Cloud Computing: Easy Target for Cyber Criminals?

Guest writer Paul E. Lubic, Jr., has some definite ideas on the US government’s decision to employ Google’s cloud based computing model. Paul explains why, in his view, this risky venture will play into the hands of cyber criminals.

Here’s Paul’s report:

clip_image002The use of cloud computing by organizations to rent office productivity applications such as word processing, databases, spreadsheets, and presentations is less expensive than the current method of purchasing application packages/licenses.

However, any money saved by renting cloud-based applications rather than purchasing applications for use on local servers will, in my opinion, be lost and more, because of a much higher probability of having the data stored in the cloud hacked and stolen.

This opinion is based on the fact that the documents stored in the cloud are, for all intents and purposes, stored in one virtual location that is a big fat target for cyber criminals.

Consider that with the current method of using office productivity tools to create and store an organization’s documents, they’re stored on various servers owned by the organization.

Depending on the size of the organization, these documents will be spread across many different servers and storage devices, possibly on a common network. The advantage in protecting the data is that a cyber criminal will have a more difficult time gaining access to the many locations than if there were only one location to attack.

Here’s the really scary part. The US Government has recently awarded Google a security clearance for their cloud computing applications; indicating that they are clearing the way to begin using cloud computing, states a recent Los Angeles Times article: Google, Good enough for government work.

This is the same government that this past year was the victim of advanced persistent threat attacks that resulted in the loss of extremely sensitive national security-related data across numerous agencies.

Since cloud computing-based applications are also vulnerable to advanced persistent threat attacks…it seems to me we’ve just made the cyber criminals’ job a lot easier because once the crooks have gained access to one agency’s cloud-based applications, a huge advantage in itself, they’re smart enough to be able to access those of other agencies as well. Yep, one big fat target; the bad guys are salivating on their tee shirts as we speak.

Advanced Persistent Threat: Targeting an organization’s specific individuals who have elevated access in order to gain long-term, clandestine entry to applications and data.

If you’re wondering why the US Government would allow this to happen in the first place…I can hear the bureaucrats [defined: an official who works by fixed routine without exercising intelligent judgment] saying “We changed to cloud computing because it saved us lots of money. We didn’t know it was unsafe.” ‘Nuff said…they’re gonna to do it.

Let Paul know your opinion on this issue by commenting on this article; we all learn from each other when our views and opinions are shared.

Guest writer Paul E. Lubic, Jr. is a long time IT professional who has held the positions of programmer, IT Security Manager and Chief Information Officer.  His interests lie in the IT security area, but he writes on all categories of technology.

Paul is a mature and seasoned writer, with a rare ability to break down complex issues into an easy to understand format. Check him out at his Blog – Paul’s Home Computing.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

About these ads

12 Comments

Filed under Cloud Computing Applications, cybercrime, Google, Guest Writers

12 responses to “Cloud Computing: Easy Target for Cyber Criminals?

  1. Hi Bill,

    I’m with Paul on this one. It’s incredibly irresponsible and truly crazy that government organisations will willingly give information to corporations to ‘look after’. If anything goes wrong, where is the access to everything that’s stored in the cloud?

    It’s like giving your bank account number and credit card to a stranger and asking them not to use them. You may get lucky and pick an honest person but I’ll bet you won’t get lucky and all your money will be gone in a matter of minutes.

    Why do people always want the easy option?

    I will never store any of my stuff anywhere but in my own home on my own computer; it’s irresponsible to do otherwise.

    I’m not paranoid, just careful. What’s next, harvesting your thoughts? Science Fiction is fast becoming Science Fact.

    We are at a time in history where personal freedoms are being eroded at such a fast pace we can’t keep up with them. We shouldn’t be so willing to give those freedoms away just because we want it easy. If we don’t stop these things happening now, then we will only have ourselves to blame when we are in complete bondage to those in power. You think they don’t want that? I think they do. A controlled population is a submissive population.

    Many people have fought hard over the centuries, and died for causes that have resulted in the freedoms we enjoy today. We must not give them all away. It’s a slap in the face to those who gave their lives so we could be free.

    • Hi Paul,

      Totally agree. The one thing we’ve learned from the BP fiasco (I hope!) is; if something can go wrong, it will go wrong. So called fail safe systems, are nothing more than a pipe dream foisted on us by people who couldn’t give a fiddler’s fuck. The hunt for the dollar overrides EVERY other consideration.

      Personally, I’ve long believed that Google is the biggest scam artist on the planet. This is a company that literally rapes people’s privacy with little, or no regard, for the long term implications. The US government’s plan to use Google’s cloud services, passes every test for insanity that I know of. Over time, this decision will prove to be a fatal error.

      And, your right, WW2 veterans, for example, would be forgiven for questioning the sanity of the society they valiantly sacrificed to protect.

      Best,

      Bill

    • Paul,
      Thanks for your support on this issue. You’re right, these bureaucrats don’t understand the risks of cloud computing…and the vendors like Google aren’t educating them. In fact, I’d guess they’re telling them that cloud computing is safe. I appreciate your insightful comment.
      Best,
      Paul

  2. Bill,

    To quote Paul “If you’re wondering why the US Government would allow this to happen in the first place…”… I worked for the government on the State level and I would bet the house that if you asked any of these bureaucrats (politicians) to give us a “definition of cloud computing” they could not answer you with a convincing response. Next thing you know we’ll be storing our data in China.

    Rick

    • Rick,

      “storing our data in China” – now there’s another layer to this debate that needs to be considered. I think you’ve got something there.

      As for these people not being able to define “cloud computing – these are the same people who wouldn’t know a bit from a byte.

      Great comment. Thanks.

      Bill

    • Rick,
      You’re right, I’ve also worked at the state level and there’s a lot of ignorance there. Who knows that Google’s not already storing cloud computing data in China? Kinda makes you think… Thanks for the thoughtful response.
      Best,
      Paul

  3. Pingback: How Secure Is Cloud Computing? | Paul's Home Computing Blog

  4. Ranjan

    Hey Bill & Paul,
    It’s really really a bad idea to store an organization’s documents on the internet in ‘unknown’ hands. Just to save few $$$, the govt. is ready to depend on ‘cloud’, neglecting the fact that this may cause them to pay in billions for it, which will very likely be snatched away from the citizens in the form increased taxes.
    Why they don’t understand that nothing is and/or remains private on internet. It’s way easy to break into any not-so-geeky and to much extent, an illiterate in computer security official’s account than to break into the organization..

  5. Ranjan

    Would like to make the “illiterate in computer security” part clear so as not to create confusions any kind of offence one may think.
    What i meant by that point is that, only a few of govt officials are security enthusiasts who handle their works with great care but not all have the same enthutiasm. And i’m not pointing to any particular goverment, it’s a common scenario worldwide..

  6. Ranjan,
    I agree with your point. Nothing is private, or safe, on the Internet.
    Paul

  7. Pingback: Kaspersky Internet Security 2010 3-User | software blog