Tuesday, 14 August 2012

Cloud computing – we hold these truths to be self-evident ... and we're plumb wrong

Much of government IT is a mess.

That's the problem.

And cloud computing is the solution. What the UK Constitution needs is a government cloud, a G-Cloud.

Is that true? You know it is – it's a no-brainer.

Cloud computing is cheaper than the alternative and it always will be. You know that. It's more flexible – you can spin up new capacity whenever volumes rise, just like that, and switch it off at no cost the minute it's not needed. You don't need to worry, the level of security is higher than could be achieved in-house, someone else does the backups for you and keeps all the applications you have licences for up to date.

That's the sales pitch of the big suppliers of cloud computing services – Amazon, Google, Microsoft, Apple, ... And coincidentally it's the UK government's IT strategy. There can be no doubt.

Now consider this 6 August 2012 article in Wired magazine by Mat Honan:
In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.

In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc. Lulz.

Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location.

Those security lapses are my fault, and I deeply, deeply regret them.

But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s ...
Where was Apple's security? And Amazon's? Where were their backups? Why can't they just go to their backups and retrieve Mr Honan's digital life?

Still. Don't let this dent your confidence in G-Cloud.

No comments:

Post a comment