Will cloud computing make cynics of us all?

Filed Under: Facebook, Google, Podcast, Privacy, Social networks, Twitter

This year's Virus Bulletin conference was full of talks which mentioned the cloud, which had the word cloud in their title, or both. Indeed, Cloud Computing, and its cousin Software as a Service (SaaS), are being talked about, and talked up, everywhere, as though they are new, and revolutionary, and undeniably the way forward for all of us.

Cloud computing for cynics

Perhaps. But as anyone who has passed a winter in the Pacific North-West -- in Redmond, for example, or in one Vancouver or another - will know, cloud is something which few people enjoy for very long.

Bemused after all the cloudy Virus Bulletin papers, in both the technical and the corporate streams, Carole Theriault and I recorded a podcast in which we reviewed a whole range of questions about the cloud.

What is cloud computing? What are the benefits? What are the risks? How does "working in the cloud" differ from simply "being on the internet"? Will everything, including security software, eventually move from your PC to the cloud? And if it does, how will you connect to and use the cloud in the first place?

Listen (or download it) here:


As you will hear in the podcast, I have some fairly serious concerns about SaaS, both for your organisation's critical data and for your own PII (personally identifiable information). Not everyone seems to share these concerns, though, even at the highest levels. For example, I don't like the idea of schoolchildren storing their files and homework "in the cloud", whereas the New South Wales Government doesn't seem to mind, having outsourced to the cloud all public schoolchildrens' email and storage.

Some well-publicised SaaS glitches are listed below:

July 2008: Facebook accidentally publicly revealed personal information about its members, which could be useful to identity thieves. The full dates of birth of many of Facebook's 80 million active users were visible to others, even if the individual member had requested that the information remained confidential.

Jan 2009: A hacker managed to hack into Twitter's internal systems, opening the door for criminals to break into the Twitter accounts of the likes of Britney Spears, Fox News and Barack Obama. The teenage hacker claims he gained entry to the micro-blogging site's administrative control panel using a so-called dictionary attack.

Feb 2009: Google has apologised for the outage that hit business and consumer users of its popular e-mail service. GMail...was unavailable to all for "approximately two and a half hours". But anecdotal evidence suggests it was out of action for many users for about four hours - one of the longest downtimes ever suffered by Google.

Feb 2009: Fans of Google's email system have been the target of a phishing campaign spreading via the Google Talk chat system.

March 2009: Over a million users of the Spotify music service are being warned that they may have to change their passwords after it was announced that information about members could have been stolen by hackers.

Sep 2009: A recent bug in Google Apps allowed students at several colleges to read each other's email messages and some were even able to see another student's entire inbox.

Look before you leap!

, , , , , , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog