Are Cloud Applications Safe From Hackers?

In a word – no. But that shouldn’t stop you using them anyway. As a cloud developer I encourage people to use the cloud, despite the risk.

Because it’s like the rest of life – everything has a risk attached. Driving a car, catching a plane, cooking your dinner – all these activities carry an inherent risk. Yet while we all accept these risks as “normal”, when it comes to computers we demand zero risk. That’s never going to happen. The US White House, the Pentagon – they have been hacked. If someone is determined to hack you (and they have the skills and resources), you can’t stop them.

Is it still worth using online software? Cloud applications are in theory more vulnerable to attack than offline computer programs. So why use them? Because it’s like flying – it’s more dangerous than walking (unless you are in Australia, where passenger jet aircraft have a zero fatality record). We fly because it’s so much better to get long distances than walking. Flying through clouds, putting your software in the cloud – clouds are just better, even if slightly more risky.

I’ve personally known people who have lost thousands to scammers. It is infuriating and sad. But it doesn’t stop me using my computer. I’ve known people who have died in car accidents too – but I still drive my car (and I can’t wait for self driving cars to reduce the appalling road toll). You can’t remove the risk, but you can reduce it.¬†Here’s an article about how to reduce your risk of being scammed.


What Are The Risks? Hackers Could…

  • Steal your database. All your customer info, stock info, etc. Depending on what data you have, this could compromise people. Ensure nothing compromising is stored.
  • Place a false order. Ensure you have procedures to verify large or unusual orders.
  • Pretend to be you and transfer money.¬†Ensure you have procedures to verify large or unusual funds transfers
  • Delete all your data. Backups are vital!


Some other tips:

Store Only Hashed Passwords

Your database should not store a user’s password, just the hash of it. Hashes are a form of one way encryption – you can’t decrypt a hash back to the original password, but every time you hash the same password you get the same hash – so you can hash the password they type in and compare it to the hash stored in the database, but you can’t see the user’s original password. If you can email a password to a user, then you are not using hashes. You should never be able to view a user’s password. This way if your data is stolen, then the hacker only gets useless password hashes. Also it prevents any of your staff doing anything illegal with a customer’s password.


Never Store Credit Card Details

It is illegal to store credit card details in Australia and many other countries without proper (really tough) security. Don’t do it. If your data is compromised you don’t want credit cards released. Instruct your staff to never record customer (or staff) credit card details in your systems.



Insist on your entire site being hosted with SSL, so your website is https:// not http://

This encrypts the data sent from the user’s PC to your server, preventing some attempts at stealing data. Customers are also more likely to trust your website if it is on SSL.


Business Contingency Planning

Play the what if game. Ask what could go wrong, how bad it would be, and how you would recover from this.



Cloud is awesome, but like most things in life carries risk. Minimise yours.



Leave a comment