Cloud Benefits IT Pros… And Hackers

Cloud computing offers businesses the opportunity to “outsource” responsibility for their IT systems, according to IDC, but security risks still abound, with some cyber-criminals claiming the cloud presents more hacking opportunities.

According to IDC, businesses can relieve themselves of some of the responsibility for IT equipment by moving to the cloud and allowing a third-party to run their systems. “The public cloud allows organisations to displace a problem and shift it into the cloud,” said David Bradshaw, European SaaS and cloud services research manager at technology market intelligence firm IDC.

This model would allow the organisation to focus on “orchestration” – finding the most effective ways to deploy the system – rather than wasting valuable time on building and maintaining it, according to Bradshaw.

Cloud growth

The comments follow research published by IDC last month, revealing that server hardware revenue for public cloud computing will grow from $582 million in 2009 to $718 million in 2014, as organisations seek to reduce the complexity of their IT environments by moving their systems off-site.

“Many IT decision makers are seriously considering cloud computing as a way to dramatically simplify their sprawling virtual and physical infrastructure,” said Katherine Broderick, research analyst at Enterprise Platforms and Datacenter Trends, at the time.

“However, there is still some lingering apprehension over issues like integration, availability, security, and costs. These concerns, and how they are addressed by IT vendors, will continue to guide the adoption of cloud computing over the next several years.”

Organisations could be right to be wary of cloud services, after a survey of 100 of the elite IT professionals attending the DEF CON 2010 Hacker conference in Las Vegas revealed that hackers view the cloud as having “a silver lining” for them.

Hacking opportunities

The poll, sponsored by software assurance specialist Fortify Software, found that many cloud vendors are not doing enough to address the security issues of their services, and this is driving hackers to exploit vulnerabilities.

“Eighty-nine percent of respondents said they believed this was the case and, when you analyse this overwhelming response in the light of the fact that 45 percent of hackers said they had already tried to exploit vulnerabilities in the cloud, you begin to see the scale of the problem,” said Barmak Meftah, chief products officer at Fortify.

“While ‘only’ 12 percent said they hacked cloud systems for financial gain, that still means a sizeable headache for any IT manager planning to migrate their IT resources into the cloud,” he added.

Software-as-a-Service (SaaS) cloud systems are viewed as being the most vulnerable by 21 percent or respondents, with 33 per cent of the hackers claiming to have discovered public DNS vulnerabilities. These were followed by log files (16 percent) and communication profiles (12 percent).

“More than anything, this research confirms our ongoing observations that cloud vendors – as well as the IT software industry as a whole – need to redouble their governance and security assurance strategies when developing solutions, whether cloud-based or not, as all IT systems will eventually have to support a cloud resource,” said Meftah.

eWEEK Readers say the cloud sucks

In a poll of eWEEK Europe readers earlier this month, 48.5 percent said cloud computing is not ready to be trusted yet. Responses included: “Hey, we spent all this money on networks and servers. You want we should junk it all?” and “It sucks”.

Despite this, however, the pro-cloud responses were strong, with a quarter of the respondents either using the cloud “in all cases possible” or “in major production systems”.