Tweet Cloud Computing

How Will Hackers Fare in the Cloud?

Bank SafeIf Willie Sutton had been a hacker, we know what he’d have thought about cloud computing.

Sutton, of course, was the 1930s bank robber famous for his quip that he robbed banks “because that’s where the money is.” And for hackers, the cloud might be just as tempting because it’s where a great deal of data is being concentrated.

But how much loot will modern-day Willie Suttons really be able to plunder from the cloud?

The short answer will probably turn out to be: Not much. That’s because greater data concentration makes it easier to build strong, high walls around more of it at once. Think Fort Knox. There’s a lot of gold in there — but Willie Sutton wouldn’t have stood a chance if he had tried to grab it.

The long answer is a bit more complicated: Security in the cloud will depend on a number of technology practices and policy decisions that are just beginning to unfold in industry and government.
First, there is the industry side. As BSA has outlined in a set of guiding principles for the cloud, service providers must adopt comprehensive practices and procedures that include well-recognized, transparent and verifiable security criteria so customers can shop for the best. There also must be robust identity, authentication and access-control mechanisms commensurate with the level of sensitivity of the data being housed. And there must be comprehensive, ongoing testing of security measures before and after deployment of cloud solutions.

Those are things that must be driven by industry because prescriptive policy mandates would quite likely have the unintended consequence of fossilizing cloud technologies while they are still in their early stages of development.

That is not to say there is no role for public policy in promoting cloud security. There is, starting with tough laws against theft, fraud and hacking. Those were needed before the advent of cloud computing, and they are needed all the more now. And since security concerns are tightly linked to privacy concerns (they are twin pillars undergirding public trust in technology), it will be important for lawmakers to ensure that data stored the cloud enjoys the same legal protections as data stored on personal computers.

A wrinkle in all this for policy-makers is that, as with all cybersecurity matters, cybersecurity in the cloud is by its nature an international issue, so we need an international approach to building defenses. BSA has outlined how to construct such a global cybersecurity framework.

Industry and government should each carry out their respective responsibilities in securing the cloud with a sense of urgency because it will help build confidence in the marketplace, thereby speeding the maturation of technologies that hold the potential to touch off a new wave of IT-driven growth.

Also, Willie Sutton’s heirs are casing cyberspace. We should deny them any opportunity to score.

Robert Holleyman


As President and CEO of BSA | The Software Alliance from 1990 until April 2013, Robert Holleyman long served as the chief advocate for the global software industry. Before leaving BSA to start his own venture, Cloud4Growth, Holleyman led the most successful anti-piracy program in the history of any industry, driving down software piracy rates in markets around the world.

Named one of the 50 most influential people in the intellectual property world, he was instrumental in putting into place the global policy framework that today protects software under copyright law. A widely respected champion for open markets, Holleyman also was appointed by President Barack Obama to serve on the President’s Advisory Committee for Trade Policy and Negotiations, the principal advisory committee for the US government on trade matters.

Holleyman was a leader in industry efforts to establish the legal framework necessary for cloud-computing technologies to flourish. He was an early proponent for policies that promote deployment of security technologies to build public trust and confidence in cyberspace. And he created a highly regarded series of forums for industry executives and policymakers to exchange points of view and forge agreements on the best ways to spur technology advances and promote economic growth.

Before heading BSA, Holleyman was a counselor and legislative adviser in the United States Senate, an attorney in private practice, and a judicial clerk in US District Court. He holds a bachelor’s degree from Trinity University in San Antonio, Texas, a J.D. from Louisiana State University, and has completed the Stanford Executive Program at the Stanford Graduate School of Business.

Leave a Reply

Your email address will not be published. Required fields are marked *

nine + seven =