The recent brouhaha between Internet behemoth Google and communist China isn’t quite about Google’s “Don’t be evil” corporate motto, even though Google is spinning it that way. According to Google’s analysis of the cyber attacks, they originated from within China and aimed at accessing the Gmail accounts of human rights activists:
Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident–albeit a significant one–was something quite different.
First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors–have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.
Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.
Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users’ computers.
The cyber attacks are a perfect opportunity to further Google’s reputation as a corporate darling. China is an easy target — after all, who can forget the Tiananmen Massacre, beaten Tibetan monks, and detained Falun Gong followers? But by removing the geopolitical filter in all of this, it’s really about the ongoing debate between the Cloud vs. Premise application paradigms. And Big G has a lot at stake here.
Google has been the poster boy of cloud computing. Its massive data centers and network infrastructure are of mythical and legendary proportions, needed to support all of its cloud applications: search, Gmail, Google Voice, Google Apps, etc. It has maintained that using these cloud-based apps are secure.
In fact, soon after President Obama and his staff moved into the White House, they discovered inadequate hardware and software to do their jobs — even basic email operations. Google was able to provide Gmail as a temporary solution.
And in September 2009, the White House announced a partnership with Google to build Apps.gov to offer cloud-based applications to federal agencies:
This dedicated cloud will feature the regular Google Apps suite, which includes Gmail, Docs, Talk and a number of other productivity and collaboration products. The applications suite is delivered as an alternative to traditional offerings from Microsoft and IBM, the big players in business software of this kind, and should provide significant cost savings upfront but also because there is no need for additional infrastructure.
At the center of the cloud vs. premise debate has been security. Obviously with hardware and software off-premise, a company has less control over the security aspects. The success (albeit limited) of the cyber attacks on Google further underscores the skepticism of cloud computing opponents.
Take note when you are choosing a cloud or premised based IVR platform. You have just as much at stake as Google.