the future of computing: cloudy with a chance of showers“Of more than 2,000 CIOs surveyed by Gartner recently, 43% of them predicted that the majority of their IT infrastructure will run on cloud technologies within the next four years.” —From Forbes Magazine, May 23rd.

Because of its high levels of convenience and efficiency, cloud computing is poised to be the major form of data storage in the future. Facebook, one of the world’ largest data clouds, saw its brand value grow by 246% last year, according to Brand Z’s 2010 report.

That year Facebook overtook Google as the most-viewed site on the web. Google also saw competition from Apple, which de-throned Google as the most-valued brand at an estimated $153 billion.

The 3 companies poised to dominate the web in the future are, not coincidentally, the 3 companies most-associated with cloud computing: Google, Apple, and Facebook.

Facebook is already a giant cloud: a nebulous site where people share links, photos and apps with each other and no one really owns any of that data. Apple is looking to improve the power and versatility of their mobile devices even more by off-loading data storage for future iPads completely onto clouds. Google was a pioneering company in developing offsite data storage, and now they have developed their own operating system (“Google Chrome OS”), with the intention of releasing this system on mobile devices that store all their data on Google’s cloud. It is obvious that cloud computing is going to revolutionize the internet, and it is coming, whether we are ready or not.
The major concern that many consumers are raising, though, is whether cloud computing is secure enough. Moving away from personal storage and towards communal storage scares many users, since it opens up the data to possible access by many more people, but cloud computing also has some security benefits.

The major areas of concern in data storage are: Privacy (how public the data is), Security (how likely the data is to be lost or accessed by an unauthorized user), Availability (how reliably accessible the data is for users), and Compliance (how data access is restricted to meet the standards of organizations like the PCI).

Both companies that use cloud computing and those that don’t have failed one one or more of these security issues, which is not surprising, since 90% of companies claim they have been hacked in the past 12 months. Security breaches are, unfortunately, a ubiquitous part of using the internet today, cloud computing or no.

When Sony Online Entertainment was hacked in April, I was one of the 77 million users exposed to the attack. While Sony first claimed that the breach was small and did not compromise any personal or credit information, later they discovered that the breach was much larger and did include the personal information of several users. I recently heard from my bank that my credit card may have been compromised, and the most likely reason in my mind is the recent attack on SOE. Luckily I received a replacement card and I did not have anyone making unauthorized purchases on my dime.
SEO tried to “make good” the month-long downtime and breach of secure information with the give-away of in-game goodies to all affected players. The gift packages ranged from limited edition character outfits, valued at about $5, to 1-month of free subscription, worth about $20. The package was not viewed as sufficient by many users, and 3 have now filed a lawsuit against SEO, claiming that Sony spent too much of their security budget to protect the servers containing their intellectual property while spending next-to-nothing to secure the servers containing customer’s sensitive personal data. Sony CEO Howard Stringer indirectly admitted this when he claimed that the cyber-attack was probably connected to SEO’s attempts to protect its intellectual property from people trying to modify it.

With the SEO attacks, it seemed for a few days that the attack had only compromised in-game player information and not more-sensitive information like credit card numbers, since the latter is stored on a separate 3rd-party server. It seemed for a moment that cloud computing had actually saved user’s credit information, but unfortunately that turned out not to be the case.
A leading name in cloud storage, Dropbox, experienced a cyber-attack on June 18th, where a major snafu in the authentication system allowed people to log in to any user’s account by simply copying the username into the password field. Analysis of the bug showed that for the 4-hour period that this lapse was happening, only one person seemed to exploit the weakness, and that this person accessed hundreds of accounts. The motives of the person were unknown, though apparently they did not download information from most of these files. Dropbox CEO Drew Houston responded to the incident, apologizing, offering credit counseling, and offering to talk personally with the affected users. The attitude of Dropbox users seemed to be: “no problem, these things happen.”

The relative-clemency that Dropbox users have shown in response to this incident and the relative-wrath that SOE users have shown in response to that attack reflects a difference in the paradigms of the users and CEOs. Users of SEO games didn’t seem to understand that their personal information was going into “the cloud,” and hence they felt more betrayed when it was compromised. Meanwhile SOE seemed astonished by the breach and responded as such, enlisting the help of authorities and seeking out the cyber-criminal. Dropbox users seemed to understand that their data was publicly-stored and at higher risk of unauthorized access, and they seemed unsurprised that their information was compromised. Their nonplussed response was probably also due to Dropbox’s CEO’s timely and frank missive, where he accepted responsibility and then tried to move on from there.
Cloud computing or no, if you post share information in any form on the internet, it is likely to be hacked at some point or another. Users need to understand that cyber-crime is a part of the internet, and probably always will be. Being smart on the user end, though, can prevent you from a lot of undue hassle when your information inevitably gets hacked. Users should always have a strong password that cannot be easily cracked.

Passwords and other sensitive information should be written down or stored on external drives, never stored in the cloud. Sensitive data stored on sites like Dropbox should be encrypted to protect it from unauthorized access. Perhaps most importantly, users that buy things online and store their credit card information on a site should understand the inherent risks. Once credit card information is stored online, the user should start keeping a keen eye on that account and expecting identity theft.

Cloud computing hasn’t made the web any less-secure, but it has made security issues all the more salient. Perhaps this new security-awareness will actually drive users and companies to be more-responsible in looking after their own digital security.

Image: digitalart /