Every week, I read another story predicting the growth of cloud computing. Statistics and predictions abound; the numbers vary but all have growth in common. Here are some examples:
- IDC predicts that the market for public cloud products and services at $16 billion in 2010, and will grow to $55.5 billion by 2014
- Gartner has higher predictions, saying that the cloud market will reach $150 billion by 2014
- Merrill Lynch thinks the cloud market will hit $160 billion in 2011
- AMI Research estimates that SMB cloud spending will hit $100 billion by 2014
It seems like a lot of time is spent trying to predict how many people are going to be “in the cloud,” in the next three to five years, but less time is spent asking the most pressing question:
How are we going to secure the identities of these individuals?
Many individuals and organizations still rely on passwords. Organizations tell their employees to never use the same password twice, make them complicated, and change them often. Oh, and never write them down anywhere. What happens next? The password is forgotten and has to be reset. This is can cost anywhere from $3 to $18 for the help desk labor of a single reset.
Cost aside, individuals simply don’t listen to the warnings about passwords. Software architect Troy Hunt did an interesting analysis of passwordsafter Sony’s PlayStation Network was hacked and the information for 77 million accounts was stolen.
What did he find? Individuals are using passwords like “Password,” and “123456,” even “Bosco,” the same password once used by George Costanza on Seinfeld. Speaking of which, “Seinfeld” was a popular one, too. All of these passwords are having something in common – they are extremely easy for any hacker to guess.
These password practices aren’t strong enough for cloud computing, where organizations and individuals are housing sensitive identity information and corporate data on the web. Cloud providers – from gaming to social media to web services – and users both need to rethink authentication in the cloud.
Adding more layers of authentication during logon will tell the cloud service that you are you, with certainty. This is the only way a cloud service provider can trust your identity, and you can trust that no one other than you is accessing your services.
An extra layer, two-factor or multi-factor authentication, can be in the form of one-time passwords (OTPs) with a mobile phone or separate device for more simple access, or certificate-based or PKI authentication on a smart card for higher levels of assurance.
The growth of cloud computing will be advantageous to everyone, but the more data in the cloud, the more we need strong authentication. Because “Bosco” just isn’t going to cut it.