Is Google hack an attack on cloud computing?

Google hack proves the cloud is more secure than traditional desktop software...

Google and proponents of cloud computing were quick to say that this week's Google hack should not raise questions about the inherent security of the cloud, but the incident is fueling debate about the safety of storing data in facilities accessed over the Internet.

Google said "this was not an assault on cloud computing." Meanwhile, the founder of cloud vendor Elastic Vapor, Reuven Cohen, asserted that "the Google Hack proves the cloud is more secure than traditional desktop software, not less," apparently because systems were "compromised through phishing scams or malware, not through holes in Google's computing infrastructure."

Others disputed this idea, such as Search Engine Land editor Danny Sullivan, who wondered if the security breach "will develop into a major reversal for the growth of cloud computing."

Pund-IT analyst Charles King cautioned that we still don't know all the details of the breach, but said it should raise concerns about the security of cloud computing services. All IT systems, whether in the cloud or not, have some inherent flaws, but "any time a data center is open to the public Internet, there is the opportunity that it can be hacked in a number of ways," he says.

"Every system has some inherent flaw or weakness. People do break into supposedly impregnable bank vaults, tunnel through walls," King says. "No house is burglar proof and the same can be said of data centers. The bottom line here for me is some of the people who have been promoting cloud as … the future of IT have really been overstating the case. I think we will continue to see events like Google and the T-Mobile Sidekick failure over time."

Google on Tuesday said that in mid-December it faced "a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google." Attackers were apparently attempting to access the Gmail accounts of Chinese human rights activists, and also launched attacks against more than 30 other companies.

Later in the week, it was reported that a flaw in Internet Explorer had been exploited to hack into Google's corporate networks, and Microsoft said it is working on a patch.

On Twitter and in blog postings, industry observers debated whether the attack is proof of security problems specific to cloud computing, a phrase that generally refers to computing resources made publicly available through the Internet.

"This was not an assault on cloud computing," Google asserted in its official blog. "It was an attack on the technology infrastructure of major corporations in sectors as diverse as finance, technology, media, and chemical. The route the attackers used was malicious software used to infect personal computers. Any computer connected to the Internet can fall victim to such attacks. While some intellectual property on our corporate network was compromised, we believe our customer cloud-based data remains secure."

Google's main business is delivering advertising-supported Web search results, of course, but the company has also become a custodian of enterprise data because of services such as Google Apps, a Web-hosted alternative to Microsoft Exchange.

It is thus important for Google to convince businesses that storing data in Google facilities is safe, despite the events of last month.

Sullivan, in his blog post, noted that he has been moving more and more data into Google services but is rethinking that strategy in the wake of Google's security troubles. He criticized Google's insistence that the attack was not an assault on cloud computing.

"It was very much an attack on cloud computing, as Google's main blog post made clear," Sullivan wrote. "Hackers went after Gmail accounts, not just through malware-infected computers but directly by targeting Google, that post told us. Gmail — your e-mail, stored in the cloud. That's an attack on cloud computing."

Cohen disagreed in his own blog post, saying the attack doesn't reveal any deficiency in cloud security because hackers used social engineering techniques to gain access to private systems.

"What this hack really proves is that people are easier to hack then networks," Cohen writes. "The weakest links are the people who are stupid enough to open an attachment they don't recognize, even if it appeared to be from someone they trusted. That's the beauty of social engineering based hacks. The e-mail appears to be from your mother, father, friend or colleague. The lesson we must learn is one of education, don't open attachments you don't recognize."

Regardless of how the attack was executed, it did happen and consumers of cloud-based services should remember that there are risks when storing data with a third party, King says.

"Just because you're using a cloud service doesn't obviate the need for backing up data to a local hard drive," King says. "Like anything else the online data repositories are not infallible, and it's critical for consumers and businesses to protect their data and protect themselves in multiple ways."

Follow Jon Brodkin on Twitter:

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags searchGoogleCloudsecurityChina

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jon Brodkin

Network World
Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?