FRAMINGHAM, 15 JANUARY 2010 - Google and proponents of cloud computing were quick to say that this week's Google hack should not raise questions about the inherent security of the cloud, but the incident is fueling debate about the safety of storing data in facilities accessed over the Internet.
Google's stance on China shatters security inhibitions
Google said "this was not an assault on cloud computing." Meanwhile, the founder of cloud vendor Elastic Vapor, Reuven Cohen, asserted that "the Google Hack proves the cloud is more secure than traditional desktop software, not less," apparently because systems were "compromised through phishing scams or malware, not through holes in Google's computing infrastructure."
Others disputed this idea, such as Search Engine Land editor Danny Sullivan, who wondered if the security breach "will develop into a major reversal for the growth of cloud computing."
Pund-IT analyst Charles King cautioned that we still don't know all the details of the breach, but said it should raise concerns about the security of cloud computing services. All IT systems, whether in the cloud or not, have some inherent flaws, but "any time a data center is open to the public Internet, there is the opportunity that it can be hacked in a number of ways," he says.
"Every system has some inherent flaw or weakness. People do break into supposedly impregnable bank vaults, tunnel through walls," King says. "No house is burglar proof and the same can be said of data centers. The bottom line here for me is some of the people who have been promoting cloud as … the future of IT have really been overstating the case. I think we will continue to see events like Google and the [T-Mobile] Sidekick failure over time."
Google on Tuesday said that in mid-December it faced "a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google." Attackers were apparently attempting to access the Gmail accounts of Chinese human rights activists, and also launched attacks against more than 30 other companies.
Later in the week, it was reported that a flaw in Internet Explorer had been exploited to hack into Google's corporate networks, and Microsoft said it is working on a patch.
On Twitter and in blog postings, industry observers debated whether the attack is proof of security problems specific to cloud computing, a phrase that generally refers to computing resources made publicly available through the Internet.
"This was not an assault on cloud computing," Google asserted in its official blog. "It was an attack on the technology infrastructure of major corporations in sectors as diverse as finance, technology, media, and chemical. The route the attackers used was malicious software used to infect personal computers. Any computer connected to the Internet can fall victim to such attacks. While some intellectual property on our corporate network was compromised, we believe our customer cloud-based data remains secure."
Sign up for Computerworld eNewsletters.