Hacker attacks threaten to dampen cloud computing's prospects

TAIPEI Fri Jun 3, 2011 5:42am EDT

Google Inc's logo is seen at an office in Seoul in this May 3, 2011 file photograph. REUTERS/Truth Leem/Files

Google Inc's logo is seen at an office in Seoul in this May 3, 2011 file photograph.

Credit: Reuters/Truth Leem/Files

Related Topics

TAIPEI (Reuters) - The recent high-profile hacking of Google's Gmail service and Sony's Playstation gaming network is threatening to slow the take-off of the next big thing in the computing space - the cloud.

Computer companies will need to collaborate to work on addressing security issues to boost confidence in cloud computing, where data and software is stored on servers and accessed via the Internet, especially in the corporate space where the potential market size is much larger than the retail space.

"Many enterprises have reservations about the security of cloud computing because of the multi-tenant architecture and the fact that cloud providers are 'big targets'," said Steve Hodgkinson, IT research director at UK-based research firm Ovum.

"The reality, however, is that the leading cloud providers have a very strong incentive to invest in the latest security technologies and processes -- and will arguably be more secure than most enterprises themselves."

Security is a hot issue in the computing world. Hackers broke into Sony's networks and accessed the information of more than 1 million customers, the latest of several security breaches.

The breaches were the latest attacks on high-profile firms, including defense contractor Lockheed Martin and Google, which pointed the blame at China.

Concerns over security could slow the growth of the market for cloud computing, which is expected to reach $3.2 billion this year in Asia alone from $1.87 billion last year, while the global market could reach $55 billion in 2014, according to estimates by technology research firm IDC.


Analysts and industry experts believe hardware-based security provides a higher level of protection than software with encryption added to data in the servers. Chipmakers are working to build more authentication into the silicon.

"We have to do a combination of mitigating things like building more and more security in the infrastructure," said Boyd Davis, a vice president at chipmaker Intel Corp, speaking at the Computex computer show in Taipei this week.

Intel has been working since the end of last year with software and computer vendors including Fujitsu, Huawei, Cisco, Dell, IBM and Hewlett Packard on a cross-industry initiative aimed at making cloud infrastructure more simplified, secure and efficient.

But one of the problems cloud faces is that it is a fragmented market where many vendors provide different security solutions based on their own standards.

Intel's rival ARM and Advanced Micro Devices are also in the process of embedding higher security in their chips and processors, but working with different partners.

If there was an open standard to follow, it would help the industry to build a much secure cloud system, according to AMD.

"Because if you don't have an open standard, you might do security in a certain way and I might do something that's not compatible, and the applications can't talk to each other," said Manju Hegde, AMD's corporate vice president.

He noted that Apple, set to unveil next week a cloud-based service called iCloud, has its own security because it is a vertical company, but the rest the industry should have an open standard.

Intel's Davis agreed that the lack of an open standard and interoperability are limits to the cloud, but added that the industry would have to strike a balance in an open standard with security or else it would make hackers' work easier.

"Because the definition of secure is tightly held. That's one of the dilemmas we'll face. We'd like to provide more capability to control the workload running on our processors, but the more we do that the more we invite malicious codes in."

(Editing by Jonathan Standing and Muralikumar Anantharaman)

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (4)
LucianoPad wrote:
Nothing is wrong with cloud computing. In both cases it’s Internet activists, like PS3 Hackers that look for social weakness not technical. It’s like fishing, you have to use the right hook, lure and lots of patients hoping fish will act like a fish. In all attacks, the attackers gain access through compromising ports. Waiting for vulnerable person or system that is administer to be untidy. I don’t think its proper to get in the technical aspects of arguing the level of trust systems need to keep to maintain a tidy operation (its a technical jargon for best practice methodology) but I want to state one principle that fails us in that we are creating to many information systems that are OPEN Source. We have to drawing a line somewhere and build systems that are proprietary.

Jun 03, 2011 2:03pm EDT  --  Report as abuse
FarmerBob wrote:
Duh! One would have thought this was have been one of the first “red flags” a long time ago. That’s why Apple’s $1B investment in a data center seems somewhat fool hearty.

I give it less than a week before it’s hacked, crashed or hijacked. Maybe even less. Steve may have blown this decision.

Jun 03, 2011 9:09pm EDT  --  Report as abuse
RichardWatson wrote:
This article is misleading. Gmail wasn’t ‘hacked’. Rather, users were phished, which is exactly the same type of attack that is used against your online banking service.

No hysterical “Cloud Banks Hacked!!!!!” articles are likely to emerge despite many bank accounts being attacked in this way, so please help reduce the confusion instead of increasing it. You’re not helping your readers.

Jun 04, 2011 3:07am EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.