In a few years’ time, 2011 will likely be regarded as the year in which cloud computing truly went mainstream. Scalable online storage and computing services continue to evolve and improve rapidly with each passing month. From Microsoft Azure to Google Apps, the programs and platforms we all rely on are getting better and better. Regardless, online security remains a pressing concern for cloud service users and providers alike. The cloud in particular presents unique challenges as far as security is concerned. As we’ll see shortly, those challenges are forcing the major players in the industry to adopt some unorthodox tactics to solve those problems.
How Secure are Cloud Services?
Hundreds of millions of users access a slew of cloud services every day both for work and for leisure. Popular platforms like Dropbox and iTunes are an essential part of the lives of countless customers around the world. Most tend to assume that digital encryption is unbreakable and that their cloud security is nearly bulletproof, which is usually true under ideal circumstances. Cloud service companies have a lot to lose in the event of a major security breach, which is why they spend millions of dollars a year to prevent such an occurrence. Regardless, there are still plenty of dangers like SQL injection, cross-site scripting (XSS) and compromised certificate authorities that can throw a wrench in the gears.
Big Business Dons The White Hat
In the face of increasing threats to the integrity of their systems, many companies are going on the offensive. A growing trend in the corporate sphere is the hiring of so-called “white hat” hackers to perform penetration testing on their own networks to find security holes before malicious hackers can exploit them. One notable example is Boeing, which recruits hacker gurus from all walks of life to shore up their online defenses. Countless other firms in every industry have realized that in order to stop hackers, you need to hire people that think like them.
Questions and Concerns
Thanks to years of Hollywood conditioning in the form of movies like War Games and Hackers, the average person wrongly assumes that hacking is inherently malicious. The reality and morality of hacking is often less black and white, and white hat hackers who use their knowledge for good rather than evil are a definite advantage if they can be relied on. That’s not always the case, as the FBI found out when they employed world-famous hacker Albert Gonzalez to catch cybercriminals only to have him abuse his position to wreak mayhem. As a result, many continue to have reservations about using hackers for the purpose of hardening security in the cloud.
White Hat Hacking Done Right
Despite the negative connotations, the fact of the matter is that hackers are integral to the security of cloud platforms. Paradoxically, involving more people in the security process often leads to an even more resilient and intrusion-resistant network infrastructure. As Linux creator Linus Torvalds once famously said, “given enough eyeballs, all bugs are shallow.” Even cloud security testing itself has moved to the cloud, with companies like Soasta and Core Security using Amazon Web Services to perform penetration testing for their clients.
The Future of Cloud Computing Security
It’s inevitable that an increasing amount of our private and confidential data will migrate to cloud storage systems and computing platforms. At this point, Pandora’s box has been opened and there’s really no turning back. Abandoning the cloud is impractical for a number of reasons, not the least of which is pure and simple cloud economics. Ergo, white hat hackers such as those employed by Boeing and other firms will become increasingly important in the coming global security arms race within cyberspace. In the realm of cloud security, the only way to beat the hackers is to hire them.