Today’s recessionis pushing the business to move to cloud which can convert the CapEx cost toOpEx cost. Here is a glimpse of latest security news from Google Docs.

“We’ve identified and fixed a bug where a very small percentage of usersshared some of their documents inadvertently.”

“We’re sorry for the trouble this has caused. We understand our users’concerns (in fact, we were affected by this bug ourselves) and we’re treatingthis very seriously.”

This is a serious threat to privacy and trust. Think about abusiness confidential document shared with a competitor? Who will takeownership of the losses incurred?  The issueindicates how dangerous cloud can be. 

Security is the biggest factor that prevents organizations fromadopting cloud, but this did not stop the companies from building products thatare less secured. Google’s issue is very simple fundamental design issue. Tounderstand it lets see the three fundamental security design patterns.

•   Single Access Point

• Authenticationand Authorization Point

• User-Role-Privilege

The Single Access Point pattern was implemented but the second and third patterns have been buggy that allowed people to view all the documents. As always security is an afterthought. The lack of security awareness  and not following Secure SDLC will cause havoc in cloud computing business.

The only solution would be to bring in security standards, audits and publically present this information. It's really raining out there in cloud just an umbrella cannot help.