2012 will see the first instance of a major public cloud breach, according to Guy Churchward, CEO of log management and SIEM provider LogLogic.
Churchward believes that the increasing use of public cloud services and the resulting data stored there will make it an attractive target for criminals.
"Public cloud services were developed and launched at lightning speed. This year in particular has seen an influx of new entrants and the amount of information cloud service providers now hold on customers is immense – with more data is being collected every second," he said.
Churchward added that many of the big "household" names in cloud services were only used to protecting non-critical data and that, "The acceptance of cloud and relative trust by consumers has increased to the point that the data criticality has increased faster than their security measures."
"It is here that I think some cloud providers could be open to attack as they’ve not been (from my experience thus far) as stringent with their security, audit trails in particular, as they could be," he said. "Such trails are essential for tracking hacker activity if they do get it – finding out the how, where and what information they obtained."
The PlayStation attacks earlier this year show that these attacks can and do happen and Churchward said that many cloud services providers are complacent when it comes to security.
"It is this complacency and lack of control that I expect will lead to the first major external security attack early next year in the cloud. It probably won’t be a malicious attack, more likely a statement to prove and publicly acknowledge that it can be done," he added.
"This will set in motion the needed refresh of security measures (kicking policy, compliance and security cloud practices into overdrive) across the industry as consumers demand that their data is better protected," he said. "We may even see consumers insist on their providers meeting the ISO 27002 standard in response to such an attack, which guarantees a certain level of cover and service."
As far as private clouds are concerned Churchward believes that the more cautious approach being taken could serve that industry well… at least for now.
"Don’t get me wrong however," he warned, "a breach will eventually happen in the private cloud too – it’s not about ‘if’, it’s about ‘when’, but since the enterprise community moving at full bore in cloud is small, the targets are likely to be the softer underbelly of the consumer public cloud service sites first."
