As more and more individuals and business come to rely on web-based services, referred to collectively as “the cloud”, there appears to be more instances where such services have encountered major problems including data loss, hacks and outages.
Enter the Open Security Foundation, a Glen-Allen based non-profit that has recently launched a new project at Cloutage.org to track instances of cloud security issues as they are reported in the media.
The objective is to produce data that can be used to help determine the riskiness of relying on cloud computing for essential services.
“So far the biggest thing we see is outages,” said Jake Kouns, president and co-founder of the Open Security Foundation.
Cloutage is a combination of the words “cloud” and “outage”.
“We also see the same type of breaches or hacks that occur in a typical organization are the same things that are happening in the cloud,” Kouns said.
Such problems can pose a major headache for users who cannot access their data when they need it, or even worse to have it stolen by others or lost completely.
A broad definition of cloud computing is any instance when the users’ data is stored on servers in various locations and is accessed over the Internet. That is opposed to keeping data stored inside of a closed computer network or on a personal hard drive. For example, the popular GoogleDocs allows users to create and save text documents directly inside of their web-browser. The information is stored somewhere in Google’s massive network of server farms, and retrieved from that location when the user logs in again to view or edit the document.
The group has compiled 124 instances of security problems beginning in the year 2000, with new ones being added as they occur. Many of the web’s most popular services appear on the list, including Google, Facebook, Amazon, Apple, Intuit, Skype, Microsoft and many more.
For example, this week Cloutage reported on an incident that affected online note-saving service Evernote. A hardware fault resulted in data loss for approximately 1,800 users worldwide.
Already 43 incidents have been reported in 2010, more than twice as many the group has logged for 2009 and 2008, however Kouns said that the group is in the process of backfilling past events. But Kouns said as more people use cloud services and media pays more attention to outages and data loss incidents, the number of reported security issues is bound to rise.
“What is interesting for me is some organizations that have repeat issues, it kind of shows certain organizations still have some maturing to do,” Kouns said.
Kouns, who previously worked as a network security manager for Capital One, said that his group is not anti-cloud. He said they simply want to compile the data.
“We saw a gap where no one was providing this information; there was not a place for people to go have these conversations. We want people to understand the good and the bad and make the right risk decision for their organization,” Kouns said.
The bulk of the work on Cloutage is done by five to 10 volunteers, Kouns said.
“If you are an organization and it’s okay if your email goes down for a couple of hours then you are probably fine, but if it is going to grind your business to a halt then maybe you shouldn’t rely on the cloud,” Kouns said.
Al Harris is a BizSense reporter. Please send news tips to [email protected].