Whether Hack or Glitch, Security Questions Hound Public Cloud

Written by Habib Madani

If your enterprise is relying on the public cloud, you should be concerned about what happened recently to Dropbox.In a previous post, we discussed security issues surrounding the public cloud. The main point: If you’re the customer of a public cloud service, you are essentially trusting that provider to properly secure the system and protect your data. 

Ironically, one of the companies we named as an example of a public cloud provider, Dropbox, recently had a major issue of its own. The prominent file-sharing service — one used by many businesses for primary cloud storage — went down for several hours on Jan. 10, according to multiple media accounts.

Dropbox reportedly attributed the outage to a problem that came up during routine maintenance, although one Twitter account purportedly associated with the Anonymous hacker movement took responsibility for an alleged hacking of the company’s system. Dropbox denied that any customer-related data had been breached.

Dropbox Is Not Alone

Lest anyone think we’re picking on Dropbox, consider a recent report to Congress asserting that the Chinese government might be conducting a large cyber-spying campaign against the United States.

The campaign, officials said, presents possible risks for “U.S. users and providers of cloud computing services.” (A Bloomberg story noted the report did not provide examples of attacks that the Chinese government had supposedly conducted.)

Whether the problems come via Anonymous, foreign governments, or simple maintenance, the issue facing customers and other users of public clouds is the same: The lack of control over data security. As the Chief Technology Officer at Connectloud, it is a concern that I hear on customer calls every day.

Not only are you entrusting that security to an anonymous corporate entity, you’re also hoping that third-party provider will respond in the right way if a problem crops up. And, when that problem crops up, as problems will, you have no visibility into actual causes and remedies (versus what is released publicly). You simply trust that the vendor will be forthright about any issues that surface and is doing what’s in your best interest to fix things.

On a similar note, your customers will not care if you have a private cloud, public cloud or no cloud. They will hold you responsible for any security breaches, a stance supported by the recent regulations proposed in the field of digital compliance. The ultimate responsibility lies with the enterprise and it’s CIO/CTO – there is no passing the buck here.

Private Clouds Offer an Alternative

Do you want to place that sort of trust in somebody else for your most sensitive data? If your answer is “no,” then moving your data to a private cloud may be an alternative worth examining.

For one thing, your business can use open source software as the operating system for a private cloud – potentially a major cost saving, since open source, by definition, is free. Due to technologies such as SDN and NFV, it is possible to use cheap commodity servers (bare metal, x86 or even merchant silicon) for the underlying hardware, making the process less cumbersome and more cost effective.

The other good news is that even the overall cost of setting up a private cloud, or clouds, is becoming a much faster and inexpensive option with the emergence of a new category of Cloud Management Platforms.

Clouds can be set up in just minutes via an on-demand, self-service platform, eliminating the old system of paying for months of consultant time just to get set up. Better yet, the new solutions don’t tether you to legacy vendors.

In short, it’s possible now for companies to actually increase the security and control of their data while lowering their costs and eliminating the old problem of vendor lock-in.

Stay tuned to this site in the next few months, as Connectloud unveils more details about a revolutionary new approach to the cloud.