Dark clouds gather over online security
The hacking of Google in China reveals an inconvenient truth about cloud computing
Computerworld - Google may have threatened to leave China in order to keep us all from concluding that "the cloud" can't be secured. But isn't that precisely what we should conclude based on the fact that Google chose to leave China?
Why didn't Google just fix the flaw and keep its mouth shut? If it thought it could protect its data and yours, wouldn't it have just done so?
In other words, the whole Google-in-China situation boils down to this: Google may have realized that it can't guarantee the security of its secrets — or yours.
It seems that all our data is moving to the cloud, especially for mobile computing users. Is it time to rethink cloud computing?
Threat: Insecure guardians of private data
What does Google know about you? Depending on which Google services you use, Google might know your exact location, what your e-mail says, what you buy online, what your schedule is, who you know, what your credit card numbers are, where you live, where all your friends and family live, what your interests are, what you read, what your voice mail messages say, who you talk to on the phone, the details of your health problems, your medical history and much more.
Google even offers a service called Google Email Uploader, which makes a copy of all your e-mail from Outlook or other desktop utilities and puts it into Google Apps, where it's backed-up and searchable. It also now offers a service whereby you can upload any file to Google Apps. Now even pre-cloud personal data is moving to the cloud.
Theoretically, all this personal information is safe. Although Google "knows" all of your information, no human would ever read it. Besides, do you trust Google with your information? That's a big question, but I would have to answer that by saying, "Yes, in fact, I do."
Unfortunately, if the China event tells us that the cloud can't be secured, it doesn't matter whether we trust Google or not. We would have to trust both hackers and anyone they might sell our private data to.
Review that list of what Google "knows" about you. Now imagine what others could do with that information: insurance companies, our government, "their" government, marketers, predatory financial services companies — not to mention blackmailers, identity thieves and extortionists.
Of course, hacking is nothing new. A recent survey by the Center for Strategic and International Studies found that more than half of IT executives report "high level" attacks on their companies. The difference with cloud computing is that a cloud service like Google's could offer one-stop shopping for hackers. If they hack one company, they have one company. But if that company is Google, they have everybody.
And it gets worse.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Cybersecurity for Dummies eBook This book provides an in-depth examination of real-world attacks and APTs, the shortcomings of legacy security solutions, the capabilities of next-generation firewalls, and...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different.... All Cybercrime and Hacking White Papers | Webcasts