have accessed personal information of more than 1 million users of SonyPictures.com.


Recent Articles by Chris O'Malley

Comments powered by Disqus