google top100 Googles Vulnerability Reward Program: Making Friends with HackersOne of the more common criticisms being levied at the cloud industry is the security risks inherent in the model. And the reason why it’s still fending off these criticisms up to this day is that it has some ground. In fact, even Google – which is one of the large companies and authorities that defend the cloud’s security – acknowledges that there will always be security risks as evidenced by their Vulnerability Reward Program, which was started last 2010 and continues to this day.

Google’s Vulnerability Program is basically a bug bounty program that encourages hackers to hunt down or search security vulnerabilities in their services, and pays them for any new vulnerabilities they find, which Google then fixes.

Some of the more serious problems that were caught by white hat hackers were the ability to get control of a Google server simply by playing with Google Calendar, or hacking into in order to gain admin access to all the hosted blogs. What’s more amazing is that the hackers who found the vulnerabilities did not use any sophisticated root kits or under-the-hood Unix scripts to find the vulnerabilities. All they needed to do was play around with the services.

The problems that were outlined above have since been fixed, but it is not unwarranted to think that there may be more vulnerabilities waiting to be discovered, especially since Google’s Vulnerability Reward Program is still going on.

The Silver Lining

One thing that users of cloud need to keep in mind is that the security issues with cloud services is basically the same security issues present in offline software, the only difference being that putting your files on the cloud puts the responsibility of ensuring security in the hands of the cloud service providers – they will have to handle encryption, backups, and patching of security holes instead of you. This means if you want to be secure in the cloud, you need to be wise in choosing which cloud company to sign up for, as you’re basically entrusting the security of your files, documents, and even business to them.

Google’s Vulnerability Reward Program proves that a company can be proactive with regard to security, and they have effectively earned the trust of users by showing that they can work with hackers – who would otherwise be their enemies – in ensuring that their services are secure and spot free.

  • Darrian

    Thanks for the
    article. We all need to be more proactive about our personal account
    security. To me Google is showing that
    they are concerned about security and that is why I prefer their services. I
    use Two-Factor Authentication across a lot of my accounts. I feel a lot more
    secure when I can telesign into my account. If you want to compete this is a
    prerequisite to any system that wants to promote itself as being secure.

Hottest IT Skills in 2013 – Cloud, Mobile and BI
In 2012, more than 1.7 million jobs in the field of cloud computing remained unoccupied, according to analysts firm IDC. READ MORE
How Cloud Computing Influences Digital Marketing
Cloud marketing has the ability to drastically change the ways in which they reach and engage their audience, particularly with regard to distributing and storing mission-critical data. READ MORE
Gartner: BYOD to Take Center Stage For Mobile App Use by 2017
More and more companies encourage their employees to work on their devices, thus reducing the cost of computer equipment, but also increase the cost to maintain licenses and safety. READ MORE
Maturity in the Cloud: Start Thinking Like a Grown-Up
Despite the inclination to wait until all of the cloud’s kinks have been worked out, holding off on cloud initiatives until the industry matures won’t guarantee success. READ MORE
PwC: Cloud, SaaS and Mobile Are Changing Software Industry
The software industry is undergoing major changes by trends such as cloud, SaaS, mobile technology and the “consumerization of IT”. READ MORE
10 Cloud Computing Game Changers
Here are the ten most influential cloud computing companies, and the reason why. READ MORE