Monthly Archives: April 2014

Heartbleed: Fresh Evidence for the Cloud Debate

Kevin Whalen, CPA, CGMA, MST, MSRED

Editor’s Note: To assist our clients in understanding the issues surrounding cloud computing, we are posting a series of short write-ups about the subject. The following is the third post in this series and it deals with current events relevant to the topic. See the first and second posts in this series to benefit from the full discussion.

Wake-Up Call

Those people who thought cloud-based technology could provide an easy answer for all their computing needs received a wake-up call with the recent announcement of the Heartbleed security breach. Heartbleed (formally known as CVE-2014-0160) is the name given to a security bug that affected some 17% of Internet servers that had previously been certified as secure. This latest event reinforces a major point we have been making in this series of blog posts: While cloud computing offers many advantages, it still has serious potential problems in the area of data security.

In our second blog post on this subject, we had asked: If cloud computing is so great, why is there still so much debate about it? This rhetorical question was answered by Heartbleed with resounding clarity just weeks later. Obviously, the issue of security for data stored in the cloud has not yet been totally resolved. The Heartbleed bug is just the latest reminder of this fact.

Widespread Impact

If you did not appreciate this situation before, the following excerpt from Wikipedia may be illuminating:

“… around half a million … of the Internet’s secure web servers certified by trusted authorities were believed to be vulnerable to the attack, allowing theft of the servers’ private keys and users’ session cookies and passwords. The Electronic Frontier Foundation, Ars Technica, and Bruce Schneier all deemed the Heartbleed bug “catastrophic”.  Forbes cybersecurity columnist Joseph Steinberg wrote, “Some might argue that [Heartbleed] is the worst vulnerability found (at least in terms of its potential impact) since commercial traffic began to flow on the Internet.” (http://en.wikipedia.org/wiki/Heartbleed)

Perhaps the most disturbing aspect of the Heartbleed bug is that even computer security experts were surprised by the severity and widespread impact of the potential breach. This admission should drive home the reality that server security has not yet progressed to such a degree that concerned users can be assured their data is completely safe.

To be fair, this issue was not confined solely to the internet or cloud computing. Actually, anyone with a server using the OpenSSL protocol was at risk. That group would include most data centers as well as any office server that used Linux/OpenSSL. Nonetheless, people expect cloud companies to be the experts in this area and to not have these issues.

Balance Needed

Despite such risks, however, there are still distinct advantages that argue for the adoption or continued use of cloud computing.  Our company believes in these benefits and the next version of our family office software will be totally compatible with cloud computing. However, we will not release a cloud version until we are confident we have adequately addressed the security issues. The data of our clients is too important for us to do anything else.

Cloud Computing: The Great Debate

David Campbell
By Technology

Editor’s Note: To assist our clients in understanding the issues surrounding cloud computing, we are posting a series of short write-ups about this subject. The following is the second post in this series and it deals with certain non-technical aspects. See the first post in the series on 6 Benefits and Concerns for Cloud-Based Financial Solutions and our third post: Heartbleed: Fresh Evidence for the Cloud Debate.

Clouding Computing

Much of the technical world is involved in an on-going discussion about the merits of cloud computing. Cloud computing is the name given to the use of remote servers that are owned and maintained by a third-party company and are accessed via the Internet. Many technology experts and providers are quick to extol the virtues of this arrangement.  In fact, in an earlier post, we summarized its advantages. This post, conversely, considers the other side of the issue: If cloud computing is so great, why is there still so much debate about it?

There is no doubt that cloud computing offers certain distinct advantages that can significantly improve how an organization conducts its business. Nevertheless, cloud computing also raises a major issue that did not exist in the previous, on-site version of information management. Now, the owner of the data no longer controls it. Instead, the nature of cloud computing requires that the owner delegates possession and security of its data to an outside party.

The Concerns

It can be difficult to get comfortable with this outside party. They are remote. They may speak a different language. You cannot monitor their activities. Plus, the contract they require you to sign often totally absolves them of any responsibility for damages you could suffer as a result of unauthorized use of your data. However, the most serious problem with cloud computing may be the image it triggers in the minds of many people.

The news media are full of stories about data breaches, everything from stolen credit card numbers to our own government accessing the data files of leading Internet companies. It is no wonder that many firms are wary about embracing a trend that may have additional, potentially catastrophic consequences still waiting to be discovered. Such perceived risks present an especially difficult hurdle to acceptance by many financial advisors and CFOs in family offices.

We understand their concerns and reluctance. Those factors have significantly impacted the development of our strategy for cloud computing.  In later blog posts, we will describe how we are combining the best technical solution with the greatest flexibility in order to provide both the performance and the peace of mind our clients need.

We look forward to hearing your thoughts as well as telling you more about what we have learned.