As cloud computing becomes popular among enterprises in the Asia Pacific region, government agencies also anticipate a rise in cloud-related crimes. With corporate data being transmitted and processed over public networks, regulators see a potential increase in fraud, data theft and other related crimes.
The Australian Crime Commission (ACC), which handles criminal investigations in Australia, believes that organized crime groups in the country are seeing an opportunity in going virtual, and is increasing its efforts in tracking and fighting such illicit activities. According to John Lawler, the ACC chief executive, cloud computing results in "significant vulnerabilities" that can be exploited by crime groups for profit.
"If we know anything about organized crime networks, it is that they see [cloud computing] and any technological change as being ripe with the potential for profit," Lawler says.
Mobility of Data
Chief among the ACC's concerns is the fact that cloud computing essentially makes data mobile. Even with security measures like encryption and virtualization, information might still be intercepted en route. "This information can be analyzed, augmented, used, sold or rented -- not just locally, but globally and with tremendous speed," according to Lawler, who believes that data is "vulnerable to exploitations by both individual hackers and organized crime groups seeking to collect and sell these information."
Private vs Public Cloud
The ACC is priming itself against such vulnerabilities, and aims to improve on the skills and methodologies of its operatives. It might be a different case with enterprise cloud users though. In Australia, end-users are said to be less concerned with cloud security, especially if their cloud deployment is a private one. However, some experts consider public cloud setups to be actually more secure than private deployments. Gartner, for one, argues that public cloud setups go through more regulatory, security and standards compliance checks, which private deployments might not necessarily have to undergo.
Meanwhile, the rest of the Asia Pacific region views security as among the bigger concerns when it comes to cloud computing, as cited by the Asia Cloud Computing Association. IDC's own 2011 list of predictions for the APAC region also views security as a top regional concern, particularly with regard to the reliability of public cloud deployments and with the security of mobile applications. To this end, client virtualization is seen as an effective means of reducing the risk of data theft or loss when using mobile devices to access enterprise cloud deployments.
Data integrity is an important part of maintaining a healthy cloud deployment. When there is a threat of data theft from organized attacks though, government and policy-making bodies might have to come in to aid enterprise users by going after would-be information thieves.