Cloud computing in Israel: The risks, explained

JERUSALEM — It is a paradox of cloud computing security that the same people who know the most about it are the first to say it doesn't really exist.

Take, for example, Haim Kopans.

Few people are as qualified to address the subject, so it is a little unsettling to hear him laugh and say, "Internet security doesn't exist, and no one cares about it.

"Facebook proves that we're happy to reveal our private selves to 5,000 so-called friends and no one cares," he says. "We lead lives that are completely exposed on a public stage. Those concerns have vanished."

But what about those things we still don't want revealed?

Think bank statements, or your company's quarterly results. Or the molecule you just discovered. Or a picture of a former lover laughingly snapped.

Internet security, as defined by Kopans, relates to consumer experience — and it does not exist. If you don't want the world to know about it, do not use the internet to document it.

But cloud security — a subsector of internet security which Israeli high-tech enterprises are pioneering — deals with enterprises. It's an important distinction.

In spite of weightless images the name may conjure, cloud computing requires physical entities — think massive, knotted internet servers with mirrors. They're physical plants where unending digital information is stored. This web of data includes backup sites, often located continents away, in which the same information is then re-stored.

This level of business and technological complexity is not easily achieved, and it's not always easy to protect. In fact, the cloud security experts GlobalPost spoke with in Israel were not shy about pointing out some of the emerging technology's inherent risks.

For starters, take the physical challenges.

All that computing power generates a tremendous amount of heat. One of the biggest problems facing cloud storage providers is locating sites cool enough to safeguard precious devices.

"If you want to know where to find cloud facilities, look for places next to large bodies of water," Kopans says in his arid, gleaming white office at JVP, a leading Israeli venture capital firm.

We all like the accessibility of cloud storage, Kopans continues. But this can lead to a choice between flexibility and security.

"If my internet server crashes, I'd be furious if I couldn't get all my emails back. We're all like this. But that expectation entails back-up sites and penetrable networks connecting the sites. All of that is stored somewhere."

If a company "goes the old-fashioned route" — meaning, without the cloud — and stores its digital information on-site in a secure location within the company, they know exactly who has access to what.

But there's a cost to this approach, Kopans says. "They have to build or buy the site and they pay for its upkeep 24-7."

Arik Kleinstein, a managing partner at Glilot Capital Partners — a leading Israeli venture capital firm — reels off other things that can go wrong when cloud security fails.

"Catastrophes happen all the time," he cautions. "Crime organizations use the cloud. Cyberspace fraud is perpetrated all the time. Secrets are stolen. Intellectual property is robbed. Industrial espionage. Governmental espionage. Plain old traditional spying made easy by the use of cyber tools," he adds.

"There is a big gap between the ability of the evil-doers and the good guys right now," Kleinstein says.

Examples of this include financial fraud in the billions of dollars, as well as the signal case of security firm RSA, through which Lockheed Martin was hacked.

The potential security problems don't end with hackers.

Cloud facilities located within the United States are subject to Section 215 of the Patriot Act, which enables government entities to secure a court order to obtain "any tangible things" to protect against terrorism or espionage.

Moreover, clouds based outside the US may come with their own security problems. Just ask the British, who have been embroiled in a phone hacking scandal for two years.

Israel's experts say the secret to better cloud security is to think carefully about these issues, and then to ask the right questions.

"All data is backed up some place in the world," Kopans says. "The questions to ask are 'Who has access to the main site? To the back-up site? To the network between them?'"

Of course, cloud storage is an extremely profitable business. Amazon's breakout profitability is measured in cloud storage sold — not in books or goods. Moreover, the benefits of cloud computing are clear.

Companies pay for cloud storage like consumers pay for electricity. So instead of bearing fixed overhead costs of maintaining a private facility, they can now benefit from dynamic expenses that go up or down depending on usage.

But even these benefits can come with a cost.

"Enterprises save money but expose themselves to espionage. That's the deal," Kopans says.

So where does the cloud computing industry go from here? Or in other words, how can these risks and rewards be properly balanced?

Kopans says the top minds in the field have concluded that information stored on clouds is impossible to completely protect through traditional firewells, or what he terms "protecting your property by building railings outside the window."

So cloud security thinking is moving toward a new model of encryption, he explains, and one that changes the security equation. "Your information will still be robbed, but it is completely valueless," he says.

"The aim is to store information in such a manner that only the client has the key, and anyone else who accesses it will only get useless gibberish."