Cloud Services Study Reveals -=[SuRpRiSe]=- Bad Security Practices

Weak LinkDark Reading has a good article up that should be read by anyone considering using cloud services to host sensitive material.  According to the article, a group of researchers that develop Google hacking tools first revealed the results of their cloud services research (PDF) at the Hacker Halted conference last month in Miami.  Now the team is offering one word of advice to companies considering storing critical information on the public cloud:     Don’t.

A quote from the article, “All you need is one careless developer who puts his credentials in a text file — and you’re hosed”. Seems more than a little alarmist to me.  I would recommend that serious thought be given to this research, but do your homework regarding hosting providers, discuss security practices, safeguards, and controls with your developers, and test, Test, TEST!  Security is important, and I AM one of the first people to say “stop” when security is by-passed or ignored.  Cloud computing is going to happen, it is inevitable, and it brings with it some juicy rewards… to those that do it RIGHT.  Doing it right means doing it for the long-haul, and that means ensuring that credentials and other sensitive material is handled appropriately.

This rule also holds true for storing or hosting your data externally, internally, locally, or on any storage medium, not just “the cloud”.  Still the article and the paper are well worth the read.  Be informed, be aware, and be careful.  Just my 2¢, collect the whole dime…