Is Google hack an attack on cloud computing?

Google hack proves the cloud is more secure than traditional desktop software...

Google and proponents of cloud computing were quick to say that this week's Google hack should not raise questions about the inherent security of the cloud, but the incident is fueling debate about the safety of storing data in facilities accessed over the Internet.

Google said "this was not an assault on cloud computing." Meanwhile, the founder of cloud vendor Elastic Vapor, Reuven Cohen, asserted that "the Google Hack proves the cloud is more secure than traditional desktop software, not less," apparently because systems were "compromised through phishing scams or malware, not through holes in Google's computing infrastructure."

Others disputed this idea, such as Search Engine Land editor Danny Sullivan, who wondered if the security breach "will develop into a major reversal for the growth of cloud computing."

Pund-IT analyst Charles King cautioned that we still don't know all the details of the breach, but said it should raise concerns about the security of cloud computing services. All IT systems, whether in the cloud or not, have some inherent flaws, but "any time a data center is open to the public Internet, there is the opportunity that it can be hacked in a number of ways," he says.

"Every system has some inherent flaw or weakness. People do break into supposedly impregnable bank vaults, tunnel through walls," King says. "No house is burglar proof and the same can be said of data centers. The bottom line here for me is some of the people who have been promoting cloud as … the future of IT have really been overstating the case. I think we will continue to see events like Google and the T-Mobile Sidekick failure over time."

Google on Tuesday said that in mid-December it faced "a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google." Attackers were apparently attempting to access the Gmail accounts of Chinese human rights activists, and also launched attacks against more than 30 other companies.

Later in the week, it was reported that a flaw in Internet Explorer had been exploited to hack into Google's corporate networks, and Microsoft said it is working on a patch.

On Twitter and in blog postings, industry observers debated whether the attack is proof of security problems specific to cloud computing, a phrase that generally refers to computing resources made publicly available through the Internet.

"This was not an assault on cloud computing," Google asserted in its official blog. "It was an attack on the technology infrastructure of major corporations in sectors as diverse as finance, technology, media, and chemical. The route the attackers used was malicious software used to infect personal computers. Any computer connected to the Internet can fall victim to such attacks. While some intellectual property on our corporate network was compromised, we believe our customer cloud-based data remains secure."

Google's main business is delivering advertising-supported Web search results, of course, but the company has also become a custodian of enterprise data because of services such as Google Apps, a Web-hosted alternative to Microsoft Exchange.

It is thus important for Google to convince businesses that storing data in Google facilities is safe, despite the events of last month.

Sullivan, in his blog post, noted that he has been moving more and more data into Google services but is rethinking that strategy in the wake of Google's security troubles. He criticized Google's insistence that the attack was not an assault on cloud computing.

"It was very much an attack on cloud computing, as Google's main blog post made clear," Sullivan wrote. "Hackers went after Gmail accounts, not just through malware-infected computers but directly by targeting Google, that post told us. Gmail — your e-mail, stored in the cloud. That's an attack on cloud computing."

Cohen disagreed in his own blog post, saying the attack doesn't reveal any deficiency in cloud security because hackers used social engineering techniques to gain access to private systems.

"What this hack really proves is that people are easier to hack then networks," Cohen writes. "The weakest links are the people who are stupid enough to open an attachment they don't recognize, even if it appeared to be from someone they trusted. That's the beauty of social engineering based hacks. The e-mail appears to be from your mother, father, friend or colleague. The lesson we must learn is one of education, don't open attachments you don't recognize."

Regardless of how the attack was executed, it did happen and consumers of cloud-based services should remember that there are risks when storing data with a third party, King says.

"Just because you're using a cloud service doesn't obviate the need for backing up data to a local hard drive," King says. "Like anything else the online data repositories are not infallible, and it's critical for consumers and businesses to protect their data and protect themselves in multiple ways."

Follow Jon Brodkin on Twitter:

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags CloudsecurityGoogleChinasearch

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jon Brodkin

Network World
Show Comments



Victorinox Werks Professional Executive 17 Laptop Case

Learn more >



Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?