Monday, March 14, 2011

Pwn3d: Applying lessons from hacker threat to cloud computing risks

OK, so cloud computing risk as an issue is a misconception since these risks are addressable.  Yet, what we should be worried about is false sense of security because from now on, it will always be a never-ending game of creating and sorting through codes to outwit or out-hack each other. 

No arguing that for conferences, Cloud Connect is one of the better content events.  So whenever they have something to say (or haven't said), it may very be good for us to listen.  But this time last week, have you noticed something that wasn't on everybody's mouth.  

Yeah, noticeably absent was all the blabber about security

But of course what is a cloud discourse without any mention of security but a yawner, don't you think?  Fear not for Cloud Connect hasn't completely abandoned it but instead addressed this, albeit in a slideshow entitled, Five Massive Cloud Computing Misconceptions - specifically;

Pretty reassuring if you ask me.

Now contrast this with the riveting story detailing what happened with cyber-security firm HBGary and how it was reduced from top-notch  to objects of ridicule by hacktivists bent on exposing the firms Team Themis machination that was supposed to infiltrate Wikileaks.

"As if getting pwn3d by Anonymous and having sensitive information compromised wasn't bad enough, the content of the exposed e-mails uncovered a larger scandal involving an HBGary affiliate--HBGary Federal. Apparently, HBGary Federal was involved in an ethically dubious plan to use fake social networking profiles to discredit groups that criticize the US Chamber of Commerce."

Moving on he shares his pearls of wisdom derived from this sordid tale which you might very well learn a lot from.

1. Protecting data is a complex and difficult task.
2. Skilled hackers are a formidable force and security measures are more like speed bumps that breaking in is more of a matter of when not if.
3. Ethics and moral code matters in IT!

I'm not sure about you but I think that anyone who is interested in cloud computing ought to know this well enough to form his own conclusions on implementing security measures.   

Can they secure their cloud by themselves privately or does the public cloud do a much better job than they ever hoped to build?

This is to say that cloud computing nor security has no silver bullets and unless you approach and treat both using due diligence - monitoring and implementing strict methods of control, you haven't got a prayer.

Posted via email from friarminor's posterous