By now you’ve very likely heard of the horrible experience of Mat Honan, the reporter who had his entire digital life wiped out by hackers over the weekend. I’m sure it reinforced the worldview of every cloud naysayer on the planet, and they are gathering somewhere and having a grand “I-told-you-so” party — but even the most radical anti-cloud adherent would have to admit deep down that this was an extreme case.
I’m not here to defend Apple and Amazon and their monumental screw-ups that allowed this to happen, but neither am I about to write off cloud computing because of this incident. While an incident of this sort has to make any sane person pause, I think we have to be careful about suggesting it proves once and for all that cloud computing is inherently a bad idea.
In fact, it might not be a cloud security issue, per se, at all. Rodney Brown, writing on the Cloud Ecosystem blog nailed it when he wrote, “This isn’t a cloud security issue. It is an IT security issue — and one as old as hacking itself.” His point was this wasn’t a hack in the pure sense of the word where the hacker found some sort of back door into the cloud service and wreaked havoc.
On the contrary, the hacker found a way to waltz into Honan’s computing life through the front door by figuring out a way to get the information he needed to access the system. It’s a problem that IT faces every single day when a clever phishing email can give a hacker the keys to your network without having to do any heavy lifting.
If you are an IT pro, and you’re sitting there smirking because the cloud just got its just desserts, I wouldn’t be so quick to gloat because as I’ve always maintained, the cloud operates in a data center just like yours, and in the end it’s no different than yours. In fact, it’s just as vulnerable as your system was to the type of social engineering scam the hacker pulled to get Honan’s data.
This incident was scary and horrible and it clearly illustrated just how easy it can be to get enough information to get inside somebody’s systems, and I’m not trying to minimize that. Last weekend it was Matt Honan who got unlucky, but just because you’re locked behind the safety of your firewall, don’t delude yourself into thinking you’re safe. The same kind of scam that worked for Honan’s hackers could work to get inside your systems too. And you’re fooling yourself if you don’t believe it.