Cloud computing is one of those love/hate things.
IT people love the cloud in their personal lives. For many, though, it’s seen as dangerous in their work lives.
I can’t count the number of times I’ve been told “the cloud’s not secure”, for instance.
Let’s be clear: your cloud provider is as secure as your own internal systems are. Any computer on a network can be hacked into. Every data store can be compromised. As the saying goes: for complete security, do not attach to a network!
Yes, there are some issues with the cloud that are real. If you are in the broader public sector in British Columbia, Bill 73 mandates that you not expose data about British Columbians to the USA Patriot Act. Since the point of the cloud is that it’s “out there”, and you can’t necessarily ensure things don’t pass through or get stored in assets subject to US law enforcement, you might keep away from public clouds.
Of course, even in BC, US-headquartered and US-owned firms get outsourcing business. I don’t see myself how this is any different from using the cloud: the Patriot Act can put such a firm in a position where it must provide any data in its possession from any asset anywhere in the world. Sounds a lot like the “worry of the cloud” to me, but evidently it didn’t to the people in the BC Government who awarded these contracts after Bill 73 was passed.
What’s the point of that? Good checks and balances, good practice, decent security, data fragmentation so that not everything is exposed on a single breach, etc. solve worries about data being online “somewhere”. Just as they do in outsourced data centres — or in your own facilities.
Many of the worries about the cloud, in fact, are really worries that relate to the ways we do business.
Using common data as keys, for instance, like the social insurance number (which identifies a person) rather than an account with you that is equally unique, but doesn’t point onward.
Do you keep credit card information? For three days after an electronic transaction via a website, you need to be able to reverse the transaction. After that, why are you holding onto those particulars?
If you cleaned up, there’d be far less exposure.
If you invested the cycles in encryption of worrisome data, you’d be less exposed.
In other words, it’s not the cloud that’s dangerous. Enterprise assets are violated routinely. (Good heavens, just while writing this nine attempts to hack into my home computer have occurred, none successful.)
We’re so used to the idea that our firewalls, our security software, and our “theory of isolation” (we’re safe inside these) will do the job that we don’t think to handle proper hygiene inside. (The attacks on my home computer? You’d find no unencrypted personal data even if you did break in — and all data received from clients is separately encrypted.)
All the cloud does is point out that we need to think differently about securing our information — for, if we do, the cloud is as safe as our own facilities are. Maybe more so: hiding in plain sight has always been an excellent strategy to protect things.
Let’s get over the fears, and fix our security — in our own facilities, and everywhere else we could do work or store data.