Unfortunately the term ‘cloud computing’ has been repeated meaninglessly by non-technical (MBA) people and then merely picked up by technical people who should know better. ‘Cloud computing’ consists of two things:

1. A virtualisation platform that separates server instances from hardware so you are less easily exposed to hardware problems.

2. A persistant storage platform that separates data from hardware and server instances, usually with fast network attached block storage.

That’s it basically. It’s not special. It can be found being done in any data centre these days, but possibly not packaged together to provide one service with a set of interfaces to manage it, as Amazon or others are doing.

Using a cloud infrastructure is using a data centre with all the same pitfalls so is it more secure? Risk can actually be reduced by having a standardised, known platform for provisioning servers and storage and less need for consultants to perform initial deep voodoo magic to get things set up.

Standardised is better, rather than having a completely unstandardised way of provisioning servers and storage, where we repeat all the same work to secure them, as well as a lot of issues like hardware failure, redundancy and backup infrastructure.

The only feasible way to expose a cloud infrastructure like Amazon’s or Google’s is to target the interfaces and perhaps use social engineering techniques to extract access keys and secret keys, both of which are generated by an automated system and are used to sign and encrypt your machines and data. Even Amazon internally have little to no control over your instances or storage apart from shutting down and deleting instances.

It’s no more risky than putting anything you run into a data centre that you’ve never seen and hosted by people you haven’t met. It’s probably less risky, because at least you have a standardised infrastructure for setting up new servers and storage and provisioning secure access.