Is Google hack an attack on cloud computing?

Google hack proves the cloud is more secure than traditional desktop software...

Google and proponents of cloud computing were quick to say that this week's Google hack should not raise questions about the inherent security of the cloud, but the incident is fueling debate about the safety of storing data in facilities accessed over the Internet.

Google said "this was not an assault on cloud computing." Meanwhile, the founder of cloud vendor Elastic Vapor, Reuven Cohen, asserted that "the Google Hack proves the cloud is more secure than traditional desktop software, not less," apparently because systems were "compromised through phishing scams or malware, not through holes in Google's computing infrastructure."

Others disputed this idea, such as Search Engine Land editor Danny Sullivan, who wondered if the security breach "will develop into a major reversal for the growth of cloud computing."

Pund-IT analyst Charles King cautioned that we still don't know all the details of the breach, but said it should raise concerns about the security of cloud computing services. All IT systems, whether in the cloud or not, have some inherent flaws, but "any time a data center is open to the public Internet, there is the opportunity that it can be hacked in a number of ways," he says.

"Every system has some inherent flaw or weakness. People do break into supposedly impregnable bank vaults, tunnel through walls," King says. "No house is burglar proof and the same can be said of data centers. The bottom line here for me is some of the people who have been promoting cloud as … the future of IT have really been overstating the case. I think we will continue to see events like Google and the T-Mobile Sidekick failure over time."

Google on Tuesday said that in mid-December it faced "a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google." Attackers were apparently attempting to access the Gmail accounts of Chinese human rights activists, and also launched attacks against more than 30 other companies.

Later in the week, it was reported that a flaw in Internet Explorer had been exploited to hack into Google's corporate networks, and Microsoft said it is working on a patch.

On Twitter and in blog postings, industry observers debated whether the attack is proof of security problems specific to cloud computing, a phrase that generally refers to computing resources made publicly available through the Internet.

"This was not an assault on cloud computing," Google asserted in its official blog. "It was an attack on the technology infrastructure of major corporations in sectors as diverse as finance, technology, media, and chemical. The route the attackers used was malicious software used to infect personal computers. Any computer connected to the Internet can fall victim to such attacks. While some intellectual property on our corporate network was compromised, we believe our customer cloud-based data remains secure."

Google's main business is delivering advertising-supported Web search results, of course, but the company has also become a custodian of enterprise data because of services such as Google Apps, a Web-hosted alternative to Microsoft Exchange.

It is thus important for Google to convince businesses that storing data in Google facilities is safe, despite the events of last month.

Sullivan, in his blog post, noted that he has been moving more and more data into Google services but is rethinking that strategy in the wake of Google's security troubles. He criticized Google's insistence that the attack was not an assault on cloud computing.

"It was very much an attack on cloud computing, as Google's main blog post made clear," Sullivan wrote. "Hackers went after Gmail accounts, not just through malware-infected computers but directly by targeting Google, that post told us. Gmail — your e-mail, stored in the cloud. That's an attack on cloud computing."

Cohen disagreed in his own blog post, saying the attack doesn't reveal any deficiency in cloud security because hackers used social engineering techniques to gain access to private systems.

"What this hack really proves is that people are easier to hack then networks," Cohen writes. "The weakest links are the people who are stupid enough to open an attachment they don't recognize, even if it appeared to be from someone they trusted. That's the beauty of social engineering based hacks. The e-mail appears to be from your mother, father, friend or colleague. The lesson we must learn is one of education, don't open attachments you don't recognize."

Regardless of how the attack was executed, it did happen and consumers of cloud-based services should remember that there are risks when storing data with a third party, King says.

"Just because you're using a cloud service doesn't obviate the need for backing up data to a local hard drive," King says. "Like anything else the online data repositories are not infallible, and it's critical for consumers and businesses to protect their data and protect themselves in multiple ways."

Follow Jon Brodkin on Twitter: www.twitter.com/jbrodkin

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags GoogleChinasearch

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jon Brodkin

Network World
Show Comments

Essentials

Brother MFC-L3745CDW Colour Laser Multifunction

Learn more >

Mobile

Exec

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?