The security, or lack thereof, of cloud computing has been debated since the term was coined and like all things in Information Technology everyone expects the security to be improved as the general community start to uptake these services.

It seems that a group of 38 researchers and academics have had enough waiting and created an open letter to Google CEO Eric Schmidt.

The major areas detailed in the letter are concerning not so much cloud computing but rather Software as a Server (SAAS) in the form of Google Applications, Google Mail and Google Docs. These products by default do not use the more secure HTTPS communication protocol and rely fairly heavily on authentication cookies.

It has been proven many times that users are vulnerable to data interception and that by implementing HTTPS as the default and only standard will help protect users with very little impact to performance.

It is also noted that Google is not the only offender when it comes to this issue. Microsoft, Yahoo, Facebook and Myspace are also vulnerable.

Should all internet application providers ensure that encryption is used by default? Yes, the technology is proven and can be implemented without too much impact. But ultimately the responsibility does not totally rest on these providers. The organisations and users of these products need to also take responsibility. When they signed up to the applications, of course they read the terms of service and agreed to the terms.

The best course of action where the risk is too great is to not use the products. I’m sure that if people said to Google or Microsoft that we are not going to use your service until it is secure, then sooner or later they may decide to make it more secure.

Read the full article.