Still hazy on cloud’s security

Over the last year, the technology world has been enamored of the possibilities of moving into the cloud.

That’s the latest trend in computing that enables consumers to forget about storing their software and data on local hard drives -- where it can be zapped by electrical surges and soft-drink spillage -- and let companies such as Amazon .com Inc., Google Inc. and Microsoft Corp. worry about keeping it safe on a network of remote servers.

The cloud computing concept is so appealing that the city of Los Angeles is considering scrapping its current e-mail system and replacing it with a cloud-based offering from Google, joining more than 2 million businesses already using that company’s system.

But a series of incidents involving cloud computing over the last several months has poked holes in the hype bubble, raising questions about the cloud’s dependability -- and whether it’s ready for use by a broader group of workers and businesses.

Last week, a computer failure cut off many users of the Sidekick mobile device from large amounts of personal data, including contacts, calendars and notes, that were stored on Microsoft servers. Microsoft and T-Mobile Inc. are the respective maker and carrier of the device.


Microsoft later said the failure was confined to a smaller system run by Danger Inc., its subsidiary that makes the Sidekick, and that much of the data would eventually be restored.

But the company also said it was not just the primary Danger database that failed, but also the backup -- and that restoring the lost data would take weeks.

Last month, Google weathered a pair of outages of its cloud-based e-mail system, one of which lasted nearly two hours, after the company made an error upgrading its own systems.

And in August, a huge cyber attack thought to originate from eastern Europe knocked Twitter offline for hours, a devastating blow from which it took the messaging service days to fully recover.

“It’s still the early stages of this,” said John Pescatore, an online security analyst at the research firm Gartner Inc., noting that offerings such as Google’s Gmail and Microsoft’s Hotmail started out as free products for consumers. Both companies are now pitching their online services to governments, universities and big businesses.

“As these clouds start to go after enterprise dollars, they’ll build in the reliability and security,” Pescatore said, but reaching the necessary level of sophistication may take the companies a few more years.

As e-mail, word processing and data storage continue to move from users’ computers to the Web, companies must fortify their servers from a variety of potential disasters -- natural and man-made -- to help ensure that the data and the applications are accessible at all times.

Companies such as Google and Microsoft, which have been proponents of cloud computing, say they are well aware of the risks they face. In regulatory filings, where they must legally disclose risks and liabilities to shareholders, Google and Microsoft reveal a parade of potential nightmares.

“Our systems are vulnerable to damage or interruption from earthquakes, terrorist attacks, floods, fires, power loss, telecommunications failures, computer viruses, computer denial of service attacks” as well as sabotage and vandalism, says Google’s filing with the Securities and Exchange Commission.

Microsoft’s SEC filing strikes a similarly haunting chord, saying “a catastrophic event that results in the destruction or disruption of any of our critical business or information technology systems could harm our ability to conduct normal business.”

Although the probability of any given “catastrophic event” may be exceedingly low, the recent cluster of damaging incidents has shown that cloud operators are still vulnerable.

In the case of Los Angeles, concerns about protecting government data have prompted Google to announce the development of a “government cloud,” in which government data would be stored separately from that of other Google users -- complete with more stringent security requirements.

Cloud proponents often point to the banking and credit card industries, where large amounts of financial data are stored online. In those sectors, which have been operating relatively smoothly for years, worries are more muted.

“This problem has been solved in other industries in other ways,” said Randi Levin, Los Angeles’ chief technology officer, who has pushed for Google’s cloud e-mail system. “When you have companies like Microsoft and Google that have the resources to approach these problems, they’re going to come up with creative solutions.”

“Is it going to be 100%?” she said. “There’s probably going to be a time when we may have an issue. But what don’t we have an issue with?”