What’s hiding in the Cloud?

Around 2 years ago, Richard Stallman called cloud computing a trap and said it was worse than stupidity.  For those of you who do not know Richard Stallman, he’s the founder of the GNU project and the pioneer of the GNU Public License, an unrivalled genius in the programming world and a holder of 8 honorary doctorates!

Now with the recent high profile attacks online, most notably the one on Sony, should we reconsider his statements? We (me included) trusted Sony with our vital information only to have it stolen by some very sophisticated hacker(s). To make matters worse, Amazon’s cloud based web servers were used in the Sony hack. Not only did the black hat hackers steal our information from Sony’s cloud, they used Amazon’s cloud to perform it!

By moving to the cloud, are we not providing black hat hackers a single point of attack to harvest enormous amounts of information? When giant corporations like Sony cannot effectively secure their servers,  who exactly should we trust with our vital data? Groups like Anonymous,  while not necessarily behind the attacks on Sony, have demonstrated their depth and talent and they seem to be outwitting the security experts. One only has to read their exploit of HBGary to know that they’re not just a bunch of script kiddies.

While cloud computing does have some undeniable advantages, those deciding to migrate there should carefully consider, then reconsider the cost of having their data compromised. Is it worth the cost? Who is liable should the data get compromised?

On a side, yet somewhat related note, spear phishing is on the rise and we are all susceptible to it. Once phished successfully, how secure will your data be, especially if it’s not on your own hard drive? Facebook, LinkedIn and other social networking sites typically have enough information stored on them to profile quite a few CEOs, etc. for some detailed phishing attacks.  Does your company have a social networking account?  Are you worried that you could become the target of a spear phishing campaign with all that information stored in a location that’s not under your control?