Security In The Age Of Cloud Computing

Cloud Storage

Cloud Storage“Hacker Croll,” an eponymously named hacker, was able to get access to some very sensitive business documents from Twitter’s Google Apps account this week. It was a very high profile hack, and quite embarrassing for Twitter. People familiar with the incident say that the hacker was able to easily figure out the security question to one employees account and, with that, access all of the documents stored in the company’s storage cloud at Google. He put them in a zip file and emailed them to Ouch!

Note: Google Apps is a suite of free (and paid) business productivity tools that you can access from any web browser. You are probably familiar with most of the apps: Gmail, Google Talk (Google’s version of IM), Google Calendar, Google Docs (word processing, spreadsheets and presentations) and Google Sites for websites and wikis. You don’t download and install them, you use the tools when you’re online. You also have the option to store your data in the cloud so that other team-members and colleagues can access them from remote locations.

This security breach has captured the imaginations of many cyber-pundits and self-styled security experts. It has also inspired some very lively conversations between proponents of cloud computing solutions and more traditional geeks. But there are two things to keep in mind.

Passwords can only
protect you if you use them correctly

1) Twitter is a very big, high-profile target that comes with associated bragging rights. In other words, Twitter is more likely to get on a hacker’s radar than your company, and 2) The reason that this account was so easy to hack had very little to do with the fact that the Google Apps are a cloud computing solution. It could have been accomplished with any account that could be accessed from the web. This account was hacked because the user did not have a “robust” or “strong” password and security question.

With that in mind, I thought we might use Twitter’s most unfortunate security breach as a teaching moment.

Passwords can only protect you if you use them correctly. Here are some guidelines.


Use letters (caps and lowercase), numbers and symbols. The more cryptic your password is, the better it will protect you.


Use computer geekspeak to make weak passwords stronger. Leet replaces English letters with numbers and symbols. For example: a=@, E=3, i=1, S=5, etc. Check out Wikipedia for a complete Leet table.

Leet can help you turn proper nouns, which are very, very easy for machines to crack, into stronger passwords. For example: macintoshczar becomes m@c1nto5hcz@r. You can still easily remember it, but it is much harder to crack.


Make up a sentence and use the first letters of each word to create your password. For example: “Mozart is one of my favorite cats in the car.” would yield the password: “Mioomfcitc.” Then write it in Leet to make it even stronger, “M100mfc1tc.” The sentence is a mnemonic device that will help you remember your password, and Leet makes it much stronger.

Lastly, keep in mind that the longer a password is, the better it is. Change your passwords on a regular basis. No birthdays, names, proper nouns, ages or anything else that looks or sounds like English or says anything about you! And, don’t reuse them.

As for security questions: never use your mother’s maiden name, the last four digits of your social security number or anything else I can find out about you with Google or on your Facebook or LinkedIn profile. Don’t even use your drag queen name (your first pet’s name and your mother’s maiden name, mine is Muffin Whitehead) it may be great fun at a party, but it is not secure!

If you keep these very simple principles in mind, you will be much more hacker proof than you are right now. Use your username and passwords on your personal computers all the time. Security begins right at your desk. And, don’t write them down, of course! Shelly Palmer


About Shelly Palmer

Shelly Palmer is the Professor of Advanced Media in Residence at Syracuse University’s S.I. Newhouse School of Public Communications and CEO of The Palmer Group, a consulting practice that helps Fortune 500 companies with technology, media and marketing. Named LinkedIn’s “Top Voice in Technology,” he covers tech and business for Good Day New York, is a regular commentator on CNN and writes a popular daily business blog. He's a bestselling author, and the creator of the popular, free online course, Generative AI for Execs. Follow @shellypalmer or visit



PreviousConfidential Twitter Documents Leaked on TechCrunch: MediaBytes with Shelly Palmer July 17, 2009 Next40th Anniversary of Moon Landing Marks Tech History: MediaBytes with Shelly Palmer July 20, 2009

Get Briefed Every Day!

Subscribe to my daily newsletter featuring current events and the top stories in technology, media, and marketing.