Hacking the Cloud: When Your Data ISN’T Safe…

If you’re a Play Station “fan boy” (or girl), you probably received an email from Sony offering you free games (in exchange for something about account security).  The PlayStation Network shut down it’s cloud after “an external intrusion” that resulted in the theft of personal information belonging to 77 million customers.  In fact, PSN said they’re moving their network infrastructure and data center to a new, more secure location.

Or, you might remember when Amazon's Elastic Compute Cloud and Elastic Block Storage platforms were offline during an April 21 outage that had major websites unavailable for three days.

Outages and security breaches like these have inspired fear that the Cloud may not be secure – or is less secure than a traditional data center; however, eWeek.com points out that major security holes are not unique to cloud services.  PSN uses both cloud services and traditional data centers.  Amazon's outage drew attention to data availability issues and reliability.  Security concerns exist in both cloud and traditional data center environments.  Cloud security is not inferior to data center security, where information can be accessed by a slew of hacking techniques.

eWeek adds, “People generally [haven't heard] about outages in [traditional] data centers because they affected only one organization and were smaller scale, but they often add up to far more lost time, money and business…”

The problem traces back to encryption.  EVERYTHING should be encrypted in both traditional data centers and on the cloud, from network traffic to S3 storage to file systems.  And the sensitive data?  That information should be especially encrypted.  The tools are out there, but companies might not realize just how secure their data needs to be.  An article by George Reese on the O’Reilly community adds:

“You should create a security system with the assumption that someone will gain unintended access to your data. It’s not that the cloud makes it more or less likely; it’s simply that a) there are attack vectors in the cloud that you have less control over and b) it’s a good idea anyways.”