There are three assumptions in this thread that aren't valid:
- That you can trust cloud vendors. The fact is that any company can be infiltrated and it only takes one bad apple to ruin the barrel. There are already stories circulating about companies losing their data because a cloud backup system silently stopped working. It SAID it was backing things up, but when the need to restore a file came the data wasn't available. It doesn't matter if this was a software bug, an infiltrator, a hack, or a choice by the cloud vendor. The data was gone and deep pockets won't make it right. It is true that you can always be hit from the inside, no system is perfect. However, you are taking a cloud vendor at their word for a lot that you can't verify. That includes that they are encrypting your data! You can usually verify things that you control.
- That your data can't be stolen without you knowing it. Suppose you have a trade secret that is vital to your business. Then suppose someone picks it off a cloud server and uses it, thereby destroying your critical advantage. You may not even know how or even if the data breach occurred, you only know you are losing business.
- That a cloud based system can be made as secure as your local system. Fact: a network that is not connected to the internet cannot be hacked from the outside. A cloud system inherently does not have that protection.
- That cloud vendors won't attract "special attention" by hackers. The fact is a centralized repository is inherently more vulnerable than a distributed one. If 50 companies have their data on one server, breaking into that server will yeild 50 times the results that hitting just one of those companies will yeild.
Cabe, From a practical point of view, I don't worry about putting information into the cloud. But when it comes to financial records, even though I think it is very unlikely someone will hack into the file, I'm not ready to do it. Cloud back-ups are awesome, transparent and dirt-cheap. But for a business, there are another set of issues to contend with.
Hate to say it, but any electromagnetic field would have adverse effects on 5 ¼" floppies. Home backups with standard magnetic disc harddrives suffer from a similar problem. So, perhaps hackers are the least of our concerns.
There is one thing that really makes me second guess motive for "Cloud" computing.
Data-storage is very inexpensive so why would you want to store your personal or sensitive information on someone else's computer/ Database?
A thumb drive can hold up to a Terra-bit of information, and many hard-drives 500gb - 1TB can be purchased for under $200; now that's storage, and cheap storage, having two drives to back stuff up is obtainable because of the inexpensive equipment.
Not only would you protect your personal data but you can store tones of data without paying a monthly fee, risking exposure, or worse.
Also, if you have a "Top Level Domain Name" and you pay for hosting with "Hostgator", you receive unlimited space for about $4.50 a month and everything is backed up.
I really don't see the point to cloud, if it's your data, keep it that way.
"The problem with implementing cloud defense tactics is that the services are still in their infancy, which means security measures are basic at best."
We have another opinion than this author has. ICR3ATE is developing and soon delivering a "secure webtop for 3D Co-design & Co-creation, with safe Cloud power".
What we have accomplished regarding security, both from a IT and a Business/IP perspective, cann't IMHO not be classified as "basic at best".
I woud be happy referring to our Web-site (http://www.icr3ate.com), read the technologies & best practices we apply. Then please take notion about the just today spread news about Googles initiative to make war against passwords by implementing Yubikeys.
We use these Yubikeys for almost 2 years right now. Study these things and judge once again.
I'm sure that you'll notice that that easy statement about "basic at best" cann't be taken seriously. Please come in contact with me and we will show you that it's just the other way around: thanks to the cloud and keeping data there, we can tighten security using non military tech and with a fraction of the costs invloved with that.
As the author's comment touched on ... security can be breached in many ways. Physical security at most cloud facilities is actually qute good (but you are still trusting someone else to handle it for you). How the facility is administered is another question ... where it can be better to stay with the big names so that the deep pockets are there if your security is breached. Other than that, there is the idea that different platforms, OSs, et al are more secure and reliable than others ... and some platforms are more of a favorite target for hackers. I believe good cloud security is something you almost cannot trumpet from the mountain tops (if you truly believe you have it) as it could be a call to arms for the hackers. I definitely think private cloud software might be a good alternative (or first step) for someone concerned about security (and anyone not concerned with security must be in quite a unique niche).
The issues presented are not legal questions. They are security questions raised by the legal profession. An example of a legal question would be if the government could confiscate equipment from or shut down a cloud service for an investigation into one of the customer's activities just like they can confiscate computers from an individual for an investigation.
As far as security goes, any security can be broken by someone with enough time and enough money. A cloud service with many customers gives a would-be criminal a single focus for their time and money with considerable potential reward.
The security issues are definitely real and yes, depending SOLELY on the cloud is probably a bad idea. But there are a lot of ways to back things up. And who hasn't had things stolen off a local system without a back-up plan and suffered the consequences? I stick by my point that security has always been and will always be a great concern, but don't punish the cloud solely based on this issue. The more sophisticated attacks get just means that security researchers also have to step up their game. Surely the bad guys aren't always smarter. :)
Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.