Analysis: Sony woes may cause some to rethink cloud computing

BOSTON/NEW YORK Fri May 6, 2011 2:46pm EDT

Dark clouds pass over downtown Miami, Florida August 15, 2010. REUTERS/Carlos Barria

Dark clouds pass over downtown Miami, Florida August 15, 2010.

Credit: Reuters/Carlos Barria

Related Topics

BOSTON/NEW YORK (Reuters) - The Sony data breach that compromised the personal data of more than 100 million customers of the Japanese electronics conglomerate may claim yet another victim -- the cloud computing industry.

Some businesses are rethinking plans to move to cloud-based computer systems located at remote data centers that can be accessed over the web.

Shares of companies that specialize in cloud computing have been some of top-performing stocks over the past year. But the attack on Sony, as well as a massive outage at Amazon.com Inc's cloud computing center, have caused some businesses to put the brakes on plans to move their operations into the cloud.

"Nobody is secure. Sony is just the tip of this thing," said Eric Johnson, a professor at Dartmouth University who advises large corporations on computer technology strategies.

Since news of the Sony breach broke on April 26, shares of companies involved in cloud computing have underperformed the broader market.

Salesforce.com Inc, a maker of web-delivered software, has dropped 3 percent. VMware Inc, which sells software for building clouds, has declined 2 percent. The Standard & Poor's 500 Index has climbed 3.3 percent.

Experts in digital security say that investors, businesses and consumers have put too much faith in the cloud.

"You don't want to have this trust in the magic of the cloud. It's not that simple," said Mike Logan, president of Axis Technology, a data security company. "It's like Facebook. If you put all this sensitive information there, guess what? People are going to see it."

Cloud computing companies have done a good job convincing customers that their data is safe, even though that may not be the case, said Gartner cloud security analyst Jay Heiser.

"If you're doing anything that is critical to your business, you need contingency plans," Heiser said. "The marketing messages of some cloud computing companies have urged people to gloss over this need for contingency plans."

Consumers trust the cloud to handle services ranging from email to credit reports and filing taxes, usually without first investigating the security of those systems.

"Even services that you think may be secure, such as filing your taxes online, could be compromised," said Murray Jennex, information systems professor at San Diego State University.

Consumers expect a company as large as Sony to protect its data adequately, said Jeff Fox, electronics editor for Consumer Reports Magazine.

"You would have thought a big time reputable company like Sony would be running up-to-date, patched software with an appropriate firewall," he said. "If Sony didn't do this, which other big, reputable companies aren't doing this?"

NEW STANDARDS

Because cloud services are so new, there are few standards or best practices for how to store and protect data.

"There's nothing from the government or regulatory industry that says anything about how to run a shop," said Dan Zeiler, director of security and compliance for American Internet Services.

For now, companies generally have little protection against outages and security breaches, said Cynthia Larose, privacy attorney at Mintz Levin.

She expects that to change in the wake of the Sony breach and the Amazon.com's outage, which destroyed the data of a handful of its customers.

Larose added that companies in industries such as healthcare and financial services as well as businesses that own a lot of intellectual property are seeking special insurance plans that protect against cyber thefts.

"There's a pretty broad sweep of companies going out and trying to get these cloud services covered," she said.

Some cloud providers are already seeing their clients trying to negotiate new contracts that put financial penalties on cloud providers for service disruptions or security problems, said Ford Winslow, chief information officer of Abnology, a company that provides cloud services.

He said the first round of contracts for early adopters are coming to an end after three-year deals and companies are seeking better performance and terms for disasters.

(Editing by Steve Orlofsky)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (6)
poyntek wrote:
Cloud computing is the future. Also, as more cloud based operating systems become available, integrating cloud based apps, it will drive more to cloud computing. If you want to see a glimpse of the future, look at this open source cloud based OS…

http://www.tech-adventures.com/2011/02/jolicloud-portable-html5-desktop-web-of.html

May 06, 2011 7:05pm EDT  --  Report as abuse
Whilst these cloud outages make good headlines, the fact is that cloud computing is the future- and the future is here today. These (albeit pretty serious) outages and breaches are teething problems as the cloud computing journey continues.

There have been plenty of security breaches and outages in the past on the Internet, not necessarily dubbed as a ‘cloud’ problem. A large proportion of security breaches on the Internet in the past have gone unreported because organisations fear loss of face and customers.

It appears that the recent Amazon outage was related to data mirroring/backup and network capacity issues. The Sony incident was clearly security related.

I can understand that putting your eggs in one basket as it were can be seen as a security risk. But these security challenges associated with the scale of cloud computing are being addressed- e.g. Microsoft’s stringent security standards for a range of industries and worldwide data geo-redundancy. Microsoft’s Office 365 meets ISO 27001, SAS 70, HIPPA, FIRPA & EU Safe Harbor certifications and provides financially backed SLAs for service availability (at 99.9%).

Security is in fact a selling point for Microsoft’s cloud offerings. Currently, the US government is adopting the cloud http://rcpmag.com/articles/2011/04/22/microsoft-bpos-for-gov-gets-fisma-clearance.aspx

Philip Murphy- Cloud Strategist @ Virtualize This, a cloud integrator.

Follow Virtualize This on Twitter @virtualizethis1

May 06, 2011 9:19pm EDT  --  Report as abuse
Jeepgirl wrote:
I will pass on the cloud computing and storage of anything I deem private or confidential. There are too many variables that can stop one from accessing their data. Even President Obama wants the ability to shut down the internet. Earthquakes, floods, natural disasters, terrorism, etc. can take all of that precious data. Cloud computing gives others too much control on if you can get your data and the possiblity of losing important design and financial data. This is one of those “proceed at your own risk” things that I do not care to participate in.

May 06, 2011 12:26am EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.