“Fear” is the Rule, Acceptance may be Hard!
Security conferences round the world do not hesitate to undermine the confidence of cloud users. Of course, they claim that they are cautioning them; warning them against the pitfalls ahead and ensuring that they remain alert. The RSA conference held in San Francisco in February 2012 presented the unified face of cloud paranoia. Expert users and expert hackers mingled together to share the opinion that the worst is yet to come.
Let us isolate and study some of the prominent fear inducers of cloud computing:
- Personal data leaks are imminent.
- Government regulations will kill the cloud.
- Cyber wars are on.
- Encryptions can be trusted no more!
- Mobile devices offer backdoor entries.
- Hacktivism is on the rise.
While the fear is very real, it is not always logical. It tends to negate achievements and focus on the negatives. For every example of a data breach or cyber war or Phishing, there are thousands of examples of systems that have never suffered a breach or gone under with a Government Regulation. Encryptions have been robust and have remained un-assailed till date. A little care can always keep the hacker at bay.
However, a positive approach to the list of fears would acknowledge them and use the very fear to drive the solution. Interestingly, the fear is fueling innovation and cloud developers are building cloud systems that will meet the challenge of the doomsayers head on. There is a concerted effort to identify security concerns and construct unassailable security systems that will withstand the most virulent cyber war or the most active hacktivism!
Cloud developers insist that security systems must include “security in the cloud” and “security of the cloud”. Security in the cloud would reference security of individual data repositories and security of the cloud would comprise of security of the cloud system itself. Security in the cloud solutions comprise of tools that restrict access to sensitive data, encrypt information with robust third party certified unassailable cryptographic algorithms or insist on public key infrastructures and standardized APIs for reinforcing data security. “Security of the cloud” solutions embrace disaster recovery protocols, cloud security audits; privacy impact audits and system performance audits.
Remember, if we had been cowed down by the sinking of the Titanic, we would never have built any ships!