Others say controlling your data isn't about backing it up, it's about encrypting it. "Use of an encryption gateway ... provides an ideal way for people to control their data from a security, privacy and data residency standpoint," says Kevin Bocek, VP of marketing for CipherCloud, arguing as a solution to address Wozniak's concerns that data needs to be not just backed up, but instead encrypted so that no one else can access it.
Mark O'Neill, CTO of cloud broker Vordel, says there's another simple solution: Perhaps a company's most sensitive data may not be ready to be put up into the cloud yet. Companies can selectively choose which data is stored in the cloud, allowing users to "hedge your investments," he says.
The back-and-forth between the cloud critics and the cloud defenders is only natural. Ultimately, the fundamental arguments made by both Wozniak and Honan are about trust, which are "absolutely legitimate concerns," says Andi Mann, vice president of strategy for CA Technologies. "The cloud is not magic," Mann reminds users, noting that it still requires a plan on the end user's part to ensure the systems are secured effectively.
The move to a cloud-computing dominated IT is a slow and steady process that is still in its early days. Think back, Mann says, to a decade ago when consumers and businesses would have thought online banking would not be safe, and today it's commonplace. But many CIOs are still concerned about the public cloud, reinforcing Wozniak's point. If a business hosts sensitive data in the cloud and its provider has a breach, that's a problem the customers will end up dealing with. It's up to the end users to put protections in place themselves when using the cloud, Mann says.
The takeaway from Honan's incident and ensuing criticisms stem from basic human error and a lack of common sense by both customer service support staff at major companies and end users, says Alan Shimel, managing partner at The CISO Group. Honan describes how the perpetrators allegedly socially engineered the attack by gaining access to his accounts and resetting his passwords through a customer service representative. Honan even admits himself that he could have had more hardened security and backup procedures in place.
Shimel isn't buying all of the solutions cloud service providers are offering. "Federating across multiple providers won't stop a disaster," he says, noting that Honan had multiple accounts hacked simultaneously. And if cloud service providers hold the keys to the encryption code, than the encryption is worthless, he says.