The Hidden Risks Of Cloud Computing

The Hidden Risks Of Cloud Computing

Every day more users move their computing lives from the desktop to the cloud and rely on hosted web applications to store and access email, photos and documents. But this new frontier involves serious risks that aren’t obvious to most.

Photo by Dyanna.

In an era of ubiquitous broadband, smartphones and users who manage multiple computers and devices, it just makes sense to move your email, photos, documents, calendar, notes, finances and contacts to awesome web applications like Gmail, Evernote, Flickr, Google Docs, etc. But transferring your personal data to hosted web applications has its potential pitfalls, risks that get lost in all the hype around cloud-centric new products like Google’s new Chrome OS or the iPhone.

When you decide to move your data into the cloud, there are a few gotchas you should know about.

Security Systems That Are Too Easy To Break Into

Crappy web-based security system—like weak password recovery workflows, phishing attacks, and keyloggers—present big security risks.

Just last week hundreds of embarrassing and revealing internal company documents from Twitter were published online, obtained by a hacker who used Gmail’s password recovery mechanism to break into an employee’s personal Gmail account. This could have happened to anyone. (Two lessons to be learned from this particular intrusion: use strong and different passwords for every cloud app you log into, and make sure your “secondary” email account is NOT Hotmail.)

In collaborative web applications that are built for groups—like Google Apps or any web-based project management software—the security concerns spread across everyone involved. The security of the entire system is only as strong as the weakest user’s setup. Once one person’s weak password is brute-forced or guessed, everyone’s documents and information are at risk.

Data Lock-in And Third-party Control

Amazon reaches into customers’ Kindles and deletes already-purchased books. Facebook launches Beacon, an advertising mechanism that collects and publishes information about what you do on external web sites on your Facebook profile (only to apologise and offer opt-out later). Apple denies approval for the Google Voice application in the App Store. Twitter doesn’t offer the ability to export more than 3,200 status updates. Flickr only lets you see the last 200 photos you uploaded if you don’t have a paid Pro account. When you’re living in the cloud, you’re beholden to a third party who can make decisions about your data and platform in ways never seen before in computing.

Server Unavailability And Account Lockout

One of the biggest benefits of storing your data in the cloud is that you don’t have to worry about backing it up anymore. Big companies with hundreds of servers are more reliable than your little external hard drive, right? Yes. But servers do go down, and when you’re dependent on a web application to get your email or access that PowerPoint slideshow for the big presentation, there’s always the risk that your internet connection will go down, or that the webapp’s servers will. Offline technologies like Google Gears, decent export functionality, and a good backup system can ameliorate this particular concern, but not all systems offer those things.

Getting locked out of your webapp account is another possible pitfall. The
NY Times reports:

Discussion forums abound with tales of woe from Gmail customers who have found themselves locked out of their account for days or even weeks. They were innocent victims of security measures, which automatically suspend access if someone tries unsuccessfully to log on repeatedly to an account. The customers express frustration that they can’t speak with anyone at Google after filling out the company’s online forms and waiting in vain for Google to restore access to their accounts.

Don’t get me wrong: I personally am right on the cloud bandwagon with all of you. My web browser is the one app I run on my desktop at all times; I’ve entrusted the likes of Google, Apple, Amazon and Yahoo with my data just like you have. The key is to know what you’re getting into when you make that choice, to ratchet up your personal security mechanisms (like alternate email addresses and password choices) and to lobby for better user protection by hosting providers in the cloud.

Have any of these issues (or something I didn’t include) kept you from using a web-based application? Have you fallen into any of the pitfalls of the cloud? Let us know in the comments.

Gina Trapani, Lifehacker’s founding editor, is cautiously optimistic about the future of cloud computing. Her feature Smarterware appears every week on Lifehacker.

Log in to comment on this story!