Cloud Challenges: #1 Security


Passwords in the cloud - securityThere is no doubt that the cloud offers many benefits for both organisations and users. There are good reasons why, for example, 43% of all CRM-users are now using a cloud based system. And this major shift happened in just a few years. But can we really trust all aspects of cloud computing?

In five brief posts we’ll take a look at the main challenges of using cloud services and how these issues can be resolved:

  1. Security
  2. Control
  3. Mobility
  4. Cost
  5. Productivity

So, what about cloud and security? Can we trust the cloud? The past weeks we have seen the first mega storm in the media with regards to cloud vulnerability. It’s actually a bit frightening that you need nude celebrities in order to get the general public’s attention, but maybe that’s just a sign of the times.

The celebrity photo theft from the iCloud was worldwide news in a matter of hours. This event has shown how a targeted attack on a cloud service can cause so much harm. What is more, the full extent of the leak is yet to be fully understood. Other photographs and videos may soon begin to circulate, or even other kinds of sensitive content, such as business and financial information. As yet, there is no way to know.

The attack, as it appears, was focused on passwords and security questions – historically, the weakest link in IT security. They are frighteningly easy to guess, to crack using software tools, or to obtain through phishing or social engineering.

Another recent exploit, the apparent Gmail credentials leak, once more points the finger to the inadequacy of fixed passwords. How many of the stolen credentials were reused across a range of services, from Facebook profiles to work-related accounts?

A fixed password may have been sufficient once, when computers were few and far between. Today, with cloud computing as a household word, the situation is entirely different. The scope and variety of uploaded content grows by the day, from bookkeeping spreadsheets to health information. The need for security and privacy increases accordingly. Unfortunately, as recent events have shown, even the best and biggest online services cannot always be as secure as they should.

Strong authentication is often rightly promoted as a way to mitigate risks in the cloud. But before you start going down that route, maybe you should think about not having the identity in the cloud in the first place. And there is actually a smart way of doing that, and in the next blog post we´ll take a closer look at the second challenge: Control.