For many companies, cloud computing sounds like risky business. They worry that storing customer details or running critical software on the servers of cloud providers such as Amazon or Google could make their data more vulnerable to being hacked, exposed, or lost. A lot of data in the cloud resides on shared servers—think public data dormitories—where only virtual walls might separate one company’s bits from those of its competitors.
Yet such fears are misplaced, says Jeremiah Grossman, founder of WhiteHat Security, which advises companies such as credit rater Fair Isaac and prescription giant CVS Caremark on their Web security. Grossman, a former information security officer for Yahoo, offered some advice about the cloud in an interview with Technology Review’s deputy editor, Brian Bergstein.
TR: Why do you think there are security advantages in going to the cloud?
Grossman: The average enterprise, whether you’re talking small, medium, or the largest of the large—they’re in their respective businesses. A bank isn’t in the business of technology. A retailer isn’t in the business of managing IT infrastructure. A service provider like an Amazon, they have very particular skills [at] making really secure infrastructures. What you get from a cloud provider is economies of scale—and somebody else to manage the problem.
This is the most ingenious hacker attack on the cloud that I’ve heard of: someone hires a cloud provider to run a Web application on a shared server and then “bursts the cloud” to infect other users of the same machine. Is this merely a theoretical attack, or has it been done?
It’s theoretical in the sense that we’ve never heard of it being done in the wild. We have seen different types of attacks in which it’s possible to break out of the virtualized containers [in which each cloud client’s data resides]. They’re quickly patched, but it is entirely possible. It is probably not a likely attack, because there are vectors that are way easier to do. But you should assume that the separation between clients is going to break down. You’re going to want to be resilient under those scenarios, [in part by setting rules about encrypting data and] who can get access to it.
Then what’s your worst-case scenario for organizations that shift to the cloud?
From a business standpoint, if you’re running the system yourself, you have a notion of resiliency, meaning—in the event of a catastrophe, whether a natural disaster or a business bankruptcy—you kind of have control of the infrastructure. You don’t have a lot of control when it comes to the cloud providers should they go out of business, should they be acquired by your nearest competitor. All of a sudden your cloud provider, which your business depends on, evaporates and goes away. What’s your contingency plan? That’s a major consideration.
Some CIOs are likely to run aspects of their websites in the cloud but retain control of some key applications. Is there a security issue raised in the handoff between a cloud service and someone’s on-premises systems?
That’s actually how it’s going to be for the vast majority of businesses out there: “I’m going to host my own website, but all my payments are going to run through a third party.” There’s a lot of benefit to doing that, but there’s also complexity to the situation. Complexity tends to be the enemy of security. The more complex you make your data flow—the more complex you make the systems and all the interconnects—the more difficult it is to manage it, understand it, and mitigate all the threats.