Premium ContentMouse over Home then click on Premium Content for information.The forecast for security on the Internet and in cloud computing has turned ominous, darkening after a string of cyber attacks exposed gaping flaws in the digital armor of some of the largest companies in the United States.
Just ask Sony, Citi, Epsilon and Dropbox, which all have recently had their security systems breached, unveiling customer names, addresses and credit card numbers to hackers and cyber criminals.
Or you could talk to upset consumers who found their information was exposed when businesses they trusted slacked on security. One of those individuals filed a complaint with the Better Business Bureau's office for Nebraska, western Iowa and South Dakota when the the consumer's cloud-based Dropbox file storage account was left unsecured.
Dropbox admitted the security gaffe occurred after a bug in authentication software basically made passwords optional for about four hours.
“Dropbox misrepresented their services as a fully-secure data storage solution,” the consumer wrote in a complaint.
“Cloud computing” has become a popular buzz term that promises convenient access to information from multiple devices, but many consumers remain wary or don't fully understand what it means.
It simply means that information you share is stored in data centers or on remote servers — often operated by a third party — that you can access anywhere, anytime and from any digital device, including computers, tablets and smartphones. It's a backup in case of a house fire or computer breakdown and means you don't have to buy as much physical storage yourself.
You may not realize it, but a majority of Internet activity is based in the cloud. Facebook, Google applications, popular photo-sharing sites like Flickr, and Dropbox, the popular storage service, all run in the cloud. Netflix's streaming video is essentially cloud computing because the movies are stored on remote computer servers and delivered to your desktop or television only when you need them.
And more services are heading in that direction, like Apple's iCloud, which will make music files accessible on-the-go, and Google's Chromebook, a laptop computer that runs completely on cloud-supported software.
Over the next 12 to 18 months, the University of Nebraska system will ditch its old email client for a new cloud service from Microsoft Corp. The university system recently announced that it will switch to Microsoft's Office 365 platform because of its cloud interface and to save the university system about 50 percent of what it's spending on email.
“We believe that moving to the cloud environment is the best way to leverage current technology and achieve greater cost savings and better security for our system,” said Walter Weir, chief information officer for the NU system.
Wyoming recently became the first state to begin using a suite of cloud computing tools from Google for its entire executive branch of government. Officials expect the state to save at least $1 million a year because it won't need to maintain some servers or update platforms.
More and more, instead of backing up family photos, data, videos, music or work documents on a personal hard drive, consumers are dumping content and data in places that businesses and service providers tout as secure — but that clever hackers have shown are vulnerable.
“One of the beauties about the cloud is that it makes info ubiquitous. You can access it anywhere, anytime,” said Prakash Ramamurthy, chief technology officer at LifeLock, the membership-based service that helps customers protect their critical personal information and defend against identity theft.
“That being said, (the cloud) has increased the awareness of security,” he said. “Before companies used cloud computing, we assumed a decent password and security software would keep us safe. But that has not changed in 15 to 20 years.”
Security experts say that the recent high-profile breaches are a sign that changes are needed and that more attention and money should be allocated to Internet and cloud security.
“Cloud security is an ongoing process that will continue to evolve as new technology is introduced,” said Mike Hrabik, chief technology officer and president of Solutionary, an Omaha-based security firm. “It's a global problem for everyone, but most businesses are moving in the direction to build standards and designs with security in mind.”
In the meantime, consumers shouldn't stop using cloud-based services, the same experts said. The onus is on companies, governmental agencies and security experts to raise the bar in keeping up with the disruptive technologies being developed by entrepreneurs and used by hackers.
“This problem won't get solved by people putting everything back on their hard drive,” Ramamurthy said.
He also said consumers need to be acutely aware of what they put in the cloud, even if it is safe and secure. Sensitive information like tax returns or financial records shouldn't be stored online, but content like music, videos and photo collections are fine.
“Just because you live in a safe neighborhood, you don't leave your front door unlocked,” he said. “We cannot be paralyzed by the fact that hackers are out there. Bad people are always going to be around.”
The primary reason businesses are focusing more resources on security isn't a positive one for consumers: Companies get hacked and consumer data gets exposed, then companies move to bolster security so it doesn't happen again.
According to the technology research firm Gartner, companies' spending on cloud computing will reach $177 billion by 2015. In 2010 that figure was $74 billion, and this year, Gartner predicts, cloud spending will reach $89 billion.
That growth is about four times quicker than general spending on information technology.
The second catalyst for the spending is the emergence of groups like the Cloud Security Alliance, a not-for-profit that promotes the best practices in cloud security and is working to set standards that companies should meet to be considered fully secure.
Currently, there's no official way to tell what kind of security, or what level of system companies are using to protect data in the cloud. But the CSA and members of Congress are moving to develop guidance programs, stiffer security requirements and authorization processes that makes identifying solid cloud security provider easier for consumers, but also for businesses and agencies considering third-party cloud providers.
“Right now, how do you know if a company has taken appropriate action?” Hrabik said. “That's where some of the regulation is heading, to give consumers an idea of who is taking appropriate action. Service providers are learning that security needs to be baked into their public and businesses offerings.”
Luciano “J.R.” Santos, director of research for the Cloud Security Alliance, said there's no silver bullet for the issues consumers and businesses are experiencing. He said an increase in transparency among businesses, service providers and consumers will help build confidence in the cloud, much like with making payments online with credit and debit cards.
“With these breaches going on, you're going to have a need for more information,” Santos said. “People aren't confident because of what's happened, but it also will bring more awareness.”
And in the end, said Frank Gillett, a technology analyst at Forrester Research, people like the prospect of anytime, anyplace access and multiple backups.
“In general,” he said, “consumers trade privacy for convenience.”
This report includes material from McClatchy Newspapers and the Associated Press.
Contact the writer:
402-444-1414, ross.boettcher@owh.com
twitter.com/rossboettcher
Copyright ©2012 Omaha World-Herald®. All rights reserved. This material may not be published, broadcast, rewritten, displayed or redistributed for any purpose without permission from the Omaha World-Herald.
