Tuesday, April 20, 2010

Google Password Breach: Reason Anew To Doubt Security in the Cloud?

I've said it before:

Professionals who rely on the "Cloud" for the storage of confidential data do so at their own - and their clients' - very serious peril.

The latest on a January 2010 security breach at Google demonstrates yet again just how fragile the Cloud's security firewall may be, particularly when confronted by increasingly sophisticated international espionage and crime.

For the uninitiated, Wikipedia describes Cloud computing as:
Internet-based computing, whereby shared resources, software and information are provided to computers and other devices on-demand, like a public utility... Typical cloud computing providers deliver common business applications online which are accessed from another web service or software like a web browser, while the software and data are stored on servers.
New York Times reports today on the Google hack that occured earlier this year:

Ever since Google disclosed in January that Internet intruders had stolen information from its computers, the exact nature and extent of the theft has been a closely guarded company secret. But a person with direct knowledge of the investigation now says that the losses included one of Google’s crown jewels, a password system that controls access by millions of users worldwide to almost all of the company’s Web services, including e-mail and business applications.

...The intruders do not appear to have stolen passwords of Gmail users, and the company quickly started making significant changes to the security of its networks after the intrusions. But the theft leaves open the possibility, however faint, that the intruders may find weaknesses that Google might not even be aware of, independent computer experts said.

...The new details seem likely to increase the debate about the security and privacy of vast computing systems such as Google’s that now centralize the personal information of millions of individuals and businesses. Because vast amounts of digital information are stored in one place, popularly referred to as “cloud” computing, a single breach can lead to disastrous losses
...The details surrounding the theft of the software have been a closely guarded secret by the company. Google first publicly disclosed the theft in a Jan. 12 posting on the company’s Web site, which stated that the company was changing its policy toward China in the wake of the theft of unidentified “intellectual property” and the apparent compromise of the e-mail accounts of two human rights advocates in China.

I know that there are many credible, highly regarded consultants who urge lawyers and other professionals in the direction of the Cloud, often without hesitation. Many tout the Cloud as the inevitable womb and backbone of all our future digital undertakings.

There is much in the Cloud to be impress, but once again, when it comes to privileged or sensitive professional data, I say not so fast....

It is simply not an adequately secure environment.

We long ago resigned ourselves to the reality that Microsoft is no match for even modestly talented amateur hackers, but if Google can't stop these serious intrusions, I am not sure who can.

- Garry J. Wise, Toronto

Visit our Toronto Law Firm website: www.wiselaw.net



Post a Comment