The Cloud’s Trustworthiness (or Lack Thereof)

by Chiara W
The number of people who entrust critical data to cloud services grows every day. For instance, it is estimated that 20% of businesses will entirely outsource their server needs by the end of 2012. In this article, Cachin and Schunter illustrate some ways in which cloud computing providers’ security measures have fallen short, leading to data breaches affecting millions of consumers. An April 2011 study of 127 cloud providers in Europe and the U.S. revealed that most “do not consider computing security as one of their most important responsibilities” and feel it is “their customer’s responsibility to secure the cloud” (p. 31). One major threat to data security stems from the fact that multiple customers’ virtual machine images (VMIs) are housed on a single server, which makes it possible for one customer to access another customer’s cached data. Another widespread practice, de-duplication of data across user accounts, can also be exploited by savvy hackers. Some cloud services offer security features as optional add-ons (for a price), but robust security measures have yet to become commonplace.

One thing that struck me about this article is the alarming nonchalance of many cloud providers towards their customers’ privacy. Insisting that customers are responsible for the security of their cloud-stored data is akin to a bank telling a customer that she must hire a private security guard to stand watch over her savings account. Just as most bank customers cannot afford to employ round-the-clock bodyguards, most users of cloud services (e.g., Dropbox and SkyDrive) lack the technical know-how to implement additional security measures on their cloud-stored data.

It is appropriate that we were assigned the topic of cloud computing at the start of our web development course. Cloud services are an area of rapid growth in online commerce. Because of this, cloud security is an issue none of us can afford to ignore. Even those who (like my 94-year-old great-aunt) eschew internet use can be affected by data leaks at banks or government agencies. As more and more data moves into the cloud, more and more of our personal information is at the mercy of a handful of companies’ security policies. The ramifications of this dependence are still unfolding, but it seems safe to say that the future of our privacy rights is closely tied to the decisions these companies make.

Cachin, C., & Schunter, M. (2011, December). A cloud you can trust. Spectrum, IEEE, 48(12), 28-51. Retrieved from http://0-ieeexplore.ieee.org.opac.library.csupomona.edu/Xplore/home.jsp?tag=1