Security, Hack Attacks and Data Centers
So, everything sounds good. However, it is not. Security hacks have occurred at Microsoft, Google, Microsoft and Amazon. Microsoft cloud services were hacked in December 2010. A compromise occurred when non-authorized users downloaded data, contained within the Business Productivity Online Suite (BPOS).
Google was hacked back in January, and e-mail data was compromised. The debate that ensued was whether the attack really compromised its data center. The argument against it was that that social engineering, not network intrusion, was at the core of the attack. The hackers presumably gained information about the network by talking to people, not by using special hacking tools.
In April 2011, Amazon lost its data center. At this point the problem appears to have originated with a loss of power. However, later in the month, the Sony PlayStation network went down and some believed that hackers created legitimate accounts through the Amazon EC2 service, and that allowed them to access the PlayStation system. The hackers staged their attacks on Sony via Amazon.
These incidents play up the notion that Cloud services can be hacked by anyone. Some can come from social engineering avenues (Hey, I'm here to fix a server, what's the password?), others taking advantage of power outages to create fictitious accounts, or even when there were openings available that the provider didn't even know existed. For additional information about data centers see Data Center Physical Security Checklist.