[xtypo_dropcap]W[/xtypo_dropcap]ith the industry migrating to the “cloud” at a rapid pace, developers and web-based companies may not have the resources needed to properly audit security while keeping up with customers’ demands for product. This combination of circumstances could possibly lead to a variety of problems.
The Brookings Institution hosted a forum on “the privacy and security challenges raised by cloud computing” on Oct. 26. Also, in early October, Voice of America held a panel addressing freedom vs. security on the Internet.
Whereas “cloud” is really just a fancy way of saying “over the Internet,” most of the time, a software vendor or website that claims “cloud” is really saying “programs or apps over the Internet.”
For example, websites now actually run small programs in your Web browser, instead of the old-fashioned Hyper Text Markup Language (HTML) pages, which behaved more like documents in a word processor. This environment where websites run apps and programs in a Web browser is also known as Web 2.0.
Web 2.0 makes it very easy for malicious programmers to slip malware in between the “cracks” of these running apps. The new style of viruses tricks users into spreading the viruses themselves. This is seen often in social networking sites, such as Facebook and Myspace, where users are asked to post or forward or by any other way perpetuate the infectious code to their own friends.
This is explained in detail at the NSA’s website in a document titled “Social Networking.” The document explains how social media sites “encourage users to share information and inherently trust the information from those they are connected to within the SNS (social networking sites).”
Historically, this makes sense. Ten to fifteen years ago, many of the websites designed for training “hackers” would have sections that focused on calling companies by phone. If one could call up a company, talk their way into speaking to the IT department, and successfully draw information out of the IT professional, that would be considered a “successful hack.”
These sites are now becoming the most used sites in the world, along with search engines and e-mail providers. A quick look at netcraft.com will show that in the top 50 most visited websites in the world are many of the well-known social media sites.
Aside from social media, many of us put our trust in “cloud” services as well. Be it e-mail providers, data storage, or virtual server hosting, many users agree to the terms of use without reading them, and assume they are going to protect us.
Amazon, for example, says that if you agree to their terms, you agree to let the state of Washington govern your conditions of use while using their services. In their privacy notice, they say that they share their customers’ information with affiliated businesses they do not control. These are only two examples from one company’s documentation, and Amazon is not singled out here.
Other online services have similar agreements. Google is bound by California’s state laws, as explained in their terms of service, and Yahoo’s privacy policy explains how they share information with “trusted partners.”
Most companies really have no choice but to be this way; they are bound by state laws and various contracts. The question is, can they really promise to keep our data safe?
The only way to truly ensure that you data can never be compromised is to never put it on the Internet. But today that is not realistic. Many of us have to use the Internet. So, we need to be educated on how to improve our security and privacy. Consumers either educate themselves, or different entities make efforts to educate the consumers.
This is where forums, panels, discussion groups, and think tanks become valuable. They decide which issues are the most serious, and then try to bring them to the public.
As the modern world becomes more modern, the industries move at progressively faster paces. And as the Internet becomes one with the “cloud” and continues to upgrade to the new Web 2.0 structure of website building, security has not yet had a chance to keep up. So in an “age of information,” our best protection at this point seems to be information—for the user.
The Brookings Institution hosted a forum on “the privacy and security challenges raised by cloud computing” on Oct. 26. Also, in early October, Voice of America held a panel addressing freedom vs. security on the Internet.
Whereas “cloud” is really just a fancy way of saying “over the Internet,” most of the time, a software vendor or website that claims “cloud” is really saying “programs or apps over the Internet.”
For example, websites now actually run small programs in your Web browser, instead of the old-fashioned Hyper Text Markup Language (HTML) pages, which behaved more like documents in a word processor. This environment where websites run apps and programs in a Web browser is also known as Web 2.0.
Web 2.0 makes it very easy for malicious programmers to slip malware in between the “cracks” of these running apps. The new style of viruses tricks users into spreading the viruses themselves. This is seen often in social networking sites, such as Facebook and Myspace, where users are asked to post or forward or by any other way perpetuate the infectious code to their own friends.
This is explained in detail at the NSA’s website in a document titled “Social Networking.” The document explains how social media sites “encourage users to share information and inherently trust the information from those they are connected to within the SNS (social networking sites).”
Historically, this makes sense. Ten to fifteen years ago, many of the websites designed for training “hackers” would have sections that focused on calling companies by phone. If one could call up a company, talk their way into speaking to the IT department, and successfully draw information out of the IT professional, that would be considered a “successful hack.”
These sites are now becoming the most used sites in the world, along with search engines and e-mail providers. A quick look at netcraft.com will show that in the top 50 most visited websites in the world are many of the well-known social media sites.
Aside from social media, many of us put our trust in “cloud” services as well. Be it e-mail providers, data storage, or virtual server hosting, many users agree to the terms of use without reading them, and assume they are going to protect us.
Amazon, for example, says that if you agree to their terms, you agree to let the state of Washington govern your conditions of use while using their services. In their privacy notice, they say that they share their customers’ information with affiliated businesses they do not control. These are only two examples from one company’s documentation, and Amazon is not singled out here.
Other online services have similar agreements. Google is bound by California’s state laws, as explained in their terms of service, and Yahoo’s privacy policy explains how they share information with “trusted partners.”
Most companies really have no choice but to be this way; they are bound by state laws and various contracts. The question is, can they really promise to keep our data safe?
The only way to truly ensure that you data can never be compromised is to never put it on the Internet. But today that is not realistic. Many of us have to use the Internet. So, we need to be educated on how to improve our security and privacy. Consumers either educate themselves, or different entities make efforts to educate the consumers.
This is where forums, panels, discussion groups, and think tanks become valuable. They decide which issues are the most serious, and then try to bring them to the public.
As the modern world becomes more modern, the industries move at progressively faster paces. And as the Internet becomes one with the “cloud” and continues to upgrade to the new Web 2.0 structure of website building, security has not yet had a chance to keep up. So in an “age of information,” our best protection at this point seems to be information—for the user.