Source: [id: 41448; name: CIO; isActive: true; siteId: 3] -- CIO -- $content.altguid

A Cloud Debate: Zittrain Counters Criticism on Security, Privacy Concerns

Zittrain says his New York Times opinion piece isn't anti-cloud, but that security and privacy concerns shouldn't be swept aside.

By Jonathan Zittrain, CIO.com

August 03, 2009CIO — Consultant Bernard Golden has some intense reactions to my recent piece in the New York Times on cloud computing. In it I shared some basic worries-and one advanced worry-to be dealt with. I'll boil them down a little further here.

The basics: privacy, security, and data portability. When your data is in someone else's hands, it's given less protection under the law than if it were on your hard drive. E-mail in Outlook is given more protection from government surveillance than e-mail at Gmail. That's an unfair tilt in the playing field against cloud enterprises, and the law ought to be fixed.

Remotely stored data can have less protection in practice, too, since client-server communications aren't always encrypted. We know how to fix that, too: companies that offer remote services ought to have secure communications built in, and many already do. This can be particularly helpful when a service's customers are located in places governed by authoritarian regimes. Why make it easy for the Iranian government to spy on its people? And user error can be magnified when everything's online: compromise a password and the bad guys get into all your stuff. Your PC can be prone to malware-I have a chapter devoted to that issue in the book-but spilling your one-for-all password much more readily compromises your online data than your PC data. Absent malware, hackers need physical access to your machine to use your password against you. But even without hacking the Yahoo! server they can be anywhere in the world and still get your Yahoo! mail if they've got the password.

[For timely cloud computing news and expert analysis, see CIO.com's Cloud Computing Drilldown section.]

Finally, data portability: your data can be difficult to extract from some of the most popular online platforms, making it difficult to cast a vote with your feet and move to a new provider if you're not satisfied. This is especially true for social networking sites like Facebook.

Mr. Golden's reply on privacy is agreement: he thinks it will be "the cloud issue in the future."

On security he thinks it's your fault for losing your password, so don't blame the cloud. That's like saying it's your fault for sliding off the road in rainy weather-don't also blame a car manufacturer who, say, not only neglected to put in seat belts, but also placed an ornamental spike on the steering wheel. We can agree that people should have better password practices, but we know so many won't. That's why it's important to better secure data in the cloud. Passwords are convenient, but for anything truly sensitive we can do better-as banks are slowly starting to discover as they react to so many successful phishing attacks against their customers.

RESOURCE CENTER