One of the more common criticisms being levied at the cloud industry is the security risks inherent in the model. And the reason why it’s still fending off these criticisms up to this day is that it has some ground. In fact, even Google – which is one of the large companies and authorities that defend the cloud’s security – acknowledges that there will always be security risks as evidenced by their Vulnerability Reward Program, which was started last 2010 and continues to this day.
Google’s Vulnerability Program is basically a bug bounty program that encourages hackers to hunt down or search security vulnerabilities in their services, and pays them for any new vulnerabilities they find, which Google then fixes.
Some of the more serious problems that were caught by white hat hackers were the ability to get control of a Google server simply by playing with Google Calendar, or hacking into Blogger.com in order to gain admin access to all the hosted blogs. What’s more amazing is that the hackers who found the vulnerabilities did not use any sophisticated root kits or under-the-hood Unix scripts to find the vulnerabilities. All they needed to do was play around with the services.
The problems that were outlined above have since been fixed, but it is not unwarranted to think that there may be more vulnerabilities waiting to be discovered, especially since Google’s Vulnerability Reward Program is still going on.
The Silver Lining
One thing that users of cloud need to keep in mind is that the security issues with cloud services is basically the same security issues present in offline software, the only difference being that putting your files on the cloud puts the responsibility of ensuring security in the hands of the cloud service providers – they will have to handle encryption, backups, and patching of security holes instead of you. This means if you want to be secure in the cloud, you need to be wise in choosing which cloud company to sign up for, as you’re basically entrusting the security of your files, documents, and even business to them.
Google’s Vulnerability Reward Program proves that a company can be proactive with regard to security, and they have effectively earned the trust of users by showing that they can work with hackers – who would otherwise be their enemies – in ensuring that their services are secure and spot free.
If you enjoyed this article, please consider sharing it!
-
Darrian
Free White Paper
Forrester Whitepaper: IT Operations Managers Must Rethink Their Approach to Private Cloud
Organizations of all types are attracted by the promises of private cloud computing, but few actually have the virtual maturity to be successful. This Forrester report reveals the latest virtualization trends so you can see how far your peers are in their journey to the private cloud. Read on and discover best practices for improving virtualization in order to prepare for the cloud.Free White Paper
Build a Cloud Within A Day
Creating the right cloud delivery strategy is critical to reducing your organization’s risks and building its future. Many IT organizations want to start small, to build a pilot or proof of concept for the cloud, and expand from there. They want to start understanding how a private cloud can make their organization more flexible and agile. As they expand, they can add self-service capabilities that make it simple for IT users to request new virtual environments.
Free White Paper
Forrester Whitepaper: IT Operations Managers Must Rethink Their Approach to Private Cloud
Organizations of all types are attracted by the promises of private cloud computing, but few actually have the virtual maturity to be successful. This Forrester report reveals the latest virtualization trends so you can see how far your peers are in their journey to the private cloud. Read on and discover best practices for improving virtualization in order to prepare for the cloud.Free White Paper
Build a Cloud Within A Day
Creating the right cloud delivery strategy is critical to reducing your organization’s risks and building its future. Many IT organizations want to start small, to build a pilot or proof of concept for the cloud, and expand from there. They want to start understanding how a private cloud can make their organization more flexible and agile. As they expand, they can add self-service capabilities that make it simple for IT users to request new virtual environments.
