There have been many compaies getting involved in the Cloud Computing offering solutions to buisnesses in a hosted environment. There have been concerns expressed regarding security when companies move their data from the IT department to the Cloud. Last week, it was revealed that Microsoft was reporting a security breach for their Business Productivity Online Suite (BPOS) which had a problem and resulted in allowing access to company information.
This comes at a time where Cloud Computing is being promoted as a superior alternative for companies instead of hosting information themselves. Reports from many different sources, including eWeek and PC World will add fuel to those who are concerned about security issues in the Cloud and the exposure of company information on a far larger scale than when hosted internally.
Based on the reports, the problem involved was related to a “configuration issue” which exposted the information. We would expect to see this related to an attack by hackers, but this was done internally in the Microsoft data centers. The result was to expose the Offline Address Book of the online components and gave access to unauthorized users to view the information.
The length of time where this problem existed is not being reported, though once it was identified as a problem, Microsoft had it fixed in a few hours. Since this was a configuration error, they know when the configuration was changed with the change control procedures in place.
This problem should make everyone who is wokring on the Cloud very concerned as this was a mistake which caused this to happen and not an external hacker. Now that the address book information has been exposed for those companies using the BPOS on the Microsoft cloud, the impact will have to be assessed for those affected companies. For all companies, there will now need to be more assurances and procedures in place to make sure security and reliability becomes a higher priority as a result.
With less control on the Cloud for companies, some are saying that it is a matter of when you have data exposed. That is not very reassuring when you have company information that is critical to your business in an offsite location and devastaing to your business if it gets exposed.
Charles Pullman